In my first blog on multicloud tagging best practices, I take a look at why tagging hygiene is so important for accurate visibility, reporting, and analysis of your cloud assets. I also made a quick reference guide for multicloud tag parameters for AWS, Azure, and GCP, as well as offer my top 10 multicloud tagging best practices I recommend for anyone looking to build and optimize their organization's tagging practice.
In this follow up blog, I want to distinguish between actions you should prioritize on day 1 of building your multicloud tagging strategy and what’s important to consider for long-term tagging health.
Day 1 multicloud tagging strategies
Creating a Cloud Center of Excellence (CCoE), a cross-functional group of people that govern the usage of the cloud across an organization and drive best practices across functions, can allow your company to utilize all the benefits of cloud computing. The CCoE, which includes buy-in from executive leadership and stakeholders from across your organization, is crucial in helping implement and drive attention and compliance to a formalized tag governance strategy.
A typical cloud journey begins with trying to address challenges around gaining visibility and controlling costs (after this, we see many organizations focus on optimizing resources and automating processes). Without visibility across all of your clouds, broken down by business groups, applications, or users, it’s almost impossible to take the next steps to improve overall governance—and what's visibility without an organized and strategic tagging practice?
One KPI to ensure your benchmarking adaption of your multicloud tagging practice is to require a specific percentage of your cloud infrastructure to have proper tagging in place. Some points to consider when developing a tagging strategy are listed below:
- Do you have a tagging strategy in place? Is it forward looking?
- Identify the must-have/required tags. This is typically done by aligning with a wide range of stakeholders to identify their reporting and business needs. Address questions about your cloud environment in order to successfully run your business.
- Categories such as Business Unit/Organization, Cost Center, Product, Environment, Team, and Function, are what we’ve observed as best practices for many of our customers to start in regards to groupings.
- Check for naming conformance against the public cloud(s) that you use today or may use in the future.
- Document tagging strategies and share with cloud users within the organization.
- Implement automated scripting or use an orchestration tool to programmatically add tags to avoid misspellings of tags and missing tags.
- Enforce naming conventions and tagging standards in provisioning templates so that when new resources are added, they conform to the tagging standards of your organization. While some native tools such as CloudFormation may not support tagging of associated resources, using tools such as Terraform, Jenkins, and Saltstack can accomplish this.
- You can also consult CloudHealth’s Professional Services team to build a custom solution to address your needs around tagging, configuring, and optimizing your cloud infrastructure on CloudHealth
Long-term (day 2+) multicloud tagging strategies
Each resource needs to be tagged in order to allocate costs and identify trends. At this stage, it’s important to implement and enforce a global tagging policy, so costs and performance are accurately analyzed.
The key to success in ensuring proper optimization of your cloud infrastructure is to motivate and incentivize teams to take steps to optimize, and one of the KPIs for this is to keep tagging tidy in your cloud resources. Set up guardrails around missing and improper tagging. Start with simple actions that alert via email on violation of tagging policies and then progress to more advanced automation such as policies that shut down non-production infrastructure with improper tagging. Revisit and review your tagging strategy to ensure it still aligns with your objectives.
As a clean-up method, use automation or orchestration tools to programmatically update your tagging hygiene. While orchestration tools such as Terraform help in tagging new resources easily, however, tagging existing resources that were NOT deployed using Terraform can be a challenging and time consuming task. CSP native tools such as AWS Tag Editor can be used in this case. If using CloudHealth for tagging, tags for new as well as existing resources can both be easily added or updated to resources which don't support tags today.
Update and re-publish the document on your tagging strategies along with the list of required and optional tags. Set up governance policies within the cloud and/or in CloudHealth to check against and alert on resources with missing tags or non-conforming tags. Enforce policies such as prevention of resource creation that are missing required tags, and identify and notify when resource tags violate tagging standards.
Additionally, leverage tagging at a level above individual resource level such as tagging Subscriptions and Resource Groups in your AWS and Azure Cloud Infrastructures, or project labels, network tags, and security marks in your GCP Infrastructure to logically organize them in a taxonomy.
This is a powerful way to tag your infrastructure without the overhead of tagging at the individual resource level and categorizing your cloud assets according to your organization’s infrastructure such as Business Unit, Cost Center, and Projects. Our Customer Success team has vast experience and expertise in helping our customers update their tagging strategies and tidy their tagging hygiene.
Implementing a structured, organized, and strategic multicloud tagging practices is a crucial first step to ensuring long-term success in the cloud. A formalized tagging practice provides consistency—ultimately providing accurate visibility and reporting across all your cloud assets.