Tag Audit
This bot inspects cloud account resources to validate that they are tagged with appropriate key/value pairs (e.g., “Environment: Production”). The policy can be applied as a global policy or fine-tuned to accommodate different strategies per cloud and/or environment.
Implementing a tagging strategy to organize your cloud environment can dramatically improve compliance, charge/show back, and taxonomy across your entire footprint. Some commonly required tags are:
Name
Owner
Environment
Cost Center
Project
Note that there is no one-size-fits-all strategy and a successful tagging strategy should be tailored to each organization. There are many resources available online illustrating different approaches on how to best implement a tagging strategy. Amazon Web Services has a fantastic write-up available which can help get you started.
Recommended Action
At a minimum we recommend notification via Email/Slack when noncompliant resources are identified that do not adhere to the defined tagging strategy. More aggressive operations such as resource suspension, stop, or even permanently destroy are available to use depending on the level of invasiveness desired.
Severity
High
Resource Types Inspected
This bot will work on any resource supporting tags within the Cloud provider. This includes, but is not limited to:
Instances
Volumes
Snapshots
Networks
Access Lists
Public IPs
Databaase Instances
Memcache Instances
Load Balancers
Hypervisors
Object Storage
DNS Zones
Images
Keypairs
Reactive Hookpoints
resource.created
resource.modified
resource.destroyed