Tag Audit

This bot inspects cloud account resources to validate that they are tagged with appropriate key/value pairs (e.g., “Environment: Production”). The policy can be applied as a global policy or fine-tuned to accommodate different strategies per cloud and/or environment.

Implementing a tagging strategy to organize your cloud environment can dramatically improve compliance, charge/show back, and taxonomy across your entire footprint. Some commonly required tags are:

• Name

• Owner

• Environment

• Cost Center

• Project

Note that there is no one-size-fits-all strategy and a successful tagging strategy should be tailored to each organization. There are many resources available online illustrating different approaches on how to best implement a tagging strategy. Amazon Web Services has a fantastic write-up available which can help get you started.

Recommended Action

At a minimum we recommend notification via Email/Slack when noncompliant resources are identified that do not adhere to the defined tagging strategy. More aggressive operations such as resource suspension, stop, or even permanently destroy are available to use depending on the level of invasiveness desired.

Severity

High

Resource Types Inspected

This bot will work on any resource supporting tags within the Cloud provider. This includes, but is not limited to:

• Instances

• Volumes

• Snapshots

• Networks

• Access Lists

• Public IPs

• Databaase Instances

• Memcache Instances

• Load Balancers

• Hypervisors

• Object Storage

• DNS Zones

• Images

• Keypairs

Reactive Hookpoints

• resource.created

• resource.modified

• resource.destroyed