Since the rise of DevOps practices and principles, the “automate everything” approach has become more and more popular. This is no surprise as it’s one of the main pillars of DevOps. In fact, utilising tags on cloud resources is an underutilised way to sort, filter, and automate a cloud environment.
In the cloud infrastructure world, tags are labels or identifiers that are attached to instances. This is a way for organisations to provide custom metadata to accompany the existing metadata, such as instance family and size, region, VPC, IP information, and more. Tags are created as key/value pairs, although the value is optional if companies just want to use the key. For instance, a key could be “department” with a value of “finance”, or you could have a key of just “finance”.
There are four basic tag categories, as laid out in the best practices from AWS:
- technical: this often includes things like the application that is running on the resource, what cluster it belongs to, or which environment it’s running in (such as “dev” or “staging”).
- automation: these tags are read by automated software and can include things like dates for when to decommission the resource, a flag for opting in or out of a service, or what version of a script or package to install.
- business and billing: companies with lots of resources need to track which department or user owns a resource for billing purposes, which customer an instance is serving, or some sort of tracking ID or internal asset management tag.
- security: tags can help with compliance and information security, as well as with access controls for users and roles who may be listing and accessing resources.
In general, the more tags the better, even if users aren’t actively engaging those tags just yet. Planning ahead for ways users might search through or group instances and resources can help save headaches down the line. Organisations should also ensure that they standardise tags by being consistent with the capitalisation/spelling and limiting the scope of both the keys and the values for those keys. Using management and provisioning tools like Terraform or Ansible can help automate and maintain tagging standards.
Once users have tagging systems implemented and resources labelled properly, they can really dive into a solid cloud automation strategy. Many different automation tools can read these tags and utilize them, but here are a few ideas to help make life easier:
- configuration management: tools like Chef, Puppet, Ansible, and Salt are often used for installing and configuring systems once they are provisioned. This can determine which settings to change or configuration bundles to run on the instances.
- cost control: this is the automation area we focus on at ParkMyCloud – our platform’s automated policies can read the tags on servers, scale groups, and databases to determine which schedule to apply and which team to assign the resource to, among other actions.
- CI/CD: if your build tool (like Jenkins or Bamboo) is set to provision or utilise cloud resources for the build or deployment, you can use tags for the build number or code repository to help with the continuous integration or continuous delivery.
- cloud account clean-up: scripts and tools that help keep your account tidy can use tags that set an end date for the resource as a way to ensure that only necessary systems are around long-term. You can also take steps to automatically shut down or terminate instances that aren’t properly tagged, so you know your resources won’t be orphaned.
Tagging will improve cloud automation
As an organisation’s cloud use grows, implementing cloud automation will be a crucial piece of its infrastructure management. Utilising tags not only helps with human sorting and searching, but also with automated tasks and scripts. Having a strategy on both tagging and automation can save time and money.
Written by Chris Parlette, Director of Cloud Services, ParkMyCloud