Difference between revisions of "Guidelines for Tagging"

From Federal Burro of Information
Jump to navigationJump to search
(Created page with "== Introduction == Increasingly modern system support the idea of tagging. That is assiging arbitrary meta data to objects. So for example an instance in aws could be tagged...")
 
 
Line 1: Line 1:
 
== Introduction ==
 
== Introduction ==
  
Increasingly modern system support the idea of tagging. That is assiging arbitrary meta data to objects.
+
Increasingly modern system support the idea of tagging. That is assigning arbitrary meta data to objects.
  
 
So for example an instance in aws could be tagged with it's role "web". once an object is tagged, then it's possible to do various valable and useful activities. The big important activities are:
 
So for example an instance in aws could be tagged with it's role "web". once an object is tagged, then it's possible to do various valable and useful activities. The big important activities are:
  
;Configation management
+
;Configuration management
 
:For example an aws instance tagged with the role web would then be able to report that to the configuration management system , like puppet so that the correct web server software gets installed in an automated fashion.  
 
:For example an aws instance tagged with the role web would then be able to report that to the configuration management system , like puppet so that the correct web server software gets installed in an automated fashion.  
  
 
; Reporting an Billing
 
; Reporting an Billing
: for exmaple if an aws instance is tagged with "Department: HR" , at the end of the month a report could be generated indicating what the cloud bill was for the HR depeartment, See [[Orbitera]].
+
: for example if an aws instance is tagged with "Department: HR" , at the end of the month a report could be generated indicating what the cloud bill was for the HR department, See [[Orbitera]].
 
they have.
 
they have.
  
 
;Access control
 
;Access control
: it is possible to use tags to control who or what has access to what. For example a user in aws that's tagged with "dpeartment:dev" might beable to only login to "dev" machines.
+
: it is possible to use tags to control who or what has access to what. For example a user in aws that's tagged with "department:dev" might be able to only login to "dev" machines.
  
 
; Automation
 
; Automation

Latest revision as of 12:35, 11 July 2019

Introduction

Increasingly modern system support the idea of tagging. That is assigning arbitrary meta data to objects.

So for example an instance in aws could be tagged with it's role "web". once an object is tagged, then it's possible to do various valable and useful activities. The big important activities are:

Configuration management
For example an aws instance tagged with the role web would then be able to report that to the configuration management system , like puppet so that the correct web server software gets installed in an automated fashion.
Reporting an Billing
for example if an aws instance is tagged with "Department: HR" , at the end of the month a report could be generated indicating what the cloud bill was for the HR department, See Orbitera.

they have.

Access control
it is possible to use tags to control who or what has access to what. For example a user in aws that's tagged with "department:dev" might be able to only login to "dev" machines.
Automation
It is possible to use automation tools to do work or execute process on objects based on what tags it has. I've seen examples where instance that are compromised get re-tagged and quarantined from prod so that security folks can be notified and dispatched to investigate.


Guidelines

Tag all the things

  • in AWS
  • in Azure
  • in Cloudforms
  • in CMP X

Tag if you can (for sure).

Name
for example: vale-web-01 , projectname-role-index
Customer
for example: AudienceView, Ugo, Vale
Department
for example hr , finance , engineering
Owner
the user name of the person who made it.
Environment
for example: test dev uat stating prod green blue
Role
for example: web db app
SLA
for example: gold , silver , permium, or some such thing. We hsould talk to product management so we can sync up with their terminology.
Schedule
typically found on instances. Anything that bills while up.
Dev machines might have a Monday through Friday 9 am to 5pm schedule. At 5pm object with this tag would shutdown ( Stop ).
This is part of a clinet cost control requirement and can help keep costs down.
Question then is how to implement this feature. Refer to Cloud Topic:Scheduling
Retire
when should this object be destroyed.
this could be never or a date.
how to implemnet? ( Cloudform does this, but via it's own tags, not the cloud providers tags )


Open for discussion / as required:

Application
Cluster
Project or workload name


References

what can be tagged and what can't be
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html


What are some recommended best practices for tagging my Amazon EC2 resources?
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-resource-tags/