One of the most effective means of streamlining costs in an AWS cloud environment is proper resource tagging. In this blog post, we’re going to look at what’s entailed in tagging AWS resources, how Tenacity can help you do this more effectively, and explain why tagging your resources should be a key component of your cloud cost optimization strategy.
What Is Cloud Tagging, Anyway?
Modern computing environments built around public clouds - such as AWS - can quickly evolve into complex labrinythes of interconnected systems. AWS alone, for instance, bundles together more than 250 different services — ranging from fundamental building blocks such as compute and storage through to Kubernetes orchestrators and other more advanced pieces of the cloud jigsaw.
While AWS contains some built-in cost management functionalities — and Tenacity augments them enormously — it’s difficult if not impossible to get the kind of granular insights into your AWS cost that you can achieve when your resources are sensibly tagged.
Consider — for instance — an AWS billing dashboard that shows your your total spend on S3-class storage. Alone, this doesn’t tell you much about where your storage-associated costs are coming from. In a typical organization with an AWS footprint, these costs could be emanating from:
Archival storage used for compliance purposes
Storage to host user files on publicly-accessible resources. Consider, for instance, SaaS applications.
Storage for the accounting department
To add further complexity, consider the fact that AWS is typically utilized to centralize business resources - shifting on-premises computing resources into datacenters that business units, worldwide, can access. For this reason, even the same public cloud can contain resources from different business geographies - as well as teams.
In other words: even storage, as a cost-generator, is far from monolithic. Storage can be spread across different classes and be related to completely unrelated business cases.
How Does Resource Tagging In AWS Work?
In AWS, tagging refers to the process of adding custom user-generated metadata that can be used to pinpoint in a format that makes sense to humans what the resources are ‘doing’. (For AWS’s own guide to tagging resources, see this page).
Each AWS tag consists of two metadata components:
A tag key. These can be used as quick descriptors for what that resource is. For instance “accounting_archive.”
A tag value which is a case sensitive unique identifier. When combined with the key, multiple resources that share the same descriptor can be logged.
The Dos and Don’ts Of Tagging
While tagging AWS resources is one way to make the most out of your Tenacity cost optimization dashboard, it’s a good idea to keep the following tips in mind:
Don’t put any personally identifiable information (PII) in your tags. Tag metadata is visible unhashed and may be viewed by those outside of the organization - such as cost-optimization consultants. Keep the descriptors general.
Standardize your system for tagging, particularly if you’re going to tagging lots of resources across the enterprise. AWS have prepared some great best practices
How Tagged Resources Can Be Used In Tenacity?
Once you have your resources properly tagged in your AWS console, you can achieve more granular cost control:
You can filter your resources according to tags, allowing you to identify expenditures and segment them according to originating group (dev, product, etc)
You can filter resources based on tags and run that through Tenacity’s cost forecasting engine to see expected future expenditures. Again, if tags aren’t applied, this kind of detailed breakdown simply cannot be obtained.
You can also filter our cost breakdowns by searching for untagged resources. This is a great technique to use if you’re trying to identify unused resources. These are a major contributor to excessive cloud spend.
Listing EC2 resources in a typical organizational dashboard
Using the Tenacity tagging filter, users can quickly filter a long list of resources based upon an assigned tag(s)
By filtering on the key ‘jenkins_server_url’ and its corresponding value, we were able to identify the EC2 instances in this demo dashboard associated with the Jenkins pipeline management tool
By filtering on untagged resources, you can identify potentially unused resources and remediate them in AWS accordingly
Sign up for Tenacity today and get a free report of your cloud environment, including an in-depth look at the tag utilization features mentioned above.
April 19, 2022
Reflections on effective cloud security and cost management from Tenacity and friends.