This topic introduces the best practices for tag design in ECS. Tags can be used to manage, categorize, and search for resources.

Scenarios

Tags can be used to categorize and manage resources by group. The resources include personnel, finance, and cloud product resources. Tags are applicable in the following common scenarios:

  • Management of application publishing procedures
  • Resource tracking and tag-based group search and resource management
  • Tag- and group-based automated O&M using Alibaba Cloud services such as Operation Orchestration Service, Resource Orchestration Service, Auto Scaling, and Cloud Assistant
  • Tag-based cost and cost allocation management
  • Resource- or role-based access control

Principles

You must implement the best tagging practices based on the following principles:

Mutual exclusivity

Mutual exclusivity is implemented to ensure that multiple tags cannot be assigned to the same resource attribute. For example, if you have used tag key key="owner" to represent the owner attribute, you cannot use other tag keys such as own, belonger, or owner to represent this attribute again.

Collective exhaustion

Collective exhaustion means that when planning resources, you must plan tags at the same time and prioritize the tag keys. All resources must be bound with the planned tag keys and their corresponding key values.

  • Each tag key-value pair must be named in a standard format.
  • Collective exhaustion is a prerequisite for future tag-based access control, cost tracking, automated O&M, and group search.

Limited values

Limited values are implemented to remove excess tag key values and retain only core tag key values.

This principle simplifies procedures such as resource management, access control, automated O&M, and cost allocation. You can also use tags and automation tools under this principle to manage resources. ECS allows you to control tags through API operations in SDKs, to make it easy to automatically manage, retrieve, and filter resources.

Considering ramifications of future changes

During the planning stage, you must consider the impact of adding or deleting tag key values to have the flexibility to modify tags.

When you modify tags, the tag-based access control, automated O&M, and related billing reports may be changed. For corporate or personal business, the best practice is to create business-related tag groups to manage resources in technical, business, and security dimensions. When using automated O&M tools to manage resources and services, you can add automation-specific tags to aid in the automation efforts.

Simplified design

Simplified design is implemented to simplify the use of tag keys by creating tag keys with fixed dimensions during the tag planning stage. This principle can reduce operation errors caused by too many tag keys.

  • You can create business-related tag groups to manage resources in technical, business, and security dimensions.
  • When using automated O&M tools to manage resources and services, you can add automation-specific tags.

Example of designing tag keys

The following table lists the tag naming examples with common dimensions. We recommend that you use lowercase letters to name tags.

Dimension Tag key Tag value
Organization
  • company
  • department
  • organization
  • team
  • group
Organization-specific names
Business
  • product
  • business
  • module
  • service
Business-specific names
Role
  • role
  • user
  • network administrator
  • application administrator
  • system administrator
  • opsuser
  • devuser
  • testuser
Purpose
  • purpose
  • use
Specific purposes
Project
  • From project dimensions:
    • project
    • risk
    • schedule
    • subtask
    • environment
  • From personnel dimensions:
    • sponsor
    • member
    • decisionmaker or owner
    • creator
Project-related values
Business departments (to implement cost allocation and business tracking)
  • costcenter
  • businessunit
  • biz
  • financecontact
Department-related values
Owner from the financial dimension (to identify the resource owner) owner Names or emails
Customers from the financial dimension (to identify the clients that a particular group of resources serves) Custom values or true values Customer names
Projects from the financial dimension (to determine the resource-supported projects) project Project names
Orders from the financial dimension order Order category IDs

Related topics

Related API operations