Tags are used to identify resources. Tags allow you to categorize, search for, and aggregate resources that have the same characteristics from different dimensions. This facilitates resource management. This topic describes how to add tags to resources and ensure tag compliance.
Why are tags required for resources?
As the number of cloud resources rapidly increases, it becomes increasingly unreliable to classify and manage resources based on human memory or manual records. Issues such as how to quickly identify resource ownership, determine cost attribution, and implement fine-grained permission management have become common challenges faced by enterprises.
To address these challenges, you can add tags to resources based on multiple dimensions such as department, project, and environment. These tags can help you manage resources, allocate costs, and perform fine-grained authorization from different dimensions, thereby improving resource management efficiency.
How can standardized tags be added to resources?
Stage 1: Plan and design tags
Check whether the types of resources used by your business support tags and determine the tag-related capability items supported by the resource types. For more information, see Services that work with Tag.
Define tagging dimensions, such as organizational structure, project, and purpose.
Develop unified naming conventions for tags.
For more information, see Best practices for tag design.
Stage 2: Create predefined tags
You can create predefined tags in the Resource Management console based on your tag planning. When you add tags to resources, you can select tags from the predefined tags without the need to manually enter them. This ensures the accuracy of operations such as resource classification and permission assignment. For more information, see Create a tag.
For example, you can create a predefined tag whose key is CostCenter and value is Beijing or Shanghai.
Stage 3: Add tags to resources
Add tags to newly created resources
Add compliant tags when you create a resource
Create a tag policy to enable pre-event interception of non-compliant tags.
You can use the pre-event interception feature of tag policies to ensure that compliant tags are added when you create a resource. Otherwise, the resource fails to be created. For more information, see Enable pre-event interception of non-compliant tags.
For example, you can create a tag policy to define that the
CostCenter:BeijingorCostCenter:Shanghaitag must be added when you create Elastic Compute Service (ECS) instances. When you create an ECS instance, if you add a non-compliant tag such asCostCenter:beijingorCostCenter:Shenzhenor add no tags to the instance, the instance fails to be created.
Add a tag when you create a resource.
Console
When you create a resource in the console of an Alibaba Cloud service, add tags to the resource. For more information, see the documentation of the Alibaba Cloud service.
For example, when you create an ECS instance, you can add a tag to it. You can directly select a predefined tag key and a predefined tag value to add a predefined tag to the instance. For information about how to create an ECS instance, see Create an instance by using the wizard.
API operation
When you create a resource by calling the related API operation of an Alibaba Cloud service, you can specify tags by using the related parameters to add tags to the resource. For more information, see the documentation of the Alibaba Cloud service.
For example, when you call the RunInstances operation to create an ECS instance, you can use the
Tagrequest parameters to specify tags to be added to the instance.
As a tag policy is configured in the previous step, the ECS instance fails to be created if no tags or non-compliant tags are added to the instance. The following figure shows the error message reported for the failure.
Enable createdby tags to be automatically added when you create a resource
createdby tags can help you analyze costs and bills and manage the costs of cloud resources in an efficient manner. You can identify the creators of resources based on the createdby tags added to the resources. You can enable createdby tags based on your business requirements. After you enable createdby tags, the system automatically adds createdby tags to newly created resources. The tag key of createdby tags is acs:tag:createdby. The system does not add createdby tags to the resources that are created before you enable createdby tags. For more information, see Overview of createdby tags and Enable createdby tags.
createdby tags are system tags. You cannot manually add them to or remove them from resources. createdby tags are not included in the number of tags that can be added to a resource.
Add tags to existing resources
Manually add tags
Console
Add tags to an existing resource on the Tag or Resource Search page of the Resource Management console, or in the console of the Alibaba Cloud service to which the resource belongs. You can add tags to multiple resources that belong to different services or reside in different regions at a time on the Tag or Resource Search page of the Resource Management console. The following figure shows how to add tags to existing resources on the Tag page of the Resource Management console. For more information, see Add a predefined tag to existing resources.
API operation
Call the TagResource operation provided by the Tag service or a tag-related operation provided by an Alibaba Cloud service to add tags to an existing resource. The TagResource operation allows you to add tags to multiple resources that belong to different services at a time.
Enable automatic tagging
Tag inheritance of associated resources
Resource Management provides the tag inheritance feature for associated resources. When you manage the tags of a primary resource or establish relationships between the primary resource and other resources, this feature enables the associated resources of the primary resource to automatically inherit the tag changes that are made to the primary resource. This improves O&M efficiency and reduces tag management costs. For example, when you add a tag to or remove a tag from an ECS instance, the tag is automatically added to or removed from the cloud disks, elastic network interface (ENI), and elastic IP address (EIP) of the ECS instance. When you attach a cloud disk to the ECS instance, bind an ENI to the ECS instance, or associate an EIP with the ECS instance, the cloud disk, ENI, or EIP automatically inherits the tags of the ECS instance. For more information, see Tag inheritance of associated resources.
Tag policies
You can create a tag policy and select the desired scenario in the policy to implement automatic detection of non-compliant tags, automatic remediation of non-compliant tags, or automatic tag inheritance from resource groups.
Policy scenario
Description
References
Add Tags with Specified Tag Values to Resources
In a tag policy, you can specify tags that must be added to resources. You can also enable features such as automatic detection and remediation for non-compliant tags based on the execution modes you specify for the tag policy. This improves tag management.
Match Tag Values with Specified Regular Expression
You can specify a regular expression in a tag policy to limit the format of tag values. Tag values that do not match the regular expression can be automatically remediated.
Automatically Inherit Tags for Resources from Resource Groups
After you add tags to a resource group, you can configure a tag policy to use the automatic tag inheritance feature. This feature allows resources that are added to or created in a resource group to automatically inherit the tags that are added to the resource group. This way, tags can be quickly added to resources in the resource group at a time.
CloudOps Orchestration Service (OOS)
You can use a public template provided by OOS to create an execution to add multiple tags to multiple resources at a time. For more information, see Use OOS to add multiple tags to resources at a time and Use OOS to add tags to multiple ECS instances at a time.
Stage 4: Use tags
Search for resources.
You can add tags to resources and search for resources based on the tags in the Resource Management console or by calling a tag-related API operation. For more information, see Use tags to query resources.
Allocate costs.
You can plan tags for your resources from different dimensions such as region, department, environment, and project. Then, you can use the Cost Analysis and Split Bill features provided by Alibaba Cloud to manage costs. For more information, see Use tags to allocate costs.
Implement automated O&M.
You can add different tags to resources in different environments, resources that run different operating systems, or resources on different mobile platforms. The environments include the production environment and test environment. The operating systems include Windows and Linux. The mobile platforms include iOS and Android. Then, you can create a template in CloudOps Orchestration Service (OOS) and execute the template to implement automated O&M for your resources. For more information, see Use tags to implement automated O&M.
Control access to resources.
You can use tags in Resource Access Management (RAM) to manage the access and operation permissions of RAM users on different resources. For more information, see Use tags to control access to resources.
How can tags be planned for multiple Alibaba Cloud accounts?
If your enterprise uses multiple Alibaba Cloud accounts, we recommend that you create a resource directory, add the accounts to the resource directory as members, and then use the Account Factory feature provided by Cloud Governance Center to create a predefined tag or enable createdby tags for multiple members in the resource directory at a time. This improves the efficiency of planning tags in multi-account scenarios. For more information, see Use Cloud Governance Center to enable createdby tags for multiple members in a resource directory at a time and Use Cloud Governance Center to create a predefined tag for multiple members in a resource directory at a time.