You can create a tag policy and use this tag policy to standardize the tags that are added to your resources.
Procedure
Log on to the Resource Management console.
In the left-side navigation pane, choose .
On the Policy Library page, click the Resource Directory or Current Account tab.
NoteIf the Tag Policy feature in resource directory mode is disabled, skip this step.
Click Create Tag Policy.
In the Basic Information section, configure Policy Name and Policy Description.
In the Policy Details section, configure the policy details in one of the following modes:
Quick Mode (recommended)
Select a policy scenario and configure rules based on your business requirements.
Add Tags with Specified Tag Values to Resources
In a tag policy, you can specify tags that must be added to resources. You can also enable features such as automatic detection, automatic remediation, and pre-event interception for non-compliant tags based on the execution modes you specify for the tag policy.
Parameter
Description
Tag Key
Enter a tag key.
Specify Allowed Tag Values
The tag value that is allowed for the tag key. You can specify multiple tag values. You can also use an asterisk (*) as a wildcard to indicate any tag values.
Policy Execution Mode
Post-event Detection
Post-event detection is the default execution mode of a tag policy used in this scenario. You can enable the following detection rules based on your business requirements. You can view the detection results on the details page of the related effective policy.
Specify Resource Types for Detection: By default, post-event detection is performed for all the supported types of resources. You can specify resource types based on your business requirements. If you specify resource types, post-event detection is performed only for the specified types of resources.
Specify Resource Groups: By default, post-event detection is performed for resources in all resource groups. You can specify resource groups based on your business requirements. You can specify up to 20 resource groups.
NoteThe Tag Policy feature in resource directory mode does not support the Specify Resource Groups parameter.
Specify Region Scope: By default, post-event detection is performed for resources in all regions. You can specify regions based on your business requirements. You can specify up to 20 regions.
Specify Tag Scope: You can specify a tag scope based on your business requirements. After you specify a tag scope, post-event detection is performed only for resources with the specified tags. The tags you specify have an AND relation. You can specify up to 20 tags.
Specify Regular Expression of Resource Names: You can specify a regular expression based on your business requirements. After you specify a regular expression, post-event detection is performed only for resources whose names match this regular expression. For example, you can specify the regular expression
abc-.*. This indicates that post-event detection is performed for resources whose names start withabc-.Automatic Remediation: If you select this option, the system automatically remediates non-compliant tags. You must specify a scope for each tag value that you want to enable automatic remediation. The scope for each tag value must be unique.
Pre-event Interception
When you create a resource or add tags to an existing resource, the system performs a check. If the tags defined in the tag policy are not added to the resource, the resource creation or tag addition operation fails. For more information, see Enable pre-event interception of non-compliant tags.
Match Tag Values with Specified Regular Expression
You can specify a regular expression in a tag policy to limit the format of tag values. Tag values that do not match the regular expression can be automatically remediated.
Parameter
Description
Tag Key
Enter a tag key.
Specify Allowed Tag Values
Enter a regular expression to limit the format of tag values.
Policy Execution Mode
Post-event detection is the default execution mode of a tag policy used in this scenario. You can enable the following detection rules based on your business requirements. You can view the detection results on the details page of the related effective policy.
Specify Resource Types for Detection: By default, post-event detection is performed for all the supported types of resources. You can specify resource types based on your business requirements. If you specify resource types, post-event detection is performed only for the specified types of resources.
Specify Resource Groups: By default, post-event detection is performed for resources in all resource groups. You can specify resource groups based on your business requirements. You can specify up to 20 resource groups.
NoteThe Tag Policy feature in resource directory mode does not support the Specify Resource Groups parameter.
Specify Region Scope: By default, post-event detection is performed for resources in all regions. You can specify regions based on your business requirements. You can specify up to 20 regions.
Specify Tag Scope: You can specify a tag scope based on your business requirements. After you specify a tag scope, post-event detection is performed only for resources with the specified tags. The tags you specify have an AND relation. You can specify up to 20 tags.
Specify Regular Expression of Resource Names: You can specify a regular expression based on your business requirements. After you specify a regular expression, post-event detection is performed only for resources whose names match this regular expression. For example, you can specify the regular expression
abc-.*. This indicates that post-event detection is performed for resources whose names start withabc-.Automatic Remediation: If you select this option, the system automatically remediates non-compliant tags. You must specify a scope for each tag value that you want to enable automatic remediation. The scope for each tag value must be unique.
Automatically Inherit Tags for Resources from Resource Groups
After you add tags to a resource group, you can configure a tag policy to use the automatic tag inheritance feature. This feature allows resources that are added to or created in a resource group to automatically inherit the tags that are added to the resource group.
Parameter
Description
Tag Key
Enter a tag key.
For Tag Policy in single-account mode, you can click View Resource Groups with the Tag Key to view the resource groups to which the tag key is added.
Specify Resource Types for Detection
By default, all the supported types of resources are detected. You can specify resource types based on your business requirements. If you specify resource types, post-event detection is performed only for the specified types of resources.
Specify Resource Groups
By default, resources in all resource groups are detected. You can specify resource groups based on your business requirements. You can specify up to 20 resource groups.
NoteThe Tag Policy feature in resource directory mode does not support the Specify Resource Groups parameter.
Specify IDs of Resources to Be Excluded
You can specify the IDs of resources that do not inherit tags from the resource groups to which the resources belong. You can specify up to 20 resource IDs.
Specify Region Scope
By default, resources in all regions are detected. You can specify regions based on your business requirements. You can specify up to 20 regions.
Specify Tag Scope
You can specify a tag scope based on your business requirements. After you specify a tag scope, post-event detection is performed only for resources with the specified tags. The tags you specify have an AND relation. You can specify up to 20 tags.
You can click Add Policy Scenario and Tag Key to configure rules for multiple policy scenarios and tag keys.
JSON
In this mode, you need to specify the policy details in the JSON format. If you have high requirements for tag policies, use this mode. Before you use this mode, you must have a command of the syntax of a tag policy. For more information, see Syntax of a tag policy.
Click Create.