CloudForecast's AWS Tagging Compliance Report
Ensuring your AWS resources are being tagged properly is a vital part of an organization’s AWS cost monitoring and optimization processes. With AWS tags in place, organization’s can easily map out where their costs are coming from and make quick correlation on possible cost increases.
This is all great in concept if everyone follows the rules, but we’ve found from our users that maintaining tagging compliance is a very difficult and tedious process. It can almost feel like playing whack-a-mole and doing a lot of deep detective work to figure out where the gaps are, or what resources are not being tagged properly. Here are the common problems we’ve seen talking to our users:
- What should be my compliance %?
- Typos in tags
- Upper case vs lower case
- What TagKeys do we start with?
- Where do we even start?
- What resources are un-taggable?
CloudForecast’s Tagging Compliance Report
After learning about the common tagging problems from our users, we decided to build an easy to understand report to help our users with the following:
- Know what their current compliance %
- Identify where the gaps are in terms of compliance
- Report on costs by TagKeys and Tag Value
- Full breakdown of costs by un-taggable resources
- Get a full list of all your untagged resources based on your tagging policy.
Enter in your Tagging Policy
The first step with our Tagging Compliance Report is to enter in the tagging policy that is to be enforced in the app. We make it simple and easy to enter in user’s TagKey and related TagValue. We also give an option to make each TagKey required or optional.
Need help with your Tagging Strategy?
We wrote this article to help you get started: AWS Tags Best Practices and AWS Tagging Strategies
Review Excel Report
After the tagging policy is in the app, our system will then begin to create the first report via excel and have it sent via email. Within this report, there are a few sheets that help break down tagging in different dimensions:
Tag Compliance- Overview
In the Tag Compliance- Overview sheet, compliance % and monthly cost data provided through overall tagging compliance based on the policy, compliance by each TagKey, and compliance by product/service.
Why is this helpful? With this data in hand, user’s can easily see what specific areas where they need to focus on and where the gaps are when it comes to tagging. Perhaps EC2 is doing well in terms of compliance %, but RDS and Redshift lagging behind. This sheet will help quickly surface those areas of low hanging fruit.
Even if tagging is in order, user’s can now use this report as a health-check to easily help you maintain your compliance.
Non Resources Based Charges
Within AWS, there are a whole bunch of resources that are not un-taggable. If that is unknown, this can be a difficult and tedious task to figure out what they are within the AWS docs. This sheet will show user’s all their resources that cannot be tagged and broken down by total charges for you.
Tag Key-Value Charges
In the Tag Key-Value Charges, we break down user’s monthly costs by each Tag Value within each Tag Key. This is incredibly helpful if user’s need to map back charges to a team, or if they need to do charge backs by TagKey + TagValue. Example: User’s can easily identify which Team is costing them what if that is a TagKey being enforced.
Non Compliant Resources
Finally, this is one of our users favorite reports. With their tagging policy applied, this is full list of their top 1,000 resources that are not following policy. Within this report, we give them the exact ResourceID, ProductName, Regions, Total Charges last 30 days and finally what TagKey is Missing. In addition, we also provide a TSV file of all their untagged resources that is not limited to their top 1,000. We’ve generally found that if they focus on their top 25 resources in terms of cost, this can easily increase their compliance %.
We work with many of our users directly to help them get started with their tagging compliance journey. If there is a data point they are looking not in this feature, our users often message us with one-off reporting requests. As long as we have the data, we can typically provide an one-off analysis or report. The most common problem we get are finding TagKeys with typos and or the wrong case. Provide us with a few examples and/or RegEx, and we’ll see how we can help.
With all that said, it is difficult to get full 100% compliance when it comes to tag. The users we’ve talked to who have done a great enforcing their tagging policy land anywhere between 50-70% of their resources being tagged properly. Even at that 60-70% compliance, this provides solid visibility with cost monitoring and breakdowns.
The key goal with this our Tagging Compliance feature is to help user’s implement the best practices when it comes to tagging within their AWS environment. We find other tools have their own “internal” tagging feature apart from AWS, which is really not following the best practices. These features are simply designed to “lock” user’s in to the application.
If increasing your tagging compliance is a priority for 2021, feel free to reach out to us and schedule a 30-min Free Tagging Assessment call with us. We would love to see if we can help, provide some initial guidance, and bounce some ideas around with getting started on tagging your resources: