AWS Knowledge Center Live: Tagging AWS Resources

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] [Music] [Applause] [Music] [Applause] [Music] [Applause] [Music] [Applause] [Music] [Applause] [Music] [Applause] [Music] hi i am padma maligarjanan i am an enterprise support manager at aws and i am based out of austin texas welcome to aws knowledge center live where we share best practices and troubleshooting tips from aws support joining me today is ep komarla and michael beck can you give us a quick introduction ep and michael sure thanks padma i'm very happy to be here i am ep kumarla i'm one of the senior technical account managers based out of bay area in california i have been with aws for last four years in this capacity i work with a few very large enterprise customers based in the area so i have been working with them on a lot of practices around tagging many of them have actually benefited very significantly by using tagging practices and adapting some of the concepts that we are going to talk about today [Music] and uh i'm michael and i'm an enterprise support manager for aws uh i've been here for a couple last couple of years originally started out as a tam now i have the opportunity to be able to lead a team in the bay area san francisco california thank you ep and michael today we're going to be talking about tagging your aws resources and the benefits of tagging such as visualizing your costs based on those tags before we get into the details a quick note to our attendees online feel free to use the chat window on the right hand side of your screen to share your thoughts with us and ask your questions throughout the episode we look forward to hearing from you michael can you walk us through what we're going to be talking about today yeah thank you padma um i personally am very excited about this topic because i've seen the power uh that a number of customers have been able to leverage through tagging their aws resources and i think it's really important a lot of uh customers and people maybe don't think about tagging early enough uh as part of their cloud architecture but it is definitely something that they should think about very early on so here's just a few of the things that we're going to be going over of course we're going to talk about what is a tag helpful to know what it is that we're talking about and then we're going to talk about use cases if you've ever had the pleasure of working with a technical account manager or solutions architect you know one of the first things that they're going to ask you is so what's your use case so we're going to talk a little bit about that going to talk about aws generated cost allocation tags or using aws tags as part of your cost allocation talk about user defined tags as well as creating and managing tags and tagging best practices interspersed in here ep is also going to have a number of demos that he's going to go through to give us a look at what this all is like in the aws management console so let's go ahead and dive right into what is a tag a tag is metadata which is assigned to resources by aws or by customers if they're a customer created tag and it consists of a key and a value and you might be familiar with key value pairs if you're used to in some types of development working with data key value pair data stores basically the same thing you have a key a tag key which says what it is and then you have a number of values obviously which is the value so we've got some examples up here of where you might use of types of common keys and values environment right you might have production and qa test dev staging anything like that deployment perhaps like the deployment type is it is it a blue is it a green or whether or not you're using something like aws cloudformation and then we also have cost centers so this is good for looking at how you allocate your resources who's using them and ep will talk about that a little bit later on when we're talking about cost allocations cost explorer and then also say department again this is a great way to be able to segment your resources within aws and to be able to define and report based off of what department might be using those resources so here i'm going to just run through what the common use cases for tagging are overall and i'll start with where most people do which is the aws management console so by default that is organized by service however if you use resource groups it's a tool that allows customers to create a console view that organizes and consolidates the aws services and resources across many services and regions so instead of going from looking at say ec2 and looking at the instances in usc 1 then you could see all of not just your ec2 instances but s3 buckets and so on and we'll cover this some more of that when we get into the demo cost allocation which is another really good thing obviously it's really important to know what you're spending on with aws and so it becomes as you get larger and larger and your business grows obviously knowing where your costs are is important as for a project or a line of business or an environment for automation so you can use tags to do a lot of different automation activities such as stopping and starting say non-critical resources on evenings and weekends to save on your costs you can also use a service like aws systems manager to be able to patch systems at different times based on tags indicating say their environment or even their schedule and then for operation support tags can be used to integrate support for aws resources into day-to-day operations it service management processes such as incident management you could have tags which indicate a system's priority and then when a case comes in or you know a ticket comes in in the triage process you could use those to execute a specific workflow to send them to the right team in order to be able to respond faster and then let me see for access control we've got aws identity and access management and then you have policies which support tag-based conditions enabling customers to constrain the access to their specific resources based off of the roles uh defined in the tags such as say operations or finance right you could say that you want them to access certain resources or you don't want them to access certain resources and then lastly uh security risk management right so security is our number one focus here at aws and it is usually the top focus of customers as well and so what this allows you to do is you could tag say different amazon ec2 instances based off of the sensitivity of the data that they handle or the process that they do and then this allows you to enable certain types of compliance checks to ensure that the proper controls are in place so uh next i'm going to go ahead and hand it over to ep talk more about aws generated cost allocation tax sure thanks uh michael so let me go over uh some of the aws generated uh tags so there are two types of tags some of the tags are generated by aws and some of the others are created by the users so a couple of points to keep in mind about these aws created tags first is only the master account can activate these tags so that is a very important uh point to keep in mind this activation either has to be done with a from the master account with the im user or as a iam role and this need to be activated in the im aws billing and cost management console and once you do that it will be applicable to all the member accounts that's an important key point to keep in mind second point is any users cannot modify any of these aws created tags all the aws created tags will have the prefix aws column and these will not count towards the the number that we have specified the user created tax is limited to 50 but the aws created tags do not count towards that number that's something to keep in mind still you can create 50 of them and the created by tag is applied only to resources once they are activated that is something to keep in mind so if you like activate these tags that say today any resources that are created henceforth will have this tag but not the resources which were there in the system prior to this point on so something to keep in mind so padma over to you do you have any questions or comments from the chat at this point quickly checking the chat window i do not see any questions please feel free to post questions over here we have ep and michael here experts on this topic who will answer questions for you throughout the episode but i do have a question here um interesting concept now if i have an application where i want to apply say multiple values per key or even tag the same resources with the same key twice is it possible uh no the tag keys have to be unique say if i have a tag key called cost center that has to be unique so one thing to keep in mind which michael is going to talk about the tags are case sensitive if i have all lowercase cost center and then let's say i have another tag key called cost center with a capital c those two are considered two different ones so that is something but i can only have the same tacky ones only does that uh answer your question uh that does okay so case uh case sensitivity as well as unique keys thank you for that um and also on the topic you were just talking about um are there additional steps that i need to take to ensure that the tags flow into the aws billing and cost and usage report or does it flow automatically a very good point so yes all the tags that we need to enable them in the from the billing perspective you need to activate them in the billing console uh that is what is uh i'm going to show it in a demo which is coming up now so only after we activate them uh we can see them in the billing and cost management console and also in the cost explorer got it uh thank you ep and also to our audience online i will be posting links uh relevant to the topics we are discussing throughout the show um so feel free to follow the links as well and post your questions and we will address them for you here uh over to you ep and michael sure so let me go to the uh can we go to the next i think next is the demo correct yep okay so let me show you a demo of uh how to enable these tags in the billing and cost management console so this is the main screen for the cost management console if you see here on the left hand side you have the cost explorer as well as on the billing you have cost allocation tax so what you need to do is to enable the tax prior to using them as i mentioned just a moment ago so this cost billing and cost management console is a very useful tool to look at your bills as well as your costs so both to analyze your cost and also to visualize your costs and you can slice and dice your numbers in a variety of ways so however before you using all the cost explorer and billing console you have to have this prerequisite so as i mentioned uh here is this aws created by tag and this tag need to be activated so on the right hand side you will see is it active or not so you need to activate it for the sake of this demo i have active activated these tags prior to this recording so if you see the other tags these are all the user created tags these include name owner car center and also environment i have activated these as well couple of points to remember this activation could take as much as 24 hours once you activate these tags for this data to flow into the cast explorer and billing console it can take up to 24 hours so uh that is something to keep in mind and the second point to reiterate this has to be done by the uh from the master account so this is the cast explorer demo uh so the this is the landing page in the cast explorer you have a set of options to visualize your costs on a periodic basis say here is the cost numbers how they are looking for over last six months on a monthly basis across all the different services and on the right hand side you will see a set of filters so for based on the service on your linked accounts aws region and then you have a different cost categories and also on the tags so for this demo let's go and adjust our time period to start with so right now we have showing it as february 1st to july 31st let's make this change to include some of the days in august as well so now i have included the first 19 days of august and here are the different services uh and the corresponding cost so let me narrow down to only one of the service which is of interest to us which is easy too so here i am showing that the cost explorer you can filter your cost for different regions so here you can select us east virginia as well as u.s west oregon and when you select it appropriately the regions appear and correspondingly you can also use the different tags as well as your services as well so here is how you use the tags when i select the tag and then the tag key shows here and the corresponding values what i am interested i can select so when i select it and apply these filters so this is the key value so what you see is these are the cars across these two regions us east and u.s west oregon these are the cost for one for ec2 instances and then this is for the easy to other so that's how you can filter your costs using the tags you have allocated to your various resources and then you can also use tag category to organize your resources based on tags but we are not going to talk about the cost category in this demo we are focusing primarily on the various tag options so here is another report for a tag called auto delete so when i select this particular tag so here are the resources which match these this particular tag so likewise you can filter on car center for your different environment or for your uh based on the type of uh deployment whether it is a containerized or for ec2 likewise so for various use cases you can filter accordingly all right thanks ep i appreciate that demo on on using tags and cost explorer so the next thing we're going to get into here is talking about user-defined tags and so there's a one question talking a little bit about uh from the griever for the 500 tags including aws tags or it's the same time so we'll be i'll be sure to touch on that here uh as you can see at the bottom of the slide but i'll start off with talking about that the ability to define your own tag keys and values is very flexible as you see you've got 128 characters to do length for the key 256 for the value so you can stuff a lot of information in detail into there the allowed characters are probably what you would expect they're alphanumeric along with spaces and a few other special characters and this is true across pretty much any service or resource which supports aws tagging there are some differences not all services support tagging and there is a list available for that which padma will drop into the chat and you can go and look up there and see what tags you can use and how you can use them with the various services and resources so this is where we'll touch on the the number of tags limitations so the maximum number of tags you per resource for user defined tags is 50 so on any one resource it is you you can supply 50 tax the 500 tags is for the aws generated cost allocation tags and for the billing so the 50 of the user allocated tags that's on a per resource basis the 500 tags we were talking about earlier is for billing as ep just showed where you have to go in and activate your tags to be able to use them for your billing and cost management that's the 500. so hopefully that answers that question if not feel free to follow up in the chat and i can circle back on it and then the last thing i'm going to touch on is what ep had already mentioned is that for each resource each tag key must be unique so if you have a tag key of environment and let's say it's production and then you try to apply another tag key of environment called test then that second application is going to fail be or that second add of the same tag key is going to fail what you would want to do is edit or modify that existing tag to change that environment tag value from production to let's say staging so now we're going to talk about creating and managing tags so obviously the first one that you would think of is when you're creating your resource so so during creation you can apply tags whether you're using the aws management console or if you're doing them say through the api or an sdk or using a service such as aws cloud formation inside of your template and when you create that stack you can define the tags that you want to apply on those resources for after creation there's uh the tag editor which is uh my personal favor favorite i think it is extremely powerful it allows you to do things such as create a query for different services and different resources across regions so if you're really familiar with the aws management console typically you'll select a service say ec2 and then you'll also select the region where you want to manage those instances so using tag editor it's really powerful because you can go in there and do it across region so i really like that feature and of course you have access to the ada aws resource screen api and also have the tagging functionality that is within each services api to be able to apply and manage tags for those resources so one thing um just going to wrap up here on the aws resource group tagging api this is different from tagging resources so these [Music] and as ep showed earlier that's where you have the tag editor and then later on we'll be showing tag policies which is inside of the same portion of the console and that allows you to do things such as tag and untag searching for the resources and you can create compliance reports both in the console and in the api and the last thing i want to do a call out on is the fact that they are against a single region so constable like i mentioned earlier in the la crosse regions but when you're using the resource tagging api that operates against a specific region so padma do you have any questions out there michael thank you and uh thanks for uh addressing some of the questions thank you for your questions um um user acor smx as well as user the griever thank you so much for your questions uh if you have any follow-up like mic itself please put it on the chat window we do have a follow-up question here from ybov nj the question is can you talk about tags in the context of a vpc and are these cost tags available per account per vpc so i did post a link and a little bit of information around the around tagging your vpc resources you can tag vpc resources you can also tag them on create these applies to your resources like vpc network interfaces and there's a lot more information in the link that i provided if you follow on to the documentation page um anything else you want to add to that michael or ep so michael you want to go on no go for it ep ah sure so a very good question padma so vpc uh can include multiple entities like subnets not gateway internet gateway and bastion hosts so you can have each of these entities in it themselves can have tax and the vpc itself can also have tax that could be the vpc endpoints vpc customer gateway all of them can have their own tags as well so that way you can have a very fine grain tagging policy for all your resources [Music] got it thank you so much for for that uh ep uh any additional questions please continue posting your questions on the chat window um and i'll also keep sharing links as we uh continue the conversation um so back over to you michael and ep sure so let me walk through the demo now uh this is the tag editor which michael talked about tag editor is a very useful uh tool uh one of the common questions i get from our customers is i get a lot of resources across multiple accounts in multiple regions how do i make any kind of changes even how do i see what tax i have on these resources so the tag editor is a very useful tool for this so how do you access it from the main console you need to go to the resource groups when you come to resource groups one of the tool is tag editor the tag editor is a global service you can select different regions different aws regions and also it gives it has an option to select the kind of aws resources which i am interested in so all the resources majority of the resources are covered there are few which are not covered but in this case uh in this demo i am choosing a ec2 uh instance and the tachy i'm interested is called environment and the value i am interested is production so basically i want to search for all the resources which have this tacky environment as production my production instances in u.s east one region and when i search on this uh here you go so i got the six instances listed out as part of this search so now i can make global changes to these tags so i can go and create a tags for all these instances in one single operation so here i'm adding another tag so let me add another tag called new tag add it and the value i'm going to give it as new tag value and i'm going to apply these changes so here is the changes that have been added here one thing to remember when we sub when we say apply these changes it could take a moment especially if i am doing this operation across resources across multiple regions it could take some time so before you switch to a different screen make sure that this operation successfully completes otherwise this operation may not be complete on all the resources so which is a very something to keep in mind when you are making these edits so here i am going back to the same selection so let me go back to one of the instances so this is my ec2 instance screen and here is the when i look at the tags i see that the new tag which has been added it is called new tag added and the corresponding value is showing up so that means my edits are successful so i can go back and do the same operation so now i can go and delete all these tag which i have added just now so i'm deleting this operation in all the seven instances so very simple very easy to manage and uh so this way you can look at all your resources in one single uh console second i'm going to show is the tag policies which we will come to uh in the next demo i will defer that for a couple of minutes and the other feature i would like to talk about is create a resource group resource groups can be either tag based or it could be based on the cloud formation stack based when we select the tag based what we are doing is we are building a logical grouping of all your resources based on their tag keys and their corresponding values so as michael said uh previously tags can be used for variety of operations and also for automation if you want to do any kind of operations across a group of resources you can use this resource groups as a logical grouping and then you can do this operations in one single entity so that way you do not have to worry about individual elements and then say i want to uh all the dev resources in u.s east one can be shut off at say six o'clock uh eastern time for instance as an example so here i am creating a group called finance department development environment so my group is created and so when i see here these are all the resources associated with that resource group so are there any questions in the chat at this point uh yes i do see a follow-up question and i see uh michael you have answered it as well uh so the question was uh are tags unique across vpc and accounts and if you generated a report uh how would that look like across the accounts uh thanks for uh answering that question you can use the same tag key across accounts so thank you for answering that michael um and um i will also post another link a follow-up to your question it talks about the tagging because in case you're looking at the next step vpcs and pairing vpcs across regions and accounts and so on it talks about the best practices in there so just as an additional information i will post that on the chat window as well um so that those were the questions on the chat window a quick question for you ep if i have multiple aws resources and i'm planning to migrate the workload let's say i'm going from a dev to broad and across regions how do i modify these tags across many aws resources at the same time yeah so that is a one of the common use cases customers face with the tag editor which i showed is a very useful way so i can make a logical grouping of my resources as i am moving the resources from say on prem to say aws and then i can use the resource tag editor and the resource groups to make tags uh edit the tags on all these resources in one single got it operation thank you so much um back to you [Music] thank you padma so next thing i'm going to talk about is tagging best practices this is another one of the things that came up in the chat and so i'm going to talk about a few different things here we've already touched on a number of times the fact that you want to use standardized policy for the case of the tag keys uh and the values uh and i know we've mentioned this a few times but it is really important because if you say have environment with which is all lowercase or and somebody else does environment with an uppercase e those are two different tags so when you go to run a report or manage the resources they're not going to show up the same now if you saw when ep was going through the demos there is a suggestion box that will pop up so when you go and click into it it's going to provide you the list of already defined tag keys and then when you pop over to values it'll do the same and then as you start typing it will also auto filter that list for you so that helps guide you and and keep you on track and make sure that you're staying consistent but if you're in a large organization and you have dozens or hundreds of tags because you're managing them across multiple dimensions and for dimension i'll just mention that this is something for example say security or cost center or project right that's a dimension of your tags so it's just really important that you set out these standards from the beginning as i mentioned at the top of the show when i was talking about making tagging a part of your architecture discussion and decisions when you begin your cloud journey one of the things that i like to say is to taggerly tag often and that's because you really want to start tagging in the beginning now you don't want to go overboard and just start dropping dozens and dozens of tags on every resource from day one because that could get a little confusing you can all they can always grow with your organization and with your use cases as i said we love the term use cases and so as you add these tags and as you develop these resources your standards and your policies and your methodologies they're going to change over time so it's really important that you keep your tags up to date both in terms of the keys and the values it's something that's going to evolve it's like a living document um so these are some of the general best practices uh since there was a question though that specifically wanting me to dive a little bit deeper into this i am going to spend a minute talking about some general concepts so all of the aws generated tags have that aws colon on the front of them and so one of the ones that ep talked about was created by so once you start applying these tags and these aws resources you're going to have this aws colon created hyphen by tag key and then you're going to have the value and from there you can define all of the aws generated tags because they've got that prefix on them that aws colon so a good recommendation is to have all of your tags as part of your naming standard and convention is to perhaps start with your organization and then that way you would know that those tags were user created and not aws created so you'd have my company colon environment my company colon cost center or cost hyphen center um that's going to determine you know whether or not you're using uppercase lowercase camel case snake case whatever you do everybody has their own ideas to what they prefer and how the works best for them use whatever is comfortable that is entirely up to you and your organization just make sure you define one and that you stick with it and that you're consistent uh so that's one of the kind of tips or hints that i would give you when talking about creating a strategy is is using that organization colon whatever it is you're trying to define perfect so now we're going to go ahead and jump into ep you've got a demo for us on tag policies yes a couple of points to add to what michael said uh in the last point the both aws organizations which we are going to show uh for creating tag policies as well as uh tax in general do not cost anything something to keep in mind there is no cost associated however number of tags you have on your resources there is no cost as well as the organizations to creating any kind of attack policies so what i am going to demo next is the concept of tag policies the tag policies were introduced especially the enforcement part was introduced in the last reinvent a very powerful tool so this is one of the key asks from my customers hey i have a lot of business units how do i ensure that my all the teams are fulfilling or meeting my uh same standard for tags across all the resources so that is their main ask so in order to do that we can go first to the organizations organizations is a service to organize your accounts and to visualize all your accounts in a single pane of glass across all your regions very useful and again as i mentioned there is no cost for using this service so first what we need to do is you here is my account if you see on the right hand side you have a set of policies you have service control policies and tag policies and then you have ai services policy as well as backup policies so for this demo we are focused on the tag policies so so if you click on it there is no policy created at this point so let me show you how to create a policy so here you can go to the tag policy the tag policy is enabled and the other two are disabled at this point so let me give a name so i'm naming the policy as a tagging policy live and give a description and next here are the key criteria for my uh policy so first is the tachi which i am interested in so in this case i am interested in the tacky environment the second point is about the capitalization compliance as we mentioned a few times tags are case sensitive so if i want this stack policy to look for compliance to my capitalization i can select this option i'm going to select this option by default it is not so if i have a a lowercase tag and an uppercase one it will be considered the same but if you have this options enabled it is going to have a strict capitalization criteria then the second one is what are the supported values for this tacky so here i can specify the allowed keys so the first value is production second is qa and next is the dev and the this option tells me if i'm allowing any kind of resources created with this non-compliant operations so say i'm going to prevent any kind of resources being created which do not comply to this policy and here i can specify what resources i am uh interested in applying this policy on so for this demo i'm going to pick ec2 so in ec2 it shows all the different options available to me i'm going to focus on pc2 instances i'm going to create the policy let's see the details so here is the name and then the description and the corresponding id and iron here is the json version of this policy it is showing the tag key which is environment and the tag values which are what we specified production qa and dev and then the last section shows what is this policy enforced on it is enforced on all ec2 instances so that's what we wanted to create once the policy is created i am going to attach this policy to my account it is attached now now i'll go to my ec2 console this is my easy main console page let me show creating an instance from the console let me pick up the first ami available i'm going to take the default options here and adding the tags here let me add a tag environment and i'm going to give the value as production with the capital p and i'm going to launch it i'm going to allow my key and i'm going to launch aha so what you see the launch fails the tag policy does not allow the specified value for the following tacky environment so it did not allow because the tag value what i ascend production with a capital p did not meet the criteria what i have specified in the tag policy which is what i want now go back and then i'm going to edit the tag and there's that auto filter that prompt i was i was mentioning earlier to help you yes all right so this time the launch is successful so couple of things to keep in mind when we create these tag policies the tag policies have to be done from the master account uh and then you can apply these policies to any of this organizational units if you i apply this policy to an organizational unit all the accounts beneath that organization unit will also inherit that same policy if i apply this policy to the master account which is the root account all the accounts in that entire organization will inherit since it is a very powerful criteria uh policy and um also it could impact others from creating these ins resources or not so before you attach these policies make sure that you test it it is very important that you test it with some test account and verify that your policy is works fine before you going ahead with deploying it across your organization so that completes this policy so now let me go back to the previous one i want to show quickly hey uh thank you ep for the demo i'm just looking um i think we are right at about time so i want to make sure that we have answered all the questions that we have on the chat window as well um that was a that was a wonderful demo thank you so much um so everyone online um we looked at the tagging the aws resources and we looked at demo for using a couple of tools and demo today so we looked at how you can use it to use tagging to organize your aws bill to reflect a cost structure that's meaningful to your business decisions and so you can make some of those informed business decisions um if there are any questions today that were not answered then please post your questions on forums.aws.amazon.com uh you can also email us any feedback or questions at kc live at amazon.com and you'll see that email are just posted on this window here thank you for joining us at knowledge center live and happy cloud computing thank you

Info

Channel: Amazon Web Services

Views: 2,590

Rating: 4.8709679 out of 5

Keywords: AWS, Amazon Web Services, Cloud, AWS Cloud, Cloud Computing

Id: MX9DaAQS15I

Channel Id: undefined

Length: 57min 43sec (3463 seconds)

Published: Wed Aug 26 2020