Tagging
The Data Landing Zone implements a mandatory tagging strategy across all accounts and resources. This ensures that resource costs can be tracked and the responsible creators can be identified.
The following AWS services are utilized to enforce an effective tagging strategy:
- An AWS Organization Tag Policy at the account level.
- A Service Control Policy (SCP) at the account level, which enforces that all CloudFormation (CFN) Stacks must include these tags upon creation.
- An AWS Config rule that checks for these tags on supported resources. While the rule does not support all
resources, it ensures that key resources, such as
AWS::CloudFormation::Stack
, will inherently apply tags to the resources they create. For more information, refer to the config rule required-tags.
Default Mandatory Tags
The mandatory tags all begin with a capital letter, but the underlying code property is lowercase. The mandatory tags include:
Owner
- Identifies the team or individual responsible for the resource.Project
- Specifies the project to which the resource belongs.Environment
- Defines the environment of the resource, such asdevelopment
,staging
, orproduction
.
The DLZ construct will automatically apply the following tags to all resources it creates:
Owner
:infra
Project
:dlz
Environment
:dlz
These tag values can be customized by providing an array of values for each tag in mandatoryTags
.
Note that while the code property is lowercase, the tags created will follow the capitalized format outlined above.
Additional Mandatory Tags
Additional mandatory tags can be added to the Data Landing Zone construct by specifying the additionalMandatoryTags
property.
Activate Cost Allocation Tags
To activate Cost Allocation Tags, you need to either locally run the configureCostAllocationTags
script, as
outlined in Scripts and Commands, or enable them through the AWS Management Console.
This step is essential for utilizing tags in AWS Cost Explorer and applying them as filters when setting up AWS Budgets.