Tagging Rules

The Tag Rules report allows you to more easily enforce your tagging policy across your AWS deployment.  You can create rules that will ensure your running resources contain specific tag keys and values.  CloudCheckr will run these rules against your Detailed Billing Report and show you each resource that is not adhering to your rule(s) within the Improperly Tagged Resources report.

Creating Tag Rules

The Tagging Rules report can be found in the menu within Cost > Tags (from Detailed Billing).

To create a new rule:

  • Click thenewrule button (right-side of the page)
  • Give your rule a name (This name will be used when reporting on the improperly tagged resources, so name it appropriately)
  • Define your tag rules
  • Process/Reprocess the Detailed Billing Report for the month upon which the rules should apply

Tag Keys and Values

Each tag rule must have a Tag Key defined. You can only enter one Tag Key within the “Tag Key” text box. If you would like to create a rule that looks for multiple tag keys simply click to “Add another tag”.

Tagging Rules provide flexibility around matching tag values. Enter one or more tag values into the “Tag Values” text box. Separate multiple values using a comma.

Alternatively, you can check the “Require Any Tag Value” checkbox and CloudCheckr will compare your resources against only the tag key.

 

Example 1:

ex1

When comparing your resources versus this rule:

  • Any resource that does NOT have the “Environment” Tag Key will be flagged
  • Any resource that has “Environment” as its Tag Key, but does NOT have “Production” as its Tag Value will be flagged

 

Example 2:

ex2

When comparing your resources versus this rule:

  • Any resource that does NOT have the “Environment” Tag Key will be flagged
  • Any resource that has “Environment” as its Tag Key, but does NOT have “Production”, “QA”, or “Development” as its Tag Value will be flagged

 

Example 3:

ex3

When comparing your resources versus this rule, any resource that does NOT have the “Environment” tag key will be flagged.

Rule Refinement

In addition to Tag Keys and Values rules can be further refined. To refine your rules simply choose, from either the Region, Resource Type and/or Account list(s), what criteria you would like to run your rule against.

Click the binoculars icons to pull up the complete list of options. This will provide you with search capabilities on the lists and makes managing these lists easier.

Once you have decided on your rule, click the Create Rule button at the bottom of the page.  You can add as many rules as you’d like to your account.


Improperly Tagged Resources Report

CloudCheckr will apply Tagging Rules to your account billing information whenever the Detailed Billing Report is processed or Reprocessed.  Resources that both adhere to and fail to tagging rules are published here.

itr

You can apply filters to this report with combinations of Rule, Resource Type, and AWS Account ID.  In addition, you can also choose to view the current resources that fail the selected rule (existing violations), or view assets previously improperly tagged, but have since been resolved.

The resulting table displays items that can be expanded.  Expanding a resource displays information on the broken tagging rule, the exception to the rule, as well as Date/Time stamp of discovery and repair.  The table can also be exported to a csv file.

details

Finally, within Email Settings you can enable a daily Improperly Tagged Resources email.