Azure Governance for the Modern Enterprise

Resource Lifecycle Management with Azure Tagging

Written by Michael Spenny | Jan 15, 2021 7:41:01 AM

Resource Lifecycle Management with Azure Tagging

Once a year the Discovery Channel rolls out the red carpet for one of nature’s ultimate apex predators – the great white shark. During the week viewers are treated to epic breaches, new tech and scientific discoveriesIf you’ve ever watched these shows, one activity you’ll see researchers perform is shark tagging. Tags are attached to the skin of the shark and as the shark moves about in the ocean, their location is relayed back to researchers. This provides a wealth of information about where sharks feed and breed and leads to new discoveries about shark behavior. 

In much the same way, Azure resource tags can provide a wealth of information about your cloud resources. An effective resource tagging strategy can help you answer questions like: 

  • Who created this resource? 
  • Is this resource needed anymore? We’re paying for it but I don’t see why this was created? 
  • Our Azure billing was high this month, are there resources we can get rid of? 

 

Initial planning 

Whether you have existing Azure resources provisioned or you’re just starting out, setting a governance framework and standards around resource naming conventions and tagging can add value to their adoption. 

Resource tags allow you to organize resources by assigning them a “name:value” pair.  With tags you can assign helpful meta data to your resource such as, cost center, owner, environment, etc. Because tags are merely strings of text, it’s important to define strict parameter conventions (spelling, prefix/suffix, abbreviations, etc) governing their use.  In Azure there a couple ways you can set tags on a resource, ither through the portal, via the CLI or by applying custom policies.  

Implementation 

We’ll focus for the moment on using the Azure CLI. Here are some basic tagging operations you can execute to give you a feel for the syntax.  

To assign a tag on a resource groups and query it: 

 

az group update -n seleniumrg --set tags.Owner=Bob tags.CostCenter=Marketing 

az group list --query [].tags 

The resulting json output in the CLI: 

 

In the portal: 

 

Policy Compliance  

As was mentioned earlier in this article, tagging is only as effective as it is consistent. An important strategy you’ll want to employ along with your tags is Azure Policy rules. Policies enable the enforcement of the compliance rules you define. So, for example you could say: 

  • Assign the tag “Environment:prod” by default for all resources created within specified resource group. 
  • Make the “CostCenter” and “Environment” tags mandatory for all resources of a certain type. 
  • Appending a “tagStatus:missing” tag automatically to all untagged resources. 

These are just a few examples of this powerful combination (tags and policies).  

For organizations interested in empowering innovation and agile adoption of Azure cloud services, InCycle can accelerate your efforts towards cloud resource creation governance. How are you managing your resources in Azure?  Ask yourself some simple questions: 

  • Do you know where your Azure resources are being created? 
  • Are your resource provisioning standards consistent? 
  • Are you able to audit and enforce consistent provisioning policies? 
  • Can you decommission projects with confidence? 
  • Can you recreate resources in Azure with confidence? 

If you don’t know the answers to these questions you may have cloud governance blind spots.   Download our Azure Governance Playbook today to learn more about modern governance.