If your organization is using Azure for your cloud infrastructure, as with any other cloud vendor, you’ll need to have a governance strategy to keep your resources organized.
Tags are one of the most helpful tools. When implemented correctly, tags are the way you label and categorize resources, and then track how much they are costing you each month. The earlier your organization can align on a tagging strategy, the less clean-up work you’ll need to do later.
So let’s start at the top.
What Are Azure Tags?
Azure tags are user-defined metadata consisting of a key-value pair that includes a name and a value. Adding tags to Azure resources helps you locate those resources within the console. Organizations use tags to help report costs associated with different projects using the same Azure cloud account. Admins can also use tags to support role-based permissions within specific environments or virtual machines (VMs).
It’s possible to assign up to 50 tags to an individual resource. The maximum character length is 512 for keys and 256 for values. Tags in Azure are not case-sensitive. In addition, you should avoid using the following special characters:
You can customize tags to fit whatever needs your organization has and however you would prefer to label resources. These are some of the most common tag categories:
- Tags for “CostCenter” to help report on your cloud spending
- Tags for which “Team”, “Department”, or “Project” is related to the resource
- Tags for “Environment” or “Status” describing the resource
Keep in mind that there is no support for tagging on resources deployed using the classic deployment model. If you have resources using that deployment model, they will need to migrate to the new Azure Resource Manager.
Adding Tags to Azure Resources
You can add tags to specific Azure resources through Azure Portal or execute an automation script using Azure PowerShell. Below is an example of issuing a PowerShell command to add tags to a storage account:
Users can use the same command to add tags to resource groups or subscriptions. Below is an example of adding a tag to a resource group:
Enforcing Mandatory Tags with Policies in Azure
There are various policy definitions available to automatically enforce tagging within Azure. Using them helps your organization avoid the problem of users deploying resources without required tags.
Below is an example of a policy definition for enforcing mandatory tags within Azure.
After your organization has implemented a policy like this for the tags you want to mandate, then users wouldn’t be able to deploy resources that are missing those tags.
Locating Untagged Azure Resources
If you have resources that were deployed prior to those policies being established, you’ll need to locate and tag any resources that are still not compliant. You can do this by executing the following script in PowerShell:
You will then see a list of any untagged resources so you can update them.
Best Practices for Mandatory Tagging in Azure
Use tag names that make it easy to identify the context for their use. For example, the name can refer to an environment, project name, or data profile. Stick to standard naming conventions to help enforce consistency across your Azure environments. Set up standards for your organization and apply them using Azure policies.
Automating Mandatory Tag Checks with Blink:
Instead of having to look up the specific command for each of these actions, you could use a low-code tool like Blink to find and fix untagged resources in a couple clicks. Blink comes with pre-built automations that make enforcing CloudOps best practices simple.
Get started and create your free Blink account today.