Using AWS tags to control deployment sprawl
Possible structural profiles that can benefit from AWS tags
- Environment-based tags can be used by customers with larger AWS footprints. These tags will help you quickly distinguish between resources that are part of your production, development, or staging infrastructure.
- Application-based tags can be used to describe the set of disparate resources (or clusters) that work together to deliver a particular product or service. Such tags can also make sense for resource identification in smaller environments.
- Role-based tags are used to describe either the function or owner of a particular node (web server, database server, load balancer, etc). Such tags are appropriate for smaller deployments.
How AWS tags help
Here’s one obvious scenario. Imagine an operation providing multiple separate applications served through dozens or hundreds of EC2 instances along with the accompanying environment infrastructure.
Just keeping track of your ongoing billing costs can be a headache. Ask yourself these questions: Which AWS resources (instances, volumes, snapshots…) are actually in use and which are currently lying idle or detached? Which Tiers or environments are incurring the highest costs? Should this be changed? Which business unit is exceeding their AWS cost allocations?
Tags can help. Being able to visually or programmatically identify resources by descriptive tags can make it much easier to understand both their purpose and provenance. If you know what a resource is supposed to be doing, then you’re in a much better position to quickly assess and, if necessary, adjust its costs. Tagging is a simple but essential feature that helps us reduce and control costs by improving the way we understand what’s really going on.
AWS Tags: in detail
Each AWS tag consists of a key and a value, both of which can be defined by the user. Not every AWS service permits customer-defined tags for every service, and some that do can only be tagged only using API Command Line access. The following Screen Shot shows the current tag-status of AWS resources. Resources with tagging restrictions of “None” can be tagged with API actions, the CLI, and the console.
The following diagram illustrates how tagging works:
In this example, I am assigning two tags to each of my EC2 instances, one called Owner and another called Stack. Each of the tags also has an associated value.
Owner = Nitheesh, Stack = Production
You can define AWS tags from the EC2 console by selecting the relevant instance and selecting the “Tags” option. Alternatively, you can select the instance, click “Actions” and select “Add/Edit Tags.”
AWS Tagging limitations and cost leakage
Currently, AWS Tags have important limitations. For example, a tag associated with a single AWS resource will apply only to that resource and is not automatically propagated to dependent attached resources.
For example, imagine an EC2 instance whose dependent resources include devices like EBS volumes, Security Groups, and Snapshots. A simple RAID configuration could involve as many as eight EBS Volumes and an unmanageable number of snapshots. But none of these dependent devices will automatically inherit their parent’s tags.
Now imagine how this might look if you’re running thousands of EC2 instances. You’ll have to find each EBS volume associated with a particular instance and individually tag it. Managing this is easier said than done, and the slightest typing error can lead to significant cost leakage.
What if there was a tool to automate tagging for dependent AWS resources? It will surely reduce a great deal of manual labor, and help us identify and, if necessary, remove all dependent resources along with a newly redundant EC2 instance. This would avoid leakages and reduce the cost of cloud operations in very dynamic AWS environments.
Welcome to Graffiti Monkey
There is just such a tool. Graffiti Monkey goes around tagging things automatically. By looking at the tags of an EC2 instance, it copies those tags to all attached EBS Volumes and copies those tags to the EBS Snapshots as well. This small automation reduces hours of manual labor on large AWS deployments, helping us efficiently manage our cloud infrastructure and reduce the cost leakages.
Step 1: Installing Graffiti Monkey
Step 2: Using Graffiti Monkey
graffiti-monkey --region ap-southeast-2 --verbose
Content Roadmap: AZ-500, ITIL 4, MS-100, Google Cloud Associate Engineer, and More
Last month, Cloud Academy joined forces with QA, the UK’s largest B2B skills provider, and it put us in an excellent position to solve a massive skills gap problem. As a result of this collaboration, you will see our training library grow with additions from QA’s massive catalog of 500+...
DevSecOps: How to Secure DevOps Environments
Security has been a friction point when discussing DevOps. This stems from the assumption that DevOps teams move too fast to handle security concerns. This makes sense if Information Security (InfoSec) is separate from the DevOps value stream, or if development velocity exceeds the band...
Test Your Cloud Knowledge on AWS, Azure, or Google Cloud Platform
Cloud skills are in demand | In today's digital era, employers are constantly seeking skilled professionals with working knowledge of AWS, Azure, and Google Cloud Platform. According to the 2019 Trends in Cloud Transformation report by 451 Research: Business and IT transformations re...
Disadvantages of Cloud Computing
If you want to deliver digital services of any kind, you’ll need to estimate all types of resources, not the least of which are CPU, memory, storage, and network connectivity. Which resources you choose for your delivery — cloud-based or local — is up to you. But you’ll definitely want...
Google Cloud vs AWS: A Comparison (or can they be compared?)
The "Google Cloud vs AWS" argument used to be a common discussion among our members, but is this still really a thing? You may already know that there are three major players in the public cloud platforms arena: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)...
Deployment Orchestration with AWS Elastic Beanstalk
If you're responsible for the development and deployment of web applications within your AWS environment for your organization, then it's likely you've heard of AWS Elastic Beanstalk. If you are new to this service, or simply need to know a bit more about the service and the benefits th...
How to Use & Install the AWS CLI
What is the AWS CLI? | The AWS Command Line Interface (CLI) is for managing your AWS services from a terminal session on your own client, allowing you to control and configure multiple AWS services and implement a level of automation. If you’ve been using AWS for some time and feel...
Cloud Academy’s Blog Digest: July 2019
July has been a very exciting month for us at Cloud Academy. On July 10, we officially joined forces with QA, the UK’s largest B2B skills provider (read the announcement). Over the coming weeks, you will see additions from QA’s massive catalog of 500+ certification courses and 1500+ ins...
AWS Fundamentals: Understanding Compute, Storage, Database, Networking & Security
If you are just starting out on your journey toward mastering AWS cloud computing, then your first stop should be to understand the AWS fundamentals. This will enable you to get a solid foundation to then expand your knowledge across the entire AWS service catalog. It can be both d...
How to Become a DevOps Engineer
The DevOps Handbook introduces DevOps as a framework for improving the process for converting a business hypothesis into a technology-enabled service that delivers value to the customer. This process is called the value stream. Accelerate finds that applying DevOps principles of flow, f...
AWS AMI Virtualization Types: HVM vs PV (Paravirtual VS Hardware VM)
Amazon Machine Images (AWS AMI) offers two types of virtualization: Paravirtual (PV) and Hardware Virtual Machine (HVM). Each solution offers its own advantages. When we’re using AWS, it’s easy for someone — almost without thinking — to choose which AMI flavor seems best when spinning...
AWS Machine Learning Services
The speed at which machine learning (ML) is evolving within the cloud industry is exponentially growing, and public cloud providers such as AWS are releasing more and more services and feature updates to run in parallel with the trend and demand of this technology within organizations t...