Skip to main content

The GDS Way and its content is intended for internal use by the GDS and CO CDIO communities.

Tagging AWS resources

We use AWS for hosting. Most AWS resources support tagging.

This manual documents our efforts with tagging. In time, it may be upgraded to a standard.

Why tag?

The main reasons for tagging are:

  • to be able to understand costs (by assisting queries in Cost Explorer)
  • to understand the provenance of resources (by tagging with metadata about source code)
  • security and assurance

Currently, we care most about understanding costs.

It’s not always clear to a developer what impact their work has on AWS costs.

If resources are consistently tagged as part of a particular directorate, programme, product, component, team, and environment, it becomes much easier to understand how much money is being spent in each particular context.

AWS Cost Explorer supports using cost allocation tags to filter and group resources.

Note that using AWS Organizations to tag accounts does not help here, because account-level tags are not supported for querying in Cost Explorer.

Alerting and enforcement

Currently, we do not enforce tags.

In future, we may wish to consider mechanisms such as alerting on untagged resources, or automatically deleting untagged resources.

Tags used in GOV.UK Sign In

GOV.UK Sign In is using the following tags:

Mandatory

  • Product: should be GOV.UK Sign In
  • System: the name of the software system, for example Authentication or Identity proofing and verification core. Avoid abbreviations.
  • Environment: should be one of production, staging, integration, or development.
  • Owner: an email address for an owner for the resource. For dev environments, this will be an individual email address; elsewhere it will be a group address.

Optional

  • Service: used to describe the function of a particular resource (for example: account management, session storage, front end)
  • Name: a name for this particular resource. This should be unique within a deployment (terraform deployment, cloudformation stack, etc)
  • Source: the URL(s) for any source code repositories related to this resource, separated by spaces

References

This is based on:

This page was last reviewed on 16 February 2022. It needs to be reviewed again on 16 August 2022 by the page owner #gds-way .
This page was set to be reviewed before 16 August 2022 by the page owner #gds-way. This might mean the content is out of date.