Bot of the Week: Tagging Audit Bot
This bot inspects cloud resources to validate that they are tagged with appropriate key/value pairs (e.g., “Environment: Production”). The policy can be applied as a global policy, or fine-tuned to accommodate for different strategies per cloud/account/resource-type/etc.. The definition and enforcement of tagging standards to organize your cloud infrastructure can dramatically improve visibility, compliance, charge/show back, and taxonomy across your entire footprint. Combined with DivvyCloud Bots, tags form the foundation for policy automation and operational compliance at scale.
Why do I care?
Tagging instances and resources in the cloud is a vital step in defining how your public, private or hybrid cloud environments will operate. Because components of cloud infrastructure are software-defined, these “virtual” resources can very easily sprawl out of control, resulting in run-away costs, security holes and lack of accountability. Tagging allows resources to be quickly labeled and categorized, creating a standard for organizing your cloud. Tags can be created to identify the environment, cost center, resource owners, projects, security levels, and almost any other attributes that are important to your operating model.
Our Tagging Audit Bot ensure all resources are tagged appropriately with valid values, ensuring things don’t get lost in dynamic cloud environments. Tagging has become so critical to cloud management that AWS recently increased its maximum number of tags per resource from 10 to 50 to meet customer demands (which is a good thing since their published tagging strategy requires at least 20 tags!).
With new clients, we often run the Tagging Audit Bot first thing to show how much of their infrastructure is “undefined”. By quickly implementing a basic tagging strategy, the customer can finally get actionable data on their cloud environments.
The cloud is not a datacenter
Unlike the traditional datacenter, the cloud is a dynamic and ever-changing environment that has the ability to morph and transform at will. Cloud self-service provisioning allows users with various positions, departments and skill levels to access and change the cloud environment as they see fit. All this considered, the cloud cannot be treated like a physical datacenter where you can actually attach a physical tag or label. Overtime the cloud becomes increasingly unorganized and insecure, resulting in wasted resources and vulnerabilities.
Next Level: Tagging Strategy
Once all resources are labelled, creating processes and automation around those tags becomes simple and can make operating in the cloud dramatically more efficient. AWS provides a comprehensive strategy for tagging on their site that describes how tags can be used to categorize resources. With BotFactory, we allow users to create and automate actions according to the tags used. For instance, Scheduled Instances Bot can automate shut down at 5:00 P.M. to 9:00 A.M for resources tagged as “Environment: Dev” or “Schedule: 9-5”. Another set of tags can identify resource that need special compliance standards such as HIPAA or SOX with associated data encryption or data sovereignty requirements. All of our 100+ Standard Bots, and any user configured Bots can leverage tags used on your cloud resources.
Our team has learned from the cloud’s earliest enterprise adopters. These organizations were tasked with moving thousands of instances to the cloud while keeping their data protected and their costs under control. DivvyCloud customer General Electric uses tags for it’s Reaper Bot to scan the environment to make sure all assets in the cloud are attached to an application (learn more in the video Q&A). Similarly, Discovery Communications has used Tagging Bots during their migration process to the cloud (video Q&A). Bots have helped both companies minimize their costs while maintaining order and compliance in the their infrastructure.