Designing Tagging Strategy for Microsoft Azure - Part 5 - Combining strategies

@20aman    Oct 14, 2021

This blog is a part of the Designing Tagging Strategy for Microsoft Azure series. You can find the Index of this series here: Designing Tagging Strategy for Microsoft Azure.

Combining strategies

In the previous few posts, we looked at individual tagging strategies. In this post, we will combine those strategies to build a custom tagging strategy for your environment. The combination looks at defining the tags at a higher level and then inheriting these tags at the resources under that level. This means that this combination tagging strategy will employ the following:

  1. Applying highest level tags at the Subscription level and then inheriting those at the lower levels
  2. Applying the group level tags at the Resource Group level and then inherit those at the individual resources
  3. Applying specific tags at the individual resource level
  4. Enforcing other tagging related standards
  5. Auto calculate and apply tags (as many as you can)

Let's look at these in detail.

1. Planning tags at the subcription level

You want to apply the tags at the subscription level that are generic to the whole subscription. One example could be a tag for the Environment i.e. Dev, Test, Prod, etc. If you deploy different subscriptions for different environments then it is an easy one that you can apply in your environment.

2. Planning tags at the resource group level

Generally, you will want to group your resources by the department and a specific application within that department. Whatever is your grouping choice based on, you can have those tags planned for the resource group level and then inherit these automatically at the resource level. E.g. DepartmentName, ApplicationName, ApplicationOwner, etc. can be applied at the resource group level and then inherited below.

3. Planning tags at the resources level

There will be some information that needs to be tagged at the individual resource level. A couple of examples of this are:

  • BusinessCriticality - criticality of the resource based on the business requirements
  • UpdateDate - Timestamp when a resource is updated

4. Enforce the tagging standards

If you have any standards you want to enforce for the tagging you can do that directly within the Azure policy as well. E.g. for the ApplicationOwner Tag i.e. the owner of the application related to the resource deployed should be an email id. You can enforce this easily via an Azure policy.

You can also have naming conventions that you can enforce. Or you can have a set of values that you can have the tag value adhere to.

We will look at these in upcoming blogs.

5. Auto calculate and apply tags

Whenever you can you should try to auto calculate and apply the tags in an automated fashion. Some examples include:

  • This could be based on the name of the resource group if you have a naming convention defined for a resource group (by using substring on the resource group name).
  • Another use case could be calculating date time. You can leverage utcNow() and substring() functions to find date time as per your formatting standards.

We will look at these in detail in upcoming posts.

Complete Policy Samples on GitHub

You can find the complete policy samples on the GitHub in my policy samples repository here: AzurePolicySamples - Tagging.

Comments powered by Disqus