Resource tags
Resource tags are used to provide metadata or descriptive information for Azure resources; metadata is a way to describe data; think of it like a sticky note, comments in a document, or a tooltip – a sticky label that provides further information on the object it is describing. This is why it’s called a tag.
Resource tags can be created via the Azure portal, PowerShell, the Azure CLI, ARM templates, or the REST API; they can also be managed via Azure Policy (which we will cover in the Azure Policy section of this chapter). Up to 15 resource tags for each resource can be created, and there is no automatic inheritance by resources; if a tag is set at the resource group level, the resource tag only applies to the resource it is attached to; this may be useful if we want to group things logically by a resource group, but have a way to independently label the resource with metadata that is not tied to a resource group or subscription.
Each resource tag consists of a tag name and tag value, which forms a key-value pair; you can define the name and value as you wish. This can be seen in the following diagram:
Figure 9.1 – Resource tags
This data can then be used to logically organize all the resources that share the same values; resource tags can be used to take action or enforce a policy on all resources that share the same resource tags or are flagged with the same values. The following are some common use cases for tags:
- Billing information: Cost center, billing ID, project ID, team, business unit, region, and so on
- Ownership information: Department or team, named point of contact, stakeholder, and so on
- Purpose information: Environment (dev, test, stage, or prod), application name, and so on
- Classification and compliance information: SLA, confidentiality marking, region, compliance standard, and so on
One of the most common use cases for tags will be to capture billing information for cost management purposes; a cost center/project/team tag could be used where you wish to use a show-back, charge-back for granular cost reporting for resources consumed within a subscription. Resource tags appear in the CSV export of an Azure bill so that the resource tag column can be filtered on and used with automation.
In this section, we looked at tagging Azure resources to create a taxonomy for governance. The following section looks at resource locks.