Ensure that user-defined tags are being used for labeling, collecting, and organizing cloud resources within your Microsoft Azure account. User-defined tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple cloud resources. Trend Cloud One™ – Conformity recommends the following tagging schema to help you identify and manage your Azure resources:
- Name: used to identify individual cloud resources.
- Role: used to describe the function of a specific resource (e.g. web tier, app tier, and database tier).
- Environment: used to distinguish between different stages (e.g. development, staging, and production).
- Owner: used to identify the person responsible for the cloud resource.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
efficiency
optimisation
excellence
As your Microsoft Azure cloud environment is becoming more and more complex, it requires better management strategies. Using a tagging schema can help you gain more visibility across your Azure cloud resources and organize them more efficiently. You can use tags for different scenarios such as tracking resource owners and their stack level, identify which resources are incurring the highest costs, and filter available resources based on a particular deployment stage.
Note: As example, this conformity rule uses Microsoft Azure virtual machines as cloud resources for tagging in order to demonstrate how to implement a tagging schema like the one listed above. You can use the same steps to search and/or assign tagging schemas for other Azure cloud resource types.
Audit
To determine if your Azure virtual machines are using the recommended tagging schema, perform the following operations:
Remediation / Resolution
To implement the recommended tagging schema for your Microsoft Azure virtual machines (VMs), perform the following operations:
References
- Azure Documentation
- Resource naming and tagging decision guide
- Use tags
- Azure Command Line Interface (CLI) Documentation
- az vm
- az vm list
- az tag
- az tag list
- az resource
- az resource tag