Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in TrendAI Vision One™ Cloud Risk Management. For details, please refer to Upgrade to TrendAI Vision One™
Logo of TrendAI
Use the Knowledge Base AI to help improve your Cloud Posture

Check for Cost Allocation Tags

TrendAI Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1400 automated best practice checks.

Risk Level: Low (generally tolerable level of risk)
Rule ID: OCI-ObjectStorage-005

Ensure that cost allocation tags are used for labeling, organizing, and budget tracking your OCI Object Storage buckets. In Oracle Cloud Infrastructure (OCI), resource tags are simple key-value pairs assigned to cloud resources for simplified organization, management, and budgeting.
For robust cost allocation and tracking, TrendAI Vision One™ Cloud Risk Management recommends the following tagging schema:

  • CostCenter: used to allocate and track cloud spending to a specific financial entity.
  • Project: used to identify individual projects consuming the resource.
  • Environment: used to distinguish between different stages (e.g., Development, Staging, and Production).
  • Owner: used to identify the person responsible for the cloud resource.
  • BillingCode: used to identify the formal code used by the finance department to categorize and charge the expense.
Cost
optimisation

By leveraging a structured tagging schema on your Oracle Cloud Infrastructure (OCI) Object Storage buckets, you enable granular cost allocation and budget tracking. This process provides enhanced operational visibility, allowing you to efficiently query and filter buckets based on crucial metadata dimensions, such as owner, environment, and cost attribution.

Audit

To determine if your Oracle Cloud Infrastructure (OCI) Object Storage buckets are using cost allocation tags, perform the following operations:

Using OCI Console

  1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

  2. Navigate to Object Storage & Archive Storage console available at https://cloud.oracle.com/object-storage/.

  3. In the left navigation panel, choose Buckets, and select an OCI compartment from the Compartment dropdown menu available next to Applied filters, to list the Object Storage buckets available within that compartment.

  4. Click on the name (link) of the bucket that you want to examine, listed in the Name column.

  5. Select the Tags tab to access the resource tags defined for the selected bucket. There are two types of resource tags: defined tags and free-form tags. A defined tag is a structured key-value metadata with enforced policies and namespace, that has the following format: \<tag-namespace\>.\<tag-key\>:\<tag-value\>. A free-form tag is a simple key-value metadata with no structure or namespace enforcement, with the following format: \<tag-key\>:\<tag-value\>.

  6. Choose the Defined tags/Free-form tags tab, and search for the following combination of tag keys (\<tag-key\>): CostCenter, Project, Environment, Owner, and BillingCode. If the Defined tags/Free-form tags list does not contain the specified combination of tag keys, the selected Oracle Cloud Infrastructure (OCI) Object Storage bucket is not using cost allocation tags.

Using OCI CLI

  1. Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account:

    oci iam compartment list
	--all
	--include-root
	--query 'data[]."id"'

  2. The command output should return the requested OCI compartment identifiers (OCIDs):

    [
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.compartment.oc1..abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

  3. Run os bucket list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, the list the name of each Object Storage bucket available in the selected OCI compartment:

    oci os bucket list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--all
	--query 'data[]."name"'

  4. The command output should return the requested bucket names:

    [
	"cc-project5-data-bucket",
	"cc-cloud-artifacts-bucket"
]

  5. Run os bucket get command (Windows/macOS/Linux) to describe the resource tags (defined tags and free-form tags) defined for the specified OCI Object Storage bucket:

    oci os bucket get
	--bucket-name 'cc-project5-data-bucket'
	--query 'data.["defined-tags","freeform-tags"]'

  6. The command output should return the resource tags used by the selected bucket:

    [
	{
		"Project": "Project5"
	},
	{
		"Oracle-Tags": {
		"CreatedBy": "Sydney Dev Team"
		}
	}
]

    In Oracle Cloud Infrastructure (OCI), there are two types of resource tags: defined tags and free-form tags. A defined tag is a structured key-value metadata with enforced policies and namespace, that has the following format: "\<tag-namespace\>": {"\<tag-key\>": "\<tag-value\>"}. A free-form tag is a simple key-value metadata with no structure or namespace enforcement, with the following format: "\<tag-key\>": "\<tag-value\>". Check each tag key returned by the os bucket get command output (e.g., "Project") for the following combination of tag keys: "CostCenter", "Project", "Environment", "Owner", and "BillingCode". If the command output does not return the specified combination of tag keys, the selected OCI Object Storage bucket is not using cost allocation tags.

Remediation / Resolution

To implement cost allocation tags for your Oracle Cloud Infrastructure (OCI) Object Storage buckets, perform the following operations:

Using OCI Console

  1. Sign in to your Oracle Cloud Infrastructure (OCI) account.

  2. Navigate to Object Storage & Archive Storage console available at https://cloud.oracle.com/object-storage/.

  3. In the left navigation panel, choose Buckets, and select an OCI compartment from the Compartment dropdown menu available next to Applied filters, to list the Object Storage buckets available within that compartment.

  4. Click on the name (link) of the bucket that you want to configure, listed in the Name column.

  5. Select the Tags tab, choose Add, and perform the following actions to create the recommended cost allocation tags for the selected Object Storage bucket:

    1. For Namespace, select a tag namespace from the dropdown list to add a defined tag or select None (freeform tag) to add a free-form tag. A defined tag is a structured key-value metadata with enforced policies and namespace. A free-form tag is a simple key-value metadata with no structure or namespace enforcement.
    2. For Key, choose a cost allocation tag key that's associated with the selected tag namespace if you are adding a defined tag, or type CostCenter, Project, Environment, Owner, or BillingCode in the tag key box if you're adding a free-form tag.
    3. For Value, enter the tag value for the chosen cost allocation tag key.
    4. Choose Add tag and make sure that each cost allocation tag (i.e., CostCenter, Project, Environment, Owner, and BillingCode) is defined.
    5. Choose Add tags to apply the recommended cost allocation tags to your OCI resource.

Using OCI CLI

  1. Run os bucket update command (Windows/macOS/Linux) to add cost allocation tags (free-form tags) to the specified OCI Object Storage bucket. A free-form tag is a simple key-value metadata with no structure or namespace enforcement. Make sure that you include any existing free-form tags to the --freeform-tags parameter value:

    oci os bucket update
	--bucket-name 'cc-project5-data-bucket'
	--freeform-tags '{"BillingCode":"P5009","Project":"Project5"}'

  2. Type Y and press Enter for confirmation:

    WARNING: Updates to defined-tags and freeform-tags will replace any existing values. Are you sure you want to continue? [y/N]: Y

  3. The command output should return the configuration information (including tags) available for the modified bucket:

    {
	"data": {
		"approximate-count": null,
		"approximate-size": null,
		"auto-tiering": "Disabled",
		"compartment-id": "ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"created-by": "ocid1.user.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"defined-tags": {},
		"etag": "abcd1234abcd1234abcd1234abcd1234",
		"freeform-tags": {
			"BillingCode": "P5009",
			"Project": "Project5"
		},
		"id": "ocid1.bucket.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"is-read-only": false,
		"kms-key-id": null,
		"metadata": {},
		"name": "cc-project5-bucket",
		"namespace": "abcd1234abcd",
		"object-events-enabled": false,
		"object-lifecycle-policy-etag": null,
		"public-access-type": "NoPublicAccess",
		"replication-enabled": false,
		"storage-tier": "Standard",
		"time-created": "2025-12-01T17:41:13.541000+00:00",
		"versioning": "Disabled"
	},
	"etag": "abcd1234abcd1234abcd1234abcd1234"
}

  4. Run os bucket update command (Windows/macOS/Linux) to add cost allocation tags (defined tags) to the specified OCI Object Storage bucket. A defined tag is a structured key-value metadata with enforced policies and namespace. Make sure that you include any existing defined tags to the --defined-tags parameter value:

    oci os bucket update
	--bucket-name 'cc-project5-data-bucket'
	--defined-tags '{"Cost":{"BillingCode":"P5009"}}'

  5. Type Y and press Enter for confirmation:

    WARNING: Updates to defined-tags and freeform-tags will replace any existing values. Are you sure you want to continue? [y/N]: Y

  6. he command output should return the configuration information (including tags) available for the modified bucket:

    {
	"data": {
		"approximate-count": null,
		"approximate-size": null,
		"auto-tiering": "Disabled",
		"compartment-id": "ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"created-by": "ocid1.user.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"defined-tags": {},
		"etag": "abcd1234abcd1234abcd1234abcd1234",
		"defined-tags": {
			"Cost": {
				"BillingCode": "P5009"
			}
		},
		"id": "ocid1.bucket.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"is-read-only": false,
		"kms-key-id": null,
		"metadata": {},
		"name": "cc-project5-bucket",
		"namespace": "abcd1234abcd",
		"object-events-enabled": false,
		"object-lifecycle-policy-etag": null,
		"public-access-type": "NoPublicAccess",
		"replication-enabled": false,
		"storage-tier": "Standard",
		"time-created": "2025-12-01T17:41:13.541000+00:00",
		"versioning": "Disabled"
	},
	"etag": "abcd1234abcd1234abcd1234abcd1234"
}

  7. Repeat steps no. 1 - 6 for each recommended cost allocation tag, i.e., CostCenter, Project, Environment, Owner, and BillingCode.

References

Publication date Dec 7, 2025

Related OCI-ObjectStorage rules