Use Cloud Custodian to solve the missing tag problem for newly created resources

Tag your cloud resources using auto-tag-user action item

Organizations have acknowledged that they have a known problem where resources in the public cloud are not tagged as per the established resource tagging policy. The reason for this includes the developers accidentally forgetting to tag, not taking it seriously, too many resources to tag, it’s not easy, it takes too much effort, re-using templates from peers to stand up their infrastructure, and more. All this leads to a continued trend of missing tags.

To solve this problem, we can divide the resources into 2 parts — existing resources and newly created resources (also called on-creation). Cloud Custodian is the best-in-class tool to take action on the public cloud resources that are missing tags using auto-remediation.

Important points to remember-

1. Ensure Cloud Custodian supports the auto-tag-user action item for that specific resource.

2. Cloud Custodian looks at the cloud trail events (as it happens) to know the owner or principalId tag.

3. Applies to only newly created resources. In other words, when you launch an instance or create a bucket, Cloud Custodian can see the cloudtrail events and take action to do…