We all have had this scenario: You have something that needs urgent testing, maybe a new build, perhaps a user data addition that you need to tweak before the next prod release. What do we do? We fire up an Amazon Elastic Compute Cloud (Amazon EC2) instance and begin testing. That’s the beauty of the AWS cloud — you can quickly experiment. But sometimes these resources don’t get terminated, and then they pile up and accumulate costs — costs that could be easily avoided.
When I started dabbling with the cloud, I didn’t spare two thoughts about tags. Sure, they sounded great, but I never used them personally. Then, I became a cloud architect and realized the potential chaos that untagged Amazon EC2 resources created in my environment. I had resources that I couldn’t sort by project, by team, or even by environment. I’m sure many of you can relate to looking at your Amazon EC2 instances and not being able to figure out what belongs to which project. Everything could be solved if I just knew that Amazon EC2 had been provisioned and was not running the tags that were deemed mandatory.
This scenario is why nOps’ newest feature is such a miracle worker. Now, with a custom Amazon EC2 tag violation rule included in nOps’ rules, customers can be instantly alerted if there is a resource provisioned that does not have tags listed. It also enables you to view crucial information such as the instance details, who provisioned the instance, the current usage of the resource, as well as network details that make it much easier to track down the provisioner and get tags added.
Monitoring for tag compliance is the most effective way to ensure compliance for your cloud environments. If your organization doesn’t enforce proper tagging policies, eventually no one will know who originally launched the resources and for what purpose.
With nOps’ flexible tag-violation configuration, you will receive real-time notifications if newly launched resources violate the tag policy. Let’s say someone launches an instance with no Name tag, or the value is empty or doesn’t contain a particular string. You’ll get a real-time notification indicating who launched the resource. Engineers can still experiment fast, and IT can trace back every single resource — a win-win for your company.
Using nOps’ Amazon EC2 tag violation rule, our customers have gained more fine-tuned visibility of the resources being set up in their accounts — the minute they are provisioned — saving thousands of dollars on resource costs.
How to use nOps’ Tag Violation Rule
- Sign in to the nOps dashboard and navigate to Rules > nOps Rules. It will show you the different rules categorized under the various pillars of the AWS Well-Architected Framework.
- Click on the tab with the name Operations. After clicking on the tab, it will show the list of tag violation rules for different resources, ranging from Amazon EC2 to Amazon Elastic Block Store (Amazon EBS) to Amazon Virtual Private Cloud (Amazon VPC). In this blog, we are focused on Amazon EC2. As shown below, we can see that two Amazon EC2 instances have tag violations.
- Click on the Amazon EC2 instances with tag violations shown in the list on the Operations tab.
- You will then see details on the two Amazon EC2 instances that violate the tag rules, with their instance ID, region, and instance type.
- To enable the rule, go to the “Available nOps Rules” tab in nOps Rules and click on the “Tag Violation Check” rule.
- Once enabled, the rule will appear on the “Applied nOps Rules” tab with a summary of all resources that violate the rule.
- Clicking on the rule in the “Applied nOps Rules” tab, you will be able to see, in detail, the number of resources and for which tag configurations these violations occur.
- To customize this rule to fit the unique naming convention of your tags, you can configure the tags on the Rule Configuration page.
- Once enabled, you can configure your nOps account to receive email or Slack alerts on newly created resources that violate the rule.
Frequently asked questions:
Q. What is Amazon EC2?
A. Amazon EC2 is Amazon Elastic Compute Cloud, a web service that provides secure, resizable compute capacity in the cloud.
Q. What is an Amazon EC2 resource tag?
A. An Amazon EC2 resource tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define, to make it easier to manage, search for, and filter resources. Tags enable you to categorize resources by purpose, owner, environment, or other criteria.
Q. Why should I tag my Amazon EC2 instances?
A. Tagging helps you to identify each resource. It also helps you to group related resources and can be valuable in executing a grouped operation in a set of Amazon EC2 instances.
Q. How do you create an Amazon EC2 tag?
A. You can tag instances and volumes on creation using the Amazon EC2 Launch Instances wizard in the Amazon EC2 console. Or, you can use the resource-creating Amazon EC2 APIs (for example, RunInstances) to apply tags when creating your resource.
Q. What types of Amazon EC2 resources can be tagged?
A. Here is a link to a table that lists the Amazon EC2 resources that support tagging: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-ec2-resources-table
Q. Can you terminate, stop, or delete an Amazon EC2 resource based solely on its tags?
A. No, you must specify the resource identifier to do so. A resource identifier (such as
snap for a snapshot) is followed by a hyphen and a unique combination of letters and numbers. You can, however, filter a list of Amazon EC2 resources based on tags.
Q. How can you view existing Amazon EC2 resource tags?
A. Use the Amazon EC2 console to apply or remove tags from one or more resources at a time, and to see:
- Which tags are in use across all your Amazon EC2 resources in the same Region.
- Tags by resource and resource type.
- How many items of each resource type are associated with a specified tag.
Want to start gaining sharper visibility to resources running unchecked in your account and see how much you can save? Click here to get started with a free 14-day trial of nOps (or click here to sign in to nOps if you’re already a user) and review untagged Amazon EC2 resources in your account by navigating to Rules -> nOps rules -> Operations. The Amazon EC2 resources without tags can then be viewed and checked for more details.