Help Center/ Organizations/ Getting Started/ Using Tag Policies to Standardize Resource Tags
Updated on 2024-12-09 GMT+08:00

Using Tag Policies to Standardize Resource Tags

Scenarios

Tag policies are a type of policy that can help you standardize tags across resources in your organization's accounts. In a tag policy, you specify tagging rules applicable to resources when they are tagged. Untagged resources and tags that are not defined in the tag policy are not evaluated for compliance with the tag policy.

To standardize the usage of tags in your organization, you can create a tag policy to formulate tag rules.

The following describes how to create a tag policy and attach it to a member account.

Procedure

Step

Description

Preparations

  1. Create an organization and add a member account to the organization.
  2. Top up your account to ensure that the account is not frozen due to arrears.

Step 1: Enable the Tag Policy Type and Create a Tag Policy

Enable the tag policy type and create a tag policy.

Step 2: Attach the Tag Policy

Attach the tag policy to a member account.

Step 3: Test the Tag Policy Effect

Use the member account to test the tag policy effect.

Preparations

  1. Create an organization and add one or more member accounts to the organization. For details, see Using Organizations to Manage Multiple Accounts.
  2. Top up your account.

    Organizations is a free service. You will not be billed for using Organizations-related functions.

    Ensure that your account balance is sufficient. If your account is frozen due to arrears, you cannot perform any write operations on the Organizations console. For details about how to top up your account, see Topping Up an Account.

Step 1: Enable the Tag Policy Type and Create a Tag Policy

The following example only focuses on key parameter settings. You can retain the default values of other parameters. For more information about creating tag policies, see Creating a Tag Policy.

  1. Log in to the management console as the organization administrator or using the management account, and navigate to the Organizations console.
  2. On the Policies page, locate Tag policies, and click Enable in the Operation column.
  3. In the displayed dialog box, select the check box and click OK.

  4. Click Tag policies. The list of tag policies is displayed.

  5. Click Create Policy. The Create Tag Policy page is displayed.
  6. Set parameters for the tag policy based on the table below, and retain the default values for other parameters.

    Parameter

    Example

    Setting

    Tag Key

    ABC

    Enter the key (ABC in this example) for the tag you want to define in the tag policy.

    The tag policy will apply only to tags with this tag key.

    Tag Key Capitalization Compliance

    Selected

    Use the capitalization you specified for the tag key for compliance check.

    If you select this option, tag keys in all uppercase characters like ABC are considered compliant, and those in all lowercase characters like abc or both uppercase and lowercase characters (such as Abc) are considered non-compliant. The tag policy will prevent you from adding any non-compliant tags to your resources.

    Resource Types to Enforce

    ces:alarm

    Specify resource types to enforce the tag policy.

    Select the Prevent noncompliant operations on this tag. option and click Specify Resource Types. In the displayed dialog box, read and confirm the effects of using tag policies. Then, select resource types and click OK.

  7. Click Save in the lower right corner.

Step 2: Attach the Tag Policy

After a tag policy is bound to a member account, the member account must comply with the tag specifications defined by the tag policy when adding tags to related resources.

  1. In the tag policy list, locate the tag policy you created and click Attach in the Operation column.
  2. In the displayed dialog box, select the member account you want to attach the tag policy to and click OK.

    The SCP will be applied within 30 minutes.

Step 3: Test the Tag Policy Effect

Perform the following steps to test the tag policy effect.

  1. Log in to the management console as the member account with the tag policy attached. Access the Cloud Eye console, create an alarm rule, and add a tag to the alarm rule to check whether the tag policy is in effect.

    1. If you add the tag ABC to the alarm rule, the operation will be successful.
    2. If you add tag abc to the alarm rule, an error will be displayed, indicating that the tag is non-compliant. In this case, you need to modify the tag and try again until it becomes compliant.

      If you try to add tags that do not comply with the tag policy during resource creation, the operation will be blocked by the tag policy, and the resources will not be created.

      If you try to add tags that do not comply with the tag policy to ongoing resources, the operation will be blocked by the tag policy, but the resources will not be affected.

Follow-up Operations

For details about other operations on tag policies, see Managing Tag Policies.