Developers and admins can quickly get overwhelmed when making decisions about how to organize IT resources in Microsoft Azure, but having the right systems in place is vital to gaining proper insight into their applications and data. One of the best ways to do this in Azure is with tags.
Rather than deal with one-to-one groups or hierarchical relationship trees, IT teams can use tags for more multi-dimensional relationships that are easier to institute. Tags are informational key-value elements that can be applied as metadata to Azure resources — such as VMs and SQL databases — to facilitate better organization, reporting and automation.
And while tags provide great organizational value, be careful — their loosely structured nature can lead to more confusion than control when poorly implemented. IT teams need to define and develop a strategy for managing consistent, hierarchical naming conventions. Below are some tagging tips to properly organize Azure resources.
Azure tagging best practices
To choose the right Azure tag, identify its purpose and what insights the team wishes to gain from it.
For example, if an administrator wants to identify resources based on their environment level — such as production or staging — the most appropriate tag is Environment. Beyond a basic technical status, you can tag resources based on which business department is responsible for them, like sales or human resources, so an additional Department tag might make sense.
Although tags are generally key-value pairs, a lesser-used tagging format is a key-object pair. This format assigns a JSON string to a tag name, rather than a scalar value. This enables enterprises to have tags with multi-dimensional values, such as Environment and Department values assigned to a single CostCenter tag.
IT teams need to stress consistency in a tagging strategy. If it’s not broadly adopted, the tags are worthless.
Employees not only need to buy in to the use of tags, they also need to know which Azure tags to use and how to use them in order for a tagging system to work. A spreadsheet is one way to stay organized, but it is not infallible.
Azure Policy is a governance service that can be used to manage and enforce policies across resources in your organization. For example, if every resource must include Department and Environment tags, a policy makes this a requirement rather than a suggestion.
Additionally, policy rules enforce the format of individual tag values with simple matching patterns — such as ##-???-#### to enforce a 01-Jan-1990 date format.
Keep in mind that there are some limitations to Azure tags:
- Tags applied to a resource group are not inherited by the resources in that group.
- Tag names are limited to 512 characters.
- Tag names cannot contain the following characters: <, >, %, &, , ?, /.
- Each resource or resource group can have a maximum of 50 tag name/value pairs.
Tagging for automation and cost control
In addition to key-value pairs for reporting purposes, tags can better enable automation and reduce costs. For example, the Uptime tag alongside a value of BD — meaning business day — can flag resources to automatically shut down for a certain amount of time, such as overnight.
Like any tagging system, the power of Azure tags isn’t in the tags themselves, but in the functionality that developers and admins can implement on top of them. Because tags are inherently queryable, their use extends far beyond reporting and billing. With technologies like PowerShell and Azure Automation, automated tasks can be applied to resources based on the assigned tags.
For example, to take automation further, we could assign a policy that enforces a MaxUptime tag for every resource and assign an integer value that determines exactly how long it can remain active. Combined with PowerShell, we could query resources on a fixed cadence — such as hourly or daily — and any resource with an uptime that is longer than its MaxUptime value would automatically shut down.