Project Tagging Requirement for ucboitrccumulus

Document Purpose

This document describes the requirements that are expected of end users when using the CUmulus AWS Account. The CUmulus AWS Account is a ‘sandbox’ like, shared AWS Account, that different Projects can use to consume an allocation of AWS Credits for prototyping and research activities. The CUmulus AWS Account is not intended for long term production workloads. In order to properly track the usage of your allocation, please be sure to follow the steps in this document to ensure that you are properly tagging your resources.

AWS Resource Tagging

AWS resource tagging is critical for tracking actual costs (ie. credits), as well as forecasted costs. As a user of the CUmulus environment, you are responsible for tagging all resources that are created in your Project. The tag must be applied when (if possible), or immediately after, the resource is created. For more information about how tags work, it’s worth reading the AWS documentation describing Tags. If you are unfamiliar with the terms “tag key” and “tag value”, please read and understand the AWS documentation describing Tags.

Project Tag

We are using the concept of a “Project” Tag to track different projects that will be using the shared CUmulus AWS Account.

When tagging resources, there is only one tag that we require you to provide. This is the “Project” tag. You are free to add more tags, as there are several other benefits of tagging discussed in the AWS documentation describing Tags.

( ! ) - IMPORTANT
The "tag key" is case sensitive. This means that "Project" is valid (must contain the capital 'P'). Using "project" (all lower case) as the key will generate an error, and this is the expected behavior.

The “tag value” will be the name of the Project that is given to you when your project was on-boarded by the Research Computing Cloud Team (ie. argovis, flywheel). The value must match exactly, and is case-sensitive. You may not use any other value other than the one given to your Project. Values that do not match a project will cause errors. This is expected behavior.

There is no way to currently require the user to create the necessary Project tag when creating resources. This is a current limitation with AWS. This is why users need to be in the good habit of always adding the Project tag to all resources.

Tag Examples

( ! ) - IMPORTANT
The following examples show the Project Value = argovis. Use the name of your project instead (ie. flywheel), and do not use the argovis value.

For the following examples, the tag value (or name of the Project) is “argovis” (all lower-case). Almost every resource that you create in the AWS Console will have a ‘Tags’ section as described in the following examples.

Tag S3 Bucket in AWS Console

When creating a S3 Bucket, be sure to look for the ‘Tags’ section. Click the ‘Add tag’ button, then enter the Key = Project and the Value = argovis.

../../../_images/s3-bucket.jpg

Note that the creation wizard for this example is a single form, which is common for many AWS services. Look for the Tags section.

Tag EC2 Instance in AWS Console

On step 5 of the EC2 launch wizard, click the “Add tag” button, then enter Key = Project and the Value = argovis.

../../../_images/ec2-instance.jpg

Note that the creation wizard for this example has more than one step, which is common for many AWS services. Be sure to add your tag(s) when you get to the proper step. This can be easy to miss, so look carefully!

Clustered Services

When creating clustered environments, especially when using autoscaling, be sure to set your template up to set the default tags so that when resources are spun up and down, the proper tag will get added for you automatically. See AWS documentation for the specific service to see how to set the default tags (ie. EKS for Kubernetes).

Tags Block in a CloudFormation Template

When using AWS CloudFormation to create resources, you will need to specify the ‘Tags’ block. See AWS CloudFormation Resource Tag Documentation for more details. Each resource in the CloudFormation template will need to have the ‘Tags’ block added as specified in the AWS documentation for each resource block. Syntax can be different for each service, so always consult AWS docs as a best practice.

CloudFormation Tags Snippet:

...

"Tags" : [
    {
        "Key" : "Project",
        "Value" : "argovis"
    },
    {
        "Key" : "keyname2",
        "Value" : "value2"
    }
]

...

The above example shows multiple tags in the block. You will need the Project tag at a minimum for each resource.

Add Tag using AWS CLI

When using the AWS CLI to create resources, you may need to run one command to create the resource and another command to add the tag. This example shows how to create a S3 bucket and add the related tag.

Create and Tag S3 Bucket using CLI:

# create a new s3 bucket
aws s3api create-bucket --bucket my-bucket --region us-west-2
 
# create tags for the new s3 bucket
aws s3api put-bucket-tagging --bucket my-bucket --tagging 'TagSet=[{Key=Project,Value=argovis},{Key=keynmame2,Value=value2}]'

The above example shows multiple tags. You will need the Project tag at a minimum.

Always be sure to refer to the AWS CLI documentation. Each resource may have its own unique syntax for adding Tags. This example was created using this AWS CLI Documentation.

Couldn’t find what you need? Provide your feedback on these docs!