Optimize Resources with Tags and AWS Trusted Advisor
After completing this unit, you’ll be able to:
- Describe the use cases for tags.
- Explain how AWS Trusted Advisor can help you optimize the resources in your AWS account.
As your cat photo website is built out, you provision a variety of AWS resources in your account, such as EC2 instances, RDS instances, and Amazon Simple Storage Service (S3) buckets. You need to consider how you organize these resources as you scale up to meet demand. Let’s say you are trying to find all AWS resources used to support your cat photo application in your AWS account. You want to keep track of them for IT management.
How will you go about doing that? One way to do it is to explore each service you used and then hope you can identify which resource is being used. This gets tricky, especially if you have multiple applications. This is where tagging is useful.
Use Tags in AWS
A tag in AWS is a key-value pair that you associate with a resource as metadata. You define the tags, meaning you can make them whatever you want them to be, such as your app’s code name or an IT management standard at your organization. Each tag has a mandatory key and an optional value that can make it easier to manage, search for, and filter.
Many AWS resources are taggable, you can add multiple tags to each AWS resource, and these tags can then be used for a variety of purposes.
Organize AWS Resources with Tags
Tags help you organize your architecture. As described earlier, what will you do if you need to find all AWS resources associated with your cat photo application? Instead of visiting each service to check for resources, you can instead tag your AWS resources in a way that describes the application the resource supports. You can even use IAM policies to explicitly prevent resources being created if a proper set of tags are not supported—this a great way to reinforce governance standards.
For your cat photo application, you tag your resources with:
Tip: Using all lowercase with hyphens for separators avoids confusion about how to capitalize a tag name, since they are case sensitive.
Once resources are tagged, you can use the Resource Groups tool to view resources related to a tag. Normally, the AWS Management Console organizes resources by AWS service. However, using the Resource Groups tool allows you to view AWS resources by tag. This enables you to get a view of your resources across AWS services.
Use Tags for Cost
Imagine this scenario, the CFO at your company asks you how much cost is associated with each app hosted in AWS. How are you going to find that information and present it in a timely manner? Again, tags can help you.
Beyond tagging resources for visibility and organization, use tags to dig into what AWS resources are driving cost. The AWS Cost Explorer supports the ability to break down AWS costs by tag. This means you can also tag resources with information related to their cost center.
Through the use of tags and services like the AWS Cost Explorer, you can provide your CFO with the cost information in an efficient and accurate manner.
Use Tags for Automation
Another great use case for tags is IT automation. Think about this scenario: Your cat application is hosted on a fleet of EC2 instances. There are also other applications hosted in the same AWS account on EC2 instances.
You want to deploy a patch to all EC2 instances that host the cat photo app, but no other instances hosting other applications. You could use the Resource Groups tool, search by tag for application, jot down each instance ID, then manually install the patch on each instance. This works, but it’s time-consuming and prone to error.
Wouldn’t it be nice if instead you could just automatically apply the patch to every EC2 instance with a tag for your cat photo app? Luckily, you can! Tags can be used to opt in to or out of automated tasks, like patching, or to identify specific versions of resources to either archive, update, or delete.
Explore AWS Trusted Advisor
Now that you know how to use tagging to manage your AWS resources, you may want some tips on how to further optimize your AWS environment. Look no further than AWS Trusted Advisor.
The AWS Trusted Advisor tool provides you with guidance on how to optimize your resources following AWS best practices.
AWS Trusted Advisor evaluates your resources against best practices in five pillars.
- Cost Optimization
- Fault Tolerance
- Service Limits
The tool runs multiple checks for each pillar in your account. The type of checks depend on the support plan you have. And the number of checks you have access to increases as the support plan moves up levels. AWS Developer and Basic Support customers get access to the essential checks. With AWS Enterprise Support, customers have access to the full suite of checks. Get more information about AWS support plans in the Resources section of this unit.
The checks are broken down into each pillar. When you navigate to the Trusted Advisor dashboard you can see the number of checks that were run and their status.
You can see the status is either noted by a green check box to signal that the check passed, an orange triangle to signal that investigation is recommended, or a red circle that indicates actions are recommended.
In this example, Trusted Advisor lets you know there is a potential monthly savings of $169.44 in your AWS account.
When you click the Cost Optimization pillar, Trusted Advisor breaks down all the checks that were run, their status, and some detailed information about each check. You see Trusted Advisor has found places where your account could use Reserved Instances instead of On-Demand to save money. It has also found EC2 instances and EBS volumes with low utilization. Trusted Advisor asks for you to look into the findings, so that you can check to see if those instances or volumes can be scaled down or deleted altogether.
When you click the Security pillar, there are four items in the Action Recommended category.
One of the four items is multi-factor authentication (MFA) on the root account (root user). This is telling you that the root account does not have MFA turned on and is vulnerable. Using MFA for security is important, as you learned in Security in AWS Cloud.
These are just a few examples of the types of checks Trusted Advisor runs, and the types of recommendations it makes. Through each pillar, it will run checks against best practices and recommend ways you can optimize your account.
Tagging AWS resources is a best practice, and something you should utilize for organization, cost management, and automation. If you intend to use tags for these specific use cases, you need to be consistent with your values. For example, if a significant portion of your AWS resources are missing tags for cost allocation, your cost analysis and reporting process will be more complicated, time-consuming, and less accurate. Ensure you create a tagging standard for your organization for consistency.
AWS Trusted Advisor is a service that runs checks in your AWS account and makes recommendations for your AWS resources.