Optimize Resources with Tags and AWS Trusted Advisor

Learning Objectives

After completing this unit, you’ll be able to:

Describe the use cases for tags.
Explain how AWS Trusted Advisor can help you optimize the resources in your AWS account.

As your cat photo website is built out, you provision a variety of AWS resources in your account, such as EC2 instances, RDS instances, and Amazon Simple Storage Service (S3) buckets. You need to consider how you organize these resources as you scale up to meet demand. Let’s say you are trying to find all AWS resources used to support your cat photo application in your AWS account. You want to keep track of them for IT management.

How will you go about doing that? One way to do it is to explore each service you used and then hope you can identify which resource is being used. This gets tricky, especially if you have multiple applications. This is where tagging is useful.

Use Tags in AWS

A tag in AWS is a key-value pair that you associate with a resource as metadata. You define the tags, meaning you can make them whatever you want them to be, such as your app’s code name or an IT management standard at your organization. Each tag has a mandatory key and an optional value that can make it easier to manage, search for, and filter.

User configured Key and Value input text fields.

Many AWS resources are taggable, you can add multiple tags to each AWS resource, and these tags can then be used for a variety of purposes.

Organize AWS Resources with Tags

Tags help you organize your architecture. As described earlier, what will you do if you need to find all AWS resources associated with your cat photo application? Instead of visiting each service to check for resources, you can instead tag your AWS resources in a way that describes the application the resource supports. You can even use IAM policies to explicitly prevent resources being created if a proper set of tags are not supported—this a great way to reinforce governance standards.

For your cat photo application, you tag your resources with: your-company:cat-photo-app

Tip: Using all lowercase with hyphens for separators avoids confusion about how to capitalize a tag name, since they are case sensitive.

Once resources are tagged, you can use the Resource Groups tool to view resources related to a tag. Normally, the AWS Management Console organizes resources by AWS service. However, using the Resource Groups tool allows you to view AWS resources by tag. This enables you to get a view of your resources across AWS services.

Use Tags for Cost

Icon for AWS Cost Explorer, showing graph and magnifying glass.

Imagine this scenario, the CFO at your company asks you how much cost is associated with each app hosted in AWS. How are you going to find that information and present it in a timely manner? Again, tags can help you.

Beyond tagging resources for visibility and organization, use tags to dig into what AWS resources are driving cost. The AWS Cost Explorer supports the ability to break down AWS costs by tag. This means you can also tag resources with information related to their cost center.

Through the use of tags and services like the AWS Cost Explorer, you can provide your CFO with the cost information in an efficient and accurate manner.

Use Tags for Automation

Another great use case for tags is IT automation. Think about this scenario: Your cat application is hosted on a fleet of EC2 instances. There are also other applications hosted in the same AWS account on EC2 instances.

You want to deploy a patch to all EC2 instances that host the cat photo app, but no other instances hosting other applications. You could use the Resource Groups tool, search by tag for application, jot down each instance ID, then manually install the patch on each instance. This works, but it’s time-consuming and prone to error.

Wouldn’t it be nice if instead you could just automatically apply the patch to every EC2 instance with a tag for your cat photo app? Luckily, you can! Tags can be used to opt in to or out of automated tasks, like patching, or to identify specific versions of resources to either archive, update, or delete.

Explore AWS Trusted Advisor

Now that you know how to use tagging to manage your AWS resources, you may want some tips on how to further optimize your AWS environment. Look no further than AWS Trusted Advisor.

The AWS Trusted Advisor tool provides you with guidance on how to optimize your resources following AWS best practices.

AWS Trusted Advisor evaluates your resources against best practices in six pillars.

Cost Optimization
Performance
Security
Fault Tolerance
Service Limits
Operational Excellence

The tool runs multiple checks for each pillar in your account. The type of checks depend on the support plan you have. And the number of checks you have access to increases as the support plan moves up levels. AWS Developer and Basic Support customers get access to the essential checks. With AWS Enterprise Support, customers have access to the full suite of checks. Get more information about AWS support plans in the Resources section of this unit.

The checks are broken down into each pillar. When you navigate each category, you can find the number of checks that were run and their status. The following example shows a summary of the check results for an AWS account.

The Trusted Advisor Recommendations page in the Trusted Advisor console with check summaries

You can check recommendations for each category. The status noted by a green check box signals that the check passed, a red circle indicates that actions are recommended, a blue triangle signals that investigation is recommended, and a gray circle displays the number of checks that have excluded items.

In the following image, the Cost Optimization category displays potential monthly savings of $7,082.26 in your AWS account.

The cost optimization category page in the Trusted Advisor console that shows potential monthly savings, and checks that need action, investigation, or no issues detected

Trusted Advisor breaks down all the checks that were run, their status, and some detailed information about each check. Trusted Advisor can help you find places where your account could optimize resources to save money. For example, Trusted Advisor can help you identify underutilized resources. Then, you can check to see if those resources can be scaled down or deleted altogether.

Let’s review another example in the category of security. For increased security, Trusted Advisor might recommend that you enable various AWS security features, close any gaps, and examine your permissions. One of the items you might notice in this category is the MFA on Root Account action. This recommendation is telling you that the root account does not have multi-factor authentication (MFA) on the root account (root user) and is vulnerable. Using MFA for security is important, as you learned in Security in AWS Cloud.

MFA on Root Account action that shows a recommended action to take; also showing Alert Criteria and Additional Resources.

These are just a few examples of the types of checks Trusted Advisor runs, and the types of recommendations it makes. Through each pillar, it will run checks against best practices and recommend ways you can optimize your account.

Wrap Up

Tagging AWS resources is a best practice, and something you should utilize for organization, cost management, and automation. If you intend to use tags for these specific use cases, you need to be consistent with your values. For example, if a significant portion of your AWS resources are missing tags for cost allocation, your cost analysis and reporting process will be more complicated, time-consuming, and less accurate. Ensure you create a tagging standard for your organization for consistency.

AWS Trusted Advisor is a service that runs checks in your AWS account and makes recommendations for your AWS resources.

Tempo estimado

Tópicos

Procurando ajuda?