AWS Account Tagging

AWS Account Tagging

June 17, 2019 1 By Eric Shanks

We’re getting into the habit of tagging everything these days. It’s been drilled into our heads that we don’t care about names of our resources anymore because we can add our own metadata to resources to later identify them, or to use for automation. But up until June 6th, AWS wouldn’t let us tag one of the most important resources of all, our accounts.

On June 6th though, our cloud world changed when AWS announced that we can now add tags to our accounts through organizations.

Why would we want to tag accounts? Well, that’s a bit of an open ended question. You may be tagging accounts to identify what the purpose of that account was for, who’s responsible for it, whether it has sensitive data in it, and about another thousand things that you might come up with. The world is your oyster as they say.

To tag your AWS Account simple login to your AWS Organizations portal where you can view your list of accounts. Select the account to update and then click the “EDIT TAGS” link on the right hand side of the screen.

Create your tags based on whatever rules your organization has and what you’re using the accounts for. Below are some common examples that could be applied at the account level. Save your changes.

When you go back to the accounts screen, you’ll now see the tags listed when you select the account. This might be an easy way to identify who owns the account.

If you’ve got an up to date version of the awscli, you can also list tags for your resource within the organizations command.

Summary

Now we can use tags on our AWS Accounts just like the rest of our AWS resources. This may seem like a trivial update that AWS announced, but this is important functionality for a cloud to have and for organizations to take advantage of. What tags will you use on your AWS Accounts? Post your suggestions in the comments.