Tag your cloud resources with their repository

An effective tagging strategy is a must-have for organizations relying on the cloud. A clear tagging strategy makes infrastructure ownership obvious, enables granular cost-reporting, and so much more. Something else that’s great about tagging is you don’t need to do it all upfront.

Terraform can automatically tag managed resources with the default_tags AWS provider option, and CloudFormation supports stack-level tags which works similarly to default_tags. Due to the existence of these features, you can build and validate your app and defer worrying about your tagging strategy until after you’ve found product-market fit and start running into cost issues.

In terms of designing your tagging strategy, LucidChart actually have a pretty good article on AWS tagging best practices which covers most of the things you should be thinking about. The one thing I’d add to their article is that tags can be an extremely powerful debugging tool if you build in some affordances.

To be brief: add the project’s Git repository to one of your tags. Keep it really simple, like repository=your-company/some-projects-infra. In an environment that prefers monorepo, this can be a path inside your monorepo instead of an actual repository name.

The benefit of doing this is that if you find some misbehaving infrastructure you can look at its tags and immediately see where the relevant IaC is located. People are usually pretty good at adding a project or team tag which are somewhat helpful for locating the code, but having the repository straight up listed in your tags cuts out any possibility for confusion. It’s unfortunately not always obvious where a project’s infrastructure is defined.