How to Automate AWS Cost Allocation Tagging with GitHub and Terraform
Automatically incorporate tagging into your development pipeline with GitHub and Terraform.
Automatically incorporate tagging into your development pipeline with GitHub and Terraform.
AWS Cost Allocation Tags are labels on resources that attribute and track cloud costs. Tagging is a prerequisite to assigning cost ownership (e.g. by team/app/cost center) and creating cloud cost accountability.
For more context on tags you can see our previous guide here.
Tagging AWS resources is a manual process that’s done either when a resource is spun up or during a cost firefighting initiative to understand cost ownership. We figured there had to be a better way and set out to make tagging a seamless part of development pipelines that use GitHub and Terraform.
Cloudthread’s Tagging Assistant makes tagging a seamless part of your development pipeline so that DevOps/FinOps teams can roll out a centrally managed and enforced tagging strategy without creating tedious manual work for engineers.
Once set up, the Tagging Assistant GitHub action will allow you to continuously enforce and maintain your AWS tagging strategy within your Terraform projects. Each GitHub repository can be associated with a catalog key that maps to tag key-value pairs within the Tag Catalog on the Cloudthread App. Adding or changing tag key-value pairs in a Cloudthread’s Tag Catalog entry will generate a tagging update Pull Request each time the action runs, and fail if the appropriate tagging is not in place. An example of such an update is `.tf` build file getting `(locals {tags = …}})` added.
All resources defined via Terraform in the repository will receive the same tags defined via the Tag Catalog.
The Tag Catalog is used to standardize tagging across your environment. In the Tag Catalog on Cloudthread’s platform you can create entries, assign a catalog key (which will be used to fetch key value pairs via our developer API). Cloudthread will look at existing tags used recently and surface them as recommendations for convenience. You can generate an entry that has tagging in place that’s linked to the catalog key.
Cloudthread will check tagging across your Terraform code and align it with the tagging that Cloudthread finds in the Tag Catalog on Cloudthread’s platform. You will then set an API token which is referenced in order to fetch tagging data.
In order to facilitate this integration, you set an API token as part of your repository to validate and then you set the Catalog Key in the relevant GitHub repository.
Cloudthread will then fetch those keys and do a diff comparing current tagging in the repository relative to what it should look like. If there’s an inconsistency or if something needs to change Cloudthread will automatically generate a PR on the branch where the PR was created to implement the tagging on your behalf.
Tagging Assistant is designed to keep existing tagging in place.
This is a continuous way to maintain tagging for resources in the repository that’s connected to the Cloudthread Catalog.
Today, Tag Assistant is fetching a set of key value pairs from the Tag Catalog.
In the future, Tag Assistant will fetch a set of rules that can implement a full tagging strategy by referencing Github meta data, Terraform state data, and AWS.