Effective management of AWS resources starts with the right use of resource tags. AWS resource tags are crucial for identifying and managing untapped or untagged resources. As cloud environments grow, ensuring all resources are tagged correctly becomes essential for optimizing cloud management and controlling costs. This guide will walk you through how to uncover untagged resources using AWS resource tags, providing best practices and strategies to enhance your cloud governance and achieve cost efficiency.

What Are AWS Resource Tags?

AWS resource tags are metadata that you can attach to your AWS resources. Each tag consists of a key and a value, which helps categorize and manage resources effectively. Tags can include information like project names, environment types (e.g., development, staging, production), or cost centers. Proper resource tags allows you to track usage, allocate costs, and enforce governance policies more efficiently.

Why Are Resource Tags Important?

1. Cost Management: AWS resource tags help in breaking down your AWS costs by various dimensions, such as project or department. This visibility allows you to understand where your spending is concentrated and take corrective actions.

2. Resource Organization: AWS resource tags facilitate better organization of resources, making it easier to search and filter them. For example, you can group resources by their lifecycle stage or business unit.

3. Compliance and Security: Resource tags helps in maintaining compliance and enhances security by enabling better monitoring and access control based on tags.

Despite the importance of tagging, many AWS environments often contain untagged resources, which can lead to challenges in resource tracking, cost allocation discrepancies, and security vulnerabilities. Identifying and addressing these untagged resources is key to maintaining a well-organized and

optimized AWS environment. In this blog post, we’ll explore strategies and tools for finding untagged resources on AWS.

Strategies for Finding Untagged Resources

1. Utilize Tag Editor

– Tag Editor: Utilize the Tag Editor to search for resources with missing tags and take corrective actions.

2. Leverage AWS Config Rules

– You can create custom Config rules to check for specific tags on resources and trigger automated actions if tags are missing. This helps enforce tagging standards across your AWS environment.

3. Use AWS Cost Explorer

– By filtering cost data by tag key-value pairs, you can identify resources that lack specific tags and prioritize tagging efforts based on cost impact.

4. Implement AWS Lambda Functions

– You can create Lambda functions that automatically scan your AWS environment for untagged resources on a scheduled basis. These functions can then generate reports or take corrective actions, such as notifying resource owners or applying default tags.

5. Service Control Policies (SCPs)

– By defining SCPs, you can enforce tagging requirements at the organizational level, ensuring that all accounts and resources comply with tagging standards.

6. CUR Athena Query

WITH allresources AS (
SELECT
line_item_usage_account_id
, line_item_product_code
, count(DISTINCT line_item_resource_id) AS count_resource
, CASE
WHEN resource_tags_user_env = ” THEN ‘NoTag’
ELSE ‘Tag’
END AS Tag_Status
FROM <CUR Table>

WHERE year=’2024′
GROUP BY line_item_usage_account_id, line_item_product_code, 4 — 4 represents
the Tag_Status column
)
SELECT
line_item_usage_account_id
, line_item_product_code
, sum(count_resource) AS “resources”
, sum(CASE WHEN Tag_Status = ‘Tag’ THEN count_resource ELSE 0 END) AS
“tagged_resources”
, round(sum(CASE WHEN Tag_Status = ‘Tag’ THEN CAST(count_resource AS double)
ELSE 0. END)/ sum(count_resource)  100.,
1) AS “percentage_tagged”
FROM allresources
GROUP BY 1,2

Best Practices for Managing Resource Tags

1. Define a Tagging Strategy: Establish a consistent tagging strategy that aligns with your organizational needs. Define tag keys and values that make sense for your business processes and cost tracking.

2. Automate Tagging: Use automation tools and scripts to ensure new resources are tagged appropriately. AWS Lambda functions and AWS CloudFormation templates can be used to enforce tagging policies.

3. Regular Audits: Conduct regular audits to ensure all resources are tagged correctly. AWS Config rules and AWS Trusted Advisor can help in automating compliance checks.

4. Educate Your Team: Ensure that your team understands the importance of tagging and follows the tagging policy consistently. Regular training and communication can reinforce good tagging practices.