![]() Option 1: Apply your required resource tags to the resource creator’s IAM role. You can use either or both of these options. There are two options for storing your required resource tag keys and values. Step 3: Store your required AWS resource tags This means you can extract and automatically tag your instances with detail like the VPC ID and subnet ID. This CloudTrail event also provides detail about other resources that were created or updated when the EC2 instance was created. The date/time of resource creation from the eventTime key.The IAM role the entity assumed during resource creation from the arn key.The single sign-on (SSO) user ID of the entity that created the resource from the principalId key.The Amazon EC2 RunInstances API CloudTrail event provides a lot of tagging information. Here is an example AWS CLI command for creating a trail for this auto-tagging solution:Īws cloudtrail create-trail -name resource-creation-events -s3-bucket-name blog-demos If you do not already have a trail, follow the steps in Creating a Trail in the AWS CloudTrail User Guide. You need a CloudTrail trail to detect and respond to AWS resource creation API events. Git clone Step 2: Select a CloudTrail trail Run the git clone command to clone this GitHub repo to your local machine: You’ll find the AWS Identity and Access Management (IAM) permissions policy document, IAM trust policy document, and Lambda function in this GitHub repo. Lambda retrieves the required tags from Parameter Store and tags the new resource.įollow these steps to set up the auto-tagging solution.The CloudWatch event rule detects an applicable event, and then invokes a Lambda function to tag the resources.A CloudWatch event rule monitors and is triggered upon the creation of events like RunInstances.AWS CloudTrail logs a resource creation API event.A user creates Amazon Elastic Compute Cloud (Amazon EC2) instances.It includes a rule created in Amazon CloudWatch Events, a resource tag repository such as AWS Systems Manager Parameter Store, and an AWS Lambda function.īy following the steps in this post, you create a CloudWatch event rule, Parameter Store entries, and a Lambda function to enable the auto-tagging solution explained in this post.įigure 1 shows this solution’s architecture and its five-step workflow.įigure 1: Auto-tagging solution workflow Workflow steps The auto-tagging solution described in this post applies your organization’s required tags to newly created resources using an automated workflow. This blog post provides steps for ensuring your new AWS resources are tagged appropriately. Consistently applied resource tags deliver organizational benefits such as accurate cost allocation, granular access controls, precisely routed operation issues, and simplified resource operating state changes. Using accurate, meaningful tags on your AWS resources is a best practice. Suggested best practices for git tagging is to prefer annotated tags over lightweight so you can have all the associated meta-data.You might have heard the adage to “tag early, tag often” in infrastructure planning and design sessions. Additionally, for security, annotated tags can be signed and verified with GNU Privacy Guard (GPG). Similar to commits and commit messages Annotated tags have a tagging message. To reiterate, They store extra meta data such as: the tagger name, email, and date. Annotated TagsĪnnotated tags are stored as full objects in the Git database. Lightweight tags are essentially 'bookmarks' to a commit, they are just a name and a pointer to a commit, useful for creating quick links to relevant commits. This is important data for a public release. Annotated tags store extra meta data such as: the tagger name, email, and date. A best practice is to consider Annotated tags as public, and Lightweight tags as private. ![]() Lightweight tags and Annotated tags differ in the amount of accompanying meta data they store. The previous example created a lightweight tag. Git supports two different types of tags, annotated and lightweight tags. A common pattern is to use version numbers like git tag v1.4. Replace with a semantic identifier to the state of the repo at the time the tag is being created.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |