A tag is defined by the Oxford Dictionary (https://en.oxforddictionaries.com/definition/tag) as the following:
Azure allows the tagging of resource groups and resources with name-value pairs. Tagging helps in the logical organization and categorization of resources. Azure also allows the tagging of 15 name-value pairs for a resource group and its resources. Although a resource group is a container for resources, tagging a resource group does not mean the tagging of its constituent resources. Resource groups and resources should be tagged based on their usage, which will be explained later in this section. Tags work at a subscription level. Azure accepts any name-value pairs, and so it is important for an organization to define both the names and their possible values.
But why is tagging important? In other words, what problems can be solved using tagging? Tagging has the following benefits:
- Categorization of resources: An Azure subscription can be used by multiple departments within an organization. It is important for the management team to identify the owners of any resources. Tagging helps in assigning identifiers to resources that can be used to represent departments or roles.
- Information management for Azure resources: Again, Azure resources can be provisioned by anyone with access to the subscription. Organizations would like to have a proper categorization of resources in place to comply with information management policies. Such policies can be based on application life cycle management, such as management of the development, testing, and production environments. Such policies could be based on the usage, or based on any other priorities. Each organization has their own way of defining information categories, and Azure caters for this with tags.
- Cost management: Tagging in Azure can help in identifying resources based on their categorization. Queries can be executed against Azure to identify cost per category, for instance. For example, the cost of resources in Azure for the development of an environment for the finance department and the marketing department can be easily ascertained. Moreover, Azure also provides billing information based on tags. This helps in identifying the consumption rates of teams, departments, or groups.
Tags in Azure do have certain limitations, however:
- Azure allows a maximum of 15 tag name-value pairs to be associated with resource groups.
- Tags are non-inheritable. Tags applied to a resource group do not apply to the individual resources within it. However, it is quite easy to forget to tag resources when provisioning them. Azure policies are the mechanism to ensure that tags are tagged with the appropriate value during provision time. We will consider the details of such policies later in this chapter.
Tags can be assigned to resources and resource groups using PowerShell, Azure CLI 2.0, Azure Resource Manager templates, the Azure portal, and the Azure Resource Manager REST APIs.
An example of information management categorization using Azure tags is shown here. In this example, the Department, Project, Environment, Owner, Approver, Maintainer, Start Date, Retire Date, and Patched Date name-value pairs are used to tag resources. It is extremely easy to find all the resources for a particular tag or a combination of tags using PowerShell, the Azure CLI, or REST APIs: