Along with using Linked Accounts to keep a clear line between AWS resources, tags are a great way to allocate who owns which resources and the costs that are associated with them. Without using tags it can be very difficult to know who owns a particular resource and what it's purpose may be. Cloudability is a great tool for allocating these tagged items but can also be used to find things that aren't tagged or can't be tagged.
Only actual resource usage can be tagged
There's a whole bunch of spending in your monthly AWS bill which isn't classified as direct resource usage (you can use a transaction type filter to find these) and therefore can't be tagged. Some examples:
- Monthly recurring Reserved Instances fees. At the beginning of each month, AWS applies 720 (or 744) hours of pre-pay for each partial or no upfront reserved instance. Because the hours are pre-paid before they are applied to instances, AWS does not allow tagging of those fees.
- Sign up fee for Reserved Instances. For all upfront and partial upfront reservations, you'll pay a one-off sign up fee.
- AWS Support Fees. For regular business support or enterprise support
- Tax. In Australia, for example, you'll see GST as an item that can't be tagged.
Actual resources that can't be tagged
Here is a partial list of items that cannot be tagged:
- CloudWatch MetricMonitorUsage
- EBS snapshots - although these can be tagged, when AWS reports on them spending is collapsed to account/region with no resource id or tags made available.
Things that CAN be tagged
The good news is that very much the lion's share of AWS resources can be tagged, and you should do your best to tag these. Here are some notables:
- EC2, RDS, and Redshift instances
- S3 buckets, including storage, and request costs
- DataTransfer will inherit the tags of its resource source (for example the tags from S3 bucket, EBS volume....)
- Additional EBS volumes (note EBS volumes provisioned with an EC2 instance will now inherit tags from the EC2 instance)
- RDS storage
- Direct Connects (using the CLI) - details here