Based on the recent questions from you, our Security teams and management, we would like to help you improve access security and cost visibility of your AWS resources.
One of the best ways to monitor cost and manage access to AWS resources is by consistently tagging all of the AWS resources that support it. By attaching correct tags to your AWS resources you will gain ability to filter or group costs by tag in the AWS Cost Explorer and Cost and Usage Reports [1]. You can also give certain users or roles access to particular AWS resources using attribute (tag) based access controls [2].
To help ensure consistent organization-wide tagging and naming convention, long time ago Site-Infra has defined tagging and resource naming policies for AWS resources. You can find the documentation on the reference, tagging policy [3] and resource naming convention [4]. Not all AWS resources are covered yet and we’ll keep updating the policy to cover more AWS resources.
So the next time you create an AWS resource (especially if it’s in the legacy AWS account, shared between multiple Product Domains and Environments) please tag your AWS resource accordingly, for your own benefit.