Where’s my money???


So, you went ahead and joined the cloud revolution.

Awesome, you can now chat with your colleagues and throw around buzz words such as IaaS, SaaS, PaaS (and if you’re really cutting edge, you’re probably discussing things like K8s, Docker or maybe even Serverless architecture…)

That’s all great, until you get the check. Next thing you know, too many people are launching instances, storing data and utilizing your cloud account, and you have no control.

What the hell should I do???

So, if you’re like ~50% of the cloud users, you’re likely running something in AWS. And if that’s the case, you may have heard that you can use tagging as a way to control expenses.

Yep, tagging is a great way to add meta data to your cloud resources. Whether that’s an EC2 instance, S3 bucket or a VPC routing table, you can add tags that will add meaning to your resources

I will talk more in the coming posts about what you can use tags for, but let’s start by stating this:

  1. From a financial perspective, you can get billing reports that includes your cloud resources together with their associated tags and cost
  2. From a functional perspective, tags are a great way to group resources and act on them in mass. Think about something like “Let’s turn off all instances with a tag env=dev every weekend and turn them on 3 hours before everyone get to work…”. Yeah, you can do that

So, first of all, how can we tag our resources? Glad you asked 🙂

Hop on over to my GitHub repo and take a look at the TagVPCResources.sh script. This script is the first step in tagging your resources.

It’s still in development, so I suggest you keep an eye out for updates. For now, this script will tag the following resource types in your AWS account:

  • EC2 Instances
  • EBS Volumes
  • Security Groups

You can expect more additions in the coming weeks, including:

  • All taggable VPC resources (routing tables, DHCP options, NAT gateways, etc.)
  • S3 Buckets
  • and more…

In order to run this script, you must:

  • Run a linux machine
  • Install & configure the AWS cli. Details here
  • Have permissions to get information and tag resources. Since this script will eventually touch most of AWS landscape, it’s best to run with full AWS account admin permissions (IAM user is fine, no need for the root account)

The script works in a way that it expects to get 4 parameters as input (example below):

  2. VPC_ID

Then, it will scan for the resources in the given VPC and will tag them with 2 tags:

  • key=product, value=$PRODUCT_VALUE
  • key=env, value=$ENV_VALUE

These 2 keys are a good starting point to scope your resources around different products and environments. If you know your bash scripting, you can easily add more or modify the existing one. As said, they are a good starting point


$ ./TagVPCResources.sh REGION="us-east-1" VPC_ID="vpc-abc1234" PRODUCT_VALUE="mymobileapp" ENV_VALUE="dev"

The script will lookup all resources in the VPC with the vpc-id vpc-abc1234 in the us-east-1 region and create (or modify!) the tags product:mymobileappenv:dev on all the resources

What’s next?

Next time, we will discuss how to get a detailed billing report that includes cost associated with each tag so you can put your tags to good use


Happy Scripting.



2 thoughts on “Where’s my money???

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s