Azure Tags Examples to Organize Resources


Azure

Author: Sahil Hulage
Reviewer: Deepak Prasad

Introduction to Azure Tags

  • Many cloud providers allow administrators to group resources based on specific categories. This practice of grouping of individual resources is generally referred to as tagging.
  • Simply put tags are name and value pairs which can be assigned to Azure resources in order to mange said resources more efficiently within the Azure cloud.
  • For example, we can tag Azure resources by department. Let’s assume your organization has resources in the Azure cloud designated for different departments like marketing, finance, HR etc. We can create tags for different departments as dept:marketing, dept:finance and dept:HR and associate them with resources belonging to these departments so as to easily determine which resources are in use by which departments. Since tags are name and value pairs, here dept would be the name and marketing would be the value.
  • Another common use case for tags is to tag resources based on the environment they are in. For example, production resources could be tagged as env:prod and development resources could be tagged as env:dev. Using tags in this fashion would allow us to manage all of our resources in the production environment as a single entity while we are performing some administrative tasks.
  • Tag names can be 512 characters long and values can span up to 256 characters with the exception that storage account tag names can only be up to 128 characters in length.
  • The tag names are case sensitive.

 

Usage of Azure Tags

  • In the Azure cloud, we can assign tags to resources, resource groups and also to subscriptions.
  • This brings up an important point of discussion regarding resource tag assignment hierarchies. When we assign a tag to an Azure resource then the entities or resources within that resource do not inherit the tag assignment.
  • For example, if we assign a tag to an Azure subscription then the resources like virtual machines, virtual networks, virtual disks, etc. will not inherit that tag. So, the resource groups and resources within the tagged subscription must also be independently tagged. This is as tedious as it sounds although there are some command line options to slightly ease the pain. Since tags are not inherited, we need to individually tag resources in order to ensure that our designed tagging scheme is implemented.
  • A single resource can have up to 50 tags. This gives us a lot of flexibility to tag our resources based on different categories. For example, a virtual machine could be tagged as both dept:HR and env:dev which would imply that this virtual machine belongs to the HR department and resides in the development environment.
  • We can also use tags to view costs associated with a set of resources in a consolidated fashion. The tags that you assign to resources will be reflected in your detailed Azure usage report, which is available in CSV format from the Account Management Portal. This report provides insights into the costs that have been incurred for the tagged resources, and you can analyze it further by sorting the usage based on tags.
  • Ideally, we would like to keep similar resources grouped together in the same resource group or subscription. In practice, this is not always the case. By using tagging, we now have the granularity to be able to apply metadata or a sort of identifier to a resource that is independent of its resource group and subscription. Networking, storage, and some other core services are good examples of this why this is useful. They are often associated with multiple resources and applications. If they were automatically assigned the tags from its parent resource group or subscription it would be easy to assign the wrong tags.

 

Best practices to follow with Azure Tags

Tagging resources can prove to be a very useful and effective resource management strategy when properly implemented with some thought and planning behind the deployment. Ideally, we would want to have a defined methodology to use when tagging our resources. Here are some things to consider while formulating a tagging strategy for your resources in the Azure cloud:

  • What environment does the resource belongs to?
  • Who is the service owner or technical point of contact for a resource?
  • What is the name of the application or department that is supported by the resource?
  • Are there any compliance requirements for this resource?
  • Who should be charged for the cost associated with this resource?
  • Does this resource have a defined maintenance window?

Since a single resource can have up to 50 tags, we have a lot of categorizations and classifications options to work with. One important advantage of using tags is the fact that these can be associated with Azure policies. An azure policy is a service that allows you to enforce certain rules on your Azure infrastructure. We will discus Azure policies in detail in a separate article.

Now that we have explained what are tags in Azure and understood their benefits and use cases, we’ll now move over to the Azure portal and cloud shell where we will demonstrate how to create a tagged resource in Azure, list resources belonging to a specific tag and finally delete resources belonging to a tag.

 

Create a tagged resource

For this demonstration, we will create a Ubuntu based virtual machine and will tag it as project:cloudlinux. We will use the Azure CLI to accomplish this task. Here we’ve logged in to the Azure portal and launched the Azure CLI interface from cloud shell.

Azure Tags Examples to Organize Resources

Before we create our VM, let’s first determine our resource group and assign it to a variable

cloud@Azure:~$ az group list --query [].name -o tsv
1-77f5bf5b-playground-sandbox
cloud@Azure:~$ rg=$(az group list --query [].name -o tsv)

cloud@Azure:~$ echo $rg
1-77f5bf5b-playground-sandbox

Sample Output:
Azure Tags Examples to Organize Resources

You may choose to use the resource group name directly instead of assigning it to a variable first as per your convenience. Now we will create our virtual machine with the az vm create command.

cloud@Azure:~$ az vm create --resource-group $rg --name tagged-vm --image UbuntuLTS --admin-username demouser --generate-ssh-keys --tags project=cloudlinux

Sample Output:
Azure Tags Examples to Organize Resources

When we open up the details window for this VM in the Azure portal, we will observed that the tag project:cloudlinux has been applied to it.

Azure Tags Examples to Organize Resources

 

List tagged resources

When we apply a tag during resource creation, that tag will also be applied to the underlying resources that are the building blocks for the resource that we create. In this example, the virtual machine will have tag since we applied it while creating it. But the different underlying components such as virtual disks and virtual networks will also have this tag applied to them.

To list Azure resources belonging to the tag project:cloudlinux, we will use the following Azure CLI command:

cloud@Azure:~$ az resource list --tag project=cloudlinux --query [].name -o tsv
tagged-vm
tagged-vmVMNic
tagged-vmNSG
tagged-vmPublicIP
tagged-vmVNET

Sample Output:
Azure Tags Examples to Organize Resources

 

Delete tagged resources

We mentioned in the beginning that we can manage tagged resources as a group. In this example, we will demonstrate this by deleting all of the resources that are tagged under project:cloudlinux. For this we will require the resource ids of the tagged resources instead of the name. We can query the resource ids using the following command

cloud@Azure:~$ az resource list --tag project=cloudlinux --query [].id -o tsv
/subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Compute/virtualMachines/tagged-vm
/subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Network/networkInterfaces/tagged-vmVMNic
/subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Network/networkSecurityGroups/tagged-vmNSG
/subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Network/publicIPAddresses/tagged-vmPublicIP
/subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Network/virtualNetworks/tagged-vmVNET
cloud@Azure:~$

Sample Output:
Azure Tags Examples to Organize Resources

We will now use a for loop to delete all the four tagged resources.

cloud@Azure:~$ for id in $(az resource list --tag project=cloudlinux --query [].id -o tsv)
> do
> echo "Deleting $id"
> az resource delete --ids $id
> done
Deleting /subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Compute/virtualMachines/tagged-vm
Deleting /subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Network/networkInterfaces/tagged-vmVMNic
Deleting /subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Network/networkSecurityGroups/tagged-vmNSG
Deleting /subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Network/publicIPAddresses/tagged-vmPublicIP
Deleting /subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Network/virtualNetworks/tagged-vmVNET

Sample Output:
Azure Tags Examples to Organize Resources

 

Tag an existing resource

In our first example, we applied a tag to a resource during creation. Now, let apply a tag to a resource that already exists. For this, I’ve created a centos virtual machine and named it untagged-vm.

cloud@Azure:~$ az vm create --resource-group $rg --image CentOS -n untagged-vm --admin-username democloud --generate-ssh-keys

After this VM has been created, we will fetch the resource id for the virtual machine since the tag will be applied to the resource id and not the virtual machine name. We will use the az vm show command to obtain this information.

cloud@Azure:~$ az vm show --resource-group $rg --name untagged-vm --query id -o tsv

Sample Output:
Azure Tags Examples to Organize Resources

 

To apply a tag to this VM we will use the az tag update command. We can also apply tags using the Azure portal. We’ll first assign the value of the resource id of our virtual machine into a variable named id and use it in the az tag update command.

cloud@Azure:~$ id=$(az vm show --resource-group $rg --name untagged-vm --query id -o tsv)

cloud@Azure:~$ az tag update --resource-id $id --operation Replace --tags project=cloudlinux
{
  "id": "/subscriptions/964df7ca-3ba4-48b6-a695-1ed9db5723f8/resourceGroups/1-77f5bf5b-playground-sandbox/providers/Microsoft.Compute/virtualMachines/untagged-vm/providers/Microsoft.Resources/tags/default",
  "name": "default",
  "properties": {
    "tags": {
      "project": "cloudlinux"
    }
  },
  "resourceGroup": "1-77f5bf5b-playground-sandbox",
  "type": "Microsoft.Resources/tags"
}
cloud@Azure:~$

Sample Output:
Azure Tags Examples to Organize Resources

 

When we apply a tag to an existing resource as we have done in this example, the tag is not inherited by the underlying resources. We can confirm that by viewing the resources tagged under project:cloudlinux.

cloud@Azure:~$ az resource list --tag project=cloudlinux --query [].name -o tsv
untagged-vm

Sample Output:
Azure Tags Examples to Organize Resources

 

Summary

This concludes our discussion on tagging resources in Azure. We explained what tags are in Azure, their use cases, benefits and also strategies on how could get the most out of using tags. We also went on to create and remove tagged resources, list tagged resources, apply tags on existing resources and also validated tags are not inherited from top level tagged resources.

 

References

For writing this article, we referred to the Azure documentation for tagging resources available at the following link:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json

Sahil Hulage

Sahil Hulage

He possesses over 5+ years of experience as a Cloud Consultant, specializing in Azure DevOps and CloudLinux. With his expertise, he implements and optimizes cloud solutions, ensuring seamless operations and efficient resource management. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

1 thought on “Azure Tags Examples to Organize Resources”

  1. How Re-create Azure tags in the existing azure environment?

    Hello sir,

    We are assigning tags to Azure resources. Some of the tags are assigned using Azure policy, and some of the tags are assigned manually.
    We have assigned tags to resources by using the Azure policy effect “append”.
    Now we want to assign the same tags with the Policy effect “modify”.

    Can you please suggest to me the best process for how to **re-create** tags using IaC Terraform? or **How to re-create** tags using policy? I need suggestions on this tagging **process**. What’s the best approach to do it and how to do it?

    How Re-create Azure tags in existing azure environment? what is the best approach to re-create Azure tags in azure environment? how to re-create tags without any issues?

    Example tags: ApplicationName, Owner, CostCenter,

    Reply

Leave a Comment