We're struggling with how to effectively manage the ownership and relevance of our AWS resources, particularly in non-production accounts. This lack of a clear process has resulted in unused resources, rising costs, and confusion during alerts or incidents. I'm looking for insights on establishing a proactive AWS hygiene process. What steps do you think should be included? What requirements should we consider as a DevOps team?
2 Answers
One approach is to enforce Infrastructure as Code (IaC) and require tagging for all resources. You could automate the deletion of untagged resources on a regular basis, like weekly or monthly. Important tags should capture metadata about the owning team and costs, which helps hold teams accountable and track expenses more easily.
Thanks for your input, appreciate it.
It's important that depending on your team's size and structure, you may want to limit personal write access to AWS resources. Allow team members to list or manage resources they own, but consider using IaC (like GitOps) for all non-read operations to help mitigate potential chaos.
Thanks man, appreciate it.
If you can get leadership on board, consider implementing a stricter tag policy that prevents resource creation without a proper cost allocation tag. You'll need to set some guardrails with Service Control Policies to manage who can apply tags to what, but once it's set up, this process can really simplify financial ownership tracking.