Using AWS Tags and Resource Groups

Hands-On Lab

 

Photo of Miles Baker

Miles Baker

AWS Training Architect II

Length

00:30:00

Difficulty

Intermediate

To simplify the management of Amazon Web Services (AWS) Resources such as EC2 Instances, you can assign your metadata using tags. These tags can be used by resource groups to automate tasks on large numbers of resources at one time. They serve as a unique identifier for custom automation, to break out cost reporting by department and much more. In this hands-on lab, we will discuss tag restrictions and best practices for tagging strategies. We will also get experience with the Tag Editor, AWS Resource Group basics, and see how to leverage automation through the use of tags. ### Lab Prerequisites - Understand how to log in to and use the AWS Management Console. - Understand Amazon Elastic Compute Cloud (EC2) basics including how to launch an Instance. - Understand AWS Identity and Access Management (IAM) basics, including users, policies, and roles. - Understand how to use the AWS Command Line Interface (CLI).

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Using AWS Tags and Resource Groups

Introduction

In this hands-on lab, we discuss tag restrictions and best practices for tagging strategies. We will also get experience with the Tag Editor, AWS Resource Groups, and see how to leverage automation through the use of tags.

Solution

Please log in to the AWS console using the cloud_user credentials provided. Once inside the AWS account, make sure you are using us-east-1 (N. Virginia) as the selected region.

Set Up AWS Config

  1. Click Services > Config > Get started.
  2. Ensure the checkbox for Record all resources supported in this region is selected.
  3. Ensure the radio button for Create a bucket is selected.
  4. Ensure the checkbox for Stream configuration changes and notifications to an Amazon SNS topic is NOT checked.
  5. If a radio button for Create AWS Config service-linked role is available, then select it, otherwise if a radio button for Use an existing AWS Config service-linked role is available, then select it.
  6. Click Next > Next on the AWS Config Rules page > Confirm. Note: We will return to AWS Config later in this lab.

Tag an AMI and EC2 instance

  1. Click Services > EC2.
  2. Click Instances on the left-hand side menu.
  3. Select the instance named Mod. 1 Web Server A.
  4. Click Actions > Image > Create Image.
  5. Enter "Base AMI - {yyyy-mm-dd}" and replace "{yyyy-mm-dd}" with today’s date.
  6. Click Create Image > Close.
  7. Click AMIs on the left-hand side menu.
  8. Select the AMI with the AMI name you just created.
  9. Select the Tags tab for the AMI.
  10. Click Add/Edit Tags > Create Tag.
  11. Enter "AMI Standard" as the key with "{yyyy-mm-dd}" as the value (replace "{yyyy-mm-dd}" with today’s date).
  12. Click Save.
  13. Once the AMI has a status of available, select the AMI and click Launch.
  14. Click Next: Configure Instance Details
  15. Leave the defaults, and then click Next: Add Storage > Next: Add Tags.
  16. Click Add Tag.
  17. Enter "Name" as the key > enter "Test Web Server" as the value.
  18. Click Next: Configure Security Group > Select an existing security group.
  19. Select the security group with the description Web.
  20. Click Review and Launch > Continue to confirm we do not allow port 22 open > Launch.
  21. Since we will not be logging into these servers, select "Proceed without a key pair".
  22. Select the checkbox to confirm and acknowledge the instance connection.
  23. Click Launch Instances > View Instances.

Using the Tag Editor - Part 1: Application Tagging

Module 1 Tagging

  1. Click Resource Groups at the top of the EC2 Management Console > Tag Editor.

  2. Verify that us-east-1 is selected for the Regions section.

  3. Select AWS::EC2::Instance and AWS::S3::Bucket as the resource types.

  4. Click Search resources.

    Note: All the EC2 Instances and S3 Buckets are shown for this region.

  5. Enter "Mod. 1" in the Filter resources search window, and then select the 2 instances.

  6. Enter "moduleone" in the Filter resources search window, and then select the S3 bucket.

  7. Select the X in the Filter resources search window.

  8. Click Manage tags of selected resources.

  9. Click Add tag.

  10. Enter "Module" as the Tag key > Enter "Starship Monitor" for the Tag value.

  11. Click Review and apply tag changes > Apply changes to all selected.

Module 2 Tagging

  1. Ensure that we are still on the Tag Editor page.

  2. Verify that us-east-1 is selected for the Regions section.

  3. Select AWS::EC2::Instance and AWS::S3::Bucket as the resource types.

  4. Click Search resources.

    Note: All the EC2 Instances and S3 Buckets are shown for this region.

  5. Enter "Mod. 2" in the Filter resources search window and select the 2 instances.

  6. Enter moduletwo in the Filter resources search window and select the S3 bucket.

  7. Select the X in the Filter resources` search window.

  8. Click Manage tags of selected resources.

  9. Click Add tag.

  10. Enter "Module" as the Tag key > Enter "Hyper Drive Design and Analysis" for the Tag value.

  11. Click Review and apply tag changes > Apply changes to all selected.

Using the Tag Editor - Part 2: Application Query

  1. Ensure that we are still on the Tag Editor page.
  2. Verify that us-east-1 is selected for the Regions section.
  3. Select AWS::EC2::Instance and AWS::S3::Bucket as the resource types.
  4. Enter "Module" for the Tag key section.
  5. Click on the Optional tag value search window > start typing "Hy", then select the Hyper Drive Design and Analysis text that shows up.
  6. Select Search resources.
  7. Select the link to the EC2 instance for the server with the Tag:Name of "Mod. 2 - Web Server B".

Using Resource Groups

Create Starship Monitor Resource Group

  1. Click Resource Groups > Create Resource Group
  2. Ensure that Tag base is selected in the Group type section.
  3. Enter "Module" within the Tags field and "Starship Monitor" for the Tag value field.
  4. Click Add
  5. Click View group resources to preview.
  6. Under the Group Details section, enter "Starship-Monitor" for the Group name field.
  7. Click Create group.

Create Hyper Drive Design and Analysis Resource Group

  1. Click Create Resource Group.
  2. Ensure that Tag based is selected for the Group name field.
  3. Enter "Module" within the Tags field and "Hyper Drive Design and Analysis" for the Tag value field.
  4. Click Add.
  5. Click View group resources.
  6. Enter "Hyper-Drive-Design-and-Analysis" for the Group name field.
  7. Click Create group.

Viewing Saved Resource Groups

  1. Click Saved Resource Groups on the left-hand side.
  2. Click Starship-Monitor
  3. Navigate to the an EC2 Instance by clicking on the link in the Group resources section.

Using AWS Config Rules for Compliance

  1. On the EC2 Management Console page, click Services > EC2.

  2. Click AMIs on the left-hand side menu.

  3. Select the radio button for the "Base AMI - {yyyy-mm-dd}" we created earlier in this lab.

  4. Copy the AMI ID to the clipboard.

  5. Navigate back to the AWS Config Console main page.

  6. Click Rules on the left-hand side menu.

  7. Click Add rule.

  8. Select the approved-amis-by-id rule.

  9. Select the Tags radio button for Scope of changes.

  10. Enter "Module" for the Tag key field.

  11. Enter "Starship Monitor" for the Tag value field.

  12. Paste the AMI ID that we copied to the clipboard earlier in to the Value field under the Rule parameters section.

  13. Click Save.

    Note: Let the rule run for a few minutes.

  14. Click the approved-amis-by-id link.

  15. Click on the link for one of the noncompliant resources.

Conclusion

Congratulations on successfully completing this hands-on lab!