Resource Discovery

TagOps discovers AWS resources through two primary methods: scheduled scanning and event-based discovery.

How TagOps Discovers Resources

Scheduled Scanning

TagOps uses AWS SDK API calls to discover resources:

  1. List Operations: Call AWS APIs to list resources (e.g., ec2:DescribeInstances)
  2. Tag Operations: Read existing tags using service-specific APIs
  3. Batch Processing: Process resources in batches for efficiency

Event-Based Discovery

For real-time tagging, TagOps uses CloudTrail events:

  1. CloudTrail Captures: AWS records API calls in CloudTrail
  2. EventBridge Routes: Events flow to EventBridge
  3. Processes: TagOps receives events
  4. Rule Evaluation: Events checked against tagging rules
  5. Immediate Tagging: Tags applied within seconds

Resource Deletion Handling

When resources are deleted in your AWS account, TagOps automatically removes them from the inventory through two methods: scheduled scans and event-based discovery.

Event-Based Deletion Detection

TagOps detects resource deletions in real-time through CloudTrail events for supported resources:

  1. CloudTrail Captures: AWS records resource deletion API calls
  2. EventBridge Routes: Deletion events flow to EventBridge
  3. TagOps Processes: TagOps receives deletion events
  4. Immediate Removal: Deleted resources are removed from inventory within seconds

Scheduled Scan Deletion Detection

During each scheduled scan, TagOps:

  1. Scans Current Resources: Discovers all existing resources in your AWS accounts
  2. Compares with Inventory: Compares the current resource list with the stored inventory
  3. Identifies Deletions: Detects resources that exist in the inventory but are no longer present in AWS
  4. Removes from Inventory: Automatically removes deleted resources from the TagOps inventory

Benefits

  • Accurate Inventory: Inventory always reflects the current state of your AWS resources
  • Automatic Cleanup: No manual intervention required to remove deleted resources
  • Real-Time Updates: Event-based detection provides immediate removal (seconds)
  • Comprehensive Coverage: Both scheduled and event-based methods ensure no deleted resources remain in inventory
  • Resource Tracking: Maintains accurate counts and statistics for each service

Deletion Timing

  • Event-based (supported resources only): Deleted resources are removed immediately (within seconds) when deletion events are detected
  • Scheduled scan (all resources): All deleted resources, including those not supported by event-based deletion, are removed during the next scheduled scan
  • For immediate updates without waiting for events or scheduled scans, you can manually trigger a scan

Tagging Capabilities by Service

Services with Full Tagging Support

Most AWS services support standard tagging:

  • Up to 50 tags per resource
  • Tag keys: 1-128 characters
  • Tag values: 0-256 characters
  • Case-sensitive
  • UTF-8 character encoding

Services with Tagging Limitations

S3 Buckets:

  • 10 tags maximum (AWS limitation)
  • Tags apply to bucket, not objects
  • Object tagging separate from bucket tagging

IAM Resources:

  • 50 tags per user/role/policy
  • Tags don't affect permissions directly
  • Used for organization and billing

Services Without Native Tagging

Some AWS services don't support resource tagging:

  • These are not included in TagOps
  • Use alternative organization methods