Tag Remediation and Persistence

TagOps ensures that your tagging strategy is not only applied but maintained over time. One of the critical features of TagOps is Tag Remediation, which protects your tags from accidental deletion or unauthorized modification.

How It Works

TagOps maintains an inventory of the tags it has applied to your resources based on your configured rules. It continuously monitors the state of your resources to ensure compliance.

Automatic Reversion of Deleted Tags

If a tag that was applied by TagOps is manually deleted from a resource in the AWS Console, CLI, or via another tool:

  1. Detection: TagOps identifies the discrepancy between the desired state (defined by your rules) and the actual state of the resource during the next scheduled scan.
  2. Remediation: TagOps automatically re-applies the missing tag to the resource.
  3. Consistency: This ensures that critical tags used for cost allocation, security, or operations (like CostCenter or Owner) remain persistent.

Correction of Modified Values

Similarly, if a tag's value is changed to something that violates your rules (and the rule specifies a specific value):

  1. TagOps detects that the tag value on the resource matches the key but not the configured value.
  2. TagOps updates the tag with the correct value defined in your rule/template.

Benefits

  • Reliability: Trust that your tags are always present and correct.
  • Compliance: Prevents "tag drift" where resources slowly lose their metadata over time.
  • Security: Ensures security-critical tags (e.g., for ABAC) cannot be permanently removed by users with standard permissions (assuming TagOps has the authority to re-apply them).