Overview

What is TagOps?

TagOps is an enterprise-grade AWS resource tagging automation platform designed to help organizations maintain consistent, compliant, and well-organized AWS infrastructure through intelligent tagging strategies.

Why Tagging Matters

Proper resource tagging is essential for:

  • Cost Allocation: Track and allocate costs across departments, projects, and teams
  • Resource Organization: Quickly identify and group related resources
  • Compliance: Meet regulatory and organizational tagging requirements
  • Automation: Enable automated workflows based on tag values
  • Security: Implement tag-based access controls and policies
  • Operational Excellence: Improve resource management and operational visibility

How TagOps Works

1. Event-Based Tagging

TagOps monitors CloudTrail events to detect when new resources are created in your AWS accounts. When a qualifying event occurs:

  1. EventBridge captures the CloudTrail event
  2. TagOps analyzes the event against configured rules
  3. Matching rules are applied automatically
  4. Resources are tagged immediately upon creation

CloudTrail Requirements

Event-based tagging requires CloudTrail to be enabled in your AWS accounts. Without CloudTrail, TagOps can only tag resources through scheduled scanning.

TagOps will notify you during account setup if CloudTrail is not detected. You can still use TagOps with scheduled scanning if CloudTrail is not available.

2. Scheduled Scanning

TagOps can periodically scan your AWS accounts to discover and tag existing resources:

  • Flexible Scheduling: Configure scan frequency (daily, weekly, custom cron)
  • Multi-Region Support: Scan across multiple AWS regions
  • Service Selection: Choose which AWS services to scan
  • Resource Filtering: Define which resources to include or exclude

3. Rule-Based Engine

The TagOps rule engine provides flexible, powerful tagging logic:

  • Conditions: Define when rules should apply based on resource properties
  • Actions: Specify which tags to apply and their values
  • Templates: Use built-in or custom tag templates
  • Priority: Control rule execution order
  • Preview Mode: Test rules before applying to production

Key Concepts

AWS Accounts

TagOps supports multi-account architectures:

  • Cross-Account Access: Uses IAM roles for secure access
  • CloudFormation Templates: Automated IAM role provisioning
  • Account Verification: Pre-flight checks before adding accounts
  • Regional Configuration: Select which regions to monitor per account

Tagging Rules

Rules define the automated tagging logic:

  • Custom Rules: User-defined rules with conditions and actions
  • Enable/Disable: Turn rules on or off without deletion

Tag Templates

Pre-defined tag structures for common scenarios:

  • Built-in Templates: 22 templates for common use cases
  • Custom Templates: Create organization-specific templates
  • Template Variables: Dynamic tag values using placeholders
  • Template Library: Share templates across rules

Service Configuration

Control which AWS services TagOps monitors:

  • Per-Account Settings: Configure services independently for each account
  • Allowed Resources: Whitelist specific service:resource combinations
  • Denied Resources: Blacklist resources you don't want to tag
  • Default Behavior: Choose allow-all or deny-all approach

Getting Started

Ready to start using TagOps?

Quick Start Guide - Set up TagOps in minutes