This topic describes the best practice for using a tag policy in single-account mode to standardize tag-related operations that are performed by using an Alibaba Cloud account.
Background information
As business in the cloud evolves, the requirements of enterprises for resource management may increase. If the resources of an enterprise are shared by multiple subsidiaries or departments, resource management operations may be more complex. In the initial development stage of an enterprise, the enterprise needs to produce resources for internal use to meet the requirement of rapid development. As the business of the enterprise develops, the resources of the enterprise may be shared by multiple subsidiaries or departments to achieve fine-grained development. In the further development stage of the enterprise, the enterprise may need to perform resource management, implement unified resource production and planning, and achieve resource reuse based on specific business scenarios. Tag-based resource management lays a foundation for unified resource production and sharing and allows you to classify resources by purpose, use scenario, and attribution. The prerequisite for resource classification is to add tags to resources in a standard manner. An enterprise can use a tag policy to define the tags that must be added to resources.
When you use a tag policy, we recommend that you attach the tag policy to an account that has a small number of resources to perform a test. If the test is successful, you can attach the tag policy to a production account.
Use the advanced features of a tag policy
In addition to automatic detection of non-compliant tags, you can also use a tag policy to implement automatic remediation and pre-event interception of non-compliant tags, and enable automatic tag inheritance from a resource group. For information about the Alibaba Cloud services and resource types that support the advanced features, see Services that work with tag policies.
You can use the advanced features described in the following table based on your business requirements.
Advanced feature | Operation | Result | References |
Automatic tag remediation | When you create or modify a tag policy, select Automatic Remediation. | The system remediates non-compliant tags. | |
Pre-event interception | When you create or modify a tag policy, select Pre-event Interception. Pre-event interception is a pre-event method that is used to ensure tag compliance. You can use this feature in one of the following scenarios:
| When you create a resource or add tags to an existing resource, the system performs a check. If the tags defined in the tag policy are not added to the resource, the resource creation or tag addition operation fails. | |
Automatic tag inheritance from a resource group | When you create or modify a tag policy, select Automatically Inherit Tags for Resources from Resource Groups. | After you create a resource in the specified resource group or add a resource to the resource group, the resource inherits the tags that are added to the resource group. |