If you’re like us you have at some point written up a nice Markdown document for your team or your customer capturing the standard values that are acceptable for the tags you’ve defined for your AWS infrastructure. It’s not that hard, but of course it could be error-prone, so AWS have just introduced “Tag Policies” - think of this as a rules language or schema for defining acceptable keys and values. Once you’ve defined your tag policy then you can check all your tags to find any that don’t conform.

We like this but hope to see it go a lot further in the future with alerts or automated actions triggered when tags are not in conformance. One of our use-cases for which we have custom scripting is to automatically kill resources in our dev/test environments that don’t have a “team” tag attached to them - we don’t want resources floating around without an owner. Right now violations are available through a report and an operator needs to check that and take action on it.

Check out Jeff’s blog post for a longer explanation with screenshots.