- Lab
- A Cloud Guru
Using Tags and Resource Groups in AWS
To simplify the management of Amazon Web Services (AWS) Resources such as EC2 Instances, you can assign your metadata using tags. These tags can be used by resource groups to automate tasks on large numbers of resources at one time. They serve as a unique identifier for custom automation, to break out cost reporting by department and much more. In this hands-on lab, we will discuss tag restrictions and best practices for tagging strategies. We will also get experience with the Tag Editor, AWS Resource Group basics, and see how to leverage automation through the use of tags.
Path Info
Table of Contents
-
Challenge
Set Up AWS Config
- Click Services > Config > Get started.
- Ensure the checkbox for Record all resources supported in this region is selected.
- Ensure the radio button for Create a bucket is selected.
- Ensure the checkbox for Stream configuration changes and notifications to an Amazon SNS topic is NOT checked.
- If a radio button for Create AWS Config service-linked role is available, then select it, otherwise if a radio button for Use an existing AWS Config service-linked role is available, then select it.
- Click Next > Next on the AWS Config Rules page > Confirm.
Note: We will return to AWS Config later in this lab.
-
Challenge
Tag an AMI and EC2 instance
- Click Services > EC2.
- Click Instances on the left-hand menu.
- Select the instance named Mod. 1 Web Server A.
- Click Actions > Image > Create Image.
- Enter "Base AMI - {yyyy-mm-dd}" and replace "{yyyy-mm-dd}" with today’s date.
- Click Create Image > Close.
- Click AMIs on the left-hand menu.
- Select the AMI with the AMI name you just created.
- Select the Tags tab for the AMI.
- Click Add/Edit Tags > Create Tag.
- Enter "AMI Standard" as the key with "{yyyy-mm-dd}" as the value (replace "{yyyy-mm-dd}" with today’s date).
- Click Save.
- Once the AMI has a status of available, select the AMI and click Launch.
- Click Next: Configure Instance Details
- Leave the defaults, and then click Next: Add Storage > Next: Add Tags.
- Click Add Tag.
- Enter "Name" as the key > enter "Test Web Server" as the value.
- Click Next: Configure Security Group > Select an existing security group.
- Select the security group with the description Web.
- Click Review and Launch > Continue to confirm we do not allow port 22 open.
- In the Boot from General Purpose (SSD) dialog, select Make General Purpose (SSD) the boot volume for this instance.
- Click Next > Launch.
- Since we will not be logging into these servers, select "Proceed without a key pair".
- Select the checkbox to confirm and acknowledge the instance connection.
- Click Launch Instances > View Instances.
-
Challenge
Using the Tag Editor - Part 1: Application Tagging
Module 1 Tagging
- Click Resource Groups at the top of the EC2 Management Console > Tag Editor.
- Verify that us-east-1 is selected for the Regions section.
- Select AWS::EC2::Instance and AWS::S3::Bucket as the resource types.
- Click Search resources.
Note: All the EC2 instances and S3 buckets are shown for this region.
- Enter "Mod. 1" in the Filter resources search window, and then select the 2 instances.
- Enter "moduleone" in the Filter resources search window, and then select the S3 bucket.
- Select the X in the Filter resources search window.
- Click Manage tags of selected resources.
- Click Add tag.
- Enter "Module" as the Tag key > Enter "Starship Monitor" for the Tag value.
- Click Review and apply tag changes > Apply changes to all selected.
Module 2 Tagging
- Ensure that we are still on the Tag Editor page.
- Verify that us-east-1 is selected for the Regions section.
- Select AWS::EC2::Instance and AWS::S3::Bucket as the resource types.
- Click Search resources.
Note: All the EC2 instances and S3 buckets are shown for this region.
- Enter "Mod. 2" in the Filter resources search window and select the 2 instances.
- Enter
moduletwo
in the Filter resources search window and select the S3 bucket. - Select the X in the Filter resources search window.
- Click Manage tags of selected resources.
- Click Add tag.
- Enter "Module" as the Tag key > Enter "Hyper Drive Design and Analysis" for the Tag value.
- Click Review and apply tag changes > Apply changes to all selected.
-
Challenge
Using the Tag Editor - Part 2: Application Query
- Ensure that we are still on the Tag Editor page.
- Verify that us-east-1 is selected for the Regions section.
- Select AWS::EC2::Instance and AWS::S3::Bucket as the resource types.
- Enter "Module" for the Tag key section.
- Click on the Optional tag value search window > start typing "Hy", then select the Hyper Drive Design and Analysis text that shows up.
- Select Search resources.
- Select the link to the EC2 instance for the server with the Tag:Name of "Mod. 2 - Web Server B".
-
Challenge
Using Resource Groups
Create
Starship Monitor
Resource Group- Click Resource Groups > Create Resource Group
- Ensure that Tag base is selected in the Group type section.
- Enter "Module" within the Tags field and "Starship Monitor" for the Tag value field.
- Click Add
- Click View group resources to preview.
- Under the Group Details section, enter "Starship-Monitor" for the Group name field.
- Click Create group.
Create
Hyper Drive Design and Analysis
Resource Group- Click Create Resource Group.
- Ensure that Tag based is selected for the Group name field.
- Enter "Module" within the Tags field and "Hyper Drive Design and Analysis" for the Tag value field.
- Click Add.
- Click View group resources.
- Enter "Hyper-Drive-Design-and-Analysis" for the Group name field.
- Click Create group.
Viewing Saved Resource Groups
- Click Saved Resource Groups on the left-hand side.
- Click Starship-Monitor
- Navigate to the an EC2 Instance by clicking on the link in the Group resources section.
-
Challenge
Using AWS Config Rules for Compliance
- On the EC2 Management Console page, click Services > EC2.
- Click AMIs on the left-hand side menu.
- Select the radio button for the "Base AMI - {yyyy-mm-dd}" we created earlier in this lab.
- Copy the AMI ID to the clipboard.
- Navigate back to the AWS Config Console main page.
- Click Rules on the left-hand side menu.
- Click Add rule.
- Select the approved-amis-by-id rule.
- Select the Tags radio button for Scope of changes.
- Enter "Module" for the Tag key field.
- Enter "Starship Monitor" for the Tag value field.
- Paste the AMI ID that we copied to the clipboard earlier in to the Value field under the Rule parameters section.
- Click Save.
Note: Let the rule run for a few minutes.
- Click the approved-amis-by-id link.
- Click on the link for one of the noncompliant resources. Note: You may see more non-compliant EC2 instances than shown in the video.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.