Posted On: Nov 18, 2022

AWS Organizations tag policies are now available in the AWS GovCloud (US) Regions. The tag policies feature is available to customers through the AWS Console, AWS Command Line Interface (CLI), or AWS SDKs.

Tag policies is a feature that allows you to define rules on how tags can be used on AWS resources in your accounts in AWS Organizations. You can use tag policies to standardize tags for your AWS resources.

Using tag policies, you can confirm your developers apply consistent tags, audit tagged resources, and maintain proper resource categorization. You can also define and enforce tag key capitalization requirements and their allowed tag values. For example, you can define the tags CostCenter and SecurityGroup where CostCenter must be ‘123’ and SecurityGroup can be ‘red-team’ or ‘blue-team’. Standardized tags enable you to confidently leverage tags for critical use cases such as cost allocation and attribute-based access control because you can ensure your resources are tagged with the right attributes.

Tag policies is integrated with AWS Organizations, a service for central governance and management across AWS accounts. You can apply a tag policy to your entire organization, specific organizational units, and to individual accounts. After applying a policy, you can export a cross-account, cross-region report that helps you identify tags that don’t align with your policy. You can then aggregate, view, and share this data with resource owners to correct such noncompliant tags. Also, you can optionally specify enforcement to prevent noncompliant tag changes such as updating a tag with a value not allowed by your policy.

To learn more, see the technical documentation.