Tag policies are a type of policy that can help you standardize tags across resources. In a tag policy, you can specify tagging rules applicable to resources when they are tagged. Compliant tags can help you improve management efficiency in scenarios such as cost allocation by tag, tag authentication, and automated Ops.
The tag policies support two modes: single-account mode and multi-account mode. You can use tag policies to standardize tag usage based on your business needs at different stages. For multi-account management based on the corporate account system, see Tag Policy Overview. Note:
The tag policy is currently in public beta testing across the entire network. If you have any suggestions while using this service, we warmly welcome your feedback at any time. You may submit a ticket. Product Advantages
The application scenarios and value of tag policies are primarily manifested in the following aspects:
Organizing Resources: By assigning tags to sub-users within tag policies, they can manage and organize resources more effortlessly, enhancing the accuracy of tags. For instance, if a tag policy stipulates that sub-users must attach tags such as "Project: project1" and "Department: Technical Division 1", any incorrect tag assignments by sub-users can be rectified by the policy, thereby aligning more closely with the internal tagging standards of the organization.
Cost Allocation: Tag policies facilitate users in tracking and analyzing the cost of resource utilization more effectively. By assisting sub-users in attaching and correcting precise tags, and then by enabling cost allocation tags, you can view the expenses of each resource in the billing section of the cost center. This allows for a better understanding of resource consumption across various projects or departments.
Security and Compliance: Tag policies enhance access control and compliance management of resources. For example, you might use tag-based authorization to restrict user access only to resources with specific tags. However, if sub-users misassign tags, the scope of authorization changes. Tag policies assist in rectifying such issues, thereby ensuring the security of resources.
Automation: Tag policies offer the option of automatic correction, which can be used in conjunction with CAM - During tag-based authentication, only tag key matching is supported, to achieve automated resource management. For example, in access management policies, sub-users are required to attach certain types of tags when performing specific actions. Tag policies can then automatically correct any misassigned tags during modification by sub-users. An option for automatic assignment is available, for instance, if creating a resource requires attaching four tags, this can simplify the cumbersome process of entering tags for sub-users. Use Limits
|
Maximum number of tag policies you can create under a single Tencent Cloud account | 10 |
Maximum number of tag policies that can be bound to a single sub-user | 10 |
Maximum number of tag keys in one effective policy | 50 |
Supported Scenarios
The tag policy currently supports the following scenarios:
1. Flexible Scope of Effectiveness for Tag Policies: When linked to a root account, it can take effect on that account. When bound to a specific sub-user, it can exclusively affect that sub-user. It is also possible to bind it to a batch of sub-users.
2. Automatic Repair Scenarios: For existing resources that are not tagged, if a sub-user adds a tag that is inconsistent with the constraints within the tag policy, automatic correction is supported.
3. Automatic Assignment Scenarios: When creating or editing resource tags, it can automatically display tag keys or tag values for sub-users by default, thereby reducing the steps sub-users need to take or preventing omissions.
4. Mandatory Interception Scenarios: When editing tags for existing resources, if the key value does not comply with the constraints within the tag policy, the binding will be intercepted. For example, if a sub-user is required to bind Product: Product A
but instead edits it to Product: Product B
, the action will be intercepted.
Was this page helpful?