Should I use tags in Oracle Cloud Infrastructure?

In Oracle Cloud Infrastructure you have two options to tag your resources, defined tags which are setup by your administrator or free form tags which can be applied by any user who has access to a resource.

So why should you tag resources?

In my opinion when you start your OCI project this is definitely a concept which you shouldn’t overlook! Even though you can separate your resources in different compartments everyone should setup set of pre-defined tags which are applied to resources.

With this you can list and organize resources lot easier and perhaps also later on do tag-based billing? It’s an easy step to overlook and definitely not the most attractive one so that’s why I wanted to highlight this in a post.

I’d even go as far as saying having a tag strategy is critical for your cloud operations in the long run.

Free form tagging

With free form tagging you just select your resource and enter a key value pair what you want to apply.

Adding a free form tag to a resource

Free form tags give a lot of freedom and you can just use them as you like but it’s better to start using defined tags as then you can standardize tagging used within the compartment.

Defined tags

As written earlier these are predefined tags what you can assign to specific compartment so users who have access resources under that compartment can tag them.

Defined tags you find under Menu => Governance => Tag Namespaces

First you need to select your compartment and then click the Create Namespace Definition. I will create namespace resource-tags under my OracleEBS compartment.

Don’t be fooled to add tags here unless you want to tag your tag namespace!

After creating the namespace definition you can add the actual tags into it. I’ve added two tags to my namespace. Tags for owner and environment.

Now the tags are ready to be used. If I create an instance in Oracle-EBS compartment I can choose the tag namespace I created and then define the tags for owner and environment.

The problem I see is that even though I have a tag namespace with multiple tags I can’t force that they are used. If we have defined five tags what should be used within a namespace, user can still choose only one tag and leave rest of them blank.

That’s why its good to use Terraform to create your instances. You can have module ready for instance creation and in the Terraform template you have tags defined in the variables file.

Terraform

I wrote a simple module which creates the namespace and also tags for the namespace from the list. That way you can create as many tags per namespace you want and the module will loop it through. The module looks like this:

variable "tenancy_ocid" {}
variable "compartment_ocid" {}
variable "tag_namespace_description" {}
variable "tag_namespace_name" {}
variable "is_retired" {}
variable "tag_names" {type = "list"}
variable "tag_description" {type = "list"}

resource "oci_identity_tag_namespace" "CreateTagNamespace" {

    compartment_id = "${var.compartment_ocid}"
    description = "${var.tag_namespace_description}"
    name = "${var.tag_namespace_name}"
    is_retired = "${var.is_retired}"

}

resource "oci_identity_tag" "CreateTag" {

    count = "${length(var.tag_names)}"
    description = "${var.tag_description[count.index]}"
    name = "${var.tag_names[count.index]}"
    tag_namespace_id = "${oci_identity_tag_namespace.CreateTagNamespace.id}"
    is_retired = false

}

Only thing to highlight are two variables coming in as a list and then using the count under resource to loop variables through. I had four tags in my variables.tf which then got created within this single module. Quite handy!

Next if I want to use tags in the instance creation I will just add variable as per documentation:

defined_tags = {"Operations.CostCenter"= "42"}

To pass this as a variable you should have it defined in your variables.tf as a map:

variable "project-tag" {
type="map"
default = {project-tags.costcenter = "42"}

And in the module which creates instance I take the variable as map also and then use the defined_tags to assign it:

...
variable "project_tag" {type = "map"}
resource "oci_core_instance" "CreateInstance" {
    count = "${var.server_count}"
    availability_domain = "${var.instance_availability_domain}"
    compartment_id = "${var.compartment_ocid}"
    image = "${var.image_id}"
    shape = "${var.instance_shape}"
    defined_tags = "${var.project_tag}"

When I now create instances through Terraform I can see the defined tag I assigned is applied.

And if there is need to apply more defined tags you can easily pass them in the map which you define in variables.tf.

Summary

Like I wrote earlier you can’t force tags. This would be good so there wouldn’t exist resources without tags you want to use. However using Terraform gives you a better control to manage what variables are requires when you create a resource.

Remember you can’t delete a namespace, you can only retire a namespace including tags so it’s not used anymore.

Also once you have created tags you can then filter resources based on the tag.

At the moment you can only add tags and filter your resources based on tag but hopefully in the long run you can also use them for cost distribution. Having compartments available gives you already flexibility on IAM so you can easily control access with them and don’t need tags for that.

I highly recommend that you take tags into use right from the start as you will need them to group your resources and perhaps you get some advantages in the future as well if you have proper tag setup!

 

Simo

Recent Posts

Connecting to Autonomous Database Running on Google Cloud

Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This…

1 month ago

Can you believe it? Provisioning Autonomous Database in GCP!

I bet few years back folks didn't expect that by 2024 we would be able…

1 month ago

IP Address Insights with CLI

My previous post on IP Address Insights I mentioned it wasn't yet available with CLI…

6 months ago

Thoughts on Oracle Database@Azure

This will NOT be a technical walkthrough on Oracle Database@Azure but rather my opinions and…

6 months ago

OCI Vulnerability Scanning Setup

Many times when you work for someone, they already have their own vulnerability scanning throughout…

6 months ago

OCI IP Address Insights

Recently OCI announced small but VERY useful service, IP Address Insights. Why this matters? I've…

6 months ago