Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated AWS tagging #836

Merged
merged 1 commit into from
Nov 6, 2023
Merged

Updated AWS tagging #836

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 8 additions & 10 deletions source/manuals/aws-tagging.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Tagging AWS resources
last_reviewed_on: 2022-09-16
review_in: 6 months
last_reviewed_on: 2023-10-30
review_in: 12 months
---

# <%= current_page.data.title %>
Expand Down Expand Up @@ -36,22 +36,20 @@ Currently, we do not enforce tags.

In future, we may wish to consider mechanisms such as alerting on untagged resources, or automatically deleting untagged resources.

## Tags used in GOV.UK Sign In

GOV.UK Sign In is using the following tags:

### Mandatory

- `Product`: should be `GOV.UK Sign In`
- `System`: the name of the software system, for example `Authentication` or `Identity proofing and verification core`. Avoid abbreviations.
- `Product`: for example `GOV.UK` or `DSP`
- `System`: the name of the software system (for example `Authentication` or `Identity proofing and verification core`. Avoid abbreviations)
- `Service`: used to describe the function of a particular resource (for example: `account management`, `session storage`, `front end`)
- `Environment`: should be one of `production`, `staging`, `integration`, or `development`.
- `Owner`: an email address for an owner for the resource. For dev environments, this will be an individual email address; elsewhere it will be a group address.

### Optional

- `Service`: used to describe the function of a particular resource (for example: account management, session storage, front end)
- `Name`: a name for this particular resource. This should be unique within a deployment (terraform deployment, cloudformation stack, etc)
- `Source`: the URL(s) for any source code repositories related to this resource, separated by spaces
- `Exposure` : should specify the level of exposure the resource has to determine its attack surface area. (for example `internal` or `external`)
- `Data Classification` : should specify the highest data classification level the resource handles. This will help internal security teams to know what level of controls to apply and help focus on the resources with greatest level of risk.
- `Cost Centre` : helps the organisation's accounting or financial management system to track and allocate expenses or costs to specific departments, teams, projects, or functions

## References

Expand Down