Greetings,

Welcome to the first edition of the monthly Turbot newsletter!  We are excited to have a new avenue to connect with our customers and network that we hope will add value to your inbox. 

One of the things I love about my job is that it gives me the opportunity to meet with Governance professionals from a variety of industries on a day-to-day basis; because of this I am often asked to share trends regarding best practices in the cloud governance space.  With this monthly newsletter I will try to distill some of the most interesting and valuable case studies, as well as trends we see through data.  Please let me know what your open questions to the community are and we will do our best to address them.

A few weeks ago I was a guest on Cory Quinn’s podcast: “Screaming in the Cloud”, we discussed (among other topics) tagging controls as a gateway to more complex governance policies. In this week’s topic I will jump in and discuss pros and cons of common resource tagging governance strategies we see across our customers.

Control Objective: Ensure all resources have a minimal set of required tags.

Business Objective: Often tags are used to identify ownership and control of resources; not having specific tags (e.g. Cost Center) may lead to an inability to bill appropriately for consumed services. An effective tagging strategy can also speed troubleshooting in large environments and can be used by other governance controls as metadata for policy decisions.

Most Common Required Tags:

1. Cost Center: Typically, free form but sometimes from a list of approved values.

2. Environment: e.g. Development, Staging, Test, QA, Production…

3. Owner: Typically email or employee id, sometimes a DL or other Group Identifier.

4. Data Classification: e.g. PII, PCI, Highly Restricted, Restricted, Private, Public…

5. Business Unit: e.g. Sales, R&D, Operations…

Strict Approach: Delete any (taggable) resource that does not have required tags/values.
This approach ensures that you always have some tag value (if not always a correct tag value), but it is difficult to retrofit into existing environments if you have large numbers of resources that need to be remediated  …continue reading on the Turbot blog

Our tagging automation was initially released in 2017 and the current v5 tagging capabilities can be taken to new heights via calculated policies. Let us know what your biggest tagging challenge is, we will select one to feature as a case study (with solution) in our open source developer library: https://github.com/turbot/tdk and reward the submitter with a $100 Amazon gift card!  Send your tagging challenge to cto@turbot.com or post an issue on the TDK repo.

Release Digest

Current Recommended Versions

• Turbot Enterprise (TE) 5.28.4

• Turbot EnterpriseDatabase (TED) 1.11.0

• Turbot Enterprise Foundation (TEF) 1.23.0

• Turbot Terraform Provider 1.6.2

• Turbot CLI 1.20.1

Recent New Features and Highlights:

• Support for Terraform 0.13 Beta.

• Improved Performance

• New Performance Dashboards for Enterprise Customers.

• Support for AWS China Regions.

• Full text search on policy type names.

• Support for change windows (prevent Turbot from taking actions except when in a change window).

Thanks for subscribing, and if you enjoyed this feel free to share with the link below.

All the best,
David Boeke, CTO & VP Services
Turbot