Operating at Scale Using Resource Tags

Tonya Edmonds

We are excited to introduce MongoDB Atlas' new resource tagging functionality. You can now organize and manage Atlas resources with improved efficiency by applying tags to categorize database deployments based on your business needs. In turn, you are empowered to better work with various tools and integrations within your technology stack in order to analyze costs, monitor resource consumption, and automate workflows at scale.

What is a resource tag?

Tags are key-value pairs that associate with a resource to provide additional context. For example, tagging a cluster with the key environment and value production would help to identify this cluster as being deployed to production. A tag can only have one value for a given key, on a particular resource. Therefore, this cluster could not have another tag with the key environment and the value production.

Why use tags?

Adding metadata such as the environment, application, team, or cost center can help you visually or programmatically identify, filter, or group related resources. You can also perform automation tasks in bulk using the existence of tags on database deployments.

Some common use cases include:

  1. Cost management - use tags to create reports and view consumption by characteristics unique to your business.

  2. Resource management - use tags to easily identify or group related resources by team, service, application, or owner.

  3. Security risk management - use tags to identify which resources may contain sensitive information, or automate processes to detect security and compliance issues (e.g. Cluster A is a production deployment without backup enabled).

  4. Operations management - use tags to help teams audit and track whether resources meet certain business requirements.

  5. Automation - use tags on database deployments to automate workflows.

Let’s walk through a hypothetical scenario for my LeafyGreen Application, an online plant center: I manage several types of deployments with different purposes. My team primarily uses tags for resource management and our team’s tagging policy requires that every deployment has the application, environment, cost-center, type, and service tags. Let’s look at how this works in Atlas.

Managing Tags in the Atlas UI

We started off by adding tags in the Atlas UI. Tags can be added whenever you create a deployment, or to an existing deployment on the Database Deployments page.

Managing Tags in the Atlas CLI

Another team prefers to use the Atlas CLI to create and manage their deployments. In the example below, they are using the --tag flag on the atlas clusters create operation to add tags to a new cluster named “TagsUsingAtlasCLI.”

Next, they confirm the cluster details using the atlas clusters describe command. Notice that all five tags are included in the output.

You can also use any of the following Atlas CLI operations to create, update or modify tags on clusters or serverless instances.

  • atlas clusters create [--tag key=value]...

  • atlas clusters update [--tag key=value]...

  • atlas clusters upgrade [--tag key=value]...

  • atlas serverless create [--tag key=value]...

  • atlas serverless update [--tag key=value]...

Additionally, the commands atlas clusters describe, atlas clusters list, atlas serverless list, and atlas serverless describe will contain tags on the JSON output.

Managing Tags using the Atlas Admin API

Another team has scripts set up to manage deployments for their projects using the Atlas Admin API. This team manages serverless instances, so to create a new deployment with tags, they’d use the Create One Serverless Instance operation and include the tag keys and values in the request body. Here is an example of the body of that API call.

If they wanted to add tags to existing serverless instances, they can use the Update One Serverless Instance operation to accomplish this. At this point, we have all of our deployments tagged with our required tags. We can use this information to see which clusters are associated with which departments, the different services that are running, as well as which environment they are running in. As a next step, the security team can easily set up deployment tags to detect security and compliance issues.

Once resource tags have been added to your database deployments these tags will appear on the Database Deployments page, as well as other areas of Atlas. For this reason, be sure not to include any sensitive information in tag keys or values because these values are stored in plain text and can be exposed in billing invoices, audit logging, and other operations on different resources.

Resource tagging best practices

Tagging approaches can range from simple to complex, depending on the needs of the organization. To get started, here are a few best practices to help you operate at scale.

  • Do not include any sensitive information such as Personally Identifiable Information (PII) or Protected Health Information (PHI) in your resource tag keys or values.

  • Use a standard naming convention - including spelling, case, and punctuation for all tags.

  • Define and communicate a strategy that enforces mandatory tags on all database deployments. We recommend you start with identifying the environment and the application/service/workload.

  • Use namespaces or prefixes to easily identify tags owned by different business units.

  • Use automated tools such as Terraform or the Admin API to programmatically manage database deployments and tags.

Plus, you can now leverage resource tags within billing invoices, which empowers you to categorize spending based on custom dimensions (such as cost center) and streamline financial reporting. These tags are available in the Invoice CSV export and the Invoices Admin API operation. Additionally and as part of our future roadmap, you will be able to apply tags to other resources, such as Projects.

Do you have other ideas on how you’d like to use resource tagging in Atlas? Share your ideas on feedback.mongodb.com.

Conclusion

MongoDB’s Atlas resource tagging capability provides a simple and easy way to organize and manage database deployments at scale. Tags can be used to create cost allocation reports, support automation scripts, or detect security and compliance issues. Sign up for MongoDB Atlas, our cloud database service, to see tagging in action. Resource tagging is available in MongoDB Atlas, for clusters and serverless instances.

For more information, see Atlas Resource Tagging.