Retro Tag – Retroactively Tag AWS Resources
31 Jul 2019
Query your CloudTrail like a Pro with Athena
19 Aug 2019
3 awesome improvements from our recent Auto Tag updates
In 2015, we open-sourced a project that allowed users to automatically tag resources with the ARN of the user responsible for its creation.
Since then, with the help of the growing community (189 stargazers, 79 forks at the time of writing), we have been able to deliver a few major updates that are worth highlighting.
1. Much Faster (tags in < 20 seconds, not 7 minutes)
Previously, the Auto Tag Lambda functions were triggered off the S3 Put event emitted when CloudTrail wrote logs to storage. Because there was a 5-7 minute window between an event occurring and the event being written to S3, we had no way of sourcing this event more quickly.
We now consume CloudTrail events through the CloudWatch Event Bus. This allows us to source the event faster and complete tagging within 20 seconds. (Usually in a few seconds or less).
2. More efficient, therefore cheaper to run
Now that we can filter down to the specific event types we’re interested in consuming off the CloudWatch Event Bus, we have fewer Lambda executions. Fellow project maintainer Ray Janoka reported an 85% reduction in the number of Lambda executions for Auto Tag after this update.
3. Deploy broadly and easily, with Stack Sets
Auto Tag has always been a great solution for automatically tagging resources across multiple accounts (using roles for cross account access). Since AWS announced CloudFormation Stack Sets, it has been easier to deploy a CloudFormation stack across multiple AWS Accounts and Regions.
We have simplified our Read Me and included information about deploying Auto Tag using StackSets, as well as using the AWS CLI, so it should be easier than ever to set up automatic tagging across a broad swathe of AWS Accounts and Regions.
But what about resources that were untagged before I installed Auto Tag?
Potentially the best thing to come out of community involvement in the Auto Tag project was the creation of the Retro Tag code base. Solving this problem with the same data source (CloudTrail), Retro Tag uses AWS Athena to retrospectively find out which user created an untagged AWS resource, and tags it with the ARN of that user.
Now what?
Head to our GitHub repository and follow the instructions to get started with Auto Tag.
Let us know what you think of Auto Tag on our GorillaStack public slack channel
