Elliott Spira | Fri, 02 Aug 2019
In 2015, we open-sourced a project that allowed users to automatically tag resources with the ARN of the user responsible for its creation.
Since then, with the help of the growing community (189 stargazers, 79 forks at the time of writing), we have been able to deliver a few major updates that are worth highlighting.
Previously, the Auto Tag Lambda functions were triggered off the
S3 Put event emitted when CloudTrail wrote logs to storage. Because there was a 5-7 minute window between an event occurring and the event being written to S3, we had no way of sourcing this event more quickly.
We now consume CloudTrail events through the CloudWatch Event Bus. This allows us to source the event faster and complete tagging within 20 seconds. (Usually in a few seconds or less).
Now that we can filter down to the specific event types we're interested in consuming off the CloudWatch Event Bus, we have fewer Lambda executions. Fellow project maintainer Ray Janoka reported an 85% reduction in the number of Lambda executions for Auto Tag after this update.
Auto Tag has always been a great solution for automatically tagging resources across multiple accounts (using roles for cross account access). Since AWS announced CloudFormation Stack Sets, it has been easier to deploy a CloudFormation stack across multiple AWS Accounts and Regions.
We have simplified our Read Me and included information about deploying Auto Tag using StackSets, as well as using the AWS CLI, so it should be easier than ever to set up automatic tagging across a broad swathe of AWS Accounts and Regions.
Potentially the best thing to come out of community involvement in the Auto Tag project was the creation of the Retro Tag code base. Solving this problem with the same data source (CloudTrail), Retro Tag uses AWS Athena to retrospectively find out which user created an untagged AWS resource, and tags it with the ARN of that user,
Head to our Github repository and follow the instructions to get started with Auto Tag.
Let us know what you think of Auto Tag on our GorillaStack public slack channel