Skip to main content

AWS Organization Tags

DoiT Cloud Navigator: All tiers

Organization tags are custom attribute labels that you can assign to AWS resources, such as accounts, roots, or organizational units (OUs), within your AWS Organizations.

AWS recommends using AWS Organization Tags to track cost data, but they don't propagate organization, organizational unit, and account tags to billing data automatically. To correlate these tags with AWS billing data, you'd need to use Amazon Athena and Amazon Quicksight, which is a process both complex and costly. With DoiT Navigator, however, you get all these tags incorporated into your billing data seamlessly, without any extra configuration.

See also

Advantages of using AWS Organization Tags

By using AWS Organization Tags, you:

  • Follow the recommended best practices set by AWS for resource management, access management, and cost allocation.

  • Can better manage your AWS costs across all your AWS Organizations.

  • Track all the AWS resources within your AWS Organizations, regardless of the account they belong to.

  • Can use the tags your AWS Organizations get by default, across all your resources.

Example scenario

In our example, each DoiT Consulting team has a dedicated AWS Organization. Within this Organization, each team member has an Organizational Unit (OU) under their name, where they create short-lived AWS accounts for different consulting deliverables.

To track the costs per team member, they use AWS Organization Tags and use them in Cloud Analytics reports, which allows team managers to quickly review their team consumption, and ensures that all of their team members are within the budget. In addition, if they add AWS accounts to their OUs, these AWS Organization Tags get automatically propagated to all resources within them, without needing additional configuration.

Required permissions

AWS permissions

Ensure you have the following permissions in your doitintl_cmp IAM role:

  • organizations:ListTagsForResource

  • organizations:ListParents

DoiT Navigator permissions

In DoiT Navigator, you need the Cloud Analytics permission.

Use AWS Organization Tags in DoiT Navigator

Once you have the required permissions in your AWS account, AWS Organization Tags automatically propagate into DoiT's Cloud Analytics reports, attributions, and attribution groups.

To use AWS Organization Tags in your Cloud Analytics report:

  1. Log in to the DoiT console, select Analytics from the top navigation bar, and then select Reports.

  2. Select Create new report or open an existing one, and do one of the following:

    • To add AWS Organization Tags in your report, next to Dimensions, select

      .

    • To filter your metrics by AWS Organization Tags, next to Filter by, select

      .

    • To group your metrics by AWS Organization Tags, next to Group by, select

      .

  3. Select Organization Tags, and select all the AWS Organization Tags you need for your report.

    A screenshot showing AWS Organization Tags in a Cloud Analytics report

  4. Select Run report.

Info

In the screenshot below, we've added the playground-member AWS Organization Tag.

A screenshot showing AWS Organization Tags in a Cloud Analytics report