Skip to content
leancosts docs

Set up tag governance

Define the tag taxonomy that drives allocation, coverage, and most cost insights, then drive your estate to compliant.

The Tagging hub (sidebar group Govern) holds everything below as tabs: Dictionary, Coverage, Proposal, Requirements, and System tags.

1. Declare the taxonomy (Dictionary)

Section titled “1. Declare the taxonomy (Dictionary)”

Go to Tagging → Dictionary. This is the cockpit for the tag dictionary:

  • Recommended catalog — nine seeded templates (application, project, environment, squad, cost_center, criticality, lifecycle, repository, revision). Click Add tag / Add N value(s) to adopt one.
  • Dictionary — the authoritative list. For each tag key set:
    • value mode: free_text or allowed_values,
    • enforcement level: informauditappenddeny,
    • required or optional.
  • Tags & values in use — the live observed inventory. Values that don’t match an allowed_values definition are flagged unrecognized in red; filter to just those to plan a normalisation campaign.

Tag matching is case- and separator-insensitivecost-center, cost_center, and Cost Center collapse to one key; prod, PRD, and Production collapse to one canonical value via aliases.

2. (Optional) Bootstrap from the real estate

Section titled “2. (Optional) Bootstrap from the real estate”

Don’t want to hand-build the dictionary? Tagging → Proposal runs an AI-driven one-screen review-and-approve flow that proposes a taxonomy from your actual resources. Approve what fits; it writes straight into the dictionary.

System-derived _system.* tags (Azure RG/subscription, AWS account, GCP project) are emitted automatically at ingest — useful for MSP per-tenant pivots even before you author anything. You can promote a system key into the formal taxonomy.

3. Measure and fix coverage

Section titled “3. Measure and fix coverage”

Go to Tagging → Coverage. Per required tag it shows what share of inventory is compliant / missing / invalid / normalizable:

  1. Drill the subscription → resource group → resource tree, or filter the non-compliant list by issue type.
  2. Click an exception to load the fix builder: pick a replacement value (pre-filled with the canonical suggestion), Preview the plan, then Apply.
  3. Applying produces a guided az tag change kit — leancosts does not write tags itself. Run it, and the resource flips to compliant on the next sync.

normalizable (right value, wrong spelling) counts toward coverage as auto-fixable, so the headline percent is “compliant or one alias away”.

Why it matters downstream

Section titled “Why it matters downstream”

Coverage and the canonical tag map feed allocation rules, cost-by-tag pivots, and hunter scoping. Good tags upstream make every other surface trustworthy.