Using AWS Tags and Resource Groups

1.25 hours
  • 4 Learning Objectives

About this Hands-on Lab

To simplify the management of AWS resources such as EC2 instances, you can assign metadata using tags. Resource groups can then use these tags to automate tasks on large numbers of resources at one time. They serve as a unique identifier for custom automation, to break out cost reporting by department, and much more. In this hands-on lab, you will explore tag restrictions and best practices for tagging strategies. You will also get experience with the Tag Editor, AWS resource group basics, and leveraging automation through the use of tags.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Set Up AWS Config
  • Navigate to AWS Config, and use 1-click setup to set it up.
Tag an AMI and EC2 Instance
  • Navigate to EC2.
  • Select any of the instances and create an AMI image from the instance.
  • For the Image name, enter Base, and create the image.
  • Once the image status is Available, launch a new instance of type t3.micro, and name it My Test Server.
  • Assign the existing SecurityGroupWeb security group to the instance, and launch the instance.
Tag Applications with the Tag Editor
  • Navigate to Resource Groups & Tag Editor > Tag Editor.
  • Filter by EC2 and S3.
  • Locate all resources related to Mod. 1 and moduleone. Add a new tag to the resources with a Tag Key called Module and a Tag Value called Starship Monitor.
  • Repeat the process for Mod. 2 and moduletwo resources. Create a new tag with a Tag Key called Module and a Tag Value called Warp Drive.
Create Resource Groups and Use AWS Config Rules for Compliance
  • Create two resource groups.
  • For Module: Starship Monitor use the group name Starship-Monitor.
  • For Module: Warp Drive use the group name Warp-Drive.
  • Use AWS Config to set up a rule named approved-amis-by-id to check if instances are using an approved AMI. The AMI to check against is the AMI of the My Test Server instance.
  • Reboot all instances, and observe the results in AWS Config.

Additional Resources

Your company runs many applications in a shared AWS account with hundreds of instances. The application and security teams want an easy way to find resources associated with a particular application. AWS tags and resource groups demonstrated in this lab make it easy to identify application components.

Log in to the live AWS environment using the credentials provided. Make sure you're in the N. Virginia (us-east-1) Region throughout the lab.

Lab Prerequisites

  • Understand how to log in to and use the AWS Management Console.
  • Understand EC2 basics, including how to launch an instance.
  • Understand AWS Identity and Access Management (IAM) basics, including users, policies, and roles.
  • Understand how to use the AWS Command Line Interface (CLI).

Helpful Documentation

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?