tencent cloud

Feedback

Creating Tag Policy

Last updated: 2025-01-02 14:54:13

    Overview

    After the tag policy feature is enabled, you can create tag policies and set compliant tag key value rules in them to implement standardized management.

    Directions

    1. Log in to the Tag console and click Tag Policy > Policy List on the left sidebar.
    2. Click Create tag policy.
    
    3. On the Create tag policy page, set the policy content as needed.
    3.1 Enter a policy name and a description. You can enter the primary purpose of the policy in the description field.
    
    3.2 Set the content of the tag policy.
    Visual editor
    JSON
    
    The fields are described as follows:
    Field
    Description
    Example
    Tag Key
    A policy key in a tag policy, which is the basis for subsequent configurations.
    Multiple tag keys can be set for each tag policy.
    -
    Specify valid values
    It enables specifying valid values for tag keys.
    -
    Original value: You can specify multiple fixed values. Wildcard writing (with only one * sign) is also supported.
    Original value: Technical Department and Finance Department
    Original value with wildcard: Technical Department, R&D Group
    Dynamic value: After it is checked, if the policy is bound to sub-user A, then Sub-user A needs to select the corresponding tag value when binding the tag key to a resource, provided that the sub-user needs to be bound to a tag key of the same name. For example: If Sub-user A has been bound to the tag FirstLevelDepartment: TechnicalDepartment in Cloud Access Management (CAM), checking Dynamic value means that when Sub-user A binds the tag to a resource, the tag value must be TechnicalDepartment whenever the tag key is FirstLevelDepartment. If auto correction is enabled and the sub-user makes a mistaken choice, the system will automatically correct it.
    -
    Product
    The resource type of the product specified for a tag key. You can choose all products or specific resource types.
    -
    Task
    It enables specifying features that need to be enabled for the current tag key of the policy. If checked, it will take effect when a sub-user creates resources and edits resource tags.
    -
    Detection: It is enabled by default.
    -
    Auto correction: After it is enabled, if a user binds the same tag key within a specified resource range but the value is incorrect, the system will automatically correct the tag value.
    The tag key is FirstLevelDepartment and the original value is TechnicalDepartment. After auto correction is enabled, the sub-user's binding the tag FirstLevelDepartment: A will trigger auto correction.
    Auto assignment: After it is enabled, the tag editor will assist users in completing tag assignment when they create resources or edit resource tags.
    Tag Key, which will be populated when resources are created or resource tags are edited.
    Tag Value, which will be populated only when a resource is created for a single or dynamic value and will not be populated if multiple values are specified. However, when resource tags are edited, it will not be populated and must be assigned by the sub-user.
    The above process is just a reminder and will not affect the creation of resources or the binding of other tags.
    1. Set FirstLevelDepartment, SecondaryDepartment, and Owner in the policy. The 3 keys will be automatically displayed when a user edits tags.
    2. Specify the value of the tag key FirstLevelDepartment as TechnicalDepartment, and check Auto assignment and Tag Value. FirstLevelDepartment: TechnicalDepartment will be automatically displayed when a user creates a resource, and the tag will be bound after resource creation.
    Forcible execution: After enabled, it will support intercepting tag binding during a user's editing of an existing resource's tag if the key value does not comply with the rule. However, it will not affect resources created without tags, nor will it affect other tag keys during the editing of resource tags.
    Specify the value of the tag key FirstLevelDepartment as TechnicalDepartment, and check Forcible execution. When a user edits a resource's tag, if FirstLevelDepartment (tag key) is selected but another value (tag value) is selected, the operation will fail with a reminder that the action does not comply with valid policy rules.
    Note:
    Once the forcible execution feature is enabled, it will intercept non-compliant tag binding for all resources. Use it with caution.
    Write a JSON policy directly according to the tag policy syntax.
    Before using this method, see Policy Syntax.

    Effect Display

    Auto Correction Feature Example

    Root Account Setting Example
    Sub-account Effect Example
    Visual editor
    
    JSON. For details, see Policy Syntax.
    {
    "tags": {
    "Department": {
    "tag_key": {
    "@@assign": "FirstLevelDepartment"
    },
    "tag_value": {
    "@@assign": [
    "TechnicalDepartment"
    ]
    },
    "resource_type_scope": {
    "@@assign": [
    "*"
    ]
    },
    "correction": {
    "@@assign": "on"
    }
    }
    }
    }
    Valid policy. For details, see Valid Policy.
    
    The root account is used to set the tag key **FirstLevelDepartment, with the specified tag value being TechnicalDepartment. When a user creates a tag, the system will automatically verify whether the tag value associated with the tag key is TechnicalDepartment**. If the user selects a wrong tag value, the system will automatically correct it.
    
    As the system detects that the value of the tag key FirstLevelDepartment is **MarketingDepartment, the system automatically performs the correction feature according to the policy and corrects the tag value to TechnicalDepartment**.
    
    For correction record details and operation details, see Correction Task.
    

    Auto Assignment Feature Example

    Root Account Setting Example
    Sub-account Effect Example
    Visual editor
    
    JSON. For details, see Policy Syntax.
    {
    "tags": {
    "FirstLevelDepartment": {
    "tag_key": {
    "@@assign": "FirstLevelDepartment"
    },
    "tag_value": {
    "@@assign": [
    "TechnicalDepartment"
    ]
    },
    "resource_type_scope": {
    "@@assign": [
    "*"
    ]
    },
    "correction": {
    "@@assign": "on"
    },
    "auto_assign": {
    "@@assign": "on"
    },
    "auto_assign_value": {
    "@@assign": "on"
    }
    },
    "SecondaryDepartment": {
    "tag_key": {
    "@@assign": "SecondaryDepartment"
    },
    "tag_value": {
    "@@assign": [
    "FrontEndTeam"
    ]
    },
    "resource_type_scope": {
    "@@assign": [
    "*"
    ]
    },
    "correction": {
    "@@assign": "on"
    },
    "auto_assign": {
    "@@assign": "on"
    },
    "auto_assign_value": {
    "@@assign": "on"
    }
    },
    "Owner": {
    "tag_key": {
    "@@assign": "Owner"
    },
    "resource_type_scope": {
    "@@assign": [
    "*"
    ]
    },
    "tag_value_dynamic": {
    "@@assign": "on"
    },
    "auto_assign": {
    "@@assign": "on"
    },
    "auto_assign_value": {
    "@@assign": "on"
    }
    }
    }
    }
    Valid policy. For details, see Valid Policy.
    
    The root account is used to set FirstLevelDepartment, SecondaryDepartment, and Owner in the policy. The 3 tag keys will be automatically displayed when a user creates services and binds tags.
    
    When tags are modified, if the current resource is not bound to the policy tag keys **FirstLevelDepartment, SecondaryDepartment, and Owner**, the system will automatically populate the tag keys, and the tag values need to be selected by the user.
    
    

    Forcible Execution Feature Example

    Root Account Setting Example
    Sub-account Effect Example
    Visual editor
    
    JSON. For details, see Policy Syntax.
    {
    "tags": {
    "FirstLevelDepartment": {
    "tag_key": {
    "@@assign": "FirstLevelDepartment"
    },
    "tag_value": {
    "@@assign": [
    "TechnicalDepartment"
    ]
    },
    "resource_type_scope": {
    "@@assign": [
    "*"
    ]
    },
    "correction": {
    "@@assign": "on"
    },
    "auto_assign": {
    "@@assign": "on"
    },
    "enforced_for": {
    "@@assign": [
    "*"
    ]
    },
    "auto_assign_value": {
    "@@assign": "on"
    }
    }
    }
    }
    Valid policy. For details, see Valid Policy.
    
    The root account is used to specify the value of the tag key FirstLevelDepartment to TechnicalDepartment and check Forcible execution. When a user edits a resource's tag, if FirstLevelDepartment (tag key) is selected but another value (tag value) is selected, the operation will fail with a reminder that the action does not comply with valid policy rules.
    
    

    Subsequent Steps

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support