Synchronize AWS Tags and Commander Metadata

You can synchronize AWS tags, such as Cost Center, Business Unit, Product, Tier, or Version, with Commander custom attributes and other metadata. Like AWS, Commander uses key-value pairs to allow you to assign metadata to services and cloud infrastructure. Metadata persists throughout a service's lifecycle, which enables administrators to understand the purpose of each service.

Tag synchronizing overview

You can configure tag synchronization when you add an AWS cloud account, or at a later time. You can:

  • Import AWS tags as Commander custom attributes
  • Export Commander custom attributes and metadata to AWS as tags. The metadata includes:
    • Primary owner name
    • Primary owner login
    • Primary owner email address
    • Assigned organization
    • Expiry date

Also, if you don't want to sync all AWS tags, custom attributes, or Commander metadata, you can specify which to exclude.

Commander supports synchronization of tags for auto scaling groups, load balancers, stacks, RDS instances, VM instances, and VM images.

Tag synchronization provides:

  • Better targeting of power schedule recommendations — Automatically set one power schedule for VMs with the label "dev" and another for those labeled "prod". For more information, see Configure VM Power Schedules.
  • Advanced search and reporting — Report on costs by label, such as application ID or environment, so you can get a handle on costs per application, or for production vs. development environments. For more information, see Searching and Reporting.
  • Workflow conditions based on label values — Automatically select the right Chef recipe or Ansible playbook to run during post-provisioning, depending on tag compliance requirements. For more information, see Make Workflow Steps Conditional.

How imported tags and custom attributes are matched

When importing AWS tags, if Commander finds an existing custom attribute with the same name, it automatically populates the value for VMs with that tag assignment. Note that a match will only be made if the existing custom attribute is configured to apply to "All Types" or "Services". In the case of a matching list-type custom attribute, for a value to be updated, the value in AWS must match one of the preconfigured values for the custom attribute.

While AWS tag keys are case-sensitive, Commander custom attribute names aren't. When importing AWS tags, Commander matches AWS tag keys with custom attribute names, and tag values with configured list-type custom attribute values, regardless of case.

If an AWS tag doesn't match an existing custom attribute, the tag is imported as a free-form text-type custom attribute that applies to services. By default, Service Portal users can't set values for these custom attributes.

Tags prefixed with "aws:" and "vcmdr:" are automatically excluded from import excluded from import.

Commander metadata export

When you configure Commander to export custom attributes as AWS tags, information about the service's primary owner, assigned organization, and expiry is also exported as AWS tags with a "vcmdr:" prefix.

If you don't want to export some or all of this metadata, you can exclude it. See Exclude specific tags and metadata from synchronization.

Commander metadata exported to AWS tags

Metadata

Possible values

AWS tag

Expiry Date

  • Date, of the form yyyy/MM/dd
  • Never Expires
  • No Expiry Date Set

If no expiry information is assigned, the value is No Expiry Date Set.

vcmdr:ExpiryDate

Organization

Organization name

If no organization is assigned, the value is an empty string.

vcmdr:Organization

Primary Owner Email

Email address

If no email address is assigned, the value is an empty string.

vcmdr:PrimaryOwnerEmail

Primary Owner Login

Login ID

If no email address is assigned, the value is an empty string.

vcmdr:PrimaryOwnerLogin

Primary Owner Name

FirstName LastName

If no email address is assigned, the value is an empty string.

vcmdr:PrimaryOwnerName

Synchronization timing

Tag, custom attribute, and metadata values are updated as part of the automatic AWS synchronization task, as well as when you manually synchronize the inventory. To prevent timing issues during synchronization, tag values are imported from AWS before custom attribute values are exported to AWS. When a custom attribute value is applied, the value is exported to AWS immediately. However, new tag values are only imported during automatic or manual synchronization of the AWS cloud account.

AWS limits the number of tags that can be assigned to various types of services. See the AWS documentation for more information.

Best practices for tag and Commander metadata synchronization

  • If you use labels to store expiry and ownership information, exclude them from import. Commander has distinct properties to store this information. If you import a label used for expiry or ownership, Commander will create a custom attribute to store this information, and users may be confused by the duplication.
  • If Commander is configured to import tags as custom attributes, but isn't configured to export Commander custom attributes as tags, clear the Edit in Service Portal option for all custom attributes created from tags. Otherwise, if a user sets an attribute value, the value will be removed during the next synchronization with AWS. By default, this option is disabled for all custom attributes created from imported tags.
  • If you have an AWS tag that serves the same purpose as an existing Commander custom attribute, make sure that the tag key and the custom attribute key are identical and that tag values match the preconfigured custom attribute values.
  • AWS tags are and Commander custom attributes are case-insensitive. Lower-case tags from AWS are imported before upper-case tags. So if you have tags and custom attributes with the same name, but different cases, you may notice unintended behavior when synchronization occurs.
    For example, if you have two AWS tags, "name" and "NAME", and a Commander custom attribute "Name", the last tag value to be imported from AWS, "NAME", will be applied to the Commander "Name" custom attribute. You can exclude the "NAME" tag from import to ensure that the Commander "Name" custom attribute is populated with the value from the AWS "name" tag instead. When exporting custom attributes to AWS, a new tag with the key "Name" will be created (if it doesn't already exist).

Synchronize AWS tags and Commander metadata

This procedure assumes you're configuring synchronization for an existing AWS cloud account. The steps are similar when you add an AWS account to Commander.

Access:

Views > Inventory

Available to:

Commander Roles of Superuser and Enterprise Admin

  1. Click the Infrastructure or Applications tab.
  2. In the Infrastructure or Applications view, select an AWS cloud account in the tree.
  3. Select Actions > Sync Tags and Custom Attributes.
  4. In the Synchronize AWS Tags and Commander Custom Attributes dialog, select any of the following:
    • Import AWS Tags as Commander Custom Attributes
    • Export Commander Custom Attributes as AWS Tags
  5. If you want to exclude specific AWS tags and custom attributes from synchronization, in the Excluded Tags/Custom Attributes field enter each tag or custom attribute in a comma-separated list.

    You can enter up to 5000 characters in this field. Also note that AWS tags are case-sensitive but custom attributes aren't.

  6. Click OK.

    Commander imports tag values from AWS and then exports custom attribute and metadata values to AWS.

    Once you've configured synchronization, when a custom attribute value is applied, the value is exported to AWS immediately. However, new tag values are only imported during automatic or manual synchronization of the AWS cloud account.

Exclude specific tags and metadata from synchronization

If you've configured synchronization and you decide you don't want to import particular AWS tags or export particular custom attributes, you can exclude them.

Tags prefixed with "aws:" and "vcmdr:" are automatically excluded from import. Form-type custom attributes are automatically excluded from export.

Access:

Views > Inventory

Available to:

Commander Roles of Superuser and Enterprise Admin

  1. Click the Infrastructure or Applications tab.
  2. In the Infrastructure or Applications view, select an AWS cloud account in the tree.
  3. Select Actions > Sync Tags and Custom Attributes.
  4. In the Synchronize AWS Tags and Commander Custom Attributes dialog, enter tags, custom attributes and metadata labels as a comma-separated list in the Excluded Tags/Custom Attributes field.

    Commander metadata labels have the following format: vcmdr:<metadata>. For example: vcmdr:ExpiryDate

    For the complete list of metadata labels, see Commander metadata export. Also, AWS tags are case-sensitive; enter tags with the correct case. You can enter up to 5000 characters in this field.

  5. Click OK.

    Commander will now no longer import this tag during synchronization with AWS.

    If an AWS tag was previously imported, excluding it doesn't automatically delete the custom attribute. You may want to delete the custom attribute manually. (See Delete custom attributes). Likewise, if a custom attribute was previously exported, excluding it doesn't automatically delete the AWS tag. You may want to delete the tag manually; consult the AWS documentation to learn how.

Synchronize custom attributes or tags that were excluded

You can synchronize a custom attribute or tag that you had previously excluded but now want to synchronize.

Access:

Views > Inventory

Available to:

Commander Roles of Superuser and Enterprise Admin

  1. In the Infrastructure or Applications view, select the AWS cloud account in the tree.
  2. Select Actions > Sync Tags and Custom Attributes.
  3. In the Synchronize AWS Tags and Commander Custom Attributes dialog, remove the custom attribute or tag from the list and click OK.

    Commander will now include this label or custom attribute in future synchronizations.