Welcome to Week 7 of our push into FinOps Best Practices! This week during the member call, we heard from Darek Gajewski at Ancestry about tagging and automation.
(A full video of the presentation is available for FinOps Foundation Members)
Darek Gajewski is the Principal Infrastructure Analyst at Ancestry, but before helping Ancestry master the cloud he spent years in the data center trenches as a global capacity planner. His career has encompassed the transition from data center to cloud to FinOps, the same path so many companies are following now.
During the member call this week, he shared some tagging strategies and lessons he’s learned on his journey to the cloud with Ancestry, where they’ve achieved 95% allocation of cloud costs.
Start By Bringing the Right Teams Together
The first step in tagging success is building a FinOps team that pulls people from the right departments. “Always make sure that you’re bringing the right teams to the table when discussing these policies and procedures,” said Darek, “because they have long-term ramifications.”
The whole point of FinOps is to bring together Tech, Finance and Business Leadership teams, and any FinOps team needs to represent this mix. Including a mix of developers and an experienced leader from the CIO side of the pool with people from the CFO side, the Ancestry FinOps team embodies this goal.
As an interesting side note, those three teams weren’t the only ones to benefit from a comprehensive tagging system. Security and compliance teams also benefit from a comprehensive tagging system, since they’re able to track at risk or non-compliant resources back to the right team for correction.
The key takeaway is that it’s vital to bring representatives from a variety of teams together early in the process to make your tagging efforts benefit as much of your organization as possible.
Build your strategy from the common denominator
Darek’s advice is to drill down to the common denominator of your resources, such as a stack ID. To help with that, you should answer three questions to build your strategy:
- What does your organization look like?
- What does your account infrastructure look like?
- What does your product look like?
Use the answers to those questions as a model to build out your tag keys and values in a database that can function as a single source of truth for all of the tags — and how they should be applied to resources.
As you do, it’s also a good idea to build an intake process. After all, there’s really no such thing as a static organization, and an intake process gives you a methodology to change your tagging system quickly during reorgs. By keeping a flexible method for new tags, accounts and stacks to be created as changes happen, you can absorb the changes without burning out developers.
This is also a good time to come up with rules for untaggable AWS services. For example, FarGate doesn’t allow tags for tasks. But if you only have one team on an account using FarGate, then you can build out a rule that any FarGate task within that account is assigned to that team.
Figure out tagging enforcement policies
Ideally, tags can be applied programmatically whenever a resource is stood up, which helps to minimize untagged resources, but that’s not always the case, especially if you have resources being created via multiple channels.
That’s where tagging enforcement comes in. Darek recommended looking into an app to shut down resources without key ID tags, but also warned that this approach isn’t something to take lightly. It’s a good idea to first prove the worth of tags to finance, security and management teams. Then if enforcement has negative results on operations, there’s enough of a push behind tags to make the enforcement effective. After all, if the value has been proven, accepted and everyone’s bought into them, then any problems resulting from shutting down any untagged resources aren’t enforcement’s fault — they’re on the team who stood up the resource without tags.
All that being said, the post presentation discussion came back to the enforcement point with a variety of different effective approaches. Overall, it seems that some back and forth between tagging enforcement is to be expected, but the goal is to bring everyone together to agree on the importance of tags so the focus is on increasing the tag rate rather than spreading blame.
And isn’t bringing people together what FinOps is all about?
Some of the key takeaways from Ancestry’s Tagging Journey
Creating Goodwill and Auditability with Accounting
Speaking of bringing teams together, Darek brought up an additional benefit to tags beyond full allocation and accountability — auditability. A big part of accounting’s job is making sure that all of the money spent can be audited and tracked. The higher your tag coverage, the more auditable your cloud spend.
If that weren’t enough, solid tagging also allows you to build more accurate forecasting models because you’re using data that’s richer, more accurate and more granular. Since another key role of accounting is to forecast future expenses, tagging goes a long way towards building trust and goodwill between Operations and Finance.
All that translates into less pushback, more willingness to move costs around and, in general, a team that’s better equipped to achieve your company’s goals.
These lessons were only part of the whole story presented by Darek, and there were plenty of other great insights in the Q&A at the end of the call. Want to join the conversation? Apply to be a member of the FinOps Foundation today.
Until next time, keep breaking down the silos…