Cost Allocation Tags: The Discipline That Holds

Cost allocation tags only work if 95%+ of resources are tagged. Discipline below that and the data is misleading.

Why tags matter

Cost allocation only works when tagging coverage is near-perfect. Below 95%, the data misleads more than it informs.

• Untagged is invisible. Untagged spend cannot be assigned; nobody owns it; nobody optimises it.
• One missing tag breaks chargeback. A resource without all required tags lands in 'unallocated'; the bucket grows.
• Compounding effect. Untagged resources spawn more untagged resources; the team copies the example.
• Audit failure. SOC 2 and FinOps frameworks expect coverage; under 95% triggers findings.

Four-tag minimum

• 1. team (owning team name).
• 2. service (the application).
• 3. environment (prod/staging/dev).
• 4. cost-center (financial bucket).

Enforcement

Tagging coverage erodes without enforcement at creation. The policy belongs in the cloud control plane, not in a wiki.

• Block creation. SCPs (AWS), Organization Policies (GCP), Azure Policies reject untagged resources at creation.
• Existing resources. Monthly tagging report names teams with untagged resources; tag or lose the resource.
• CI gate. Terraform and Pulumi runs reject plans that create untagged resources; catches drift before deploy.
• Manual override. Break-glass for emergencies; logged; reviewed at quarterly retrospective.

Quarterly cleanup

Enforcement at creation is necessary; quarterly cleanup keeps the long tail honest. Discipline only sustains with periodic visibility.

• Quarterly report. Untagged resources by team; streak counter showing consecutive quarters with violations.
• Public dashboard. Shared at engineering all-hands; teams compete on coverage rather than apologise for gaps.
• Auto-quarantine. Untagged resources older than 90 days flagged for deletion; opt-out requires written justification.
• Tag taxonomy review. Annual review of the required tag set; retire unused tags, add new ones with explicit migration.

Antipatterns

• Tag enforcement only at creation. Existing resources never tagged.
• Tags optional. 30% untagged within a year.
• Tag taxonomy that changes. Historical data unusable.

What to do this week

Three moves. (1) Apply this lever to your highest-spend workload. (2) Measure the dollar impact for one month. (3) Roll the practice out to the next two services if the savings hold.