Synchronizing AWS Tags and Commander Metadata

Access through:

Views menu > Inventory > Infrastructure or Applications

Available to:

Commander Roles of Superuser and Enterprise Admin

You can synchronize AWS tags, such as Cost Center, Business Unit, Product, Tier or Version, with Commander custom attributes and other metadata. Like AWS, Commander uses key-value pairs to allow you to assign metadata to services and cloud infrastructure. Once assigned, this metadata persists throughout a service's lifecycle, enabling administrators to understand the purpose of each service. Tag synchronization provides:

  • better targeting of power schedule recommendations — automatically set one power schedule for VMs with the label "dev" and another for those labeled "prod"
  • advanced search and reporting — report on costs by label, such as application ID or environment, so you can get a handle on costs per application, or for production vs. development environments
  • workflow conditions based on label values — automatically select the right Chef recipe or Ansible playbook to run during post-provisioning, depending on compliance requirements

You can configure tag synchronization when you add an AWS managed system, or at a later time. You can:

  • import tags as custom attributes
  • export custom attributes as tags
  • export the following Commander metadata as tags:
    • primary owner name
    • primary owner login
    • primary owner email address
    • assigned organization
    • expiry date

Commander supports synchronization of tags for auto scaling groups, load balancers, stacks, RDS instances, VM instances and VM images.

If you don't want to sync all AWS tags, custom attributes and other Commander metadata, you can specify which to exclude. Tags prefixed with "aws:" and "vcmdr:" are automatically excluded from import. Form-type custom attributes are automatically excluded from export.

When Commander finds an AWS tag without an existing matching custom attribute, the tag is imported as a free-form text-type custom attribute that applies to services. By default, Service Portal users can't set values for these custom attributes. Here's an example of a custom attribute created from an imported AWS tag. Notice the description.

Configure Attribute dialog

Custom attribute, Commander metadata and tag values are updated as part of the automatic AWS synchronization task, as well as when you manually synchronize the inventory. To prevent timing issues, during synchronization, tag values are imported from AWS before custom attribute values are exported to AWS. When a custom attribute value is applied, the value is exported to AWS immediately. New tag values, however, are imported only during automatic or manual synchronization of the AWS managed system.

AWS limits the number of tags that can be assigned to various types of services. See the AWS documentation for more information.

How custom attributes and AWS tags are matched

When importing AWS tags, if Commander finds an existing custom attribute with the same name, it automatically populates the value for VMs with that tag assignment. Note that a match will only be made if the existing custom attribute is configured to apply to "All Types" or "Services". In the case of a matching list-type custom attribute, in order for a value to be updated, the value in AWS must match one of the preconfigured values for the custom attribute.

While AWS tag keys are case-sensitive, Commander custom attribute names aren't. When importing AWS tags, Commander matches AWS tag keys with custom attribute names, and tag values with configured list-type custom attribute values, regardless of case.

How ownership, organizational assignment and expiry information are exported

When you configure Commander to export custom attributes as AWS tags, information about the service's primary owner, assigned organization and expiry is also exported as AWS tags with a "vcmdr:" prefix. This is a one-way synchronization; AWS tags with the "vcmdr:" prefix are automatically excluded from import.

This is what the exported Commander metadata looks like in the AWS console:

aws-tag-console

If you don't want to export some or all of this metadata, you can exclude it from import, as explained below. The following table provides details on what information is exported.

Export of Commander metadata to AWS tags

Metadata

Possible values

AWS tag

Details

Expiry Date

Date, of the form yyyy/MM/dd

Never Expires

No Expiry Date Set

vcmdr:ExpiryDate

If no expiry information is assigned, the value is No Expiry Date Set.

Organization

Organization name

vcmdr:Organization

If no organization is assigned, the value is an empty string.

Primary Owner Email

Email address

vcmdr:PrimaryOwnerEmail

If no email address is assigned, the value is an empty string.

Primary Owner Login

Login ID

vcmdr:PrimaryOwnerLogin

If no email address is assigned, the value is an empty string.

Primary Owner Name

FirstName LastName

vcmdr:PrimaryOwnerName

If no email address is assigned, the value is an empty string.

Best practices

  • If you use labels to store expiry and ownership information, exclude them from import. Commander has distinct properties to store this information. If you import a label used for expiry or ownership, Commander will create a custom attribute to store this information, and users may be confused by the duplication.
  • If Commander is configured to import tags as custom attributes, but isn't configured to export Commander custom attributes as tags, keep the Edit in Service Portal option disabled for all custom attributes created from tags. Otherwise, if a user sets an attribute value, the value will be removed during the next synchronization with AWS. By default, this option is disabled for all custom attributes created from imported tags.
  • If you have an AWS tag that serves the same purpose as an existing Commander custom attribute, make sure that the tag key and the custom attribute key are identical and that tag values match the preconfigured custom attribute values.

Synchronizing AWS tags and Commander metadata

This procedure assumes you're configuring synchronization for an existing AWS managed system. The steps are similar when you add an AWS account to Commander.

  1. In the Infrastructure or Applications view, select an AWS managed system in the tree.
  2. In the Commands pane, click Sync Tags and Custom Attributes.
  3. In the Synchronize AWS Tags and Commander Custom Attributes dialog, enable the options Import AWS Tags as Commander Custom Attributes and/or Export Commander Custom Attributes as AWS Tags as required.
  4. To exclude certain AWS tags and custom attributes from synchronization, enter them as a comma-separated list in the Excluded Tags/Custom Attributes field.

    You can enter up to 5000 characters in this field.

    Tags prefixed with "aws:" and "vcmdr:" are automatically excluded from import. Form-type custom attributes are automatically excluded from export.

    AWS tags are case-sensitive, so be sure to enter tags with the correct case.

  5. Click OK.

    Commander imports tag values from AWS and then exports custom attribute and metadata values to AWS.

    Once you've configured synchronization, when a custom attribute value is applied, the value is exported to AWS immediately. New tag values, however, are imported only during automatic or manual synchronization of the AWS managed system.

Excluding specific tags and metadata from synchronization

If you've configured synchronization and you decide you don't want to import particular AWS tags or export particular custom attributes, you can exclude them.

Tags prefixed with "aws:" and "vcmdr:" are automatically excluded from import. Form-type custom attributes are automatically excluded from export.

  1. In the Infrastructure or Applications view, select an AWS managed system in the tree.
  2. In the Commands pane, click Sync Tags and Custom Attributes.
  3. In the Synchronize AWS Tags and Commander Custom Attributes dialog, enter tags, custom attributes and metadata labels as a comma-separated list in the Excluded Tags/Custom Attributes field.

    Commander metadata labels have the following format: vcmdr:<metadata>. For example: vcmdr:ExpiryDate

    See How ownership, organizational assignment and expiry information are exported above for the complete list of metadata labels. Also, AWS tags are case-sensitive, so be sure to enter tags with the correct case. You can enter up to 5000 characters in this field.

  4. Click OK.

    Commander will now no longer import this tag during synchronization with AWS.

    If an AWS tag was previously imported, excluding it doesn't automatically delete the custom attribute. You may want to delete the custom attribute manually. Likewise, if a custom attribute was previously exported, excluding it doesn't automatically delete the AWS tag. You may want to delete the tag manually; consult the AWS documentation to learn how.

Synchronizing custom attributes or tags that had been excluded

If you had previously excluded a custom attribute or tag that you now want to synchronize, follow this procedure.

  1. In the Infrastructure or Applications view, select the AWS managed system in the tree.
  2. In the Commands pane, click Sync Tags and Custom Attributes.
  3. In the Synchronize AWS Tags and Commander Custom Attributes dialog, remove the custom attribute or tag from the list and click OK.

    Commander will now include this label or custom attribute in future synchronizations.

Troubleshooting case issues

AWS tags are case-sensitive, and Commander custom attributes are case insensitive. Lower-case tags are imported from AWS before upper-case tags. If you have tags and custom attributes with the same name, but different cases, you may notice unintended behavior when synchronization occurs.

For example, let's say you have two AWS tags, "name" and "NAME", and a Commander custom attribute "Name". The last tag value to be imported from AWS, which in this case is "NAME", will be applied to the Commander "Name" custom attribute. You can exclude the "NAME" tag from import to ensure that the "Name" custom attribute is populated with the value from the AWS "name" tag instead. When exporting custom attributes to AWS, a new tag with the key "Name" will be created (if it doesn't already exist).