Back to Blog

Why Your AWS Cost Allocation Tags Are Costing You Money

34 min read

Poor tagging means poor visibility which means overspending. Learn tagging strategies, how missing tags hide waste, and how to retroactively tag resources.

AWS cost-allocation tagging FinOps

Your AWS Tags Are Costing You Money

Poor tagging = poor visibility = overspending

35%
Of Resources Untagged
20%+
Hidden Waste
Zero
Accountability

You can't optimize what you can't see. And in AWS, if your resources aren't tagged properly, you can't see who owns them, what they're for, or whether they're still needed.

Studies show that 35% of cloud resources are untagged or poorly tagged. That's 35% of your infrastructure operating without accountability—and where there's no accountability, there's waste.

The Hidden Cost of Missing Tags

Without Tags, You Can't Answer:

  • ? "Which team is responsible for this $5,000/month instance?"
  • ? "Is this dev environment still being used?"
  • ? "How much are we spending on Project Phoenix?"
  • ? "Can we delete this resource safely?"
  • ? "Why did our bill spike last month?"

This Leads To:

  • ! Orphaned resources: Nobody deletes what nobody owns
  • ! Budget overruns: Costs can't be attributed to departments
  • ! Audit failures: Can't prove compliance without documentation
  • ! Slow incident response: Don't know who to call
  • ! No optimization: Can't prioritize what you can't measure
The Real Cost: Organizations with poor tagging waste 20-30% more than those with good tagging governance.

The Essential Tag Set

You don't need dozens of tags. Start with these six, and you'll cover 90% of use cases:

1

Environment

Environment: prod | staging | dev | test

Critical for identifying resources that can be shut down outside business hours or deleted entirely.

2

Owner

Owner: team-platform | john.doe@co.com

Who to contact about this resource. Use team names rather than individuals when possible.

3

Project

Project: phoenix | customer-portal | data-pipeline

Links resources to business initiatives for project-level cost tracking and cleanup.

4

Cost Center

CostCenter: CC-1234 | engineering | marketing

Maps to your finance system for chargeback and showback reporting.

5

Application

Application: api-gateway | user-service | analytics

The application or service this resource supports. Helps with architecture understanding.

6

Criticality

Criticality: high | medium | low

Business criticality level. Guides optimization decisions and incident response priority.

Building Your Tag Strategy

Tag Naming Conventions

Good Practice

  • Environment: production
  • Owner: team-platform
  • CostCenter: CC-4521

Avoid

  • env: PROD (inconsistent case)
  • owner: John (individual, not team)
  • cost_center: cc4521 (inconsistent format)

Standardization Rules

  • 1 Case: Use PascalCase for keys (Environment, CostCenter)
  • 2 Values: Use lowercase with hyphens (team-platform, us-east-1)
  • 3 Prefixes: Use company prefix for custom tags (acme:Project)
  • 4 Required vs Optional: Define which tags are mandatory

Enable Cost Allocation Tags in AWS

Tags only appear in Cost Explorer if you activate them as cost allocation tags. Here's how:

Step-by-Step Activation

1

Go to Billing Console

AWS Console → Billing → Cost Allocation Tags

2

Select User-Defined Tags

Check the tags you want to track in cost reports

3

Activate Tags

Click "Activate" - takes 24 hours to appear in Cost Explorer

AWS CLI Method

# List available tags
aws ce list-cost-allocation-tags

# Activate a tag
aws ce update-cost-allocation-tags-status \
  --cost-allocation-tags-status \
  TagKey=Environment,Status=Active \
  TagKey=Owner,Status=Active \
  TagKey=Project,Status=Active

Note: You need billing permissions to activate cost allocation tags.

Finding Untagged Resources

Using AWS Resource Groups Tag Editor

The easiest way to find and fix untagged resources across your entire account:

  1. 1. Go to AWS Console → Resource Groups → Tag Editor
  2. 2. Select regions and resource types to scan
  3. 3. Search for resources without specific tags
  4. 4. Bulk-edit tags directly in the console

Using AWS CLI

Find EC2 instances without "Environment" tag:

aws ec2 describe-instances \
  --query 'Reservations[].Instances[?!Tags[?Key==`Environment`]].[InstanceId,InstanceType,State.Name]' \
  --output table

Find RDS instances without "Owner" tag:

aws rds describe-db-instances \
  --query 'DBInstances[?!TagList[?Key==`Owner`]].[DBInstanceIdentifier,DBInstanceClass]' \
  --output table

Find S3 buckets without tags:

for bucket in $(aws s3api list-buckets --query 'Buckets[].Name' --output text); do
  tags=$(aws s3api get-bucket-tagging --bucket $bucket 2>/dev/null || echo "NO_TAGS")
  if [ "$tags" = "NO_TAGS" ]; then echo "$bucket has no tags"; fi
done

Enforcing Tag Compliance

Tags are useless if people don't use them. Here are enforcement strategies:

AWS Config Rules

Automatically detect resources missing required tags:

# AWS Config rule for required tags
required-tags
  tag1Key: Environment
  tag2Key: Owner
  tag3Key: CostCenter

Non-compliant resources show up in AWS Config dashboard

Service Control Policies (SCPs)

Block resource creation without required tags (preventive):

{
  "Condition": {
    "Null": {
      "aws:RequestTag/Environment": "true"
    }
  },
  "Effect": "Deny",
  "Action": "ec2:RunInstances"
}

Most effective but requires careful rollout

Terraform/CloudFormation

Require tags in Infrastructure as Code:

# Terraform example
default_tags {
  tags = {
    Environment = var.environment
    Owner = var.team
    Project = var.project
  }
}

CI/CD pipelines can reject untagged resources

Weekly Reports

Social pressure works—publish compliance metrics:

  • • % of resources tagged by team
  • • Cost of untagged resources by team
  • • Trend over time (improving or declining?)

Send to leadership for accountability

Retroactively Tagging Resources

Already have hundreds of untagged resources? Here's how to catch up:

1

Identify Patterns

Look at naming conventions—many resources can be auto-tagged based on names:

  • • prod-* → Environment: production
  • • dev-* → Environment: development
  • • api-* → Application: api
2

Use Tag Editor

AWS Tag Editor lets you bulk-edit tags across multiple resources:

  • • Select resources by type/region
  • • Apply tags to multiple at once
  • • Export/import via CSV
3

Script the Rest

For complex cases, write scripts to tag based on logic:

  • • Tag based on VPC/subnet
  • • Tag based on security groups
  • • Tag based on creation date

Bulk Tagging Script Example

# Tag all untagged EC2 instances with default values
for instance_id in $(aws ec2 describe-instances \
  --query 'Reservations[].Instances[?!Tags[?Key==`Environment`]].InstanceId' \
  --output text); do
  echo "Tagging $instance_id"
  aws ec2 create-tags --resources $instance_id \
    --tags Key=Environment,Value=unknown Key=Owner,Value=needs-review
done

Tip: Tag unknowns as "needs-review" so they're easy to find and assign later.

Measuring Tag Success

Key Metrics to Track

Tag Coverage Rate Target: >95%
Cost Allocation Rate Target: >90%
Orphaned Resources Target: <5%
Time to Tag New Resources Target: At creation

Business Impact

  • Faster cost anomaly investigation
  • Accurate project-level budgeting
  • Automated resource cleanup
  • Reduced audit preparation time

See What You're Missing Without Tags

Our free AWS Cost Analyzer shows you cost breakdowns by service and identifies optimization opportunities—even without perfect tags.

Analyze My Costs Free

Start finding savings while you improve your tagging

The Bottom Line

Tagging isn't glamorous, but it's foundational. Without good tags, every cost optimization effort is harder: you can't find orphaned resources, can't allocate costs, can't hold teams accountable, and can't automate cleanup. Start with six essential tags, enforce them from day one, and retroactively tag what you've already built.

6 Tags
Essential minimum
95%+
Target coverage
20%+
Waste you'll find