✍️ Initial draft of tagging standards

spikeheap · spikeheap · commit 77ea973671b5 · 2025-01-13T17:10:20.000Z
This is a work in progress initial draft of the tagging standards for AWS, based on https://github.com/LBHackney-IT/aws-tags-lbh and https://docs.google.com/document/d/1iWsgVYWXAbZQZDYP4PJ-Gv74rFRQUSdDC_XHHSiliXk/edit?pli=1&tab=t.0.
diff --git a/docs/technical-standards/Readme.md b/docs/technical-standards/Readme.md
@@ -0,0 +1,3 @@
+# Technical standards
+
+These technical standards are the baseline operating requirements for systems and services in Hackney.
diff --git a/docs/technical-standards/Reference/_category_.json b/docs/technical-standards/Reference/_category_.json
@@ -0,0 +1,4 @@
+{
+  "collapsible": false,
+  "collapsed": false,
+}
diff --git a/docs/technical-standards/Reference/hosting-standards/Readme.md b/docs/technical-standards/Reference/hosting-standards/Readme.md
@@ -0,0 +1,6 @@
+---
+sidebar_position: 1
+---
+# Hosting standards
+
+Hosting standards apply to everything we host at Hackney, whether it's built in-house, developed externally, or an off-the-shelf product. If we're hosting it in one of our cloud platforms, e.g. AWS, these standards apply
diff --git a/docs/technical-standards/Reference/hosting-standards/tagging.md b/docs/technical-standards/Reference/hosting-standards/tagging.md
@@ -0,0 +1,46 @@
+# Tagging
+
+We will tag all AWS objects, so we know they have a purpose and have a defined owner to manage cost, maintenance and support.
+
+## What must be in place
+
+1. All objects in our cloud hosting providers (primarily AWS) must be tagged in line with the requirements set out below.
+
+## Monitoring
+
+The user creating the object will be notified when an object is untagged with increasing urgency.
+
+## Resolution/Escalation if the baseline isn't met
+
+1. Creation of untagged objects will be prevented by technical controls where possible.
+2. Newly created untagged objects will be forcefully and automatically shutdown/disabled if they remain untagged for 7 calendar days.
+3. Existing untagged objects will not be editable until the mandatory tags have been added.
+
+## Tags to use
+
+To ensure we can consistently search for, and report on, the tags we use, you should use the following tags. In all cases, only use acronyms if you’re confident that someone from another part of the council would understand them. If in doubt, avoid acronyms and use the full term.
+
+### Mandatory tags
+
+- `Application`: The full name of the application or service. This should match the name used in the Service Catalogue, e.g.  `Repairs Hub`, `Common Fate`.
+- `Team`: In the form `<team-name>: <team-email>`. This is the team responsible for the operation of the service.
+- `Environment`: The name of the environment, must be one of `dev`, `stg`, `prod` or `mgmt`[^environment-tags-source].
+
+### Optional tags
+
+- `AutomationBuildUrl`: URL of the automation build, must be a valid URL.
+- `AutomationTool`: The tool used for Infrastructure as Code, e.g. `Terraform` or `Serverless Framework`.
+- `Confidentiality`: Data confidentiality of the infrastructure. Only applicable to infrastructure which holds data, e.g. EC2, RDS, EBS, DynamoDB, Glue, and S3. Must be one of `Internal`, `Restricted`, or `Public`[^confidentiality-tags-source].
+- `OOOShutdown`: Whether to shut an EC2 instance down out of hours. Must be `true` or `false`.
+
+### FIXME(remove) Tags we're no longer using
+
+- Department (maybe useful, it's a fixed list)
+- BackupPolicy (should be inferred from environment, as they seem to match)
+- Phase
+- Stack
+- Patch Group
+- Project
+
+[^confidentiality-tags-source]: https://github.com/LBHackney-IT/aws-tags-lbh/blob/main/variables.tf#L83
+[^environment-tags-source]: https://github.com/LBHackney-IT/aws-tags-lbh/blob/main/variables.tf#L150
diff --git a/docusaurus.config.js b/docusaurus.config.js
@@ -86,6 +86,12 @@ const config = {
             position: 'left',
             label: 'Ways of working',
           },
+          {
+            type: 'docSidebar',
+            sidebarId: 'technicalStandards',
+            position: 'left',
+            label: 'Technical standards',
+          },
           {
             type: 'docSidebar',
             sidebarId: 'architecturePillars',
diff --git a/sidebars.js b/sidebars.js
@@ -19,6 +19,7 @@ const sidebars = {
   frontendDevelopment: [{type: 'autogenerated', dirName: 'frontend-development'}],
   apiSpecifications: [{type: 'autogenerated', dirName: 'api-specifications'}],
   productPlaybook: [{type: 'autogenerated', dirName: 'Product-Playbook'}],
+  technicalStandards: [{type: 'autogenerated', dirName: 'technical-standards'}],
 };
 
 export default sidebars;

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# Technical standards`
	`2`	`+`
	`3`	`+These technical standards are the baseline operating requirements for systems and services in Hackney.`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +  "collapsible": false,
 +  "collapsed": false,
 +}