Merge pull request #29 from LBHackney-IT/feature/update-tagging-standards-and-how-to

acanbym · web-flow · commit a05d993aa64b · 2025-05-14T11:07:09.000+01:00
chore: updating tagging standards and how to guide
diff --git a/docs/technical-standards/How-to guides/tagging.md b/docs/technical-standards/How-to guides/tagging.md
@@ -13,7 +13,7 @@ provider "aws" {
     tags = {
       Application = "Developer Playbook"
       TeamEmail   = "developers@hackney.gov.uk"
-      Environment = "production"
+      Environment = "prod"
     }
   }
 }
@@ -69,7 +69,7 @@ In order to add tagging to AWS resources managed by Serverless Framework:
       stackTags:
           Application: "Developer Playbook"
           TeamEmail: "developers@hackney.gov.uk"
-          Environment: "production"
+          Environment: "prod"
 
           # For CircleCI
           AutomationBuildUrl: ${env:CIRCLE_BUILD_URL}
diff --git a/docs/technical-standards/Reference/hosting-standards/tagging.md b/docs/technical-standards/Reference/hosting-standards/tagging.md
@@ -14,11 +14,22 @@ To ensure we can consistently search for, and report on, the tags we use, you sh
 - `TeamEmail`: The email address of the team responsible for the operation of the service. Must be a valid email group, not an individual.
 - `Environment`: The name of the environment, must be one of `dev`, `stg`, `prod` or `mgmt`[^environment-tags-source].
 
+### Mandatory tags for data-holding resources
+
+The following potentially data-holding resources must have the Confidentiality tag:
+- EC2 instance
+- EBS volume
+- RDS instance
+- RDS cluster
+- DynamoDB table
+You will not be able to deploy the above resources if they are not tagged with the Confidentiality tag. 
+- `Confidentiality`: Data confidentiality of the infrastructure. Must be one of `Internal`, `Restricted`, or `Public`.
+
 ### Optional tags
 
 - `AutomationBuildUrl`: URL of the automation build, must be a valid URL.
 - `BackupPolicy`: The backup policy to apply to the resource. If present must be one of `Dev`, `Stg`, `Preprod`, `Prod`, `Mgmt`.
-- `Confidentiality`: Data confidentiality of the infrastructure. Only applicable to infrastructure which holds data, e.g. EC2, RDS, EBS, DynamoDB, Glue, and S3. Must be one of `Internal`, `Restricted`, or `Public`[^confidentiality-tags-source].
+- `Confidentiality`: Data confidentiality of the infrastructure. Only mandatory for infrastructure which holds data, e.g. EC2, RDS, EBS, DynamoDB, Glue, and S3. Optional for all other infrastructure. Must be one of `Internal`, `Restricted`, or `Public`[^confidentiality-tags-source].
 - `Department`: The service area this system serves.
 - `WeekendShutdown`: If present, regardless of the value provided the resource will be shut down over the weekend.
 - `OutOfHoursShutdown`: If present, regardless of the value provided the resource will be shut down out of working hours.

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ provider "aws" {`
`13`	`13`	`tags = {`
`14`	`14`	`Application = "Developer Playbook"`
`15`	`15`	`TeamEmail = "[email protected]"`
`16`		`- Environment = "production"`
	`16`	`+ Environment = "prod"`
`17`	`17`	`}`
`18`	`18`	`}`
`19`	`19`	`}`
`@@ -69,7 +69,7 @@ In order to add tagging to AWS resources managed by Serverless Framework:`
`69`	`69`	`stackTags:`
`70`	`70`	`Application: "Developer Playbook"`
`71`	`71`	`TeamEmail: "[email protected]"`
`72`		`- Environment: "production"`
	`72`	`+ Environment: "prod"`
`73`	`73`
`74`	`74`	`# For CircleCI`
`75`	`75`	`AutomationBuildUrl: ${env:CIRCLE_BUILD_URL}`