Using default tags to identify who created resources

By | September 29, 2019

I work in a shared OCI environment, where everyone has their own compartments. While most of my colleagues nicely only create resources in their own compartments, this does sometimes go wrong. Then the quests starts, who created this? You can use the Audit logs to find the event that created the resource, but this can be a challenge to find out.

An alternative method to deal with this is using defaults tags. These are tags that are automatically created upon creation of any resource and can contain a default value. In this case, we want the default value to be the username of who created the resource.

Step 1 – Create a Namespace for your Tag

Go to Governance -> Tag namespaces and create Namespace Definition. Create a namespace called “Owner” with a Description, everything else you can leave blank. I would recommend you create this Namespace on your Root Compartment, so it will be available thru out your environment.

When the Namespace is created, you can click on it and create a Tag Key Definition. Let’s use “Creator” for the Tag Key and give it a description.

Step 2 – Create default tag definition

To create a default tag definition, you need to go to Identity -> Compartments. Click on the Root Compartment.

Then on the left you will have the option to go to the Tag Defaults.

You can now create a Tag Default. Select the “Owner” namespace and “creator” for Tag Key. For the specified value we will use one of the variables that are available in OCI. In this case the iam.principal.name This will be the ocid+username of the user that is creating the resource.

When new resources are now created, no matter how (UI/CLI/API), the resource will have the creator tag filled with the user who created the resource.

Category: OCI

One thought on “Using default tags to identify who created resources

Leave a Reply to Rodrigo Jorge Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.