Here I am sharing my experience of controlling and managing cloud budgets using custom tags.

First, think we are working on organizations its has AWS account with multiple IAM users. Here the problem arises, the account admin comes and checks the cost-explorer. They didn't find good information on which users using more and on which resources users are spending more. Here the AWS cost allocation tags rescue us to find more deep-dive costs.

In an organization, there is a problem that we can't restrict the IAM user to tag the resource. So here auto-tagging resources without user intervention will help.

My approach is to tag all resources every hour using AWS services like Eventbridge + Lambda will solve the problem of cost monitoring. If we tag every resource with User=IAM_User. We can see the Cost distribution of Tag User, with the help of the User tag, we can get various information regarding user resources based on AWS default filtering.

For the above approach, we need to find the IAM User. AWS provides the default tag aws:CreatedBy. But it is not sufficient to identify the exact user. One Scenario is that if we trigger the EC2 instance based on AssumeRole. In CloudTrail API activity we can get the assumed username which is not the real user and the assumed username is added to aws:CreatedBy tag. So this information is not useful for the account admin. For finding the real IAM User we need to write our code to dig the CloudTrial Event. After finding the user we can tag the resources.

We can also add extra tags to the user working Email, Project, and Environment using the IAM User tags. If we store the default tags in the IAM user, after finding the user from CloudTrail we can fetch the tags from the IAM user and attach them to the resources.