{"id":32800659,"url":"https://github.com/berkeleyo/azure-cost-tagging","last_synced_at":"2026-04-11T16:44:42.566Z","repository":{"id":319733039,"uuid":"1079451783","full_name":"berkeleyo/azure-cost-tagging","owner":"berkeleyo","description":"Enforce and repair cost tags at scale with policy and scripts.","archived":false,"fork":false,"pushed_at":"2025-10-19T22:53:57.000Z","size":18,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-06T04:03:19.740Z","etag":null,"topics":["automation","azure","cost-management","finops","governance","powershell","tagging"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/berkeleyo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-19T20:40:30.000Z","updated_at":"2025-10-19T22:58:07.000Z","dependencies_parsed_at":"2025-10-20T03:10:01.087Z","dependency_job_id":"d379cf8a-48bd-4f03-ab58-86e9984e0e52","html_url":"https://github.com/berkeleyo/azure-cost-tagging","commit_stats":null,"previous_names":["berkeleyo/azure-cost-tagging"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/berkeleyo/azure-cost-tagging","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fazure-cost-tagging","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fazure-cost-tagging/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fazure-cost-tagging/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fazure-cost-tagging/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/berkeleyo","download_url":"https://codeload.github.com/berkeleyo/azure-cost-tagging/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fazure-cost-tagging/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31687881,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-11T13:07:20.380Z","status":"ssl_error","status_checked_at":"2026-04-11T13:06:47.903Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","azure","cost-management","finops","governance","powershell","tagging"],"created_at":"2025-11-06T04:01:25.192Z","updated_at":"2026-04-11T16:44:42.557Z","avatar_url":"https://github.com/berkeleyo.png","language":"PowerShell","readme":"# Azure Cost Tagging \u0026 Governance 🏷️💸\n\n![Redaction Badge](https://img.shields.io/badge/REDACTED-No%20secrets%20or%20tenant%20info-green)\n\u003e **Redaction statement:** This repository is fully redacted — no secrets, IPs, tenant IDs, subscription IDs, hostnames, or organization identifiers.  \n\u003e All values are placeholders for safe public sharing.\n\nA clean, production-ready implementation to standardize, enforce, and report **Azure cost tags** across subscriptions and management groups.\n\n---\n\n## 🎯 Objectives\n\n- Establish a consistent tag schema: `costCenter`, `owner`, `env`, `service`, `businessUnit`, `retention`.\n- Enforce compliance using **Azure Policy** (require + inherit) with Audit → Modify/Deny lifecycle.\n- Automate remediation for untagged resources.\n- Enable showback/chargeback in **Azure Cost Management** and FinOps tooling.\n\n---\n\n## 📂 Repository Structure\n\n```\n.\n├─ README.md\n├─ RUNBOOK.md\n├─ .gitignore\n├─ docs/\n│  ├─ OVERVIEW.md\n│  ├─ ARCHITECTURE.md\n│  ├─ CUTOVER_CHECKLIST.md\n│  ├─ ROLLBACK.md\n│  └─ SECURITY.md\n└─ scripts/\n   ├─ pwsh/\n   │  ├─ discover-tags.ps1\n   │  ├─ enforce-tags.ps1\n   │  ├─ remediate-untagged.ps1\n   │  └─ report-cost-by-tag.ps1\n   ├─ bash/\n   │  └─ discover-tags.sh\n   ├─ policy/\n   │  ├─ policy-definition-require-tags.json\n   │  ├─ policy-definition-inherit-tags.json\n   │  ├─ policy-initiative-cost-governance.json\n   │  └─ policy-assignment-example.json\n   └─ examples/\n      └─ sample-tag-schema.json\n```\n\n---\n\n## 🧭 Lifecycle\n\n1. **Discover** – Inventory current tags; baseline gaps.  \n2. **Design** – Finalize schema, ownership, and enforcement scope.  \n3. **Build** – Author policies (require + inherit).  \n4. **Test** – Audit in non-prod; validate exemptions.  \n5. **Cutover** – Switch to Modify/Deny; run remediation.  \n6. **Operate** – Reporting, drift checks, reviews.\n\n---\n\n## 🪄 Solution Overview (Mermaid)\n\n```mermaid\nflowchart LR\n  A[\"Stakeholders \u0026 FinOps\"] --\u003e B[\"Tag Schema \u0026 Standards\"]\n  B --\u003e C[\"Azure Policy\u003cbr/\u003e(require + inherit)\"]\n  C --\u003e D[\"Assignments at Mgmt Group / Subscription\"]\n  D --\u003e E[\"Automated Remediation\u003cbr/\u003e(Modify or DeployIfNotExists)\"]\n  E --\u003e F[\"Consistent Resource Tags\"]\n  F --\u003e G[\"Azure Cost Management\u003cbr/\u003e\u0026 FinOps Reports\"]\n  G --\u003e H[\"Showback / Chargeback\"]\n  H --\u003e|Feedback| A\n```\n\n---\n\n## ⚙️ Getting Started\n\n### PowerShell\n```powershell\nConnect-AzAccount\nSet-AzContext -Subscription \"SUBSCRIPTION-NAME\"\n\n# Discover tags (CSV)\n./scripts/pwsh/discover-tags.ps1 -Scope \"/subscriptions/00000000-0000-0000-0000-000000000000\" -OutFile \"./tag-inventory.csv\"\n\n# Import policy definitions\n$root = \"./scripts/policy\"\nNew-AzPolicyDefinition -Name \"require-tags\" -Policy (Get-Content \"$root/policy-definition-require-tags.json\" -Raw)\nNew-AzPolicyDefinition -Name \"inherit-tags\" -Policy (Get-Content \"$root/policy-definition-inherit-tags.json\" -Raw)\n\n# Create initiative \u0026 assign (example scope)\n$initiative = Get-Content \"$root/policy-initiative-cost-governance.json\" -Raw\nNew-AzPolicySetDefinition -Name \"cost-governance\" -PolicyDefinition $initiative\nNew-AzPolicyAssignment -Name \"cost-governance-assignment\" `\n  -Scope \"/providers/Microsoft.Management/managementGroups/MG-CORP\" `\n  -PolicySetDefinition (Get-AzPolicySetDefinition -Name \"cost-governance\")\n```\n\n\u003e **Safety defaults:** Scripts are read-only unless you explicitly pass `-WhatIf:$false` or `-Confirm:$false`. Review before running.\n\n---\n\n## 🏷️ Example Tag Schema\n\n| Tag Key       | Example Value        | Purpose                     |\n|---------------|----------------------|-----------------------------|\n| `costCenter`  | `CC-1234`           | Showback/chargeback         |\n| `owner`       | `email@domain.tld`  | Accountability              |\n| `env`         | `prod` / `nonprod`  | Lifecycle separation        |\n| `service`     | `payments-api`      | Service/app mapping         |\n| `businessUnit`| `Retail`            | Financial rollups           |\n| `retention`   | `90d` / `365d`      | Data lifecycle alignment    |\n\n---\n\n## 🔐 Security \u0026 Redaction\n\n- This repo stores **no secrets or identifiers**. Use **Azure Key Vault** for credentials/tokens.\n- Prefer **Management Group** scope for policy to minimize drift.\n- Use **Modify** to inherit tags and **Deny** for missing critical tags after comms.\n\n---\n\n## 📘 Operations\n\nSee **RUNBOOK.md** for deployment, remediation, cutover, and rollback procedures.  \nDocs in `/docs` cover architecture, checklists, and security posture.\n\n---\n\n## 📄 License\n\nMIT (or your organization’s standard). Add a `LICENSE` file if required.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fberkeleyo%2Fazure-cost-tagging","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fberkeleyo%2Fazure-cost-tagging","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fberkeleyo%2Fazure-cost-tagging/lists"}