{"id":916,"date":"2026-04-16T16:46:01","date_gmt":"2026-04-16T16:46:01","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-tagging-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-governance-and-administration\/"},"modified":"2026-04-16T16:46:01","modified_gmt":"2026-04-16T16:46:01","slug":"oracle-cloud-tagging-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-governance-and-administration","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-tagging-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-governance-and-administration\/","title":{"rendered":"Oracle Cloud Tagging Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Governance and Administration"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Governance and Administration<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Tagging<\/strong> is a governance feature in Oracle Cloud Infrastructure (OCI) that lets you attach standardized metadata (tags) to cloud resources. Tags make resources easier to organize, search, secure, automate, and\u2014critically\u2014allocate and analyze cost.<\/p>\n\n\n\n<p>In simple terms: <strong>Tagging is how you label cloud resources<\/strong> (compute instances, databases, buckets, networks, etc.) with business-friendly information like <code>CostCenter=FIN<\/code>, <code>Environment=Prod<\/code>, or <code>Owner=platform-team<\/code>.<\/p>\n\n\n\n<p>Technically, OCI Tagging supports two main tag models\u2014<strong>free-form tags<\/strong> and <strong>defined tags<\/strong>\u2014and provides tenancy-level constructs such as <strong>tag namespaces<\/strong> and <strong>tag defaults<\/strong>. These integrate with OCI features like <strong>Resource Search<\/strong>, <strong>Cost Analysis<\/strong>, <strong>Budgets<\/strong>, <strong>IAM policies<\/strong>, <strong>Audit<\/strong>, and Infrastructure-as-Code workflows (Terraform\/Resource Manager), enabling consistent governance at scale.<\/p>\n\n\n\n<p>Tagging solves common cloud problems:\n&#8211; Cloud sprawl: \u201cWhat are we running and why?\u201d\n&#8211; Cost ambiguity: \u201cWho owns this cost?\u201d\n&#8211; Weak governance: \u201cAre production resources configured and controlled properly?\u201d\n&#8211; Operational inefficiency: \u201cHow do we find, automate, and manage resources consistently?\u201d<\/p>\n\n\n\n<blockquote>\n<p>Service name note: <strong>Tagging<\/strong> is a current, active OCI capability and is commonly documented under OCI \u201cTagging\u201d (and related IAM documentation). It has not been renamed as of the latest publicly available OCI documentation\u2014verify in official docs if your tenancy UI differs.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Tagging?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose<\/h3>\n\n\n\n<p>OCI <strong>Tagging<\/strong> provides a consistent way to <strong>label, organize, and manage OCI resources<\/strong> using metadata that is meaningful to both technical and business stakeholders.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Apply <strong>free-form tags<\/strong> (simple key\/value pairs) to resources.<\/li>\n<li>Apply <strong>defined tags<\/strong> (governed tags created from tag namespaces and tag definitions) to resources.<\/li>\n<li>Create and manage <strong>tag namespaces<\/strong> and <strong>tag definitions<\/strong> to standardize tagging across teams.<\/li>\n<li>Use <strong>tag defaults<\/strong> to automatically apply tags when new resources are created in a compartment.<\/li>\n<li>Use tags for <strong>search<\/strong>, <strong>cost tracking<\/strong>, <strong>automation<\/strong>, and <strong>governance<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Free-form tags<\/strong>: ad hoc <code>key:value<\/code> metadata stored directly on a resource.<\/li>\n<li><strong>Tag namespace<\/strong>: a container that groups related defined tags (for example, <code>Finance<\/code>, <code>Operations<\/code>, <code>Security<\/code>).<\/li>\n<li><strong>Tag definition (defined tag key)<\/strong>: a tag key inside a namespace (for example, <code>Finance.CostCenter<\/code>).<\/li>\n<li><strong>Tag value<\/strong>: the value assigned when applying the tag to a resource (for example, <code>Finance.CostCenter=CC-4102<\/code>).<\/li>\n<li><strong>Tag defaults<\/strong>: rules that automatically apply a defined tag (and optionally enforce it) on resource creation within a compartment scope.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<p>Tagging is a <strong>governance and metadata capability<\/strong> integrated into OCI resource management and IAM. It is not a standalone \u201ccompute-style\u201d service; it is a cross-cutting platform feature exposed through:\n&#8211; OCI Console resource create\/edit screens\n&#8211; OCI APIs and SDKs (resource models include <code>freeformTags<\/code> and <code>definedTags<\/code>)\n&#8211; OCI CLI\n&#8211; Terraform (OCI provider) and Resource Manager stacks\n&#8211; OCI Search service queries<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Scope (tenancy \/ region)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tag namespaces and tag definitions<\/strong> are typically <strong>tenancy-scoped<\/strong> governance objects (created in IAM context).<\/li>\n<li><strong>Tags are attached to resources<\/strong>, and resources themselves are regional or global depending on the service (for example, Object Storage buckets are regional; IAM objects are tenancy\/global).<\/li>\n<li><strong>Tag defaults<\/strong> are scoped to a <strong>compartment<\/strong> (and apply based on how OCI defines default behavior\u2014verify exact inheritance rules in official docs).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How Tagging fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n<p>OCI Tagging is foundational for <strong>Governance and Administration<\/strong> because it ties together:\n&#8211; <strong>Identity and Access Management (IAM)<\/strong>: controlling who can create\/modify namespaces\/tags and who can apply tags\n&#8211; <strong>Resource Search<\/strong>: find resources by tag across compartments\/regions (depending on search scope)\n&#8211; <strong>Cost Management (Cost Analysis\/Budgets)<\/strong>: group and allocate spend by tag dimensions\n&#8211; <strong>Security and compliance<\/strong>: enforce tagging standards, support audits, map controls to resource inventory\n&#8211; <strong>Operations<\/strong>: automate remediation, backups, patching, and lifecycle actions based on tags<\/p>\n\n\n\n<p>Official starting point (verify current URLs as OCI documentation evolves):\n&#8211; OCI Tagging docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Tagging\/home.htm<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Tagging?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cost allocation and chargeback\/showback<\/strong>: attribute cloud spend to cost centers, products, projects, or customers.<\/li>\n<li><strong>Ownership clarity<\/strong>: ensure every resource has an accountable owner and business purpose.<\/li>\n<li><strong>Budgeting and forecasting<\/strong>: group resources by business dimension and track trends.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Standardized metadata<\/strong>: consistent keys and allowed values reduce ambiguity.<\/li>\n<li><strong>Better inventory management<\/strong>: identify what a resource is for without reverse-engineering names.<\/li>\n<li><strong>Automation hooks<\/strong>: tags become selectors for scripts, jobs, policies, and CI\/CD workflows.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster troubleshooting<\/strong>: find related components quickly (e.g., all <code>App=Billing<\/code> resources).<\/li>\n<li><strong>Lifecycle management<\/strong>: identify resources for cleanup (<code>Environment=Dev<\/code>, <code>TTL=2026-05-01<\/code>).<\/li>\n<li><strong>Incident response<\/strong>: scope impact by tags (e.g., production-only).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Policy and control mapping<\/strong>: align resources with regulatory scope (e.g., <code>DataClass=Restricted<\/code>).<\/li>\n<li><strong>Audit readiness<\/strong>: prove ownership, environment classification, and intended use.<\/li>\n<li><strong>Reduced risk of shadow IT<\/strong>: detect untagged\/unknown resources.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons (indirect)<\/h3>\n\n\n\n<p>Tagging doesn\u2019t directly improve service performance, but it <strong>enables scalable operations<\/strong>:\n&#8211; Standard queries and dashboards by tag\n&#8211; Automated enforcement and remediation\n&#8211; Reduced human time to manage large estates<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<p>Choose OCI Tagging when you need any of the following:\n&#8211; Multi-team or multi-project cloud usage\n&#8211; Financial governance (FinOps)\n&#8211; Shared platform operations\n&#8211; Compliance requirements\n&#8211; Repeatable automation based on metadata<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it (or should limit it)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Very small, short-lived prototypes where governance overhead is not worth it (still consider minimal tagging like <code>Owner<\/code> and <code>Environment<\/code>)<\/li>\n<li>When tags might tempt teams to store sensitive data (tags are not a secure secret store)<\/li>\n<li>When you can achieve the requirement better with a different construct (e.g., use <strong>compartments<\/strong> for hard isolation boundaries; tags are not isolation)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Tagging used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SaaS and technology<\/strong>: tenant\/customer allocation, per-product cost tracking<\/li>\n<li><strong>Financial services<\/strong>: compliance scope labels, strict ownership and audit trails<\/li>\n<li><strong>Healthcare<\/strong>: data classification tags to support policy enforcement processes<\/li>\n<li><strong>Retail\/e-commerce<\/strong>: environment and campaign-based resource grouping<\/li>\n<li><strong>Public sector<\/strong>: project codes, funding lines, compliance programs<\/li>\n<li><strong>Manufacturing<\/strong>: plant\/site identifiers, OT\/IT separation metadata<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering \/ Cloud Center of Excellence (CCoE)<\/li>\n<li>DevOps \/ SRE \/ operations<\/li>\n<li>Security engineering \/ GRC<\/li>\n<li>Finance \/ FinOps<\/li>\n<li>Application teams (feature squads)<\/li>\n<li>Data engineering teams<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microservices on Compute or OKE (Kubernetes)<\/li>\n<li>Data platforms (Object Storage + Analytics + databases)<\/li>\n<li>Enterprise applications (ERP\/CRM integrations, middleware)<\/li>\n<li>Batch processing and ETL pipelines<\/li>\n<li>Dev\/test environments and CI systems<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multi-compartment landing zones<\/li>\n<li>Hub-and-spoke network topologies<\/li>\n<li>Shared services (logging, monitoring, security tooling)<\/li>\n<li>Multi-region DR (tags help track paired resources)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Production<\/strong>: strict defined tags + tag defaults + limited permissions<\/li>\n<li><strong>Dev\/test<\/strong>: leaner tag sets but still include <code>Owner<\/code>, <code>Environment<\/code>, <code>CostCenter\/Project<\/code><\/li>\n<li><strong>Shared<\/strong>: tags to mark shared vs dedicated, support allocation and operational responsibility<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic OCI Tagging use cases you can implement today.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Cost allocation by cost center<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Cloud spend is pooled, and leadership can\u2019t see which department is spending.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Defined tags standardize <code>CostCenter<\/code> so cost reporting can group reliably.<\/li>\n<li><strong>Scenario<\/strong>: All resources get <code>Finance.CostCenter=CC-4102<\/code> or <code>CC-7200<\/code>; monthly reports break down spend by cost center.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Chargeback by customer\/tenant (SaaS)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You need per-customer cost visibility in a shared platform.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Tags add a <code>CustomerId<\/code> dimension without changing resource names.<\/li>\n<li><strong>Scenario<\/strong>: Shared compute pools and buckets are tagged <code>SaaS.CustomerId=CUST-1931<\/code> for cost attribution and operational segmentation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Environment separation for operations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Ops teams accidentally apply actions to production resources.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Tags like <code>Environment=Prod<\/code> can be used for search filters and automation gating.<\/li>\n<li><strong>Scenario<\/strong>: An automation job only runs on <code>Environment=Dev<\/code> resources for nightly shutdown.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Ownership and on-call routing<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Alerts fire but nobody knows who owns the resource.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Standardize <code>OwnerTeam<\/code> and <code>OnCall<\/code> tags.<\/li>\n<li><strong>Scenario<\/strong>: <code>Operations.OwnerTeam=payments-sre<\/code> and <code>Operations.OnCall=PagerDutyPayments<\/code> help route incidents.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Data classification labeling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You must track where sensitive data may exist.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Tags provide a consistent metadata layer across storage, database, and compute.<\/li>\n<li><strong>Scenario<\/strong>: Buckets and DBs are tagged <code>Security.DataClass=Restricted<\/code> for compliance inventory and audits.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Migration tracking (cloud adoption)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: During migration, you need to track progress and waves.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Tags allow program-wide tracking without renaming resources.<\/li>\n<li><strong>Scenario<\/strong>: <code>Migration.Wave=Wave2<\/code> and <code>Migration.SourceDC=DC1<\/code> tag every migrated asset.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Automated cleanup of temporary resources<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Dev\/test resources are left running and waste money.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Use tags like <code>TTL<\/code> or <code>ExpiresOn<\/code> for cleanup automation.<\/li>\n<li><strong>Scenario<\/strong>: A scheduled function finds <code>Lifecycle.ExpiresOn &lt; today<\/code> and deletes eligible resources.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Governance reporting: find untagged resources<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Standards exist but are not followed.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Resource Search can identify missing tags; tag defaults reduce drift.<\/li>\n<li><strong>Scenario<\/strong>: Weekly governance report lists all resources missing <code>Environment<\/code> or <code>Owner<\/code>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Backup and retention policy selection<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Not all databases need the same backup policy.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Tags indicate policy class.<\/li>\n<li><strong>Scenario<\/strong>: <code>Operations.BackupTier=Gold\/Silver\/Bronze<\/code> drives backup scheduling automation (using external tooling or OCI automation where applicable).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Network segmentation documentation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Complex networks become hard to understand and audit.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Tagging subnets, route tables, and gateways provides intent metadata.<\/li>\n<li><strong>Scenario<\/strong>: <code>Network.Zone=DMZ<\/code> and <code>Network.Purpose=Ingress<\/code> help reviewers understand topology.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Cross-region DR pairing<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You need to link primary and standby resources.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Use a shared <code>DRPairId<\/code> tag to correlate resources across regions.<\/li>\n<li><strong>Scenario<\/strong>: Primary DB and standby DB share <code>DR.PairId=payments-db-01<\/code>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Kubernetes platform governance (OKE adjacency)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Clusters and node pools proliferate; hard to track teams.<\/li>\n<li><strong>Why Tagging fits<\/strong>: Tag clusters\/node pools with team and environment.<\/li>\n<li><strong>Scenario<\/strong>: <code>Platform.ClusterOwner=team-a<\/code> applied to cluster resources supports inventory and cost tracking.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">6.1 Free-form tags<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Lets you attach arbitrary <code>key:value<\/code> pairs directly to a resource.<\/li>\n<li><strong>Why it matters<\/strong>: Extremely fast to adopt\u2014no upfront governance setup.<\/li>\n<li><strong>Practical benefit<\/strong>: Perfect for quick labeling like <code>Owner=alice<\/code> or <code>Ticket=INC12345<\/code>.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Not centrally standardized; key spelling inconsistencies are common (<code>costcenter<\/code> vs <code>CostCenter<\/code>).<\/li>\n<li>Harder for governance teams to enforce consistency.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.2 Defined tags (tag namespaces + tag definitions)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Provides centrally managed tags with a namespace (<code>Finance<\/code>) and tag key (<code>CostCenter<\/code>), applied as <code>Finance.CostCenter=&lt;value&gt;<\/code>.<\/li>\n<li><strong>Why it matters<\/strong>: Enables consistent tagging across teams and compartments.<\/li>\n<li><strong>Practical benefit<\/strong>: Cost reports and searches become reliable; policy and automation can depend on stable keys.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Requires governance planning: who owns namespaces, naming standards, and allowed values (if enforced).<\/li>\n<li>Changes to definitions should be controlled to avoid breaking reporting.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.3 Tag namespaces<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Groups defined tags, typically by domain or owner (Finance, Security, Operations).<\/li>\n<li><strong>Why it matters<\/strong>: Prevents collisions and clarifies ownership.<\/li>\n<li><strong>Practical benefit<\/strong>: <code>Security.DataClass<\/code> and <code>Finance.CostCenter<\/code> can coexist cleanly.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Namespace sprawl can happen if every team creates their own; manage creation rights.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.4 Tag defaults<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Automatically applies a defined tag to new resources created in a given compartment scope (behavior depends on OCI rules\u2014verify exact scope and inheritance).<\/li>\n<li><strong>Why it matters<\/strong>: Reduces missed tags and improves compliance.<\/li>\n<li><strong>Practical benefit<\/strong>: Enforce baseline tags like <code>Environment=Prod<\/code> in a production compartment.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Works for defined tags, not free-form tags.<\/li>\n<li>Resource-type coverage and inheritance details should be verified in official docs for your tenancy and services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.5 Tagging via Console, API\/SDK, CLI, and Terraform<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Supports consistent tagging in UI and automation workflows.<\/li>\n<li><strong>Why it matters<\/strong>: Prevents \u201csnowflake\u201d resources created outside standard pipelines.<\/li>\n<li><strong>Practical benefit<\/strong>: IaC ensures tags are present at creation time.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Different services expose tags similarly but UI fields may differ slightly.<\/li>\n<li>Ensure your automation identity has permission to apply defined tags.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.6 Resource Search integration<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Lets you query resources using structured search, including tag-based conditions.<\/li>\n<li><strong>Why it matters<\/strong>: Inventory and governance reporting become scalable.<\/li>\n<li><strong>Practical benefit<\/strong>: Find \u201call untagged resources in a compartment\u201d or \u201call prod resources owned by team-x.\u201d<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Search results and scope may depend on permissions and indexing time.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.7 Cost Management integration (Cost Analysis\/Budgets)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Enables grouping\/filters by tags for cost reporting and financial governance.<\/li>\n<li><strong>Why it matters<\/strong>: Tagging is often the difference between \u201cwe spent X\u201d and \u201cteam A spent X on workload Y.\u201d<\/li>\n<li><strong>Practical benefit<\/strong>: Build showback dashboards and enforce budgets by tag dimensions.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Cost reporting depends on accurate and consistent tagging.<\/li>\n<li>Timing: tags must exist at the right time for clean reporting (verify how OCI attributes historical spend when tags change).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.8 IAM governance and delegation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: IAM policies can control who can create namespaces\/definitions and who can apply tags.<\/li>\n<li><strong>Why it matters<\/strong>: Prevents unauthorized or inconsistent governance objects.<\/li>\n<li><strong>Practical benefit<\/strong>: Finance team manages <code>Finance<\/code> namespace; app teams can only apply those tags.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Overly permissive policies can lead to tag sprawl and unreliable reporting.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.9 Auditability of tag changes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Changes to tag namespaces\/definitions and tagged resources are generally captured in OCI Audit events (verify exact coverage per resource\/service).<\/li>\n<li><strong>Why it matters<\/strong>: Supports compliance, forensics, and governance audits.<\/li>\n<li><strong>Practical benefit<\/strong>: You can track who changed tags and when.<\/li>\n<li><strong>Limitations\/caveats<\/strong>:<\/li>\n<li>Audit configuration and retention requirements may require additional setup\/services.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>OCI Tagging is implemented as <strong>metadata fields on resources<\/strong> plus <strong>IAM-managed tag governance objects<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Resources<\/strong> store:<\/li>\n<li><code>freeformTags<\/code> (map of string to string)<\/li>\n<li><code>definedTags<\/code> (map of namespace to map of key to value)<\/li>\n<li><strong>IAM<\/strong> stores:<\/li>\n<li>Tag namespaces<\/li>\n<li>Tag definitions (keys, and sometimes constraints depending on OCI features\u2014verify)<\/li>\n<li>Tag defaults<\/li>\n<\/ul>\n\n\n\n<p>When you create or update a resource (Console\/API\/Terraform), the request includes the tag maps. OCI validates permissions (and tag existence for defined tags), then persists the metadata with the resource.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>A user or automation identity authenticates via OCI IAM (user login, instance principals, workload identity where applicable).<\/li>\n<li>A create\/update resource request is sent with tag metadata.<\/li>\n<li>OCI verifies:\n   &#8211; You can manage that resource\n   &#8211; You can apply tags (and defined tags are valid)\n   &#8211; Tag defaults apply (if configured)<\/li>\n<li>Tags are stored with the resource.<\/li>\n<li>Other services consume tags:\n   &#8211; Resource Search indexes metadata for queries\n   &#8211; Cost Management aggregates spend by tag dimensions\n   &#8211; Audit records changes (where applicable)<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>IAM<\/strong>: tag namespaces, definitions, policies controlling access<\/li>\n<li><strong>Compartments<\/strong>: organizational boundary; tag defaults are compartment-scoped<\/li>\n<li><strong>Resource Search<\/strong>: structured search by tags<\/li>\n<li><strong>Cost Analysis \/ Budgets<\/strong>: cost grouping and governance by tags<\/li>\n<li><strong>Events \/ Notifications \/ Functions (automation)<\/strong>: commonly used together (tags drive selection logic)<\/li>\n<li><strong>Terraform \/ Resource Manager<\/strong>: enforce tags at creation time<\/li>\n<li><strong>Audit<\/strong>: track changes<\/li>\n<li><strong>Cloud Guard \/ Security Zones<\/strong> (where used): can complement governance; do not assume tags alone enforce controls<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IAM (identity, policy enforcement)<\/li>\n<li>Resource-specific services (Compute, Networking, Storage, Database, etc.)<\/li>\n<li>Search service (for tag-based inventory queries)<\/li>\n<li>Cost Management (for financial reporting based on tags)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI IAM authentication: users, groups, dynamic groups, instance principals, etc.<\/li>\n<li>Authorization via IAM policies:<\/li>\n<li>Manage tag namespaces\/definitions<\/li>\n<li>Apply tags to resources (usually tied to permission to update the resource plus tag-namespace usage permissions)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<p>Tagging itself is a control-plane capability; it does not require VCN networking. Access occurs through OCI Console and API endpoints. For private access patterns, use OCI-recommended approaches (for example, OCI CLI from bastions or private networks with appropriate routing)\u2014details depend on your environment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>Audit<\/strong> for change tracking.<\/li>\n<li>Use <strong>Resource Search<\/strong> for compliance queries (e.g., \u201cuntagged resources\u201d).<\/li>\n<li>Use <strong>Budgets<\/strong> and <strong>Cost Analysis<\/strong> to operationalize tags into financial guardrails.<\/li>\n<li>Consider periodic tag compliance checks via automation (CLI\/SDK + Search).<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Simple architecture diagram (conceptual)<\/h4>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  U[User \/ CI-CD \/ Terraform] --&gt;|API\/Console| IAM[IAM AuthZ]\n  IAM --&gt; R[OCI Resource Create\/Update]\n  R --&gt;|stores| T[(Tags on Resource)]\n  T --&gt; S[Resource Search Index]\n  T --&gt; C[Cost Management Aggregation]\n  R --&gt; A[Audit Events]\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Production-style architecture diagram (governance at scale)<\/h4>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph Org[Organization \/ Governance]\n    CCoE[CCoE \/ Platform Team]\n    Fin[Finance \/ FinOps]\n    Sec[Security \/ GRC]\n  end\n\n  subgraph OCI[Oracle Cloud Infrastructure Tenancy]\n    IAM[IAM: Tag Namespaces + Policies]\n    Compartments[Compartments: Prod \/ NonProd \/ Shared]\n    Defaults[Tag Defaults per Compartment]\n    Resources[Resources: Compute, DB, VCN, Buckets, OKE, etc.]\n    Search[Resource Search]\n    Cost[Cost Analysis + Budgets]\n    Audit[Audit]\n  end\n\n  subgraph Delivery[Delivery &amp; Automation]\n    TF[Terraform \/ Resource Manager]\n    CICD[CI\/CD Pipelines]\n    Auto[Automation Scripts \/ Functions]\n  end\n\n  CCoE --&gt; IAM\n  Fin --&gt; IAM\n  Sec --&gt; IAM\n\n  TF --&gt; IAM\n  TF --&gt; Resources\n  CICD --&gt; Resources\n  Defaults --&gt; Resources\n\n  Resources --&gt; Search\n  Resources --&gt; Cost\n  Resources --&gt; Audit\n\n  Auto --&gt; Search\n  Auto --&gt; Resources\n  Cost --&gt; Fin\n  Search --&gt; Sec\n  Audit --&gt; Sec\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Tenancy requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Oracle Cloud (OCI) tenancy<\/strong>.<\/li>\n<li>Access to a compartment where you are allowed to create resources and apply tags.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>You typically need:\n&#8211; Permissions to <strong>create\/manage tag namespaces and tag definitions<\/strong> (for governance admins).\n&#8211; Permissions to <strong>apply defined tags<\/strong> (for builders\/operators).\n&#8211; Permissions to <strong>create\/update the target resources<\/strong> (Compute, Object Storage, etc.).<\/p>\n\n\n\n<p>OCI IAM policy statements vary by organization. Common patterns include:\n&#8211; A governance group can <code>manage tag-namespaces<\/code> in the tenancy.\n&#8211; Builder groups can <code>use tag-namespaces<\/code> and manage resources in compartments.<\/p>\n\n\n\n<p>Because IAM policy syntax and best-practice patterns can vary, <strong>verify in official docs<\/strong> and align with your landing zone standards.<\/p>\n\n\n\n<p>Start here:\n&#8211; IAM policy reference: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/policysyntax\/policysyntax.htm\n&#8211; Tagging docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Tagging\/home.htm<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tagging itself is not typically billed as a standalone service<\/strong>, but resources you create in the lab (compute, storage) may incur charges depending on free tier and usage.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CLI\/SDK\/tools needed (for the lab)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Console access (web browser)<\/li>\n<li>Optional but recommended: <strong>OCI CLI<\/strong><\/li>\n<li>Installation: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/li>\n<li>Configuration: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliconfigure.htm<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tagging is available across OCI regions as a governance capability, but the resources you tag are regional\/global depending on service.<\/li>\n<li>Resource Search and cost features are available broadly, but <strong>verify region-specific availability<\/strong> if you use specialized regions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<p>OCI enforces service limits around tags (such as number of tags per resource and length constraints). These limits can change.\n&#8211; Verify current limits here: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Tagging\/Concepts\/taggingoverview.htm (and linked \u201cLimits\u201d sections)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services<\/h3>\n\n\n\n<p>For the hands-on lab, you\u2019ll create:\n&#8211; A compartment (optional if you already have one)\n&#8211; An Object Storage bucket (low-risk and typically low-cost)\n&#8211; Tag namespace and defined tag<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Current pricing model (accurate framing)<\/h3>\n\n\n\n<p>OCI <strong>Tagging<\/strong> is a governance feature and is generally <strong>not priced as a metered standalone service<\/strong>. However, your overall cost is influenced by:\n&#8211; The resources you create and keep running (Compute, DB, Storage, etc.)\n&#8211; How tags enable cost allocation, budgeting, and automation (which can reduce waste)<\/p>\n\n\n\n<p>Because OCI pricing varies by region, service type, and contract, do not rely on fixed numbers in any third-party guide.<\/p>\n\n\n\n<p>Official pricing entry points:\n&#8211; Oracle Cloud Pricing: https:\/\/www.oracle.com\/cloud\/pricing\/\n&#8211; OCI Cost Management docs (for cost analysis and reporting concepts): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Billing\/home.htm\n&#8211; OCI Pricing Calculator (if available in your region\/portal): https:\/\/www.oracle.com\/cloud\/costestimator.html (verify current tool\/URL)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (indirect)<\/h3>\n\n\n\n<p>While tagging isn\u2019t billed, consider:\n&#8211; <strong>API operations<\/strong>: high-volume automation that queries Search or updates tags can create operational overhead; API usage pricing is generally not a separate line item for most OCI services, but always verify for your specific services and agreements.\n&#8211; <strong>Audit logs<\/strong>: storing\/retaining logs may involve costs if exported to Object Storage or Logging retention settings (depending on your logging setup).\n&#8211; <strong>Automation<\/strong>: Functions, Notifications, and scheduled jobs used for tag compliance can incur cost based on their own pricing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier considerations<\/h3>\n\n\n\n<p>OCI offers an Always Free tier and free trial promotions in many regions. Whether your lab can be run at zero cost depends on:\n&#8211; The resources chosen (Object Storage often has free allocations; verify your tenancy\u2019s free tier terms)\n&#8211; How long you keep resources<\/p>\n\n\n\n<p>Verify:\n&#8211; OCI Free Tier: https:\/\/www.oracle.com\/cloud\/free\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cost drivers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Uncontrolled resource creation in dev\/test without cleanup<\/li>\n<li>Lack of tag-driven visibility causing \u201corphaned\u201d resources<\/li>\n<li>Overly complex tag schemes increasing manual effort (a labor cost)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Human time<\/strong>: inconsistent free-form tags can make reports unreliable and increase time spent cleaning data.<\/li>\n<li><strong>Governance overhead<\/strong>: too many namespaces\/keys leads to confusion and rework.<\/li>\n<li><strong>Data transfer<\/strong>: if automation exports inventory and logs cross-region, data egress may apply (verify OCI networking pricing and rules).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost with Tagging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use tag defaults to reduce missed tags.<\/li>\n<li>Standardize defined tags for cost dimensions (<code>CostCenter<\/code>, <code>Project<\/code>, <code>Environment<\/code>, <code>Owner<\/code>).<\/li>\n<li>Periodically identify and remove unused resources by tag-based searches.<\/li>\n<li>Use budgets\/alerts filtered by tags where applicable.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n<p>A minimal tagging lab can be close to zero cost if you:\n&#8211; Only create tag namespaces\/definitions (governance objects)\n&#8211; Create a small Object Storage bucket and store little\/no data\n&#8211; Clean up immediately<\/p>\n\n\n\n<p>Exact costs depend on region and tier\u2014<strong>verify in the OCI pricing pages<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>In production, tagging itself won\u2019t be your bill driver. The value is that it enables:\n&#8211; Accurate cost allocation at scale\n&#8211; Faster cleanup of waste\n&#8211; Better budgeting and forecasting\n&#8211; Reduced operational toil<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Create a <strong>defined tag<\/strong> strategy in Oracle Cloud Tagging, apply it to an OCI resource, and verify you can <strong>search<\/strong> for tagged resources. You will also learn how to <strong>clean up<\/strong> safely.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Create a compartment for the lab (optional).\n2. Create a tag namespace and defined tag key.\n3. Create an Object Storage bucket and apply:\n   &#8211; one <strong>defined tag<\/strong>\n   &#8211; one <strong>free-form tag<\/strong>\n4. Validate using <strong>Resource Search<\/strong> and <strong>OCI CLI<\/strong> (optional).\n5. Clean up resources.<\/p>\n\n\n\n<p>This lab is designed to be safe and low-cost.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Create (or choose) a compartment for the lab<\/h3>\n\n\n\n<p><strong>Console steps<\/strong>\n1. Open the OCI Console.\n2. Go to <strong>Identity &amp; Security<\/strong> \u2192 <strong>Compartments<\/strong>.\n3. Click <strong>Create Compartment<\/strong>.\n4. Name: <code>lab-tagging<\/code>\n5. Description: <code>Lab compartment for Tagging tutorial<\/code>\n6. Parent compartment: select a parent you control (often the root tenancy, if permitted).\n7. Click <strong>Create Compartment<\/strong>.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A compartment named <code>lab-tagging<\/code> exists and is in <strong>Active<\/strong> state.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; In the Compartments list, confirm <code>lab-tagging<\/code> shows <strong>Active<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create a tag namespace (Defined Tags)<\/h3>\n\n\n\n<p>Defined tags are governed. In OCI, you create them inside a <strong>tag namespace<\/strong>.<\/p>\n\n\n\n<p><strong>Console steps<\/strong>\n1. Go to <strong>Identity &amp; Security<\/strong> \u2192 <strong>Tag Namespaces<\/strong> (sometimes under \u201cGovernance\u201d depending on console layout).\n2. Ensure you are viewing the correct compartment context if the UI asks (tag namespaces are tenancy-level governance objects; the UI may not be compartment-scoped).\n3. Click <strong>Create Tag Namespace<\/strong>.\n4. Enter:\n   &#8211; Name: <code>Finance<\/code>\n   &#8211; Description: <code>Finance governance tags<\/code>\n5. Click <strong>Create<\/strong>.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Tag namespace <code>Finance<\/code> exists.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Open the <code>Finance<\/code> namespace and confirm it is listed.<\/p>\n\n\n\n<p><strong>Common error<\/strong>\n&#8211; <em>You don\u2019t have permission to create tag namespaces.<\/em><br\/>\n  Fix: Ask your OCI admin for IAM policy allowing your group to manage tag namespaces (verify exact policy syntax in official docs).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create a defined tag key in the namespace<\/h3>\n\n\n\n<p>Now create a tag definition key such as <code>CostCenter<\/code>.<\/p>\n\n\n\n<p><strong>Console steps<\/strong>\n1. Open the <code>Finance<\/code> tag namespace.\n2. Click <strong>Create Tag Key<\/strong> (or \u201cCreate Tag Definition\u201d depending on wording).\n3. Enter:\n   &#8211; Tag Key Name: <code>CostCenter<\/code>\n   &#8211; Description: <code>Cost center code for chargeback<\/code>\n4. (Optional) If the UI supports tag value constraints (like allowed values), set them only if your organization requires it. If you are unsure, leave defaults and <strong>verify in official docs<\/strong>.\n5. Click <strong>Create<\/strong>.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A defined tag key exists: <code>Finance.CostCenter<\/code>.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; In the namespace details, confirm <code>CostCenter<\/code> is present.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Create an Object Storage bucket and apply tags<\/h3>\n\n\n\n<p>Object Storage buckets are a good low-risk lab resource (cost depends on storage used).<\/p>\n\n\n\n<p><strong>Console steps<\/strong>\n1. Go to <strong>Storage<\/strong> \u2192 <strong>Object Storage &amp; Archive Storage<\/strong> \u2192 <strong>Buckets<\/strong>.\n2. Select the region you want to use.\n3. Select compartment: <code>lab-tagging<\/code>.\n4. Click <strong>Create Bucket<\/strong>.\n5. Bucket name: <code>tagging-lab-bucket-&lt;unique&gt;<\/code> (bucket names must be unique within the tenancy\/namespace constraints shown in UI).\n6. Under <strong>Tags<\/strong> (or \u201cTagging\u201d):\n   &#8211; <strong>Defined tags<\/strong>:\n     &#8211; Namespace: <code>Finance<\/code>\n     &#8211; Key: <code>CostCenter<\/code>\n     &#8211; Value: <code>CC-1001<\/code>\n   &#8211; <strong>Free-form tags<\/strong>:\n     &#8211; <code>Owner<\/code> = your name or team alias (e.g., <code>platform-team<\/code>)\n7. Click <strong>Create<\/strong>.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A bucket is created with both a defined tag and a free-form tag.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Open the bucket details page.\n&#8211; Find the <strong>Tags<\/strong> section and confirm:\n  &#8211; Defined tag <code>Finance.CostCenter=CC-1001<\/code>\n  &#8211; Free-form tag <code>Owner=platform-team<\/code> (or your chosen value)<\/p>\n\n\n\n<p><strong>Common errors<\/strong>\n&#8211; <em>Defined tag not visible<\/em>: ensure the namespace and tag key were created successfully and you selected <strong>Defined tags<\/strong> (not just free-form).\n&#8211; <em>Permission denied<\/em>: you may have permission to create buckets but not to use tag namespaces. This requires IAM policy changes (verify in official docs and with your admin).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Validate with Resource Search (Console)<\/h3>\n\n\n\n<p>Resource Search helps you find resources across compartments by criteria including tags.<\/p>\n\n\n\n<p><strong>Console steps<\/strong>\n1. Go to <strong>Governance &amp; Administration<\/strong> \u2192 <strong>Resource Search<\/strong> (UI location may vary).\n2. Use a structured search query. Example for defined tags:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Query idea (adapt to your syntax as shown in the Resource Search UI):<ul>\n<li>Find resources where <code>Finance.CostCenter = 'CC-1001'<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Run the search.<\/li>\n<li>Confirm your bucket appears in the results.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Resource Search returns at least one result: your Object Storage bucket.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Click the result and ensure it links to your bucket.<\/p>\n\n\n\n<p><strong>If you struggle with syntax<\/strong>\n&#8211; Use the Resource Search UI\u2019s query builder (if present).\n&#8211; Verify the latest structured search syntax in official docs:\n  &#8211; Search docs entry point: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Search\/home.htm (verify URL\/path if it differs)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6 (Optional): Validate with OCI CLI<\/h3>\n\n\n\n<p>This step is optional but strongly recommended for real-world operations.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">6.1 Install and configure OCI CLI<\/h4>\n\n\n\n<p>Follow official instructions:\n&#8211; Install: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm\n&#8211; Configure: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliconfigure.htm<\/p>\n\n\n\n<p>Verify:<\/p>\n\n\n\n<pre><code class=\"language-bash\">oci os ns get\n<\/code><\/pre>\n\n\n\n<p>Expected outcome: returns your Object Storage namespace string.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">6.2 Use Search from CLI (structured search)<\/h4>\n\n\n\n<p>Run a structured search query. Example (syntax may require adjustments\u2014<strong>verify in official docs<\/strong>):<\/p>\n\n\n\n<pre><code class=\"language-bash\">oci search resource structured-search \\\n  --query-text \"query all resources where definedTags.namespace = 'Finance'\"\n<\/code><\/pre>\n\n\n\n<p>A more specific query often looks like:<\/p>\n\n\n\n<pre><code class=\"language-bash\">oci search resource structured-search \\\n  --query-text \"query all resources where definedTags.Finance.CostCenter = 'CC-1001'\"\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; The command returns JSON results including your bucket.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; In the returned items, look for the bucket name and OCID.\n&#8211; If results are empty, confirm:\n  &#8211; You are querying the correct tag key and value\n  &#8211; Your permissions allow search visibility\n  &#8211; Indexing may take a short time in some cases<\/p>\n\n\n\n<blockquote>\n<p>Note: OCI structured search query syntax is strict. If the above query fails, rely on the Console query builder and consult the official Search documentation to match the current syntax precisely.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>You have successfully validated OCI Tagging when all of the following are true:\n&#8211; You can see <code>Finance.CostCenter=CC-1001<\/code> and <code>Owner=&lt;value&gt;<\/code> on the bucket details page.\n&#8211; Resource Search finds the bucket by the tag criteria.\n&#8211; (Optional) OCI CLI search returns the resource in results.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p><strong>Issue: \u201cNot authorized\u201d when creating namespace\/tag keys<\/strong>\n&#8211; Cause: missing IAM permissions to manage tag namespaces\/definitions.\n&#8211; Fix: request a policy update from admins. Check:\n  &#8211; IAM policy docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/policysyntax\/policysyntax.htm\n  &#8211; Tagging docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Tagging\/home.htm<\/p>\n\n\n\n<p><strong>Issue: Can create resource but cannot apply defined tags<\/strong>\n&#8211; Cause: permission to manage the resource exists, but permission to use tag namespaces does not.\n&#8211; Fix: ensure your group is allowed to use tag namespaces (exact wording depends on OCI policy grammar\u2014verify with official docs).<\/p>\n\n\n\n<p><strong>Issue: Resource Search returns nothing<\/strong>\n&#8211; Confirm the tag is present on the resource.\n&#8211; Confirm you have visibility into the compartment\/resource.\n&#8211; Wait briefly and retry (indexing delay can happen).\n&#8211; Use the Console query builder to ensure syntax is correct.<\/p>\n\n\n\n<p><strong>Issue: Confusing differences between free-form and defined tags<\/strong>\n&#8211; Free-form tags: no namespace; simple key\/value.\n&#8211; Defined tags: must exist in a namespace and are centrally managed.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid ongoing costs:\n1. Delete the Object Storage bucket:\n   &#8211; Storage \u2192 Buckets \u2192 select your bucket \u2192 <strong>Delete<\/strong>\n   &#8211; If it contains objects, delete objects first (or use \u201cempty bucket\u201d functionality if available).\n2. (Optional) Delete the compartment resources first, then delete the compartment:\n   &#8211; Identity &amp; Security \u2192 Compartments \u2192 <code>lab-tagging<\/code> \u2192 <strong>Delete<\/strong>\n   &#8211; Compartments can take time to delete due to lifecycle and resource cleanup.\n3. (Optional) Delete the tag namespace if it\u2019s truly lab-only:\n   &#8211; Identity &amp; Security \u2192 Tag Namespaces \u2192 <code>Finance<\/code> \u2192 delete tag keys \u2192 delete namespace<br\/>\n   In shared tenancies, <strong>do not delete<\/strong> governance objects without approval.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>compartments for isolation<\/strong> (blast radius, IAM boundaries) and <strong>tags for classification<\/strong> (metadata).<\/li>\n<li>Align tagging with your landing zone:<\/li>\n<li>Compartments represent environment or org units.<\/li>\n<li>Tags represent cost, ownership, data classification, workload identity.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Restrict who can <strong>create<\/strong> tag namespaces and tag definitions (usually a CCoE\/FinOps\/SecOps function).<\/li>\n<li>Allow application teams to <strong>apply<\/strong> approved defined tags without allowing them to create new keys.<\/li>\n<li>Use separate namespaces per owning domain (Finance\/Security\/Operations) to avoid conflicts.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices (FinOps)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Make a small set of tags mandatory for cost reporting:<\/li>\n<li><code>CostCenter<\/code> or <code>Project<\/code><\/li>\n<li><code>Environment<\/code><\/li>\n<li><code>OwnerTeam<\/code><\/li>\n<li><code>Application<\/code> (or <code>Service<\/code>)<\/li>\n<li>Prefer <strong>defined tags<\/strong> for cost dimensions to avoid inconsistent keys.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices (operational scale)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep tag sets small and meaningful. Too many tags becomes noise.<\/li>\n<li>Standardize casing and naming (e.g., <code>CostCenter<\/code>, <code>OwnerTeam<\/code>).<\/li>\n<li>Use tag defaults for baseline tags in key compartments to reduce manual work.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use tag-driven automation carefully:<\/li>\n<li>Require multiple conditions for destructive actions (e.g., <code>Environment=Dev<\/code> AND <code>AllowCleanup=true<\/code>).<\/li>\n<li>Implement a \u201cdry run\u201d mode and approval workflow for bulk operations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Implement a periodic tag compliance scan:<\/li>\n<li>Find resources missing required tags<\/li>\n<li>Notify owners or open tickets automatically<\/li>\n<li>Document your tag catalog:<\/li>\n<li>Namespace owner<\/li>\n<li>Key meaning<\/li>\n<li>Allowed values (if enforced)<\/li>\n<li>Examples and anti-examples<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a naming convention <strong>and<\/strong> tags; do not rely on names alone.<\/li>\n<li>Avoid sensitive data in tags:<\/li>\n<li>No passwords, tokens, private keys<\/li>\n<li>Avoid personal data (PII) unless your policy explicitly permits it<\/li>\n<li>Use stable IDs where possible:<\/li>\n<li><code>CostCenter=CC-1001<\/code> rather than \u201cFinance Team\u201d<\/li>\n<li>Treat tag namespaces\/definitions like schema:<\/li>\n<li>Version changes carefully<\/li>\n<li>Avoid renaming keys that dashboards and reports depend on<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tagging is governed by <strong>OCI IAM<\/strong>.<\/li>\n<li>Separate concerns:<\/li>\n<li>Who can create\/modify namespaces and tag keys (governance administrators)<\/li>\n<li>Who can apply tags to resources (builders\/operators)<\/li>\n<li>Ensure least privilege:<\/li>\n<li>Don\u2019t let every developer create new namespaces; that creates chaos.<\/li>\n<li>Don\u2019t allow unmanaged tag keys for cost allocation if finance reporting depends on it.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tags are metadata stored by OCI as part of resource configuration.<\/li>\n<li>Encryption at rest and in transit is handled by OCI control plane standards; however, <strong>tags are not secrets<\/strong> and should not contain sensitive values.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tagging is control-plane; it doesn\u2019t open network ports.<\/li>\n<li>The main risk is <strong>data leakage through metadata<\/strong> (e.g., someone puts confidential info in tags).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never store secrets in tags.<\/li>\n<li>If you need secret distribution, use OCI Vault services (separate from Tagging).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>OCI Audit<\/strong> to track changes to:<\/li>\n<li>Tag namespaces and definitions<\/li>\n<li>Resource updates that modify tags (coverage varies; verify per service)<\/li>\n<li>Consider exporting Audit logs to centralized storage for long retention if required by compliance.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use tags to support compliance evidence:<\/li>\n<li><code>DataClass<\/code>, <code>Regulated=true<\/code>, <code>PCI=true<\/code>, etc.<\/li>\n<li>But do not assume tags enforce compliance by themselves. They enable visibility and automation; enforcement requires policies and guardrails.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Allowing all teams to create arbitrary namespaces (loss of governance)<\/li>\n<li>Storing sensitive business details in tags (e.g., customer names for regulated workloads)<\/li>\n<li>Using tags as a substitute for IAM\/compartment isolation<\/li>\n<li>Building automation that trusts tags without validation (tag spoofing risk if too many users can change tags)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define a minimal required tag set and enforce through:<\/li>\n<li>Tag defaults where appropriate<\/li>\n<li>IaC pipelines that fail builds without required tags<\/li>\n<li>Periodic compliance checks<\/li>\n<li>Restrict tag-definition management to a governance group.<\/li>\n<li>Use defined tags for compliance-related metadata.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitations (verify exact values in official docs)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Limits per resource<\/strong>: OCI enforces maximum number of tags and size constraints per tag key\/value. Exact numbers can change\u2014verify in OCI Tagging limits documentation.<\/li>\n<li><strong>Indexing\/search timing<\/strong>: Resource Search may not reflect tag updates instantly in all cases.<\/li>\n<li><strong>Service coverage differences<\/strong>: Most OCI resources support tags, but some edge resources or older services may have limitations\u2014verify service-by-service.<\/li>\n<li><strong>Tag defaults behavior<\/strong>: Tag defaults apply automatically on creation, but inheritance and resource-type coverage should be confirmed in official documentation for your tenancy.<\/li>\n<li><strong>Case sensitivity and consistency<\/strong>: Free-form keys are easy to mistype; defined tags reduce this risk.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tag namespace and tag definition counts may have tenancy limits.<\/li>\n<li>Search and API rate limits can apply for large-scale automation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Regional constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tags themselves are tenancy governance objects, but resources are regional\/global. Cross-region cost and inventory views depend on the consuming service (Search, cost tooling) and permissions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tagging isn\u2019t billed, but forgetting cleanup of tagged dev resources still costs money.<\/li>\n<li>Exporting logs\/reports for compliance can create storage and egress costs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Some third-party tooling expects a specific tag schema; if your schema changes, integrations can break.<\/li>\n<li>Terraform modules may require tag maps in specific formats.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational gotchas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tag sprawl: too many keys \u2192 nobody uses them.<\/li>\n<li>Drift: resources created outside IaC may miss required tags.<\/li>\n<li>Misleading tags: if anyone can edit tags, tags can become untrusted for compliance unless controlled.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Migrating from free-form to defined tags requires mapping and cleanup.<\/li>\n<li>Renaming defined tags can break dashboards and cost allocation logic.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI uses <strong>namespaces<\/strong> for defined tags (unlike AWS\u2019s flat tag model).<\/li>\n<li>\u201cDefined tags\u201d are a first-class governance object; treat them like shared schema.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Nearest services in Oracle Cloud<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Compartments<\/strong>: strong isolation and policy boundaries; not just metadata.<\/li>\n<li><strong>Resource Search<\/strong>: queries resources; tagging provides key selectors.<\/li>\n<li><strong>Cost Analysis\/Budgets<\/strong>: consumes tags for cost allocation.<\/li>\n<li><strong>Cloud Guard \/ Security Zones<\/strong>: governance\/security guardrails; tags complement but don\u2019t replace these.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Nearest services in other clouds<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AWS Resource Tags<\/strong>: key\/value tags widely used for cost allocation and IAM conditions.<\/li>\n<li><strong>Azure Tags<\/strong>: resource tags used for grouping and cost management.<\/li>\n<li><strong>Google Cloud Labels<\/strong>: key\/value metadata for resources with some constraints.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Open-source\/self-managed alternatives<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CMDB\/asset inventory systems (ServiceNow, internal catalogs)<\/li>\n<li>Custom inventory databases + periodic cloud discovery scripts<br\/>\nThese can complement OCI tags but typically require more work and don\u2019t integrate as natively with cost\/governance tooling.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Comparison table<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>OCI Tagging (Free-form + Defined Tags)<\/strong><\/td>\n<td>OCI-wide metadata, governance, cost allocation<\/td>\n<td>Native integration with OCI resources, Search, Cost tooling; defined tag governance<\/td>\n<td>Requires planning; relies on consistent adoption<\/td>\n<td>You run workloads on Oracle Cloud and need scalable governance<\/td>\n<\/tr>\n<tr>\n<td><strong>OCI Compartments<\/strong><\/td>\n<td>Hard isolation and access boundaries<\/td>\n<td>Strong security boundary; IAM scoping; clean org model<\/td>\n<td>Not a substitute for cost\/ownership metadata<\/td>\n<td>Use for environment\/org isolation; pair with tags for classification<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS Tags<\/strong><\/td>\n<td>AWS estates<\/td>\n<td>Mature ecosystem; used across services and IAM conditions<\/td>\n<td>Flat model; governance depends on tooling<\/td>\n<td>Choose in AWS; similar use patterns to OCI<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Tags<\/strong><\/td>\n<td>Azure estates<\/td>\n<td>Strong portal and policy integration<\/td>\n<td>Tag enforcement often done via Azure Policy<\/td>\n<td>Choose in Azure; similar governance goals<\/td>\n<\/tr>\n<tr>\n<td><strong>GCP Labels<\/strong><\/td>\n<td>GCP estates<\/td>\n<td>Simple labeling and filtering<\/td>\n<td>Constraint rules may differ; governance often via org policies<\/td>\n<td>Choose in GCP; similar but not identical semantics<\/td>\n<\/tr>\n<tr>\n<td><strong>External CMDB \/ Inventory<\/strong><\/td>\n<td>Multi-cloud + ITSM governance<\/td>\n<td>Centralized across clouds; workflow integration<\/td>\n<td>More effort; not native; can drift<\/td>\n<td>Use when you must unify multiple clouds and processes<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: regulated financial services landing zone<\/h3>\n\n\n\n<p><strong>Problem<\/strong>\nA bank runs dozens of applications on Oracle Cloud. Costs must be allocated to cost centers, and compliance requires tracking which resources may handle regulated data. Auditors also require evidence of ownership and environment classification.<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; Compartments:\n  &#8211; <code>Prod<\/code>, <code>NonProd<\/code>, <code>Shared<\/code>\n  &#8211; Nested compartments per line of business\n&#8211; Defined tag namespaces:\n  &#8211; <code>Finance<\/code>: <code>CostCenter<\/code>, <code>ProjectCode<\/code>\n  &#8211; <code>Security<\/code>: <code>DataClass<\/code>, <code>RegulatedScope<\/code>\n  &#8211; <code>Operations<\/code>: <code>OwnerTeam<\/code>, <code>ServiceName<\/code>, <code>Environment<\/code>\n&#8211; Tag defaults:\n  &#8211; Production compartments automatically apply <code>Operations.Environment=Prod<\/code> (verify exact tag default behavior and scope)\n&#8211; Automation:\n  &#8211; Weekly compliance scan using Resource Search:\n    &#8211; Find resources missing <code>OwnerTeam<\/code> or <code>DataClass<\/code>\n  &#8211; Budgeting by tag:\n    &#8211; Budget thresholds per <code>Finance.CostCenter<\/code><\/p>\n\n\n\n<p><strong>Why Tagging was chosen<\/strong>\n&#8211; Native OCI integration with cost and search\n&#8211; Defined tags provide governance and consistency\n&#8211; Works across nearly all OCI resource types used in the estate<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Accurate monthly chargeback by cost center\n&#8211; Faster audits (resource inventories by classification)\n&#8211; Reduced operational time finding owners and related components<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: SaaS team controlling dev\/test spend<\/h3>\n\n\n\n<p><strong>Problem<\/strong>\nA small SaaS company uses OCI for dev\/test and production. Dev resources keep piling up, and bills are rising. They also want a lightweight way to know who owns what.<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; Minimal defined tags:\n  &#8211; <code>Operations.Owner<\/code>\n  &#8211; <code>Operations.Environment<\/code>\n  &#8211; <code>Finance.Project<\/code>\n&#8211; Free-form tags allowed for temporary metadata like <code>Ticket<\/code>\n&#8211; Simple automation:\n  &#8211; Daily search for <code>Environment=Dev<\/code> and missing <code>ExpiresOn<\/code>\n  &#8211; Slack\/email notifications to owners (implementation outside Tagging itself)<\/p>\n\n\n\n<p><strong>Why Tagging was chosen<\/strong>\n&#8211; Fast to implement with immediate operational value\n&#8211; Doesn\u2019t require new infrastructure\n&#8211; Enables consistent cleanup rules<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Reduced dev\/test waste\n&#8211; Clear ownership for resources\n&#8211; Better visibility without heavy governance overhead<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<p>1) <strong>What\u2019s the difference between free-form tags and defined tags in Oracle Cloud?<\/strong><br\/>\nFree-form tags are ad hoc key\/value pairs. Defined tags are governed: you must create a tag namespace and tag key first, then apply them consistently as <code>Namespace.Key=Value<\/code>.<\/p>\n\n\n\n<p>2) <strong>Do tags affect runtime performance of my OCI resources?<\/strong><br\/>\nNo. Tags are metadata used for governance, search, and reporting. They don\u2019t change CPU, latency, or throughput.<\/p>\n\n\n\n<p>3) <strong>Is OCI Tagging a paid service?<\/strong><br\/>\nTagging is generally not billed as a standalone service, but resources you create (compute\/storage\/etc.) are billed. Always verify with Oracle\u2019s official pricing pages.<\/p>\n\n\n\n<p>4) <strong>Can I use tags for cost allocation in Oracle Cloud?<\/strong><br\/>\nYes. Tags are commonly used with OCI Cost Analysis and related billing reporting features to group and filter spend.<\/p>\n\n\n\n<p>5) <strong>Are tags secure? Can I store secrets in tags?<\/strong><br\/>\nDo not store secrets in tags. Tags are metadata and may be visible to users who can view resources. Use OCI Vault for secrets.<\/p>\n\n\n\n<p>6) <strong>Who should be allowed to create tag namespaces and tag keys?<\/strong><br\/>\nTypically a governance group (CCoE\/FinOps\/Security). Application teams usually should only apply approved tags.<\/p>\n\n\n\n<p>7) <strong>Can I enforce mandatory tags?<\/strong><br\/>\nOCI provides mechanisms such as <strong>tag defaults<\/strong> and organizational controls. Enforcement patterns vary\u2014verify current OCI capabilities in official docs and consider IaC pipeline enforcement.<\/p>\n\n\n\n<p>8) <strong>Can tags be changed after a resource is created?<\/strong><br\/>\nYes, most resources allow tag updates. Be careful: changing tags can affect reporting and automation that relies on tags.<\/p>\n\n\n\n<p>9) <strong>Do all OCI services support tags?<\/strong><br\/>\nMany do, but not all features\/resources may have identical support. Verify tagging support for each service you use.<\/p>\n\n\n\n<p>10) <strong>How do I find untagged resources?<\/strong><br\/>\nUse <strong>Resource Search<\/strong> to query for missing tag keys (structured queries) or run periodic scans via CLI\/SDK.<\/p>\n\n\n\n<p>11) <strong>Should I use compartments instead of tags?<\/strong><br\/>\nUse compartments for security\/isolation and IAM boundaries. Use tags for classification, cost, ownership, and automation selectors. They solve different problems.<\/p>\n\n\n\n<p>12) <strong>How many tags should I create?<\/strong><br\/>\nStart small. A typical baseline is 4\u20138 required tags. Too many tags reduces adoption and data quality.<\/p>\n\n\n\n<p>13) <strong>What tag keys are most useful to start with?<\/strong><br\/>\nCommon starting set: <code>Environment<\/code>, <code>OwnerTeam<\/code>, <code>CostCenter\/Project<\/code>, <code>Application\/Service<\/code>, optionally <code>DataClass<\/code>.<\/p>\n\n\n\n<p>14) <strong>Can I rename a defined tag key?<\/strong><br\/>\nRenaming governance objects can break dashboards, automation, and reports. Plan changes carefully; verify OCI\u2019s current behavior and constraints in official docs.<\/p>\n\n\n\n<p>15) <strong>How do tags work with Terraform in OCI?<\/strong><br\/>\nOCI Terraform resources usually support <code>freeform_tags<\/code> and <code>defined_tags<\/code> attributes. Standardize these via modules and policy-as-code checks.<\/p>\n\n\n\n<p>16) <strong>How quickly do tag changes show up in Resource Search and cost reports?<\/strong><br\/>\nSearch indexing and cost attribution timing can vary. Expect possible delays; verify your exact behavior in OCI docs and by testing in your tenancy.<\/p>\n\n\n\n<p>17) <strong>Can I restrict which tag values people can use?<\/strong><br\/>\nOCI has supported constraints in some tagging features\/UI options over time, but capabilities can evolve. Verify current \u201ctag value\u201d constraint features in official docs.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Tagging<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official Documentation<\/td>\n<td>OCI Tagging Documentation \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Tagging\/home.htm<\/td>\n<td>Primary source for concepts, workflows, and limits<\/td>\n<\/tr>\n<tr>\n<td>Official Documentation<\/td>\n<td>OCI IAM Documentation \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/td>\n<td>Policies and permissions required to manage and use tags<\/td>\n<\/tr>\n<tr>\n<td>Official Documentation<\/td>\n<td>OCI Resource Search \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Search\/home.htm<\/td>\n<td>How to query resources by tags across compartments<\/td>\n<\/tr>\n<tr>\n<td>Official Documentation<\/td>\n<td>OCI Billing &amp; Cost Management \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Billing\/home.htm<\/td>\n<td>How tags relate to cost analysis and governance reporting<\/td>\n<\/tr>\n<tr>\n<td>Official Pricing<\/td>\n<td>Oracle Cloud Pricing \u2014 https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\n<td>Official pricing reference for services you tag (tagging itself is typically not priced)<\/td>\n<\/tr>\n<tr>\n<td>Official Tool<\/td>\n<td>Oracle Cloud Cost Estimator \u2014 https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<td>Estimate costs for resources; validate region\/SKU assumptions<\/td>\n<\/tr>\n<tr>\n<td>Official Docs (CLI)<\/td>\n<td>OCI CLI Install \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/td>\n<td>Install OCI CLI for scripting tag governance and verification<\/td>\n<\/tr>\n<tr>\n<td>Official Docs (CLI)<\/td>\n<td>OCI CLI Configure \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliconfigure.htm<\/td>\n<td>Configure profiles\/auth for repeatable automation<\/td>\n<\/tr>\n<tr>\n<td>Official Tutorials<\/td>\n<td>Oracle Cloud Tutorials (browse) \u2014 https:\/\/docs.oracle.com\/en\/learn\/<\/td>\n<td>Find labs that often incorporate tagging and governance patterns<\/td>\n<\/tr>\n<tr>\n<td>Official Architecture<\/td>\n<td>OCI Architecture Center \u2014 https:\/\/docs.oracle.com\/en\/solutions\/<\/td>\n<td>Reference architectures; many include governance best practices<\/td>\n<\/tr>\n<tr>\n<td>Official GitHub (if applicable)<\/td>\n<td>Oracle OCI Samples \u2014 https:\/\/github.com\/oracle\/oci-python-sdk (and related Oracle org repos)<\/td>\n<td>SDK examples; helpful for programmatic tagging patterns (verify relevance per repo)<\/td>\n<\/tr>\n<tr>\n<td>Community Learning<\/td>\n<td>OCI tagging write-ups (verify) \u2014 start from official docs<\/td>\n<td>Community posts can help with practical queries; validate against official docs<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps engineers, SREs, platform teams<\/td>\n<td>OCI governance fundamentals, automation practices, DevOps workflows<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Students, engineers transitioning to DevOps<\/td>\n<td>SCM\/DevOps foundations that complement OCI governance<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud operations teams<\/td>\n<td>Cloud operations practices (monitoring, governance, operations processes)<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs, reliability engineers<\/td>\n<td>Reliability operations, incident management, operational governance<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams exploring AIOps<\/td>\n<td>AIOps concepts that can complement governance\/automation<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>Cloud\/DevOps training content (verify current offerings)<\/td>\n<td>Beginners to intermediate engineers<\/td>\n<td>https:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps training and coaching<\/td>\n<td>DevOps engineers and students<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps guidance (verify services)<\/td>\n<td>Teams needing short-term enablement<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and training resources (verify scope)<\/td>\n<td>Operations teams and practitioners<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company Name<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps consulting (verify current portfolio)<\/td>\n<td>OCI governance design, tagging strategy, automation<\/td>\n<td>Define tagging taxonomy; implement tag defaults; build compliance reporting<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps &amp; cloud consulting<\/td>\n<td>Platform governance, DevOps enablement, operational practices<\/td>\n<td>Establish OCI tagging standards; integrate tagging into CI\/CD and Terraform<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting services<\/td>\n<td>Automation, governance processes, operational readiness<\/td>\n<td>Implement tag-based cleanup automation; cost allocation reporting enablement<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before Tagging (recommended foundations)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI basics: regions, compartments, OCIDs, IAM users\/groups\/policies<\/li>\n<li>Core OCI services you plan to govern (Compute, Networking, Object Storage, Databases)<\/li>\n<li>Infrastructure-as-Code basics (Terraform fundamentals)<\/li>\n<li>Basic FinOps concepts (chargeback\/showback, budgets, unit economics)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after Tagging (to operationalize governance)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Resource Search advanced queries<\/li>\n<li>OCI Cost Management (Cost Analysis, Budgets, cost reporting exports)<\/li>\n<li>OCI Audit and centralized logging patterns<\/li>\n<li>Policy-as-code and CI\/CD guardrails (Terraform module standards, validation checks)<\/li>\n<li>Automation patterns:<\/li>\n<li>Scheduled scans and remediation<\/li>\n<li>Notifications + ticketing integration (outside OCI scope)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud engineer \/ cloud administrator<\/li>\n<li>DevOps engineer \/ SRE<\/li>\n<li>Platform engineer<\/li>\n<li>Cloud security engineer \/ GRC analyst<\/li>\n<li>FinOps analyst \/ cloud cost manager<\/li>\n<li>Solutions architect<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Oracle certification offerings change over time. Look for OCI architecture\/operations certifications and ensure they include governance and cost management topics.\n&#8211; Start at Oracle University \/ OCI training portals (verify current certification names):\n  &#8211; https:\/\/education.oracle.com\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Build a tag taxonomy for a 3-environment (Dev\/Test\/Prod) OCI landing zone.<\/li>\n<li>Write a script that uses Resource Search to list resources missing required tags.<\/li>\n<li>Implement Terraform modules that enforce a required <code>defined_tags<\/code> map.<\/li>\n<li>Create a monthly cost allocation report process using tags (export + analysis workflow).<\/li>\n<li>Implement a safe cleanup workflow for resources tagged with <code>ExpiresOn<\/code>.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tagging<\/strong>: The OCI capability to attach metadata (tags) to resources.<\/li>\n<li><strong>Free-form tag<\/strong>: Unstructured key\/value metadata applied directly to a resource.<\/li>\n<li><strong>Defined tag<\/strong>: Governed tag that must be created as a tag definition within a namespace before use.<\/li>\n<li><strong>Tag namespace<\/strong>: A container for defined tags, typically representing a domain such as Finance or Security.<\/li>\n<li><strong>Tag definition \/ Tag key<\/strong>: The defined tag key inside a namespace (e.g., <code>Finance.CostCenter<\/code>).<\/li>\n<li><strong>Tag value<\/strong>: The value assigned to a tag key on a resource (e.g., <code>CC-1001<\/code>).<\/li>\n<li><strong>Tag default<\/strong>: A rule that automatically applies a defined tag to newly created resources in a compartment scope (verify exact behavior in OCI docs).<\/li>\n<li><strong>Compartment<\/strong>: An OCI logical container used for organizing resources and scoping IAM policies.<\/li>\n<li><strong>OCID<\/strong>: Oracle Cloud Identifier, the unique identifier for OCI resources.<\/li>\n<li><strong>Resource Search<\/strong>: OCI service to query resources across compartments using structured queries.<\/li>\n<li><strong>FinOps<\/strong>: Cloud financial management discipline focused on cost visibility, allocation, and optimization.<\/li>\n<li><strong>Drift<\/strong>: Configuration differences between desired state (IaC) and actual state in the cloud.<\/li>\n<li><strong>Governance<\/strong>: Policies, processes, and controls to manage cloud usage safely and efficiently.<\/li>\n<li><strong>Control plane<\/strong>: The management layer for provisioning and configuring cloud resources.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Tagging<\/strong> is OCI\u2019s native way to apply <strong>metadata labels<\/strong> to resources for <strong>governance and administration<\/strong>. It matters because it enables consistent resource organization, scalable operations, and\u2014most importantly for many organizations\u2014accurate <strong>cost allocation<\/strong> and accountability.<\/p>\n\n\n\n<p>In OCI, you\u2019ll typically use:\n&#8211; <strong>Free-form tags<\/strong> for quick, flexible labeling\n&#8211; <strong>Defined tags<\/strong> (namespaces + tag keys) for standardized governance and reporting\n&#8211; <strong>Resource Search<\/strong> to query inventory by tags\n&#8211; <strong>Cost Management tools<\/strong> to group and analyze spend by tag dimensions<\/p>\n\n\n\n<p>From a cost perspective, tagging is usually not a billable line item, but it strongly influences your ability to control and reduce spend. From a security perspective, treat tags as visible metadata\u2014never store secrets\u2014and control who can create\/modify tag schemas.<\/p>\n\n\n\n<p>When to use it: whenever you have more than a handful of resources, multiple teams, or any need for cost\/governance reporting.<br\/>\nNext step: deepen your operational approach by learning <strong>Resource Search queries<\/strong>, <strong>IAM policy patterns for tag governance<\/strong>, and <strong>Cost Analysis\/Budgets<\/strong> workflows using defined tags.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Governance and Administration<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[70,62],"tags":[],"class_list":["post-916","post","type-post","status-publish","format-standard","hentry","category-governance-and-administration","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=916"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/916\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}