Skip to main content

Auto Tagging

Auto Tagging​

Auto Tagging is a system that automatically categorizes infrastructure changes within the Overmind platform using rule-based logic and machine learning analysis. This feature is designed to help organizations maintain consistent change management practices, enforce compliance standards, and streamline the review process for infra modifications.

Key Features​

Auto Tagging allows organizations to:

  • Create customized tagging rules at the account level to automatically categorize changes based on specific criteria.
  • Apply consistent tags across multiple development teams to maintain standardized change management practices.
  • Automatically identify and flag potentially risky or significant changes that require additional review.
  • Track and document change implications automatically to maintain a clear audit trail.

Rule Configuration​

Rule Structure​

Each tagging rule consists of the following components:

  • Name: A human-readable identifier for the rule
  • Tag Key: This is what appears in the change
  • Enabled Status: A toggle to activate or deactivate the rule
  • Instructions: The criteria used to evaluate changes
  • Valid Values: Optional predefined values that can be assigned to the tag. These can be configured in two ways:
    • Key only: Where the tag is applied without a specific value (e.g., needs-review)
    • Key-value pairs: Where both a key and specific value are assigned (e.g., team: frontend)

These components (Name, Tag Key, Enabled Status, and Instructions) are provided to our Large Language Model (LLM) to evaluate changes and determine appropriate tags. The LLM uses these criteria to analyse changes and apply tags consistently according to the specified instructions.

Example Rule:

rules:
  - name: Security Review Required
    tag_key: security_review
    enabled: true
    instructions: Determine if this change involves modifications to authentication, encryption, or sensitive security configurations.
    valid_values:
      - required
      - optional
      - not_needed

In the Overmind App, auto tags can be distinguished by the autotagging logo in front of them. When viewing changes in Overmind, you'll see:

  • Name: A human-readable identifier for the rule
  • Tag Key: The unique identifier used to tag changes

These are the primary identifiers used to track and manage your tagging rules.

💡 Tip: Hovering your mouse over the auto tag will display the reasoning.

Image

Rule Management​

Rules can be managed in two ways:

Web Application:

  • Create, edit, and delete rules at the account level
  • Enable or disable rules as needed
  • Test rules against existing changes before deployment
  • Export rules to YAML for CLI usage

CLI Configuration File:

  • Create .overmind/auto-tag-rules.yaml in your Terraform project
  • Version control your tagging rules with your infrastructure code
  • Override web application rules for specific projects
  • Consistent tagging across team workflows

CLI Configuration​

You can define auto-tagging rules locally using a YAML configuration file. This allows teams to version control their tagging rules alongside their infrastructure code.

File Location​

Create .overmind/auto-tag-rules.yaml in your Terraform project root:

your-terraform-project/
├── .overmind/
│   └── auto-tag-rules.yaml
├── main.tf
└── variables.tf

File Format​

rules:
  - name: Production Environment Detection
    tag_key: environment
    enabled: true
    instructions: Identify changes affecting production resources based on resource names, tags, or account context
    valid_values:
      - production
      - staging
      - development

  - name: Database Changes
    tag_key: database_change
    enabled: true
    instructions: Flag any changes to RDS instances, DynamoDB tables, or database-related resources
    valid_values:
      - critical
      - routine

Usage with CLI​

# Use default location
overmind changes submit-plan tfplan.json

# Specify custom rules file
overmind changes submit-plan tfplan.json --auto-tag-rules custom-rules.yaml

Team Workflow​

1.Create rules file in your repository:

   mkdir -p .overmind
   # Create your auto-tag-rules.yaml file

2.Version control the configuration:

   git add .overmind/auto-tag-rules.yaml
   git commit -m "Add auto-tagging rules"

3.Use in CI/CD - Rules are automatically applied when submitting plans via CLI or GitHub Actions.

For detailed CLI configuration options, see the CLI Configuration Guide.

Implementation Guide​

Creating a New Rule​

Settings Configuration

1.Navigate to Settings > Configuration > Auto Tagging in the Overmind web application.

Autotagging settings

2.Click "Create New Rule".

Fill in the required fields:

  • Provide a descriptive name.
  • Set a unique tag key.
  • Write clear instructions for change evaluation.
  • Optionally define valid values.
  • Test the rule against sample changes.

Autotagging settings

Testing Rule​

Testing a rule

Tested rule:

Tested rule

Before deploying a rule:

  1. Select relevant test changes from your change history.
  2. Run the rule against selected changes.
  3. Review the tagging results.
  4. Adjust rule instructions as needed.

Best Practices​

  • Writing clear, specific instructions for each rule can help ensure that the rule is applied consistently.

Scenario 1: Routine Change Identification​

Automatically identify and tag routine changes that may be pre-approved, such as AMI updates within the same major version.

Bad Example:

rules:
  - name: Routine AMI Updates
    tag_key: ami_update
    enabled: true
    instructions: update amis only
    valid_values: []

Good Example:

rules:
  - name: Routine AMI Updates
    tag_key: ami_update
    enabled: true
    instructions: Analyse if this change is solely updating Amazon Machine Images (AMIs) for existing EC2 instances to their latest approved versions within the same major version. Check for patterns like updating AMI IDs in launch templates/configurations, updating Auto Scaling group launch templates, or direct EC2 instance AMI updates. Ensure no other configuration changes are present.
    valid_values: []

Scenario 2: Tagging Repository​

Create a rule to automatically tag different Terraform repositories. To ensure correct tagging, add an additional line clarifying that it must only pick valid values that match.

Example:

rules:
  - name: terraform repo
    tag_key: terraform_repo
    enabled: true
    instructions: Detect the changes being made in what Terraform repo, i.e., terraform-prod would equal the value prod. If the repo value does not exist in valid values please do not tag it.
    valid_values:
      - demo
      - test
      - prod
      - dev
      - staging

Limitations and CLI Usage​

  • Each account is limited to 10 autotagging rules
  • CLI configuration files take precedence over web application rules for specific changes
  • Rules defined in .overmind/auto-tag-rules.yaml apply only to changes submitted from that project