How can we improve the Azure Resource Manager?

Tag inheritance

The ability for objects contained in a resource group to inherit tags from the resource group. It might be a good idea to allow the user to specify which tags on the resource group should propagate/inherit.

226 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Jason Milczek shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
planned  ·  AdminGovernance Team (Product Owner, Microsoft Azure) responded  · 

Thank you for voting on this suggestion. It is now completed and can be done via custom Azure Policy. Here is a sample custom policy to apply a specific tag at the RG and have them inherited by the Resources in that RG: https://github.com/Azure/azure-policy/tree/master/samples/ResourceGroup/copy-resourcegroup-tag

Tag inheritance for existing resources is something that we plan to add support for in 2019.

35 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Vincent commented  ·   ·  Flag as inappropriate

    We need Resource Group tags to travers to all objects in the Resource Group (when a new object is added to RG it will get the RG tags automatically). Plus the option add unique tags to objects in a RG.

  • Martin commented  ·   ·  Flag as inappropriate

    The policy just appends one specific (named) Tag from the Resource Group to the Resouce. What I need is a Policy that appends all Resource Group Tags to the Resources below, independent from the Name of the Tag (like a foreach). Now, I solved that with PowerShell and Automation every night. But a policy would be better.

  • Debbie Edwards commented  ·   ·  Flag as inappropriate

    Ive tried doing it from the Azure Portal but its not doing what I need it to do. I need it to take every tag created in the resource group and apply to the resources. Not just one named tag

    When will tag inheritance be properly resolved?

  • David commented  ·   ·  Flag as inappropriate

    I want to second the comment below....I also have the same question...

    Thanks for the solution.
    When implementing this however, we came across the problem that the inheritance only works on creation of the resource. When the Tag on the resource group changes, the resource tag does not change.

    Is there any policy-based solution for this or do we have to continue using our syncing scripts?

  • Ramonito commented  ·   ·  Flag as inappropriate

    The affect to append tag is NOT working. The policy basically only audits the resources within the Resource Group and not tagging it. This request needs more review and fix.

  • Peter Lorenzen commented  ·   ·  Flag as inappropriate

    I cannot get this to work either. The missing tags on existing resources are listed as non-compliant, but nothing is copied.
    A built-in police that copies tags from resources group to new resources already exists (Apply tag and its default value).

  • Benedikt Kittinger commented  ·   ·  Flag as inappropriate

    Thanks for the solution.
    When implementing this however, we came across the problem that the inheritance only works on creation of the resource. When the Tag on the resource group changes, the resource tag does not change.

    Is there any policy-based solution for this or do we have to continue using our syncing scripts?

  • Richard Cheney commented  ·   ·  Flag as inappropriate

    +1 for policies and policy initiatives.

    If it is useful then I've started to add the following into my ARM templates to inherit / add / override:

    In variables:
    "resourceGroupTags": "[if(contains(resourceGroup(), 'tags'), resourceGroup().tags, json('{}'))]"

    In resources:
    "tags": "[union(variables('resourceGroupTags'), parameters('tags'))]",

  • Kyle commented  ·   ·  Flag as inappropriate

    Using Azure Policy you can create a initiative that is standard across all Resource Groups. Then have a RG creation scrip referencing the policy and pass in as parameters.

    Then everything created through the portal or via Powershell will receive those tags.

  • Matthew Taylor commented  ·   ·  Flag as inappropriate

    Inherited Tags is needed and seems like a logical requirement. I am surprised that this is not a feature already. Have tried policy to require a Tag but have run into issues creating VM's from PS script where extensions fail (because of tagging policy) and unable to create objects from portal as there is no option to specify a tag during creation. If Tag inheritance was possible, would be able to simply create items in a Resource Group and object would then inherit tag(s) assigned to said Resource Group. This certainly seems like a much desired option.

  • craig gordon commented  ·   ·  Flag as inappropriate

    Any more current updates on tag inheritance on the roadmap? Specifically, it would be nice to just have a checkbox option either at subscription level or resource group level, that allows you to toggle resource group inheritance on/off(default). Desire is to simply have the same tags and values propogate to all resources in a resource group.

← Previous 1

Feedback and Knowledge Base