Recommended naming and tagging conventions
Organize your cloud assets to support operational management and accounting requirements. Well-defined naming and metadata tagging conventions help to quickly locate and manage resources. These conventions also help associate cloud usage costs with business teams via chargeback and showback accounting mechanisms.
Azure defines naming rules and restrictions for Azure resources. This guidance provides detailed recommendations to support enterprise cloud adoption efforts.
Changing resource names can be difficult. Establish a comprehensive naming convention before you begin any large cloud deployment.
Note
Every business has different organizational and management requirements. These recommendations provide a starting point for discussions within your cloud adoption teams.
As these discussions proceed, use the following template to capture the naming and tagging decisions you make when you align these recommendations to your specific business needs.
Download the naming and tagging conventions tracking template.
Naming and tagging resources
A naming and tagging strategy includes business and operational details as components of resource names and metadata tags:
The business side of this strategy ensures that resource names and tags include the organizational information needed to identify the teams. Use a resource along with the business owners who are responsible for resource costs.
The operational side ensures that names and tags include information that IT teams use to identify the workload, application, environment, criticality, and other information useful for managing resources.
Resource naming
An effective naming convention assembles resource names by using important resource information as parts of a resource's name. For example, using these recommended naming conventions, a public IP resource for a production SharePoint workload is named like this: pip-sharepoint-prod-westus-001.
From the name, you can quickly identify the resource's type, its associated workload, its deployment environment, and the Azure region hosting it.
Naming scope
All Azure resource types have a scope that defines the level that resource names must be unique. A resource must have a unique name within its scope.
For example, a virtual network has a resource group scope, which means that there can be only one network named vnet-prod-westus-001 in a given resource group. Other resource groups could have their own virtual network named vnet-prod-westus-001. Subnets are scoped to virtual networks, so each subnet within a virtual network must be uniquely named.
Some resource names, such as PaaS services with public endpoints or virtual machine DNS labels, have global scopes, which means that they must be unique across the entire Azure platform.
Resource names have length limits. Balancing the context embedded in a name with its scope and length is important when you develop your naming conventions. For more information, see naming rules and restrictions for Azure resources.
Recommended naming components
When you construct your naming convention, identify the key pieces of information that you want to reflect in a resource name. Different information is relevant for different resource types. The following list provides examples of information that are useful when you construct resource names.
Keep the length of naming components short to prevent exceeding resource name length limits.
| Naming component | Description | Examples |
|---|---|---|
| Business unit | Top-level division of your company that owns the subscription or workload the resource belongs to. In smaller organizations, this component might represent a single corporate top-level organizational element. | fin, mktg, product, it, corp |
| Subscription type | Summary description of the purpose of the subscription that contains the resource. Often broken down by deployment environment type or specific workloads. | prod, shared, client |
| Application or service name | Name of the application, workload, or service that the resource is a part of. | navigator, emissions, sharepoint, hadoop |
| Deployment environment | The stage of the development lifecycle for the workload that the resource supports. | prod, dev, qa, stage, test |
| Region | The Azure region where the resource is deployed. | westus, eastus2, westeurope, usgovia |
Recommended resource-type prefixes
Each workload can consist of many individual resources and services. Incorporating resource type prefixes into your resource names makes it easier to visually identify application or service components.
This list recommends Azure resource type prefixes to use when you define your naming conventions.
General
| Asset type | Name prefix |
|---|---|
| Resource group | rg- |
| Policy definition | policy- |
| API management service instance | apim- |
Networking
| Asset type | Name prefix |
|---|---|
| Virtual network | vnet- |
| Subnet | snet- |
| Network interface (NIC) | nic- |
| Public IP address | pip- |
| Load balancer (internal) | lbi- |
| Load balancer (external) | lbe- |
| Network security group (NSG) | nsg- |
| Application security group (ASG) | asg- |
| Local network gateway | lgw- |
| Virtual network gateway | vgw- |
| VPN connection | cn- |
| Application gateway | agw- |
| Route table | route- |
| Traffic Manager profile | traf- |
Compute and Web
| Asset type | Name prefix |
|---|---|
| Virtual machine | vm |
| Virtual machine scale set | vmss- |
| Availability set | avail- |
| VM storage account | stvm |
| Azure Arc connected machine | arcm- |
| Container instance | aci- |
| AKS cluster | aks- |
| Service Fabric cluster | sf- |
| App Service environment | ase- |
| App Service plan | plan- |
| Web app | app- |
| Function app | func- |
| Cloud service | cld- |
| Notification Hubs | ntf- |
| Notification Hubs namespace | ntfns- |
Databases
| Asset type | Name prefix |
|---|---|
| Azure SQL Database server | sql- |
| Azure SQL database | sqldb- |
| Azure Cosmos DB database | cosmos- |
| Azure Cache for Redis instance | redis- |
| MySQL database | mysql- |
| PostgreSQL database | psql- |
| Azure SQL Data Warehouse | sqldw- |
| Azure Synapse Analytics | syn- |
| SQL Server Stretch Database | sqlstrdb- |
Storage
| Asset type | Name prefix |
|---|---|
| Storage account | st |
| Azure StorSimple | ssimp |
AI and Machine Learning
| Asset type | Name prefix |
|---|---|
| Azure Cognitive Search | srch- |
| Azure Cognitive Services | cog- |
| Azure Machine Learning workspace | mlw- |
Analytics and IoT
| Asset type | Name prefix |
|---|---|
| Azure Analysis Services server | as- |
| Azure Databricks workspace | dbw- |
| Azure Stream Analytics | asa- |
| Azure Data Factory | adf- |
| Data Lake Store account | dls |
| Data Lake Analytics account | dla |
| Event hub | evh- |
| HDInsight - Hadoop cluster | hadoop- |
| HDInsight - HBase cluster | hbase- |
| HDInsight - Kafka cluster | kafka- |
| HDInsight - Spark cluster | spark- |
| HDInsight - Storm cluster | storm- |
| HDInsight - ML Services cluster | mls- |
| IoT hub | iot- |
| Power BI Embedded | pbi- |
Integration
| Asset type | Name prefix |
|---|---|
| Logic apps | logic- |
| Service Bus | sb- |
| Service Bus queue | sbq- |
| Service Bus topic | sbt- |
Management and governance
| Asset type | Name prefix |
|---|---|
| Blueprint | bp- |
| Blueprint assignment | bpa- |
| Key vault | kv- |
| Log Analytics workspace | log- |
| Application Insights | appi- |
| Recovery Services vault | rsv- |
Migration
| Asset type | Name prefix |
|---|---|
| Azure Migrate project | migr- |
| Database Migration Service instance | dms- |
| Recovery Services vault | rsv- |
Metadata tags
When you apply metadata tags to your cloud resources, you can include information about those assets that couldn't be included in the resource name. You can use that information to perform more sophisticated filtering and reporting on resources. You want these tags to include context about the resource's associated workload or application, operational requirements, and ownership information. This information can be used by IT or business teams to find resources or generate reports about resource usage and billing.
What tags you apply to resources and what tags are required or optional differs among organizations. The following list provides examples of common tags that capture important context and information about a resource. Use this list as a starting point to establish your own tagging conventions.
| Tag Name | Description | Key | Example value |
|---|---|---|---|
| Application name | Name of the application, service, or workload the resource is associated with. | ApplicationName | {application name} |
| Approver name | Person responsible for approving costs related to this resource. | Approver | {email} |
| Budget required/approved | Money allocated for this application, service, or workload. | BudgetAmount | {$} |
| Business unit | Top-level division of your company that owns the subscription or workload the resource belongs to. In smaller organizations, this tag might represent a single corporate or shared top-level organizational element. | BusinessUnit | FINANCE, MARKETING, {Product Name}, CORP, SHARED |
| Cost center | Accounting cost center associated with this resource. | CostCenter | {number} |
| Disaster recovery | Business criticality of the application, workload, or service. | DR | Mission-critical, Critical, Essential |
| End date of the project | Date when the application, workload, or service is scheduled for retirement. | EndDate | {date} |
| Environment | Deployment environment of the application, workload, or service. | Env | Prod, Dev, QA, Stage, Test |
| Owner name | Owner of the application, workload, or service. | Owner | {email} |
| Requester name | User who requested the creation of this application. | Requester | {email} |
| Service class | Service level agreement level of the application, workload, or service. | ServiceClass | Dev, Bronze, Silver, Gold |
| Start date of the project | Date when the application, workload, or service was first deployed. | StartDate | {date} |
Example names
The following section provides some example names for common Azure resource types in an enterprise cloud deployment.
Example names: General
| Asset type | Scope | Format | Examples |
|---|---|---|---|
| Subscription | Account/ Enterprise Agreement |
<Business Unit>-<Subscription type>-<###> | |
| Resource group | Subscription | rg-<App or service name>-<Subscription type>-<###> | |
| API management service instance | Global | apim-<App or service name> | apim-navigator-prod |
Note
The example names above and elsewhere in this document reference a three digit padding (<###>). I.E. mktg-prod-001
Padding aids in human readability and sorting of assets when those assets are managed in a configuration management database (CMDB), IT Asset Management tool, or traditional accounting tools. When the deployed asset is managed centrally as part of a larger inventory or portfolio of IT assets, the padding approach aligns with interfaces those systems use to manage inventory naming.
Unfortunately, the traditional asset padding approach can prove problematic in infrastructure-as-code approaches which may iterate through assets based on a non-padded number. This approach is common during deployment or automated configuration management tasks. Those scripts would have to routinely strip the padding and convert the padded number to a real number, which slows script development and run time.
Which approach you choose to implement is a personal decision. The padding in this article is meant to illustrate the importance of using a consistent approach to inventory numbering, not which approach is superior. Before deciding on a number schema (with or without padding) evaluate which will have a bigger impact on long term operations: CMDB/asset management solutions or code-based inventory management. Then consistently follow the padding option that best fits your operational needs.
Example names: Networking
| Asset type | Scope | Format | Examples |
|---|---|---|---|
| Virtual network | Resource group | vnet-<Subscription type>-<Region>-<###> | |
| Subnet | Virtual network | snet-<subscription>-<subregion>-<###> | |
| Network interface (NIC) | Resource group | nic-<##>-<vm name>-<subscription><###> | |
| Public IP address | Resource group | pip-<vm name or app name>-<Environment>-<subregion>-<###> | |
| Load balancer | Resource group | lb-<app name or role><Environment><###> | |
| Network security group (NSG) | Subnet or NIC | nsg-<policy name or app name>-<###> | |
| Local network gateway | Virtual gateway | lgw-<Subscription type>-<Region>-<###> | |
| Virtual network gateway | Virtual network | vgw-<Subscription type>-<Region>-<###> | |
| Site-to-site connection | Resource group | cn-<local gateway name>-to-<virtual gateway name> | |
| VPN connection | Resource group | cn-<subscription1><region1>-to-<subscription2><region2>- | |
| Route table | Resource group | route-<route table name> | |
| DNS label | Global | <A record of vm>.<region>.cloudapp.azure.com |
Example names: Compute and Web
| Asset type | Scope | Format | Examples |
|---|---|---|---|
| Virtual machine | Resource group | vm<policy name or app name><###> | |
| VM storage account | Global | stvm<performance type><app name or prod name><region><###> | |
| Web app | Global | app-<App Name>-<Environment>-<###>.[{azurewebsites.net}] | |
| Function app | Global | func-<App Name>-<Environment>-<###>.[{azurewebsites.net}] | |
| Cloud service | Global | cld-<App Name>-<Environment>-<###>.[{cloudapp.net}] | |
| Notification hub | Resource group | ntf-<App Name>-<Environment> | |
| Notification Hubs namespace | Global | ntfns-<App Name>-<Environment> |
Example names: Databases
| Asset type | Scope | Format | Examples |
|---|---|---|---|
| Azure SQL Database server | Global | sql-<App Name>-<Environment> | |
| Azure SQL database | Azure SQL Database | sqldb-<Database Name>-<Environment> | |
| Azure Cosmos DB database | Global | cosmos-<App Name>-<Environment> | |
| Azure Cache for Redis instance | Global | redis-<App Name>-<Environment> | |
| MySQL database | Global | mysql-<App Name>-<Environment> | |
| PostgreSQL database | Global | psql-<App Name>-<Environment> | |
| Azure SQL Data Warehouse | Global | sqldw-<App Name>-<Environment> | |
| SQL Server Stretch Database | Azure SQL Database | sqlstrdb-<App Name>-<Environment> |
Example names: Storage
| Asset type | Scope | Format | Examples |
|---|---|---|---|
| Storage account (general use) | Global | st<storage name><###> | |
| Storage account (diagnostic logs) | Global | stdiag<first 2 letters of subscription name and number><region><###> | |
| Azure StorSimple | Global | ssimp<App Name><Environment> |
Example names: AI and machine learning
| Asset type | Scope | Format | Examples |
|---|---|---|---|
| Azure Cognitive Search | Global | srch-<App Name>-<Environment> | |
| Azure Cognitive Services | Resource group | cog-<App Name>-<Environment> | |
| Azure Machine Learning workspace | Resource group | mlw-<App Name>-<Environment> |
Example names: Analytics and IoT
| Asset type | Scope | Format | Examples |
|---|---|---|---|
| Azure Data Factory | Global | adf-<App Name><Environment> | |
| Azure Stream Analytics | Resource group | asa-<App Name>-<Environment> | |
| Data Lake Analytics account | Global | dla<App Name><Environment> | |
| Data Lake Storage account | Global | dls<App Name><Environment> | |
| Event hub | Global | evh-<App Name>-<Environment> | |
| HDInsight - HBase cluster | Global | hbase-<App Name>-<Environment> | |
| HDInsight - Hadoop cluster | Global | hadoop-<App Name>-<Environment> | |
| HDInsight - Spark cluster | Global | spark-<App Name>-<Environment> | |
| IoT hub | Global | iot-<App Name>-<Environment> | |
| Power BI Embedded | Global | pbi-<App Name><Environment> |
Example names: Integration
| Asset type | Scope | Format | Examples |
|---|---|---|---|
| Service Bus | Global | sb-<App Name>-<Environment>.[{servicebus.windows.net}] | |
| Service Bus queue | Service Bus | sbq-<query descriptor> | |
| Service Bus topic | Service Bus | sbt-<query descriptor> |