Recommended naming and tagging conventions

Organize your cloud assets to support operational management and accounting requirements. Well-defined naming and metadata tagging conventions help to quickly locate and manage resources. These conventions also help associate cloud usage costs with business teams via chargeback and showback accounting mechanisms.

Azure defines naming rules and restrictions for Azure resources. This guidance provides detailed recommendations to support enterprise cloud adoption efforts.

Changing resource names can be difficult. Establish a comprehensive naming convention before you begin any large cloud deployment.

Note

Every business has different organizational and management requirements. These recommendations provide a starting point for discussions within your cloud adoption teams.

As these discussions proceed, use the following template to capture the naming and tagging decisions you make when you align these recommendations to your specific business needs.

Download the naming and tagging conventions tracking template.

Naming and tagging resources

A naming and tagging strategy includes business and operational details as components of resource names and metadata tags:

The business side of this strategy ensures that resource names and tags include the organizational information needed to identify the teams. Use a resource along with the business owners who are responsible for resource costs.

The operational side ensures that names and tags include information that IT teams use to identify the workload, application, environment, criticality, and other information useful for managing resources.

Resource naming

An effective naming convention assembles resource names by using important resource information as parts of a resource's name. For example, using these recommended naming conventions, a public IP resource for a production SharePoint workload is named like this: pip-sharepoint-prod-westus-001.

From the name, you can quickly identify the resource's type, its associated workload, its deployment environment, and the Azure region hosting it.

Naming scope

All Azure resource types have a scope that defines the level that resource names must be unique. A resource must have a unique name within its scope.

For example, a virtual network has a resource group scope, which means that there can be only one network named vnet-prod-westus-001 in a given resource group. Other resource groups could have their own virtual network named vnet-prod-westus-001. Subnets are scoped to virtual networks, so each subnet within a virtual network must be uniquely named.

Some resource names, such as PaaS services with public endpoints or virtual machine DNS labels, have global scopes, which means that they must be unique across the entire Azure platform.

Resource names have length limits. Balancing the context embedded in a name with its scope and length is important when you develop your naming conventions. For more information, see naming rules and restrictions for Azure resources.

When you construct your naming convention, identify the key pieces of information that you want to reflect in a resource name. Different information is relevant for different resource types. The following list provides examples of information that are useful when you construct resource names.

Keep the length of naming components short to prevent exceeding resource name length limits.

Naming component Description Examples
Business unit Top-level division of your company that owns the subscription or workload the resource belongs to. In smaller organizations, this component might represent a single corporate top-level organizational element. fin, mktg, product, it, corp
Subscription type Summary description of the purpose of the subscription that contains the resource. Often broken down by deployment environment type or specific workloads. prod, shared, client
Application or service name Name of the application, workload, or service that the resource is a part of. navigator, emissions, sharepoint, hadoop
Deployment environment The stage of the development lifecycle for the workload that the resource supports. prod, dev, qa, stage, test
Region The Azure region where the resource is deployed. westus, eastus2, westeurope, usgovia

Each workload can consist of many individual resources and services. Incorporating resource type prefixes into your resource names makes it easier to visually identify application or service components.

This list recommends Azure resource type prefixes to use when you define your naming conventions.

General

Asset type Name prefix
Management group mg-
Resource group rg-
Policy definition policy-
API management service instance apim-

Networking

Asset type Name prefix
Virtual network vnet-
Subnet snet-
Virtual network peering peer-
Network interface (NIC) nic-
Public IP address pip-
Load balancer (internal) lbi-
Load balancer (external) lbe-
Network security group (NSG) nsg-
Application security group (ASG) asg-
Local network gateway lgw-
Virtual network gateway vgw-
VPN connection cn-
Application gateway agw-
Route table route-
User defined route (UDR) udr-
Traffic Manager profile traf-
Front door fd-
CDN profile cdnp-
CDN endpoint cdne-

Compute and Web

Asset type Name prefix
Virtual machine vm
Virtual machine scale set vmss-
Availability set avail-
VM storage account stvm
Azure Arc connected machine arcm-
Container registry cr-
Container instance ci-
AKS cluster aks-
Service Fabric cluster sf-
App Service environment ase-
App Service plan plan-
Web app app-
Function app func-
Cloud service cld-
Notification Hubs ntf-
Notification Hubs namespace ntfns-

Databases

Asset type Name prefix
Azure SQL Database server sql-
Azure SQL database sqldb-
Azure Cosmos DB database cosmos-
Azure Cache for Redis instance redis-
MySQL database mysql-
PostgreSQL database psql-
Azure SQL Data Warehouse sqldw-
Azure Synapse Analytics syn-
SQL Server Stretch Database sqlstrdb-

Storage

Asset type Name prefix
Storage account st
Azure StorSimple ssimp

AI and Machine Learning

Asset type Name prefix
Azure Cognitive Search srch-
Azure Cognitive Services cog-
Azure Machine Learning workspace mlw-

Analytics and IoT

Asset type Name prefix
Azure Analysis Services server as
Azure Databricks workspace dbw-
Azure Stream Analytics asa-
Azure Data Factory adf-
Data Lake Store account dls
Data Lake Analytics account dla
Event hub evh-
HDInsight - Hadoop cluster hadoop-
HDInsight - HBase cluster hbase-
HDInsight - Kafka cluster kafka-
HDInsight - Spark cluster spark-
HDInsight - Storm cluster storm-
HDInsight - ML Services cluster mls-
IoT hub iot-
Power BI Embedded pbi-

Integration

Asset type Name prefix
Logic apps logic-
Service Bus sb-
Service Bus queue sbq-
Service Bus topic sbt-

Management and governance

Asset type Name prefix
Blueprint bp-
Blueprint assignment bpa-
Key vault kv-
Log Analytics workspace log-
Application Insights appi-
Recovery Services vault rsv-

Migration

Asset type Name prefix
Azure Migrate project migr-
Database Migration Service instance dms-
Recovery Services vault rsv-

Metadata tags

When you apply metadata tags to your cloud resources, you can include information about those assets that couldn't be included in the resource name. You can use that information to perform more sophisticated filtering and reporting on resources. You want these tags to include context about the resource's associated workload or application, operational requirements, and ownership information. This information can be used by IT or business teams to find resources or generate reports about resource usage and billing.

What tags you apply to resources and what tags are required or optional differs among organizations. The following list provides examples of common tags that capture important context and information about a resource. Use this list as a starting point to establish your own tagging conventions.

Tag Name Description Key Example value
Application name Name of the application, service, or workload the resource is associated with. ApplicationName {application name}
Approver name Person responsible for approving costs related to this resource. Approver {email}
Budget required/approved Money allocated for this application, service, or workload. BudgetAmount {$}
Business unit Top-level division of your company that owns the subscription or workload the resource belongs to. In smaller organizations, this tag might represent a single corporate or shared top-level organizational element. BusinessUnit FINANCE, MARKETING, {Product Name}, CORP, SHARED
Cost center Accounting cost center associated with this resource. CostCenter {number}
Disaster recovery Business criticality of the application, workload, or service. DR Mission-critical, Critical, Essential
End date of the project Date when the application, workload, or service is scheduled for retirement. EndDate {date}
Environment Deployment environment of the application, workload, or service. Env Prod, Dev, QA, Stage, Test
Owner name Owner of the application, workload, or service. Owner {email}
Requester name User who requested the creation of this application. Requester {email}
Service class Service level agreement level of the application, workload, or service. ServiceClass Dev, Bronze, Silver, Gold
Start date of the project Date when the application, workload, or service was first deployed. StartDate {date}

Example names

The following section provides some example names for common Azure resource types in an enterprise cloud deployment.

Example names: General

Asset type Scope Format Examples
Management group Business unit and/or Environment type mg-<Business Unit>[-<Environment type>]
  • mg-mktg
  • mg-hr
  • mg-corp-prod
  • mg-fin-client
  • Subscription Account/
    Enterprise Agreement
    <Business Unit>-<Subscription type>-<###>
  • mktg-prod-001
  • corp-shared-001
  • fin-client-001
  • Resource group Subscription rg-<App or service name>-<Subscription type>-<###>
  • rg-mktgsharepoint-prod-001
  • rg-acctlookupsvc-share-001
  • rg-ad-dir-services-shared-001
  • API management service instance Global apim-<App or service name> apim-navigator-prod

    Note

    The example names above and elsewhere in this document reference a three digit padding (<###>). I.E. mktg-prod-001

    Padding aids in human readability and sorting of assets when those assets are managed in a configuration management database (CMDB), IT Asset Management tool, or traditional accounting tools. When the deployed asset is managed centrally as part of a larger inventory or portfolio of IT assets, the padding approach aligns with interfaces those systems use to manage inventory naming.

    Unfortunately, the traditional asset padding approach can prove problematic in infrastructure-as-code approaches which may iterate through assets based on a non-padded number. This approach is common during deployment or automated configuration management tasks. Those scripts would have to routinely strip the padding and convert the padded number to a real number, which slows script development and run time.

    Which approach you choose to implement is a personal decision. The padding in this article is meant to illustrate the importance of using a consistent approach to inventory numbering, not which approach is superior. Before deciding on a number schema (with or without padding) evaluate which will have a bigger impact on long term operations: CMDB/asset management solutions or code-based inventory management. Then consistently follow the padding option that best fits your operational needs.

    Example names: Networking

    Asset type Scope Format Examples
    Virtual network Resource group vnet-<Subscription type>-<Region>-<###>
  • vnet-shared-eastus2-001
  • vnet-prod-westus-001
  • vnet-client-eastus2-001
  • Subnet Virtual network snet-<subscription>-<subregion>-<###>
  • snet-shared-eastus2-001
  • snet-prod-westus-001
  • snet-client-eastus2-001
  • Network interface (NIC) Resource group nic-<##>-<vm name>-<subscription><###>
  • nic-01-dc1-shared-001
  • nic-02-vmhadoop1-prod-001
  • nic-02-vmtest1-client-001
  • Public IP address Resource group pip-<vm name or app name>-<Environment>-<subregion>-<###>
  • pip-dc1-shared-eastus2-001
  • pip-hadoop-prod-westus-001
  • Load balancer Resource group lb-<app name or role><Environment><###>
  • lb-navigator-prod-001
  • lb-sharepoint-dev-001
  • Network security group (NSG) Subnet or NIC nsg-<policy name or app name>-<###>
  • nsg-weballow-001
  • nsg-rdpallow-001
  • nsg-sqlallow-001
  • nsg-dnsblocked-001
  • Local network gateway Virtual gateway lgw-<Subscription type>-<Region>-<###>
  • lgw-shared-eastus2-001
  • lgw-prod-westus-001
  • lgw-client-eastus2-001
  • Virtual network gateway Virtual network vgw-<Subscription type>-<Region>-<###>
  • vgw-shared-eastus2-001
  • vgw-prod-westus-001
  • vgw-client-eastus2-001
  • Site-to-site connection Resource group cn-<local gateway name>-to-<virtual gateway name>
  • cn-lgw-shared-eastus2-001-to-vgw-shared-eastus2-001
  • cn-lgw-shared-eastus2-001-to-shared-westus-001
  • VPN connection Resource group cn-<subscription1><region1>-to-<subscription2><region2>-
  • cn-shared-eastus2-to-shared-westus
  • cn-prod-eastus2-to-prod-westus
  • Route table Resource group route-<route table name>
  • route-navigator
  • route-sharepoint
  • DNS label Global <A record of vm>.<region>.cloudapp.azure.com
  • dc1.westus.cloudapp.azure.com
  • web1.eastus2.cloudapp.azure.com
  • Example names: Compute and Web

    Asset type Scope Format Examples
    Virtual machine Resource group vm<policy name or app name><###>
  • vmnavigator001
  • vmsharepoint001
  • vmsqlnode001
  • vmhadoop001
  • VM storage account Global stvm<performance type><app name or prod name><region><###>
  • stvmstcoreeastus2001
  • stvmpmcoreeastus2001
  • stvmstplmeastus2001
  • stvmsthadoopeastus2001
  • Web app Global app-<App Name>-<Environment>-<###>.[{azurewebsites.net}]
  • app-navigator-prod-001.azurewebsites.net
  • app-accountlookup-dev-001.azurewebsites.net
  • Function app Global func-<App Name>-<Environment>-<###>.[{azurewebsites.net}]
  • func-navigator-prod-001.azurewebsites.net
  • func-accountlookup-dev-001.azurewebsites.net
  • Cloud service Global cld-<App Name>-<Environment>-<###>.[{cloudapp.net}]
  • cld-navigator-prod-001.azurewebsites.net
  • cld-accountlookup-dev-001.azurewebsites.net
  • Notification hub Resource group ntf-<App Name>-<Environment>
  • ntf-navigator-prod
  • ntf-emissions-dev
  • Notification Hubs namespace Global ntfns-<App Name>-<Environment>
  • ntfns-navigator-prod
  • ntfns-emissions-dev
  • Example names: Databases

    Asset type Scope Format Examples
    Azure SQL Database server Global sql-<App Name>-<Environment>
  • sql-navigator-prod
  • sql-emissions-dev
  • Azure SQL database Azure SQL Database sqldb-<Database Name>-<Environment>
  • sqldb-users-prod
  • sqldb-users-dev
  • Azure Cosmos DB database Global cosmos-<App Name>-<Environment>
  • cosmos-navigator-prod
  • cosmos-emissions-dev
  • Azure Cache for Redis instance Global redis-<App Name>-<Environment>
  • redis-navigator-prod
  • redis-emissions-dev
  • MySQL database Global mysql-<App Name>-<Environment>
  • mysql-navigator-prod
  • mysql-emissions-dev
  • PostgreSQL database Global psql-<App Name>-<Environment>
  • psql-navigator-prod
  • psql-emissions-dev
  • Azure SQL Data Warehouse Global sqldw-<App Name>-<Environment>
  • sqldw-navigator-prod
  • sqldw-emissions-dev
  • SQL Server Stretch Database Azure SQL Database sqlstrdb-<App Name>-<Environment>
  • sqlstrdb-navigator-prod
  • sqlstrdb-emissions-dev
  • Example names: Storage

    Asset type Scope Format Examples
    Storage account (general use) Global st<storage name><###>
  • stnavigatordata001
  • stemissionsoutput001
  • Storage account (diagnostic logs) Global stdiag<first 2 letters of subscription name and number><region><###>
  • stdiagsh001eastus2001
  • stdiagsh001westus001
  • Azure StorSimple Global ssimp<App Name><Environment>
  • ssimpnavigatorprod
  • ssimpemissionsdev
  • Example names: AI and machine learning

    Asset type Scope Format Examples
    Azure Cognitive Search Global srch-<App Name>-<Environment>
  • srch-navigator-prod
  • srch-emissions-dev
  • Azure Cognitive Services Resource group cog-<App Name>-<Environment>
  • cog-navigator-prod
  • cog-emissions-dev
  • Azure Machine Learning workspace Resource group mlw-<App Name>-<Environment>
  • mlw-navigator-prod
  • mlw-emissions-dev
  • Example names: Analytics and IoT

    Asset type Scope Format Examples
    Azure Data Factory Global adf-<App Name><Environment>
  • adf-navigator-prod
  • adf-emissions-dev
  • Azure Stream Analytics Resource group asa-<App Name>-<Environment>
  • asa-navigator-prod
  • asa-emissions-dev
  • Data Lake Analytics account Global dla<App Name><Environment>
  • dlanavigatorprod
  • dlaemissionsdev
  • Data Lake Storage account Global dls<App Name><Environment>
  • dlsnavigatorprod
  • dlsemissionsdev
  • Event hub Global evh-<App Name>-<Environment>
  • evh-navigator-prod
  • evh-emissions-dev
  • HDInsight - HBase cluster Global hbase-<App Name>-<Environment>
  • hbase-navigator-prod
  • hbase-emissions-dev
  • HDInsight - Hadoop cluster Global hadoop-<App Name>-<Environment>
  • hadoop-navigator-prod
  • hadoop-emissions-dev
  • HDInsight - Spark cluster Global spark-<App Name>-<Environment>
  • spark-navigator-prod
  • spark-emissions-dev
  • IoT hub Global iot-<App Name>-<Environment>
  • iot-navigator-prod
  • iot-emissions-dev
  • Power BI Embedded Global pbi-<App Name><Environment>
  • pbi-navigator-prod
  • pbi-emissions-dev
  • Example names: Integration

    Asset type Scope Format Examples
    Service Bus Global sb-<App Name>-<Environment>.[{servicebus.windows.net}]
  • sb-navigator-prod
  • sb-emissions-dev
  • Service Bus queue Service Bus sbq-<query descriptor>
  • sbq-messagequery
  • Service Bus topic Service Bus sbt-<query descriptor>
  • sbt-messagequery