Hi All, Is there a way a tagging policy can be used to populate tag values for any existing resources where tag values are missing, or will the policies only be enforceable on new resources from the point that the policy is applied?
The tag policies will show non-compliant on the systems missing those tags (brownfield included). I believe there is a report that shows the compliance of your systems with tag policies as well.
Now if you try to edit any of the non-compliant brownfield the policy should insert the allowed/mandatory key:value selections (if applicable) for a user to assign.
However, if you set a static key:value we do not retroactively apply.
As @cbunge said, it’s not automatic and retroactive but the Tag Compliance Report can surface all non-compliant workloads to you, either in a single Cloud or appliance-wide. Additionally, you’ll see a warning banner on the server detail page for any non-compliant VMs. If you set the Policy to enforce strict compliance then, going forward, you should never have any workloads that are out of compliance.
Also, tagging policies only apply to four Cloud types for now: VMware, Amazon, Azure, and GCP.