This is just adding metadata. The whole blog can be reduced to...

'Tag resources for any cloud you work in'

Azure recommends this. AWS recommends this. etc.

https://docs.aws.amazon.com/whitepapers/latest/tagging-best-...https://learn.microsoft.com/en-us/azure/azure-resource-manag...

I've never considered ownership in an IaC repo down to the individual resource and I'm struggling to see the usecase.

We also use tags/labels to link the generated "thing" back to the repository that created it with:

- The repo URL

- The pipeline URL

- The commit hash (also retrievable from the pipeline details)

These are all discovered via GitLab CI variables [1].

From this we would use the Git repository to identify ownership. We have the benefit of our Infosec team having wide access to our GitLab instance, which might hamper other companies.

How would you handle a situation where someone creates a resource but then leaves?

The good thing about looking at an entire repository is that it gives you the entire history and who else might have worked on it. In hierarchical Git providers (eg. GitLab), it can also indicate where the project sits relative to others. If you just have a single person, you may struggle to find out who now owns a resource.

[1] https://docs.gitlab.com/ci/variables/predefined_variables/

NHI => Non-human identity, something I had never heard before reading this (even though i was familiar with the concept of identities for services, like service accounts or iam roles or whatever). I wonder if that's a common acronym.

This was borderline incoherent.