From 7e4f8ef94c7069e40ba39c5846ab41245c646d0d Mon Sep 17 00:00:00 2001
From: acanbym <a.canby.m@gmail.com>
Date: Wed, 14 May 2025 10:15:26 +0100
Subject: [PATCH 1/3] chore: updating tagging standards and how to guide

---
 docs/technical-standards/How-to guides/tagging.md   |  2 +-
 .../Reference/hosting-standards/tagging.md          | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/docs/technical-standards/How-to guides/tagging.md b/docs/technical-standards/How-to guides/tagging.md
index ac1163f..cf019cc 100644
--- a/docs/technical-standards/How-to guides/tagging.md	
+++ b/docs/technical-standards/How-to guides/tagging.md	
@@ -13,7 +13,7 @@ provider "aws" {
     tags = {
       Application = "Developer Playbook"
       TeamEmail   = "developers@hackney.gov.uk"
-      Environment = "production"
+      Environment = "prod"
     }
   }
 }
diff --git a/docs/technical-standards/Reference/hosting-standards/tagging.md b/docs/technical-standards/Reference/hosting-standards/tagging.md
index 4e26bde..be9b9ee 100644
--- a/docs/technical-standards/Reference/hosting-standards/tagging.md
+++ b/docs/technical-standards/Reference/hosting-standards/tagging.md
@@ -14,11 +14,22 @@ To ensure we can consistently search for, and report on, the tags we use, you sh
 - `TeamEmail`: The email address of the team responsible for the operation of the service. Must be a valid email group, not an individual.
 - `Environment`: The name of the environment, must be one of `dev`, `stg`, `prod` or `mgmt`[^environment-tags-source].
 
+### Mandatory tags for data-holding resources
+
+The following potentially data-holding resources must have the Confidentiality tag:
+- EC2 instance
+- EBS volume
+- RDS instance
+- RDS cluster
+- DynamoDB table
+You will not be able to deploy the above resources if they are not tagged with the Confidentiality tag. 
+- `Confidentiality`: Data confidentiality of the infrastructure. Must be one of `Internal`, `Restricted`, or `Public`[^confidentiality-tags-source].
+
 ### Optional tags
 
 - `AutomationBuildUrl`: URL of the automation build, must be a valid URL.
 - `BackupPolicy`: The backup policy to apply to the resource. If present must be one of `Dev`, `Stg`, `Preprod`, `Prod`, `Mgmt`.
-- `Confidentiality`: Data confidentiality of the infrastructure. Only applicable to infrastructure which holds data, e.g. EC2, RDS, EBS, DynamoDB, Glue, and S3. Must be one of `Internal`, `Restricted`, or `Public`[^confidentiality-tags-source].
+- `Confidentiality`: Data confidentiality of the infrastructure. Only mandatory for infrastructure which holds data, e.g. EC2, RDS, EBS, DynamoDB, Glue, and S3. Optional for all other infrastructure. Must be one of `Internal`, `Restricted`, or `Public`[^confidentiality-tags-source].
 - `Department`: The service area this system serves.
 - `WeekendShutdown`: If present, regardless of the value provided the resource will be shut down over the weekend.
 - `OutOfHoursShutdown`: If present, regardless of the value provided the resource will be shut down out of working hours.

From f7a831e86fc8ddf3d012332182da69c7d3eebc16 Mon Sep 17 00:00:00 2001
From: acanbym <a.canby.m@gmail.com>
Date: Wed, 14 May 2025 10:29:39 +0100
Subject: [PATCH 2/3] chore: remove unnecessary part

---
 docs/technical-standards/Reference/hosting-standards/tagging.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/technical-standards/Reference/hosting-standards/tagging.md b/docs/technical-standards/Reference/hosting-standards/tagging.md
index be9b9ee..d735deb 100644
--- a/docs/technical-standards/Reference/hosting-standards/tagging.md
+++ b/docs/technical-standards/Reference/hosting-standards/tagging.md
@@ -23,7 +23,7 @@ The following potentially data-holding resources must have the Confidentiality t
 - RDS cluster
 - DynamoDB table
 You will not be able to deploy the above resources if they are not tagged with the Confidentiality tag. 
-- `Confidentiality`: Data confidentiality of the infrastructure. Must be one of `Internal`, `Restricted`, or `Public`[^confidentiality-tags-source].
+- `Confidentiality`: Data confidentiality of the infrastructure. Must be one of `Internal`, `Restricted`, or `Public`.
 
 ### Optional tags
 

From 0a5289a3195d4c6971ce661a61e2910fc54a1a7a Mon Sep 17 00:00:00 2001
From: acanbym <a.canby.m@gmail.com>
Date: Wed, 14 May 2025 10:48:10 +0100
Subject: [PATCH 3/3] chore: update tag in serverless

---
 docs/technical-standards/How-to guides/tagging.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/technical-standards/How-to guides/tagging.md b/docs/technical-standards/How-to guides/tagging.md
index cf019cc..e87df63 100644
--- a/docs/technical-standards/How-to guides/tagging.md	
+++ b/docs/technical-standards/How-to guides/tagging.md	
@@ -69,7 +69,7 @@ In order to add tagging to AWS resources managed by Serverless Framework:
       stackTags:
           Application: "Developer Playbook"
           TeamEmail: "developers@hackney.gov.uk"
-          Environment: "production"
+          Environment: "prod"
 
           # For CircleCI
           AutomationBuildUrl: ${env:CIRCLE_BUILD_URL}