Cost attribution has one dependency that quietly breaks it: every resource must be tagged correctly, by the engineer who created it, at the moment they created it, forever. That does not happen. Someone ships under deadline, skips the tag, and three months later finance cannot say which team owns the line item. The standard fix made it worse.
Heuristic auto-taggers try to guess the missing tags and write them back into your cloud. A guess that is wrong is now a permanent, authoritative-looking label on a production resource. Multiply that across thousands of resources and you have a tagging layer nobody trusts and nobody can safely clean up. You set out to attribute cost and ended up polluting your cloud’s metadata.
Smart Tags takes the opposite approach. Tags are derived from tagging policies you define, computed for cost attribution, and never written back to your cloud.
Attribution is a read problem, not a write problem
The mistake every tagging strategy makes is treating attribution as something you stamp onto resources. You do not. Attribution is a question you ask of resources: which team, which environment, which product does this spend belong to. You can answer that with a rule, not a label.
Smart Tags lives in a new Tagging domain on the Policy page. You write the rule once: resources in this account, matching this pattern, belong to this team. ZopNight derives the tag for every matching resource and uses it for cost attribution. Nothing is written to AWS, Azure, or GCP. Your cloud’s real tags stay exactly as they are.
Because the tag is derived, it covers everything the rule matches, including resources created after you wrote the rule and resources that were never tagged at all. There is no backfill, no migration, no asking engineers to go retag last quarter’s infrastructure.
Review, accept, or revoke, in bulk
Derived does not mean blind. A Smart Tags page shows every tag the policies produced, so you review them and accept or revoke in bulk or per resource. A rule that is too broad gets caught here, before it skews a single report, not after finance has built a quarter on top of it.
| Approach | Coverage | Writes to your cloud | Trust |
|---|---|---|---|
| Manual tags | Only what engineers remember | Yes | Low, gaps everywhere |
| Heuristic auto-tagger | Guesses the rest | Yes, wrong guesses persist | Lower, nobody trusts it |
| Smart Tags | Everything a rule matches | No, derived only | High, reviewable |
When derived tags work, and when they do not
Smart Tags works when ownership follows a pattern you can express: an account maps to a team, a naming convention marks an environment, a subscription belongs to a product. Most real estates have several such patterns, and a handful of rules covers the majority of spend.
It does not resolve genuinely ambiguous ownership. A shared resource used by four teams still needs a split rule or a human decision. A derived tag cannot invent an answer that does not exist, and the honest version of attribution surfaces that ambiguity instead of papering over it with a confident wrong tag.
The shift is small to describe and large in effect. Stop asking your cloud to remember who owns what. Ask your policies, and read the answer.
