Untaggable Cost Tagging
Not all cloud costs can be tagged at the source.
In real-world cloud environments, a significant portion of spend originates from system-generated, billing-level, or shared infrastructure charges that do not inherit resource tags.
If left unmanaged, these costs appear as:
Unallocated
Uncategorized
Attributed to "No Owner"
Dumped into root accounts
This creates reporting gaps and weakens financial accountability.
Virtual Tags solve this.
Why Some Costs Cannot Be Tagged
Certain charges are generated:
At billing time (not resource level)
Across accounts
Outside of compute resources
At platform or enterprise agreement level
These charges do not carry native tags, even if tagging hygiene is strong.
Examples include:
Data transfer between services
Enterprise Discount Program (EDP) adjustments
Support plan fees
Reserved Instance (RI) amortization
Savings Plan (SP) amortization
Cross-account networking
RDS automated backups
Out-of-cycle adjustments
Marketplace subscriptions
How Virtual Tags Solve This
Virtual Tags allow rule-based allocation using billing metadata such as:
Usage Type
Charge Type
Service
Region
Account
Resource Name
Instead of modifying cloud tags, OneLens applies allocation logic during the cost pipeline.
This ensures 100% cost allocation coverage — even for costs that cannot be tagged natively.
Example Rule
If:
Usage Type contains
"DataTransfer"Region =
us-east-1
Then:
→ Assign to Platform Shared Cost Centre
This ensures shared networking costs are consistently allocated to the correct business owner.
Common Untaggable Cost Examples
Below is a reference table of real-world untaggable or system-level charges and how they are typically handled.
AWS
Inter-AZ / Inter-Region Data Transfer
Generated at network billing layer
Allocate to Platform or proportional to consuming BUs
Provider = AWS AND Usage Type contains "DataTransfer"
AWS
NAT Gateway Data Processing
Network-layer charge
Proportional split across consuming cost centres
Service = AmazonVPC AND Usage Type contains "NatGateway"
AWS
RDS Automated Backup Storage
System-generated backup usage
Assign to owning application team
Service = AmazonRDS AND Usage Type contains "BackupUsage"
AWS
Enterprise Support Fee
% of monthly spend
Even split or proportional across all cost centres
Charge Type = Support
AWS
Marketplace Subscription
Subscription-level billing
Assign to owning BU
Billing Entity = AWS Marketplace
AWS
EDP (Enterprise Discount Program) Credit
Applied post usage
Proportional to total spend
Line Item Type = Discount
AWS
OOC (Out-of-Cycle) Charge
Manual billing adjustment
Assign to Finance Shared cost centre
Line Item Type = Fee AND Description contains "Out of Cycle"
Azure
Inter-Region Data Transfer
Generated at network layer
Allocate to Platform or proportional
Provider = Azure AND Meter Category contains "Bandwidth"
Azure
Azure Support Plan
Subscription-level charge
Even split across BUs
Meter Category = Support
Azure
Backup Vault Storage
Generated by Azure Backup service
Assign to owning BU
Service Name = Azure Backup
Azure
Marketplace Charges
Subscription-level billing
Map to owning BU
Publisher Type = Marketplace
Azure
EA (Enterprise Agreement) Credit
Applied at billing account level
Proportional across cost centres
Charge Type = Credit
GCP
Inter-Region Network Egress
Network-layer billing
Proportional allocation
Provider = GCP AND SKU Description contains "Network Egress"
GCP
Committed Use Discount (CUD)
Billing-level construct
Proportional allocation
Credit Type contains "CommittedUseDiscount"
GCP
Sustained Use Discount
Applied post-usage
Proportional allocation
Credit Type contains "SustainedUsage"
GCP
Cloud Support
Billing account-level charge
Even split
Service Description contains "Support"
GCP
Snapshot Storage
Generated by system backup
Assign to owning BU
SKU Description contains "Snapshot"
GCP
Marketplace Subscription
Subscription billing
Assign to BU
Service Description contains "Marketplace"
OCI
Data Transfer Outbound
Network-layer charge
Proportional allocation
Provider = OCI AND Usage Type contains "DataTransferOut"
OCI
Support Subscription
Account-level subscription
Even split
Service Name contains "Support"
OCI
Reserved Capacity
Billing-level allocation
Proportional allocation
Usage Type contains "ReservedCapacity"
OCI
Backup Storage
System-generated
Assign to owning BU
Service Name contains "Backup"
OCI
Marketplace Listing
Subscription billing
Map to BU
Service Category = Marketplace
How to Think About These Rules
When creating Virtual Tag rules for untaggable costs:
Identify the billing dimension that uniquely describes the cost (Usage Type, Meter Category, SKU Description, Charge Type)
Decide allocation strategy:
Even split
Proportional
Fixed percentage
Assign to:
A Shared Platform cost centre
A Finance root cost centre
A Specific BU
What Happens Without Virtual Tags
Without rule-based allocation:
Untagged costs appear under “Unallocated”
Finance sees reconciliation gaps
BU-level reports become inaccurate
Engineering cannot identify optimization scope
Shared services distort team budgets
Leadership loses trust in reporting
Over time, this erodes cost accountability.
What Happens With Virtual Tags
With proper Virtual Tag configuration:
100% cost allocation coverage
No orphan spend
Clean BU-level reporting
Fair shared cost distribution
Accurate margin analysis
Audit-ready cost transparency
Finance trusts the numbers. Engineering trusts the attribution. Leadership trusts the reporting.
Best Practice
Start by:
Identifying top unallocated cost categories.
Creating targeted Virtual Tag rules for those categories.
Reviewing allocation impact before pipeline execution.
Monitoring allocation accuracy monthly.
Untagged cost is not a tagging failure — it is a billing reality. Virtual Tags ensure that reality does not break your reporting.
Last updated