Cloud Computing

Tag Key	Example Value	Purpose
`env`	`prod` / `nonprod` / `sandbox`	Environment
`application`	`crm-platform`	Application or workload name
`owner`	`platform-eng@company.com`	Team email for chargeback
`cost-centre`	`CC-1042`	Finance chargeback code
`tier`	`1` / `2` / `3`	Availability tier
`data-classification`	`internal` / `confidential`	Data sensitivity

Status	Meaning
🟢 Approved	Approved for use without additional review
🟡 Conditionally Approved	Approved with specific configuration requirements
🔴 Prohibited	Not permitted; contact Architecture for alternatives

Control	AWS Implementation	Azure Implementation
Identity	IAM Identity Centre (SSO)	Entra ID + PIM
Encryption at rest	KMS (customer managed keys)	Azure Key Vault
Encryption in transit	TLS 1.2 minimum enforced by SCP	Azure Policy
Secrets management	AWS Secrets Manager	Azure Key Vault
Vulnerability scanning	Amazon Inspector	Microsoft Defender for Cloud
SIEM integration	CloudTrail → Sentinel	Diagnostic Logs → Sentinel

¶ Cloud Computing