# Naming-Convention-Best-Practices

## Use cases

* Developers that need to create a SageMaker notebook instances with instance type t2.* and t3.* in specific region 'us-west-2'

## Guidence

* The **prefix** ensures that tags are clearly identified as having been defined by your organization and not by AWS or a third-party tool that you may be using.


* Using **all lowercase with hyphens for separators** avoids confusion about how to capitalize a tag name:

    * **`anycompany:project-id`** is simpler to remember than:
    
    
      * ANYCOMPANY:ProjectID,
      * anycompany:projectID, or 
      * Anycompany:ProjectId

* aws tagging best practices [whitepage](https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf)


## Naming Convention Proposal

1. using `:` or `.` to seperate your naming segmentation. For example

2. Hierarchical of naming rules:

```
any-company
    |- env:                           sandbox | dev | qa | pre-prod | prod
        |- region:                    all | us-east-1 | us-west-2
            |- resource-name:         sagemaker | s3 | ec2
            |- job-function:          data-scientist
            |- biz-org:               sde-1 | sde-2
                |- actions:           basic-execution | create-nb | access-s3
                    |- resouce-type:  role | policy | subnet | sg | kms-key
```

3. For example:
    * `<abc-company>.<env>.<region>.<resouce-name/job-function/biz-org>.<actions>.<resource-type>`

        * abc.dev.us-west-2.sagemaker.create-nb.policy
        * abc.dev.all.sagemaker.create-training.policy
        * abc.dev.all.data-scientist.execution.role

## Tags

1. Business Tags
    * owner: identify who is responsible for this resource
    * project-name
    * project-id
    * customer-id
    * cost-center: cost allocation and tracking
        * example:

        ```
            abc:cost-center: 1600|0.25|1625|0.20|1731|0.50|1744|0.05
        ```

2. Technical Tags
    * env:      sandbox | dev | qa | pre-prod | prod
    * app-id:
    * app-role: web | api | log | auth | batch | basion | mobile | proxy
    * cluster:  front-end | back-end | data-pipleline
    * version:  2.0.1
    * customer-facing: yes | no


3. Security Tags
    * confidential: data confidential level, 0 | 1 | 2
    * compliance: pci-dss | hipaa


4. Automation Tags
    * ops-date: date or time that resources need to be started, stopped, deleted, or rotated
    * options: opt-in | opt-out
    


## AWS Policy Naming Convention


*`abc.dev.us-west-2.sagemaker.create-nb.policy`*

* abc: company name
* dev: environment such as sandbox | dev | qa | pre-prod | prod
* all: all regions
* sagemaker: aws services
* create-nb: create notebook instance
* policy: aws iam policy

description: abc company in dev all regions for sagemaker service to create notoebook instances

## AWS Policy details

services: SageMaker

actions: CreateNotebookInstance

    Supported resource types
        * notebook-instance

    Supported condition keys
        * sagemaker:RootAccess
        * sagemaker:InstanceTypes
        * sagemaker:DirectInternetAccess
        * sagemaker:AcceleratorTypes
        * aws:RequestTag/${TagKey}
        * aws:TagKeys
        * sagemaker:VolumeKmsKey
        * sagemaker:VpcSecurityGroupIds
        * sagemaker:VpcSubnets     


In [None]:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "sagemaker:CreateNotebookInstance",
            "Resource": "arn:aws:sagemaker:us-west-2:752257916058:notebook-instance/*",
            "Condition": {
                "ForAnyValue:Null": {
                    "sagemaker:InstanceTypes": [
                        "ml.t2.medium",
                        "ml.t3.medium"
                    ]
                }
            }
        }
    ]
}