# Define the rules for applying the tags An effective tagging strategy uses standardized tags and applies them consistently and programmatically across AWS resources. You can use both proactive and reactive** **approaches for governing tags in your AWS environment. | | | | | --- |--- |--- | |   | **Proactive enforcement** | **Reactive enforcement** | | **Approach** | Tags are applied based on a stakeholder-approved tagging policy and dictionary. | Resources with noncompliant tags are stopped or terminated. | | **AWS** | AWS Organizations ([SCPs](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples.html)) [AWS tag policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) (for [supported services](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_supported-resources-enforcement.html)) AWS CloudFormation ([tags as code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)) AWS Service Catalog ([TagOptions](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/tagoptions.html)) | AWS Config ([required-tags rule](https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html)) | | **Open source** | GorillaStack ([auto-tag](https://github.com/GorillaStack/auto-tag)) | [Cloud Custodian](https://cloudcustodian.io/) GorillaStack ([retro-tag](https://github.com/GorillaStack/retro-tag)) [Graffiti Monkey](https://github.com/Answers4AWS/graffiti-monkey)( tag propagation) | [AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html)** **centrally manages policies across multiple AWS accounts by creating logical groupings of accounts called organizational units (OUs). In this way, the organization has several policies that are attached to some of the OUs or directly to accounts. As an example, you could have two OUs (B2B products and Internal Tooling) with linked accounts (including production and development environments). Using AWS Organizations, you could attach policies for the B2B products and Internal Tooling OUs.