From ebc955f2997fc75e969134d8c325fb0a39fca4d0 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 29 Dec 2025 13:48:35 -0500
Subject: [PATCH] initial

---
 aws/proposals/refine-finops-tags/README.md | 40 ++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 aws/proposals/refine-finops-tags/README.md

diff --git a/aws/proposals/refine-finops-tags/README.md b/aws/proposals/refine-finops-tags/README.md
new file mode 100644
index 00000000..6648f400
--- /dev/null
+++ b/aws/proposals/refine-finops-tags/README.md
@@ -0,0 +1,40 @@
+# Refine Infrastruture Related FinOps Tags
+
+When the FinOps tagging values were created, it was decided to lump all infrastructure-related
+things into a single code, `fs0000000000` (which I'll shorten to 0 here).  This has turned out not to
+work well, because some aspects of these belong to and are funded by different organizations.
+
+I propose an update to the FinOps tag format for infrastructure things.  These would apply to portions
+of the AWS resources related to the full setup and operation of the account, including but not limited to:
+
+* Networking
+  * VPC
+  * Routes
+  * Subnets
+  * NACL
+  * Base Security Groups
+  * Transit Gateway
+  * VPC Endpoints (most of them)
+  * Route53
+  * VPC and TGW Flow Logs
+* Management
+  * Identity Center
+  * Organizations
+* Security Capabilities
+  * CloudTrail
+  * Config
+  * SecurityHub
+  * GuardDuty
+  * Inspector
+  * Log Ingest
+  * CloudWatch Logging
+* Operations
+  * Systems Manager
+  * Backups
+  * Provisioning and ServiceCatalog
+  * IaC Setup
+* Baseline
+  * Account
+  * IAM Roles and Users
+  * IAM Policies
+  * KMS Keys