Cascading tags to all related resources

[MCraig]

Hello,

We currently use ASG and LC to launch our EC2s and apply a set of tags. However, we've realized that attached resources such as EBS and ENI are not getting tagged.

We use tags extensively to identify and track costs, so being able to 'cascade' to attached resources would be ideal.

I don't' see a way to identify tags for EBS and ENI through ASG or LC.

Thank you,

Mike

locals {

  egp_aws_default_tags = "${

    merge(

      var.extra_aws_tags,

      map(

        "Team","${var.team_tag}",

        "CostCenter","${var.cost_center_tag}",

        "Brand","${var.brand_tag}",

        "Application","${var.application_tag}",

        "AssetProtectionLevel","${var.asset_protection_level_tag}",

        "DataClassification","${var.data_classification_tag}",

        "Environment", "${var.environment_tag}",

        "Tier","${var.tier_tag}",

        "GCP_Environment", "${var.gcp_env_tag}",

        "Owner", "${var.owner_tag}",

        "LaunchedBy", "${var.launched_by_tag}",

        "WeekendShutdown","${var.lab_weekend_shutdown_tag}"

      )

    )

  }"

}

data "null_data_source" "asgTags" {

  count = "${length(keys(local.egp_aws_default_tags))}"

  inputs = {

    key                 = "${element(keys(local.egp_aws_default_tags), count.index)}"

    value               = "${element(values(local.egp_aws_default_tags), count.index)}"

    propagate_at_launch = true

  }

}

resource "aws_autoscaling_group" "serviceInstanceAutoscalingGroup" {

  availability_zones = "${split(",", lookup(module.defaultVars.availability_zones, format("%s.%s", var.aws_account_alias, var.aws_region)))}"

  name = "${var.environment_name}-${var.aws_region}-${var.service_name}-serviceInstanceAutoscalingGroup"

  max_size = "${var.service_instance_autoscaling_group_max_size}"

  min_size = "${var.service_instance_autoscaling_group_min_size}"

  health_check_grace_period = 300

  health_check_type = "EC2"

  desired_capacity = "${var.running_task_desired_count}"

  vpc_zone_identifier = "${split(",", lookup(module.defaultVars.vpc_subnet_ids, format("%s.%s.%s", var.aws_account_alias, var.aws_region, var.subnet_type =="public" ? "public" : local.asg_private_subnet_type )))}"

  launch_configuration = "${aws_launch_configuration.serviceInstanceLaunchConfig.name}"

  tags = [

    "${data.null_data_source.asgTags.*.outputs}",

    {

      key = "Name"

      value = "${var.environment_name}-${var.aws_region}-${var.service_name}"

      propagate_at_launch = true

    }

  ]

}

resource "aws_launch_configuration" "serviceInstanceLaunchConfig" {

    name_prefix = "${var.environment_name}-${var.aws_region}-${var.service_name}-serviceInstanceLaunchConfig-"

    image_id = "${module.ami.ami_id}"

    instance_type = "${var.service_instance_type}"

    iam_instance_profile = "${aws_iam_instance_profile.serviceInstanceProfile.name}"

    security_groups = ["${concat(aws_security_group.serviceInstanceSecurityGroup.*.id, aws_security_group.serviceNLBInstanceSecurityGroup.*.id, var.instance_security_group_ids)}"]

    key_name = "${var.aws_key_name}"

    user_data = "${data.template_file.userDataShellScript.rendered}"

    root_block_device {

      volume_size = "${var.volume_size}"

    }

    lifecycle {

      create_before_destroy = true

    }

}

[Sam Flint]

MCraig - I am guessing you can do that in the aws_launch_configuration resource?

Sam Flint | Director of Solutions

W: +‪1.540.467.0172

website | twitter | linkedIn | Facebook

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/6657b27b-659d-4a83-824c-2e34ac864bf6n%40googlegroups.com.

[MCraig]

I thought of that but don't see  aws_launch_configuration , as supporting tags https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration

neither LC nor the ebs_block_device seem to take tags, and no ENI resource defined in there as well to tag the dynamically created resource.

[Fernando 🐼]

You will have to use data sources to access those resources and then add tags to them. 

--
Fernando 🐼

To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/2aaf4a4d-658c-4fd0-8859-e5f0af0b841an%40googlegroups.com.

[Sam Flint]

Is that a AWS limitation or provider?

Sent from my iPhone

On Nov 19, 2020, at 4:49 PM, Fernando 🐼 <tl...@fernandomiguel.net> wrote:



To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAM7yfUABNAA%2B_AcEESpq9wRc%2BxxcuAyHTuO-auiXO12t2fkXjA%40mail.gmail.com.

[MCraig]

Sounds like a pain. Can you point me to any examples? or share a snippet?

[Fernando 🐼]

Neither. 

They are independent resources and should be treated as such. 

--
Fernando 🐼

To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/ACE4046F-4569-411B-B651-62D9AB1A6B52%40digitalonus.com.

[Fernando 🐼]

Mobile and off work till next week. 

But should be pretty straight forward. 

List resources from the ASG. 

Or in some cases access the data source for the EBS and ENI. 

Some how identify the ones you want (maybe name convention or lack of tag). 

Create a tag and apply it to that new list of resources. 

--
Fernando 🐼

To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/d54fe80d-72ab-4984-8478-0a1bfb9d6061n%40googlegroups.com.

[Mike Craig]

thanks for the tip, will see what I can find.

You received this message because you are subscribed to a topic in the Google Groups "Terraform" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/terraform-tool/xmuJSNfwUBo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAM7yfUACgydZO2WqEC_xxyF3eSKLQDGYxwctbXB9-3oZhqpzSA%40mail.gmail.com.