Add protection tag in locals

binbashar · Sep 1, 2021 · a57f457 · a57f457
1 parent 30bd887
commit a57f457
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 16 deletions.
diff --git a/network/transit-gateway/locals.tf b/network/transit-gateway/locals.tf
@@ -2,6 +2,7 @@ locals {
   tags = {
     Terraform   = "true"
     Environment = var.environment
+    protection  = "on"
   }
 }
 

diff --git a/network/transit-gateway/tgw.tf b/network/transit-gateway/tgw.tf
@@ -88,9 +88,7 @@ module "tgw" {
     } : {},
   )
 
-  tags = {
-    Name = "${var.project}-${var.environment}-tgw"
-  }
+  tags = local.tags
 
   providers = {
     aws = aws.network

diff --git a/network/transit-gateway/vpc_attachments.tf b/network/transit-gateway/vpc_attachments.tf
@@ -24,6 +24,8 @@ module "tgw_vpc_attachments_and_subnet_routes_network_firewall" {
     k => v if var.enable_tgw && var.enable_network_firewall && lookup(var.enable_vpc_attach, "network", false)
   }
 
+  name = "${var.project}-${each.key}-vpc"
+
   # network account can access the Transit Gateway in the network: account since we shared the Transit Gateway with the Organization using Resource Access Manager
   existing_transit_gateway_id                                    = module.tgw[0].transit_gateway_id
   create_transit_gateway                                         = false
@@ -44,9 +46,7 @@ module "tgw_vpc_attachments_and_subnet_routes_network_firewall" {
     }
   }
 
-  tags = {
-    Name = "${var.project}-${each.key}-vpc"
-  }
+  tags = local.tags
 
   providers = {
     aws = aws.network
@@ -63,6 +63,8 @@ module "tgw_vpc_attachments_and_subnet_routes_network" {
     k => v if var.enable_tgw && lookup(var.enable_vpc_attach, "network", false)
   }
 
+  name = "${var.project}-${each.key}-vpc"
+
   # network account can access the Transit Gateway in the network: account since we shared the Transit Gateway with the Organization using Resource Access Manager
   existing_transit_gateway_id                                    = module.tgw[0].transit_gateway_id
   existing_transit_gateway_route_table_id                        = module.tgw[0].transit_gateway_route_table_id
@@ -84,9 +86,7 @@ module "tgw_vpc_attachments_and_subnet_routes_network" {
     }
   }
 
-  tags = {
-    Name = "${var.project}-${each.key}-vpc"
-  }
+  tags = local.tags
 
   providers = {
     aws = aws.network
@@ -103,6 +103,8 @@ module "tgw_vpc_attachments_and_subnet_routes_apps-devstg" {
     k => v if var.enable_tgw && lookup(var.enable_vpc_attach, "apps-devstg", false)
   }
 
+  name = "${var.project}-${each.key}-vpc"
+
   # apps-devstg account can access the Transit Gateway in the network account since we shared the Transit Gateway with the Organization using Resource Access Manager
   existing_transit_gateway_id                                    = module.tgw[0].transit_gateway_id
   existing_transit_gateway_route_table_id                        = var.enable_tgw && var.enable_network_firewall ? module.tgw_vpc_attachments_and_subnet_routes_network_firewall["network-firewall"].transit_gateway_route_table_id : module.tgw[0].transit_gateway_route_table_id
@@ -128,9 +130,7 @@ module "tgw_vpc_attachments_and_subnet_routes_apps-devstg" {
     }
   }
 
-  tags = {
-    Name = "${var.project}-apps-devstg-vpc"
-  }
+  tags = local.tags
 
   providers = {
     aws = aws.apps-devstg
@@ -147,7 +147,7 @@ module "tgw_vpc_attachments_and_subnet_routes_apps-prd" {
     k => v if var.enable_tgw && lookup(var.enable_vpc_attach, "apps-prd", false)
   }
 
-  name = "${var.project}-apps-prd-vpc"
+  name = "${var.project}-${each.key}-vpc"
 
   # apps-prd account can access the Transit Gateway in the network account since we shared the Transit Gateway with the Organization using Resource Access Manager
   existing_transit_gateway_id                                    = module.tgw[0].transit_gateway_id
@@ -191,6 +191,8 @@ module "tgw_vpc_attachments_and_subnet_routes_shared" {
     k => v if var.enable_tgw && lookup(var.enable_vpc_attach, "shared", false)
   }
 
+  name = "${var.project}-${each.key}-vpc"
+
   # apps-devstg account can access the Transit Gateway in the network account since we shared the Transit Gateway with the Organization using Resource Access Manager
   existing_transit_gateway_id                                    = module.tgw[0].transit_gateway_id
   existing_transit_gateway_route_table_id                        = var.enable_tgw && lookup(var.enable_vpc_attach, "shared", false) ? try(module.tgw_vpc_attachments_and_subnet_routes_network_firewall["network-firewall"].transit_gateway_route_table_id, null) : module.tgw[0].transit_gateway_route_table_id
@@ -215,9 +217,7 @@ module "tgw_vpc_attachments_and_subnet_routes_shared" {
     }
   }
 
-  tags = {
-    Name = "${var.project}-shared-vpc"
-  }
+  tags = local.tags
 
   providers = {
     aws = aws.shared