Add support for tagging policy in compute, database, network and stor…

…age (#1236)

* Add support for tagging policy in compute, database, network and storage

* Add tags for QA

_sub/network/acm-certificate-san/providers.tf

@@ -1,6 +1,10 @@
 provider "aws" {
   region = var.aws_region
 
+  default_tags {
+    tags = var.tags
+  }
+
   assume_role {
     role_arn = var.aws_assume_role_arn
   }
@@ -9,4 +13,8 @@ provider "aws" {
 provider "aws" {
   region = var.aws_region
   alias  = "core"
+
+  default_tags {
+    tags = var.tags
+  }
 }

_sub/network/acm-certificate-san/vars.tf

@@ -31,3 +31,9 @@ variable "aws_region" {
 variable "aws_assume_role_arn" {
   type = string
 }
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}

compute/ecr-repo/providers.tf

@@ -4,4 +4,8 @@ terraform {
 
 provider "aws" {
   region = var.aws_region
+
+  default_tags {
+    tags = var.tags
+  }
 }

compute/ecr-repo/vars.tf

@@ -16,3 +16,9 @@ variable "scan_on_push" {
   type    = bool
   default = true
 }
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}

compute/eks-ec2/providers.tf

@@ -6,6 +6,10 @@ terraform {
 provider "aws" {
   region = var.aws_region
 
+  default_tags {
+    tags = var.tags
+  }
+
   assume_role {
     role_arn = var.aws_assume_role_arn
   }

compute/eks-ec2/vars.tf

@@ -10,6 +10,12 @@ variable "aws_assume_role_arn" {
   type = string
 }
 
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}
+
 # Optional
 # --------------------------------------------------
 

compute/k8s-services/providers.tf

@@ -6,6 +6,10 @@ terraform {
 provider "aws" {
   region = var.aws_region
 
+  default_tags {
+    tags = var.tags
+  }
+
   assume_role {
     role_arn = var.aws_assume_role_arn
   }
@@ -14,6 +18,10 @@ provider "aws" {
 provider "aws" {
   region = var.aws_region
   alias  = "core"
+
+  default_tags {
+    tags = var.tags
+  }
 }
 
 locals {
@@ -23,6 +31,10 @@ locals {
 provider "aws" {
   region = var.aws_region
 
+  default_tags {
+    tags = var.tags
+  }
+
   assume_role {
     role_arn = local.aws_assume_logs_role_arn
   }

compute/k8s-services/vars.tf

@@ -29,6 +29,12 @@ variable "workload_dns_zone_name" {
   type = string
 }
 
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}
+
 # Optional
 # --------------------------------------------------
 

database/postgres-restore/providers.tf

@@ -4,4 +4,9 @@ terraform {
 
 provider "aws" {
   region = var.aws_region
+
+  default_tags {
+    tags = merge(var.tags, var.data_tags)
+  }
+
 }

database/postgres-restore/vars.tf

@@ -54,3 +54,15 @@ variable "db_publicly_accessible" {
   default     = true
   description = "Should the database be public accessible?"
 }
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}
+
+variable "data_tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the data and/or storage deployed by the module"
+  default     = {}
+}

database/postgres/providers.tf

@@ -4,4 +4,9 @@ terraform {
 
 provider "aws" {
   region = var.aws_region
+
+  default_tags {
+    tags = merge(var.tags, var.data_tags)
+  }
+
 }

database/postgres/vars.tf

@@ -98,3 +98,15 @@ variable "db_publicly_accessible" {
   default     = true
   description = "Should the database be public accessible?"
 }
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}
+
+variable "data_tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the data and/or storage deployed by the module"
+  default     = {}
+}

network/route53-sub-zone/providers.tf

@@ -1,11 +1,19 @@
 provider "aws" {
   region = var.aws_region
+
+  default_tags {
+    tags = var.tags
+  }
 }
 
 provider "aws" {
   region = var.aws_region
   alias  = "workload"
 
+  default_tags {
+    tags = var.tags
+  }
+
   assume_role {
     role_arn = "arn:aws:iam::${var.aws_workload_account_id}:role/${var.prime_role_name}"
   }

network/route53-sub-zone/vars.tf

@@ -14,3 +14,9 @@ variable "prime_role_name" {
 variable "dns_zone_name" {
   type = string
 }
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}

storage/s3-ce-cli/providers.tf

@@ -6,6 +6,10 @@ terraform {
 provider "aws" {
   region = var.aws_region
 
+  default_tags {
+    tags = merge(var.tags, var.data_tags)
+  }
+
   assume_role {
     role_arn = var.aws_assume_role_arn
   }

storage/s3-ce-cli/vars.tf

@@ -16,3 +16,15 @@ variable "additional_tags" {
   type        = map(string)
   default     = {}
 }
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}
+
+variable "data_tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the data and/or storage deployed by the module"
+  default     = {}
+}

storage/s3-eks-public/providers.tf

@@ -6,6 +6,10 @@ terraform {
 provider "aws" {
   region = var.aws_region
 
+  default_tags {
+    tags = merge(var.tags, var.data_tags)
+  }
+
   assume_role {
     role_arn = var.aws_assume_role_arn
   }

storage/s3-eks-public/vars.tf

@@ -47,3 +47,15 @@ variable "eks_is_sandbox" {
   type    = bool
   default = false
 }
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}
+
+variable "data_tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the data and/or storage deployed by the module"
+  default     = {}
+}

storage/s3-velero-backup/providers.tf

@@ -6,6 +6,10 @@ terraform {
 provider "aws" {
   region = var.aws_region
 
+  default_tags {
+    tags = merge(var.tags, var.data_tags)
+  }
+
   assume_role {
     role_arn = var.aws_assume_role_arn
   }

storage/s3-velero-backup/vars.tf

@@ -28,3 +28,15 @@ variable "velero_role_arn" {
   type        = string
   default     = null
 }
+
+variable "tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the resources deployed by the module"
+  default     = {}
+}
+
+variable "data_tags" {
+  type        = map(string)
+  description = "A map of tags to apply to all the data and/or storage deployed by the module"
+  default     = {}
+}

test/integration/account.tfvars

@@ -9,3 +9,17 @@ terraform_state_region    = "eu-central-1"
 eks_public_s3_bucket = "dfds-qa-k8s-public"
 
 eks_is_sandbox = true
+
+tags = {
+  "dfds.owner"                         = "dfds-qa" # owner set to dummy value on purpose
+  "dfds.env"                           = "test"
+  "dfds.cost.centre"                   = "ti-arch"
+  "dfds.service.availability"          = "low"
+  "dfds.automation.tool"               = "Terraform"
+  "dfds.automation.initiator.location" = "https://github.com/dfds/infrastructure-modules"
+}
+
+data_tags = {
+  "dfds.data.backup"         = false
+  "dfds.data.classification" = "private"
+}