Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[New Resource]: Be able to apply tags to AWS Organizations Accounts that were created outside of Terraform #30240

Closed
reifnir opened this issue Mar 24, 2023 · 4 comments
Closed

[New Resource]: Be able to apply tags to AWS Organizations Accounts that were created outside of Terraform #30240

reifnir opened this issue Mar 24, 2023 · 4 comments
Labels
new-resource Introduces a new resource. service/organizations Issues and PRs that pertain to the organizations service.

Comments

@reifnir
Copy link

reifnir commented Mar 24, 2023

Description

It is currently possible to tag Accounts in AWS Organizations only when created using the aws_organizations_account resource.

For AWS Accounts that are created through Control Tower (or other), there's currently no way to apply these in Terraform without resorting to scripting.

Currently we have to do it procedurally:

aws organizations tag-resource --resource-id "$ACCOUNT_ID" --tags "Key=$TAG_NAME,Value=$TAG_VALUE"

There is already a data source for aws_organizations_resource_tags. Having either an aws_organizations_tag or aws_organizations_account_tag resource (similar to aws_ec2_tag) would be a big help.

Requested Resource(s) and/or Data Source(s)

  • aws_organizations_tag

Potential Terraform Configuration

resource "aws_organizations_tag" "environment" {
  resource_id = var.account_id
  key         = "Environment"
  value       = var.environment
}

# Or...
locals {
  tags = {
    "Environment" = var.environment
    "Tag2"        = var.another_tag_property
  }
}
resource "aws_organizations_tag" "account_tags" {
  for_each = local.tags
  resource_id = var.account_id
  key         = each.key
  value       = each.value
}

References

AWS | Organizations | Tag Resource
(works for both new and existing tags for a given key)
Ex: aws organizations tag-resource --resource-id "$ACCOUNT_ID" --tags "Key=$TAG_NAME,Value=$TAG_VALUE"

AWS | Organizations | List Tags For Resource
Ex: aws organizations list-tags-for-resource --resource-id "$ACCOUNT_ID" --output json

AWS | Organizations | Untag Resource
Ex: aws organizations untag-resource --resource-id "$ACCOUNT_ID" --tag-keys "$TAG_NAME"

Would you like to implement a fix?

No
@reifnir reifnir added the needs-triage Waiting for first response or review from a maintainer. label Mar 24, 2023
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the service/organizations Issues and PRs that pertain to the organizations service. label Mar 24, 2023
@good92 good92 mentioned this issue Mar 28, 2023
Open
@breathingdust breathingdust added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Apr 11, 2023
@ewbankkit
Copy link
Contributor

@reifnir Thanks for raising this issue.
It has already been noticed in #19660. I'm going to close this one as a duplicate so that we can concentrate discussion in the linked issue.
Please add any additional comments there.

@reifnir
Copy link
Author

reifnir commented Aug 17, 2023

I'm glad that you de-duped my issue, but it's not exactly heartening that the one you referenced is over 2 years old.

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
new-resource Introduces a new resource. service/organizations Issues and PRs that pertain to the organizations service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@breathingdust @reifnir @ewbankkit