terraform-ibm-modules · ocofaigh · May 18, 2023 · May 2, 2023 · May 15, 2023 · May 15, 2023
@@ -67,6 +67,12 @@ You need the following permissions to run this module.
         - **Resource Group** \<your resource group>
         - `Viewer` resource group access
 
+To attach access management tags to resources in this module, you need the following permissions.
+
+- IAM Services
+    - **Tagging** service
+        - `Administrator` platform access
+
 <!-- BEGIN EXAMPLES HOOK -->
 ## Examples
 
@@ -114,6 +120,7 @@ You need the following permissions to run this module.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the VPC resources created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | `list(string)` | `[]` | no |
 | <a name="input_address_prefixes"></a> [address\_prefixes](#input\_address\_prefixes) | OPTIONAL - IP range that will be defined for the VPC for a certain location. Use only with manual address prefixes | <pre>object({<br>    zone-1 = optional(list(string))<br>    zone-2 = optional(list(string))<br>    zone-3 = optional(list(string))<br>  })</pre> | <pre>{<br>  "zone-1": null,<br>  "zone-2": null,<br>  "zone-3": null<br>}</pre> | no |
 | <a name="input_classic_access"></a> [classic\_access](#input\_classic\_access) | OPTIONAL - Classic Access to the VPC | `bool` | `false` | no |
 | <a name="input_clean_default_acl"></a> [clean\_default\_acl](#input\_clean\_default\_acl) | Remove all rules from the default VPC ACL (less permissive) | `bool` | `false` | no |

@@ -48,6 +48,7 @@ module "slz_vpc" {
   name                                   = var.name
   prefix                                 = var.prefix
   tags                                   = var.resource_tags
+  access_tags                            = var.access_tags
   enable_vpc_flow_logs                   = var.enable_vpc_flow_logs
   create_authorization_policy_vpc_to_cos = var.create_authorization_policy_vpc_to_cos
   existing_cos_instance_guid             = ibm_resource_instance.cos_instance[0].guid

@@ -34,6 +34,12 @@ variable "resource_tags" {
   default     = null
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "Optional list of access tags to add to the VPC resources that are created"
+  default     = []
+}
+
 variable "enable_vpc_flow_logs" {
   type        = bool
   description = "Enable VPC Flow Logs, it will create Flow logs collector if set to true"

@@ -36,6 +36,7 @@ module "workload_vpc" {
   region                                 = var.region
   prefix                                 = var.prefix
   tags                                   = var.resource_tags
+  access_tags                            = var.access_tags
   enable_vpc_flow_logs                   = var.enable_vpc_flow_logs
   create_authorization_policy_vpc_to_cos = var.create_authorization_policy_vpc_to_cos
   existing_cos_instance_guid             = module.cos_bucket[0].cos_instance_guid

@@ -28,6 +28,11 @@ variable "resource_tags" {
   default     = null
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "Optional list of access tags to add to the VPC resources that are created"
+  default     = []
+}
 
 ##############################################################################
 # VPC flow logs variables

@@ -27,6 +27,7 @@ No resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | Optional list of access tags to add to the VPC resources that are created | `list(string)` | `[]` | no |
 | <a name="input_address_prefixes"></a> [address\_prefixes](#input\_address\_prefixes) | Use `address_prefixes` only if `use_manual_address_prefixes` is true otherwise prefixes will not be created. Use only if you need to manage prefixes manually. | <pre>object({<br>    zone-1 = optional(list(string))<br>    zone-2 = optional(list(string))<br>    zone-3 = optional(list(string))<br>  })</pre> | `null` | no |
 | <a name="input_classic_access"></a> [classic\_access](#input\_classic\_access) | Optionally allow VPC to access classic infrastructure network | `bool` | `null` | no |
 | <a name="input_clean_default_acl"></a> [clean\_default\_acl](#input\_clean\_default\_acl) | Remove all rules from the default VPC ACL (less permissive) | `bool` | `false` | no |

@@ -6,6 +6,7 @@ module "management_vpc" {
   source                                 = "../../"
   name                                   = "management"
   tags                                   = var.tags
+  access_tags                            = var.access_tags
   resource_group_id                      = var.resource_group_id
   region                                 = var.region
   prefix                                 = var.prefix

@@ -21,6 +21,11 @@ variable "tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "Optional list of access tags to add to the VPC resources that are created"
+  default     = []
+}
 
 #############################################################################
 # VPC variables

@@ -28,6 +28,7 @@ No resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | Optional list of access tags to add to the VPC resources that are created | `list(string)` | `[]` | no |
 | <a name="input_address_prefixes"></a> [address\_prefixes](#input\_address\_prefixes) | Use `address_prefixes` only if `use_manual_address_prefixes` is true otherwise prefixes will not be created. Use only if you need to manage prefixes manually. | <pre>object({<br>    zone-1 = optional(list(string))<br>    zone-2 = optional(list(string))<br>    zone-3 = optional(list(string))<br>  })</pre> | `null` | no |
 | <a name="input_classic_access"></a> [classic\_access](#input\_classic\_access) | Optionally allow VPC to access classic infrastructure network | `bool` | `null` | no |
 | <a name="input_clean_default_acl"></a> [clean\_default\_acl](#input\_clean\_default\_acl) | Remove all rules from the default VPC ACL (less permissive) | `bool` | `false` | no |

@@ -6,6 +6,7 @@ module "workload_vpc" {
   source                                 = "../../"
   name                                   = "workload"
   tags                                   = var.tags
+  access_tags                            = var.access_tags
   resource_group_id                      = var.resource_group_id
   region                                 = var.region
   prefix                                 = var.prefix

@@ -21,6 +21,12 @@ variable "tags" {
   default     = []
 }
 
+variable "access_tags" {
+  type        = list(string)
+  description = "Optional list of access tags to add to the VPC resources that are created"
+  default     = []
+}
+
 #############################################################################
 # VPC variables
 #############################################################################

@@ -11,6 +11,7 @@ resource "ibm_is_vpc" "vpc" {
   default_security_group_name = var.default_security_group_name
   default_routing_table_name  = var.default_routing_table_name
   tags                        = var.tags
+  access_tags                 = var.access_tags
 }
 
 ##############################################################################
@@ -89,6 +90,7 @@ resource "ibm_is_public_gateway" "gateway" {
   resource_group = var.resource_group_id
   zone           = each.value
   tags           = var.tags
+  access_tags    = var.access_tags
 }
 
 ##############################################################################
@@ -123,6 +125,7 @@ resource "ibm_is_flow_log" "flow_logs" {
   storage_bucket = var.existing_storage_bucket_name
   resource_group = var.resource_group_id
   tags           = var.tags
+  access_tags    = var.access_tags
 }
 
 ##############################################################################