Terraform: AWS - tagging of resources
As requested by @catsby in https://github.com/hashicorp/terraform/pull/1080#issuecomment-83473959 I'm creating this meta-issue to track all tagging functionality for AWS in TF.
EC2-related tagging
Existing
It's worth pointing out that the existing ./builtin/providers/aws/tags.go should really be called ec2_tags.go as it in fact uses the EC2 API only and deals with tags that are related to EC2 only which are currently following:
aws_instanceaws_internet_gatewayaws_network_aclaws_route_tableaws_security_groupaws_subnetaws_vpcaws_vpc_peering_connection
Missing
Here's the full list of EC2 resources that can be tagged using the same API endpoint which means that we're missing tagging functionality in the EC2 world for these:
AMIaws_customer_gatewayaws_dhcp_options- not supported by TF (yet)EBS Volume- tagging not implemented, most likely should go underaws_instance.block_device.tagsaws_network_interface- currently auto-managed along with EC2 instances to assign public IP, not sure if this would be useful as a separate resource, maybe related to https://github.com/hashicorp/terraform/pull/1149 ?aws_reserved_instances- not supported by TF (yet)aws_spot_instance_request- #4380Snapshotaws_vpn_gateway- not supported by TF (yet)aws_vpn_connection- not supported by TF (yet) - https://github.com/hashicorp/terraform/pull/838 https://github.com/hashicorp/terraform/issues/1011 https://github.com/hashicorp/terraform/issues/551
EC2-UNrelated tags
I think most of the resources having the simple tag structure as below :arrow_down_small:
type Tag struct {
Key aws.StringValue `ec2:"Key" xml:"key"`
Value aws.StringValue `ec2:"Value" xml:"value"`
}
may theoretically work with the existing tagging logic as long as we can abstract the EC2-specific API calls & data-types that we currently have in ./builtin/providers/aws/tags.go.
grep -i 'ec2' ./builtin/providers/aws/tags.go
./builtin/providers/aws/tags.go: "github.com/hashicorp/aws-sdk-go/gen/ec2"
./builtin/providers/aws/tags.go:func setTags(conn *ec2.EC2, d *schema.ResourceData) error {
./builtin/providers/aws/tags.go: err := conn.DeleteTags(&ec2.DeleteTagsRequest{
./builtin/providers/aws/tags.go: err := conn.CreateTags(&ec2.CreateTagsRequest{
./builtin/providers/aws/tags.go:func diffTags(oldTags, newTags []ec2.Tag) ([]ec2.Tag, []ec2.Tag) {
./builtin/providers/aws/tags.go: var remove []ec2.Tag
./builtin/providers/aws/tags.go:func tagsFromMap(m map[string]interface{}) []ec2.Tag {
./builtin/providers/aws/tags.go: result := make([]ec2.Tag, 0, len(m))
./builtin/providers/aws/tags.go: result = append(result, ec2.Tag{
./builtin/providers/aws/tags.go:func tagsToMap(ts []ec2.Tag) map[string]string {
Resources that would benefit from this as these have the same Tag structure but not part of the EC2 group:
- [x]
cloudformation- #2636 - [ ]
elasticbeanstalk- #3157 - [x]
elb-tagging not implemented, but possible - #1289 - [ ]
emr- not supported by TF (yet) - [x]
kinesis- #3397 - [x]
rds- tagging not implemented, but possible - #1292 - [x]
redshift- not supported by TF (yet)
EC2-UNrelated requiring extra care
All these will most likely require resource-specific code for handling tags
autoscaling
autoscalingtype Tag struct {
Key aws.StringValue `query:"Key" xml:"Key"`
PropagateAtLaunch aws.BooleanValue `query:"PropagateAtLaunch" xml:"PropagateAtLaunch"`
ResourceID aws.StringValue `query:"ResourceId" xml:"ResourceId"`
ResourceType aws.StringValue `query:"ResourceType" xml:"ResourceType"`
Value aws.StringValue `query:"Value" xml:"Value"`
}
route53
route53type Tag struct {
XMLName xml.Name
Key aws.StringValue `xml:"Key"`
Value aws.StringValue `xml:"Value"`
}
s3
s3type Tag struct {
XMLName xml.Name
Key aws.StringValue `xml:"Key"`
Value aws.StringValue `xml:"Value"`
}
radeksimko
All 16 comments
@catsby feel free to modify and/or reorganise things if needed.
radeksimko
on 25 Mar 2015
Excellent, thanks @radeksimko !
catsby
on 25 Mar 2015
Right now I've duplicated the tags.go for the non-EC2 resource(s) I've added, ELB and RDS.
I plan to introduce a simple Tag struct like you've shown above. The idea is to make diffTags(), tagsToMap() and tagsFromMap() work on that generic tag.
Each resource to be responsible for converting from the simple Tag to their own version (ex. rds.Tag), and maintain their own setTags func as needed.
Most of the ec2 resources should be easy and not require their own file.
The more complicated ones like ASG will need a lot more in their own tags.go file, as @radeksimko has done in #1080 with it's own diff'ing.
In the end, all this is to reuse those three funcs mentioned, as much as possible.
catsby
on 25 Mar 2015
It is great that you are tracking this, now that AWS has implemented the Resource Groups UI tags will become even more valuable going forward.
wazoo
on 26 Mar 2015
ASG Tagging was just merged with #1319
catsby
on 26 Mar 2015
Any update on this? Eagerly awaiting tagging for EBS volumes so I can convince my boss that terraform supports all our use cases. :+1:
arothian
on 28 May 2015
:+1: This is one of the things we're waiting on too.
jtopper
on 29 May 2015
@arothian @jtopper https://github.com/hashicorp/terraform/pull/2135
radeksimko
on 29 May 2015
@radeksimko Awesome thanks! Is it significantly different to provide tagging for the volumes from the block_device configuration in aws_instance? I guess I need to learn Go.
arothian
on 29 May 2015
That's my use case too - I want to be able to tag ebs_block_device attributes in the aws_instance resource type, and my go-fu is similarly weak :)
jtopper
on 29 May 2015
@jtopper @arothian The ebs_block_device attribute on instances uses the AWS API's BlockDeviceMapping functionality, which I don't believe supports tagging (feel free to link the docs if you can find it though! [1]).
So if you want to tag a volume, you'll need to use this ebs_volume and the new volume_attachment resource (#2050) to attach the volume after the instance is created.
[1] I was looking here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html
phinze
on 29 May 2015
@phinze: Ah yes, you're quite right. I misread how we're doing that in our existing fog-based tooling, where we're actually doing something similar to what you describe here. Thanks! (and thanks @radeksimko - hit me up for a beer next time we're in the same place!)
jtopper
on 29 May 2015
Tags are now also supported on CloudFront distributions (since 2016/08/01 apparently):
- https://docs.aws.amazon.com/AmazonCloudFront/latest/APIReference/tags-tag-resource.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/APIReference/tags-list-tags-for-resource.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/APIReference/distribution-create-with-tags.html
I did not find a corresponding issue, should I create one?
pdecat
on 30 Aug 2016
Hey friends I'm going to close this meta-issue now. If you find a resource that is missing tag support, please open a new issue for it.
Thanks!
catsby
on 3 Nov 2016
is it possible to update tags on a terraform managed ASG from the cli
smicha
on 2 Jul 2018
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 4 Apr 2020
Related issues
ronnix
ยท
3Comments
zeninfinity
ยท
3Comments
franklinwise
ยท
3Comments
shanmugakarna
ยท
3Comments
thebenwaters
ยท
3Comments
Most helpful comment
Tags are now also supported on CloudFront distributions (since 2016/08/01 apparently):
I did not find a corresponding issue, should I create one?