Working with Terraform tags

A few months back, HashiCorp released a new feature in Terraform provider version 3.38.0 where they introduced default tags.
Tags have been a helpful feature while working with a cloud provider because it allows one to quickly and (depending on one’s tagging strategy) uniquely identify a cloud resource. Terraform, as we know, is an infrastructure management tool that helps in provisioning resources in the cloud. As organizations mature their infrastructure management process, there is a tendency to adopt an IaC tool such as Terraform to provision as many resources as possible. Hence, as time passes, the complexity or volume of Terraform code increases, and so does the underlying infrastructure.

More often than not, when infrastructure issues creep up, certain resources are identified that would need to be re-provisioned or re-configured. In such situations, the tag/s associated with a resource is helpful in quickly identifying which terraform module/code to trigger to manage that resource. That would again depend on how smartly someone configured the tagging strategy. For e.g. in the above situation, it would be helpful to create tags such as source = $(SourceCodeRepo) and Pipeline = $(PipelineName). Using these two tags, a team member can quickly identify the source and pipeline to fix and deploy a configuration change. There are similar use cases for using tags on resources like determining a cost center or a department to bill for a certain resource.

Until version 3.38.0 for AWS was released, the option with the Terraform AWS provider was to use a tag block inside each resource block. For unique tags, that still is recommended. However, for tags applied to all the resources, the above approach is to repeat for each cloud resource, which is tedious. But not anymore; with the 3.38.0 version, the tag block is included in the provider block, and all resources provisioned using the provider automatically get assigned the same tag/s.
Here is an example of adding the default_tag block to the aws provider block.
A subsequent terraform plan and terraform apply will update the tags on all the resources provisioned using the above aws provider.

The other option is to use a locals block for the common_tags and refer to that in a resource’s tag block, as shown below.
The above code block merges two tag blocks -the local.common_tags and the Name=primary tag. However, if a resource does not have an individual tag and the common_tags are sufficient, then the tags block is set as below.
That pretty much sums up all the tagging-related research I have done with Terraform. I hope you found this note informative.
Here is the link to HashiCorp’s official release document for tags which I would highly recommend. That release document also has a link to the AWS tagging best practices. So again, I would highly recommend reading that.

Note: Here is the link to the AWS tagging best practices guide.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s