tflint-ruleset-aws
tflint-ruleset-aws copied to clipboard
terraform-linters
Feat => v2:aws_resource_missing_tags errors when tags are provided via default_tags mechanism
I have the same needs reported in the issue #117.
In CI/CD scenario i need this tag rule to be followed anyway.
The provider block grants me the tags on all resources, but the risk of having those tags changed is medium/high.
Thanks!
I have a question about this need.
This rule was originally added because it was necessary to ensure that it declare tags for each resource. At that time, there was no way to declare tags uniformly for all resources, so this was a valid request.
After that, terraform-provider-aws added a way to declare tags in the provider block, so I'm wondering about the need for this rule. What do you think?
So I would like the default tags not to be changed. Mandatory tags would be defined in .tflint.hcl. I think tflint could have this feature so that people can't get around the necessary tagging rule. If someone wants to change the tag rule, they'll have to change the .tflint.hcl, making it easy to authorize or deny that change.
Possible code
providers.tf
provider "aws" {
region = "us-east-1"
default_tags {
tags = var.default_mandatory_tags
}
}
dev.auto.tfvars
default_mandatory_tags = { Environment = "Test" , CostCenter = "HR"}
.tflint.hcl
rule "aws_resource_missing_tags" {
enabled = true
tags = ["Environment", "CostCenter"]
}
@wata727, if you think that what I need would be another rule, that's fine! I can open a new issue, explaining better.
Ah, okay. It makes sense.
I thought that if the default_tags were declared statically, it would duplicate the declaration in .tflint.hcl, but I understand that why you want if it's declared with complex evaluation.
I would like this too. I think it would be good to create a new rule aws_provider_missing_default_tags
