feat: Add support tags to additional IAM modules (#144)

edgarsandi · web-flow · commit 97af55f9a8d4 · 2021-05-03T09:41:28.000+02:00
diff --git a/examples/iam-policy/main.tf b/examples/iam-policy/main.tf
@@ -34,6 +34,10 @@ module "iam_policy" {
   ]
 }
 EOF
+
+  tags = {
+    PolicyDescription = "Policy created using heredoc policy"
+  }
 }
 
 module "iam_policy_from_data_source" {
@@ -44,4 +48,8 @@ module "iam_policy_from_data_source" {
   description = "My example policy"
 
   policy = data.aws_iam_policy_document.bucket_policy.json
+
+  tags = {
+    PolicyDescription = "Policy created using example from data source"
+  }
 }
diff --git a/modules/iam-assumable-role/README.md b/modules/iam-assumable-role/README.md
@@ -10,13 +10,13 @@ Trusted resources can be any [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/U
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.6 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.23 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.34 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.23 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.34 |
 
 ## Modules
 
diff --git a/modules/iam-assumable-role/main.tf b/modules/iam-assumable-role/main.tf
@@ -108,4 +108,6 @@ resource "aws_iam_instance_profile" "this" {
   name  = var.role_name
   path  = var.role_path
   role  = aws_iam_role.this[0].name
+
+  tags = var.tags
 }
diff --git a/modules/iam-assumable-role/versions.tf b/modules/iam-assumable-role/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23"
+    aws = ">= 3.34"
   }
 }
diff --git a/modules/iam-group-with-assumable-roles-policy/README.md b/modules/iam-group-with-assumable-roles-policy/README.md
@@ -37,6 +37,7 @@ No modules.
 | <a name="input_assumable_roles"></a> [assumable\_roles](#input\_assumable\_roles) | List of IAM roles ARNs which can be assumed by the group | `list(string)` | `[]` | no |
 | <a name="input_group_users"></a> [group\_users](#input\_group\_users) | List of IAM users to have in an IAM group which can assume the role | `list(string)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of IAM policy and IAM group | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/iam-group-with-assumable-roles-policy/main.tf b/modules/iam-group-with-assumable-roles-policy/main.tf
@@ -10,6 +10,8 @@ resource "aws_iam_policy" "this" {
   name        = var.name
   description = "Allows to assume role in another AWS account"
   policy      = data.aws_iam_policy_document.assume_role.json
+
+  tags = var.tags
 }
 
 resource "aws_iam_group" "this" {
diff --git a/modules/iam-group-with-assumable-roles-policy/variables.tf b/modules/iam-group-with-assumable-roles-policy/variables.tf
@@ -15,3 +15,9 @@ variable "group_users" {
   default     = []
 }
 
+variable "tags" {
+  description = "A map of tags to add to all resources."
+  type        = map(string)
+  default     = {}
+}
+
diff --git a/modules/iam-group-with-policies/README.md b/modules/iam-group-with-policies/README.md
@@ -47,6 +47,7 @@ No modules.
 | <a name="input_group_users"></a> [group\_users](#input\_group\_users) | List of IAM users to have in an IAM group which can assume the role | `list(string)` | `[]` | no |
 | <a name="input_iam_self_management_policy_name_prefix"></a> [iam\_self\_management\_policy\_name\_prefix](#input\_iam\_self\_management\_policy\_name\_prefix) | Name prefix for IAM policy to create with IAM self-management permissions | `string` | `"IAMSelfManagement-"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of IAM group | `string` | `""` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/iam-group-with-policies/main.tf b/modules/iam-group-with-policies/main.tf
@@ -48,6 +48,8 @@ resource "aws_iam_policy" "iam_self_management" {
 
   name_prefix = var.iam_self_management_policy_name_prefix
   policy      = data.aws_iam_policy_document.iam_self_management.json
+
+  tags = var.tags
 }
 
 resource "aws_iam_policy" "custom" {
@@ -56,5 +58,7 @@ resource "aws_iam_policy" "custom" {
   name        = var.custom_group_policies[count.index]["name"]
   policy      = var.custom_group_policies[count.index]["policy"]
   description = lookup(var.custom_group_policies[count.index], "description", null)
+
+  tags = var.tags
 }
 
diff --git a/modules/iam-group-with-policies/variables.tf b/modules/iam-group-with-policies/variables.tf
@@ -46,3 +46,8 @@ variable "aws_account_id" {
   default     = ""
 }
 
+variable "tags" {
+  description = "A map of tags to add to all resources."
+  type        = map(string)
+  default     = {}
+}
diff --git a/modules/iam-policy/README.md b/modules/iam-policy/README.md
@@ -8,13 +8,13 @@ Creates IAM policy.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.6 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 2.23 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 2.23 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35 |
 
 ## Modules
 
@@ -34,6 +34,7 @@ No modules.
 | <a name="input_name"></a> [name](#input\_name) | The name of the policy | `string` | `""` | no |
 | <a name="input_path"></a> [path](#input\_path) | The path of the policy in IAM | `string` | `"/"` | no |
 | <a name="input_policy"></a> [policy](#input\_policy) | The path of the policy in IAM (tpl file) | `string` | `""` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources. | `map(string)` | `{}` | no |
 
 ## Outputs
 
diff --git a/modules/iam-policy/main.tf b/modules/iam-policy/main.tf
@@ -4,5 +4,7 @@ resource "aws_iam_policy" "policy" {
   description = var.description
 
   policy = var.policy
+
+  tags = var.tags
 }
 
diff --git a/modules/iam-policy/variables.tf b/modules/iam-policy/variables.tf
@@ -22,3 +22,8 @@ variable "policy" {
   default     = ""
 }
 
+variable "tags" {
+  description = "A map of tags to add to all resources."
+  type        = map(string)
+  default     = {}
+}
diff --git a/modules/iam-policy/versions.tf b/modules/iam-policy/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.6"
 
   required_providers {
-    aws = ">= 2.23"
+    aws = ">= 3.35"
   }
 }
diff --git a/modules/iam-user/main.tf b/modules/iam-user/main.tf
@@ -5,7 +5,8 @@ resource "aws_iam_user" "this" {
   path                 = var.path
   force_destroy        = var.force_destroy
   permissions_boundary = var.permissions_boundary
-  tags                 = var.tags
+
+  tags = var.tags
 }
 
 resource "aws_iam_user_login_profile" "this" {

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,10 @@ module "iam_policy" {`
`34`	`34`	`]`
`35`	`35`	`}`
`36`	`36`	`EOF`
	`37`	`+`
	`38`	`+ tags = {`
	`39`	`+ PolicyDescription = "Policy created using heredoc policy"`
	`40`	`+ }`
`37`	`41`	`}`
`38`	`42`
`39`	`43`	`module "iam_policy_from_data_source" {`
`@@ -44,4 +48,8 @@ module "iam_policy_from_data_source" {`
`44`	`48`	`description = "My example policy"`
`45`	`49`
`46`	`50`	`policy = data.aws_iam_policy_document.bucket_policy.json`
	`51`	`+`
	`52`	`+ tags = {`
	`53`	`+ PolicyDescription = "Policy created using example from data source"`
	`54`	`+ }`
`47`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -108,4 +108,6 @@ resource "aws_iam_instance_profile" "this" {`
`108`	`108`	`name = var.role_name`
`109`	`109`	`path = var.role_path`
`110`	`110`	`role = aws_iam_role.this[0].name`
	`111`	`+`
	`112`	`+ tags = var.tags`
`111`	`113`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,6 @@ terraform {`
`2`	`2`	`required_version = ">= 0.12.6"`
`3`	`3`
`4`	`4`	`required_providers {`
`5`		`- aws = ">= 2.23"`
	`5`	`+ aws = ">= 3.34"`
`6`	`6`	`}`
`7`	`7`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,8 @@ resource "aws_iam_policy" "this" {`
`10`	`10`	`name = var.name`
`11`	`11`	`description = "Allows to assume role in another AWS account"`
`12`	`12`	`policy = data.aws_iam_policy_document.assume_role.json`
	`13`	`+`
	`14`	`+ tags = var.tags`
`13`	`15`	`}`
`14`	`16`
`15`	`17`	`resource "aws_iam_group" "this" {`
Original file line number	Diff line number	Diff line change
`@@ -15,3 +15,9 @@ variable "group_users" {`
`15`	`15`	`default = []`
`16`	`16`	`}`
`17`	`17`
	`18`	`+variable "tags" {`
	`19`	`+ description = "A map of tags to add to all resources."`
	`20`	`+ type = map(string)`
	`21`	`+ default = {}`
	`22`	`+}`
	`23`	`+`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,8 @@ resource "aws_iam_policy" "iam_self_management" {`
`48`	`48`
`49`	`49`	`name_prefix = var.iam_self_management_policy_name_prefix`
`50`	`50`	`policy = data.aws_iam_policy_document.iam_self_management.json`
	`51`	`+`
	`52`	`+ tags = var.tags`
`51`	`53`	`}`
`52`	`54`
`53`	`55`	`resource "aws_iam_policy" "custom" {`
`@@ -56,5 +58,7 @@ resource "aws_iam_policy" "custom" {`
`56`	`58`	`name = var.custom_group_policies[count.index]["name"]`
`57`	`59`	`policy = var.custom_group_policies[count.index]["policy"]`
`58`	`60`	`description = lookup(var.custom_group_policies[count.index], "description", null)`
	`61`	`+`
	`62`	`+ tags = var.tags`
`59`	`63`	`}`
`60`	`64`
Original file line number	Diff line number	Diff line change
`@@ -46,3 +46,8 @@ variable "aws_account_id" {`
`46`	`46`	`default = ""`
`47`	`47`	`}`
`48`	`48`
	`49`	`+variable "tags" {`
	`50`	`+ description = "A map of tags to add to all resources."`
	`51`	`+ type = map(string)`
	`52`	`+ default = {}`
	`53`	`+}`