feat: add tags to aws_iam_policy resources (#153)

Author: bryantbiggs

.pre-commit-config.yaml

@@ -21,6 +21,6 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: git://github.com/pre-commit/pre-commit-hooks
-    rev: v3.4.0
+    rev: v4.0.1
     hooks:
       - id: check-merge-conflict

README.md

@@ -549,7 +549,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35 |
 | <a name="requirement_external"></a> [external](#requirement\_external) | >= 1 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | >= 1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2 |
@@ -559,7 +559,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35 |
 | <a name="provider_external"></a> [external](#provider\_external) | >= 1 |
 | <a name="provider_local"></a> [local](#provider\_local) | >= 1 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2 |

iam.tf

@@ -98,6 +98,7 @@ resource "aws_iam_policy" "logs" {
 
   name   = "${local.role_name}-logs"
   policy = data.aws_iam_policy_document.logs[0].json
+  tags   = var.tags
 }
 
 resource "aws_iam_policy_attachment" "logs" {
@@ -134,6 +135,7 @@ resource "aws_iam_policy" "dead_letter" {
 
   name   = "${local.role_name}-dl"
   policy = data.aws_iam_policy_document.dead_letter[0].json
+  tags   = var.tags
 }
 
 resource "aws_iam_policy_attachment" "dead_letter" {
@@ -160,6 +162,7 @@ resource "aws_iam_policy" "vpc" {
 
   name   = "${local.role_name}-vpc"
   policy = data.aws_iam_policy.vpc[0].policy
+  tags   = var.tags
 }
 
 resource "aws_iam_policy_attachment" "vpc" {
@@ -186,6 +189,7 @@ resource "aws_iam_policy" "tracing" {
 
   name   = "${local.role_name}-tracing"
   policy = data.aws_iam_policy.tracing[0].policy
+  tags   = var.tags
 }
 
 resource "aws_iam_policy_attachment" "tracing" {
@@ -222,6 +226,7 @@ resource "aws_iam_policy" "async" {
 
   name   = "${local.role_name}-async"
   policy = data.aws_iam_policy_document.async[0].json
+  tags   = var.tags
 }
 
 resource "aws_iam_policy_attachment" "async" {
@@ -241,6 +246,7 @@ resource "aws_iam_policy" "additional_json" {
 
   name   = local.role_name
   policy = var.policy_json
+  tags   = var.tags
 }
 
 resource "aws_iam_policy_attachment" "additional_json" {
@@ -260,6 +266,7 @@ resource "aws_iam_policy" "additional_jsons" {
 
   name   = "${local.role_name}-${count.index}"
   policy = var.policy_jsons[count.index]
+  tags   = var.tags
 }
 
 resource "aws_iam_policy_attachment" "additional_jsons" {
@@ -343,6 +350,7 @@ resource "aws_iam_policy" "additional_inline" {
 
   name   = "${local.role_name}-inline"
   policy = data.aws_iam_policy_document.additional_inline[0].json
+  tags   = var.tags
 }
 
 resource "aws_iam_policy_attachment" "additional_inline" {

modules/alias/README.md

@@ -116,13 +116,13 @@ module "lambda" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35 |
 
 ## Modules
 

modules/alias/versions.tf

@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.26"
 
   required_providers {
-    aws = ">= 3.19"
+    aws = ">= 3.35"
   }
 }

modules/deploy/README.md

@@ -100,15 +100,15 @@ module "lambda" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.19 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | >= 1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.19 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35 |
 | <a name="provider_local"></a> [local](#provider\_local) | >= 1 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2 |
 
@@ -164,6 +164,7 @@ No modules.
 | <a name="input_function_name"></a> [function\_name](#input\_function\_name) | The name of the Lambda function to deploy | `string` | `""` | no |
 | <a name="input_interpreter"></a> [interpreter](#input\_interpreter) | List of interpreter arguments used to execute deploy script, first arg is path | `list(string)` | <pre>[<br>  "/bin/bash",<br>  "-c"<br>]</pre> | no |
 | <a name="input_save_deploy_script"></a> [save\_deploy\_script](#input\_save\_deploy\_script) | Save deploy script locally | `bool` | `false` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no |
 | <a name="input_target_version"></a> [target\_version](#input\_target\_version) | Target version of Lambda function version to deploy | `string` | `""` | no |
 | <a name="input_triggers"></a> [triggers](#input\_triggers) | Map of triggers which will be notified when event happens. Valid options for event types are DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, DeploymentReady (Applies only to replacement instances in a blue/green deployment), InstanceStart, InstanceSuccess, InstanceFailure, InstanceReady. Note that not all are applicable for Lambda deployments. | `map(any)` | `{}` | no |
 | <a name="input_use_existing_app"></a> [use\_existing\_app](#input\_use\_existing\_app) | Whether to use existing AWS CodeDeploy app | `bool` | `false` | no |

modules/deploy/main.tf

@@ -123,6 +123,7 @@ resource "aws_codedeploy_app" "this" {
 
   name             = var.app_name
   compute_platform = "Lambda"
+  tags             = var.tags
 }
 
 resource "aws_codedeploy_deployment_group" "this" {
@@ -162,6 +163,8 @@ resource "aws_codedeploy_deployment_group" "this" {
       trigger_target_arn = trigger_configuration.value.target_arn
     }
   }
+
+  tags = var.tags
 }
 
 data "aws_iam_role" "codedeploy" {
@@ -175,6 +178,7 @@ resource "aws_iam_role" "codedeploy" {
 
   name               = coalesce(var.codedeploy_role_name, "${local.app_name}-codedeploy")
   assume_role_policy = data.aws_iam_policy_document.assume_role[0].json
+  tags               = var.tags
 }
 
 
@@ -217,6 +221,7 @@ resource "aws_iam_policy" "triggers" {
   count = var.create && var.create_codedeploy_role && var.attach_triggers_policy ? 1 : 0
 
   policy = data.aws_iam_policy_document.triggers[0].json
+  tags   = var.tags
 }
 
 resource "aws_iam_role_policy_attachment" "triggers" {

modules/deploy/variables.tf

@@ -4,6 +4,12 @@ variable "create" {
   default     = true
 }
 
+variable "tags" {
+  description = "A map of tags to assign to resources."
+  type        = map(string)
+  default     = {}
+}
+
 variable "alias_name" {
   description = "Name for the alias"
   type        = string

modules/deploy/versions.tf

@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.12.26"
 
   required_providers {
-    aws   = ">= 3.19"
+    aws   = ">= 3.35"
     local = ">= 1"
     null  = ">= 2"
   }

versions.tf

@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.12.26"
 
   required_providers {
-    aws      = ">= 3.19"
+    aws      = ">= 3.35"
     external = ">= 1"
     local    = ">= 1"
     random   = ">= 2"