feat: add Owner tag to AWS resources

nginxinc · Aug 18, 2023 · c37b84f · c37b84f
1 parent 4d351a4
commit c37b84f
Show file tree

Hide file tree

Showing 10 changed files with 83 additions and 13 deletions.
diff --git a/packer/nginx/aws/nginx.pkr.hcl b/packer/nginx/aws/nginx.pkr.hcl
@@ -87,6 +87,12 @@ source "amazon-ebs" "disk" {
   ssh_username                = "ubuntu"
   subnet_id                   = var.subnet_id
   associate_public_ip_address = true
+  tags                        = {
+    Base_AMI_ID = "{{ .SourceAMI }}"
+    Base_AMI_Name = "{{ .SourceAMIName }}"
+    Base_AMI_Owner = "{{ .SourceAMIOwner }}"
+    Extra = "{{ .SourceAMITags.TagName }}"
+  }
 }
 
 build {

diff --git a/packer/nms/aws/nms.pkr.hcl b/packer/nms/aws/nms.pkr.hcl
@@ -108,6 +108,12 @@ source "amazon-ebs" "disk" {
   ssh_username                = var.ssh_username
   subnet_id                   = var.subnet_id
   associate_public_ip_address = true
+  tags                        = {
+    Base_AMI_ID = "{{ .SourceAMI }}"
+    Base_AMI_Name = "{{ .SourceAMIName }}"
+    Base_AMI_Owner = "{{ .SourceAMIOwner }}"
+    Extra = "{{ .SourceAMITags.TagName }}"
+  }
 }
 
 build {

diff --git a/terraform/basic-reference/aws/compute.tf b/terraform/basic-reference/aws/compute.tf
@@ -44,6 +44,9 @@ module "agent_common" {
 resource "aws_key_pair" "bastion_key_pair" {
   key_name   = "bastion-key-pair"
   public_key = file(pathexpand(var.ssh_pub_key))
+  tags       = {
+    Owner = data.aws_caller_identity.current.user_id
+  }
 }
 
 
@@ -56,8 +59,9 @@ resource "aws_instance" "nms_example" {
   user_data                            = module.nms_common.nms_cloud_init.rendered
   user_data_replace_on_change          = true
   iam_instance_profile                 = aws_iam_instance_profile.nms_ssm.name
-  tags = {
-    Name = "nms_example"
+  tags                                 = {
+    Name  = "nms_example"
+    Owner = data.aws_caller_identity.current.user_id
   }
 }
 
@@ -69,8 +73,9 @@ resource "aws_instance" "bastion_example" {
   subnet_id                            = local.public_subnet_id
   associate_public_ip_address          = true
   key_name                             = aws_key_pair.bastion_key_pair.key_name 
-  tags = {
-    Name = "bastion_host"
+  tags                                 = {
+    Name  = "bastion_host"
+    Owner = data.aws_caller_identity.current.user_id
   }
 }
 
@@ -87,6 +92,7 @@ resource "aws_instance" "agent_example" {
   user_data_replace_on_change          = true
   user_data                            = module.agent_common.agent_cloud_init.rendered
   tags                                 = {
-    Name = "agent_example"
+    Name  = "agent_example"
+    Owner = data.aws_caller_identity.current.user_id
   }
 }
diff --git a/terraform/basic-reference/aws/networking.tf b/terraform/basic-reference/aws/networking.tf
@@ -89,7 +89,8 @@ module "nms_alb" {
 
 
   tags = {
-    Environment = "NMS"
+    Environment = "Control Plane"
+    Owner       = data.aws_caller_identity.current.user_id
   }
 }
 
@@ -130,6 +131,7 @@ module "agents_alb" {
   ]
 
   tags = {
-    Environment = "Agents"
+    Environment = "Data Plane"
+    Owner       = data.aws_caller_identity.current.user_id
   }
 }
diff --git a/terraform/basic-reference/aws/providers.tf b/terraform/basic-reference/aws/providers.tf
@@ -18,4 +18,11 @@ terraform {
 
 provider "aws" {
   region = var.aws_region
+  default_tags {
+    tags = {
+      Deployment = "NGINX Management Suite Basic Reference Architecture"
+    }
+  }
 }
+
+data "aws_caller_identity" "current" {}
diff --git a/terraform/basic-reference/aws/security.tf b/terraform/basic-reference/aws/security.tf
@@ -33,7 +33,8 @@ resource "aws_security_group" "nms_alb_secgroup" {
   name   = "nms-alb-secgroup"
   vpc_id = local.vpc_id
   tags = {
-    Name = "nms-alb-secgroup"
+    Name  = "nms-alb-secgroup"
+    Owner = data.aws_caller_identity.current.user_id
   }
 
   ingress {
@@ -59,7 +60,8 @@ resource "aws_security_group" "agent_alb_secgroup" {
   name   = "agent-alb-secgroup"
   vpc_id = local.vpc_id
   tags = {
-    Name = "agent-alb-secgroup"
+    Name  = "agent-alb-secgroup"
+    Owner = data.aws_caller_identity.current.user_id
   }
 
   ingress {
@@ -92,7 +94,8 @@ resource "aws_security_group" "nms_secgroup" {
   name   = "nms-secgroup"
   vpc_id = local.vpc_id
   tags = {
-    Name = "nms-secgroup"
+    Name  = "nms-secgroup"
+    Owner = data.aws_caller_identity.current.user_id
   }
 
   ingress {
@@ -125,7 +128,8 @@ resource "aws_security_group" "bastion_secgroup" {
   name   = "bastion-secgroup"
   vpc_id = local.vpc_id
   tags = {
-    Name = "bastion-secgroup"
+    Name  = "bastion-secgroup"
+    Owner = data.aws_caller_identity.current.user_id
   }
 
   ingress {
@@ -151,7 +155,8 @@ resource "aws_security_group" "agent_secgroup" {
   name   = "agent-secgroup"
   vpc_id = local.vpc_id
   tags = {
-    Name = "agent-secgroup"
+    Name  = "agent-secgroup"
+    Owner = data.aws_caller_identity.current.user_id
   }
 
   ingress {

diff --git a/terraform/basic-reference/aws/ssm.tf b/terraform/basic-reference/aws/ssm.tf
@@ -7,6 +7,9 @@
 
 resource "aws_iam_role" "nms_ec2_assume_role" {
   name = "nms_ec2_assume_role"
+  tags = {
+    Owner = data.aws_caller_identity.current.user_ids
+  }
 
   assume_role_policy = <<EOF
 {
@@ -28,16 +31,25 @@ EOF
 resource "aws_iam_role_policy_attachment" "nms_ssm" {
   role       = aws_iam_role.nms_ec2_assume_role.name
   policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  tags       = {
+    Owner = data.aws_caller_identity.current.user_id
+  }
 }
 
 resource "aws_iam_instance_profile" "nms_ssm" {
   name = "nms_ssm"
   role = aws_iam_role.nms_ec2_assume_role.name
+  tags = {
+    Owner = data.aws_caller_identity.current.user_id
+  }
 }
 
 resource "aws_ssm_document" "restart_adm" {
   name          = "restart-adm"
   document_type = "Command"
+  tags          = {
+    Owner = data.aws_caller_identity.current.user_id
+  }
 
   content = <<DOC
   {
@@ -67,4 +79,7 @@ resource "aws_ssm_association" "restart_adm" {
     key    = "InstanceIds"
     values = [aws_instance.nms_example.id]
   }
+  tags = {
+    Owner = data.aws_caller_identity.current.user_id
+  }
 }
diff --git a/terraform/basic-reference/aws/storage.tf b/terraform/basic-reference/aws/storage.tf
@@ -9,6 +9,9 @@ resource "aws_ebs_volume" "disks" {
   count             = length(local.disks)
   availability_zone = random_shuffle.random_az.result[0]
   size              = local.disks[count.index].size
+  tags              = {
+    Owner = data.aws_caller_identity.current.user_id
+  }
 }
 
 resource "aws_volume_attachment" "disks" {
@@ -17,4 +20,7 @@ resource "aws_volume_attachment" "disks" {
   volume_id                      = aws_ebs_volume.disks[count.index].id
   instance_id                    = aws_instance.nms_example.id
   stop_instance_before_detaching = true
+  tags                           = {
+    Owner = data.aws_caller_identity.current.user_id
+  }
 }
diff --git a/terraform/basic-reference/aws/vpc.tf b/terraform/basic-reference/aws/vpc.tf
@@ -19,6 +19,7 @@ module "vpc" {
   tags = {
     Terraform   = "true"
     Environment = "dev"
+    Owner       = data.aws_caller_identity.current.user_id
   }
 }
 

diff --git a/terraform/standalone/nms/aws/main.tf b/terraform/standalone/nms/aws/main.tf
@@ -18,8 +18,15 @@ terraform {
 
 provider "aws" {
   region = var.aws_region
+  default_tags {
+    tags = {
+      Deployment = "NGINX Management Suite Standalone"
+    }
+  }
 }
 
+data "aws_caller_identity" "current" {}
+
 data "aws_availability_zones" "available_zones" {
   state         = "available"
   exclude_names = ["us-west-2d"]
@@ -95,6 +102,7 @@ module "vpc" {
   tags = {
     Terraform   = "true"
     Environment = "dev"
+    Owner       = data.aws_caller_identity.current.user_id
   }
 }
 
@@ -116,7 +124,8 @@ resource "aws_instance" "nms_example" {
   user_data_replace_on_change          = true
   user_data                            = module.nms_common.nms_cloud_init.rendered
   tags = {
-    Name = "nms_example"
+    Name  = "nms_example"
+    Owner = data.aws_caller_identity.current.user_id
   }
 }
 
@@ -125,6 +134,7 @@ resource "aws_security_group" "nms-secgroup" {
   vpc_id = local.vpc_id
   tags = {
     Name = "nms-secgroup"
+    Owner = data.aws_caller_identity.current.user_id
   }
 
   ingress {
@@ -158,6 +168,9 @@ resource "aws_ebs_volume" "disks" {
   count             = length(local.disks)
   availability_zone = random_shuffle.random_az.result[0]
   size              = local.disks[count.index].size
+  tags              = {
+    Owner = data.aws_caller_identity.current.user_id
+  }
 }
 
 resource "aws_volume_attachment" "disks" {
@@ -166,4 +179,7 @@ resource "aws_volume_attachment" "disks" {
   volume_id                      = aws_ebs_volume.disks[count.index].id
   instance_id                    = aws_instance.nms_example.id
   stop_instance_before_detaching = true
+  tags                           = {
+    Owner = data.aws_caller_identity.current.user_id
+  }
 }