Merge pull request #8 from olhado/tagged-resources

olhado · web-flow · commit 7897c3e0c5dc · 2020-09-22T17:44:00.000-04:00
Tagged resources
diff --git a/README.md b/README.md
@@ -169,7 +169,8 @@ module "threatstack_aws_integration" {
     sns_topic_display_name  = string # Defaults to "Threat Stack integration topic."
     sqs_queue_name          = string # Defaults to "ThreatStackIntegration"
     s3_bucket_name          = string # Defaults to "threatstack-integration"
-    s3_force_destroy        = string # Defaults to "/"
+    s3_bucket_prefix        = string # Defaults to "/"
+    tags                    = map    # Defaults to {} (empty map)
   }
 
   #...
@@ -191,6 +192,8 @@ module "threatstack_aws_integration" {
 
 * ___aws_optional_conf.s3_bucket_prefix (optional):___ S3 prefix path for logs.  Useful is using a bucket used by other services. (Not recommended)
 
+* ___aws_optional_conf.tags(optional):___ Map of tags to apply to all resources.
+
 ##### Using existing cloudtrail infrastructure
 
 If you already have your Cloudtrail set up, with its corresponding cloudwatch log group and S3 bucket, you can configure this module to use this infrastructure by setting the following settings. The module will still set up the SQS and SNS resources required, as well as the various IAM resources to allow for the integration to talk to Threat Stack's platform.
diff --git a/aws_cloudtrail.tf b/aws_cloudtrail.tf
@@ -18,6 +18,7 @@ resource "aws_cloudwatch_log_group" "ct" {
   count = var.existing_cloudtrail != null ? 0 : 1 # Don't create this if using an existing cloudtrail
 
   name = "/aws/cloudtrail/${var.aws_optional_conf.cloudtrail_name}"
+  tags = var.aws_optional_conf.tags
 
   depends_on = [
     aws_iam_role_policy.ct,
@@ -29,6 +30,8 @@ resource "aws_iam_role" "ct" {
   count = var.existing_cloudtrail != null ? 0 : 1 # Don't create this if using an existing cloudtrail
 
   name               = "${var.aws_optional_conf.cloudtrail_name}-CloudTrailToCloudWatch"
+  tags               = var.aws_optional_conf.tags
+
   assume_role_policy = data.template_file.aws_iam_cloudtrail_to_cloudwatch_assume_role_policy.rendered
 }
 
@@ -44,6 +47,8 @@ resource "aws_cloudtrail" "ct" {
   count = var.existing_cloudtrail != null ? 0 : 1 # Don't create this if using an existing cloudtrail
 
   name                          = var.aws_optional_conf.cloudtrail_name
+  tags                          = var.aws_optional_conf.tags
+
   s3_bucket_name                = aws_s3_bucket.bucket[0].id
   enable_logging                = var.aws_flags.enable_logging
   enable_log_file_validation    = var.aws_flags.enable_log_file_validation
diff --git a/aws_iam_role.tf b/aws_iam_role.tf
@@ -22,6 +22,8 @@ data "template_file" "aws_iam_role_policy" {
 
 resource "aws_iam_role" "role" {
   name               = var.aws_optional_conf.iam_role_name
+  tags               = var.aws_optional_conf.tags
+
   assume_role_policy = data.template_file.aws_iam_assume_role_policy.rendered
 }
 
diff --git a/aws_s3_bucket.tf b/aws_s3_bucket.tf
@@ -22,10 +22,10 @@ resource "aws_s3_bucket" "bucket" {
     enabled = "false"
   }
   force_destroy = var.aws_flags.s3_force_destroy
-  tags = {
-    terraform = "true"
-  }
-  depends_on = [aws_sns_topic_subscription.sqs]
+
+  tags          = var.aws_optional_conf.tags
+
+  depends_on    = [aws_sns_topic_subscription.sqs]
 }
 
 resource "aws_s3_bucket_policy" "bucket" {
diff --git a/aws_sns_topic.tf b/aws_sns_topic.tf
@@ -6,6 +6,8 @@ data "template_file" "aws_sns_topic_policy" {
 
 resource "aws_sns_topic" "sns" {
   name         = var.aws_optional_conf.sns_topic_name
+  tags         = var.aws_optional_conf.tags
+
   display_name = var.aws_optional_conf.sns_topic_display_name
   depends_on   = [aws_iam_role.role]
 }
diff --git a/aws_sqs_queue.tf b/aws_sqs_queue.tf
@@ -9,6 +9,8 @@ data "template_file" "aws_sqs_queue_policy" {
 
 resource "aws_sqs_queue" "sqs" {
   name       = var.aws_optional_conf.sqs_queue_name
+  tags       = var.aws_optional_conf.tags
+
   depends_on = [aws_sns_topic_policy.sns]
 }
 
diff --git a/variables.tf b/variables.tf
@@ -81,6 +81,7 @@ variable "aws_optional_conf" {
     sqs_queue_name         = string
     s3_bucket_name         = string
     s3_bucket_prefix       = string
+    tags                   = map(string)
   })
 
   default = {
@@ -91,5 +92,6 @@ variable "aws_optional_conf" {
     sqs_queue_name         = "ThreatStackIntegration"
     s3_bucket_name         = "threatstack-integration"
     s3_bucket_prefix       = "/"
+    tags                   = {}
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,8 @@ data "template_file" "aws_iam_role_policy" {`
`22`	`22`
`23`	`23`	`resource "aws_iam_role" "role" {`
`24`	`24`	`name = var.aws_optional_conf.iam_role_name`
	`25`	`+ tags = var.aws_optional_conf.tags`
	`26`	`+`
`25`	`27`	`assume_role_policy = data.template_file.aws_iam_assume_role_policy.rendered`
`26`	`28`	`}`
`27`	`29`
Original file line number	Diff line number	Diff line change
`@@ -22,10 +22,10 @@ resource "aws_s3_bucket" "bucket" {`
`22`	`22`	`enabled = "false"`
`23`	`23`	`}`
`24`	`24`	`force_destroy = var.aws_flags.s3_force_destroy`
`25`		`- tags = {`
`26`		`- terraform = "true"`
`27`		`- }`
`28`		`- depends_on = [aws_sns_topic_subscription.sqs]`
	`25`	`+`
	`26`	`+ tags = var.aws_optional_conf.tags`
	`27`	`+`
	`28`	`+ depends_on = [aws_sns_topic_subscription.sqs]`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`resource "aws_s3_bucket_policy" "bucket" {`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,8 @@ data "template_file" "aws_sns_topic_policy" {`
`6`	`6`
`7`	`7`	`resource "aws_sns_topic" "sns" {`
`8`	`8`	`name = var.aws_optional_conf.sns_topic_name`
	`9`	`+ tags = var.aws_optional_conf.tags`
	`10`	`+`
`9`	`11`	`display_name = var.aws_optional_conf.sns_topic_display_name`
`10`	`12`	`depends_on = [aws_iam_role.role]`
`11`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,8 @@ data "template_file" "aws_sqs_queue_policy" {`
`9`	`9`
`10`	`10`	`resource "aws_sqs_queue" "sqs" {`
`11`	`11`	`name = var.aws_optional_conf.sqs_queue_name`
	`12`	`+ tags = var.aws_optional_conf.tags`
	`13`	`+`
`12`	`14`	`depends_on = [aws_sns_topic_policy.sns]`
`13`	`15`	`}`
`14`	`16`
Original file line number	Diff line number	Diff line change
`@@ -81,6 +81,7 @@ variable "aws_optional_conf" {`
`81`	`81`	`sqs_queue_name = string`
`82`	`82`	`s3_bucket_name = string`
`83`	`83`	`s3_bucket_prefix = string`
	`84`	`+ tags = map(string)`
`84`	`85`	`})`
`85`	`86`
`86`	`87`	`default = {`
`@@ -91,5 +92,6 @@ variable "aws_optional_conf" {`
`91`	`92`	`sqs_queue_name = "ThreatStackIntegration"`
`92`	`93`	`s3_bucket_name = "threatstack-integration"`
`93`	`94`	`s3_bucket_prefix = "/"`
	`95`	`+ tags = {}`
`94`	`96`	`}`
`95`	`97`	`}`