Add default tagging

.github/workflows/deploy-sandbox.yml

@@ -0,0 +1,24 @@
+name: Deploy Sandbox Environment
+
+on:
+    pull_request:
+        branches: [ main ]
+    push:
+        branches: [ main ]
+permissions:
+    id-token: write
+    contents: read
+
+jobs:
+    call-terragrunt-deploy:
+        permissions:
+            contents: read
+            id-token: write
+        uses: ./.github/workflows/terragrunt-deploy.yml
+        with:
+            tf_version: '1.5.5'
+            tg_version: '0.54.11'
+            environment: sandbox
+            region: us-east-2
+            env_id: '000'
+        secrets: inherit

.github/workflows/terragrunt-deploy.yml

@@ -45,6 +45,15 @@ jobs:
           test -z "${{ vars.DEPLOY_ROLE_ARN }}" && (echo "::error title=Repository Configuration Incomplete::This repository is missing an environment variable for DEPLOY_ROLE_ARN in the ${{ inputs.environment }} environment!"; raised=1)
           exit $raised
 
+      - name: "Set default Terraform Tags"
+        id: set-tags
+        run: |
+            set -x
+            echo "${{ github.repository }}" | cut -d "/" -f 2 > repo.txt
+            echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT"
+            echo "TF_VAR_repository_tag=$(cat repo.txt)" >> "$GITHUB_OUTPUT"
+            echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT"
+
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@a95656fcd9ec16a226c7099657b9fc91cc777601
         with:
@@ -59,6 +68,9 @@ jobs:
             AWS_REGION: ${{ inputs.region }}
             INPUT_PRE_EXEC_0: |
               sudo apt update -yqq && sudo apt install python3 -yqq
+            TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }}
+            TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }}
+            TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }}
         with:
           tf_version: ${{ inputs.tf_version }}
           tg_version: ${{ inputs.tg_version }}
@@ -68,10 +80,13 @@ jobs:
       - name: Deploy
         uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1
         env:
-          AWS_REGION: ${{ inputs.region }}
-          TERRAFORM_PLAN: ${{ steps.plan.outputs.TERRAFORM_PLAN }}
-          INPUT_PRE_EXEC_0: |
-            sudo apt update -yqq && sudo apt install python3 -yqq
+            AWS_REGION: ${{ inputs.region }}
+            TERRAFORM_PLAN: ${{ steps.plan.outputs.TERRAFORM_PLAN }}
+            INPUT_PRE_EXEC_0: |
+              sudo apt update -yqq && sudo apt install python3 -yqq
+            TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }}
+            TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }}
+            TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }}
         with:
           tf_version: ${{ inputs.tf_version }}
           tg_version: ${{ inputs.tg_version }}

terragrunt.hcl

@@ -24,12 +24,41 @@ generate "provider" {
   contents  = <<EOF
 provider "aws" {
   region  = "${local.region}"
+
+  default_tags {
+    tags = {
+      Organization = var.organization_tag
+      Repository = var.repository_tag
+      CommitHash = var.commit_hash_tag
+    }
+  }
 }
 
 provider "aws" {
   alias   = "global"
   region  = "us-east-1"
+
+  default_tags {
+    tags = {
+      Organization = var.organization_tag
+      Repository = var.repository_tag
+      CommitHash = var.commit_hash_tag
+    }
+  }
+}
+
+variable "organization_tag" {
+  type = string
 }
+
+variable "repository_tag" {
+  type = string
+}
+
+variable "commit_hash_tag" {
+  type = string
+}
+
 EOF
 }