Merge pull request #11 from arunlalp/gitlab

[TEC-69] Update tag-policy module to enforce specific values

Author: arunlalp

environments/dev/tag-policy/main.tf

@@ -9,20 +9,12 @@ module "tag-policy" {
   policy_type = var.policy_type
   target_id   = var.target_id
 
-  name_tag_key            = var.name_tag_key
-  name_enforce_for_values = var.name_enforce_for_values
-
-  environment_tag_key            = var.environment_tag_key
-  environment_enforce_for_values = var.environment_enforce_for_values
-
-  owner_tag_key            = var.owner_tag_key
-  owner_tag_value          = var.owner_tag_value
-  owner_enforce_for_values = var.owner_enforce_for_values
-
-  costcenter_tag_key            = var.costcenter_tag_key
-  costcenter_tag_value          = var.costcenter_tag_value
-  costcenter_enforce_for_values = var.costcenter_enforce_for_values
-
-  application_tag_key            = var.application_tag_key
-  application_enforce_for_values = var.application_enforce_for_values
+  name_tag_key         = var.name_tag_key
+  environment_tag_key  = var.environment_tag_key
+  owner_tag_key        = var.owner_tag_key
+  owner_tag_value      = var.owner_tag_value
+  costcenter_tag_key   = var.costcenter_tag_key
+  costcenter_tag_value = var.costcenter_tag_value
+  application_tag_key  = var.application_tag_key
+  enforce_for_values   = var.enforce_for_values
 }

environments/dev/tag-policy/variables.tf

@@ -23,21 +23,11 @@ variable "name_tag_key" {
   description = "The tag key for the 'Name' tag."
 }
 
-variable "name_enforce_for_values" {
-  type        = list(string)
-  description = "A list of tag values to enforce for the 'Name' tag."
-}
-
 variable "environment_tag_key" {
   type        = string
   description = "The tag key for the 'Environment' tag."
 }
 
-variable "environment_enforce_for_values" {
-  type        = list(string)
-  description = "A list of tag values to enforce for the 'Environment' tag."
-}
-
 variable "owner_tag_key" {
   type        = string
   description = "The tag key for the 'Owner' tag."
@@ -48,11 +38,6 @@ variable "owner_tag_value" {
   description = "A list of valid tag values for the 'Owner' tag."
 }
 
-variable "owner_enforce_for_values" {
-  type        = list(string)
-  description = "A list of tag values to enforce for the 'Owner' tag."
-}
-
 variable "costcenter_tag_key" {
   type        = string
   description = "The tag key for the 'CostCenter' tag."
@@ -63,17 +48,12 @@ variable "costcenter_tag_value" {
   description = "A list of valid tag values for the 'CostCenter' tag."
 }
 
-variable "costcenter_enforce_for_values" {
-  type        = list(string)
-  description = "A list of tag values to enforce for the 'CostCenter' tag."
-}
-
 variable "application_tag_key" {
   type        = string
   description = "The tag key for the 'Application' tag."
 }
 
-variable "application_enforce_for_values" {
+variable "enforce_for_values" {
   type        = list(string)
   description = "A list of tag values to enforce for the 'Application' tag."
 }

modules/tag-policy/main.tf

@@ -12,25 +12,25 @@ resource "aws_organizations_policy" "tag_policy" {
     "tags" = {
       "Name" = {
         "tag_key"      = { "@@assign" = var.name_tag_key },
-        "enforced_for" = { "@@assign" = var.name_enforce_for_values }
+        "enforced_for" = { "@@assign" = var.enforce_for_values }
       },
       "Environment" = {
         "tag_key"      = { "@@assign" = var.environment_tag_key },
-        "enforced_for" = { "@@assign" = var.environment_enforce_for_values }
+        "enforced_for" = { "@@assign" = var.enforce_for_values }
       },
       "Owner" = {
         "tag_key"      = { "@@assign" = var.owner_tag_key },
         "tag_value"    = { "@@assign" = var.owner_tag_value },
-        "enforced_for" = { "@@assign" = var.owner_enforce_for_values }
+        "enforced_for" = { "@@assign" = var.enforce_for_values }
       },
       "CostCenter" = {
         "tag_key"      = { "@@assign" = var.costcenter_tag_key },
         "tag_value"    = { "@@assign" = var.costcenter_tag_value },
-        "enforced_for" = { "@@assign" = var.costcenter_enforce_for_values }
+        "enforced_for" = { "@@assign" = var.enforce_for_values }
       },
       "Application" = {
         "tag_key"      = { "@@assign" = var.application_tag_key },
-        "enforced_for" = { "@@assign" = var.application_enforce_for_values }
+        "enforced_for" = { "@@assign" = var.enforce_for_values }
       }
     }
   })

modules/tag-policy/variables.tf

@@ -23,21 +23,11 @@ variable "name_tag_key" {
   description = "The tag key for the 'Name' tag."
 }
 
-variable "name_enforce_for_values" {
-  type        = list(string)
-  description = "A list of tag values to enforce for the 'Name' tag."
-}
-
 variable "environment_tag_key" {
   type        = string
   description = "The tag key for the 'Environment' tag."
 }
 
-variable "environment_enforce_for_values" {
-  type        = list(string)
-  description = "A list of tag values to enforce for the 'Environment' tag."
-}
-
 variable "owner_tag_key" {
   type        = string
   description = "The tag key for the 'Owner' tag."
@@ -48,11 +38,6 @@ variable "owner_tag_value" {
   description = "A list of valid tag values for the 'Owner' tag."
 }
 
-variable "owner_enforce_for_values" {
-  type        = list(string)
-  description = "A list of tag values to enforce for the 'Owner' tag."
-}
-
 variable "costcenter_tag_key" {
   type        = string
   description = "The tag key for the 'CostCenter' tag."
@@ -63,17 +48,12 @@ variable "costcenter_tag_value" {
   description = "A list of valid tag values for the 'CostCenter' tag."
 }
 
-variable "costcenter_enforce_for_values" {
-  type        = list(string)
-  description = "A list of tag values to enforce for the 'CostCenter' tag."
-}
-
 variable "application_tag_key" {
   type        = string
   description = "The tag key for the 'Application' tag."
 }
 
-variable "application_enforce_for_values" {
+variable "enforce_for_values" {
   type        = list(string)
   description = "A list of tag values to enforce for the 'Application' tag."
 }

vars/dev/tag-policy.tfvars

@@ -4,21 +4,21 @@ policy_name = "Techiescamp"
 policy_type = "TAG_POLICY"
 target_id   = "814200988517"
 
-name_tag_key            = "Name"
-name_enforce_for_values = ["ec2:instance", "ec2:security-group"]
-
-environment_tag_key            = "Environment"
-environment_enforce_for_values = ["ec2:instance", "ec2:security-group"]
-
-owner_tag_key            = "Owner"
-owner_tag_value          = ["techiescamp"]
-owner_enforce_for_values = ["ec2:instance", "ec2:security-group"]
-
-costcenter_tag_key            = "CostCenter"
-costcenter_tag_value          = ["techiescamp-commerce"]
-costcenter_enforce_for_values = ["ec2:instance", "ec2:security-group"]
-
-application_tag_key            = "Application"
-application_enforce_for_values = ["ec2:instance", "ec2:security-group"]
+name_tag_key         = "Name"
+environment_tag_key  = "Environment"
+owner_tag_key        = "Owner"
+owner_tag_value      = ["techiescamp"]
+costcenter_tag_key   = "CostCenter"
+costcenter_tag_value = ["techiescamp-commerce"]
+application_tag_key  = "Application"
+enforce_for_values   = ["dynamodb:*", "ec2:dhcp-options", "ec2:elastic-ip", "ec2:fpga-image", "ec2:instance",
+                        "ec2:internet-gateway", "ec2:launch-template", "ec2:natgateway", "ec2:network-acl",
+                        "ec2:network-interface", "ec2:route-table", "ec2:security-group", "ec2:snapshot",
+                        "ec2:subnet", "ec2:volume", "ec2:vpc", "ec2:vpc-endpoint", "ec2:vpc-endpoint-service",
+                        "ec2:vpc-peering-connection", "ec2:vpn-connection", "ec2:vpn-gateway", "elasticfilesystem:*",
+                        "elasticloadbalancing:*", "iam:instance-profile", "iam:mfa", "iam:policy", "kms:*",
+                        "lambda:*", "rds:cluster-pg", "rds:cluster-endpoint", "rds:es", "rds:og", "rds:pg", "rds:db-proxy",
+                        "rds:db-proxy-endpoint", "rds:ri", "rds:secgrp", "rds:subgrp", "rds:target-group", "resource-groups:*",
+                        "route53:hostedzone", "s3:bucket", "s3:bucket"]