Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use default_tags in cloud-platform-environments #4378

Open
26 tasks
jakemulley opened this issue Feb 14, 2023 · 1 comment
Open
26 tasks

Use default_tags in cloud-platform-environments #4378

jakemulley opened this issue Feb 14, 2023 · 1 comment
Labels
operations-driven-engineering

Comments

@jakemulley
Copy link
Contributor

jakemulley commented Feb 14, 2023
edited
Loading

Background

The Cloud Platform provides Terraform modules for a variety of common services for use in the Cloud Platform.

Each module currently takes variable inputs to tag resources created by Terraform. However, they are not "standardised" and use different naming conventions (snake_case, kebab-case), and some resources created as part of the modules are not tagged at all.

As resources are typically named with a random ID, it makes identifying untagged services impossible.

Instead of tagging resources separately, we should use the default_tags configuration as part of the provider block in Terraform to simplify this for us.

Modules in scope

module count
github.com/ministryofjustice/cloud-platform-terraform-dms 2
github.com/ministryofjustice/cloud-platform-terraform-dynamodb-cluster 13
github.com/ministryofjustice/cloud-platform-terraform-ecr-credentials 218
github.com/ministryofjustice/cloud-platform-terraform-elasticache-cluster 193
github.com/ministryofjustice/cloud-platform-terraform-elasticsearch 20
github.com/ministryofjustice/cloud-platform-terraform-github-prototype 6
github.com/ministryofjustice/cloud-platform-terraform-irsa 35
github.com/ministryofjustice/cloud-platform-terraform-pushgateway 5
github.com/ministryofjustice/cloud-platform-terraform-rds-aurora 7
github.com/ministryofjustice/cloud-platform-terraform-rds-instance 329
github.com/ministryofjustice/cloud-platform-terraform-s3-bucket 170
github.com/ministryofjustice/cloud-platform-terraform-serviceaccount 164
github.com/ministryofjustice/cloud-platform-terraform-sns-topic 22
github.com/ministryofjustice/cloud-platform-terraform-sqs 515

Approach

Module by module, likely starting with the least used to the most used, this is the likely approach to take:

  • Remove explicit tags that are set in the module
  • Add the tags to the aws providers in namespace-resources-cli-template where the value is the variable from namespace-resources-cli-template's variables.tf (this is so new namespaces will already have it set)
  • Update the namespaces that use the module to include the same default_tags as namespace-resources-cli-template
  • Deploy the changes for the module

Which part of the user docs does this impact

Some users have GithubTeam set in their default provider, so we could simplify Accessing the AWS console (read-only).

We should audit the user guide to remove anywhere we ask users to set tags (and do it for them, instead).

Communicate changes

  • post for #cloud-platform-update
  • Weeknotes item
  • Show the Thing/P&A All Hands/User CoP
  • Announcements channel

We should also communicate changes to teams that use a template to create their namespace files, so they are up to date.

Questions / Assumptions

I have made the assumption that this is only going to apply to the aws provider for now, and that we will retain the default provider (unaliased), the london provider and the ireland provider.

Definition of done

  • ADR written
  • modules updated and deployed
    • github.com/ministryofjustice/cloud-platform-terraform-dms
    • github.com/ministryofjustice/cloud-platform-terraform-dynamodb-cluster
    • github.com/ministryofjustice/cloud-platform-terraform-ecr-credentials
    • github.com/ministryofjustice/cloud-platform-terraform-elasticache-cluster
    • github.com/ministryofjustice/cloud-platform-terraform-elasticsearch
    • github.com/ministryofjustice/cloud-platform-terraform-github-prototype
    • github.com/ministryofjustice/cloud-platform-terraform-irsa
    • github.com/ministryofjustice/cloud-platform-terraform-pushgateway
    • github.com/ministryofjustice/cloud-platform-terraform-rds-aurora
    • github.com/ministryofjustice/cloud-platform-terraform-rds-instance
    • github.com/ministryofjustice/cloud-platform-terraform-s3-bucket
    • github.com/ministryofjustice/cloud-platform-terraform-serviceaccount
    • github.com/ministryofjustice/cloud-platform-terraform-sns-topic
    • github.com/ministryofjustice/cloud-platform-terraform-sqs
    • github.com/ministryofjustice/cloud-platform-terraform-template
  • readme has been updated
  • user docs have been updated
  • another team member has reviewed
  • smoke tests are green
  • prepare demo for the team

Reference

How to write good user stories
@jakemulley jakemulley mentioned this issue Feb 14, 2023
Open
9 tasks
@jakemulley
Copy link
Contributor Author

jakemulley commented Feb 14, 2023
edited
Loading

You can't do the modules one-by-one if at least one of the tags remain the same, as you get this error (hashicorp/terraform-provider-aws#19204):

Error: "tags" are identical to those in the "default_tags" configuration block of the provider: please de-duplicate and try again

Will need some thinking 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
operations-driven-engineering
Projects
Cloud Platform
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jakemulley @AntonyBishop