https://pulumi.com logo
#aws
Title
# aws
g

gentle-zoo-32137

08/30/2022, 3:26 PM
Is there an easy way to have all AWS resources created by a stack include a tag with the stack name and/or project name? I want to avoid having all our infra engineers need to repeat these tags for all resources. aws:defaultTags in the configuration seems to only support static tags, so each stack would need to configure these explicitly (which isn't terrible, but also seems redundant and error-prone).
s

straight-caravan-63576

08/30/2022, 3:54 PM
I don't know for sure, may be you are looking for resource URN? https://www.pulumi.com/docs/intro/concepts/resources/names/#urns
f

full-artist-27215

08/30/2022, 4:07 PM
@gentle-zoo-32137 I think the current state-of-the-art on this is still this blog post: https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/
We've had a copy of that code kicking around in our projects for about a year at this point. Works great, with one caveat: if you have any autoscaling groups, they put tags on in a slightly different way, which this post doesn't account for.
I can share a workaround for that if you're interested
g

gentle-zoo-32137

08/30/2022, 4:31 PM
Thanks! The auto-tagging part was what I was looking for. Although, relying on a static list of taggable resources (the "taggable" module) seems brittle - have you find a way to reasonable maintain or auto-generate this list?
f

full-artist-27215

08/30/2022, 4:34 PM
In practice, it hasn't been an issue. The list is pretty big as it is, and we generally stick to the "core" AWS resources for our infrastructure anyway. I suppose you could add some logging that would surface any AWS resources that you try to use that aren't currently in that list... that could provide a signal to you to update the list.
l

little-cartoon-10569

08/30/2022, 8:50 PM
In the classic (not-native) AWS module, the provider has the defaultTags property. I'm not sure how comprehensive it is, but it's likely to do what you need.
1
And it's much easier than either a policy or a stack transformation.
s

steep-toddler-94095

08/31/2022, 12:03 AM
+1 for tenwit's suggestion. to add to what he said, this property will not retroactively apply to existing resources with no changes. The only time it's applied is on changes to a resource or on creation of a resource.
g

gentle-zoo-32137

08/31/2022, 7:36 AM
I know
aws:defaultTags
can be set via the configuration, but if I want to programmatically set those tags - can I somehow do that in the default provider, or must I instantiate my own provider and specify it explicitly via the
provider
or
providers
options for all resources?
m

millions-furniture-75402

08/31/2022, 12:57 PM
Very interested in the answer to that question myself, as I believe the default provider is tightly tied to the static stack configuration. I know you can define your own provider and explicitly pass it to each resource, but that's gross.
v

victorious-church-57397

08/31/2022, 1:05 PM
@full-artist-27215 we implemented the autotagging solution as a node package so that developers could just add the package as a dependency and run
registerAutoTags()
in the
index.ts
but saw some behaviour where due to pulumi inter-dependencies it was only working on a handful of the resources. How did you implement it?
f

full-artist-27215

08/31/2022, 2:07 PM
@victorious-church-57397 We just have it as a Python file in our repository. All our Pulumi projects are in a monorepo and can just share the same code.
v

victorious-church-57397

08/31/2022, 2:07 PM
Makes sense, cheers for confirming mate :)
😎 1
m

millions-furniture-75402

08/31/2022, 7:24 PM
@victorious-church-57397 we have implemented a similar pattern with a
pulumi-components
node js package that is shared between projects and handles Custom Component Resources and autotagging. It does have some gaps in the coverage of resources, as you've noted, but it gets the majority for our use cases.
v

victorious-church-57397

08/31/2022, 7:26 PM
@millions-furniture-75402 I found it covered less than 50% of resources for auto tagging when we tried to implement it, would be curious to see the code if you could share it?
We experience problems with some of the resources stack transformations just not registering and we think it’s down to inter package dependency issues
m

millions-furniture-75402

08/31/2022, 7:28 PM
Are you using the new registry components or custom components?
we basically did exactly what you did, stuffed the code from the blog post into a not package and call the function in our Pulumi plan
v

victorious-church-57397

08/31/2022, 7:29 PM
We’re just running a stack transformation across the resources in the stack, as per the blog post but it isn’t working for a lot of the resources in our stacks
I could understand it not working for custom resources but a lot of our stacks don’t leverage the custom resource
m

millions-furniture-75402

08/31/2022, 7:31 PM
FWIW, I brought t up with our sales rep and CSM that this should be a first-class Pulumi maintained feature.
v

victorious-church-57397

08/31/2022, 7:32 PM
Ah we aren’t using the pulumi service just the open source stuff, I agree though it should definitely be a pulumi feature!
f

full-artist-27215

08/31/2022, 7:33 PM
@millions-furniture-75402 Ooh, good point... I'll ping our rep on this as well 👍
m

millions-furniture-75402

08/31/2022, 7:33 PM
I don't even mean in the Pulumi service, but rather the Providers or Engine
👍 1
v

victorious-church-57397

08/31/2022, 7:33 PM
To be fair I haven’t touched our auto tagging stuff for a while so might have another stab at it, see if anything’s sorted itself out. We were looking at potentially using peerDependencies to lock down the dependencies cross-packages
f

full-artist-27215

08/31/2022, 7:37 PM
Looks like there's already an issue: https://github.com/pulumi/pulumi-aws/issues/1134
l

little-cartoon-10569

08/31/2022, 9:23 PM
I know you can define your own provider and explicitly pass it to each resource, but that's gross.
I have been hit by sooooo many problems caused by using default providers that we now have linting checks to ensure that no resource is ever created without an explicit provider. And the new(ish) stack option
pulumi:disable-default-providers
is great, too. Explicit providers will save you, someday!
m

millions-furniture-75402

09/01/2022, 1:08 PM
You're probably right, I've held off because it seems tedious and fattens up declarations. I wish I could declare my own explicit provider the entire plan uses. I have a related issue that might drive me to declare explicit providers anyway https://github.com/pulumi/pulumi-aws/issues/1366
Migrating to the latest
pulumi-aws
MAJOR version is going to be painful for us.
7 Views