Channels
#aws
Title
# aws
g
gentle-zoo-32137
08/30/2022, 3:26 PMIs there an easy way to have all AWS resources created by a stack include a tag with the stack name and/or project name?
I want to avoid having all our infra engineers need to repeat these tags for all resources. aws:defaultTags in the configuration seems to only support static tags, so each stack would need to configure these explicitly (which isn't terrible, but also seems redundant and error-prone).
s
straight-caravan-63576
08/30/2022, 3:54 PMI don't know for sure, may be you are looking for resource URN? https://www.pulumi.com/docs/intro/concepts/resources/names/#urns
f
full-artist-27215
08/30/2022, 4:07 PM@gentle-zoo-32137 I think the current state-of-the-art on this is still this blog post: https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/
We've had a copy of that code kicking around in our projects for about a year at this point. Works great, with one caveat: if you have any autoscaling groups, they put tags on in a slightly different way, which this post doesn't account for.
I can share a workaround for that if you're interested
g
gentle-zoo-32137
08/30/2022, 4:31 PMThanks! The auto-tagging part was what I was looking for. Although, relying on a static list of taggable resources (the "taggable" module) seems brittle - have you find a way to reasonable maintain or auto-generate this list?
f
full-artist-27215
08/30/2022, 4:34 PMIn practice, it hasn't been an issue. The list is pretty big as it is, and we generally stick to the "core" AWS resources for our infrastructure anyway. I suppose you could add some logging that would surface any AWS resources that you try to use that aren't currently in that list... that could provide a signal to you to update the list.
l
little-cartoon-10569
08/30/2022, 8:50 PMIn the classic (not-native) AWS module, the provider has the defaultTags property. I'm not sure how comprehensive it is, but it's likely to do what you need.
➕ 1
And it's much easier than either a policy or a stack transformation.
s
steep-toddler-94095
08/31/2022, 12:03 AM+1 for tenwit's suggestion. to add to what he said, this property will not retroactively apply to existing resources with no changes. The only time it's applied is on changes to a resource or on creation of a resource.
g
gentle-zoo-32137
08/31/2022, 7:36 AMI know
aws:defaultTagsproviderprovidersm
millions-furniture-75402
08/31/2022, 12:57 PMVery interested in the answer to that question myself, as I believe the default provider is tightly tied to the static stack configuration. I know you can define your own provider and explicitly pass it to each resource, but that's gross.
v
victorious-church-57397
08/31/2022, 1:05 PM@full-artist-27215 we implemented the autotagging solution as a node package so that developers could just add the package as a dependency and run
registerAutoTags()index.tsf
full-artist-27215
08/31/2022, 2:07 PM@victorious-church-57397 We just have it as a Python file in our repository. All our Pulumi projects are in a monorepo and can just share the same code.
v
victorious-church-57397
08/31/2022, 2:07 PMMakes sense, cheers for confirming mate :)
😎 1
m
millions-furniture-75402
08/31/2022, 7:24 PM@victorious-church-57397 we have implemented a similar pattern with a
pulumi-componentsv
victorious-church-57397
08/31/2022, 7:26 PM@millions-furniture-75402 I found it covered less than 50% of resources for auto tagging when we tried to implement it, would be curious to see the code if you could share it?
We experience problems with some of the resources stack transformations just not registering and we think it’s down to inter package dependency issues
m
millions-furniture-75402
08/31/2022, 7:28 PMAre you using the new registry components or custom components?
we basically did exactly what you did, stuffed the code from the blog post into a not package and call the function in our Pulumi plan
v
victorious-church-57397
08/31/2022, 7:29 PMWe’re just running a stack transformation across the resources in the stack, as per the blog post but it isn’t working for a lot of the resources in our stacks
I could understand it not working for custom resources but a lot of our stacks don’t leverage the custom resource
m
millions-furniture-75402
08/31/2022, 7:31 PMFWIW, I brought t up with our sales rep and CSM that this should be a first-class Pulumi maintained feature.
v
victorious-church-57397
08/31/2022, 7:32 PMAh we aren’t using the pulumi service just the open source stuff, I agree though it should definitely be a pulumi feature!
f
full-artist-27215
08/31/2022, 7:33 PM@millions-furniture-75402 Ooh, good point... I'll ping our rep on this as well 👍
m
millions-furniture-75402
08/31/2022, 7:33 PMI don't even mean in the Pulumi service, but rather the Providers or Engine
👍 1
v
victorious-church-57397
08/31/2022, 7:33 PMTo be fair I haven’t touched our auto tagging stuff for a while so might have another stab at it, see if anything’s sorted itself out. We were looking at potentially using peerDependencies to lock down the dependencies cross-packages
f
full-artist-27215
08/31/2022, 7:37 PMLooks like there's already an issue: https://github.com/pulumi/pulumi-aws/issues/1134
l
little-cartoon-10569
08/31/2022, 9:23 PMI know you can define your own provider and explicitly pass it to each resource, but that's gross.I have been hit by sooooo many problems caused by using default providers that we now have linting checks to ensure that no resource is ever created without an explicit provider. And the new(ish) stack option
pulumi:disable-default-providersm
millions-furniture-75402
09/01/2022, 1:08 PMYou're probably right, I've held off because it seems tedious and fattens up declarations.
I wish I could declare my own explicit provider the entire plan uses.
I have a related issue that might drive me to declare explicit providers anyway https://github.com/pulumi/pulumi-aws/issues/1366
Migrating to the latest
pulumi-aws7 Views