Tagging Strategy in Terraform

Photo by Faris Mohammed on Unsplash

Background

What is tag?

I use the term, tag, in this blog but it is referred to the concept for both Labels(GCP) and Tags(Azure). Tag is key-value pair to organize your resources in the cloud service. And resources can be filtered based on your tags. Some of the use cases for tags are for cost center, environment, and Data classification.

why is tag?

You might not need tags if you only have one environment with just experimental project. However; if you plan to have a project with different environments, I think it’s good idea to at least think about adding tags. It helps to organize resources.

Why did we need tags?

We did not think we needed tags in the beginning as we are very small teams with minimum users but when we started adding more features, we realized that we were loosing track on what resources were created manually and what resources were created by terraform. Yeah…, I know we shouldn’t have created resource manually. But this was shared dev environment and we wanted to experiment quickly before sending official pr.

Since we are a small startup trying to move as quickly as possible, we did not want to ponder about what tags to put. We quickly decided to put minimum tags we need and forget the rest. We will come back when we need more tags. Because we cannot increase cost of maintenance as we are already over working, we had to choose an automated solution.

Strategy

Our requirements are

1. Differentiate between manually created resources and resources created by terraform
2. Understand which resources belong to which environment(dev, stage, or prod)
3. Automatically add tags

First two issues can be resolved by adding iac and env tags. Third issue, we explored terratag by env0

terratag

Terratag is a CLI tool allowing for tags or labels to be applied across an entire set of Terraform files. Terratag will apply tags or labels to any AWS, GCP and Azure resources.

Solution in Practice

We are using Azure DevOps (ADO) for CICD pipeline and GCP for the cloud service. For the repeatability, we are using template from ADO.

parameters:
- name: env
steps:
- task: Bash@3
  displayName: ‘terratag Install’
  inputs:
    targetType: ‘inline’
    script: ‘brew install env0/terratag/terratag’
- task: TerraformTaskV2@2
  displayName: ‘Terraform Init’
  inputs:
    provider: ‘gcp’
    command: ‘init’
    backendServiceGCP: ‘xxx’
    backendGCPBucketName: ‘xxx’
    backendGCPPrefix: ${{ parameters.env }}
- task: Bash@3
  displayName: ‘Terraform Tagging’
  inputs:
    targetType: ‘inline’
    script: “terratag -tags=’{\”env\”: \”${{ parameters.env }}\”, \”iac\”: \”terraform\”}’”

References

• https://medium.com/@sachin.d.shinde/cloud-resource-labeling-strategy-using-terraform-bee51364b0fe
• Terratag by env0
• GitHub Actions + Terratag. Overview: | by Tim Davis | env0 | Medium