Introduce the aws_ec2_tag resource for managing individual tags on EC2 resources

[joestump]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Adds support for tagging EC2 resources that may or may not be directly managed by Terraform. My team's primary use case is attaching tags to subnets/VPCs that are managed by other teams for EKS. See the docs on VPC and subnet tagging in EKS for more details.

NOTE: This also modifies how aws_subnet and aws_vpc manage the tags attribute. Basically, if tags isn't set or hasn't changed, then it's a noop. Otherwise, we end up with tags getting blown away by these resources even when they don't define a tags attribute.

Example

resource "aws_vpc" "example" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_ec2_tag" "example" {
  resource_id = "${aws_vpc.example.id}"
  key         = "Name"
  value       = "Hello World"
}

Tests

joestump-ltm:terraform-provider-aws joe.stump$ AWS_DEFAULT_REGION='us-west-1' make testacc TESTARGS='-run=TestAccAWSEc2ResourceTag*'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -parallel 20 -run=TestAccAWSEc2ResourceTag* -timeout 120m
?   	github.com/terraform-providers/terraform-provider-aws	[no test files]
=== RUN   TestAccAWSEc2ResourceTag_basic
=== PAUSE TestAccAWSEc2ResourceTag_basic
=== RUN   TestAccAWSEc2ResourceTag_subnet
=== PAUSE TestAccAWSEc2ResourceTag_subnet
=== CONT  TestAccAWSEc2ResourceTag_basic
=== CONT  TestAccAWSEc2ResourceTag_subnet
--- PASS: TestAccAWSEc2ResourceTag_basic (23.50s)
--- PASS: TestAccAWSEc2ResourceTag_subnet (24.93s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	25.184s

[joestump]

Merged in the latest from master and updated the resource to use a Retry as we were running into eventually consistent shenanigans.

[joestump]

Recent updates:

• Fixed conflict with master.
• Added support for timeout when tag is being created.
• Bumped the default timeout to 10 minutes.

[bflad]

FYI, relating to your original problem with tags, you may find the recently released provider-level ignore_tags functionality helpful. Kubernetes tagging issues was an example use case. 😄 In that context though, any of these individual service tag resources will bypass that provider-level configuration to be able to properly manage provider-level ignored tags.

[joestump]

@bflad it's a great new config option for sure. We still have a need to be able to tag things separately like this and have been running this patch in production for a while now. I'm working with my team to get this PR cleaned up for merge. 👍

[iambrianfallon]

@bflad I believe the changes I pushed up this morning should cover all of the changes you requested in your comment. the provider level ignore_tags feature appears to work for our use cases so I will keep an eye in here if there are any other changes you want us to make.

[bflad]

Thank you so much 🚀 Going to pull this in with a few minor enhancements such as import and in-place value update support.

[erikkn]

@joestump, thanks a bunch for taking your time and getting this in! Really great work 💪

[ghost]

This has been released in version 2.67.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!