Introduce the aws_ec2_tag resource for managing individual tags on EC2 resources

aws/provider.go

@@ -530,6 +530,7 @@ func Provider() terraform.ResourceProvider {
  "aws_ec2_client_vpn_endpoint": resourceAwsEc2ClientVpnEndpoint(),
  "aws_ec2_client_vpn_network_association": resourceAwsEc2ClientVpnNetworkAssociation(),
  "aws_ec2_fleet": resourceAwsEc2Fleet(),
+ "aws_ec2_tag": resourceAwsEc2Tag(),
  "aws_ec2_traffic_mirror_filter": resourceAwsEc2TrafficMirrorFilter(),
  "aws_ec2_traffic_mirror_filter_rule": resourceAwsEc2TrafficMirrorFilterRule(),
  "aws_ec2_traffic_mirror_target": resourceAwsEc2TrafficMirrorTarget(),

aws/resource_aws_ec2_tag.go

@@ -0,0 +1,180 @@
+package aws
+
+import (
+ "fmt"
+ "log"
+ "strings"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/service/ec2"
+ "github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func resourceAwsEc2Tag() *schema.Resource {
+ return &schema.Resource{
+ Create: resourceAwsEc2TagCreate,
+ Read: resourceAwsEc2TagRead,
+ Delete: resourceAwsEc2TagDelete,
+
+ Schema: map[string]*schema.Schema{
+ "resource_id": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ },
+ "key": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ },
+ "value": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ },
+ },
+ }
+}
+
+func extractResourceIDAndKeyFromEc2TagID(id string) (string, string, error) {
+ parts := strings.Split(id, ":")
+
+ if len(parts) != 2 {
+ return "", "", fmt.Errorf("Invalid resource ID; cannot look up resource: %s", id)
+ }
+
+ return parts[0], parts[1], nil
+}
+
+func resourceAwsEc2TagCreate(d *schema.ResourceData, meta interface{}) error {
+ conn := meta.(*AWSClient).ec2conn
+
+ resourceID := d.Get("resource_id").(string)
+ key := d.Get("key").(string)
+ value := d.Get("value").(string)
+
+ _, err := conn.CreateTags(&ec2.CreateTagsInput{
+ Resources: []*string{aws.String(resourceID)},
+ Tags: []*ec2.Tag{
+ {
+ Key: aws.String(key),
+ Value: aws.String(value),
+ },
+ },
+ })
+
+ if err != nil {
+ return fmt.Errorf("error creating EC2 Tag (%s) for resource (%s): %w", key, resourceID, err)
+ }
+
+ // Handle EC2 eventual consistency on creation
+ log.Printf("[DEBUG] Waiting for tag %s on resource %s to become available", key, resourceID)
+ retryError := resource.Retry(5*time.Minute, func() *resource.RetryError {
+ var tags *ec2.DescribeTagsOutput
+ tags, err = conn.DescribeTags(&ec2.DescribeTagsInput{
+ Filters: []*ec2.Filter{
+ {
+ Name: aws.String("resource-id"),
+ Values: []*string{aws.String(resourceID)},
+ },
+ {
+ Name: aws.String("key"),
+ Values: []*string{aws.String(key)},
+ },
+ },
+ })
+
+ if err != nil {
+ return resource.NonRetryableError(err)
+ }
+
+ // tag not found _yet_
+ if len(tags.Tags) == 0 {
+ return resource.RetryableError(&resource.NotFoundError{})
+ }
+
+ return nil
+ })
+
+ if retryError != nil {
+ if isResourceNotFoundError(err) {
+ return fmt.Errorf("error creating EC2 Tag (%s) on resource (%s): %w", key, resourceID, err)
+ }
+ }
+
+ d.SetId(fmt.Sprintf("%s:%s", resourceID, key))
+ return resourceAwsEc2TagRead(d, meta)
+}
+
+func resourceAwsEc2TagRead(d *schema.ResourceData, meta interface{}) error {
+ conn := meta.(*AWSClient).ec2conn
+ id, _, err := extractResourceIDAndKeyFromEc2TagID(d.Id())
+
+ if err != nil {
+ return err
+ }
+
+ key := d.Get("key").(string)
+ var tags *ec2.DescribeTagsOutput
+
+ tags, err = conn.DescribeTags(&ec2.DescribeTagsInput{
+ Filters: []*ec2.Filter{
+ {
+ Name: aws.String("resource-id"),
+ Values: []*string{aws.String(id)},
+ },
+ {
+ Name: aws.String("key"),
+ Values: []*string{aws.String(key)},
+ },
+ },
+ })
+
+ if err != nil {
+ return fmt.Errorf("error reading EC2 Tag (%s) on resource (%s): %w", key, id, err)
+ }
+
+ if len(tags.Tags) == 0 {
+ // The API call did not fail but the tag does not exists on resource
+ // Did not find the tag, as per contract with TF report:https://www.terraform.io/docs/extend/writing-custom-providers.html
+ log.Printf("[WARN]There are no tags on resource %s", id)
+ d.SetId("")
+ return nil
+ }
+
+ if len(tags.Tags) != 1 {
+ return fmt.Errorf("Expected exactly 1 tag, got %d tags for key %s", len(tags.Tags), key)
+ }
+
+ tag := tags.Tags[0]
+ d.Set("value", aws.StringValue(tag.Value))
+
+ return nil
+}
+
+func resourceAwsEc2TagDelete(d *schema.ResourceData, meta interface{}) error {
+ conn := meta.(*AWSClient).ec2conn
+ id, _, err := extractResourceIDAndKeyFromEc2TagID(d.Id())
+
+ if err != nil {
+ return err
+ }
+
+ _, err = conn.DeleteTags(&ec2.DeleteTagsInput{
+ Resources: []*string{aws.String(id)},
+ Tags: []*ec2.Tag{
+ {
+ Key: aws.String(d.Get("key").(string)),
+ Value: aws.String(d.Get("value").(string)),
+ },
+ },
+ })
+
+ if err != nil {
+ return fmt.Errorf("error deleting EC2 Tag (%s) on resource (%s): %w", d.Get("key").(string), id, err)
+ }
+
+ return nil
+}

aws/resource_aws_ec2_tag_test.go

@@ -0,0 +1,106 @@
+package aws
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/service/ec2"
+ "github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/terraform"
+)
+
+func TestAccAWSEc2ResourceTag_basic(t *testing.T) {
+ var tag ec2.TagDescription
+
+ resource.ParallelTest(t, resource.TestCase{
+ Providers: testAccProviders,
+ CheckDestroy: testAccCheckVpcDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccProviderConfigIgnoreTagsKeys1("Name") + testAccEc2ResourceTagConfig,
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckEc2ResourceTagExists(
+ "aws_ec2_tag.test", &tag),
+ resource.TestCheckResourceAttr("aws_ec2_tag.test", "key", "Name"),
+ resource.TestCheckResourceAttr("aws_ec2_tag.test", "value", "Hello World"),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccAWSEc2ResourceTag_OutOfBandDelete(t *testing.T) {
+ var tag ec2.TagDescription
+
+ resource.ParallelTest(t, resource.TestCase{
+ Providers: testAccProviders,
+ CheckDestroy: testAccCheckVpcDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccEc2ResourceTagConfig,
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckEc2ResourceTagExists("aws_ec2_tag.test", &tag),
+ testAccCheckResourceDisappears(testAccProvider, resourceAwsEc2Tag(), "aws_ec2_tag.test"),
+ ),
+ ExpectNonEmptyPlan: true,
+ },
+ },
+ })
+}
+
+func testAccCheckEc2ResourceTagExists(n string, tag *ec2.TagDescription) resource.TestCheckFunc {
+ return func(s *terraform.State) error {
+ rs, ok := s.RootModule().Resources[n]
+ if !ok {
+ return fmt.Errorf("Not found: %s", n)
+ }
+
+ if rs.Primary.ID == "" {
+ return fmt.Errorf("No ID is set")
+ }
+
+ id, key, err := extractResourceIDAndKeyFromEc2TagID(rs.Primary.ID)
+ if err != nil {
+ return fmt.Errorf("Error getting ID or key from EC2 tag ID: %s", rs.Primary.ID)
+ }
+ conn := testAccProvider.Meta().(*AWSClient).ec2conn
+ resp, err := conn.DescribeTags(&ec2.DescribeTagsInput{
+ Filters: []*ec2.Filter{
+ {
+ Name: aws.String("resource-id"),
+ Values: []*string{aws.String(id)},
+ },
+ {
+ Name: aws.String("key"),
+ Values: []*string{aws.String(key)},
+ },
+ },
+ })
+
+ if err != nil {
+ return err
+ }
+
+ if len(resp.Tags) == 0 {
+ return fmt.Errorf("No tags found")
+ }
+
+ *tag = *resp.Tags[0]
+ // return fmt.Errorf("Tag found %s => %s", aws.StringValue(tag.Key), aws.StringValue(tag.Value))
+
+ return nil
+ }
+}
+
+const testAccEc2ResourceTagConfig = `
+resource "aws_vpc" "test" {
+ cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_ec2_tag" "test" {
+ resource_id = "${aws_vpc.test.id}"
+ key = "Name"
+ value = "Hello World"
+}
+`

aws/resource_aws_route_table.go

@@ -228,6 +228,7 @@ func resourceAwsRouteTableRead(d *schema.ResourceData, meta interface{}) error {
  }
  d.Set("route", route)
 
+ // Tags
  if err := d.Set("tags", keyvaluetags.Ec2KeyValueTags(rt.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
  return fmt.Errorf("error setting tags: %s", err)
  }

website/aws.erb

@@ -1210,6 +1210,9 @@
  <li>
  <a href="/docs/providers/aws/r/ec2_fleet.html">aws_ec2_fleet</a>
  </li>
+ <li>
+ <a href="/docs/providers/aws/r/ec2_tag.html">aws_ec2_tag</a>
+ </li>
  <li>
  <a href="/docs/providers/aws/r/ec2_traffic_mirror_filter.html">aws_ec2_traffic_mirror_filter</a>
  </li>
@@ -3610,4 +3613,4 @@
  </div>
  <% end %>
  <%= yield %>
-<% end %>
+<% end %>

website/docs/r/ec2_tag.html.markdown

@@ -0,0 +1,33 @@
+---
+subcategory: "EC2"
+layout: "aws"
+page_title: "AWS: aws_ec2_tag"
+description: |-
+ Manages a single tag for a given EC2 resource
+---
+
+# Resource: aws_ec2_tag
+
+Manages an individual tag for a given EC2 resource. This resource should only be used in cases where EC2 resources are created outside Terraform (e.g. AMIs), being shared via Resource Access Manager (RAM), or implicitly created by other means (e.g. Transit Gateway VPN Attachments).
+
+## Example Usage
+
+```hcl
+resource "aws_vpc" "example" {
+ cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_ec2_tag" "example" {
+ resource_id = "${aws_vpc.example.id}"
+ key = "Name"
+ value = "Hello World"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `resource_id` - (Required) The ID of the EC2 resource to manage the tag for.
+* `key` - (Required) The tag name.
+* `value` - (Required) The value of the tag.