Merge pull request #86 from EFXCIA/feature/more-tagging

Adding tags to SG & S3 of vault-cluster and SG of vault-elb
hashicorp · Aug 21, 2018 · e5f26ba · e5f26ba
2 parents e94e302 + f783a50
commit e5f26ba
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 9 deletions.
diff --git a/modules/vault-cluster/main.tf b/modules/vault-cluster/main.tf
@@ -88,9 +88,7 @@ resource "aws_security_group" "lc_security_group" {
     create_before_destroy = true
   }
 
-  tags {
-    Name = "${var.cluster_name}"
-  }
+  tags = "${merge(map("Name", var.cluster_name), var.security_group_tags)}"
 }
 
 resource "aws_security_group_rule" "allow_ssh_inbound_from_cidr_blocks" {
@@ -189,9 +187,10 @@ resource "aws_s3_bucket" "vault_storage" {
   bucket        = "${var.s3_bucket_name}"
   force_destroy = "${var.force_destroy_s3_bucket}"
 
-  tags {
-    Description = "Used for secret storage with Vault. DO NOT DELETE this Bucket unless you know what you are doing."
-  }
+  tags = "${merge(
+    map("Description", "Used for secret storage with Vault. DO NOT DELETE this Bucket unless you know what you are doing."),
+    var.s3_bucket_tags)
+  }"
 }
 
 resource "aws_iam_role_policy" "vault_s3" {

diff --git a/modules/vault-cluster/variables.tf b/modules/vault-cluster/variables.tf
@@ -81,6 +81,12 @@ variable "additional_security_group_ids" {
   default     = []
 }
 
+variable "security_group_tags" {
+  description = "Tags to be applied to the LC security group"
+  type        = "map"
+  default     = {}
+}
+
 variable "cluster_tag_key" {
   description = "Add a tag with this key and the value var.cluster_name to each Instance in the ASG."
   default     = "Name"
@@ -181,6 +187,12 @@ variable "s3_bucket_name" {
   default     = ""
 }
 
+variable "s3_bucket_tags" {
+  description = "Tags to be applied to the S3 bucket."
+  type        = "map"
+  default     = {}
+}
+
 variable "force_destroy_s3_bucket" {
   description = "If 'configure_s3_backend' is enabled and you set this to true, when you run terraform destroy, this tells Terraform to delete all the objects in the S3 bucket used for backend storage. You should NOT set this to true in production or you risk losing all your data! This property is only here so automated tests of this module can clean up after themselves. Only used if 'enable_s3_backend' is set to true."
   default     = false

diff --git a/modules/vault-elb/main.tf b/modules/vault-elb/main.tf
@@ -38,7 +38,7 @@ resource "aws_elb" "vault" {
     timeout             = "${var.health_check_timeout}"
   }
 
-  tags = "${merge(map("Name", var.name), var.lb_tags)}"
+  tags = "${merge(var.load_balancer_tags, map("Name", var.name))}"
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -58,6 +58,8 @@ resource "aws_security_group" "vault" {
   name        = "${var.name}-elb"
   description = "Security group for the ${var.name} ELB"
   vpc_id      = "${var.vpc_id}"
+
+  tags = "${var.security_group_tags}"
 }
 
 resource "aws_security_group_rule" "allow_inbound_api" {

diff --git a/modules/vault-elb/variables.tf b/modules/vault-elb/variables.tf
@@ -116,7 +116,13 @@ variable "health_check_timeout" {
   default     = 5
 }
 
-variable "lb_tags" {
-  description = "Tags to be applied to the load balancer."
+variable "load_balancer_tags" {
+  description = "Tags to be applied to the ELB."
+  default     = {}
+}
+
+variable "security_group_tags" {
+  description = "Tags to be applied to the ELB security group."
+  type        = "map"
   default     = {}
 }