/awstaga

Python CLI for batch tagging AWS resources

Primary LanguagePythonApache License 2.0Apache-2.0

Avatar

Build Status Security Status Published Version

Awstaga

Awstaga is a Python CLI for tagging AWS resources based on a YAML configuration.

This package is intended as a companion for AWS Tag Editor. While AWS Tag Editor is useful for tagging multiple resources in one go, it has no easy way to re-run the tagging since you have to use the AWS console UI, and its resource filtering capability is quite limited, making it hard to select resources with-more-than basic logic.

Using Awstaga, you can easily re-run the tagging by running the CLI again. And with its support of YAML configuration, it allows you to define multiple tagsets which you can reuse and mix and match with the resources, you can construct your own mapping between the resources and the relevant tags and tagsets. You can generate your own YAML configuration using Python scripts, or any other programming language, allowing you to construct a more complex filtering logic.

Installation

pip3 install awstaga

Usage

Create a configuration file, e.g. awstaga.yaml:

---
tagsets:
  - name: common
    tags:
      - key: CostCentre
        value: FIN-123
      - key: Organisation
        value: World Enterprise
      - key: Description
        value: AWS Resource
  - name: prod
    tags:
      - key: EnvType
        value: prod
      - key: Availability
        value: 24x7
  - name: nonprod
    tags:
      - key: EnvType
        value: non-prod
      - key: Availability
        value: on-demand
resources:
  - arn: 'arn:aws:ssm:ap-southeast-2:123456789012:document/high-avail'
    tags:
      - key: Description
        value: High availability SSM document
    tagsetnames:
      - common
      - prod
  - arn: 'arn:aws:s3:::world-enterprise/development/logo.jpg'
    tags:
      - key: Description
        value: World Enterprise logo
    tagsetnames:
      - common
      - nonprod

And then run awstaga CLI and pass the configuration file path:

awstaga --conf-file awstaga.yaml

It will write the log messages to stdout:

[awstaga] INFO Loading configuration file awstaga.yaml
[awstaga] INFO Loading 3 tagset(s)...
[awstaga] INFO Loading 2 resource(s)...
[awstaga] INFO Adding resource arn:aws:ssm:ap-southeast-2:123456789012:document/high-avail to a batch with tags {'CostCentre': 'FIN-123', 'Organisation': 'World Enterprise', 'Description': 'AWS Resource', 'EnvType': 'prod', 'Availability': '24x7', 'Description': 'High availability SSM document'}
[awstaga] INFO Adding resource arn:aws:s3:::world-enterprise/development/logo.jpg to a batch with tags {'CostCentre': 'FIN-123', 'Organisation': 'World Enterprise', 'Description': 'AWS Resource', 'EnvType': 'prod', 'Availability': '24x7', 'Description': 'World Enterprise logo'}

And if the tagging failed (e.g. due to rate exceeded), it will log the following error messages:

[awstaga] ERROR Failed to apply tags to 1 resource(s):
[awstaga] ERROR arn:aws:ssm:ap-southeast-2:123456789012:document/high-avail: 400 - Throttling - Rate exceeded
[awstaga] ERROR arn:aws:s3:::world-enterprise/development/logo.jpg: 400 - Throttling - Rate exceeded

YAML includes

Awstaga supports YAML includes using , so you can split your configuration into multiple files:

---
tagsets:
  - !include include.d/tagset.yaml
resources: !include include.d/resources.yaml

Include files should be put under `include.d/`` folder relative to the configuration file.

The included tagset file include.d/tagset.yaml:

---
name: common
tags:
  - key: CostCentre
    value: FIN-123
  - key: Organisation
    value: World Enterprise
  - key: Description
    value: AWS Resource

The included resources file include.d/resources.yaml:

---
- arn: 'arn:aws:ssm:ap-southeast-2:123456789012:document/high-avail'
  tags:
    - key: Description
      value: High availability SSM document
  tagsetnames:
    - common
    - prod
- arn: 'arn:aws:s3:::world-enterprise/development/logo.jpg'
  tags:
    - key: Description
      value: World Enterprise logo
  tagsetnames:
    - common
    - nonprod

Dry run

You can also run Awstaga in dry-run mode by adding --dry-run flag:

awstaga --conf-file awstaga.yaml --dry-run

During dry-run mode, Awstaga log messages will be labeled with [dry-run]:

[dry-run] [awstaga] INFO Loading configuration file awstaga.yaml
[dry-run] [awstaga] INFO Loading 3 tagset(s)...
[dry-run] [awstaga] INFO Loading 2 resource(s)...
[dry-run] [awstaga] INFO Adding resource arn:aws:ssm:ap-southeast-2:123456789012:document/high-avail to a batch with tags {'CostCentre': 'FIN-123', 'Organisation': 'World Enterprise', 'Description': 'AWS Resource', 'EnvType': 'prod', 'Availability': '24x7', 'Description': 'High availability SSM document'}

Batch size

In order to optimise the number of API calls, resources with identical tags are put into batches. By default, the batch size is 5. You can run Awstaga with a custom batch size --batch-size <number> flag:

awstaga --conf-file awstaga.yaml --batch-size 10

Delay

In order to avoid rate exceeded error, you can run Awstaga with a custom delay --delay <number> flag:

awstaga --conf-file awstaga.yaml --delay 5

By default, the delay is 2 seconds. The delay is applied between each batch of tagging API calls.

Please note that AWS limits the number of tagging API (tag_resources) calls to maximum of 5 calls per second.

Configuration

These are the configuration properties that you can use with awstaga CLI. Some example configuration files are available on examples folder.

Property Type Description Example
tagsets[] Array A list of one or more tagsets. Any tagset can be associated with any resource, and the resource will include the tags specified in the tagset.
tagsets[].name String The name of the tagset. common
tagsets[].tags[] Array A list of one or more key-value pair tags within the tagset.
tagsets[].tags[].key String The tag key. CostCentre
tagsets[].tags[].value String The tag value. FIN-123
resources[] Array A list of one or more AWS resources. Each of the resource has a corresponding list of tags, along with the tags from tagsets.
resources[].arn String AWS resource ARN. arn:aws:s3:::world-enterprise/development/logo.jpg
resources[].tags[] Array A list of one or more key-value pair tags of the resource.
resources[].tags[].key String The tag key. Description
resources[].tags[].value String The tag value. Some description
resources[].tagsetnames[] Array A list of one or more tagset names. All tags within the tagsets specified are included in the resource.

Permissions

The AWS credentials used to run awstaga CLI must have the following permissions:

  • Permission to use AWS Resource Groups API
  • Permission to tag resources for individual AWS services that you want to tag

Colophon

Developer's Guide

Build reports: