Terratag is brought to you with ❤️ by
Let your team manage their own environment in AWS, Azure and Google.
Governed by your policies and with complete visibility and cost management.
Terratag is a CLI tool allowing for tags or labels to be applied across an entire set of Terraform files. Terratag will apply tags or labels to any AWS, GCP and Azure resources.
Maintaining tags across your application is hard, especially when done manually. Terratag enables you to easily add tags to your existing IaC and benefit from some cross-resource tag applications you wish you had thought of when you had just started writing your Terraform, saving you tons of time and making future updates easy. Read more on why tagging is important.
- Terraform 0.11, 0.12 or 0.13
-
Install from homebrew:
➜ brew install env0/terratag/terratag
Or download the latest release binary .
-
Initialize Terraform modules to get provider schema and pull child modules:
terraform init
-
Run Terratag
terratag -dir=foo/bar -tags={\"environment_id\": \"prod\"}
Terratag supports the following arguments:
-dir
- optional, the directory to recursively search for any.tf
file and try to terratag it.-tags
- tags, as valid JSON (NOT HCL)-skipTerratagFiles
- optional. Default totrue
. Skips any previously tagged - (files withterratag.tf
suffix)
|- aws.tf
|- gcp.tf
# aws.tf
provider "aws" {
version = "~> 2.0"
region = "us-east-1"
}
resource "aws_s3_bucket" "b" {
bucket = "my-tf-test-bucket"
acl = "private"
tags {
Name = "My bucket"
}
}
#gcp.tf
resource "google_storage_bucket" "static-site" {
name = "image-store.com"
location = "EU"
force_destroy = true
bucket_policy_only = true
website {
main_page_suffix = "index.html"
not_found_page = "404.html"
}
cors {
origin = ["http://image-store.com"]
method = ["GET", "HEAD", "PUT", "POST", "DELETE"]
response_header = ["*"]
max_age_seconds = 3600
}
labels = {
"foo" = "bar"
}
}
Running terratag -tags={\"env0_environment_id\":\"dev\",\"env0_project_id\":\"clientA\"}
will output:
|- aws.terratag.tf
|- gcp.terratag.tf
|- aws.tf.bak
|- gcp.tf.bak
# aws.terratag.tf
provider "aws" {
version = "~> 2.0"
region = "us-east-1"
}
resource "aws_s3_bucket" "b" {
bucket = "my-tf-test-bucket"
acl = "private"
tags = merge( map("Name", "My bucket" ), local.terratag_added_main)
}
locals {
terratag_added_main = {"env0_environment_id"="dev","env0_project_id"="clientA"}
}
# gcp.terratag.tf
resource "google_storage_bucket" "static-site" {
name = "image-store.com"
location = "EU"
force_destroy = true
bucket_policy_only = true
website {
main_page_suffix = "index.html"
not_found_page = "404.html"
}
cors {
origin = ["http://image-store.com"]
method = ["GET", "HEAD", "PUT", "POST", "DELETE"]
response_header = ["*"]
max_age_seconds = 3600
}
labels = merge( map("foo" , "bar"), local.terratag_added_main)
}
locals {
terratag_added_main = {"env0_environment_id"="dev","env0_project_id"="clientA"}
}
See more samples here
- Resources already having the exact same tag as the one being appended will be overridden
Issues and Pull Requests are very welcome!
- Go > 1.13.5
git clone https://github.com/env0/terratag
go get
go build
The test suite will look for fixtures under test/fixtures/terraform_xx
.
Each fixture placed there should have the following directory structure:
my_fixture
|+ input
... // any depth under /input
|- main.tf // this is where we will run all terraform/terratag commands
|- expected
input
is where you should place the terraform files of your fixture.
All commands will be executed wherever down the hierarchy wheremain.tf
is located.
We do that to allow cases where complex nested submodule resolution may take place, and one would like to test how a directory higher up the hierarchy gets resolved.expected
is a directory in which all.terratag.tf
files will be matched with the output directory
Each test will run:
terraform init
terratag
terraform validate
And finally, will compare the results in out
with the expected
directory
Focus on a particular Terraform version:
go test -run TestTerraformXX