Allow tagging resources from the main module

Bit-Doctor · Bit-Doctor · commit 0e1df3f9e260 · 2023-12-19T14:48:49.000+01:00
diff --git a/main.tf b/main.tf
@@ -4,6 +4,7 @@ module "vpc" {
   source = "./modules/vpc"
 
   enable_ssm_vpc_endpoint = var.enable_ssm && var.enable_ssm_vpc_endpoint
+  tags                    = var.tags
 }
 
 module "user_data" {
@@ -20,4 +21,5 @@ module "instance" {
   user_data            = module.user_data.install_sh
   iam_instance_profile = var.instance_profile_name
   subnet_id            = module.vpc.private_subnet.id
+  tags                 = var.tags
 }
diff --git a/modules/agentless-scanner-role/main.tf b/modules/agentless-scanner-role/main.tf
@@ -82,7 +82,8 @@ resource "aws_iam_role_policy_attachment" "attachment" {
 }
 
 resource "aws_iam_role_policy_attachment" "ssm-attachment" {
-  count      = var.enable_ssm ? 1 : 0
+  count = var.enable_ssm ? 1 : 0
+
   policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
   role       = aws_iam_role.role.name
 }
diff --git a/modules/agentless-scanner-role/variables.tf b/modules/agentless-scanner-role/variables.tf
@@ -28,14 +28,14 @@ variable "kms_key_arn" {
   default     = null
 }
 
-variable "tags" {
-  description = "A map of additional tags to add to the IAM role/profile created"
-  type        = map(string)
-  default     = {}
-}
-
 variable "enable_ssm" {
   description = "Whether to enable AWS SSM to facilitate executing troubleshooting commands on the instance"
   type        = bool
   default     = false
+}
+
+variable "tags" {
+  description = "A map of additional tags to add to the IAM role/profile created"
+  type        = map(string)
+  default     = {}
 }
diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf
@@ -10,14 +10,14 @@ variable "cidr" {
   default     = "10.0.0.0/16"
 }
 
+variable "enable_ssm_vpc_endpoint" {
+  description = "Whether to enable AWS SSM VPC endpoint"
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A map of additional tags to add to the instance/volume created"
   type        = map(string)
   default     = {}
 }
-
-variable "enable_ssm_vpc_endpoint" {
-  description = "Whether to enable AWS SSM VPC endpoint"
-  type        = bool
-  default     = false
-}
diff --git a/variables.tf b/variables.tf
@@ -38,4 +38,10 @@ variable "enable_ssm_vpc_endpoint" {
   description = "Whether to enable AWS SSM VPC endpoint (only applicable if enable_ssm is true)"
   type        = bool
   default     = true
+}
+
+variable "tags" {
+  description = "A map of additional tags to add to the IAM role/profile created"
+  type        = map(string)
+  default     = {}
 }

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ module "vpc" {`
`4`	`4`	`source = "./modules/vpc"`
`5`	`5`
`6`	`6`	`enable_ssm_vpc_endpoint = var.enable_ssm && var.enable_ssm_vpc_endpoint`
	`7`	`+ tags = var.tags`
`7`	`8`	`}`
`8`	`9`
`9`	`10`	`module "user_data" {`
`@@ -20,4 +21,5 @@ module "instance" {`
`20`	`21`	`user_data = module.user_data.install_sh`
`21`	`22`	`iam_instance_profile = var.instance_profile_name`
`22`	`23`	`subnet_id = module.vpc.private_subnet.id`
	`24`	`+ tags = var.tags`
`23`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,8 @@ resource "aws_iam_role_policy_attachment" "attachment" {`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`resource "aws_iam_role_policy_attachment" "ssm-attachment" {`
`85`		`- count = var.enable_ssm ? 1 : 0`
	`85`	`+ count = var.enable_ssm ? 1 : 0`
	`86`	`+`
`86`	`87`	`policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"`
`87`	`88`	`role = aws_iam_role.role.name`
`88`	`89`	`}`