[idea] use aws resource groups tagging api to retrieve tags for bulk of resources

[ekristen]

I'm very happy to see this issue already exists, as I was disappointed to see that there are quite a lot of resource types where tags are not fetched. By my very rough count (grep'ing for tag in the resources/ folder) only 127 out of 471 resource types get tags, which is both better (total number) and worse (percentage) than the original rebuy.de version's 117 out of 428.

I would like to suggest that there may be a less time-consuming way to get tags for resource types that don't currently support this. The AWS Resource Groups Tagging API supports many, but not all, AWS services and it's not too hard to get tags for all resources using that API and it would then be possible to merge them into the properties for any resource.

If there's any interest in this, I'd be glad to contribute at least some initial code.

Originally posted by @dupuyarc in https://github.com/ekristen/aws-nuke/issues/118#issuecomment-2043973984

[ekristen]

Original discussion starts https://github.com/ekristen/aws-nuke/issues/118#issuecomment-2043973984

[dupuyarc]

For what it's worth, there are definitely some resources that not only do not support tagging/untagging through the Resource Group tagging API, but are also not reported with that API's get-resources call even when they are tagged.

APIGatewayVpcLink is the one that I have run into, but there are surely more.

[ekristen]

I think for now any tagging support should just follow current patterns. I think there is something here but I think it'll take some time to figure out the best approach. My current thought process is that libnuke should expand the interface type of the Resource, and then existing code could be adapted and we could then indicate if it can get it from the global query or individual query.