hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.81k stars 9.16k forks source link

Need Ability to Add Tags to Organizations Role Created with the Resource "aws_organizations_account" #30159

Open mliac7 opened 1 year ago

mliac7 commented 1 year ago

Description

Please add a resource to tag aws_iam_roles, similar to the "aws_ec2_tag" resource that allows us to manage tags for EC2 resources created outside of Terraform. We specifically need this "aws_iam_role_tag" so we can tag the Organizations role created with the resource "aws_organizations_account". Could you please add this resource or share if the solution already exists?

Requested Resource(s) and/or Data Source(s)

aws_iam_role_tag

Potential Terraform Configuration

resource "aws_iam_role_tag" "example" {
  resource_id = aws_iam_role.example.id
  key         = "Name"
  value       = "Hello World"
}

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

good92 commented 1 year ago

ref: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag

It could be useful for others to change the title of your issue. § Done

Workaround: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role#tags

resource "aws_iam_role" "test_role" {
  name = "test_role"

  # Terraform's "jsonencode" function converts a
  # Terraform expression result to valid JSON syntax.
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })

  tags =var.tags
}
mliac7 commented 1 year ago

hi @good92 - thank you for your response. how would this work for the organizations role created with the aws_organizations_account resource? we have quite a large organization and importing the org role for each account as a aws_iam_role resource wouldn't be an ideal solution if we can avoid it

good92 commented 1 year ago

Your are not alone for this: https://github.com/hashicorp/terraform-provider-aws/issues/30240