Open srgoni opened 3 months ago
Voting for Prioritization
Volunteering to Work on This Issue
This is a really important feature for us, because we deploy our terraform stack into a foreign environment that we have restricted access to. We put tags prefixed with elastio:
on all resources, but we must not restrict our users from putting any extra tags they want on our resources. Howerver, we don't know the tags they are going to put on our resources, in advance. We need a negative filter to say that terraform must manage only tags that start with elastio:
prefix, and maybe some well-known tags like Name
on an EC2 instance.
Description
The AWS provider block supports filtering existing tags on resources, so they are ignored by Terraform via the ignore_tags configuration block. This block accepts explicit keys and key prefixes.
It would be very useful to also ignore tags that don't match a filter list, particularly when some resource can be modified by different scripts or users. For example, one Terraform script may create some baseline VPC infrastructure, and another might deploy an EKS cluster on top. EKS requires some tags on the subnets to assign them to load balancers, but these tags would subsequently be removed by the baseline Terraform script. For EKS, it would suffice to ignore all relevant tags with a
key_prefixes = ["kubernetes.io/"]
filter, but this may not be enough for other cases.As an alternative option, it may also be possible to implement ignore lists with regular expressions (which aren't supported either at the moment).
Affected Resource(s) and/or Data Source(s)
Potential Terraform Configuration
References
No response
Would you like to implement a fix?
None