search

terraform-aws-modules / terraform-aws-atlantis

Terraform module to deploy Atlantis on AWS Fargate πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/atlantis/aws
Apache License 2.0
520 stars 351 forks source link

Tags not propogating to tasks #405

Open hannahgreene opened 2 weeks ago

hannahgreene commented 2 weeks ago

Description

We are using the tags flag to propagate tags to all resources created by the module. The cluster and task definitions are being properly tagged but the task itself isn't getting any tags. According to the documentation, all tags should be added to all resources. How can I get these tags on the task itself?

Versions

Reproduction Code

locals {
  additional_ingress_cidr_blocks = [***]
  common_tags = {
    environment = ***
    product     = ***
    visibility  = "private"
    source      = ***
    team        = ***
    service     = ***
  }
  zone_name = ***
}

module "atlantis" {
  source  = "terraform-aws-modules/atlantis/aws"
  version = "3.8.0"
  name    = "atlantis-${var.project_name}"

  vpc_id             = var.vpc_id
  private_subnet_ids = var.private_subnet_ids
  public_subnet_ids  = var.public_subnet_ids

  route53_zone_name = local.zone_name

  atlantis_github_user             = var.github_user
  atlantis_github_user_token       = ***
  atlantis_hide_prev_plan_comments = "true"
  atlantis_repo_allowlist          = var.github_repo_allow_list
  atlantis_image                   = "${var.atlantis_image}:${var.atlantis_version}"
  atlantis_version                 = var.atlantis_version

  allow_repo_config       = "true"
  alb_ingress_cidr_blocks = concat([for ip in data.github_ip_ranges.ranges.hooks : ip if length(regexall("([0-9]{1,3}\\.){3}[0-9]{1,3}($|\\/([0-9]+))", ip)) > 0], local.additional_ingress_cidr_blocks)

  custom_environment_variables = concat(
    [
      {
        name : "ATLANTIS_CHECKOUT_STRATEGY",
        value : "merge",
      },
      {
        name : "ATLANTIS_DEFAULT_TF_VERSION",
        value : var.default_tf_version,
      },
      {
        name : "ATLANTIS_GH_ALLOW_MERGEABLE_BYPASS_APPLY",
        value : "true"
      },
      {
        name : "ATLANTIS_USE_TF_PLUGIN_CACHE",
        value : "false"
      },
    ],
    var.additional_environment_variables,
  )

  custom_environment_secrets = var.additional_environment_secrets

  ecs_task_cpu                 = var.ecs_task_cpu
  ecs_task_memory              = var.ecs_task_memory
  container_memory             = var.container_memory
  container_memory_reservation = var.container_memory_reservation

  policies_arn = ***

  webhook_ssm_parameter_name                    = ***
  atlantis_github_user_token_ssm_parameter_name = ***

  tags = local.common_tags

  enable_ephemeral_storage = var.enable_ephemeral_storage
}

Expected behavior

Actual behavior

Terminal Output Screenshot(s)

Additional context

bryantbiggs commented 2 weeks ago

I would suggest using the latest version of the module, at least v4.x of some flavor - even if there was an issue with the v3.x version, we don't have a way to go back apply changes (backport changes so to speak)

remiflament commented 1 week ago

You need to activate the attribute propagate_tags on the service resource.

Be aware that the console doesn't include this attribut. Only the AWS CLI can change this if you run an update-service command aws ecs update-service --cluster xxxx --service xxxxx --force-new-deployment --propagate-tags SERVICE

This module includes the attribute under service.propagate_tags

remiflament commented 1 week ago

We probably need to add a warning on the variable tags.