Core logging default tags

Author: markgov

terraform/environments/core-logging/providers.tf

@@ -4,12 +4,14 @@ provider "aws" {
   assume_role {
     role_arn = "arn:aws:iam::${local.environment_management.account_ids[terraform.workspace]}:role/ModernisationPlatformAccess"
   }
+  default_tags { tags = local.tags }
 }
 
 # AWS provider for the Modernisation Platform, to get things from there if required
 provider "aws" {
   alias  = "modernisation-platform"
   region = "eu-west-2"
+  default_tags { tags = local.tags }
 }
 
 provider "aws" {
@@ -18,6 +20,7 @@ provider "aws" {
   assume_role {
     role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-logging-production"]}:role/ModernisationPlatformAccess"
   }
+  default_tags { tags = local.tags }
 }
 
 # AWS provider for core-network-services to get the Transit Gateway attachment
@@ -27,4 +30,5 @@ provider "aws" {
   assume_role {
     role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/ModernisationPlatformAccess"
   }
+  default_tags { tags = local.tags }
 }

terraform/environments/core-logging/r53_logs.tf

@@ -8,19 +8,19 @@ locals {
 resource "aws_route53_resolver_query_log_config" "s3" {
   name            = format("%s-rlq-s3", local.application_name)
   destination_arn = aws_s3_bucket.logging["r53-resolver-logs"].arn
-  tags            = local.tags
+  tags            = {}
 }
 
 resource "aws_route53_resolver_query_log_config" "cloudwatch" {
   name            = format("%s-rlq-cloudwatch", local.application_name)
   destination_arn = aws_cloudwatch_log_group.r53_resolver_logs.arn
-  tags            = local.tags
+  tags            = {}
 }
 
 resource "aws_ram_resource_share" "resolver_query_share" {
   allow_external_principals = false
   name                      = format("%s-resolver-log-query-share", local.application_name)
-  tags                      = local.tags
+  tags                      = {}
 }
 
 resource "aws_ram_resource_association" "resolver_query_share" {
@@ -38,15 +38,15 @@ resource "aws_cloudwatch_log_group" "r53_resolver_logs" {
   kms_key_id        = aws_kms_key.r53_resolver_logs.arn
   name_prefix       = "r53-resolver-logs"
   retention_in_days = 365
-  tags              = local.tags
+  tags              = {}
 }
 
 resource "aws_kms_key" "r53_resolver_logs" {
   description         = "KMS key used to encrypt R53 Resolver Logs CloudWatch log group"
   enable_key_rotation = true
   multi_region        = true
   policy              = data.aws_iam_policy_document.r53_resolver_logs_kms.json
-  tags                = local.tags
+  tags                = {}
 }
 
 data "aws_iam_policy_document" "r53_resolver_logs_kms" {
@@ -113,20 +113,20 @@ resource "aws_cloudwatch_metric_alarm" "r53_dns_firewall_alarm" {
   statistic           = "Sum"
   threshold           = "1"
   alarm_actions       = [aws_sns_topic.r53_dns_firewall.arn]
-  tags                = local.tags
+  tags                = {}
 }
 
 resource "aws_sns_topic" "r53_dns_firewall" {
   name              = "r53-dns-firewall-sns-topic"
   kms_master_key_id = aws_kms_key.r53_dns_firewall.key_id
-  tags              = local.tags
+  tags              = {}
 }
 
 resource "aws_kms_key" "r53_dns_firewall" {
   description         = "KMS key for DNS Firewall SNS Topic Encryption"
   enable_key_rotation = true
   policy              = data.aws_iam_policy_document.r53_dns_firewall_kms_policy.json
-  tags                = local.tags
+  tags                = {}
 }
 
 resource "aws_kms_alias" "r53_dns_firewall" {

terraform/environments/core-logging/s3_logging.tf

@@ -217,7 +217,7 @@ module "s3-bucket-cloudtrail" {
     }
   ]
   log_bucket = module.s3-bucket-cloudtrail-logging.bucket.id
-  tags       = local.tags
+  tags       = {}
 }
 # Allow access to the bucket from the MoJ root account
 # Policy extrapolated from:
@@ -344,5 +344,5 @@ module "s3-bucket-cloudtrail-logging" {
     }
   ]
 
-  tags = local.tags
+  tags = {}
 }