0

I am trying to tag 1000+ aws resources in various regions. For new resources to be created, I have implemented Tagging Policy(SCP's). But for existing resources, what approach shall I follow?

I have come up with following approach:

  1. Use AWS Resource Explorer Service to find all untagged resources in all regions.

  2. A python script to tag all resources associated with a specific service. (NOTE: I had worked on a script long time ago to find resources associated with instances and align tags to them(if tags not present)) Reference: TagResourcesAssociatedWithEC2Instance

  3. The above script can be leveraged and can be used with other resources (RDS, Route53, ECS .,etc.)

Problem with the above approach is that it would take a considerable amount of time to identify all the resources associated to each other logically.

Is there any faster way to segregate all resources based on tag "Environment" or "Owner" and also tag all the resources with a predefined set of tags?

I have tried following:

Python scripts to identify untagged resources, associate tags to resources aligned with each service. List all resources in account -> check for tags. But problem was that I couldn't find the interdependant relation only base on ARN.

kbya2005
  • 3
  • 2
  • 1
    Are your resources not created / managed by some IaC tool like Cloudformation or Terraform? – luk2302 Feb 17 '23 at 09:47
  • Now the resources are created/managed by terraform, but before that, all resources were manually provisioned. – kbya2005 Feb 17 '23 at 09:49
  • 2
    Then I would suggest to tag the resources in terraform and deploy them again, that should add all the tags. Otherwise if you manually add them terraform would remove them during the next deployment anyway. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging – luk2302 Feb 17 '23 at 09:54
  • Unfortunately, I cannot remove/terminate the existing resources. I thought of creating resource groups to segregate all resources, that's why I wanted to tag all resources with tags such as {environment: prod|dev|test} or {ApplicationType: Microservice} so that I can manage all the resources. – kbya2005 Feb 17 '23 at 11:46
  • Yes, you should not remove resource, you need to change your terraform code to include the tags, that is way easier than tagging the resources in AWS manually. – luk2302 Feb 17 '23 at 12:03

1 Answers1

1

Since you mentioned you are using Terraform to deploy your resources, then in your Terraform code, you need to specify a default_tags setting in the AWS provider block. After adding that, you simply need to run terraform apply again and Terraform will add those default tags to every AWS resource managed by Terraform.

Mark B
  • 183,023
  • 24
  • 297
  • 295