Merge pull request #64 from zoitech/fix/vpc-flow-log-tags

Add variable to tag VPC flow logs
zoitech · Sep 27, 2024 · ee460dc · ee460dc
2 parents aa4931d + 3ce938b
commit ee460dc
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 10 deletions.
diff --git a/changelog.md b/changelog.md
@@ -1,3 +1,7 @@
+## 2.6.1
+ENHANCEMENTS:
+* Add variables to tag VPC flow log resources
+
 ## 2.6.0
 ENHANCEMENTS:
 * VPC flow logs support

diff --git a/variables.tf b/variables.tf
@@ -530,4 +530,16 @@ variable "vpc_flow_log_kms_key_arn" {
   description = "KMS Key ARN to encrypt either the bucket or CW log group to store VPC flow logs. KMS policy must allow access to principal delivery.logs.amazonaws.com or logs.<region>.amazonaws.com, depending the case"
   type        = string
   default     = ""
+}
+
+variable "vpc_flow_logs_tags" {
+  description = "Tags to add to the VPC flow logs"
+  type        = map(string)
+  default     = {}
+}
+
+variable "vpc_flow_logs_storage_tags" {
+  description = "Tags to add to S3 bucket and/or CW log group deployed for the VPC flow logs"
+  type        = map(string)
+  default     = {}
 }
diff --git a/vpc_flow_logs.tf b/vpc_flow_logs.tf
@@ -4,11 +4,7 @@ resource "aws_s3_bucket" "bucket" {
   count = var.vpc_flow_log_bucket_name != "" ? 1 : 0
 
   bucket = var.vpc_flow_log_bucket_name
-  tags = {
-    "Name"     = var.vpc_flow_log_bucket_name,
-    "role"     = "storage"
-    "creation" = "terraform"
-  }
+  tags   = merge({ Name = var.vpc_flow_log_bucket_name }, var.vpc_flow_logs_storage_tags)
 }
 
 data "aws_iam_policy_document" "s3_bucket_policy_doc" {
@@ -114,6 +110,8 @@ resource "aws_flow_log" "flow_log_s3" {
   traffic_type         = var.vpc_flow_log_traffic_type
   vpc_id               = aws_vpc.main.id
   log_format           = var.vpc_flow_log_custom_format != "" ? var.vpc_flow_log_custom_format : null
+  tags                 = var.vpc_flow_logs_tags
+
   destination_options {
     file_format        = "parquet"
     per_hour_partition = true
@@ -128,11 +126,7 @@ resource "aws_cloudwatch_log_group" "cw_log" {
   name              = var.vpc_flow_log_cw_log_group_name
   retention_in_days = var.vpc_flow_log_retention_period
   kms_key_id        = var.vpc_flow_log_kms_key_arn != "" ? var.vpc_flow_log_kms_key_arn : null
-  tags = {
-    "Name"     = var.vpc_flow_log_cw_log_group_name,
-    "role"     = "storage"
-    "creation" = "terraform"
-  }
+  tags              = merge({ Name = var.vpc_flow_log_cw_log_group_name }, var.vpc_flow_logs_storage_tags)
 }
 
 data "aws_iam_policy_document" "assume_role" {
@@ -210,4 +204,5 @@ resource "aws_flow_log" "flow_log_cw" {
   traffic_type         = var.vpc_flow_log_traffic_type
   vpc_id               = aws_vpc.main.id
   log_format           = var.vpc_flow_log_custom_format != "" ? var.vpc_flow_log_custom_format : null
+  tags                 = var.vpc_flow_logs_tags
 }