Terratag: Manage your cloud resource tags efficiently across terraform modules in Azure
Introduction
What is Terratag ?
It is a CLI tool that will help you to apply tags across all of the Terraform files.
The best thing is you can use this tool for all popular public cloud providers like Azure, AWS, GCP.
To begin with, for those who want to have foundational knowledge about this CLI tool, please visit the below article.
Note: It is assumed that you have prior knowledge of terraform.
Installation of Terratag :-
As from the official website you can install the CLI tool for both Linux and windows.
I have downloaded the Terratag binary for windows and store it in the folder, which was already added in the system environment variable.
Now here, I will demonstrate the use of Terratag in modular structure in Azure terraform. First, let’s take a look at the tf files hierarchy.
From above we can see that 3 modules have been created. Which are resource group, network, and network security group module. “Terraform file which contains code is only added in the above structure.”
In this scenario, we are applying tags to all cloud resources at the Root level module.
One question that can arise in someone’s mind is why do we need this, the answer is when you are dealing with 4–5 modules, it’s no big deal to manage tags. But when we have 15–20 modules or more modules will be added in the future at that point automatic tag assignment will be heaven to us.
Before going for implementation let’s just take a quick look at the code.
The following module describes the resource group resource.
# modules/resource_group/main.tf
#-------------------------
# Create a resource group
#-------------------------
resource "azurerm_resource_group" "rg" {
name = "DEV-RG01"
location = "East US"
}The following module describes the network security group resource.
# modules/network_security_group/main.tf
#-------------------------------------------------------
# network security group configuration is specified here.
#-------------------------------------------------------
resource "azurerm_network_security_group" "nsg1" {
name = "NetworkSecurityGroup1"
location = "East US"
resource_group_name = "DEV-RG01" security rule {
name = "port_80"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "80"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
The following module describes the virtual network resource.
# modules/virtual_network/main.tf
#-------------------------------------------------
# virtual network configuration is specified here.
#--------------------------------------------------
resource "azurerm_virtual_network" "vnet" {
name = "prod-vnet1"
address_space = ["10.30.0.0/16"]
location = "East US"
resource_group_name = "DEV-RG01"
}resource "azurerm_subnet" "internal" {
name = "internal_subnet"
address_prefixes = ["10.30.2.0/24"]
resource_group_name = "DEV-RG01"
virtual_network_name = azurerm_virtual_network.vnet.name
}resource "azurerm_subnet_network_security_group_association" "nsga1" {
subnet_id = azurerm_subnet.internal.id
network_security_group_id = var.nsg_id
depends on = [azurerm_subnet.internal]
}
First step is to perform terraform init operation.
After performing initialization all provider schema and child modules will be pulled. Now we will run the terratag command to apply tags across all child modules.
terratag -tags='{"ENV": "DEV"}' -rename=false- -tags = tags, as valid JSON Format.
- -rename=false — Instead of replacing all files named <original_name>.tf with <original_name>.terratag.tf, here flag will keep the original filename.
before going any further let’s see what’s happening behind the scenes after running terratag. You will notice here locals are used for tagging all resources and our original tf file is backup with .bak extension.
Now tags are added to all child modules, next, we will perform a dry run with terraform plan command and deploy the resources into azure with terraform apply command.
Final, we can check in the Azure portal to verify tags added to all resources.
- Resource Group Resource
2. Network Security Group Resource
3. Virtual Network Resource
Full GitHub repo of above code is available below:-
It’s always great to learn and explore something new, in IaaC there are still so many blockades that we need to solve to get higher efficiency in the automation process.
If you’d like to read more about IaaC Tools or Popular Terraform wrappers, Just let me know in the comments. Thanks for reading!
