AWS Amazon EC2 Tag
This page shows how to write Terraform for Amazon EC2 Tag and write them securely.
aws_ec2_tag (Terraform)
The Tag in Amazon EC2 can be configured in Terraform with the resource name aws_ec2_tag
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_ec2_tag" "mytagS0" {
resource_id = module.vpc.public_subnets[0]
key = "Name"
value = "instances_samples"
}
resource "aws_ec2_tag" "mytagS1" {
resource "aws_ec2_tag" "vpc_tag" {
resource_id = var.vpc_id
key = var.cluster_name
value = "shared"
}
Parameters
-
id
optional computed - string -
key
required - string -
resource_id
required - string -
value
required - string
Explanation in Terraform Registry
Manages an individual EC2 resource tag. This resource should only be used in cases where EC2 resources are created outside Terraform (e.g., AMIs), being shared via Resource Access Manager (RAM), or implicitly created by other means (e.g., Transit Gateway VPN Attachments).
NOTE: This tagging resource should not be combined with the Terraform resource for managing the parent resource. For example, using
aws_vpc
andaws_ec2_tag
to manage tags of the same VPC will cause a perpetual difference where theaws_vpc
resource will try to remove the tag being added by theaws_ec2_tag
resource. NOTE: This tagging resource does not use the providerignore_tags
configuration.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
CloudFormation Example
CloudFormation code does not have the related resource.
Frequently asked questions
What is AWS Amazon EC2 Tag?
AWS Amazon EC2 Tag is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform.
Where can I find the example code for the AWS Amazon EC2 Tag?
For Terraform, the rubenivanyan/epam_final_project and streamnative/terraform-aws-cloud source code examples are useful. See the Terraform Example section for further details.