Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tags to s3 backend resources #30054

Open
ArtyMaury opened this issue Dec 1, 2021 · 4 comments · May be fixed by #30121
Open

Add tags to s3 backend resources #30054

ArtyMaury opened this issue Dec 1, 2021 · 4 comments · May be fixed by #30121
Labels
backend/s3 enhancement new new issue not yet triaged

Comments

@ArtyMaury
Copy link

Current Terraform Version

1.0.11

Use-cases

In my company we'd like to simplify terraform backend management and use a unique s3 bucket for all projects.
We already have a custom rôle by project, but to secure access by folder we've reached a limit in aws bucket policies.
The best solution would be to tag the s3 objects to better handle access.

Proposal

Looking at the code for remote-state/s3, the tags would work a lot like the current acl work. It would be another option in the s3 backend config with small impact in the client.
https://github.com/hashicorp/terraform/blob/main/internal/backend/remote-state/s3/client.go#L175
@ArtyMaury ArtyMaury added enhancement new new issue not yet triaged labels Dec 1, 2021
@apparentlymart
Copy link
Contributor

Hi @ArtyMaury! Thanks for sharing this use-case.

Assuming you're talking about tagging individual the S3 objects inside buckets rather than the buckets themselves, that does seem like a reasonable use-case to consider but I also wanted to note that if you want to achieve that with Terraform as it exists today then I expect (but have not actually verified) that subsequent writes to the state after you manually add tags via the S3 API should preserve the tags you set, because the S3 backend is writing a new version of the object in-place and isn't currently setting any tags explicitly itself. If you've tried that and found that it didn't work for some reason, please let us know!

@ArtyMaury
Copy link
Author

Hi @apparentlymart

I've just tried and it doesn't work. But I think that but modifying the Put method in the s3 client it will push the tags every time so it should work.
I can try to do a pull request if you're ok.

@ArtyMaury ArtyMaury linked a pull request Dec 9, 2021 that will close this issue
Open
@bjornrog
Copy link

bjornrog commented Apr 21, 2023
edited
Loading

Another use-case for tags on the state object.

We tag resources with git repository information. If we could tag the state object, we could easily locate the correct repository using the given state object tags.

@bschaatsbergen bschaatsbergen marked this as a duplicate of #36285 Jan 14, 2025
@bschaatsbergen bschaatsbergen mentioned this issue Jan 14, 2025
Closed
@KylePeterDavies
Copy link

I don't understand why this has not been implemented as far as I know (and I could be naive) it's just add some extra parameter to the backend to pass to the put object function call with the provided tags when the state file is created. Would you be open to a pull request?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend/s3 enhancement new new issue not yet triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add tags to s3 backend files BouyguesTelecom/terraform
5 participants
@apparentlymart @jbardin @KylePeterDavies @ArtyMaury @bjornrog