From 2ab6286dc235f1ddf9578b37d8cabd93e058cd9c Mon Sep 17 00:00:00 2001
From: Ivan Sukhomlyn <ivan.sukhomlyn@ringteam.com>
Date: Tue, 27 Apr 2021 00:30:22 +0300
Subject: [PATCH] improvement: add tags to IAM resources like policy, instance
 profile, oidc provider

---
 README.md                  | 4 ++--
 cluster.tf                 | 1 +
 docs/autoscaling.md        | 1 +
 irsa.tf                    | 7 +++++++
 versions.tf                | 2 +-
 workers.tf                 | 1 +
 workers_launch_template.tf | 1 +
 7 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 42b1279612..e05d8f565c 100644
--- a/README.md
+++ b/README.md
@@ -145,7 +145,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.22.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.35.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 1.11.1 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.4 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.1 |
@@ -156,7 +156,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.22.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.35.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 1.11.1 |
 | <a name="provider_local"></a> [local](#provider\_local) | >= 1.4 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2.1 |
diff --git a/cluster.tf b/cluster.tf
index d8ffa66a1e..4306db3073 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -170,6 +170,7 @@ resource "aws_iam_policy" "cluster_elb_sl_role_creation" {
   description = "Permissions for EKS to create AWSServiceRoleForElasticLoadBalancing service-linked role"
   policy      = data.aws_iam_policy_document.cluster_elb_sl_role_creation[0].json
   path        = var.iam_path
+  tags        = var.tags
 }
 
 resource "aws_iam_role_policy_attachment" "cluster_elb_sl_role_creation" {
diff --git a/docs/autoscaling.md b/docs/autoscaling.md
index 28d737f418..c5ba615433 100644
--- a/docs/autoscaling.md
+++ b/docs/autoscaling.md
@@ -21,6 +21,7 @@ resource "aws_iam_policy" "worker_autoscaling" {
   description = "EKS worker node autoscaling policy for cluster ${module.my_cluster.cluster_id}"
   policy      = data.aws_iam_policy_document.worker_autoscaling.json
   path        = var.iam_path
+  tags        = var.tags
 }
 
 data "aws_iam_policy_document" "worker_autoscaling" {
diff --git a/irsa.tf b/irsa.tf
index 63a19871b5..9c5d653a25 100644
--- a/irsa.tf
+++ b/irsa.tf
@@ -12,4 +12,11 @@ resource "aws_iam_openid_connect_provider" "oidc_provider" {
   client_id_list  = [local.sts_principal]
   thumbprint_list = [var.eks_oidc_root_ca_thumbprint]
   url             = flatten(concat(aws_eks_cluster.this[*].identity[*].oidc.0.issuer, [""]))[0]
+
+  tags = merge(
+    {
+      Name = "${var.cluster_name}-eks-irsa"
+    },
+    var.tags
+  )
 }
diff --git a/versions.tf b/versions.tf
index f7aaf8d90c..f2e5431970 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.13.1"
 
   required_providers {
-    aws        = ">= 3.22.0"
+    aws        = ">= 3.35.0"
     local      = ">= 1.4"
     null       = ">= 2.1"
     template   = ">= 2.1"
diff --git a/workers.tf b/workers.tf
index 58fa3b23e2..2bd75a27ff 100644
--- a/workers.tf
+++ b/workers.tf
@@ -453,6 +453,7 @@ resource "aws_iam_instance_profile" "workers" {
   )
 
   path = var.iam_path
+  tags = var.tags
 
   lifecycle {
     create_before_destroy = true
diff --git a/workers_launch_template.tf b/workers_launch_template.tf
index a7b5f62a40..3b16ff163a 100644
--- a/workers_launch_template.tf
+++ b/workers_launch_template.tf
@@ -563,6 +563,7 @@ resource "aws_iam_instance_profile" "workers_launch_template" {
     local.default_iam_role_id,
   )
   path = var.iam_path
+  tags = var.tags
 
   lifecycle {
     create_before_destroy = true