Merge pull request #57 from appvia/fix

Fix
appvia · Jan 22, 2025 · fe65b1f · fe65b1f
2 parents d85d7a1 + 7602e5b
commit fe65b1f
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 3 deletions.
diff --git a/examples/basic/assets/tagging-policies/cost-tagging-policy.json b/examples/basic/assets/tagging-policies/cost-tagging-policy.json
@@ -0,0 +1,9 @@
+{
+    "tags": {
+      "mandatory": ["CostCenter", "BillingCode"],
+      "allowed": {
+        "CostCenter": "^CC-[0-9]{4}$",
+        "BillingCode": "^BC-[0-9]{3}$"
+      }
+    }
+  }
diff --git a/examples/basic/assets/tagging-policies/mandatory-tagging-policy.json b/examples/basic/assets/tagging-policies/mandatory-tagging-policy.json
@@ -0,0 +1,10 @@
+{
+  "tags": {
+    "mandatory": ["Environment", "Owner", "Project"],
+    "allowed": {
+      "Environment": ["dev", "test", "prod"],
+      "Owner": "^[a-zA-Z]+$",
+      "Project": "^[a-zA-Z0-9-_]+$"
+    }
+  }
+}
diff --git a/examples/basic/values/production.tfvars b/examples/basic/values/production.tfvars
@@ -83,3 +83,17 @@ organization = {
     }
   ]
 }
+
+tagging_policies = {
+  "MandatoryTaggingPolicy" = {
+    description = "Enforces mandatory tags like Environment, Owner, and Project."
+    filename    = "assets/tagging-policies/mandatory-tagging-policy.json"
+    key         = "infrastructure"
+  }
+
+  "CostTaggingPolicy" = {
+    description = "Ensures resources are tagged with cost-related metadata."
+    filename    = "assets/tagging-policies/cost-tagging-policy.json"
+    key         = "workloads"
+  }
+}
diff --git a/policies.tf b/policies.tf
@@ -33,7 +33,7 @@ resource "aws_organizations_policy_attachment" "service_control_policy_attachmen
 ## Provision any tagging policies
 #
 resource "aws_organizations_policy" "tagging_policy" {
-  for_each = { for x in var.tagging_policies : x.name => x }
+  for_each = var.tagging_policies
 
   name        = each.key
   content     = each.value.content
@@ -44,14 +44,14 @@ resource "aws_organizations_policy" "tagging_policy" {
 
 ## Attach any tagging policies to the organizational units
 resource "aws_organizations_policy_attachment" "tagging_policy_attachment_root" {
-  for_each = { for x in var.tagging_policies : x.name => x if x.key == "root" }
+  for_each = { for k, v in var.tagging_policies : k => v if v.key == "root" }
 
   policy_id = aws_organizations_policy.tagging_policy[each.key].id
   target_id = local.root_ou
 }
 
 resource "aws_organizations_policy_attachment" "tagging_policy_attachment" {
-  for_each = { for x in var.tagging_policies : x.name => x if x.key != "root" }
+  for_each = { for k, v in var.tagging_policies : k => v if v.key != "root" }
 
   policy_id = aws_organizations_policy.tagging_policy[each.key].id
   target_id = coalesce(each.value.target_id, try(local.all_ou_attributes[each.value.key].id, null))