You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/well-architected-framework/docs/docs/optimize-systems/lifecycle-management/tag-cloud-resources.mdx
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -74,7 +74,7 @@ Once you define and implement your tagging strategy using infrastructure as code
74
74
75
75
### Use the Terraform validation block
76
76
77
-
You can use the [Terraform validation block](/terraform/language/values/variables#validation) to enforce tagging policies. The validation block allows you to define custom validation rules for input variables. You can use this feature to ensure that the resources you tag follow your tagging strategy.
77
+
You can use the [Terraform validation block](/terraform/language/values/variables#validation) to enforce tagging policies. The validation block allows you to define custom validation rules for input variables. You can use the validation block to ensure that the resources you tag follow your tagging strategy.
78
78
79
79
The following is an example of a Terraform validation block that ensures the `environment` tag is set to either `dev`, `staging`, or `prod`:
80
80
@@ -106,7 +106,7 @@ environment = "testing"
106
106
107
107
### Use policy as code
108
108
109
-
For more advanced enforcement of your tagging strategy, you can use policy as code tools such as HashiCorp Sentinel or the Open Policy Agent (OPA) to create policies that enforce tagging rules. You can integrate these policies into your CI/CD pipelines to ensure that all resources comply with your tagging strategy before deployment.
109
+
For more advanced enforcement of your tagging strategy, you can use policy as code tools such as HashiCorp Sentinel or the Open Policy Agent (OPA) to create policies that enforce tagging rules. You can integrate these policies into your CI/CD pipelines or with HCP Terraform to ensure that all resources comply with your tagging strategy before deployment.
110
110
111
111
The following is an example of a [`Pass` or `Fail` Sentinel policy](/terraform/tutorials/policy/sentinel-policy#review-your-policy) that ensures that all AWS EC2 instances have a `Name` tag:
112
112
@@ -138,7 +138,7 @@ main = rule {
138
138
}
139
139
```
140
140
141
-
You can write similar policies with OPA and HCP Terraform. Refer to the following external resources for more information.
141
+
You can write similar policies with OPA and HCP Terraform. Refer to the following resources for more information.
142
142
143
143
HashiCorp resources:
144
144
@@ -149,12 +149,14 @@ HashiCorp resources:
149
149
-[Get started with Sentinel](/sentinel/tutorials/get-started)
150
150
151
151
External resources:
152
+
152
153
- Use [OPA to write policies](https://www.openpolicyagent.org/docs/terraform) ensuring all resources have tags before you create them.
153
154
154
155
## Next steps
155
156
156
157
In this section of Manage cost, you learned how to tag resources using infrastructure as code and enforce tagging policies. Tag resources is part of the Optimize systems pillar.
157
158
158
159
To learn more about how to manage our resources, visit the following resources:
160
+
159
161
-[Implement data management policies](/well-architected-framework/optimize-systems/lifecycle-management/data-management)
0 commit comments