CLOUDP-352100: Tag AWS resources (#2828)

josvazg · web-flow · commit 0a91efbb0c0d · 2025-10-24T17:41:17.000+02:00
Signed-off-by: jose.vazquez &lt;jose.vazquez@mongodb.com&gt;
diff --git a/test/helper/cloud/aws/vpc.go b/test/helper/cloud/aws/vpc.go
@@ -19,6 +19,8 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
+
+	awshelper "github.com/mongodb/mongodb-atlas-kubernetes/v2/test/helper/e2e/api/aws"
 )
 
 func CreateVPC(name, cidr, region string) (string, error) {
@@ -34,6 +36,9 @@ func CreateVPC(name, cidr, region string) (string, error) {
 			ResourceType: aws.String(ec2.ResourceTypeVpc),
 			Tags: []*ec2.Tag{
 				{Key: aws.String("Name"), Value: aws.String(name)},
+				{Key: aws.String(awshelper.OwnerEmailTag), Value: aws.String(awshelper.AKOEmail)},
+				{Key: aws.String(awshelper.CostCenterTag), Value: aws.String(awshelper.AKOCostCenter)},
+				{Key: aws.String(awshelper.EnvironmentTag), Value: aws.String(awshelper.AKOEnvTest)},
 			},
 		}},
 	})
diff --git a/test/helper/e2e/actions/cloud/aws.go b/test/helper/e2e/actions/cloud/aws.go
@@ -31,6 +31,7 @@ import (
 	"github.com/onsi/ginkgo/v2/dsl/core"
 
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/pointer"
+	awshelper "github.com/mongodb/mongodb-atlas-kubernetes/v2/test/helper/e2e/api/aws"
 )
 
 type AwsAction struct {
@@ -84,6 +85,12 @@ func (a *AwsAction) CreateKMS(alias, region, atlasAccountArn, assumedRoleArn str
 		MultiRegion: aws.Bool(false),
 		Origin:      aws.String("AWS_KMS"),
 		Policy:      aws.String(policyString),
+		Tags: []*kms.Tag{
+			{TagKey: aws.String(awshelper.OwnerTag), TagValue: aws.String(awshelper.AKOTeam)},
+			{TagKey: aws.String(awshelper.OwnerEmailTag), TagValue: aws.String(awshelper.AKOEmail)},
+			{TagKey: aws.String(awshelper.CostCenterTag), TagValue: aws.String(awshelper.AKOCostCenter)},
+			{TagKey: aws.String(awshelper.EnvironmentTag), TagValue: aws.String(awshelper.AKOEnvTest)},
+		},
 	})
 
 	if err != nil {
@@ -407,6 +414,10 @@ func (a *AwsAction) createVPC(name, cidr, region string) (string, error) {
 			ResourceType: aws.String(ec2.ResourceTypeVpc),
 			Tags: []*ec2.Tag{
 				{Key: aws.String("Name"), Value: aws.String(name)},
+				{Key: aws.String(awshelper.OwnerTag), Value: aws.String(awshelper.AKOTeam)},
+				{Key: aws.String(awshelper.OwnerEmailTag), Value: aws.String(awshelper.AKOEmail)},
+				{Key: aws.String(awshelper.CostCenterTag), Value: aws.String(awshelper.AKOCostCenter)},
+				{Key: aws.String(awshelper.EnvironmentTag), Value: aws.String(awshelper.AKOEnvTest)},
 			},
 		}},
 	}
@@ -485,6 +496,10 @@ func (a *AwsAction) createSubnet(vpcID, name, cidr, region, az string) (*string,
 			ResourceType: aws.String(ec2.ResourceTypeSubnet),
 			Tags: []*ec2.Tag{
 				{Key: aws.String("Name"), Value: aws.String(name)},
+				{Key: aws.String(awshelper.OwnerTag), Value: aws.String(awshelper.AKOTeam)},
+				{Key: aws.String(awshelper.OwnerEmailTag), Value: aws.String(awshelper.AKOEmail)},
+				{Key: aws.String(awshelper.CostCenterTag), Value: aws.String(awshelper.AKOCostCenter)},
+				{Key: aws.String(awshelper.EnvironmentTag), Value: aws.String(awshelper.AKOEnvTest)},
 			},
 		}},
 		VpcId:            aws.String(vpcID),
diff --git a/test/helper/e2e/actions/cloudaccess/aws_roles.go b/test/helper/e2e/actions/cloudaccess/aws_roles.go
@@ -21,6 +21,8 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/iam"
+
+	awshelper "github.com/mongodb/mongodb-atlas-kubernetes/v2/test/helper/e2e/api/aws"
 )
 
 type AssumeRolePolicyDocument struct {
@@ -102,6 +104,12 @@ func CreateAWSIAMRole(roleName string) (string, error) {
 	roleInput := iam.CreateRoleInput{}
 	roleInput.SetRoleName(roleName)
 	roleInput.SetAssumeRolePolicyDocument(policy)
+	roleInput.Tags = []*iam.Tag{
+		{Key: aws.String(awshelper.OwnerTag), Value: aws.String(awshelper.AKOTeam)},
+		{Key: aws.String(awshelper.OwnerEmailTag), Value: aws.String(awshelper.AKOEmail)},
+		{Key: aws.String(awshelper.CostCenterTag), Value: aws.String(awshelper.AKOCostCenter)},
+		{Key: aws.String(awshelper.EnvironmentTag), Value: aws.String(awshelper.AKOEnvTest)},
+	}
 	//roleInput.SetTags([]*iam.Tag{
 	//	{
 	//		Key:   aws.String(config.TagForTestKey),
diff --git a/test/helper/e2e/api/aws/aws_resources_generator.go b/test/helper/e2e/api/aws/aws_resources_generator.go
@@ -103,6 +103,12 @@ func (g *AwsResourcesGenerator) CreatePolicy(name string, policy func() IAMPolic
 	input := &iam.CreatePolicyInput{
 		PolicyDocument: policy(),
 		PolicyName:     aws.String(name),
+		Tags: []*iam.Tag{
+			{Key: aws.String(OwnerTag), Value: aws.String(AKOTeam)},
+			{Key: aws.String(OwnerEmailTag), Value: aws.String(AKOEmail)},
+			{Key: aws.String(CostCenterTag), Value: aws.String(AKOCostCenter)},
+			{Key: aws.String(EnvironmentTag), Value: aws.String(AKOEnvTest)},
+		},
 	}
 
 	r, err := g.iamClient.CreatePolicy(input)
@@ -177,6 +183,24 @@ func (g *AwsResourcesGenerator) CreateBucket(name string) error {
 		return fmt.Errorf("failed to create aws bucket: %w", err)
 	}
 
+	tagSet := &s3.Tagging{
+		TagSet: []*s3.Tag{
+			{Key: aws.String(OwnerTag), Value: aws.String(AKOTeam)},
+			{Key: aws.String(OwnerEmailTag), Value: aws.String(AKOEmail)},
+			{Key: aws.String(CostCenterTag), Value: aws.String(AKOCostCenter)},
+			{Key: aws.String(EnvironmentTag), Value: aws.String(AKOEnvTest)},
+		},
+	}
+
+	taggingInput := &s3.PutBucketTaggingInput{
+		Bucket:  aws.String(name),
+		Tagging: tagSet,
+	}
+
+	if _, err := g.s3Client.PutBucketTagging(taggingInput); err != nil {
+		return fmt.Errorf("failed to tag bucket %s: %w", name, err)
+	}
+
 	return nil
 }
 
diff --git a/test/helper/e2e/api/aws/tags.go b/test/helper/e2e/api/aws/tags.go
@@ -0,0 +1,27 @@
+// Copyright 2025 MongoDB Inc
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package helper
+
+const (
+	OwnerTag       = "Owner"
+	OwnerEmailTag  = "OwnerEmail"
+	CostCenterTag  = "CostCenter"
+	EnvironmentTag = "Environment"
+
+	AKOTeam       = "AKO Atlas Kubernetes Operator Team"
+	AKOEmail      = "kubernetes-atlas-team@mongodb.com"
+	AKOCostCenter = "TBD - AKO or core team"
+	AKOEnvTest    = "nonprod"
+)
