Add custom tags to instance and related resources about basti HOT 10 CLOSED

@BohdanPetryshyn yes, that is the case. The AWS API will simply deny e.g. ec2:RunInstances operations or similar (depending on the SCP)

from basti.

We need to add tags configuration to both interactive mode and CLI arguments.

In the interactive mode, we need to introduce an optional "Advanced configuration" step, where the user will input custom tags one by one.

For the CLI arguments, we can add a --tags argument that will accept values aws ec2 create-tags command accepts (docs).

I think using the same tags for all the resources created by Basti should be enough for the first implementation. We can add the ability to set separate tags for each resource later if needed.

@DrFunk-n-stein what do you think?

from basti.

@BohdanPetryshyn it's rather uncommon to set different set of tag-keys for resources that belong together.
Adding different tags per resource is super optional in my eyes and one-set-for-all should cover us well 👍

from basti.

As this will be moving to cdk or terraform anyways, we could use stack-tags (CF/CDK) or default tags (tf, aws provider) to male this easier and consistent (later ofc - not necessary for the first iteration)

from basti.

@DrFunk-n-stein sounds like a really valuable enhancement! Currently, the only option is to set the tags manually after setting up the bastion instance with basti init. This is actually the solution we use at my current company.

This feature will be added to Basti CLI when the turn comes according to the current priorities.

Meanwhile, I'd like to ask you if you're using any infrastructure-as-code solution. Basti setup using CDK construct will be introduced very soon (#48). The Basti Terraform module will come next.

from basti.

The solution you mentioned with manual applying of tags won't work in any setup that enforces tags via Service Control Policies+Tagging Policies, that's why I mentioned it explicitely.
And... you know lazy devs: many of them will simply forget adding tags (I'm thinking of setups at scale with several teams and different knowledge levels), so you could end up with a zoo of stopped bastion hosts that accumulate cost (-> e.g. EBS volumes).

from basti.

To be honest, I have never used SCPs or Tagging Policies before. Does this mean that you cannot run basti init at all because resources without specific tags cannot be created? If that is the case, the feature seems to be of high priority, and I will try to implement a solution ASAP. Providing the tags to the basti init command as a JSON file appears to be the best minimal valuable solution here.

from basti.

I just started work on the CDK implementation. I was considering whether to add native support for adding tags. But seeing this, I'll add support for it. The additional work is negligible.

from basti.

Thank you, @bobveringa!

from basti.

Hey @DrFunk-n-stein 👋

Custom tags support was introduced in v1.4.0. I'd really love to know if this helps in the situations you described above!

from basti.