feat(runner-binaries-syncer): add s3_tags variable for additional S3 bucket tagging

Author: Damian Rekosz

main.tf

@@ -308,6 +308,7 @@ module "runner_binaries" {
 
   state_event_rule_binaries_syncer     = var.state_event_rule_binaries_syncer
   server_side_encryption_configuration = var.runner_binaries_s3_sse_configuration
+  s3_tags                              = var.runner_binaries_s3_tags
   s3_versioning                        = var.runner_binaries_s3_versioning
 
   role_path                 = var.role_path

modules/multi-runner/main.tf

@@ -16,6 +16,15 @@ locals {
   tmp_distinct_list_unique_os_and_arch = distinct([for i, config in local.runner_config : { "os_type" : config.runner_config.runner_os, "architecture" : config.runner_config.runner_architecture } if config.runner_config.enable_runner_binaries_syncer])
   unique_os_and_arch                   = { for i, v in local.tmp_distinct_list_unique_os_and_arch : "${v.os_type}_${v.architecture}" => v }
 
+  s3_tags = {
+    for os_arch, tags_lists in {
+      for i, config in local.runner_config :
+      "${config.runner_config.runner_os}_${config.runner_config.runner_architecture}" => [config.runner_config.runner_binaries_s3_tags]...
+      if config.runner_config.enable_runner_binaries_syncer
+    } :
+    os_arch => merge(var.runner_binaries_s3_tags, merge(flatten(tags_lists)...))
+  }
+
   ssm_root_path = "/${var.ssm_paths.root}/${var.prefix}"
 }
 

modules/multi-runner/runner-binaries.tf

@@ -25,6 +25,7 @@ module "runner_binaries" {
   state_event_rule_binaries_syncer = var.state_event_rule_binaries_syncer
 
   server_side_encryption_configuration = var.runner_binaries_s3_sse_configuration
+  s3_tags                              = local.s3_tags[each.key]
   s3_versioning                        = var.runner_binaries_s3_versioning
 
   role_path                 = var.role_path

modules/multi-runner/variables.tf

@@ -114,6 +114,7 @@ variable "multi_runner_config" {
       cloudwatch_config                       = optional(string, null)
       userdata_pre_install                    = optional(string, "")
       userdata_post_install                   = optional(string, "")
+      runner_binaries_s3_tags                 = optional(map(string), {})
       runner_hook_job_started                 = optional(string, "")
       runner_hook_job_completed               = optional(string, "")
       runner_ec2_tags                         = optional(map(string), {})
@@ -222,6 +223,7 @@ variable "multi_runner_config" {
         cloudwatch_config: "(optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details."
         userdata_pre_install: "Script to be ran before the GitHub Actions runner is installed on the EC2 instances"
         userdata_post_install: "Script to be ran after the GitHub Actions runner is installed on the EC2 instances"
+        runner_binaries_s3_tags: "Map of tags that will be added to the S3 bucket used by the runner binaries syncer for this runner configuration. Note these are additional tags to the default tags."
         runner_hook_job_started: "Script to be ran in the runner environment at the beginning of every job"
         runner_hook_job_completed: "Script to be ran in the runner environment at the end of every job"
         runner_ec2_tags: "Map of tags that will be added to the launch template instance tag specifications."
@@ -404,6 +406,12 @@ variable "runner_binaries_s3_sse_configuration" {
   }
 }
 
+variable "runner_binaries_s3_tags" {
+  description = "Map of tags that will be added to the S3 bucket. Note these are additional tags to the default tags."
+  type        = map(string)
+  default     = {}
+}
+
 variable "runner_binaries_s3_versioning" {
   description = "Status of S3 versioning for runner-binaries S3 bucket. Once set to Enabled the change cannot be reverted via Terraform!"
   type        = string

modules/runner-binaries-syncer/main.tf

@@ -5,7 +5,7 @@ locals {
 resource "aws_s3_bucket" "action_dist" {
   bucket        = var.distribution_bucket_name
   force_destroy = true
-  tags          = var.tags
+  tags          = merge(var.tags, var.s3_tags)
 }
 
 resource "aws_s3_bucket_ownership_controls" "this" {

modules/runner-binaries-syncer/variables.tf

@@ -45,6 +45,12 @@ variable "s3_logging_bucket_prefix" {
   }
 }
 
+variable "s3_tags" {
+  description = "Map of tags that will be added to the S3 bucket. Note these are additional tags to the default tags."
+  type        = map(string)
+  default     = {}
+}
+
 variable "state_event_rule_binaries_syncer" {
   type        = string
   description = "Option to disable EventBridge Lambda trigger for the binary syncer, useful to stop automatic updates of binary distribution"

variables.tf

@@ -192,6 +192,12 @@ variable "runner_binaries_s3_sse_configuration" {
   }
 }
 
+variable "runner_binaries_s3_tags" {
+  description = "Map of tags that will be added to the S3 bucket. Note these are additional tags to the default tags."
+  type        = map(string)
+  default     = {}
+}
+
 variable "runner_binaries_s3_versioning" {
   description = "Status of S3 versioning for runner-binaries S3 bucket. Once set to Enabled the change cannot be reverted via Terraform!"
   type        = string