Resolve "Adjust AWS tag keys to use only GitLab specific keys and not default keys"

Scott Hensonrequested to merge
989-adjust-aws-tag-keys-to-use-gitlab-specific-keys into main

What does this MR do?

This MR implements a flexible AWS tag management strategy that allows GET to coexist with enterprise tagging policies while maintaining backward compatibility. The changes address conflicts between GET's tag usage and organizational naming conventions by:

Key Changes

  1. Standardized GitLab tag keys: All GET-managed tags now use the gitlab_ prefix for clear identification and to avoid conflicts with customer tags.

  2. Made the Name tag optional: Added aws_set_ec2_name_tag variable (defaults to true) to prevent breaking change. Organizations can now disable GET's automatic Name tag creation.

  3. Update documentation: Provide documentation on preventing GET from setting the Name tag and provide explanation and example for using the AWS provider to ignore tags added to resources outside of terraform.

  4. Added lifecycle management: Resources use ignore_changes for Name tags to prevent Terraform from changing/removing the Name tags while still managing GET-specific tags.

Technical Implementation

  • Added variable the AWS Instance module for optional Name tag application by GET
  • Added no tag to AWS Instance module to be used instead of the Name tag
  • Updated each module that uses the Instance module to pass variable for Name tag being added to instance

Why This Matters

Many enterprise customers have:

  • AWS Organizations tagging policies that require specific tag formats
  • AWS Config rules that enforce compliance through tags
  • Third-party tag management tools that automatically apply tags
  • Cost allocation requirements that depend on consistent tagging

This change ensures GET works seamlessly in these environments without requiring manual workarounds or causing tag conflicts.

Related issues

#989 - Implements the proposed tag standardization and makes Name tag optional as discussed

Author's checklist

When ready for review, the Author applies the workflowready for review label and mention @gitlab-org/software-delivery/get-maintainers:

  • Merge request:
    • Corresponding Issue raised and reviewed by the GET maintainers team.
    • Merge Request Title and Description are up-to-date, accurate, and descriptive
    • MR targeting the appropriate branch
    • MR has a green pipeline
    • MR has no new security alerts in the widget from the Secret Detection and IaC Scan (SAST) jobs.
  • Code:
    • Check the area changed works as expected across all expected permutations.
    • Check that the changes work across upgrades.
    • Documentation created/updated in the same MR if applicable

Closes #989

Edited by Scott Henson

Merge request reports