Skip to content

Comments

Added project tag to SSM parameter#140

Merged
RSkuma merged 1 commit intomainfrom
issue-130-add-project-tag
Feb 12, 2026
Merged

Added project tag to SSM parameter#140
RSkuma merged 1 commit intomainfrom
issue-130-add-project-tag

Conversation

@Benettonkkb
Copy link
Member

@Benettonkkb Benettonkkb commented Feb 4, 2026

Fixes #130

What changes did you make?

  • Inserted on line 28 of /terraform/modules/secre/main.tf:
tags = {
  project = var.project_name
}

Why did you make the changes (we will use this info to test)?

  • It was requested in issue 130.
  • As I understand, the tags in Terraform is using what looks like JSON to associate to AWS resource tags. So this sets the project AWS(?) tag to what I assume is Terraform's var.project_name.

Apologies- I'm still learning Terraform terminology and function.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 4, 2026
edited
Loading

Terraform plan in terraform
With backend config files: terraform/prod.backend.tfvars

Plan: 0 to add, 38 to change, 0 to destroy. 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
!~  update in-place

Terraform will perform the following actions:

  # module.civic-tech-index.module.prod_database_password_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-index/backend-prod-database-password"
        name            = "/civic-tech-index/backend-prod-database-password"
!~      tags            = {
+           "project" = "civic-tech-index"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-index"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.civic-tech-index.module.prod_database_username_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-index/backend-prod-database-username"
        name            = "/civic-tech-index/backend-prod-database-username"
!~      tags            = {
+           "project" = "civic-tech-index"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-index"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.civic-tech-index.module.stage_database_password_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-index/backend-stage-database-password"
        name            = "/civic-tech-index/backend-stage-database-password"
!~      tags            = {
+           "project" = "civic-tech-index"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-index"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.civic-tech-index.module.stage_database_username_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-index/backend-stage-database-username"
        name            = "/civic-tech-index/backend-stage-database-username"
!~      tags            = {
+           "project" = "civic-tech-index"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-index"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.home-unite-us.module.db_url_qa.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/home-unite-us/fullstack-qa-database_url"
        name            = "/home-unite-us/fullstack-qa-database_url"
!~      tags            = {
+           "project" = "home-unite-us"
        }
!~      tags_all        = {
+           "project"    = "home-unite-us"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.people-depot.module.backend_dev_api_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/people-depot/backend-dev-api-secret"
        name            = "/people-depot/backend-dev-api-secret"
!~      tags            = {
+           "project" = "people-depot"
        }
!~      tags_all        = {
+           "project"    = "people-depot"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.people-depot.module.dev_database.postgresql_grant.user will be updated in-place
!~  resource "postgresql_grant" "user" {
        id                = "people-depot_backend_dev_user_people-depot_backend_dev_public_table"
!~      privileges        = [
+           "DELETE",
+           "INSERT",
+           "SELECT",
+           "UPDATE",
        ]
#        (5 unchanged attributes hidden)
    }

  # module.people-depot.module.dev_database.postgresql_grant.viewer will be updated in-place
!~  resource "postgresql_grant" "viewer" {
        id                = "people-depot_backend_dev_viewer_people-depot_backend_dev_public_table"
!~      privileges        = [
+           "SELECT",
        ]
#        (5 unchanged attributes hidden)
    }

  # module.vrms.module.custom_request_header_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-custom-request-header"
        name            = "/vrms/backend-custom-request-header"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.dev_database_url_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-dev-database-url"
        name            = "/vrms/backend-dev-database-url"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.gmail_client_id_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-gmail-client-id"
        name            = "/vrms/backend-gmail-client-id"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.gmail_refresh_token_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-gmail-refresh-token"
        name            = "/vrms/backend-gmail-refresh-token"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.gmail_secret_id_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-gmail-secret-id"
        name            = "/vrms/backend-gmail-secret-id"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.mailhog_password_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-mailhog-password"
        name            = "/vrms/backend-mailhog-password"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.mailhog_user_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-mailhog-user"
        name            = "/vrms/backend-mailhog-user"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.prod_database_url_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-prod-database-url"
        name            = "/vrms/backend-prod-database-url"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.slack_bot_token_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-slack-bot-token"
        name            = "/vrms/backend-slack-bot-token"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.slack_client_secret_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-slack-client-secret"
        name            = "/vrms/backend-slack-client-secret"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.slack_oauth_token_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-slack-oauth-token"
        name            = "/vrms/backend-slack-oauth-token"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.vrms.module.slack_signing_secret_secret.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/vrms/backend-slack-signing-secret"
        name            = "/vrms/backend-slack-signing-secret"
!~      tags            = {
+           "project" = "vrms"
        }
!~      tags_all        = {
+           "project"    = "vrms"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.civic-tech-jobs.module.civic_tech_jobs_stage_database.module.db_owner_password.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-jobs/fullstack-stage-db-owner-password"
        name            = "/civic-tech-jobs/fullstack-stage-db-owner-password"
!~      tags            = {
+           "project" = "civic-tech-jobs"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-jobs"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.civic-tech-jobs.module.civic_tech_jobs_stage_database.module.db_owner_username.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-jobs/fullstack-stage-db-owner-username"
        name            = "/civic-tech-jobs/fullstack-stage-db-owner-username"
!~      tags            = {
+           "project" = "civic-tech-jobs"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-jobs"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.civic-tech-jobs.module.civic_tech_jobs_stage_database.module.db_user_password.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-jobs/fullstack-stage-db-user-password"
        name            = "/civic-tech-jobs/fullstack-stage-db-user-password"
!~      tags            = {
+           "project" = "civic-tech-jobs"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-jobs"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.civic-tech-jobs.module.civic_tech_jobs_stage_database.module.db_user_username.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-jobs/fullstack-stage-db-user-username"
        name            = "/civic-tech-jobs/fullstack-stage-db-user-username"
!~      tags            = {
+           "project" = "civic-tech-jobs"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-jobs"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.civic-tech-jobs.module.civic_tech_jobs_stage_database.module.db_viewer_password.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-jobs/fullstack-stage-db-viewer-password"
        name            = "/civic-tech-jobs/fullstack-stage-db-viewer-password"
!~      tags            = {
+           "project" = "civic-tech-jobs"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-jobs"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.civic-tech-jobs.module.civic_tech_jobs_stage_database.module.db_viewer_username.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/civic-tech-jobs/fullstack-stage-db-viewer-username"
        name            = "/civic-tech-jobs/fullstack-stage-db-viewer-username"
!~      tags            = {
+           "project" = "civic-tech-jobs"
        }
!~      tags_all        = {
+           "project"    = "civic-tech-jobs"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.home-unite-us.module.database_dev.module.db_owner_password.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/home-unite-us/fullstack-qa-db-owner-password"
        name            = "/home-unite-us/fullstack-qa-db-owner-password"
!~      tags            = {
+           "project" = "home-unite-us"
        }
!~      tags_all        = {
+           "project"    = "home-unite-us"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.home-unite-us.module.database_dev.module.db_owner_username.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/home-unite-us/fullstack-qa-db-owner-username"
        name            = "/home-unite-us/fullstack-qa-db-owner-username"
!~      tags            = {
+           "project" = "home-unite-us"
        }
!~      tags_all        = {
+           "project"    = "home-unite-us"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.home-unite-us.module.database_dev.module.db_user_password.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/home-unite-us/fullstack-qa-db-user-password"
        name            = "/home-unite-us/fullstack-qa-db-user-password"
!~      tags            = {
+           "project" = "home-unite-us"
        }
!~      tags_all        = {
+           "project"    = "home-unite-us"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.home-unite-us.module.database_dev.module.db_user_username.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/home-unite-us/fullstack-qa-db-user-username"
        name            = "/home-unite-us/fullstack-qa-db-user-username"
!~      tags            = {
+           "project" = "home-unite-us"
        }
!~      tags_all        = {
+           "project"    = "home-unite-us"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.home-unite-us.module.database_dev.module.db_viewer_password.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/home-unite-us/fullstack-qa-db-viewer-password"
        name            = "/home-unite-us/fullstack-qa-db-viewer-password"
!~      tags            = {
+           "project" = "home-unite-us"
        }
!~      tags_all        = {
+           "project"    = "home-unite-us"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.home-unite-us.module.database_dev.module.db_viewer_username.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/home-unite-us/fullstack-qa-db-viewer-username"
        name            = "/home-unite-us/fullstack-qa-db-viewer-username"
!~      tags            = {
+           "project" = "home-unite-us"
        }
!~      tags_all        = {
+           "project"    = "home-unite-us"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.people-depot.module.dev_database.module.db_owner_password.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/people-depot/backend-dev-db-owner-password"
        name            = "/people-depot/backend-dev-db-owner-password"
!~      tags            = {
+           "project" = "people-depot"
        }
!~      tags_all        = {
+           "project"    = "people-depot"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.people-depot.module.dev_database.module.db_owner_username.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/people-depot/backend-dev-db-owner-username"
        name            = "/people-depot/backend-dev-db-owner-username"
!~      tags            = {
+           "project" = "people-depot"
        }
!~      tags_all        = {
+           "project"    = "people-depot"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.people-depot.module.dev_database.module.db_user_password.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/people-depot/backend-dev-db-user-password"
        name            = "/people-depot/backend-dev-db-user-password"
!~      tags            = {
+           "project" = "people-depot"
        }
!~      tags_all        = {
+           "project"    = "people-depot"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.people-depot.module.dev_database.module.db_user_username.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/people-depot/backend-dev-db-user-username"
        name            = "/people-depot/backend-dev-db-user-username"
!~      tags            = {
+           "project" = "people-depot"
        }
!~      tags_all        = {
+           "project"    = "people-depot"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.people-depot.module.dev_database.module.db_viewer_password.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/people-depot/backend-dev-db-viewer-password"
        name            = "/people-depot/backend-dev-db-viewer-password"
!~      tags            = {
+           "project" = "people-depot"
        }
!~      tags_all        = {
+           "project"    = "people-depot"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

  # module.people-depot.module.dev_database.module.db_viewer_username.aws_ssm_parameter.this will be updated in-place
!~  resource "aws_ssm_parameter" "this" {
        id              = "/people-depot/backend-dev-db-viewer-username"
        name            = "/people-depot/backend-dev-db-viewer-username"
!~      tags            = {
+           "project" = "people-depot"
        }
!~      tags_all        = {
+           "project"    = "people-depot"
#            (1 unchanged element hidden)
        }
#        (12 unchanged attributes hidden)
    }

Plan: 0 to add, 38 to change, 0 to destroy.

✅ Plan applied in Terraform apply (OIDC) #57

@Benettonkkb Benettonkkb self-assigned this Feb 12, 2026
@Benettonkkb Benettonkkb added this to the 02 - Security milestone Feb 12, 2026
RSkuma
RSkuma approved these changes Feb 12, 2026
View reviewed changes
Copy link
Member

@RSkuma RSkuma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go

@RSkuma RSkuma merged commit 2f723e8 into main Feb 12, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RSkuma RSkuma RSkuma approved these changes

Assignees

@Benettonkkb Benettonkkb

Labels

feature: IAM

Projects

None yet

Milestone

02 - Security

Development

Successfully merging this pull request may close these issues.

add project tag to secret

2 participants

@Benettonkkb @RSkuma