Patch: Add reflex-specific tagging to reflex infrastructure. (#106)

* Add Reflex tagging to resources
reflexivesecurity · Oct 20, 2020 · d0daada · d0daada
1 parent b000049
commit d0daada
Show file tree

Hide file tree

Showing 8 changed files with 31 additions and 0 deletions.
diff --git a/modules/cwe/main.tf b/modules/cwe/main.tf
@@ -5,5 +5,8 @@ resource "aws_cloudwatch_event_rule" "cwe_rule" {
   name          = var.name
   description   = var.description
   event_pattern = var.event_pattern
+  tags = {
+    Reflex = "true"
+  }
 }
 
diff --git a/modules/reflex_kms_key/main.tf b/modules/reflex_kms_key/main.tf
@@ -69,6 +69,10 @@ resource "aws_kms_key" "reflex_key" {
     ]
 }
 EOF
+
+  tags = {
+    Reflex = "true"
+  }
 }
 
 resource "aws_kms_alias" "reflex_alias" {

diff --git a/modules/sns_cross_account_sqs/main.tf b/modules/sns_cross_account_sqs/main.tf
@@ -6,6 +6,9 @@ data "aws_caller_identity" "current" {}
 resource "aws_sns_topic" "forwarder_topic" {
   name              = "Forwarder-${var.cloudwatch_event_rule_id}"
   kms_master_key_id = var.kms_key_id
+  tags = {
+    Reflex = "true"
+  }
 }
 
 resource "aws_sns_topic_policy" "events_policy" {

diff --git a/modules/sns_cross_region_sqs/main.tf b/modules/sns_cross_region_sqs/main.tf
@@ -6,6 +6,9 @@ data "aws_caller_identity" "current" {}
 resource "aws_sns_topic" "forwarder_topic" {
   name              = "Forwarder-${var.cloudwatch_event_rule_id}"
   kms_master_key_id = var.kms_key_id
+  tags = {
+    Reflex = "true"
+  }
 }
 
 resource "aws_sns_topic_policy" "events_policy" {

diff --git a/modules/sns_email_subscription/main.tf b/modules/sns_email_subscription/main.tf
@@ -10,6 +10,9 @@ resource "aws_cloudformation_stack" "sns_topic" {
     Email           = var.notification_email
     SlackWebhookUrl = var.slack_webhook
   }
+  tags = {
+    Reflex = "true"
+  }
   template_body = <<STACK
 {
   "AWSTemplateFormatVersion": "2010-09-09",
@@ -41,6 +44,7 @@ resource "aws_cloudformation_stack" "sns_topic" {
       "Type" : "AWS::SNS::Topic",
       "Properties" : {
         "DisplayName" : { "Ref" : "DisplayName" },
+        "Tags": [{ "Key": "Reflex", "Value":"true"}],
         "TopicName" : { "Ref" : "DisplayName" },
         "Subscription": {
           "Fn::If": [

diff --git a/modules/sqs_lambda/modules/iam_assume_role/main.tf b/modules/sqs_lambda/modules/iam_assume_role/main.tf
@@ -5,6 +5,10 @@
 resource "aws_iam_role" "assume_role" {
   name = "Reflex${var.function_name}LambdaAssume"
 
+  tags = {
+    Reflex = "true"
+  }
+
   assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",

diff --git a/modules/sqs_lambda/modules/lambda/main.tf b/modules/sqs_lambda/modules/lambda/main.tf
@@ -24,6 +24,9 @@ resource "aws_iam_role" "iam_for_lambda" {
   ]
 }
 EOF
+  tags = {
+    Reflex = "true"
+  }
 }
 
 resource "aws_iam_role_policy" "lambda_policy" {
@@ -87,4 +90,8 @@ resource "aws_lambda_function" "cwe_lambda" {
     variables = merge(var.environment_variable_map,
     { "ASSUME_ROLE_NAME" = "Reflex${var.function_name}LambdaAssume" })
   }
+
+  tags = {
+    Reflex = "true"
+  }
 }
diff --git a/modules/sqs_lambda/modules/sqs_queue/main.tf b/modules/sqs_lambda/modules/sqs_queue/main.tf
@@ -10,4 +10,7 @@ resource "aws_sqs_queue" "sqs_queue" {
     deadLetterTargetArn = var.sqs_dead_letter_queue_arn
     maxReceiveCount     = var.max_receive_count
   })
+  tags = {
+    Reflex = "true"
+  }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -69,6 +69,10 @@ resource "aws_kms_key" "reflex_key" { @@
         ]
     }
     EOF
+      tags = {
+        Reflex = "true"
+      }
     }
     resource "aws_kms_alias" "reflex_alias" {
@@ Expand Down @@