Examples

# Basic validation
terratags -config config.yaml -dir ./infra

# With HTML report
terratags -config config.yaml -dir ./infra -report report.html

# With exemptions
terratags -config config.yaml -dir ./infra -exemptions exemptions.yaml

# Generate plan
terraform plan -out=tfplan
terraform show -json tfplan > plan.json

# Validate all resources
terratags -config config.yaml -plan plan.json

# With HTML report
terratags -config config.yaml -plan plan.json -report report.html

required_tags:
  - Name
  - Environment
  - Owner
  - Project

required_tags:
  Name:
    pattern: "^\\S+$"  # No whitespace

  Environment:
    pattern: "^(dev|test|staging|prod)$"  # Specific values only

  Owner:
    pattern: "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$"  # Email format

  Project:
    pattern: "^[A-Z]{2,4}-[0-9]{3,6}$"  # Project code format

  CostCenter:
    pattern: "^CC-[0-9]{4}$"  # Cost center format

required_tags:
  # Pattern validation for critical tags
  Environment:
    pattern: "^(dev|test|staging|prod)$"

  Owner:
    pattern: "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$"

  # Simple validation for others
  Name: {}
  Project: {}
  Team: {}

exemptions:
  - resource_type: aws_s3_bucket
    resource_name: logs_bucket
    exempt_tags: [Owner, Project]
    reason: "Legacy bucket used for system logs only"

  - resource_type: aws_dynamodb_table
    resource_name: "*"
    exempt_tags: [Environment]
    reason: "DynamoDB tables use environment from provider default_tags"

provider "aws" {
  region = "us-west-2"

  default_tags {
    tags = {
      Environment = "dev"
      Owner       = "team-a"
      Project     = "demo"
    }
  }
}

resource "aws_instance" "example" {
  ami           = "ami-12345678"
  instance_type = "t2.micro"

  tags = {
    Name = "example-instance"
    Environment = "production"
    Owner = "team-b"
    Project = "website"
  }
}

resource "aws_instance" "example" {
  ami           = "ami-12345678"
  instance_type = "t2.micro"

  # Only need to specify Name tag, as other required tags come from default_tags
  tags = {
    Name = "example-instance"
  }
}

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  version = "3.14.0"

  name = "my-vpc"
  cidr = "10.0.0.0/16"

  tags = {
    Name = "my-vpc"
    Environment = "production"
    Owner = "team-b"
    Project = "website"
  }
}

terratags -config config.yaml -dir ./infra

terratags -config config.yaml -dir ./infra -report report.html

terraform plan -out=tfplan
terraform show -json tfplan > plan.json
terratags -config config.yaml -plan plan.json

terratags -config config.yaml -dir ./infra -remediate

terratags -config config.yaml -dir ./infra -exemptions exemptions.yaml

terratags -config config.yaml -dir ./infra -verbose

# Test passing pattern validation
terratags -config examples/config-patterns.yaml -dir examples/pattern_validation_passing

# Test failing pattern validation (shows violations)
terratags -config examples/config-patterns.yaml -dir examples/pattern_validation_failing

# Generate report for pattern violations
terratags -config examples/config-patterns.yaml -dir examples/pattern_validation_failing -report pattern-report.html