Examples

required_tags:
  - Name
  - Environment
  - Owner
  - Project

required_tags:
  - key: Name
    description: "Identifies the resource"
  - key: Environment
    description: "Deployment environment (dev, test, prod)"
  - key: Owner
    description: "Team or individual responsible for the resource"
  - key: Project
    description: "Project or application name"

exemptions:
  - resource_type: aws_s3_bucket
    resource_name: logs_bucket
    exempt_tags: [Owner, Project]
    reason: "Legacy bucket used for system logs only"

  - resource_type: aws_dynamodb_table
    resource_name: "*"
    exempt_tags: [Environment]
    reason: "DynamoDB tables use environment from provider default_tags"

provider "aws" {
  region = "us-west-2"

  default_tags {
    tags = {
      Environment = "dev"
      Owner       = "team-a"
      Project     = "demo"
    }
  }
}

resource "aws_instance" "example" {
  ami           = "ami-12345678"
  instance_type = "t2.micro"

  tags = {
    Name = "example-instance"
    Environment = "production"
    Owner = "team-b"
    Project = "website"
  }
}

resource "aws_instance" "example" {
  ami           = "ami-12345678"
  instance_type = "t2.micro"

  # Only need to specify Name tag, as other required tags come from default_tags
  tags = {
    Name = "example-instance"
  }
}

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  version = "3.14.0"

  name = "my-vpc"
  cidr = "10.0.0.0/16"

  tags = {
    Name = "my-vpc"
    Environment = "production"
    Owner = "team-b"
    Project = "website"
  }
}

terratags -config config.yaml -dir ./infra

terratags -config config.yaml -dir ./infra -report report.html

terraform plan -out=tfplan
terraform show -json tfplan > plan.json
terratags -config config.yaml -plan plan.json

terratags -config config.yaml -dir ./infra -remediate

terratags -config config.yaml -dir ./infra -exemptions exemptions.yaml

terratags -config config.yaml -dir ./infra -verbose