DEV Community

drewmullen
drewmullen

Posted on

Terraform: Prevent default_tags on a specific resource

To avoid having default_tags applied to a specific resource in your root module, declare an aliased provider with no defaults set. See the below example:

Example

terraform {
  required_version = ">= 0.15.3"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "3.55.0"
    }
  }
}

provider "aws" {
  region = "us-east-1"
  default_tags {
    tags = {
      Environment = "Test"
      Service     = "Example"
    }
  }
}

provider "aws" {
  region = "us-east-1"
  alias  = "aws-no-defaults"
}


resource "aws_s3_bucket" "bucket_with_default_tags" {
  bucket = "bucketwithdefaulttags"

}

resource "aws_s3_bucket" "bucket_without_default_tags" {
  bucket   = "bucketwithoutdefaulttags"
  provider = aws.aws-no-defaults
}
Enter fullscreen mode Exit fullscreen mode

Receipt

$ tf show
# aws_s3_bucket.bucket_with_default_tags:
resource "aws_s3_bucket" "bucket_with_default_tags" {
    acl                         = "private"
    arn                         = "arn:aws:s3:::bucketwithdefaulttags"
    bucket                      = "bucketwithdefaulttags"
    bucket_domain_name          = "bucketwithdefaulttags.s3.amazonaws.com"
    bucket_regional_domain_name = "bucketwithdefaulttags.s3.amazonaws.com"
    force_destroy               = false
    hosted_zone_id              = "<>"
    id                          = "bucketwithdefaulttags"
    region                      = "us-east-1"
    request_payer               = "BucketOwner"
    tags_all                    = {
        "Environment" = "Test"
        "Service"     = "Example"
    }

    versioning {
        enabled    = false
        mfa_delete = false
    }
}

# aws_s3_bucket.bucket_without_default_tags:
resource "aws_s3_bucket" "bucket_without_default_tags" {
    acl                         = "private"
    arn                         = "arn:aws:s3:::bucketwithoutdefaulttags"
    bucket                      = "bucketwithoutdefaulttags"
    bucket_domain_name          = "bucketwithoutdefaulttags.s3.amazonaws.com"
    bucket_regional_domain_name = "bucketwithoutdefaulttags.s3.amazonaws.com"
    force_destroy               = false
    hosted_zone_id              = "<>"
    id                          = "bucketwithoutdefaulttags"
    region                      = "us-east-1"
    request_payer               = "BucketOwner"
    tags_all                    = {}

    versioning {
        enabled    = false
        mfa_delete = false
    }
}
Enter fullscreen mode Exit fullscreen mode

Discussion (0)