Aws `default_tags` config - module inheritance?

rjhornsby · March 23, 2022, 9:03pm

I’m using an in house module to build aws ec2 instances, but I’m running into a weird issue with the aws provider’s default_tags feature. I can’t figure out if there’s a bug or I’m doing it wrong.

TL;DR: It looks as if the module must contain its own provider + default_tags configuration. It isn’t inheriting the default_tags from the caller/parent afaict.

The caller/parent has its provider configured thusly, and seems to work fine on resources defined directly in this project:

provider "aws" {
  region = "us-west-2"
  default_tags {
    tags = {
      created-by: "terraform"
      owned-by: "dept_42"
      terraform-source: "https://some.vcs_url"
    }
  }
}

As an example of the behavior in question, this project calls out to a module requesting to build a standardized ec2 instance:

module "green_instances" {
  source = "/path/to/module/source"
  instance_count   = var.instance_count
  ami              = {owner: module.base_config.aws_account_owner, id: "ami-123456789a0"}
  # ...a few other parameters here
}

The module appears to need to have its own provider block with the default_tags defined, or it won’t set the tags properly even though they’re defined in the caller’s provider. If the module is not configured as described, Terraform will remove these tags, despite them being declared in the caller’s provider config.

Is this expected behavior? thanks!

stuart-c · March 24, 2022, 10:59am

So are you meaning the module contains a provider block or just the root module?

rjhornsby · March 24, 2022, 1:56pm

The child module must contain a provider block with the default_tags or the tags won’t be set on the resources the child module creates, even if the default_tags are defined on the root module’s provider.

stuart-c · March 24, 2022, 4:43pm

So you are saying that if there is no provider block at all in the module it seems to not set the default tags?

rjhornsby · March 24, 2022, 5:45pm

correct. this block exists in the root module:

provider "aws" {
  region = "us-west-2" # not included in child module declaration
  default_tags {
    tags = { ... some tags here ... }
  }
}

However, this block must also appear in the child module. If it is removed from the child module, Terraform will remove the associated tags from the resources the child module creates (ec2 instances in my case). The anticipated behavior is configuring the provider once in the root module, and any children would inherit its settings.

stuart-c · March 24, 2022, 9:21pm

So if you have absolutely no provider blocks in the module you are seeing this issue?

Topic		Replies	Views
Add default tags in sub-modules Terraform	1	2473	August 17, 2022
AWS default_tags in sub-modules with dynamic values AWS	0	63	July 29, 2025
AWS capacity_providers do not inherit providers default_tags AWS ecs	1	580	November 30, 2021
Default_tags on provider alias Terraform	1	331	September 29, 2021
Referencing map from a TF module output, in `default_tags` argument in `AwsProvider`, returns unexpected output in TF plan CDK for Terraform	2	352	September 29, 2023

Aws `default_tags` config - module inheritance?

Related topics