How to tag thousands of existing AWS resources?

Question

I am trying to tag 1000+ aws resources in various regions. For new resources to be created, I have implemented Tagging Policy(SCP's). But for existing resources, what approach shall I follow?

I have come up with following approach:

1. Use AWS Resource Explorer Service to find all untagged resources in all regions.

2. A python script to tag all resources associated with a specific service. (NOTE: I had worked on a script long time ago to find resources associated with instances and align tags to them(if tags not present)) Reference: TagResourcesAssociatedWithEC2Instance

3. The above script can be leveraged and can be used with other resources (RDS, Route53, ECS .,etc.)

Problem with the above approach is that it would take a considerable amount of time to identify all the resources associated to each other logically.

Is there any faster way to segregate all resources based on tag "Environment" or "Owner" and also tag all the resources with a predefined set of tags?

I have tried following:

Python scripts to identify untagged resources, associate tags to resources aligned with each service. List all resources in account -> check for tags. But problem was that I couldn't find the interdependant relation only base on ARN.

Answer 1

Since you mentioned you are using Terraform to deploy your resources, then in your Terraform code, you need to specify a default_tags setting in the AWS provider block. After adding that, you simply need to run terraform apply again and Terraform will add those default tags to every AWS resource managed by Terraform.

Answer 2

For resources that were not created by Terraform, HERE is a little script I created in Python that I think would accomplish what you're looking for.

You need to tell the script the following information:

The AWS CLI profile to use The AWS region where to run The AWS resources to process (Currently I have added 10 options) The tag key and the tag values along with the "hint" words that could help the script to identify the possible value for that missing tag. You would get a list of your resources, along with the missing tag suggestion based on the existing resource key, description, and resources ID. Once you're happy with the tag value suggestion, you can select to apply in bulk or one by one the missing tags to your AWS resources.