I recently “formally” started learning Amazon Web Services to expand my horizons a little bit so I’ll be writing my learnings in various parts.
This article also mentions a unit testing library for Infrastructure as Code I author — T2D2; PRs and stars appreciated. 🤩 😁
I started my Cloud journey in college when I had created a Xamarin Mobile app with Azure Active Directory’s SSO integration with Facebook and the backend server running on App Service for my Web Development Lab. Over the years, I’ve built upon this and have explored more services on Azure through various projects.
The first concept you’d learn in Azure is the concept of Resource Groups which help you group resources together and also provide an easy way to clean up resources later. In Azure, no resources can exist outside of Resource Groups — to me, this seemed very intuitive, as organizing your resources becomes a habit.
I had started using AWS a while back — I’ve explored things like the Elastic Compute Cloud (EC2), S3 storage, Elastic Beanstalk etc, but now starting to formalize that knowledge.
Resource Management in AWS
In AWS, all resources can be created globally (they are still shown based on their region in the UI) which is easy to get started, yet seemed slightly odd for me, coming from the Azure world.
To get some organization in place, I started looking at ways of having the concepts of Resource Grouping in AWS. Talking to others who do use AWS on a daily basis, they never thought they would need something like it. Especially when Infrastructure can be created using Terraform and it’s easy to make sure all resources are deleted as they are tracked using Terraform State.
I did find the original announcement about Resource Groups in AWS which was a long time ago — this gives the ability to use tags to add resources to groups, but there is no concept of cascade delete (deleting Resource Groups does not delete the underlying tagged resources in AWS)
Also, Resource Groups has the ability to have cross region resources but that seems to have been discontinued – https://aws.amazon.com/blogs/aws/resource-groups-and-tagging/
How to use Resource Groups in AWS
Resource groups can be created with grouping criteria like the types of Resources which need to be matched, for example,AWS::EC2::Instance but by default all supported resources will be matched, which is AWS::AllSupported. The other criterion is a list of Tags to be present on the resources, for example, I use the Group tag with the BasicCompute value.
We can create the same Resource Group using terraform as well, with this following snippet.
resource "aws_resourcegroups_group" "test" {
name = var.app.name
resource_query {
query = <<JSON
{
"ResourceTypeFilters": ["AWS::AllSupported"],
"TagFilters": [
{
"Key": "Group",
"Values": ["${var.app.name}"]
}
]
}
JSON
}
}Once resources are tagged with the right Group tag, resources will start showing up in the Resource Group.
This is great for grouping together Resources and seeing them in one place. One thing different than Azure is that you can have the same resource in two different Resource Groups. But ideally you’d be managing your resources through something like Terraform, Pulumi or CDK so deletion will be taken care of by these IaC tools.
Extra Goodies with T2D2 — Terraform Test Drivern Development
I’m the author of T2D2, which is a testing library to work with jest and it helps you write unit tests for your Terraform IaC code.
Since T2D2 has knowledge of your Terraform Plan, you can also use it to make sure the resources created in your Terraform Modules adhere to the Group Tagging strategy. This makes sure that no resource gets left out by accident.
validations › should have a Group tag
expect(received).toEqual(expected) // deep equality
Expected: "BasicCompute"
Received: undefined
18 | var plannedResources: any[] = rawStateObj.planned_values.root_module.resources
19 | plannedResources.forEach((resource: any) => {
> 20 | expect(resource.values?.tags?.Group).toEqual("BasicCompute")
| ^
21 | })
22 | })
23 | })The price you Pay for Resource Groups
FREE. Yep.
Summary
Resource Tagging is quite uncommon in the AWS world, but using it will make it easier for you to navigate through the large number of resources you create in your accounts.
And you can also enforce Resource Tagging through unit testing with libraries like T2D2.
