validation_rules

Type string
Module tagging-policy
Version 0.1.0

Tag validation rules for policy enforcement (JSON-encoded)

A list of validation rules generated from the tagging policy configuration. These rules can be used with AWS Organizations tag policies, custom CI/CD validation, or compliance tooling.

Example Value

[
  {
    tag_key        = "Environment"
    required       = true
    allowed_values = ["dev", "staging", "prod"]
  },
  {
    tag_key        = "Owner"
    required       = true
    allowed_values = null
  },
  {
    tag_key        = "CostCenter"
    required       = true
    allowed_values = ["eng-001", "platform-123", "ops-456"]
  }
]

Common Use Cases

CI/CD Validation

# Export rules for use in CI/CD pipeline
output "tag_rules" {
  value = module.tags.validation_rules
}

# Validate in pipeline:
# terraform output -json tag_rules | validate-tags.sh

AWS Organizations Tag Policy

resource "aws_organizations_policy" "tags" {
  name    = "required-tags"
  type    = "TAG_POLICY"
  content = jsonencode({
    tags = {
      for rule in module.tags.validation_rules :
      rule.tag_key => {
        tag_key = {
          "@@assign" = rule.tag_key
        }
        enforced_for = {
          "@@assign" = ["*"]
        }
      }
    }
  })
}

Custom Validation Script

#!/bin/bash
# validate-tags.sh
rules=$(terraform output -json tag_rules)
# Implement validation logic based on rules

Usage

module "tagging_policy" {
  source  = "registry.patterneddesigns.ca/standardnat/tagging-policy/aws"
  version = "0.1.0"
  # ... inputs
}

# Access this output
output "validation_rules" {
  value = module.tagging_policy.validation_rules
}