Fix tag value validation and comprehensive tag merging with filtering for Aurora module (!15) · Merge requests · safrangrp / publiccloud / landingzone / shared-modules / terraform-aws-rds-aurora · GitLab

Jean Luc GARNIER requested to merge fix_grp_schedule into main Oct 25, 2025

Merge all relevant tag maps from tags_convention module (rds_tags, resource_tags, account_tags) with any additional root-level tags.

locals {
    combined_tags = merge(
         module.tags_convention.rds_tags,
         module.tags_convention.resource_tags,
         module.tags_convention.account_tags,
         var.tags
    )
}

Filter out null or empty string tag values before passing to the Aurora module to prevent AWS API errors.
Ensure single tags argument usage on the rds_aurora module call with the cleaned tag map.

Aurora Module:

module "rds_aurora" {
    source = "github.com/terraform-aws-modules/terraform-aws-rds-aurora?ref=v9.13.0"
    # tags = merge(module.tags_convention.resource_tags, var.tags)
    tags = merge(local.combined_tags,var.tags)
    ...
}

Ensure internal usage of tags_convention module with proper input variable passing.
Use similar safe tag merging pattern to filter out invalid tag values before resource application.

Testing:

Verified terraform plan and apply do not fail due to missing locals or empty tag values.
Confirmed tags applied only include valid key-value pairs, excluding null or whitespace.
Validated that no references to locals as a resource exist.

Rationale:

AWS forbids tag values that are empty or blank.
Terraform locals need to be referenced with local, not locals.
Properly filtering tags improves stability of infrastructure deployment.
Consolidated locals and clean tag merges increase maintainability and reduce errors.

Recommendations:

Add validation rules to input variables where feasible to enforce tag integrity.

Edited Oct 25, 2025 by Jean Luc GARNIER