From cef77b5c6fac2f323d2e4d2c68980328e7415148 Mon Sep 17 00:00:00 2001
From: kruskal <99559985+kruskall@users.noreply.github.com>
Date: Sun, 1 Jan 2023 03:41:54 +0100
Subject: [PATCH 1/3] build: Tag CSP resources according to policy

Reuse apm-server tags module to share labels for the apm-server team.
Tag resource accordingly.
---
 testing/benchmarking/main.tf                      | 10 ++++++++++
 testing/tf-modules/artillery_deployment/main.tf   | 15 +++++++++------
 .../tf-modules/artillery_deployment/variables.tf  |  6 ++++++
 testing/tf-modules/lambda_deployment/main.tf      |  5 +++++
 testing/tf-modules/lambda_deployment/variables.tf |  6 ++++++
 tf/main.tf                                        | 12 ++++++++++--
 tf/variables.tf                                   |  5 +++++
 7 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/testing/benchmarking/main.tf b/testing/benchmarking/main.tf
index 659e88f4..94a5f833 100644
--- a/testing/benchmarking/main.tf
+++ b/testing/benchmarking/main.tf
@@ -33,6 +33,10 @@ provider "aws" {
   region = var.aws_region
 }
 
+module "tags" {
+  source  = "github.com/elastic/apm-server//testing/infra/terraform/modules/tags?depth=1"
+  project = "lambda-extension-benchmarks"
+}
 
 module "ec_deployment" {
   source = "github.com/elastic/apm-server/testing/infra/terraform/modules/ec_deployment"
@@ -49,6 +53,8 @@ module "ec_deployment" {
   integrations_server = true
   apm_server_expvar   = false
   apm_server_pprof    = false
+
+  tags = module.tags.tags
 }
 
 module "lambda_deployment" {
@@ -68,6 +74,8 @@ module "lambda_deployment" {
 
   apm_server_url   = module.ec_deployment.apm_url
   apm_secret_token = module.ec_deployment.apm_secret_token
+
+  tags = module.tags.tags
 }
 
 module "artillery_deployment" {
@@ -85,4 +93,6 @@ module "artillery_deployment" {
   load_arrival_rate = var.load_arrival_rate
   load_base_url     = module.lambda_deployment.base_url
   load_req_path     = local.load_req_path
+
+  tags = module.tags.tags
 }
diff --git a/testing/tf-modules/artillery_deployment/main.tf b/testing/tf-modules/artillery_deployment/main.tf
index d14729da..27dbbc42 100644
--- a/testing/tf-modules/artillery_deployment/main.tf
+++ b/testing/tf-modules/artillery_deployment/main.tf
@@ -26,9 +26,9 @@ data "aws_ami" "ubuntu" {
 resource "aws_vpc" "artillery" {
   cidr_block = "172.16.0.0/28"
 
-  tags = {
+  tags = merge(var.tags, {
     Name = "${var.resource_prefix}_apm_aws_lambda_artillery"
-  }
+  })
 }
 
 resource "aws_subnet" "artillery" {
@@ -36,17 +36,17 @@ resource "aws_subnet" "artillery" {
   cidr_block              = "172.16.0.0/28"
   map_public_ip_on_launch = true
 
-  tags = {
+  tags = merge(var.tags, {
     Name = "${var.resource_prefix}_apm_aws_lambda_artillery"
-  }
+  })
 }
 
 resource "aws_internet_gateway" "artillery" {
   vpc_id = aws_vpc.artillery.id
 
-  tags = {
+  tags = merge(var.tags, {
     Name = "${var.resource_prefix}_apm_aws_lambda_artillery"
-  }
+  })
 }
 
 resource "aws_route" "artillery" {
@@ -58,6 +58,7 @@ resource "aws_route" "artillery" {
 resource "aws_security_group" "artillery" {
   name   = "${var.resource_prefix}_apm_aws_lambda_artillery"
   vpc_id = aws_vpc.artillery.id
+  tags   = var.tags
   egress = [
     {
       description      = "Allow all egress traffic"
@@ -89,6 +90,7 @@ resource "aws_security_group" "artillery" {
 resource "aws_key_pair" "artillery" {
   key_name   = "${var.resource_prefix}_apm_aws_lambda_artillery"
   public_key = data.tls_public_key.artillery.public_key_openssh
+  tags       = var.tags
 }
 
 resource "aws_instance" "artillery" {
@@ -97,6 +99,7 @@ resource "aws_instance" "artillery" {
   key_name               = aws_key_pair.artillery.key_name
   subnet_id              = aws_subnet.artillery.id
   vpc_security_group_ids = [aws_security_group.artillery.id]
+  tags                   = var.tags
 
   lifecycle {
     ignore_changes = [ami]
diff --git a/testing/tf-modules/artillery_deployment/variables.tf b/testing/tf-modules/artillery_deployment/variables.tf
index 5f4b3945..ab4f6cba 100644
--- a/testing/tf-modules/artillery_deployment/variables.tf
+++ b/testing/tf-modules/artillery_deployment/variables.tf
@@ -9,6 +9,12 @@ variable "machine_type" {
   default     = "t2.medium"
 }
 
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "Optional set of tags to use for all deployments"
+}
+
 variable "load_duration" {
   type        = number
   description = "Duration over which to generate new virtual users"
diff --git a/testing/tf-modules/lambda_deployment/main.tf b/testing/tf-modules/lambda_deployment/main.tf
index d852da6f..bf93c13b 100644
--- a/testing/tf-modules/lambda_deployment/main.tf
+++ b/testing/tf-modules/lambda_deployment/main.tf
@@ -1,5 +1,6 @@
 resource "aws_iam_role" "iam_for_lambda" {
   name = "${var.resource_prefix}_apm_aws_lambda_iam"
+  tags = var.tags
 
   assume_role_policy = <<EOF
 {
@@ -33,6 +34,7 @@ resource "aws_iam_role_policy_attachment" "cw" {
 resource "aws_cloudwatch_log_group" "cw_log_group" {
   name              = "/aws/lambda/${var.lambda_function_name}"
   retention_in_days = 1
+  tags              = var.tags
 }
 
 resource "aws_lambda_function" "test_fn" {
@@ -45,6 +47,7 @@ resource "aws_lambda_function" "test_fn" {
   layers           = [var.custom_lambda_extension_arn == "" ? aws_lambda_layer_version.extn_layer[0].arn : var.custom_lambda_extension_arn]
   timeout          = var.lambda_timeout
   memory_size      = var.lambda_memory_size
+  tags             = var.tags
 
   depends_on = [
     aws_cloudwatch_log_group.cw_log_group,
@@ -63,6 +66,7 @@ resource "aws_apigatewayv2_api" "trigger" {
   name          = var.lambda_function_name
   protocol_type = "HTTP"
   description   = "API Gateway to trigger lambda for testing apm-aws-lambda"
+  tags          = var.tags
 }
 
 resource "aws_apigatewayv2_stage" "trigger" {
@@ -70,6 +74,7 @@ resource "aws_apigatewayv2_stage" "trigger" {
 
   name        = "${var.resource_prefix}_apm-aws-lambda-test-tf"
   auto_deploy = true
+  tags        = var.tags
 }
 
 resource "aws_apigatewayv2_integration" "trigger" {
diff --git a/testing/tf-modules/lambda_deployment/variables.tf b/testing/tf-modules/lambda_deployment/variables.tf
index 33d68a2c..fea79653 100644
--- a/testing/tf-modules/lambda_deployment/variables.tf
+++ b/testing/tf-modules/lambda_deployment/variables.tf
@@ -54,6 +54,12 @@ variable "custom_lambda_extension_arn" {
   default     = ""
 }
 
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "Optional set of tags to use for all deployments"
+}
+
 variable "apm_server_url" {
   type        = string
   description = "APM Server URL for sending the generated load"
diff --git a/tf/main.tf b/tf/main.tf
index c68c701b..5e794f6d 100644
--- a/tf/main.tf
+++ b/tf/main.tf
@@ -2,6 +2,11 @@ provider "aws" {
   region = var.aws_region
 }
 
+module "tags" {
+  source  = "github.com/elastic/apm-server//testing/infra/terraform/modules/tags?depth=1"
+  project = var.user_name
+}
+
 module "ec_deployment" {
   source                 = "github.com/elastic/apm-server//testing/infra/terraform/modules/ec_deployment?depth=1"
   deployment_name_prefix = "apm-aws-lambda-smoke-testing"
@@ -11,6 +16,7 @@ module "ec_deployment" {
   region                 = var.ess_region
   deployment_template    = var.ess_deployment_template
   stack_version          = var.ess_version
+  tags                   = module.tags.tags
 }
 
 module "lambda_function" {
@@ -35,9 +41,9 @@ module "lambda_function" {
     ELASTIC_APM_SECRET_TOKEN      = module.ec_deployment.apm_secret_token
   }
 
-  tags = {
+  tags = merge(module.tags.tags, {
     Name = "my-lambda"
-  }
+  })
 }
 
 module "lambda_layer_local" {
@@ -50,4 +56,6 @@ module "lambda_layer_local" {
   compatible_runtimes = ["nodejs16.x"]
 
   source_path = "../bin/"
+
+  tags = module.tags.tags
 }
diff --git a/tf/variables.tf b/tf/variables.tf
index a3e419c8..8c3c9f8b 100644
--- a/tf/variables.tf
+++ b/tf/variables.tf
@@ -4,6 +4,11 @@ variable "aws_region" {
   default     = "eu-central-1"
 }
 
+variable "user_name" {
+  description = "Required username to use for prefixes"
+  type        = string
+}
+
 variable "log_level" {
   type        = string
   description = "lambda extension log level"

From e635eea3adad264c520b605c761c3a11e9b9b274 Mon Sep 17 00:00:00 2001
From: kruskal <99559985+kruskall@users.noreply.github.com>
Date: Mon, 9 Jan 2023 03:49:37 +0100
Subject: [PATCH 2/3] testing: use aws provider default_tags in benchmarking tf
 script

---
 testing/benchmarking/main.tf | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/testing/benchmarking/main.tf b/testing/benchmarking/main.tf
index 94a5f833..2b0ad57b 100644
--- a/testing/benchmarking/main.tf
+++ b/testing/benchmarking/main.tf
@@ -31,6 +31,9 @@ provider "ec" {}
 
 provider "aws" {
   region = var.aws_region
+  default_tags {
+    tags = module.tags.tags
+  }
 }
 
 module "tags" {
@@ -74,8 +77,6 @@ module "lambda_deployment" {
 
   apm_server_url   = module.ec_deployment.apm_url
   apm_secret_token = module.ec_deployment.apm_secret_token
-
-  tags = module.tags.tags
 }
 
 module "artillery_deployment" {
@@ -93,6 +94,4 @@ module "artillery_deployment" {
   load_arrival_rate = var.load_arrival_rate
   load_base_url     = module.lambda_deployment.base_url
   load_req_path     = local.load_req_path
-
-  tags = module.tags.tags
 }

From 61ce9b7f559ab70c0a814ed94682fe056d0e857f Mon Sep 17 00:00:00 2001
From: kruskal <99559985+kruskall@users.noreply.github.com>
Date: Mon, 9 Jan 2023 04:05:28 +0100
Subject: [PATCH 3/3] testing: remove tags support from tf-modules

---
 testing/tf-modules/artillery_deployment/main.tf   | 15 ++++++---------
 .../tf-modules/artillery_deployment/variables.tf  |  6 ------
 testing/tf-modules/lambda_deployment/main.tf      |  5 -----
 testing/tf-modules/lambda_deployment/variables.tf |  6 ------
 4 files changed, 6 insertions(+), 26 deletions(-)

diff --git a/testing/tf-modules/artillery_deployment/main.tf b/testing/tf-modules/artillery_deployment/main.tf
index 27dbbc42..d14729da 100644
--- a/testing/tf-modules/artillery_deployment/main.tf
+++ b/testing/tf-modules/artillery_deployment/main.tf
@@ -26,9 +26,9 @@ data "aws_ami" "ubuntu" {
 resource "aws_vpc" "artillery" {
   cidr_block = "172.16.0.0/28"
 
-  tags = merge(var.tags, {
+  tags = {
     Name = "${var.resource_prefix}_apm_aws_lambda_artillery"
-  })
+  }
 }
 
 resource "aws_subnet" "artillery" {
@@ -36,17 +36,17 @@ resource "aws_subnet" "artillery" {
   cidr_block              = "172.16.0.0/28"
   map_public_ip_on_launch = true
 
-  tags = merge(var.tags, {
+  tags = {
     Name = "${var.resource_prefix}_apm_aws_lambda_artillery"
-  })
+  }
 }
 
 resource "aws_internet_gateway" "artillery" {
   vpc_id = aws_vpc.artillery.id
 
-  tags = merge(var.tags, {
+  tags = {
     Name = "${var.resource_prefix}_apm_aws_lambda_artillery"
-  })
+  }
 }
 
 resource "aws_route" "artillery" {
@@ -58,7 +58,6 @@ resource "aws_route" "artillery" {
 resource "aws_security_group" "artillery" {
   name   = "${var.resource_prefix}_apm_aws_lambda_artillery"
   vpc_id = aws_vpc.artillery.id
-  tags   = var.tags
   egress = [
     {
       description      = "Allow all egress traffic"
@@ -90,7 +89,6 @@ resource "aws_security_group" "artillery" {
 resource "aws_key_pair" "artillery" {
   key_name   = "${var.resource_prefix}_apm_aws_lambda_artillery"
   public_key = data.tls_public_key.artillery.public_key_openssh
-  tags       = var.tags
 }
 
 resource "aws_instance" "artillery" {
@@ -99,7 +97,6 @@ resource "aws_instance" "artillery" {
   key_name               = aws_key_pair.artillery.key_name
   subnet_id              = aws_subnet.artillery.id
   vpc_security_group_ids = [aws_security_group.artillery.id]
-  tags                   = var.tags
 
   lifecycle {
     ignore_changes = [ami]
diff --git a/testing/tf-modules/artillery_deployment/variables.tf b/testing/tf-modules/artillery_deployment/variables.tf
index ab4f6cba..5f4b3945 100644
--- a/testing/tf-modules/artillery_deployment/variables.tf
+++ b/testing/tf-modules/artillery_deployment/variables.tf
@@ -9,12 +9,6 @@ variable "machine_type" {
   default     = "t2.medium"
 }
 
-variable "tags" {
-  type        = map(string)
-  default     = {}
-  description = "Optional set of tags to use for all deployments"
-}
-
 variable "load_duration" {
   type        = number
   description = "Duration over which to generate new virtual users"
diff --git a/testing/tf-modules/lambda_deployment/main.tf b/testing/tf-modules/lambda_deployment/main.tf
index bf93c13b..d852da6f 100644
--- a/testing/tf-modules/lambda_deployment/main.tf
+++ b/testing/tf-modules/lambda_deployment/main.tf
@@ -1,6 +1,5 @@
 resource "aws_iam_role" "iam_for_lambda" {
   name = "${var.resource_prefix}_apm_aws_lambda_iam"
-  tags = var.tags
 
   assume_role_policy = <<EOF
 {
@@ -34,7 +33,6 @@ resource "aws_iam_role_policy_attachment" "cw" {
 resource "aws_cloudwatch_log_group" "cw_log_group" {
   name              = "/aws/lambda/${var.lambda_function_name}"
   retention_in_days = 1
-  tags              = var.tags
 }
 
 resource "aws_lambda_function" "test_fn" {
@@ -47,7 +45,6 @@ resource "aws_lambda_function" "test_fn" {
   layers           = [var.custom_lambda_extension_arn == "" ? aws_lambda_layer_version.extn_layer[0].arn : var.custom_lambda_extension_arn]
   timeout          = var.lambda_timeout
   memory_size      = var.lambda_memory_size
-  tags             = var.tags
 
   depends_on = [
     aws_cloudwatch_log_group.cw_log_group,
@@ -66,7 +63,6 @@ resource "aws_apigatewayv2_api" "trigger" {
   name          = var.lambda_function_name
   protocol_type = "HTTP"
   description   = "API Gateway to trigger lambda for testing apm-aws-lambda"
-  tags          = var.tags
 }
 
 resource "aws_apigatewayv2_stage" "trigger" {
@@ -74,7 +70,6 @@ resource "aws_apigatewayv2_stage" "trigger" {
 
   name        = "${var.resource_prefix}_apm-aws-lambda-test-tf"
   auto_deploy = true
-  tags        = var.tags
 }
 
 resource "aws_apigatewayv2_integration" "trigger" {
diff --git a/testing/tf-modules/lambda_deployment/variables.tf b/testing/tf-modules/lambda_deployment/variables.tf
index fea79653..33d68a2c 100644
--- a/testing/tf-modules/lambda_deployment/variables.tf
+++ b/testing/tf-modules/lambda_deployment/variables.tf
@@ -54,12 +54,6 @@ variable "custom_lambda_extension_arn" {
   default     = ""
 }
 
-variable "tags" {
-  type        = map(string)
-  default     = {}
-  description = "Optional set of tags to use for all deployments"
-}
-
 variable "apm_server_url" {
   type        = string
   description = "APM Server URL for sending the generated load"