Hello! My org is reviewing your plans to decide what might work best for us. Right now I'm looking into issues we're seeing with tagging policies through terraform. I saw in this post that the actual AWS provider is now supported, but I'm seeing some interesting behaviors. Specifically it appears to collect tags properly if we either set them via text or a variable/local value. ex in some cases we do this and it works:

locals {
  tags = {
    App         = "${<http://var.app|var.app>}"
    ManagedBy   = "Terraform"
    TfSource    = "<repo>"
    Environment = "${var.aws_env}"
  }
}

provider "aws" {
  default_tags {
    tags = merge(var.snowflake_tags, local.tags)
  }
}

However in a lot of cases we populate environment via a data lookup and the Tagging Policy is showing the values as empty. The resources are being made with the correct tags, however it feels like the infracost poll is not interpreting the values. ex:

locals {
  tags = {
    App         = "${<http://var.app|var.app>}"
    ManagedBy   = "Terraform"
    TfSource    = "<repo>"
    Environment = module.account_lookup[var.aws_env].data.env_tag
  }
}

provider "aws" {
  default_tags {
    tags = merge(var.snowflake_tags, local.tags)
  }
}

This creates a huge issue for us from a usability/governance/review perspective. Which is fine if we can't use these features, it just seems like something that could or should work.

Hey @acceptable-kilobyte-27376 do you have a link to the run in Infracost Cloud that shows the issue? That’ll help us find context of your tagging policy and the CLI logs (assuming you’re using the GH/GL App). Feel free to DM it to me if you prefer that - we’ll take a look early next week 🙂