How to define default tags with pulumi aws provider

Question

What is the correct way to define default tags so that they are applied to all AWS resources in my stack? I have the following provider config, but none of my resources are actually tagged:

config:
  aws:defaultTags:
    tags:
      key1: value1
      key2: value2
  aws:region: us-west-1

Versions:

@pulumi/[email protected]
@pulumi/[email protected]

Answer 1

Answering my own question after a few hours of trial and error. Based on the sample config in the question:

• Default tags are applied to new resources
• Default tags are applied to resources that are being updated
• Default tags are NOT automatically applied to all existing resources
• Default tags do NOT show up in any scenario during pulumi preview --diff

Answer 2

This policy pack is configurable so that you can enforce arbitrary tags without needing to change the pack’s code, making it reusable. For the CLI scenario, we will create a policy-config.json file that specifies the same three required tags shown above:

    {
    "all": "mandatory",
    "check-required-tags": {
        "requiredTags": [
            "user:Project",
            "user:Stack",
            "user:Cost Center"
        ]
    }
}

Default tags

tags
{[key: string]: string}

read more- https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/