Add tags to S3 Bucket

This GitHub action allows you to add tags to an S3 Bucket via Port Actions with ease.

Available Github Integrations

This guide includes one or more steps that require integration with GitHub.
Port supports two GitHub integrations:

GitHub (Legacy) - uses a GitHub app, which is soon to be deprecated.
GitHub (Ocean) - uses the Ocean framework, recommended for new integrations.

Both integration options are present in this guide via tabs, choose the one that fits your needs.

Prerequisites

AWS Access Key and Secret Key pair. Follow AWS guide on creating access keys to create one for your account.
AWS AmazonS3FullAccess policy should be enabled on the account to enable necessary permissions to carry out the action.

GitHub (Legacy)
GitHub (Ocean)

Install Port's GitHub app.

Steps

Create the following GitHub action secrets:

AWS_REGION - The region where S3 buckets are located. Available regions can be found on the Regions, Availability Zones, and Local Zones page in AWS documentation.
AWS_ACCESS_KEY_ID - AWS Access Key
AWS_SECRET_ACCESS_KEY - AWS Secret Key, also gotten from the access key creation
PORT_CLIENT_ID - Port Client ID learn more
PORT_CLIENT_SECRET - Port Client Secret learn more

Create an AWS S3 Bucket blueprint in Port using the blueprint below:

Ingest AWS Resources

Use our AWS exporter to ingest different kinds of resources from your AWS account. For instance, leverage it to automatically generate the S3 blueprint and import all existing buckets within your AWS account.

S3 Bucket Blueprint

{
  "identifier": "s3_bucket",
  "description": "",
  "title": "S3 Bucket",
  "icon": "Bucket",
  "schema": {
    "properties": {
      "arn": {
        "type": "string",
        "title": "ARN"
      },
      "encryption": {
        "type": "array",
        "title": "Encryption"
      },
      "lifecycleRules": {
        "type": "array",
        "title": "Lifecycle Rules"
      },
      "link": {
        "type": "string",
        "title": "Link",
        "format": "url"
      },
      "publicAccess": {
        "type": "object",
        "title": "Public Access"
      },
      "regionalDomainName": {
        "type": "string",
        "title": "Regional Domain Name"
      },
      "tags": {
        "type": "array",
        "title": "Tags"
      },
      "versioningStatus": {
        "type": "string",
        "title": "Versioning Status",
        "enum": ["Enabled", "Suspended"]
      }
    },
    "required": []
  },
  "mirrorProperties": {},
  "calculationProperties": {},
  "aggregationProperties": {},
  "relations": {}
}

After creating the blueprint, create the following action with the following JSON file on the s3_bucket blueprint:

GitHub (Legacy)
GitHub (Ocean)

Port Action: Add Tags to S3 Bucket

Modification required

<GITHUB-ORG> - your GitHub organization or user name.
<GITHUB-REPO-NAME> - your GitHub repository name.

{
  "identifier": "add_tags_to_s3_bucket",
  "title": "Add Tags to S3 Bucket",
  "icon": "AWS",
  "description": "Add tags to an S3 bucket",
  "trigger": {
    "type": "self-service",
    "operation": "DAY-2",
    "userInputs": {
      "properties": {
        "tags": {
          "icon": "DefaultProperty",
          "title": "Tags",
          "type": "object",
          "description": "Tags should be in key-value pairs like so: {\"key\": \"value\"}"
        }
      },
      "required": ["tags"],
      "order": ["tags"]
    },
    "blueprintIdentifier": "s3_bucket"
  },
  "invocationMethod": {
    "type": "GITHUB",
    "org": "<GITHUB-ORG>",
    "repo": "<GITHUB-REPO-NAME>",
    "workflow": "add-tags-to-s3-bucket.yml",
    "workflowInputs": {
      "tags": "{{ .inputs.tags }}",
      "port_context": {
        "entity": "{{ .entity }}",
        "blueprint": "{{ .action.blueprint }}",
        "runId": "{{ .run.id }}",
        "trigger": "{{ .trigger }}"
      }
    },
    "reportWorkflowStatus": true
  },
  "requiredApproval": false
}

Port Action: Add Tags to S3 Bucket

Replace the variables

<GITHUB-ORG> - your GitHub organization or user name.
<GITHUB-REPO-NAME> - your GitHub repository name.
<YOUR_GITHUB_OCEAN_INTEGRATION_ID> - your GitHub Ocean integration installation ID.

{
  "identifier": "add_tags_to_s3_bucket",
  "title": "Add Tags to S3 Bucket",
  "icon": "AWS",
  "description": "Add tags to an S3 bucket",
  "trigger": {
    "type": "self-service",
    "operation": "DAY-2",
    "userInputs": {
      "properties": {
        "tags": {
          "icon": "DefaultProperty",
          "title": "Tags",
          "type": "object",
          "description": "Tags should be in key-value pairs like so: {\"key\": \"value\"}"
        }
      },
      "required": ["tags"],
      "order": ["tags"]
    },
    "blueprintIdentifier": "s3_bucket"
  },
  "invocationMethod": {
    "type": "INTEGRATION_ACTION",
    "installationId": "<YOUR_GITHUB_OCEAN_INTEGRATION_ID>",
    "integrationActionType": "dispatch_workflow",
    "integrationActionExecutionProperties": {
      "org": "<GITHUB-ORG>",
      "repo": "<GITHUB-REPO-NAME>",
      "workflow": "add-tags-to-s3-bucket.yml",
      "workflowInputs": {
        "tags": "{{ .inputs.tags }}",
        "port_context": {
          "entity": "{{ .entity }}",
          "blueprint": "{{ .action.blueprint }}",
          "runId": "{{ .run.id }}",
          "trigger": "{{ .trigger }}"
        }
      },
      "reportWorkflowStatus": true
    }
  },
  "requiredApproval": false
}

Create a workflow file under .github/workflows/add-tags-to-s3-bucket.yml with the content below:

Add Tags to S3 Bucket Workflow (Click to expand)

name: Add Tags to S3 Bucket

on:
  workflow_dispatch:
    inputs:
      tags: # json object
        required: true
        type: string
      port_context:
        required: true
        type: string

jobs:
  tag-s3-bucket:
    runs-on: ubuntu-latest
    steps:
      - name: Inform starting of action
        uses: port-labs/port-github-action@v1
        with:
          clientId: ${{ secrets.PORT_CLIENT_ID }}
          clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
          operation: PATCH_RUN
          runId: ${{ fromJson(inputs.port_context).runId }}
          logMessage: |
            Starting a GitHub workflow to tag the AWS resource: ${{fromJson(inputs.port_context).entity.identifier}} ... ⛴️

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        if: always()
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Add Tags to S3 Bucket
        env:
          BUCKET_NAME: ${{ fromJson(inputs.port_context).entity.identifier }}
          TAGS_JSON: ${{ github.event.inputs.tags }}
        run: |
          # Extract key-value pairs from the JSON object
          # {
          #   "env": "test",
          #   "team": "beta"
          # }

          TAGS=$(echo "${TAGS_JSON}" | jq -r 'to_entries | map("\(.key)=\(.value)") | join(" ")')

          aws s3api put-bucket-tagging \
            --bucket ${BUCKET_NAME} \
            --tagging "TagSet=${TAGS}"

      - name: Create a log message
        uses: port-labs/port-github-action@v1
        with:
          clientId: ${{ secrets.PORT_CLIENT_ID }}
          clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
          baseUrl: https://api.port.io
          operation: PATCH_RUN
          runId: ${{fromJson(inputs.port_context).runId}}
          logMessage: Added tags to ${{fromJson(inputs.port_context).entity.identifier}}

Trigger the action from Port's self-service page.

Done 🎉 You've tagged your S3 Bucket for the first time from Port!

Prerequisites​

Steps​

Prerequisites

Steps