diff --git a/CHANGELOG.md b/CHANGELOG.md
index e410e64..59d7256 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -467,3 +467,7 @@
- add variables:
- enable_tgw_attachment (for firewall tables, to not attach the TGW which is only for attachment)
- add output for self and peer attachment ids
+
+* 2.11.8 -- 2025-04-11
+ - vpc-interface-endpoint
+ - add finops_ tagging of network interface if finops_ tags are present in var.tags
diff --git a/common/version.tf b/common/version.tf
index 08f45a4..0d054e1 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,5 +1,5 @@
locals {
- _module_version = "2.11.7"
+ _module_version = "2.11.8"
_module_names = {
"_main_" = "aws-vpc-setup"
diff --git a/vpc-interface-endpoint/README.md b/vpc-interface-endpoint/README.md
index 407e58f..5990d14 100644
--- a/vpc-interface-endpoint/README.md
+++ b/vpc-interface-endpoint/README.md
@@ -209,6 +209,7 @@ These are not included in the module because they don't exist until the resource
| Name | Type |
|------|------|
+| [aws_ec2_tag.vpce_interface](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
| [aws_route53_record.vpce](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.vpce_heritage_txt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.vpce_info_txt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
@@ -244,7 +245,7 @@ These are not included in the module because they don't exist until the resource
| [service](#input\_service) | VPC Endpoint service name ({name} or long name com.amazonaws.{region}.{name} | `string` | n/a | yes |
| [subnet\_ids](#input\_subnet\_ids) | VPC Subnet ID List | `list(string)` | `[]` | no |
| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
-| [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
+| [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod, inpection) | `string` | `null` | no |
| [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no |
| [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes |
| [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no |
diff --git a/vpc-interface-endpoint/route53.tf b/vpc-interface-endpoint/route53.tf
index 7b97861..13d96eb 100644
--- a/vpc-interface-endpoint/route53.tf
+++ b/vpc-interface-endpoint/route53.tf
@@ -68,6 +68,25 @@ data "aws_network_interface" "vpce" {
id = each.key
}
+# tag this here because we cannot tag an interface automatically with the creation of the vpce
+# assume finops_ tags passed in, and update the role add the vpce name
+# only do the finops_ tags at this point
+locals {
+ vpce_interface_tags = [for p in setproduct(keys(data.aws_network_interface.vpce), keys(var.tags)) : {
+ label = format("%v:%v", p[0], p[1])
+ interface_id = p[0]
+ tag_key = p[1]
+ tag_value = var.tags[p[1]]
+ } if startswith(p[1], "finops_")]
+}
+
+resource "aws_ec2_tag" "vpce_interface" {
+ for_each = { for x in local.vpce_interface_tags : x.label => x }
+ resource_id = each.value.interface_id
+ key = each.value.tag_key
+ value = each.value.tag_key == "finops_project_role" ? format("%v/%v", each.value.tag_value, replace(local.short_service, ".", "_")) : each.value.tag_value
+}
+
## govcloud does not support aliases
## resource "aws_route53_record" "vpce_kms_alias" {
## for_each = module.vpce_kms