From 8bfb1b9ac3ce59d27f5fc0dadeecb683d05105ed Mon Sep 17 00:00:00 2001
From: miguelhar <98769216+miguelhar@users.noreply.github.com>
Date: Mon, 22 Jan 2024 17:22:23 -0500
Subject: [PATCH] ignore duration tag (#201)

---
 examples/deploy/terraform/cluster/main.tf    | 10 +++++++++-
 examples/deploy/terraform/infra/README.md    |  1 +
 examples/deploy/terraform/infra/main.tf      |  5 +++++
 examples/deploy/terraform/infra/variables.tf |  6 ++++++
 examples/deploy/terraform/nodes/main.tf      |  1 +
 modules/eks/README.md                        |  1 +
 modules/eks/variables.tf                     |  6 ++++++
 modules/eks/versions.tf                      |  6 ++++++
 modules/iam-bootstrap/README.md              |  1 +
 modules/iam-bootstrap/variables.tf           |  6 ++++++
 modules/iam-bootstrap/versions.tf            |  3 +++
 modules/infra/README.md                      |  2 ++
 modules/infra/main.tf                        |  3 +++
 modules/infra/outputs.tf                     |  5 +++++
 modules/infra/variables.tf                   |  6 ++++++
 modules/infra/versions.tf                    |  3 +++
 modules/nodes/README.md                      |  1 +
 modules/nodes/variables.tf                   |  6 ++++++
 modules/nodes/versions.tf                    |  3 +++
 tests/deploy/infra-ci.tfvars.tftpl           |  2 ++
 tests/deploy/single-node/README.md           |  1 +
 tests/deploy/single-node/variables.tf        |  7 +++++++
 tests/deploy/single-node/versions.tf         |  3 +++
 tests/plan/create-kms-key/README.md          |  1 +
 tests/plan/create-kms-key/variables.tf       |  6 ++++++
 tests/plan/create-kms-key/versions.tf        |  6 ++++++
 tests/plan/terraform/README.md               |  1 +
 tests/plan/terraform/variables.tf            |  6 ++++++
 tests/plan/terraform/versions.tf             |  3 +++
 29 files changed, 110 insertions(+), 1 deletion(-)

diff --git a/examples/deploy/terraform/cluster/main.tf b/examples/deploy/terraform/cluster/main.tf
index e86e0146..cb35f2a0 100644
--- a/examples/deploy/terraform/cluster/main.tf
+++ b/examples/deploy/terraform/cluster/main.tf
@@ -25,7 +25,9 @@ module "eks" {
   bastion_info        = local.infra.bastion
   create_eks_role_arn = local.infra.create_eks_role_arn
   tags                = local.infra.tags
+  ignore_tags         = local.infra.ignore_tags
 }
+
 data "aws_caller_identity" "global" {
   provider = aws.global
 }
@@ -67,11 +69,17 @@ module "irsa_policies" {
 # by specifying the profile belonging to the account pertaining to the hosted zone.
 provider "aws" {
   alias = "global"
-  # profile = << profile with credentials to account where the hosted zone resides>>
+  # profile = "global"
+  ignore_tags {
+    keys = local.infra.ignore_tags
+  }
 }
 
 provider "aws" {
   region = local.infra.region
+  ignore_tags {
+    keys = local.infra.ignore_tags
+  }
 }
 terraform {
   required_version = ">= 1.4.0"
diff --git a/examples/deploy/terraform/infra/README.md b/examples/deploy/terraform/infra/README.md
index 840aa8bc..7d8eb0cc 100644
--- a/examples/deploy/terraform/infra/README.md
+++ b/examples/deploy/terraform/infra/README.md
@@ -31,6 +31,7 @@ No resources.
 | <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string))<br>          gpu  = optional(bool)<br>          volume = optional(object({<br>            size = optional(number)<br>            type = optional(string)<br>          }))<br>      })<br>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | n/a | yes |
 | <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string)<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string)<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string)<br>      path       = optional(string)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool)<br>      cidrs   = optional(list(string))<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })))<br>    master_role_names  = optional(list(string))<br>    cluster_addons     = optional(list(string))<br>    ssm_log_group_name = optional(string)<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string)<br>      groups_prefix                 = optional(string)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string)<br>      required_claims               = optional(string)<br>      username_claim                = optional(string)<br>      username_prefix               = optional(string)<br>    })))<br>  })</pre> | `{}` | no |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br>    key\_id  = optional(string, null) | <pre>object({<br>    enabled = optional(bool)<br>    key_id  = optional(string)<br>  })</pre> | n/a | yes |
 | <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
diff --git a/examples/deploy/terraform/infra/main.tf b/examples/deploy/terraform/infra/main.tf
index 04145498..814f95b7 100644
--- a/examples/deploy/terraform/infra/main.tf
+++ b/examples/deploy/terraform/infra/main.tf
@@ -15,11 +15,16 @@ module "infra" {
   route53_hosted_zone_private = var.route53_hosted_zone_private
   ssh_pvt_key_path            = var.ssh_pvt_key_path
   tags                        = var.tags
+  ignore_tags                 = var.ignore_tags
 }
 
 
 provider "aws" {
   region = var.region
+
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
 
 terraform {
diff --git a/examples/deploy/terraform/infra/variables.tf b/examples/deploy/terraform/infra/variables.tf
index 83a8d25d..d32c7108 100644
--- a/examples/deploy/terraform/infra/variables.tf
+++ b/examples/deploy/terraform/infra/variables.tf
@@ -13,6 +13,12 @@ variable "tags" {
   type        = map(string)
 }
 
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
+
 variable "network" {
   description = <<EOF
     vpc = {
diff --git a/examples/deploy/terraform/nodes/main.tf b/examples/deploy/terraform/nodes/main.tf
index 541f0eae..3d4248ba 100644
--- a/examples/deploy/terraform/nodes/main.tf
+++ b/examples/deploy/terraform/nodes/main.tf
@@ -33,6 +33,7 @@ module "nodes" {
   network_info           = local.infra.network
   kms_info               = local.infra.kms
   tags                   = local.infra.tags
+  ignore_tags            = local.infra.ignore_tags
 }
 
 terraform {
diff --git a/modules/eks/README.md b/modules/eks/README.md
index 1a880993..c3e79315 100644
--- a/modules/eks/README.md
+++ b/modules/eks/README.md
@@ -74,6 +74,7 @@
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
 | <a name="input_efs_security_group"></a> [efs\_security\_group](#input\_efs\_security\_group) | Security Group ID for EFS | `string` | n/a | yes |
 | <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn = string<br>      username = string<br>      groups = list(string)<br>    }<br>    master\_role\_names = IAM role names to be added as masters in eks.<br>    cluster\_addons = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string, "172.20.0.0/16")<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string, "1.27")<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool, false)<br>      annotate_pod_ip   = optional(bool, true)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(string, null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
 | <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      pod = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>    })<br>    vpc_cidrs = string<br>  })</pre> | n/a | yes |
 | <a name="input_node_iam_policies"></a> [node\_iam\_policies](#input\_node\_iam\_policies) | Additional IAM Policy Arns for Nodes | `list(string)` | n/a | yes |
diff --git a/modules/eks/variables.tf b/modules/eks/variables.tf
index f07dd913..50c18aca 100644
--- a/modules/eks/variables.tf
+++ b/modules/eks/variables.tf
@@ -208,6 +208,12 @@ variable "tags" {
   default     = {}
 }
 
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
+
 variable "privatelink" {
   description = <<EOF
     {
diff --git a/modules/eks/versions.tf b/modules/eks/versions.tf
index 926c3e2c..646b3db0 100644
--- a/modules/eks/versions.tf
+++ b/modules/eks/versions.tf
@@ -23,6 +23,9 @@ provider "aws" {
   default_tags {
     tags = var.tags
   }
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
 
 provider "aws" {
@@ -31,6 +34,9 @@ provider "aws" {
   default_tags {
     tags = var.tags
   }
+  ignore_tags {
+    keys = var.ignore_tags
+  }
   assume_role {
     role_arn = var.create_eks_role_arn
   }
diff --git a/modules/iam-bootstrap/README.md b/modules/iam-bootstrap/README.md
index 54720585..edf3ea13 100644
--- a/modules/iam-bootstrap/README.md
+++ b/modules/iam-bootstrap/README.md
@@ -33,6 +33,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
 | <a name="input_iam_policy_paths"></a> [iam\_policy\_paths](#input\_iam\_policy\_paths) | IAM policies to provision and use for deployment role, can be terraform templates | `list(any)` | `[]` | no |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_max_session_duration"></a> [max\_session\_duration](#input\_max\_session\_duration) | Maximum session duration for role in seconds | `number` | `43200` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_template_config"></a> [template\_config](#input\_template\_config) | Variables to use for any templating in the IAM policies. AWS account ID (as 'account\_id'), deploy\_id, region and partition are automatically included. | `map(any)` | `{}` | no |
diff --git a/modules/iam-bootstrap/variables.tf b/modules/iam-bootstrap/variables.tf
index 14b0c334..a27b64d7 100644
--- a/modules/iam-bootstrap/variables.tf
+++ b/modules/iam-bootstrap/variables.tf
@@ -35,3 +35,9 @@ variable "max_session_duration" {
   description = "Maximum session duration for role in seconds"
   default     = 43200
 }
+
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
diff --git a/modules/iam-bootstrap/versions.tf b/modules/iam-bootstrap/versions.tf
index 9bf36d8d..858de3dd 100644
--- a/modules/iam-bootstrap/versions.tf
+++ b/modules/iam-bootstrap/versions.tf
@@ -10,4 +10,7 @@ terraform {
 
 provider "aws" {
   region = var.region
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
diff --git a/modules/infra/README.md b/modules/infra/README.md
index 07b359ea..3afaf152 100644
--- a/modules/infra/README.md
+++ b/modules/infra/README.md
@@ -62,6 +62,7 @@
 | <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br>    provision_cost_usage_report = optional(bool, false)<br>  })</pre> | `{}` | no |
 | <a name="input_eks"></a> [eks](#input\_eks) | creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string, "1.27")<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(string, null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), [])<br>  })</pre> | `{}` | no |
 | <a name="input_flyte"></a> [flyte](#input\_flyte) | enabled = Whether to provision any Flyte related resources | <pre>object({<br>    enabled = optional(bool, false)<br>  })</pre> | `{}` | no |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_kms"></a> [kms](#input\_kms) | enabled             = "Toggle, if set use either the specified KMS key\_id or a Domino-generated one"<br>    key\_id              = optional(string, null)<br>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br>    enabled             = optional(bool, true)<br>    key_id              = optional(string, null)<br>    additional_policies = optional(list(string), [])<br>  })</pre> | `{}` | no |
 | <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
@@ -85,6 +86,7 @@
 | <a name="output_efs_security_group"></a> [efs\_security\_group](#output\_efs\_security\_group) | Security Group ID for EFS |
 | <a name="output_eks"></a> [eks](#output\_eks) | EKS variables. |
 | <a name="output_hostname"></a> [hostname](#output\_hostname) | Domino instance URL. |
+| <a name="output_ignore_tags"></a> [ignore\_tags](#output\_ignore\_tags) | Tags to be ignored by the aws provider |
 | <a name="output_kms"></a> [kms](#output\_kms) | KMS key details, if enabled. |
 | <a name="output_monitoring_bucket"></a> [monitoring\_bucket](#output\_monitoring\_bucket) | Monitoring Bucket |
 | <a name="output_network"></a> [network](#output\_network) | Network details. |
diff --git a/modules/infra/main.tf b/modules/infra/main.tf
index d5f94ab2..54563a13 100644
--- a/modules/infra/main.tf
+++ b/modules/infra/main.tf
@@ -108,4 +108,7 @@ provider "aws" {
   default_tags {
     tags = var.tags
   }
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
diff --git a/modules/infra/outputs.tf b/modules/infra/outputs.tf
index dd7f610f..a539cab7 100644
--- a/modules/infra/outputs.tf
+++ b/modules/infra/outputs.tf
@@ -37,6 +37,11 @@ output "deploy_id" {
   value       = var.deploy_id
 }
 
+output "ignore_tags" {
+  description = "Tags to be ignored by the aws provider"
+  value       = var.ignore_tags
+}
+
 output "region" {
   description = "Deployment Region."
   value       = var.region
diff --git a/modules/infra/variables.tf b/modules/infra/variables.tf
index 47473126..4cbdcbb6 100644
--- a/modules/infra/variables.tf
+++ b/modules/infra/variables.tf
@@ -48,6 +48,12 @@ variable "tags" {
   default     = {}
 }
 
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
+
 variable "ssh_pvt_key_path" {
   type        = string
   description = "SSH private key filepath."
diff --git a/modules/infra/versions.tf b/modules/infra/versions.tf
index 4e5c45ab..26e0e9c0 100644
--- a/modules/infra/versions.tf
+++ b/modules/infra/versions.tf
@@ -25,4 +25,7 @@ provider "aws" {
   default_tags {
     tags = var.tags
   }
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
diff --git a/modules/nodes/README.md b/modules/nodes/README.md
index 84641295..048c5dce 100644
--- a/modules/nodes/README.md
+++ b/modules/nodes/README.md
@@ -45,6 +45,7 @@ No modules.
 | <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br>    ami                        = optional(string, null)<br>    bootstrap_extra_args       = optional(string, "")<br>    instance_types             = list(string)<br>    spot                       = optional(bool, false)<br>    min_per_az                 = number<br>    max_per_az                 = number<br>    max_unavailable_percentage = optional(number, 50)<br>    max_unavailable            = optional(number)<br>    desired_per_az             = number<br>    availability_zone_ids      = list(string)<br>    labels                     = map(string)<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    tags = optional(map(string), {})<br>    gpu  = optional(bool, null)<br>    volume = object({<br>      size = string<br>      type = string<br>    })<br>  }))</pre> | `{}` | no |
 | <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      })<br>  })</pre> | n/a | yes |
 | <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br>      addons            = List of addons<br>      specs             = Cluster spes. {<br>        name                      = Cluster name.<br>        endpoint                  = Cluster endpont.<br>        kubernetes\_network\_config = Cluster k8s nw config.<br>      }<br>      version           = K8s version.<br>      arn               = EKS Cluster arn.<br>      security\_group\_id = EKS Cluster security group id.<br>      endpoint          = EKS Cluster API endpoint.<br>      roles             = Default IAM Roles associated with the EKS cluster. {<br>        name = string<br>        arn = string<br>      }<br>      custom\_roles      = Custom IAM Roles associated with the EKS cluster. {<br>        rolearn  = string<br>        username = string<br>        groups   = list(string)<br>      }<br>      oidc = {<br>        arn = OIDC provider ARN.<br>        url = OIDC provider url.<br>      }<br>    }<br>    nodes = {<br>      security\_group\_id = EKS Nodes security group id.<br>      roles = IAM Roles associated with the EKS Nodes.{<br>        name = string<br>        arn  = string<br>      }<br>    }<br>    kubeconfig = Kubeconfig details.{<br>      path       = string<br>      extra\_args = string<br>    } | <pre>object({<br>    k8s_pre_setup_sh_file = string<br>    cluster = object({<br>      addons = list(string)<br>      specs = object({<br>        name                      = string<br>        endpoint                  = string<br>        kubernetes_network_config = list(map(any))<br>        certificate_authority     = list(map(any))<br>      })<br>      version           = string<br>      arn               = string<br>      security_group_id = string<br>      endpoint          = string<br>      roles = list(object({<br>        name = string<br>        arn  = string<br>      }))<br>      custom_roles = list(object({<br>        rolearn  = string<br>        username = string<br>        groups   = list(string)<br>      }))<br>      oidc = object({<br>        arn = string<br>        url = string<br>      })<br>    })<br>    nodes = object({<br>      security_group_id = string<br>      roles = list(object({<br>        name = string<br>        arn  = string<br>      }))<br>    })<br>    kubeconfig = object({<br>      path       = string<br>      extra_args = string<br>    })<br>  })</pre> | n/a | yes |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
 | <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>      pod = optional(list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      })), [])<br>    })<br>  })</pre> | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
diff --git a/modules/nodes/variables.tf b/modules/nodes/variables.tf
index 6b15801b..e2d55776 100644
--- a/modules/nodes/variables.tf
+++ b/modules/nodes/variables.tf
@@ -286,6 +286,12 @@ variable "tags" {
   default     = {}
 }
 
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
+
 variable "region" {
   type        = string
   description = "AWS region for the deployment"
diff --git a/modules/nodes/versions.tf b/modules/nodes/versions.tf
index 872e5e4e..9afebe43 100644
--- a/modules/nodes/versions.tf
+++ b/modules/nodes/versions.tf
@@ -22,4 +22,7 @@ provider "aws" {
   default_tags {
     tags = var.tags
   }
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
diff --git a/tests/deploy/infra-ci.tfvars.tftpl b/tests/deploy/infra-ci.tfvars.tftpl
index e68bccb1..f2181eb5 100644
--- a/tests/deploy/infra-ci.tfvars.tftpl
+++ b/tests/deploy/infra-ci.tfvars.tftpl
@@ -67,3 +67,5 @@ tags = {
   CIRCLE_REPOSITORY_URL = "${CIRCLE_REPOSITORY_URL}"
   CIRCLE_BUILD_NUM      = "${CIRCLE_BUILD_NUM}"
 }
+
+ignore_tag_keys = ["my-ignored-tag"]
diff --git a/tests/deploy/single-node/README.md b/tests/deploy/single-node/README.md
index 6176a3d4..870cce4e 100644
--- a/tests/deploy/single-node/README.md
+++ b/tests/deploy/single-node/README.md
@@ -32,6 +32,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_single_node"></a> [single\_node](#input\_single\_node) | Additional EKS managed node groups definition. | <pre>object({<br>    name                 = optional(string, "single-node")<br>    bootstrap_extra_args = optional(string, "")<br>    ami = optional(object({<br>      name_prefix = optional(string, null)<br>      owner       = optional(string, null)<br><br>    }))<br>    instance_type            = optional(string, "m5.2xlarge")<br>    authorized_ssh_ip_ranges = optional(list(string), ["0.0.0.0/0"])<br>    labels                   = optional(map(string))<br>    taints = optional(list(object({<br>      key    = string<br>      value  = optional(string)<br>      effect = string<br>    })), [])<br>    volume = optional(object({<br>      size = optional(number, 1000)<br>      type = optional(string, "gp3")<br>    }), {})<br>  })</pre> | `{}` | no |
 
 ## Outputs
diff --git a/tests/deploy/single-node/variables.tf b/tests/deploy/single-node/variables.tf
index f7ddff6c..a3a474a7 100644
--- a/tests/deploy/single-node/variables.tf
+++ b/tests/deploy/single-node/variables.tf
@@ -24,3 +24,10 @@ variable "single_node" {
 
   default = {}
 }
+
+
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
diff --git a/tests/deploy/single-node/versions.tf b/tests/deploy/single-node/versions.tf
index 275d0a41..ab72d93d 100644
--- a/tests/deploy/single-node/versions.tf
+++ b/tests/deploy/single-node/versions.tf
@@ -14,4 +14,7 @@ provider "aws" {
   default_tags {
     tags = local.infra.tags
   }
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
diff --git a/tests/plan/create-kms-key/README.md b/tests/plan/create-kms-key/README.md
index 8e1fb541..9803720d 100644
--- a/tests/plan/create-kms-key/README.md
+++ b/tests/plan/create-kms-key/README.md
@@ -33,6 +33,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Deployment ID. | `string` | `"dominoeks003"` | no |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for deployment. | `string` | `"us-west-2"` | no |
 
 ## Outputs
diff --git a/tests/plan/create-kms-key/variables.tf b/tests/plan/create-kms-key/variables.tf
index 3a9c918f..e9a8487b 100644
--- a/tests/plan/create-kms-key/variables.tf
+++ b/tests/plan/create-kms-key/variables.tf
@@ -9,3 +9,9 @@ variable "deploy_id" {
   type        = string
   default     = "dominoeks003"
 }
+
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
diff --git a/tests/plan/create-kms-key/versions.tf b/tests/plan/create-kms-key/versions.tf
index d9663b77..a056f09c 100644
--- a/tests/plan/create-kms-key/versions.tf
+++ b/tests/plan/create-kms-key/versions.tf
@@ -10,10 +10,16 @@ terraform {
 
 provider "aws" {
   region = var.region
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
 
 
 provider "aws" {
   region = "us-east-1"
   alias  = "us-east-1"
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
diff --git a/tests/plan/terraform/README.md b/tests/plan/terraform/README.md
index cc22f404..de485a16 100644
--- a/tests/plan/terraform/README.md
+++ b/tests/plan/terraform/README.md
@@ -44,6 +44,7 @@
 | <a name="input_domino_cur"></a> [domino\_cur](#input\_domino\_cur) | Determines whether to provision domino cost related infrastructures, ie, long term storage | <pre>object({<br>    provision_cost_usage_report = optional(bool, false)<br>  })</pre> | `{}` | no |
 | <a name="input_eks"></a> [eks](#input\_eks) | k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    k8s_version  = optional(string, "1.27")<br>    nodes_master = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(string, null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), [])<br>  })</pre> | `{}` | no |
 | <a name="input_enable_private_link"></a> [enable\_private\_link](#input\_enable\_private\_link) | Enable Private Link connections | `bool` | `false` | no |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br>    key\_id  = optional(string, null)<br>    additional\_policies = "Allows setting additional KMS key policies when using a Domino-generated key" | <pre>object({<br>    enabled             = optional(bool, true)<br>    key_id              = optional(string, null)<br>    additional_policies = optional(list(string), [])<br>  })</pre> | `{}` | no |
 | <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
diff --git a/tests/plan/terraform/variables.tf b/tests/plan/terraform/variables.tf
index b783c6ee..0e0f1640 100644
--- a/tests/plan/terraform/variables.tf
+++ b/tests/plan/terraform/variables.tf
@@ -42,6 +42,12 @@ variable "tags" {
   default     = {}
 }
 
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
+
 variable "ssh_pvt_key_path" {
   type        = string
   description = "SSH private key filepath."
diff --git a/tests/plan/terraform/versions.tf b/tests/plan/terraform/versions.tf
index 94b8dc30..ae4c1b0f 100644
--- a/tests/plan/terraform/versions.tf
+++ b/tests/plan/terraform/versions.tf
@@ -1,5 +1,8 @@
 provider "aws" {
   region = var.region
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
 
 terraform {