As per the AWS Cloudformation documentation
it is mentioned that Cloudformation automatically provides stack-level tags to resources.
aws:cloudformation:logical-id
aws:cloudformation:stack-id
aws:cloudformation:stack-name
I could see that for resources like EC2, S3, etc.
But when it comes to EMR I couldn’t see those tags. I need aws:cloudformation:stack-id tag value, so that I can later identify stackId without any hustle.
Isn’t it supported for EMR?
If not what could be workaround? I need to add CF stackId using which I can easily identify the stack for other use.
Note: aws cloudformation describe-stack-resources --physical-resource-id j-XXXXXXXXXXX this is not an option to get stackId because of not having enough IAM politics.
How I'm creating EMR cluster: I have one lambda which invokes CloudFormation using boto3, which then created the cluster.
I checked that on my EMR cluster and CloudFormation. You are correct. Tags are no where to be seen.
Could be oversight on AWS part, as they explicitly write in the docs that only EBS volumes don't have such tags:
All stack-level tags, including automatically created tags, are propagated to resources that AWS CloudFormation supports. Currently, tags are not propagated to Amazon EBS volumes that are created from block device mappings.
The only workaround I can think of is to "manually" create such tags, e.g. using custom resources. Or as you are already using lambda, do it in your lambda after EMR cluster creation.
Related
I have multiple existing EBS snapshots that I would like to tag using terraform. Say the tag key is "cost_center" and value is "11111" I'd like to build a terraform code that would add this tag to multiple snapshot >50. Does this fall under resource tagging or another
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_snapshot
I have a cloud formation template that provisions different resources like(EC2, S3, DynamoDB, Lamda, IAM Role, RDS, EIP, EBS). Want to get the resources ARN. so, we can update the tags of resources accordingly. Cloudformation describe_stacks Api not providing the information regarding resources ARN.
In boto3 to create a tag needs an ARN of resources.
response = client.tag_resources(
ResourceARNList=[
'string',
],
Tags={
'string': 'string'
}
)
Instead of individually tagging all the resource, you can apply the tags to the stack itself. Any tag you apply to the AWS CloudFormation template will automatically be applied to the resources created by the stack. From the documentation:
All stack-level tags, including automatically created tags, are propagated to resources that CloudFormation supports. Currently, tags aren't propagated to Amazon EBS volumes that are created from block device mappings.
The documentation does not mention this, but the StackId field in the describe_stacks API is actually the ARN of the CloudFormation stack (Sample output). You can use it along with client.tag_resources to tag the stack.
If for some reason you need to individually add different tags to each resource created by the stack, you have two options:
Define the tags in the CloudFormation template itself.
Add the ARN values in the output section of the CloudFormation template. You can then read the values using describe_stacks.
I have a CloudFormation template in which I have to tag every resource seperately. Can I provide tags to the stack and all underlying resources which can have tags automatically (without creating a nested stack)?
The following tags automatically added by cloudformation
aws:cloudformation:logical-id
aws:cloudformation:stack-id
aws:cloudformation:stack-name
Most resources that support Tags, have a property in their Cloudformation snippet to support Tags.
Some resources also have a PropogateAtLaunch like LaunchConfigurations. More information from AWS
What were you trying to achieve? Better view for Cost Center, AWS Console, AWS CLI or something else
I'm trying to understand the behavior of CloudFormation with respect to applying tags to the resources it creates.
As per their documentation - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html
In addition to any tags you define, AWS CloudFormation automatically creates the following stack-level tags with the prefix aws::
aws:cloudformation:logical-id
aws:cloudformation:stack-id
aws:cloudformation:stack-name
I created a DynamoDB table from CloudFormation and I visited the DynamoDB console and selected the tags tab and couldn't find any specific tag being added. I also did not find the aws:cloudformation:logical:id tag being added.
I then tried to create a S3 bucket using CloudFormation. That seems to work and I was able to visit the S3 console and find the aws:cloudformation:logical-id tag for the S3 bucket.
Is this some kind of inconsistency? Is there any specific documentation I can follow to find the list of AWS resources to which CloudFormation applies the tags prefixed with aws: as mentioned in the documentation?
Any help would be appreciated. Thanks!
I've had to recently contact AWS Enterprise support about this
Commonly requested services that aren't receiving tags from cloud formation include
DynamoDB
Elasticache
IAM resources
ECS clusters
Cloudfront distributions
Glue jobs
SQS
Firehose Delivery stream
There is an internal feature request open, however their suggested action was to just manually tag the resources.
Do you have any other resource besides DynamoDB in the same CFT? If yes, is that resource getting tagged by CF?
If you do not have any other resource, you may add an EC2 instance resource to validate if this is a resource specific issue or a template wide issue.
From what you posted, it seems that the stack creation is successful. Though it sounds silly, you may try once with the CLI - aws cloudformation create-stack --stack-name Name-of-your-stack --template-body file://your_template.json --tags Key=Name,Value=Your_Tag_Value --profile default --region region --capabilities CAPABILITY_NAMED_IAM
You can skip --capabilities CAPABILITY_NAMED_IAM if you do not have IAM resources in your CFT.
I have never experienced any issues tagging through CF, may want to check these sample templates.
I am creating an AWS AMI that is provisioned with Chef using Packer. At the creation of snapshots tags of the AWS AMI, I want it to be tagged with tags that assign it to be deployed with CodeDeploy:
{
"aws:autoscaling:groupName": "Env1"
}
In my JSON configuration for Packer, I am using snapshot_tags to define these.
The problem is that on creating the AMI, Packer fails with:
Build 'amazon-ebs' errored: Error adding tags to Resources ([]*string{(*string)(0xc420107170), (*string)(0xc420478758)}): InvalidParameterValue: Tag keys starting with 'aws:' are reserved for internal use
status code: 400, request id: fef34822-b692-4225-a2eb-a1cfac33a924
Cannot I use CodeDeploy with Packer since I must use aws in the tag?
ANSWER:
There is no need to use a tag for an AMI to deploy with CodeDeploy. My mistake.
Don't know about CodeDeploy, but you can never create a tag which starts with aws:.
Do not use the aws: prefix in your tag names or values because it is reserved for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
See AWS Docs: Using Tags - tag restrictions