By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFormation create-change-set Tags propagation

0

Hi everyone, I'm creating multiple resources using CloudFormation and now I have the need to tag them, the thing is that I'm using the CLI to invoke cloudformation and I'm passing a JSON file with the tags as parameter.

I'm using gitlab CI/CD to create the CF stack also I want to review the changes before applying them, hence what I ended doing was creating a change set first (Update or Create, depending if the stack already exists), then if everything looks good I execute the change set.

This is more or less what I'm doing in the pipeline:

  1. I create the change set with:

aws cloudformation create-change-set --change-set-name MyChangeSet --change-set-type <<CREATE or UPDATE>> --stack-name MyCFStack --tags <<file_with_tags.json>>

  1. If everything looks good then I'm executing the change set with the following command:

aws cloudformation execute-change-set --stack-name MyCFStack --change-set-name MyChangeSet

CloudFormation creates the stack and tag it appropriately, the problem is that does NOT propagate the tags to the resources. In the documentation (https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudformation/create-change-set.html) says that CloudFormation should propagate the tags to the resources:

--tags (list)

Key-value pairs to associate with this stack. CloudFormation also propagates these tags to resources in the stack. You can specify a maximum of 50 tags.

I know that using "create-stack" or "update-stack" you can pass the tag parameter too, but as you can see, my approach allows me to create the change set first and review the changes, even if it's the first time I'm creating the stack.

Has anybody experienced something similar? Were you able to pass the tags using "create-change-set" and then execute? Am I missing something?

I appreciate any help.

Jorge.

Topics
Management & GovernanceDevOps
Tags
AWS CloudFormationDevOps
Language
English
JorgeRS
asked 2 years ago1700 views
1 Answer
0

What resources are you creating via CloudFormation? I did the same ("aws cloudformation create-change-set") with a simple template that has an S3 bucket resource. After "execute-change-set", the tags were propagated to the S3 bucket. However, I believe this propagation does not happen to all resources. Either it's not supported yet or it's a bug. Same case if you create/update CloudFormation stacks via the console.

I saw a similar open issue in github regarding this: CloudFormation Resource Tag Propogation.

If I need my resources to be properly tagged, I explicitly define the Tags property to the resources in the CFN template.

profile picture
joahna
answered 2 years ago
  • JorgeRS
    2 years ago

    Thank you for you answer.

    The services I created were a Glue Crawler and a Glue DB.

    I will test it with other services but it's strange that for some services does it and for other don't.

    I agree, if I need specific tags for the service I use the Tags property in the CF template as well, but because I want to apply a set of "standard" tags for all the resources I was thinking on doing it this way.

    Thank you, Jorge.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content