Trouble creating tags for IoT policies using CDK

Question

Something like the following does not work for me, but it does if I change the construct from an IoT policy construct to, say, an S3 bucket construct.

```cdk.Tags.of(iotPolicy).add('Name', 'Value');```

Hope this explanation is enough to work on. If not, please let me know.

Thanks
Gary

Accepted Answer

Hi Gary. The underlying issue is that CloudFormation [has a tags property for S3 buckets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-tags), but it [doesn't have a tags property for IoT policies](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-policy.html#aws-resource-iot-policy-properties). I can't find any specific discussion about tags for IoT policies, but here's a similar issue for IAM Managed Policies: https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/819

Answer

To add onto Greg's response, most AWS IoT resources _can_ be tagged, but it has to happen after the resource has been created. Also note that AWS IoT _Things_ and _Certificates_ are resources than cannot be tagged at present.

Once a resource has been created, the [TagResource](https://docs.aws.amazon.com/iot/latest/apireference/API_TagResource.html) API can be called to apply tags for use in IAM ABAC, cost allocation, etc. Via CDK this could be accomplished by creating a level 2 or 3 construct that takes in the Arn of created resource along with the key value pairs of the tags, then use a custom resource to make the needed API call(s).

Trouble creating tags for IoT policies using CDK

相关内容