cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard
verified publisher icon aws-cloudformation

CloudFormation does not automatically create the automatic stack-level tags for IAM resources

Open merichea opened this issue 1 year ago • 3 comments

Name of the resource

Other

Resource Name

AWS::IAM:*

Issue Description

CloudFormation does not automatically create the following stack-level tags for IAM resources, as stated in this doc https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html :

  • aws:cloudformation:logical-id
  • aws:cloudformation:stack-id
  • aws:cloudformation:stack-name

Expected Behavior

IAM resources created with CloudFormation should have the following stack-level tags automatically added, according to the doc:

  • aws:cloudformation:logical-id
  • aws:cloudformation:stack-id
  • aws:cloudformation:stack-name

Observed Behavior

IAM resources created with CloudFormation only have custom Tags created by the user, and the stack-level tags are not present

Test Cases

You can test with any IAM resources (users, roles, groups...) we have the same problem. In the following test template, I tested with an IAM user. Only the custom "Cost Center" tag appears on the "ExampleUser" resource, and the following stack-level tags are not added, despite what is written in the doc:

  • aws:cloudformation:logical-id
  • aws:cloudformation:stack-id
  • aws:cloudformation:stack-name
AWSTemplateFormatVersion: 2010-09-09

Resources:

  IamUser: 

    Type: AWS::IAM::User

    Properties: 

      UserName: ExampleUser

      Tags: 

        - Key: CostCenter

          Value: CC111

Other Details

N/A

merichea avatar Mar 14 '24 17:03 merichea

Duplicate of https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/277

jplock avatar Apr 01 '24 01:04 jplock

Is there a list of documented resources that do not get these tags ?

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Edit: I spoke with AWS support and he mentioned this doc https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-type-schemas.html and downloaded the us-east-1 zip file which contains an aws-iam*.json file which shows resources that do not have cloudFormationSystemTags set to true

nitrocode avatar Aug 22 '24 17:08 nitrocode

One workaround is to use the following parameters to add the metadata to each resource manually in cloudformation

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html#cfn-pseudo-param-stackname

nitrocode avatar Aug 22 '24 17:08 nitrocode