aws-cdk
aws-cdk copied to clipboard
aws
(aws-cdk-lib.aws_ec2): (VPC default resources not tagged by default)
Describe the bug
Hi,
while creating Vpc resource (https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html) it looks like it's not tagging default resources by default, namely: DHCPOptions, NetworkAcl, RouteTable and SecurityGroup.
Expected Behavior
I expected default VPC resources to be tagged.
Current Behavior
No tags for VPC default resources.
Reproduction Steps
Minimal snippet:
tags = [{'Key': 'ApplicationName', 'Value': 'test'}] cloudformation_client.deploy(template_json, tags) vpc = aws_ec2.Vpc(self.stack, 'vpc', cidr='10.0.0.0/8', subnet_configuration=[], vpc_name='vpc', max_azs=1)
// For all other (not just EC2 related) resources it's tagging properly, however for VPC created this way, tags are not applicable to default VPC resources.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.34.2
Framework Version
No response
Node.js Version
v18.7.0
OS
Archlinux
Language
Python
Language Version
Python (3.9)
Other information
No response
@S3ky I'm not sure I follow your snippet. What is the cloudformation_client.deploy() doing?
Typically tags are adding by doing something like
const vpc = new Vpc();
Tags.of(vpc).add('SomeTagKey', 'SomeTagValue');
That will apply tags to all taggable resources in the vpc scope.
@corymhall, right, sorry for that, yes, we are using this construct in our client as well, by using Tags.of, while deploying CDK.
We are basically doing this:
vpc = aws_ec2.Vpc(self.stack, 'vpc', cidr='10.0.0.0/8', subnet_configuration=[], vpc_name='vpc', max_azs=1)
Tags.of(vpc).add(key='Test', value='test')
However, as I mentioned above, tags weren't applied to VPC default resources (resources, which are created by default with creation of VPC either via AWS UI console, TF etc.), but were applied to VPC itself etc. We do not have problem anywhere else except https://github.com/aws/aws-cdk/issues/21537 and https://github.com/aws/aws-cdk/issues/21536. All AWS resources are tagged properly via CDK.
I'm not finding that any of the children of Vpc which are considered taggable are lacking the tag attached through the aspect.
namely: DHCPOptions, NetworkAcl, RouteTable and SecurityGroup
None of these resources are being created as a child of the Vpc construct with the configuration you've given us. The aspect will not apply to resources that aren't children of the Vpc construct.
If you adjust your configuration such that say, a RouteTable is created as a child of the construct, then you will find that the RouteTable will have the appropriate tags. However, either you are creating these resources elsewhere in your stack, or CloudFormation is automatically creating them without being in the template. The tags aspect will not apply to either of these cases
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @peterwoodworth,
I'm pretty sure that these resources were created while using this Vpc construct, more specifically, if you used this code snippet:
vpc = aws_ec2.Vpc(self.stack, 'vpc', cidr="10.200.0.0/16", subnet_configuration=[], vpc_name="cdk-test", max_azs=3, enable_dns_support=True, enable_dns_hostnames=True)
I can see in AWS UI that default RouteTable, NetworkAcl and SecurityGroups were created without tags. DHCP option sets is a little bit specific (without tags as well) as it's created when the first VPC in an AWS account is created. Should it be considered as bug for Cloudformation?
Thank you for your response.
Yeah none of these resources you've mentioned are actually appearing in the CloudFormation template, meaning that CDK has no control over those resources. They are likely getting created automatically by CloudFormation or the service upon creation of the Vpc. This would be a feature request for CloudFormation or VPC to support propagating tags
Ok @peterwoodworth, many thanks! I will reach out to Cloudformation and AWS. Closing as resolved.
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.