CREATE_FAILED due to Resources tag of Launch Template

[jinwookkk]

Is your feature request related to a problem? Please describe. Our aws account is affected by our organizatoin's Service Control Policy So, we need to set resources tag of launch template.

DTH looks generate 2 launch templates. But we can't add tags. So we always get CREATE_FAILED with error message like below

Resource handler returned message: "User: arn:aws:sts::{myaccount}:assumed-role/DataTransferHub-QA-APICfnWorkflowCreateTaskCfnFnSer-q5tLicdxbA6Z/DataTransferHub-QA-APICfnWorkflowCreateTaskCfnFnAC-0MO9t0J17JuC is not authorized to perform: autoscaling:CreateAutoScalingGroup on resource: arn:aws:autoscaling:ap-northeast-2:{myaccount}:autoScalingGroup:*:autoScalingGroupName/DTH-S3EC2-7cd2e-Worker-ASG with an explicit deny in a service control policy (Service: AutoScaling, Status Code: 403, Request ID: e912aabd-f045-4a0e-9b4e-c0907c5ef6b9)" (RequestToken: {token}, HandlerErrorCode: AccessDenied)

Describe the feature you'd like Add resources tag to lauch template

Additional context

[bassemwanis]

Thank you @jinwookkk for requesting this enhancement. We have add it to our backlog to look into.

As a workaround, you can customize the DataTransferS3Stack.template by adding the necessary tags to TagSpecifications property of FinderStackFinderEC2LaunchTemplate. After making these changes, update the main template (DataTransferHub-openid.template or DataTransferHub-cognito.template) by modifying the APITaskHandlerFn environment variable PLUGIN_TEMPLATE_S3EC2 to point to your customized DataTransferS3Stack.template.