localstack icon indicating copy to clipboard operation
localstack copied to clipboard
verified publisher icon localstack

bug: Security Groups created via Cloudformation template do not have the tags specified in the template

Open anelson opened this issue 1 year ago • 2 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Current Behavior

Deploying a Cloudformation template which specifies a security group with one or more tags successfully creates that security group, but the tags are missing. Adding the tags to the security group manually after the template is deployed works as expected.

Expected Behavior

Tags on all resources in a Cloudformation template should be created on those resources automatically as part of the deployment of that template. I deployed this same template on an actual AWS account and the tags were present as expected.

How are you starting LocalStack?

With the localstack script

Steps To Reproduce

How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)

localstack --debug start

Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)

# Download the example CFN that reproduces this behavior
curl https://gist.githubusercontent.com/anelson/4e5af3f511e8429a3b06b1c9d4294f71/raw/eae7bca475642608b694b756e7c5c08244803537/cfn.yaml -o cfn.yaml

# Deploy the CFN to localstack
awslocal cloudformation create-stack --stack-name farcast --template-body "$(cat cfn.yaml)"

# Wait a few seconds for the deploy to complete.

# Describe the security groups; note that the security group `FarcastDefaultComputeB5C4A6CA` has no tags
awslocal ec2 describe-security-groups

Environment

- OS: Fedora 39
- LocalStack: 3.4.0

Anything else?

I made a gist with a CFN that reproduces this behavior:

https://gist.github.com/anelson/4e5af3f511e8429a3b06b1c9d4294f71

anelson avatar May 05 '24 13:05 anelson

Welcome to LocalStack! Thanks for reporting your first issue and our team will be working towards fixing the issue for you or reach out for more background information. We recommend joining our Slack Community for real-time help and drop a message to LocalStack Pro Support if you are a Pro user! If you are willing to contribute towards fixing this issue, please have a look at our contributing guidelines and our contributing guide.

localstack-bot avatar May 05 '24 13:05 localstack-bot

I was able to reproduce the problem with the awslocal commands provided in the issue description.

However, I was also able to create a security group with tags using a command like:

awslocal ec2 create-security-group --description 'test security group' --group-name test --tag-specifications 'ResourceType=security-group,Tags=[{Key=tag1,Value=value1},{Key=tag2,Value=value2}]'

Hence, the problem is probably related to how cloudformation attempted to create the security group.

jcollado avatar Jun 25 '24 19:06 jcollado