pulumi-aws-native
pulumi-aws-native copied to clipboard
pulumi
DynamoDB global table no tags on replica until the very end of tables creation
Hello!
- Vote on this issue by adding a 👍 reaction
- To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already)
Issue details
While using aws-native to deploy a DynamoDB global table with tags on replicas, I am noticing that the addition of the tags is done at the very end of the creation of the DynamoDB tables. This is causing problem with our cloud custodian who is making a check on tags. Since the tables are created with no tag at the beginning, the cloud custodian removes them before the stack can finish (and add the tags).
I tested in an account where the custodian is not enforcing tag policy and I can confirm the table replicas are created with tags as intended, but also that at some moment, they do not have the tags defined in my pulumi stack.
Steps to reproduce
import * as awsnative from "@pulumi/aws-native";
const tableName = "demo"
const tags = [
{
key: "tag1",
value: "value1",
},
{
key: "tag2",
value: "value2",
},
{
key: "tag3",
value: "value3",
},
]
const globalTableExample = new awsnative.dynamodb.GlobalTable(tableName, {
tableName: tableName,
attributeDefinitions: [{
attributeName: "PK",
attributeType: "S",
}],
keySchema: [{
attributeName: "PK",
keyType: "HASH",
}],
billingMode: "PAY_PER_REQUEST",
streamSpecification: {
streamViewType: "NEW_AND_OLD_IMAGES",
},
replicas: [
{
region: "us-east-1",
tags: tags,
},
{
region: "us-west-1",
tags: tags,
},
],
});
export {
globalTableExample,
}
Expected: Expecting tags to be present on the resources at all time Actual: Tags are not on the tables until the end of the GlobalTable stack creation
From a quick review of the provider this would appear to be behaviour that's implemented within AWS's CloudControl API. Passing upstream.
