cli
cli copied to clipboard
Published
20 hours ago •
terraform-compliance
terraform-compliance
Tags check fails on aws_cloudwatch_event_target with ecs_target block
Description
When using "aws_cloudwatch_event_target" block with "ecs_target" block. an check to make sure if tags are present fails When adding tags to the "ecs_target" block Passes terraform plan Fails compliance
When adding tags to "aws_cloudwatch_event_target" and "ecs_target" block check Fails terraform plan as "aws_cloudwatch_event_target" does not support tags
To Reproduce
Feature File:
Feature: Tagging Enforcement
In order to keep track of resource ownership
As engineers
We'll enforce tagging on all resources
Scenario: Ensure all resources have tags
Given I have resource that supports tags defined
Then it must contain tags
And its value must not be null
Plan File:
{
"format_version": "0.1",
"terraform_version": "0.14.4",
"planned_values": {
"root_module": {
"resources": [
{
"address": "aws_cloudwatch_event_rule.console",
"mode": "managed",
"type": "aws_cloudwatch_event_rule",
"name": "console",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"description": "Capture all EC2 scaling events",
"event_bus_name": "default",
"event_pattern": "{\"detail-type\":[\"EC2 Instance Launch Successful\",\"EC2 Instance Terminate Successful\",\"EC2 Instance Launch Unsuccessful\",\"EC2 Instance Terminate Unsuccessful\"],\"source\":[\"aws.autoscaling\"]}",
"is_enabled": true,
"name": "capture-ec2-scaling-events",
"role_arn": null,
"schedule_expression": null,
"tags": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
},
"tags_all": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
}
}
},
{
"address": "aws_cloudwatch_event_target.yada",
"mode": "managed",
"type": "aws_cloudwatch_event_target",
"name": "yada",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 1,
"values": {
"batch_target": [],
"dead_letter_config": [],
"ecs_target": [
{
"enable_ecs_managed_tags": false,
"enable_execute_command": false,
"group": null,
"launch_type": "FARGATE",
"network_configuration": [],
"placement_constraint": [],
"platform_version": null,
"propagate_tags": "TASK_DEFINITION",
"tags": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
},
"task_count": 1,
"task_definition_arn": "arn:aws:ecs:eu-west-1:000000000000:task/dev:2"
}
],
"event_bus_name": "default",
"http_target": [],
"input": null,
"input_path": null,
"input_transformer": [],
"kinesis_target": [],
"redshift_target": [],
"retry_policy": [],
"role_arn": null,
"rule": "capture-ec2-scaling-events",
"run_command_targets": [],
"sqs_target": [],
"target_id": "Yada"
}
},
{
"address": "aws_kinesis_stream.test_stream",
"mode": "managed",
"type": "aws_kinesis_stream",
"name": "test_stream",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 1,
"values": {
"encryption_type": "NONE",
"enforce_consumer_deletion": false,
"kms_key_id": null,
"name": "terraform-kinesis-test",
"retention_period": 24,
"shard_count": 1,
"shard_level_metrics": null,
"tags": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
},
"tags_all": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
},
"timeouts": null
}
}
]
}
},
"resource_changes": [
{
"address": "aws_cloudwatch_event_rule.console",
"mode": "managed",
"type": "aws_cloudwatch_event_rule",
"name": "console",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"create"
],
"before": null,
"after": {
"description": "Capture all EC2 scaling events",
"event_bus_name": "default",
"event_pattern": "{\"detail-type\":[\"EC2 Instance Launch Successful\",\"EC2 Instance Terminate Successful\",\"EC2 Instance Launch Unsuccessful\",\"EC2 Instance Terminate Unsuccessful\"],\"source\":[\"aws.autoscaling\"]}",
"is_enabled": true,
"name": "capture-ec2-scaling-events",
"role_arn": null,
"schedule_expression": null,
"tags": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
},
"tags_all": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
}
},
"after_unknown": {
"arn": true,
"id": true,
"name_prefix": true,
"tags": {},
"tags_all": {}
}
}
},
{
"address": "aws_cloudwatch_event_target.yada",
"mode": "managed",
"type": "aws_cloudwatch_event_target",
"name": "yada",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"create"
],
"before": null,
"after": {
"batch_target": [],
"dead_letter_config": [],
"ecs_target": [
{
"enable_ecs_managed_tags": false,
"enable_execute_command": false,
"group": null,
"launch_type": "FARGATE",
"network_configuration": [],
"placement_constraint": [],
"platform_version": null,
"propagate_tags": "TASK_DEFINITION",
"tags": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
},
"task_count": 1,
"task_definition_arn": "arn:aws:ecs:eu-west-1:000000000000:task/dev:2"
}
],
"event_bus_name": "default",
"http_target": [],
"input": null,
"input_path": null,
"input_transformer": [],
"kinesis_target": [],
"redshift_target": [],
"retry_policy": [],
"role_arn": null,
"rule": "capture-ec2-scaling-events",
"run_command_targets": [],
"sqs_target": [],
"target_id": "Yada"
},
"after_unknown": {
"arn": true,
"batch_target": [],
"dead_letter_config": [],
"ecs_target": [
{
"network_configuration": [],
"placement_constraint": [],
"tags": {}
}
],
"http_target": [],
"id": true,
"input_transformer": [],
"kinesis_target": [],
"redshift_target": [],
"retry_policy": [],
"run_command_targets": [],
"sqs_target": []
}
}
},
{
"address": "aws_kinesis_stream.test_stream",
"mode": "managed",
"type": "aws_kinesis_stream",
"name": "test_stream",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"create"
],
"before": null,
"after": {
"encryption_type": "NONE",
"enforce_consumer_deletion": false,
"kms_key_id": null,
"name": "terraform-kinesis-test",
"retention_period": 24,
"shard_count": 1,
"shard_level_metrics": null,
"tags": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
},
"tags_all": {
"Environment": "Dev-Test",
"Name": "test",
"Project": "3331"
},
"timeouts": null
},
"after_unknown": {
"arn": true,
"id": true,
"stream_mode_details": true,
"tags": {},
"tags_all": {}
}
}
}
],
"configuration": {
"root_module": {
"resources": [
{
"address": "aws_cloudwatch_event_rule.console",
"mode": "managed",
"type": "aws_cloudwatch_event_rule",
"name": "console",
"provider_config_key": "aws",
"expressions": {
"description": {
"constant_value": "Capture all EC2 scaling events"
},
"event_pattern": {
"constant_value": "{\n \"source\": [\n \"aws.autoscaling\"\n ],\n \"detail-type\": [\n \"EC2 Instance Launch Successful\",\n \"EC2 Instance Terminate Successful\",\n \"EC2 Instance Launch Unsuccessful\",\n \"EC2 Instance Terminate Unsuccessful\"\n ]\n}\n"
},
"name": {
"constant_value": "capture-ec2-scaling-events"
},
"tags": {
"references": [
"local.tags"
]
}
},
"schema_version": 0
},
{
"address": "aws_cloudwatch_event_target.yada",
"mode": "managed",
"type": "aws_cloudwatch_event_target",
"name": "yada",
"provider_config_key": "aws",
"expressions": {
"arn": {
"references": [
"aws_kinesis_stream.test_stream"
]
},
"ecs_target": [
{
"launch_type": {
"constant_value": "FARGATE"
},
"tags": {
"references": [
"local.tags"
]
},
"task_count": {
"constant_value": 1
},
"task_definition_arn": {
"constant_value": "arn:aws:ecs:eu-west-1:000000000000:task/dev:2"
}
}
],
"rule": {
"references": [
"aws_cloudwatch_event_rule.console"
]
},
"target_id": {
"constant_value": "Yada"
}
},
"schema_version": 1
},
{
"address": "aws_kinesis_stream.test_stream",
"mode": "managed",
"type": "aws_kinesis_stream",
"name": "test_stream",
"provider_config_key": "aws",
"expressions": {
"name": {
"constant_value": "terraform-kinesis-test"
},
"shard_count": {
"constant_value": 1
},
"tags": {
"references": [
"local.tags"
]
}
},
"schema_version": 1
}
]
}
}
}
Sample Terraform Code:
resource "aws_cloudwatch_event_target" "yada" {
target_id = "Yada"
rule = aws_cloudwatch_event_rule.console.name
arn = aws_kinesis_stream.test_stream.arn
ecs_target {
tags = local.tags
task_count = 1
task_definition_arn = "arn:aws:ecs:eu-west-1:000000000000:task/dev:2"
launch_type = "FARGATE"
}
}
resource "aws_cloudwatch_event_rule" "console" {
name = "capture-ec2-scaling-events"
description = "Capture all EC2 scaling events"
tags = local.tags
event_pattern = <<PATTERN
{
"source": [
"aws.autoscaling"
],
"detail-type": [
"EC2 Instance Launch Successful",
"EC2 Instance Terminate Successful",
"EC2 Instance Launch Unsuccessful",
"EC2 Instance Terminate Unsuccessful"
]
}
PATTERN
}
resource "aws_kinesis_stream" "test_stream" {
name = "terraform-kinesis-test"
shard_count = 1
tags = local.tags
}
locals {
tags = {
"Environment" = "Dev-Test"
"Project" = "3331"
"Name" = "test"
}
}
Used terraform-compliance Parameters:
--no-ansi --early-exit --silent
Tested Versions:
- terraform-compliance version:
v1.3.32 - terraform version:
Terraform v0.14.4 provider aws v4.12.1 - python version:
3.8.0
I'm also encountering this issue - the resource is definitely tagged but compliance is flagging an error - having to allow_failure on this job in my CI pipelines really dilutes the effectiveness of the tool..
Any chance of a resolution on this one 🙏 ?
