-
-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature-request] [pull-request-proposal] ebs volume/snapshot tag on creation #359
Comments
Hey There If you're looking for more immediate troubleshooting help make sure to check out #general on the Chef Community Slack. There's plenty of folks there willing to lend a helping hand. Thanks for the first issue. We hope we can get back to you soon with a solution. |
Ping! Would it be better if I create a PR for this feature? |
@atoa Sounds like I good idea to me, can you open up a PR and ping me on it? |
Cookbook version
v7.5.0
Chef-client version
14.2.0
Platform Details
Windows 2012R2. AWS
Scenario:
When you create EBS volumes/snapshots with tags using the aws_ebs_volume resource, it adds the tags in a two step process where the volume/snapshot is first created and then the tags are added in a subsequent step.
This works great but it doesn't allow to enforce IAM policies to create/attach volumes based on tags. Last year, the EC2 API introduced a feature that allows to add tags to resources at creation time as opposed to the two step process described above. This new feature allows to enforce IAM policies at resource creation time based on tags. See:
https://aws.amazon.com/blogs/aws/new-tag-ec2-instances-ebs-volumes-on-creation/
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_ec2_ebs-owner.html
Steps to Reproduce:
You can see in the code that there's a function named
add_tags
that add the tags after the resource is created. See:https://github.com/chef-cookbooks/aws/blob/a306d7cfb9f18974ca9499f0c1116cc7bc3d6e05/resources/ebs_volume.rb#L365
If you create an EBS volume with the aws_ebs_volume resource, the creation fails if you try to enforce IAM policies based on tags.
Expected Result:
I would like the resource creation EC2 API calls used by aws_ebs_volume to add tags at creation so that tag based IAM policies can be enforced.
I modified the ebs_volume.rb file to implement the changes needed. See:
atoa@6165b63
I can create a pull request if this feature is desired.
The text was updated successfully, but these errors were encountered: