Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ec2_ami - Tag the image on creation when creating an image from an instance #551

Merged
merged 1 commit into from
Oct 26, 2021

Conversation

tremble
Copy link
Contributor

@tremble tremble commented Oct 24, 2021

SUMMARY

Tagging an instance during creation avoids the need to make an additional "tag" call on an untagged resource.

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

ec2_ami

ADDITIONAL INFORMATION

fixes: #550

@tremble tremble changed the title ec2_ami - Tag the image on creation when creating an image from an instane ec2_ami - Tag the image on creation when creating an image from an instance Oct 24, 2021
@ansibullbot
Copy link

@ansibullbot ansibullbot added community_review feature This issue/PR relates to a feature request has_issue module module needs_triage plugins plugin (any type) labels Oct 24, 2021
@andytson
Copy link

andytson commented Oct 24, 2021

It creates the tags on creation for me, but still calls CreateTags later on with the same tag data.

Another observed change is now the snapshot is also being tagged, which it wasn't before (in 2.0.0), but that's similar to how volumes get tagged on ec2_instance module's RunInstances too

@tremble
Copy link
Contributor Author

tremble commented Oct 24, 2021

@andytson Spotted the issue, could you try again please

@andytson
Copy link

@tremble it acts as I expect now for when an instance_id is provided, I'm not sure about the RegisterImage route way

@tremble
Copy link
Contributor Author

tremble commented Oct 24, 2021

@tremble it acts as I expect now for when an instance_id is provided, I'm not sure about the RegisterImage route way

Unfortunately RegisterImage doesn't accept tags:

While CreateImage supports passing tags it can only be used to create an image from an instance, rather than a snapshot.

Amazon aren't the most consistent with their APIs, and tagging on creation is one of those things they seem to retrofit when they remember (or just as likely when enough customers complain). Tagging after creation is how we generally work around the issue.

@andytson
Copy link

andytson commented Oct 24, 2021

yep, even CreateImage's CreateTags internal call is inconsistent to RunInstances, latter provides the aws:RequestTag/... condition, former doesn't (although that's fine for me)

@tremble
Copy link
Contributor Author

tremble commented Oct 24, 2021

Yeah, we used to do a lot of our IAM policies based on tags, but the inconsistency of Amazons APIs resulted in us switching to using lots of accounts in an AWS Organization instead. Now we mostly use tags so folks can break down their spending (within their cost centers). It's still nice to add the tags on creation though, as it reduces some of the other issues we see.

@tremble tremble added the gate label Oct 26, 2021
Copy link
Contributor

@ansible-zuul ansible-zuul bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ansible-zuul ansible-zuul bot merged commit 788066e into ansible-collections:main Oct 26, 2021
@tremble tremble deleted the issues/550 branch November 26, 2021 12:41
alinabuzachis pushed a commit to alinabuzachis/amazon.aws that referenced this pull request Sep 7, 2023
)

iam_role - add assume_role_policy_document_raw

SUMMARY
fixes: ansible-collections#551
assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it.  Running camel / snake conversion against the document breaks it.  Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_role
iam_role_info
ADDITIONAL INFORMATION
Follows up on ansible-collections#1054 / ansible-collections#1068

Reviewed-by: Alina Buzachis <None>

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections/community.aws@5bf51c0
alinabuzachis pushed a commit to alinabuzachis/amazon.aws that referenced this pull request Sep 7, 2023
)

iam_role - add assume_role_policy_document_raw

SUMMARY
fixes: ansible-collections#551
assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it.  Running camel / snake conversion against the document breaks it.  Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_role
iam_role_info
ADDITIONAL INFORMATION
Follows up on ansible-collections#1054 / ansible-collections#1068

Reviewed-by: Alina Buzachis <None>

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections/community.aws@5bf51c0
abikouo pushed a commit to abikouo/amazon.aws that referenced this pull request Sep 18, 2023
)

iam_role - add assume_role_policy_document_raw

SUMMARY
fixes: ansible-collections#551
assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it.  Running camel / snake conversion against the document breaks it.  Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_role
iam_role_info
ADDITIONAL INFORMATION
Follows up on ansible-collections#1054 / ansible-collections#1068

Reviewed-by: Alina Buzachis <None>
abikouo pushed a commit to abikouo/amazon.aws that referenced this pull request Sep 18, 2023
)

iam_role - add assume_role_policy_document_raw

SUMMARY
fixes: ansible-collections#551
assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it.  Running camel / snake conversion against the document breaks it.  Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_role
iam_role_info
ADDITIONAL INFORMATION
Follows up on ansible-collections#1054 / ansible-collections#1068

Reviewed-by: Alina Buzachis <None>
abikouo pushed a commit to abikouo/amazon.aws that referenced this pull request Sep 20, 2023
)

iam_role - add assume_role_policy_document_raw

SUMMARY
fixes: ansible-collections#551
assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it.  Running camel / snake conversion against the document breaks it.  Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_role
iam_role_info
ADDITIONAL INFORMATION
Follows up on ansible-collections#1054 / ansible-collections#1068

Reviewed-by: Alina Buzachis <None>

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections/community.aws@5bf51c0
alinabuzachis pushed a commit to alinabuzachis/amazon.aws that referenced this pull request Oct 6, 2023
)

iam_role - add assume_role_policy_document_raw

SUMMARY
fixes: ansible-collections#551
assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it.  Running camel / snake conversion against the document breaks it.  Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_role
iam_role_info
ADDITIONAL INFORMATION
Follows up on ansible-collections#1054 / ansible-collections#1068

Reviewed-by: Alina Buzachis <None>

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections/community.aws@5bf51c0
alinabuzachis pushed a commit to alinabuzachis/amazon.aws that referenced this pull request Oct 6, 2023
)

iam_role - add assume_role_policy_document_raw

SUMMARY
fixes: ansible-collections#551
assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it.  Running camel / snake conversion against the document breaks it.  Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_role
iam_role_info
ADDITIONAL INFORMATION
Follows up on ansible-collections#1054 / ansible-collections#1068

Reviewed-by: Alina Buzachis <None>

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections/community.aws@5bf51c0
abikouo pushed a commit to abikouo/amazon.aws that referenced this pull request Oct 20, 2023
)

iam_role - add assume_role_policy_document_raw

SUMMARY
fixes: ansible-collections#551
assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it.  Running camel / snake conversion against the document breaks it.  Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_role
iam_role_info
ADDITIONAL INFORMATION
Follows up on ansible-collections#1054 / ansible-collections#1068

Reviewed-by: Alina Buzachis <None>

This commit was initially merged in https://github.com/ansible-collections/community.aws
See: ansible-collections/community.aws@5bf51c0
abikouo pushed a commit to abikouo/amazon.aws that referenced this pull request Oct 24, 2023
)

iam_role - add assume_role_policy_document_raw

SUMMARY
fixes: ansible-collections#551
assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it.  Running camel / snake conversion against the document breaks it.  Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour.
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
iam_role
iam_role_info
ADDITIONAL INFORMATION
Follows up on ansible-collections#1054 / ansible-collections#1068

Reviewed-by: Alina Buzachis <None>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
community_review feature This issue/PR relates to a feature request has_issue module module needs_triage plugins plugin (any type)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ec2_ami: create tags on ami at point of creation
4 participants