-
Notifications
You must be signed in to change notification settings - Fork 342
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ec2_ami - Tag the image on creation when creating an image from an instance #551
Conversation
It creates the tags on creation for me, but still calls CreateTags later on with the same tag data. Another observed change is now the snapshot is also being tagged, which it wasn't before (in 2.0.0), but that's similar to how volumes get tagged on ec2_instance module's RunInstances too |
@andytson Spotted the issue, could you try again please |
@tremble it acts as I expect now for when an instance_id is provided, I'm not sure about the RegisterImage route way |
Unfortunately RegisterImage doesn't accept tags:
While CreateImage supports passing tags it can only be used to create an image from an instance, rather than a snapshot. Amazon aren't the most consistent with their APIs, and tagging on creation is one of those things they seem to retrofit when they remember (or just as likely when enough customers complain). Tagging after creation is how we generally work around the issue. |
yep, even CreateImage's CreateTags internal call is inconsistent to RunInstances, latter provides the aws:RequestTag/... condition, former doesn't (although that's fine for me) |
Yeah, we used to do a lot of our IAM policies based on tags, but the inconsistency of Amazons APIs resulted in us switching to using lots of accounts in an AWS Organization instead. Now we mostly use tags so folks can break down their spending (within their cost centers). It's still nice to add the tags on creation though, as it reduces some of the other issues we see. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
) iam_role - add assume_role_policy_document_raw SUMMARY fixes: ansible-collections#551 assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it. Running camel / snake conversion against the document breaks it. Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_role iam_role_info ADDITIONAL INFORMATION Follows up on ansible-collections#1054 / ansible-collections#1068 Reviewed-by: Alina Buzachis <None> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@5bf51c0
) iam_role - add assume_role_policy_document_raw SUMMARY fixes: ansible-collections#551 assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it. Running camel / snake conversion against the document breaks it. Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_role iam_role_info ADDITIONAL INFORMATION Follows up on ansible-collections#1054 / ansible-collections#1068 Reviewed-by: Alina Buzachis <None> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@5bf51c0
) iam_role - add assume_role_policy_document_raw SUMMARY fixes: ansible-collections#551 assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it. Running camel / snake conversion against the document breaks it. Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_role iam_role_info ADDITIONAL INFORMATION Follows up on ansible-collections#1054 / ansible-collections#1068 Reviewed-by: Alina Buzachis <None>
) iam_role - add assume_role_policy_document_raw SUMMARY fixes: ansible-collections#551 assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it. Running camel / snake conversion against the document breaks it. Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_role iam_role_info ADDITIONAL INFORMATION Follows up on ansible-collections#1054 / ansible-collections#1068 Reviewed-by: Alina Buzachis <None>
) iam_role - add assume_role_policy_document_raw SUMMARY fixes: ansible-collections#551 assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it. Running camel / snake conversion against the document breaks it. Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_role iam_role_info ADDITIONAL INFORMATION Follows up on ansible-collections#1054 / ansible-collections#1068 Reviewed-by: Alina Buzachis <None> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@5bf51c0
) iam_role - add assume_role_policy_document_raw SUMMARY fixes: ansible-collections#551 assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it. Running camel / snake conversion against the document breaks it. Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_role iam_role_info ADDITIONAL INFORMATION Follows up on ansible-collections#1054 / ansible-collections#1068 Reviewed-by: Alina Buzachis <None> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@5bf51c0
) iam_role - add assume_role_policy_document_raw SUMMARY fixes: ansible-collections#551 assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it. Running camel / snake conversion against the document breaks it. Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_role iam_role_info ADDITIONAL INFORMATION Follows up on ansible-collections#1054 / ansible-collections#1068 Reviewed-by: Alina Buzachis <None> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@5bf51c0
) iam_role - add assume_role_policy_document_raw SUMMARY fixes: ansible-collections#551 assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it. Running camel / snake conversion against the document breaks it. Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_role iam_role_info ADDITIONAL INFORMATION Follows up on ansible-collections#1054 / ansible-collections#1068 Reviewed-by: Alina Buzachis <None> This commit was initially merged in https://github.com/ansible-collections/community.aws See: ansible-collections/community.aws@5bf51c0
) iam_role - add assume_role_policy_document_raw SUMMARY fixes: ansible-collections#551 assume_role_policy_document is an IAM policy document, and as such we shouldn't be modifying it. Running camel / snake conversion against the document breaks it. Adds assume_role_policy_document_raw and deprecates the current snake_case behaviour. ISSUE TYPE Feature Pull Request COMPONENT NAME iam_role iam_role_info ADDITIONAL INFORMATION Follows up on ansible-collections#1054 / ansible-collections#1068 Reviewed-by: Alina Buzachis <None>
SUMMARY
Tagging an instance during creation avoids the need to make an additional "tag" call on an untagged resource.
ISSUE TYPE
COMPONENT NAME
ec2_ami
ADDITIONAL INFORMATION
fixes: #550