AWS::EC2::instance (specify TagSpecification in EBS BlockDeviceMapping)

[Remi-Faydide]

Instructions for CloudFormation Coverage New Issues Template

Quick Sample Summary:

1. Title -> Specifying TagSpecification on creation for AWS::EC2::Instance Ebs Attribute is available since 28 Mar 2017 with API (https://aws.amazon.com/blogs/aws/new-tag-ec2-instances-ebs-volumes-on-creation/)
2. Scope of request -> Allow specifying tags in CloudFormation for EC2 instances.
3. Expected behavior -> In Create, it should allow specifying separate tags per volumes or same for every volumes or same tags than EC2 Instance. At least it should allow tag creation, like the API allows.
4. Test case recommendation (optional) ->
5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html
6. Category tag (optional) -> Compute / Storage
7. Any additional context (optional)

[whereisaaron]

eksctl-io/eksctl#778

[DanyC97]

@PatMyron @luiseduardocolon i saw you folks referenced this issue on the master issue #228 , any chance you have an update on this ?

Asking as this lack of functionality does really impact myself and others in sorting out the EBS tagging which is a must to not waste the $$ down the pipe.
In my case i was using ASG with LC and tagging EBS vols inside userdata didn't cut very well as there are some limitation on the !Sub function and you can't do much of bash scripting with variables interpolation.

Moved to ASG with LT and while TagSpecifications works in some cases it doesn't if you have different EBS vols as below where you want the Tag's Name value to be dynamic

      LaunchTemplateData:
        BlockDeviceMappings:
{% for i in range(StorageEbsNumVolumes) %}
          - DeviceName: /dev/xvd{{ vol_drive_letters[i] }}
            Ebs:
              VolumeSize: !Ref StorageEbsVolumeSize
              VolumeType: !Ref StorageEbsVolumeType
              DeleteOnTermination: !Ref StorageEbsDeleteOnTermination
{% endfor %}
          - DeviceName: /dev/sda1
            Ebs:
              VolumeSize: 100

[robertd]

We also take care of EBS tagging in userdata section, and it would be nice to take care of it on CloudFormation level. Looking forward to this CloudFormation update.

[jchapuran]

This has been "coming soon" for 3 full months now, is there an ETA for when this will be available?

[timschill]

Any updates on this issue yet?

[luiseduardocolon]

I'm following up on this - if you don't hear from me in a couple of weeks, ping me again here :)

[jchapuran]

@luiseduardocolon as requested :)

[timschill]

@luiseduardocolon any progress?

[Remi-Faydide]

Soon 1 year this issue has been opened...
you have less than 5 days to let it close before the official anniversary... ;)
I know you can do it !

[robertd]

Hi @luiseduardocolon 👋 ... any updates?

[jchapuran]

@luiseduardocolon

[sahil-sharma]

Hi @luiseduardocolon Could you please provide us some update on this issue?

[deporcali]

Any updates here? We want to be able to use cloud formation and specify both the instance and volume tags just like in the screenshot below.

In my organization there will be some policies applied for having tags on these resources, and we will be blocked if we cannot do this since our automation is depending on cloud formation at the moment.

[danielmdubois]

@luiseduardocolon My team has been using CloudFormation templates to create AWS::EC2::Instances (along with EIPs, NetworkInterfaces, SecurityGroups, EIPAssociations, etc).

The security/IT division of my company is implementing a new requirement that volumes be tagged upon on creation. Therefore, the common StackOverflow workaround of updating tags in the UserData block within the CF template will not work for us, since we expect volume creation will be blocked by this new policy. We need the ability to specify tags for the default root /dev/sda1 volume before the EC2 instance is created. Is there some way to do this, via LaunchTemplates or otherwise?

[danielmdubois]

@luiseduardocolon My team has been using CloudFormation templates to create AWS::EC2::Instances (along with EIPs, NetworkInterfaces, SecurityGroups, EIPAssociations, etc).

The security/IT division of my company is implementing a new requirement that volumes be tagged upon on creation. Therefore, the common StackOverflow workaround of updating tags in the UserData block within the CF template will not work for us, since we expect volume creation will be blocked by this new policy. We need the ability to specify tags for the default root /dev/sda1 volume before the EC2 instance is created. Is there some way to do this, via LaunchTemplates or otherwise?

FYI for anyone who has this issue, I was in fact able to tag volumes on creation using LaunchTemplates. You can define a LaunchTemplate in the CloudFormation template file, and reference it from an Instance also defined by the same CloudFormation, if you need the LaunchTemplate to have some parameterized dynamic values. Or you can do as I did, and make one static LaunchTemplate manually, outside the scope of the CloudFormation, and reference it within the Instance's JSON/YAML.

[GrahamLea]

Really wanting this. The inability to easily add tags to BlockDeviceMappings makes it harder to create a tag-based DLM Lifecycle Policy.

[robertd]

I was really hoping this would get released by ReInvent 2020.

[jchapuran]

This is beyond unprofessional. Hundreds of CFN updates have been released since this issue moved to "coming soon" 10 full months ago, most of them not on the public roadmap, some of them involving EC2/EBS as recently as last week. What's the point of this roadmap when our submitted issues are disrespected even more than the service itself?

[sahil-sharma]

While there is no valid ETA on this feature (which I feel is very crucial or desired) but, this is doable like this:

UserData:
Fn::Base64:
!Sub |
#!/bin/bash -e
echo -e "Tagging EBS volume"
AWS_AVAIL_ZONE=$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone)
AWS_REGION="echo \"$AWS_AVAIL_ZONE\" | sed 's/[a-z]$//'"
AWS_INSTANCE_ID=$(curl http://169.254.169.254/latest/meta-data/instance-id)
ROOT_VOLUME_IDS=$(aws ec2 describe-instances --region $AWS_REGION --instance-id $AWS_INSTANCE_ID --output text --query Reservations[0].Instances[0].BlockDeviceMappings[0].Ebs.VolumeId)
aws ec2 create-tags --resources $ROOT_VOLUME_IDS --region $AWS_REGION --tags Key=Name,Value=${AWS::StackName}

But, this is NOT a recommended solution. I prefer to use something native provided by AWS CF rather implementing some hack.
Hope it helps!

[karenbajador]

Any update on this from CF?

[robertd]

@karenbajador

Thank you for contacting AWS Premium Support.

From my understanding, you were enquiring for an update about a GitHub issue. This issue requested to allow tag specification on EBS volumes implicitly created by EC2 instances.

After looking into the internal tooling, I'm happy to let you know that there is an internal feature request already opened for this issue and I have added your support towards this. Since I am external to this process, I am unable to confirm nor deny that the developer team is actively working on this feature, nor give an exact ETA as to when this feature will be released. However, I do recommend you to keep an eye on the following resources to track the updates to the CloudFormation service:

• https://aws.amazon.com/blogs/aws/tag/aws-cloud-formation/
• https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/ReleaseHistory.html
• https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/projects/1

If you have particular pains with using AWS, please continue letting us know as we continually strive to improving our service and ensure the best experience for our customers. Also, if you're looking for further insight into this issue then I suggest contacting your assigned TAM. You're able to discuss any further steps in regards to this issue.

As a workaround, I have found a stackoverflow answer here [1] describing how you can use the AWS CLI interface, IAM role, and UserData initialization to automatically add tags to your EBS volumes. Since this is a third-party source, I cannot confirm nor deny whether the provided information is accurate. I suggest you to try this on a testing environment first and make adjustments for your own.

I hope that answers your inquiry. Please don't hesitate to let me know if you have any further questions or concerns. Also, please feel free to open a call/chat at any time and an available colleague will be able to help you as well.

Hope you stay safe and have a great day! :)

References:
[1] Is there a way to tag a root volume when initializing from the cloudformation template? - https://stackoverflow.com/a/24123651

We value your feedback. Please share your experience by rating this correspondence using the AWS Support Center link at the end of this correspondence. Each correspondence can also be rated by selecting the stars in top right corner of each correspondence within the AWS Support Center.

[robertd]

Can we at least hope this will arrive by AWS ReInvent 2021? :)

[robertd]

Hmmm... How did this go from "Coming soon" to "Researching"?

[PoweredByPeople]

Just one more comment for visibility, ran into this missing feature today. Would like to see this implemented.

[robertd]

Can we at least hope this will arrive by AWS ReInvent 2021? :)

Hoping for resolution (or any update at this point) by re:invent 2022 😢

[WaelA]

A new property is added to EC2::Instance https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2-instance-propagatetagstovolumeoncreation to propagate on creation

[robertd]

Wait a sec… this just got shipped!?! Excellent news!!!!🎉 🎉 🎉 No more user data script workarounds. 😊

Thanks for the great news.

[jchapuran]

That is helpful information, nice that we can propagate tags now. But it doesn't meet the demands of this ticket, which is to allow custom tags on the EBS volumes during launch. Doesn't seem this feature is anywhere in sight, as it's been moved all the way back to Researching.

[AllanOricil]

@WaelA

PropagateTagsToVolumeOnCreation is missing in @aws-sdk/client-ec2 RunInstancesCommand