AWS::EC2::EIP - support tagging

[gjenkins8]

1. Title

AWS::EC2::EIP - support tagging

2. Scope of request

AWS::EC2::EIP resource lacks tagging support within CloudFormation. Instead, newly created EIPs must be tagged via API post-creation (e.g. with a lambda).

This applies both to stack level tags, and the ability to supply tags as a property.

3. Expected behavior

EIPs created within a stack should receive stack level tags, and have the ability to add tags via the template:

Type: AWS::EC2::EIP
Properties: 
  Tags:
  -  Key: "Name"
  -  Value: "Subnet1 NAT Egress"

4. Suggest specific test cases

5. Helpful Links to speed up research and evaluation

Stack Overflow question: https://stackoverflow.com/questions/49993354/awselastic-ip-assign-a-name-to-an-elastic-ip-using-cloudformation

Forum feature request (from 2012!!!): https://forums.aws.amazon.com/thread.jspa?threadID=96348

6. Category (required) - Will help with tagging and be easier to find by other users to +1

1. Compute (EC2, ECS, EKS, Lambda...)

7. Any additional context (optional)

[whereisaaron]

Woohoo! Been waiting actual years for this one! 🎉

It’s one of CloudFormation limitations holding back the eksctl project also: eksctl-io/eksctl#778

This roadmap project is fantastic to have. I must admit, I don’t really understand why the CF team doesn’t know about API changes in advance, nor why Terraform can consistently stay 1-2 years ahead of CF in AWS API coverage. From the outside, as a customer, it seems weird? Is CF just under-resourced and/or unloved within AWS?

[dannosaur]

I've literally just stumbled across the fact that this doesn't exist in CFN. Why is CFN so slow to implement fundamental features?

[gjenkins8]

👍

[seittema]

Be careful, we are seeing strange behavior with updating our EIP to add tags. After updating a stack to add tags to an existing EIP, we are seeing the EIP dissociated itself with the EC2 instance that it was attached to. Unsure if it's something we are doing or CFT but its caused issues for us at the moment.

[whereisaaron]

Thanks @seittema, if you can replicate it, I suggest you open a new issue for it here and also report it to AWS support.

[seittema]

@whereisaaron Already have ticket in with AWS support and they confirmed they can replicate, it's with the AWS internal CFT now.

[damnhandy]

@seittema I wonder if you're hitting a similar issue that I am where simply adding tags forces a replacement rather than updating the EIP resource. See issue #309

[seittema]

@damnhandy Yup same issue, if the EIP is associated with a resource that you cannot disassociate with, for instance a Manage NAT Gateway, then you get the error ec2:disassociateAddress, however if the EIP is associated with a resource that it is allowed to dissociate from, for example a running EC2 instance, then it actually disassociates the EIP and returns a success which if you depend on that EIP on that application breaks your environment.

[whereisaaron]

This may be fixed @damnhandy @seittema, I was able to use Cloudformation to add tags to EIP associated with NAT gateways yesterday. No error or disassociation.

[seittema]

@whereisaaron Yes this was fixed around 3/6