[AWS][EC2] create-volume tagging request is made in a second time causing rejection from tagging policies #8538
Labels
bug
This issue is a bug.
ec2
investigating
This issue is being investigated and/or work is in progress to resolve the issue.
p3
This is a minor priority issue
Describe the bug
In order to track our costs in the company, we use tagging policies to ensure no resources are created without tags. This tagging policy also applies on EBS volumes. Aws cli create-volume commands seems to use two API call to create then tag, causing tagging policy to reject the creation request.
We want to know what is the good practice to forbid resource without tags and still be able to use the aws cli.
Expected Behavior
In order to track our costs, we use tagging policies to ensure no resources are created without tags. Consider the following tagging policy for EBS volumes:
We use the following AWS EC2 command to create a volume from a snapshot with tag specifications:
According to the documentation
We expected the volume to be created from the snapshot in AZ
us-east-1a
with the tagproject: MoonWalk
, instead resulting in an error due to the tagging policy. The error is described in thecurrent behavior
sectionCurrent Behavior
Trying to create a volume with tags
this returning the error:
When we decode the error:
We understand it is linked to tagging policy and the requests beeing made. We do not see the tag creation in the request.
Reproduction Steps
Create a tagging policy for EBS creation:
Create a volume using aws-cli (or boto) with tag spec:
Possible Solution
After removing the policy to verify that there were no mistakes with the tagging option, here is the result:
It appears that the volume creation process involves two API calls: one for the volume creation and another for tagging, which circumvents the tagging policy on creation.
Is it possible to make the tagging request in the same request or is there a workaround/a better way to ensure resource tagging while respecting aws-cli functioning.
Additional Information/Context
No response
CLI version used
aws-cli/2.15.20
Environment details (OS name and version, etc.)
22.04.3 LTS (Jammy Jellyfish)
The text was updated successfully, but these errors were encountered: