AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
To find the right CloudFormation Stack, where a AWS resource is defined/maintained, **aws:cloudformation:*** built-in tags are needed. This is an important function in day-to-day business.
Expected Behavior
Resources with type AWS::KMS::Key, which are managed as CloudFormations Stacks, should automatically receive the aws:cloudformation:* built-in tags / automatic default CFN AutoTags.
You will see on both Resources that aside from CloudFormation defined Tags, no other Tags are placed onto the Resources.
No tags aws:cloudformation:* are added to the resource (just the tags defined via Template-Resource-Level or via Stack-Level).
Issue Description
To find the right CloudFormation Stack, where a AWS resource is defined/maintained, **aws:cloudformation:*** built-in tags are needed. This is an important function in day-to-day business.
Expected Behavior
Resources with type
AWS::KMS::Key
, which are managed as CloudFormations Stacks, should automatically receive theaws:cloudformation:*
built-in tags / automatic default CFN AutoTags.Once support CloudFormation Drift-Detection will be added via https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1671, please handled by those automatic tags correctly (hence, aws:cloudformation:* tags are not a drift)
Observed Behavior
When you have an
AWS::KMS::Key
resource in your stack, it does not get the built-in tags assigned:aws:cloudformation:stack-name
aws:cloudformation:logical-id
aws:cloudformation:stack-id
Test Cases
Example Templates: Deploy this Stack in one Region:
You will see on both Resources that aside from CloudFormation defined Tags, no other Tags are placed onto the Resources. No tags
aws:cloudformation:*
are added to the resource (just the tags defined via Template-Resource-Level or via Stack-Level).Links