Closed mgravlin closed 1 year ago
Hi @mgravlin!
Thank you for evaluating the resource-tags example hook, and for your feedback!
I think this could be done by adding another validation strategy, that combines resource-level and stack-level tags, and then only evaluates tag keys and tag values as a whole.
When I designed the resource-tags example hook, I only encompassed the two validation permutations you see today, i.e., resource-level tags (that I have set as the default strategy), and stack-level tags. For the latter, a consideration to make - not related to the implementation of this hook - is that stack-level tag propagation can vary by resource [1].
As per this example hook's behavior, that was your initial question, I think your request makes sense - let me look into the hook's code as time permits - changes I would think of making for this example hook will not, of course, change resource-specific propagation behaviors of stack-level tags [1], but only the way this example hook works.
Thank you again!
[1] "Propagation of stack-level tags to resources, including automatically created tags, can vary by resource. For example, tags aren't propagated to Amazon EBS volumes that are created from block device mappings." https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html
Hi @mgravlin! I wanted to provide an update to your query: I have worked on a code update, and submitted it with a pull request some minutes ago: the update is currently under review. This pull request adds an additional, example validation strategy called resource+stack
- more information is available in the README.md
file with the pull request code. Thank you!
Hi @mgravlin! I have just merged the pull request I opened, that was approved. Feel free to test and evaluate this sample hook with the updated code. Please refer to the updated README.md
file for this hook for more information. I will now close this issue, and feel free to (re)open it if needed. Thank you for your time!
Hi @mrinaudo-aws I performed some tests with the latest updates and it's working great. Thank you so much!
Thank you for your feedback, @mgravlin !
I tested hooks/python-hooks/resource-tags and noticed the ValidationStrategy is either resource or stack. I want to fail cfn deployments if missing required tags, but in an environment where tags may be at the resource or stack level, it will always fail. Is this a limitation with cfn hooks or is there a way hooks/python-hooks/resource-tags can be updated to fail any cfn deployment missing required tags regardless if the tag exists at the stack or resource level?