aktur
commented
2 years ago Another resource created by CloudFormation without tags is AWS::ElasticLoadBalancingV2::LoadBalancer. This is particularly worrying as LoadBalancer in not a free resource like the IAM role.
glb
Name of the resource
AWS::IAM::Role
Resource Name
AWS::IAM::Role
Issue Description
AWS::IAM::ROLE resource type is not supported to have CloudFormation default tags "aws:cloudformation:stack-id", "aws:cloudformation:logical-id", "aws:cloudformation:stack-name" even though the resource is successfully created.
Expected Behavior
According to documentation[1]; I see when a resource is created through CloudFormation the following tags are applied automatically:
aws:cloudformation:logical-id
aws:cloudformation:stack-id
aws:cloudformation:stack-name
References: [1] Resource tag - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html
Observed Behavior
But for the resource AWS::IAM::ROLE I didn't see this behavior although the CloudFormation support the "Tags" property on this resource.
I have observed the similar behavior to some more resource types like "AWS::ElasticLoadBalancingV2::LoadBalancer".
Test Cases
Try using the below sample template for role creation:
Once the role is created; review the Tags section of the role in IAM console; you won't be seeing the below tags as expected:
aws:cloudformation:logical-id
aws:cloudformation:stack-id
aws:cloudformation:stack-name
Other Details
No response