Open bogdanb opened 2 years ago
Linking https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1066 (for common tracking)
See also #277 from 2019.
This is making writing SCPs to protect resources created by CloudFormation from deletion very difficult
Name of the resource
AWS::IAM::Role
Issue Description
When you have an
AWS::IAM::Role
resource in your stack, it does not get assigned the built-in tags:aws:cloudformation:stack-name
,aws:cloudformation:logical-id
andaws:cloudformation:stack-id
This happens both for roles specified directly in the template and in roles added by the AWS::Serverless transform.
Expected Behavior
All stack resources should automatically receive the aws:cloudformation:* built-in tags.
Observed Behavior
No tags are added automatically to AWS::IAM::Role resources.
Test Cases