search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.1k stars 53 forks source link

Feature Request for [AWS::EC2::Instance] to pass the tag for "resourceType": "network-interface" to the RunInstances API request #1947

Open tgyanen opened 4 months ago

tgyanen commented 4 months ago

Name of the resource

AWS::EC2::Instance

Resource name

No response

Description

Currently CloudFormation does have the ability pass the tag for "resourceType": "network-interface" to the RunInstances API request when an AWS::EC2::Instance resource is created.

It is also not passed even if we use a AWS::EC2::LaunchTemplate by specifying the LaunchTemplateTagSpecification property with ResourceType: network-interface.

However, it is possible from EC2 console or CLI to pass the tag "resourceType": "network-interface" while launching the instance as referenced in this EC2 documentation Add a tag when you launch an instance. This includes the tag in the RunInstances API request.

Other Details

One of the use cases of this feature is to ensure that all EC2 instances created from CloudFormation and it's associated resources are tagged properly. If there is an SCP in place that denies ec2:RunInstances on resource arn:aws:ec2:*:*:network-interface/* based on a tag condition, it always fails because the tag is not passed from CloudFormation. However, it works from EC2 console or CLI.