search

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
Apache License 2.0
360 stars 205 forks source link

Support for configurable Tags on Stack/StackSets on manifest file #142

Open nd-at-globetel opened 1 year ago

nd-at-globetel commented 1 year ago

When it comes to creation of StackSets in the CfCT manifest file, when there's an AWS Organization's SCP applied that prevents the creation of resources with non-compliant tagging (e.g. CloudFormation resources (Stack/StackSets). It's difficult to implement these compliant tags.

Possible workarounds:

  1. Reverse engineer the CfCT implementation and add the required tags on the source code of the CfCT itself
  2. Disable the organization's SCP tagging compliance to allow the deployment of the Stacks/StackSets defined in the manifest file of the CfCT temporarily.

  3. Implement WrapperTemplates to implement stack/stackset level tags. Reference link to StackOverFlow discussion

    {
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "WrapperTemplate",

"Resources": {
"WrappedStackWithStackLevelTags": {
  "Type" : "AWS::CloudFormation::Stack",
  "Properties" : {
    "Tags" : [ { "Key" : "Stage", "Value" : "QA" } ],
    "TemplateURL" : "your-original-template-s3-url"
  }
}
}
}

Configurable Tags at the StackSet level A code snippet of the proposed feature request.

  - name: new-cool-stackset
    resource_file: templates/my-cool-stackset.yaml
    deploy_method: stack_set
    deployment_targets:
      organizational_units:
        - Sandbox
    # custom tagging implem here that will be applied to the my-cool-stackset stackset
    tags:
       - key: RequiredTagKey1
         value: RequiredTagValue1
       - key: RequiredTagKey2
         value: RequiredTagValue2

Thank you. AWS CfCT Team. I hope my feature request will be accommodated.

balltrev commented 1 year ago

Thank you for the feature request @nd-at-globetel!

I've gone ahead and made a backlog to discuss this with the team.

nd-at-globetel commented 1 year ago

Thank you for the accommodating our request, @balltrev :)

richardsonky commented 1 year ago

this is something we need as well

dmorasol commented 11 months ago

We also need this feature

anairinac commented 11 months ago

Hi Team, it's been almost a year since this was first discussed. Is there any update or ETA?

We also need this 🙏

mgenova commented 11 months ago

We need this feature as well.