The Tags property of AWS::Serverless::Function SAM type doesn’t work

[fdeshaie]

The Tags property of AWS::Serverless::Function SAM type doesn’t work.

As stated in here (https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction), the AWS::Serverless::Function should support Tags.

I am getting an error using the following SAM template :

AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: AVOPStransversalEBSlistAll: Type: AWS::Serverless::Function Properties: Handler: listAll.lambda_handler FunctionName: MyFunction Runtime: python2.7 Policies: AmazonEC2FullAccess MemorySize : 1024 Timeout : 30 Tags: ContactTag:Me

I am getting the following error Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [AVOPStransversalEBSlistAll] is invalid. Type of property 'Tags' is invalid.

When executing cloudformation deploy on the CF template generated successfully by cloudformation package.

The cloudformation deploy works fine when I remove the Tags.

[cluggas]

You haven't formatted your yaml correctly when posted above, so I can't see your indentation. But it should work. This works for me:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  AVOPStransversalEBSlistAll:
    Type: AWS::Serverless::Function
    Properties:
      Handler: listAll.lambda_handler
      FunctionName: MyFunction
      Runtime: python2.7
      Policies: AmazonEC2FullAccess
      MemorySize : 1024
      Timeout : 30
      Tags:
        ContactTag: Me

Indents are important in yaml.

[aar6ncai]

I am facing same issue with AWS::Serverless::Function and AWS::Serverless::API doesn't support tags as well

Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [*****] is invalid. Type of property 'Tags' is invalid.

[badfun]

I can confirm that tags work for both AWS::Serverless::Function and AWS::Serverless::API. The syntax is slightly different. For AWS::Serverless::Function it is:

Properties: Tags: your: tag

For AWS::Serverless::API it is:

paths: /your/path: get: tags:

• Your Tag

sorry this editor does not respect the indentations, but you can see where they go.

[fdeshaie]

It still doesn't work.

The problem is that after applying the cloudformation package command on the SAM template, the Tags is transform as follow From Properties: Tags: tagName: tagValue tagName: tagValue

TO Properties: Tags: tagName: tagValue tagName: tagValue

in the resultaing CloudFormation template.

When applying the cloudformation deploy command on the resulting template, I 'am obviously getting the error " Type of property 'Tags' is invalid"

[badfun]

@fdeshaie interesting...I just tried a new test adding more tags in case it had to do with the number of them, but I have no issue with them being created for both the api and the lambda.

[fdeshaie]

In which region are you deploying?

[badfun]

us-west-1

[fdeshaie]

The " Type of property 'Tags' is invalid" was coming from a preprocessing on my SAM template.

Now I am not getting the error but the tags does not get created. I just have the sam generated lambda:createdBy tag.

Does it override my tags ?

You can see your tags using aws lambda list-tags ?

[fdeshaie]

I do reproduce the problem using a basic CodeStar python/lamba template project and by adding the tags on the HelloWorl function in the SAM template.

[kyrogue]

facing the same issue, type of property tag is invalid

[kyrogue]

@fdeshaie i found out it will work if u put single quotes around all your tag VALUES, it looks like it cant parse some values properly.

[fdeshaie]

@kyrogue I am not getting the error anymore but the tags does not get created. I just have the sam generated lambda:createdBy tag.

You can see your tags using "aws lambda list-tags" cli command ?

[badfun]

@fdeshaie confirmed. Can see tags using aws lambda list-tags --resource <arn>

Also checked the packaged file and it looks fine. Maybe an issue with the CLI version? I am using 1.11.119

[fdeshaie]

I cannot see tags nor with "aws lambda list-tags --resource " or UI.

I do reproduce the problem using a basic CodeStar python/lamba template project and by adding the tags on the HelloWorl function in the SAM template.

[vikrambhatt]

Can you please post you template (properly formatted) and the region you are able to reproduce this?

[kepstein]

For me the fix was to use single quotes around the tag values.

[fdeshaie]

Hi everybody,

Adding the following rights to the CloudFormation role resolved my problem.

{ Action: ['lambda:ListTags', 'lambda:TagResource', 'lambda:UntagResource'], Effect: Allow, Resource: '*' } Those rights are not included by default in the CodeStar template.

Thanks to everyone for your answer.

[fdeshaie]

Now working with the solution above.

[turjachaudhuri]

I added this is in the Properties section of a resource of "Type" : "AWS::Serverless::Function"

"Tags": [{"Key":"Project" , "Value" : "GSP"}]

This is not working in JSON SAM template .

Any ideas?

[sanathkr]

Tags in SAM Is a direct map {Project: GSP}

[turjachaudhuri]

I changed my code to

"Tags":[{"Project":"GSP"}],

Still same error . Any idea ? I am using JSON template.

[turjachaudhuri]

I have an update =>

"Tags":{"Project":"GSP"},

this worked . But , in that case , how to specify more than one tag for the same resource?

[turjachaudhuri]

Also , I am trying to tag the implicit API gateway resource linked to my AWS Lambda function like this

"Events": { "PutResource": { "Type": "Api", "Properties": { "Path": "/256BitKey", "Method": "POST", "Tags":{"Project":"GSP"} } } }

But the template is giving syntax error in this case => "Tags key is invalid for this object"

[toricls]

@turjachaudhuri

"Tags":{"Project":"GSP"}, this worked . But , in that case , how to specify more than one tag for the same resource?

try this

"Tags":{
  "Project":"GSP",
  "Foo": "Bar"
}

[toricls]

@turjachaudhuri I think the implicit API doesn't have tags as its spec.

[piotrkubisa]

It is worth noting that aws-cli supports --tags in sam deploy (alias to aws cloudformation deploy) command:

aws cloudformation deploy \
    --template-file ${cf_packaged_template} \
    --stack-name ${cf_stack_name} \
    --tags Foo=${bar} Baz=Quux

[turjachaudhuri]

@piotrkubisa Hi , I dont want to use aws cli as I am directly publishing to AWS Lambda from VS2017 using AWS Toolkit for VS. Is there any way to do that?

[turjachaudhuri]

@toricls Hi , what is the alternative then ? Do I need to declare the API explicitly ? In that case , what is the way to connect the API with the Lambda function .

[fdeshaie]

This yaml works for me

Properties: Handler: xxxx FunctionName: xxxx Runtime: python3.6 Policies: xxxx MemorySize : 1024 Timeout : 6 Tags: Name: xxxx ID: xxxx Contact: !Ref CONTACT Scope: !Ref SCOPE Domain: deployment Service: S3 Environment: Variables: destination_s3_bucket: !Ref DestinationS3Bucket

I presume that this json would

"Properties": { "Handler": "xxxx", "FunctionName": "xxxx", "Runtime": "python3.6", "Policies": "xxxx", "MemorySize": 1024, "Timeout": 6, "Tags": { "Name": "xxxx", "ID": "xxxx", "Contact": "CONTACT", "Scope": "SCOPE", "Domain": "deployment", "Service": "S3" }, "Environment": { "Variables": { "destination_s3_bucket": "DestinationS3Bucket" } } }

Cordialement

---

[Email_CBE.gif]François Deshaies Enterprise Architect | Capgemini APPS CSD EUI | Paris [smaller Solutions Architect-Associate] Mob.: + 33 (0) 6 89 37 94 79 www.capgemini.comhttp://www.capgemini.com/ Seine Etoile 5-7 rue Frédéric Clavel 92 287 Suresnes Cedex [cid:image003.png@01D3914D.8F948160] People matter, results count.

---

Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini Technology Services SAS, a company registered in France (RCS : 479 766 842 – APE 6202 A NANTERRE) whose registered office is at 5/7, rue Frédéric Clavel – 92287 Suresnes cedex P Please consider the environment and do not print this email unless absolutely necessary. Capgemini encourages environmental awareness.

De : Yasuhiro HARA [mailto:notifications@github.com] Envoyé : mardi 6 mars 2018 16:21 À : awslabs/serverless-application-model Cc : DESHAIES, Francois; State change Objet : Re: [awslabs/serverless-application-model] The Tags property of AWS::Serverless::Function SAM type doesn’t work (#183)

@turjachaudhurihttps://github.com/turjachaudhuri

"Tags":{"Project":"GSP"}, this worked . But , in that case , how to specify more than one tag for the same resource?

try this

"Tags":{

"Project":"GSP",

"Foo": "Bar"

}

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHubhttps://github.com/awslabs/serverless-application-model/issues/183#issuecomment-370815972, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AEByOimzwR9QC4QfExpF4LS3hTyrPp1iks5tbqlMgaJpZM4PCbbr. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

[toricls]

@turjachaudhuri yes I guess so, explicit Api resource is required if you want to use tags for Api resource.

[ihr]

Here is a yaml syntax that surprisingly does not work for AWS::Serverless::Function but work very well for an AWS::S3::Bucket

  Tags:
    -
      Key: 'project'
      Value: !Ref ProjectName
    -
      Key: 'environment'
      Value: !Ref Stage
    -
      Key: 'project-part'
      Value: !Ref ProjectPartName

[keetonian]

Have you tried:

  Tags:
    project: !Ref ProjectName
    environment: !Ref Stage
    project-part: !Ref ProjectPartName

SAM tries to make tagging SAM resources easier than the normal CFN equivalent.

[MorneRensburg]

This format worked for me, it needs the value to be in quotes:

Tags:
   sometag : "tagvalue"

[rainabba]

What @MorneRensburg said above! The guide we should be looking at: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction

Included this info so maybe worth a read: https://www.jeremydaly.com/how-to-tag-your-lambda-functions-for-smarter-serverless-applications/

More:

I've submitted a PR: https://github.com/awsdocs/aws-cloudformation-user-guide/pull/618

This is clearly a documentation issue. The SAM Guide says, "A map (string to string) that specifies the tags added to the Lambda function and the corresponding IAM execution role. Keys and values are limited to alphanumeric characters. Keys can be 1 to 127 Unicode characters in length and cannot be prefixed with aws:. Values can be 1 to 255 Unicode characters in length.". The samples show a LIST, not MAP. I "knew" the difference, but didn't appreciate how important it was in this case (or YAML schema). Now I do :)

list
  -
    Key: item1
    Value: item1Val
  -
    Key: item2
    Value: item2Val
map
  item1: item1Val
  item2: item2Val

That might be fine if it stopped there and didn't then says "This property is similar to the Tags property of an AWS::Lambda::Function", and link us to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html, which provides a YAML example that's failing for all of us.

[keetonian]

@rainabba We tried to make sure that we explained the difference in the docs. We mention it is similar to the CFN property, but in the next sentence explain the differences.

This property is similar to the Tags property of an AWS::Lambda::Function. The Tags property in AWS SAM consists of Key:Value pairs. In AWS CloudFormation it consists of a list of Tag objects. When the stack is created, AWS SAM automatically adds a lambda:createdBy:SAM tag to this Lambda function and the corresponding IAM execution role.

Would it help if we were to add an example with Tags at the bottom of the page?

[kapilpendse]

@rainabba We tried to make sure that we explained the difference in the docs. We mention it is similar to the CFN property, but in the next sentence explain the differences.

This property is similar to the Tags property of an AWS::Lambda::Function. The Tags property in AWS SAM consists of Key:Value pairs. In AWS CloudFormation it consists of a list of Tag objects. When the stack is created, AWS SAM automatically adds a lambda:createdBy:SAM tag to this Lambda function and the corresponding IAM execution role.

Would it help if we were to add an example with Tags at the bottom of the page?

Yes, please include an example of how the syntax is different from the CloudFormation syntax. Saves time.