AWS Config: `Tags` of `AWS::IAM::Policy` and `AWS::CloudWatch::Alarm` are not recorded

r-heimann commented 1 year ago

See title, both resource types are missing recorded resource information.

iainelder commented 1 year ago

The schema suggests that the tags property exists on both of these resources. Do you have a sample query and results?

https://github.com/awslabs/aws-config-resource-schema/blob/18142251355ae21279eb4b3159cce06606ccf7ae/config/properties/resource-types/AWS%3A%3AIAM%3A%3APolicy.properties.json#L30-L32

https://github.com/awslabs/aws-config-resource-schema/blob/18142251355ae21279eb4b3159cce06606ccf7ae/config/properties/resource-types/AWS%3A%3ACloudWatch%3A%3AAlarm.properties.json#L40-L42

I have never tried to query the tags on these resources, so I don't know whether those properties are really implemented or not.

r-heimann commented 1 year ago

The schema suggests that the tags property exists on both of these resources. Do you have a sample query and results?

https://github.com/awslabs/aws-config-resource-schema/blob/18142251355ae21279eb4b3159cce06606ccf7ae/config/properties/resource-types/AWS%3A%3AIAM%3A%3APolicy.properties.json#L30-L32

https://github.com/awslabs/aws-config-resource-schema/blob/18142251355ae21279eb4b3159cce06606ccf7ae/config/properties/resource-types/AWS%3A%3ACloudWatch%3A%3AAlarm.properties.json#L40-L42

I have never tried to query the tags on these resources, so I don't know whether those properties are really implemented or not.

There is already an internal AWS Ticket open for this issue. Example Query:

SELECT
  *,
  relationships,
  tags
WHERE
  resourceType = 'AWS::CloudWatch::Alarm'

iainelder commented 1 year ago

Thanks for the info! We can look forward to a fix for that then.

nascit commented 1 year ago

This is also affecting my team

awslabs / aws-config-resource-schema

AWS Config: `Tags` of `AWS::IAM::Policy` and `AWS::CloudWatch::Alarm` are not recorded #49