[Bug]: aws_batch_job_definition tag broken when no existing tags

[james-flwls]

Terraform Core Version

v1.8.5

AWS Provider Version

v5.54.1

Affected Resource(s)

• aws_batch_job_definition

Expected Behavior

Any tags are reflected in AWS

Actual Behavior

Tags are only added if there is at least one tag in AWS for the batch definition

Relevant Error/Panic Output Snippet

The plan / apply looks correct but not reflected in AWS

Terraform Configuration Files

resource "aws_batch_job_definition" "main" {

  name                  = var.container_name
  type                  = "container"
  platform_capabilities = [var.platformCapabilities]
  container_properties  = jsonencode(local.container_definition_without_null)
  propagate_tags        = true
  tags = {
    Environment = var.environment
    Namespace   = var.namespace
    Project     = var.project
    Service     = var.app
    Team        = "development"
  }
}

Steps to Reproduce

Running a plan / apply when there are no existsing tags

~ revision                   = 7 -> (known after apply)
 ~ tags                       = {
    "Environment" = "dev"
  + "Namespace"   = "main"
    "Project"     = "xxxx"
  + "Service"     = "xxxx"
  + "Team"        = "development"
}
~ tags_all                   = {
  + "Environment" = "dev"
  + "ManagedBy"   = "terraform"
  + "Namespace"   = "main"
  + "Owner"       = "xxxx"
  + "Project"     = "xxxx"
  + "Role"        = "batch"
  + "Service"     = "xxxx"
  + "SourcePath"  = "xxxx"
  + "Team"        = "development"

AWS is missing all tags including from tags_all

If I then create a manual tag in AWS Environment = foo

Running plan / apply

~ revision                   = 8 -> (known after apply)
~ tags                      = {
    ~ "Environment" = "foo" -> "dev"          <------- detects the change
    + "Namespace"   = "main"
      "Project"     = "xxxx"
    + "Service"     = "xxxx"
    + "Team"        = "development"
  }
~ tags_all                   = {
    ~ "Environment" = "foo" -> "dev"
    + "ManagedBy"   = "terraform"
    + "Namespace"   = "main"
    + "Owner"       = "xxxx"
    + "Project"     = "xxxxx"
    + "Role"        = "batch"
    + "Service"     = "xxxx"
    + "SourcePath"  = "xxxxx"
    + "Team"        = "development"
  }
  # (8 unchanged attributes hidden)
}

All tags are now present correctly

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[james-flwls]

So it seems that the problem happens when the new definition becomes active. The old definition has the correct tags.

[andrewmwilson]

I think this is a duplicate of https://github.com/hashicorp/terraform-provider-aws/issues/37254

[james-flwls]

Possibly a duplicate - its a bit unclear on that ticket if its the same. It implies its related to tags_all and not having any tags on the resource. It is a tag issue on aws_batch_job_definition so likely to be related

[james-flwls]

Is there any idea if this bug will be picked up - would be good to get a fix in as we can't propogate tags at the moment