CloudFormation custom resource provider for managing any AWS resource tags. Sometimes a resource, such as AWS::EC2::EIP, does support tags but not in CloudFormation. With the provider you can specify tags as a separate CloudFormation resource.
Very simply, add a Custom::Tag to your CloudFormation template:
EIPBastionPoolTag:
Type: Custom::Tag
Properties:
ResourceARN:
- !Sub 'arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:eip/${EIP1.AllocationId}'
- !Sub 'arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:eip/${EIP2.AllocationId}'
- !Sub 'arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:eip/${EIP3.AllocationId}'
Tags:
EIPPoolName: eip-bastion-pool
ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:cfn-tag-provider'You can tag any resource and add multiple tags in a single resource.
To deploy the provider, type:
aws cloudformation create-stack \
--capabilities CAPABILITY_IAM \
--stack-name cfn-tag-provider \
--template-body file://./cloudformation/cfn-resource-provider.yaml
aws cloudformation wait stack-create-complete --stack-name cfn-tag-providerThis CloudFormation template will use our pre-packaged provider from 463637877380.dkr.ecr.eu-central-1.amazonaws.com/xebia/cfn-tag-provider:1.0.0.
In order to deploy the demo, type:
aws cloudformation create-stack \
--capabilities CAPABILITY_NAMED_IAM \
--stack-name cfn-tag-provider-demo \
--template-body file://./cloudformation/demo.yaml
aws cloudformation wait stack-create-complete --stack-name cfn-tag-provider-demoThe tag and untag resources operation requires query, tag and untag permissions on the tagged resources too. Currently, these IAM permissions are generated and added to the security policy of the provider using the script add-allow-tag-actions-statement.
- untag commands fail silently.