Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS::Logs::LogGroup - Tags #919

Closed
harai opened this issue Sep 12, 2021 · 8 comments
Closed

AWS::Logs::LogGroup - Tags #919

harai opened this issue Sep 12, 2021 · 8 comments
Labels
Coverage

Comments

@harai
Copy link

harai commented Sep 12, 2021

Name of the resource

AWS::Logs::LogGroup

Resource name

No response

Description

CloudWatch Logs Log Group resource supports Tags attribute as described by AWS CLI Command Reference.

Current CloudFormation AWS::Logs::LogGroup resource doesn't support Tags property and should be supported.

Other Details
@harai harai added the Coverage label Sep 12, 2021
@samjarrett
Copy link

See also #77 and aws-cloudformation/aws-cloudformation-resource-providers-logs#53

@farski farski mentioned this issue Nov 11, 2021
Closed
@wchunl
Copy link

wchunl commented Nov 17, 2021

Apologies for delay, the release of this feature is now complete.

@samjarrett
Copy link

@wchunl documentation? https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html

@wchunl
Copy link

wchunl commented Nov 17, 2021

@samjarrett We are working on the documentation right now, will update when published

@seittema
Copy link

Unfortunately if you have existing stacks you may hit what I think is a bug trying to add tags. It appears if you currently use StackTags on your CFT Stacks, cloudformation thinks those tags are already on your loggroup and therefore will not add the tags even if you put it in your template. We added the Tags to our resource, and only 1 showed up out of the 8 we added. The other 7 were missing, however they also mirror existing StackTags that we have had on our stacks for years.

@RealityCtrl RealityCtrl mentioned this issue Dec 6, 2021
Merged
@farski
Copy link

farski commented Feb 8, 2022

The way this has been implemented is not playing nicely with drift detection.

  1. Create a new stack which does NOT contain a log group, but does have resource tags set on the stack itself (e.g., Foo=Bar)
  2. Update the stack by adding a log group which does NOT have any tags defined
  3. If you look at the log group, you'll see that the stack-level tags did propagate to the log group
  4. Update the stack by adding matching tags (i.e., Foo=Bar) explicitly to the log group
  5. Run a drift detection on the stack
  6. The drift status will now show MODIFIED, and the details will show an expected value of {Foo=Bar, Foo=Bar}, which can never happen on the actual resource.

@wchunl wchunl mentioned this issue Feb 9, 2022
Merged
@RobertoTorino
Copy link

Actually we had similar issues:
Known resources
AWS::SecretsManager::Secret
AWS::ApiGateway::Deployment
AWS::EC2::NetworkAcl
AWS::ECS::Cluster
AWS::Backup::BackupPlan
AWS::Backup::BackupVault

I just recently noticed I also got this on AWS BackUp and BackUpVault , resources deployed through cdk2.0/cloudformation.

I get tags starting with Key ":aws:" and when I want to remove it in the console it gives an error that tags starting with :aws are invalid.

But no way to remove the tags...

@rgoltz
Copy link

rgoltz commented Jul 29, 2022

The way this has been implemented is not playing nicely with drift detection.

  1. Create a new stack which does NOT contain a log group, but does have resource tags set on the stack itself (e.g., Foo=Bar)
  2. Update the stack by adding a log group which does NOT have any tags defined
  3. If you look at the log group, you'll see that the stack-level tags did propagate to the log group
  4. Update the stack by adding matching tags (i.e., Foo=Bar) explicitly to the log group
  5. Run a drift detection on the stack
  6. The drift status will now show MODIFIED, and the details will show an expected value of {Foo=Bar, Foo=Bar}, which can never happen on the actual resource.

Hi Chris / @farski - We ran into the same issue. In order to have a better tracking with AWS ServiceTeam, we split this CFN Drift detection issue and the AWS team opened a new, dedicated issue #1256

Actually we had similar issues: Known resources AWS::SecretsManager::Secret AWS::ApiGateway::Deployment AWS::EC2::NetworkAcl AWS::ECS::Cluster AWS::Backup::BackupPlan AWS::Backup::BackupVault

I just recently noticed I also got this on AWS BackUp and BackUpVault , resources deployed through cdk2.0/cloudformation.

I get tags starting with Key ":aws:" and when I want to remove it in the console it gives an error that tags starting with :aws are invalid.

But no way to remove the tags...

Bună Philip / @RobertoTorino - Regarding this in terms of AWS::Logs::LogGroup, the AWS team opened a new, dedicated issue #1255 - Here the CFN Drift detection should get better as well (Hence, you would not need to remove this helpful aws: tags.

@farski farski mentioned this issue Sep 9, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Coverage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@farski @RobertoTorino @harai @samjarrett @rgoltz @seittema @wchunl @cfn-github-issues-bot