https://pulumi.com logo
Powered by
Title
b

broad-hairdresser-1495

07/23/2021, 11:26 AM
Hi, found bug in aws ec2 pulumi when having 
aws:
in tag as key This is not possible to create/change/import in pulumi: 
>pulumi up
Previewing update (simple):
     Type                 Name                Plan       Info
     pulumi:pulumi:Stack  aws_project-simple             15 messages
 ~   └─ aws:ec2:Instance  romlaz_frog_1       update     [diff: ~tags]


Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:simple::aws_project::pulumi:pulumi:Stack::aws_project-simple]
    ~ aws:ec2/instance:Instance: (update)
        [id=i-052b6a60438596375]
        [urn=urn:pulumi:simple::aws_project::aws:ec2/instance:Instance::romlaz_frog_1]
        [provider=urn:pulumi:simple::aws_project::pulumi:providers:aws::default_4_6_0::561a80d6-caf9-44d9-95a7-df4210902d44]
      ~ tags: {
          + aws:a_bug: "not creating or importing when tag Key starts with 'aws:'"
        }

Do you want to perform this update? yes
Updating (simple):
     Type                 Name                Status                  Info
     pulumi:pulumi:Stack  aws_project-simple  **failed**              1 error
 ~   └─ aws:ec2:Instance  romlaz_frog_1       **updating failed**     [diff: ~tags]; 1 error

Diagnostics:
  aws:ec2:Instance (romlaz_frog_1):
    error: 1 error occurred:
        * updating urn:pulumi:simple::aws_project::aws:ec2/instance:Instance::romlaz_frog_1: 1 error occurred:
        * error updating tags: error tagging resource (i-052b6a60438596375): InvalidParameterValue: Value ( '' ) for parameter Tag key is invalid. Tag key cannot be null or empty.
        status code: 400, request id: d7950a12-e85f-4bfa-bb88-ad5c6766c9a5

  pulumi:pulumi:Stack (aws_project-simple):
    error: update failed
Please note when importing with: 
pulumi_aws as aws
aws.ec2.get_instance(filters=filterForImport)
all tags are skipped with 
aws:
key names. This is a printout when running 
pulumi up
and using same filter with 2 different instance get by filter: 
:::::::::::TAGS__from:
    import pulumi_aws as aws
    aws.ec2.get_instance(filters=filterForImport)
    {'Name': 'aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec....'}

    :::::::::::TAGS__from:
    import boto3
    boto3.resource('ec2').instances.filter(Filters=filterForImport)
    {'Name': 'aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec....',
     'aws:cloudformation:logical-id': 'Instance',
     'aws:cloudformation:stack-name': 'aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec....',
     'aws:cloud9:environment': 'd8c776e86c1447ef82....',
     'aws:cloud9:owner': 'AIDA26ARS26....',
     'aws:cloudformation:stack-id': 'arn:aws:cloudformation:eu-west-1:7516561....:stack/aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec..../d9f79450-6813-11ea-9d48-0....
     'aws:cloudformation:stack-id': 'arn:aws:cloudformation:eu-west-1:7516561....:stack/aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec..../d9f79450-6813-11ea-9d48-0a9bdcf....
a'}
When using 
aws.ec2.get_instance(filters=filterForImport)
function skips all data with 
aws:
g

great-sunset-355

07/23/2021, 11:51 AM
did you want to import aws managed resource?
Tags 
aws:
are reserved for AWS managed resources, are you trying to import aws managed resource to manage it or just for the reference? If you want to manage cloud9 instances I think you'll have to use 
cloud9
package and not trying to manage the instance directly. This "bug" sounds to me like a protection from the sdk when you are trying to manage AWS managed resource and potentially cause some problems. With cloud9 ec2 instance it's similar when you'd want to manage ec2 instance of RDS and therefore break AWS service
b

broad-hairdresser-1495

07/23/2021, 12:10 PM
I found this bug when I tried to import an instance that had these key values in tags. so, if its, only for creating then i can just skip this ( by not using these tag names ), but this is when importing. and after you import this instance, Pulumi will skip all tag keys that have 
aws:
in. And later you will have a diff that Pulumi wants to create these tags... But what have Pulumi against what you as an end user create in any resource, that you cant use this: 
"tags": {
      "aws:a_bug": "not creating or importing when tag Key starts with 'aws:'"
    }
so its definitely a bug.
g

great-sunset-355

07/23/2021, 2:43 PM
Let me repeat myself, 
aws:
tags are system reserved tags and you should never need to import or create resources with such tags. https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html The requirement to import AWS-managed resources to your code suggests an antipattern in your workflow. As a user, you should never need to change properties of managed resource
👍 1
🆗 1
#awsJoin Slack
Powered by