Hi found bug in aws ec2 pulumi when having `aws ` in tag as Pulumi Community #aws

Hi, found bug in aws ec2 pulumi when having `aws:`...

broad-hairdresser-1495

07/23/2021, 11:26 AM

Hi, found bug in aws ec2 pulumi when having

aws:

in tag as key This is not possible to create/change/import in pulumi:

Copy code

>pulumi up
Previewing update (simple):
     Type                 Name                Plan       Info
     pulumi:pulumi:Stack  aws_project-simple             15 messages
 ~   └─ aws:ec2:Instance  romlaz_frog_1       update     [diff: ~tags]


Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:simple::aws_project::pulumi:pulumi:Stack::aws_project-simple]
    ~ aws:ec2/instance:Instance: (update)
        [id=i-052b6a60438596375]
        [urn=urn:pulumi:simple::aws_project::aws:ec2/instance:Instance::romlaz_frog_1]
        [provider=urn:pulumi:simple::aws_project::pulumi:providers:aws::default_4_6_0::561a80d6-caf9-44d9-95a7-df4210902d44]
      ~ tags: {
          + aws:a_bug: "not creating or importing when tag Key starts with 'aws:'"
        }

Do you want to perform this update? yes
Updating (simple):
     Type                 Name                Status                  Info
     pulumi:pulumi:Stack  aws_project-simple  **failed**              1 error
 ~   └─ aws:ec2:Instance  romlaz_frog_1       **updating failed**     [diff: ~tags]; 1 error

Diagnostics:
  aws:ec2:Instance (romlaz_frog_1):
    error: 1 error occurred:
        * updating urn:pulumi:simple::aws_project::aws:ec2/instance:Instance::romlaz_frog_1: 1 error occurred:
        * error updating tags: error tagging resource (i-052b6a60438596375): InvalidParameterValue: Value ( '' ) for parameter Tag key is invalid. Tag key cannot be null or empty.
        status code: 400, request id: d7950a12-e85f-4bfa-bb88-ad5c6766c9a5

  pulumi:pulumi:Stack (aws_project-simple):
    error: update failed

broad-hairdresser-1495

07/23/2021, 11:35 AM

Please note when importing with:

Copy code

pulumi_aws as aws
aws.ec2.get_instance(filters=filterForImport)

all tags are skipped with

aws:

key names. This is a printout when running

pulumi up

and using same filter with 2 different instance get by filter:

Copy code

:::::::::::TAGS__from:
    import pulumi_aws as aws
    aws.ec2.get_instance(filters=filterForImport)
    {'Name': 'aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec....'}

    :::::::::::TAGS__from:
    import boto3
    boto3.resource('ec2').instances.filter(Filters=filterForImport)
    {'Name': 'aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec....',
     'aws:cloudformation:logical-id': 'Instance',
     'aws:cloudformation:stack-name': 'aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec....',
     'aws:cloud9:environment': 'd8c776e86c1447ef82....',
     'aws:cloud9:owner': 'AIDA26ARS26....',
     'aws:cloudformation:stack-id': 'arn:aws:cloudformation:eu-west-1:7516561....:stack/aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec..../d9f79450-6813-11ea-9d48-0....
     'aws:cloudformation:stack-id': 'arn:aws:cloudformation:eu-west-1:7516561....:stack/aws-cloud9-eric-testing-machine-d8c776e86c1447ef82fe0aa544ec..../d9f79450-6813-11ea-9d48-0a9bdcf....
a'}

When using

aws.ec2.get_instance(filters=filterForImport)

function skips all data with

aws:

great-sunset-355

07/23/2021, 11:51 AM

did you want to import aws managed resource?

great-sunset-355

07/23/2021, 11:55 AM

Tags

aws:

are reserved for AWS managed resources, are you trying to import aws managed resource to manage it or just for the reference? If you want to manage cloud9 instances I think you'll have to use

cloud9

package and not trying to manage the instance directly. This "bug" sounds to me like a protection from the sdk when you are trying to manage AWS managed resource and potentially cause some problems. With cloud9 ec2 instance it's similar when you'd want to manage ec2 instance of RDS and therefore break AWS service

broad-hairdresser-1495

07/23/2021, 12:10 PM

I found this bug when I tried to import an instance that had these key values in tags. so, if its, only for creating then i can just skip this ( by not using these tag names ), but this is when importing. and after you import this instance, Pulumi will skip all tag keys that have

aws:

in. And later you will have a diff that Pulumi wants to create these tags... But what have Pulumi against what you as an end user create in any resource, that you cant use this:

Copy code

"tags": {
      "aws:a_bug": "not creating or importing when tag Key starts with 'aws:'"
    }

so its definitely a bug.

great-sunset-355

07/23/2021, 2:43 PM

Let me repeat myself,

aws:

tags are system reserved tags and you should never need to import or create resources with such tags. https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html The requirement to import AWS-managed resources to your code suggests an antipattern in your workflow. As a user, you should never need to change properties of managed resource

👍 1

🆗 1

3 Views

Open in Slack

Previous Next