Add additional tags about auto-tag HOT 12 CLOSED

This worked perfectly! Thank you so much!

from auto-tag.

Bump

Would like to know the same

from auto-tag.

Hi, Can you give an example of what you would like to do?

It sounds like you want to just add an additional tag with a static key/value to every resource that is "auto-tagged"?

from auto-tag.

from auto-tag.

I don't think it makes sense to have AutoTag do this. AutoTag is tagging all snapshots so I'm not sure how AutoTag would know if this was one of your Backups or some other snapshot.

You can just tag the "Backup" snapshot with your tags when your function sends the snapshot create request.

See the "TagSpecification" Request Parameter of the CreateSnapshot API call.
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSnapshot.html

from auto-tag.

from auto-tag.

Ok. I agree, relying on users to remember to do something every time is never good.

One suggestion would be to create the opposite system and only tag the EC2 instances that do NOT need the backup, that is if your backup function that creates the snapshots can query for all instances and then filter out those with the tag...

from auto-tag.

Another suggestion would be to strictly enforce the tag's key and value for all EC2 RunInstances actions with IAM. This way aws won't allow the users to create the instance unless the tag is in the request, instead the user will get an error.

Here they have a good example of how to use the IAM Condition Key "aws:RequestTag/tag-key" for enforcing key/value under "Creating a Volume with Tags".
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html

The IAM policy for your users might looks something like this...

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "EnforceOpsAutomatorTagOnInstances",
      "Effect": "Allow",
      "Action": "ec2:RunInstances",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "aws:RequestTag/OpsAutomator": "Backup"
         }
       }
     }
  ]
}

from auto-tag.

Ultimately I just want every EC2 instance to be tagged with, "OpsAutomator=Backup" so that the OpsAutomator stack will automatically back it up according to our backup/retention policy. If we have a request for a specific resource to NOT be backed-up, then we can remove the tag. Since this is what we're using to auto-tag resources, it just seemed more logical to have auto-tag do this, rather than re-configuring everything else.

from auto-tag.

If you are using the code from master, you could fork it and add the tag to the "createTags" call in "src/workers/autotag_ec2_worker.js" like this.

tagEC2Resources(resources) {
    let _this = this;
    return new Promise((resolve, reject) => {
      try {
        _this.ec2.createTags({
          Resources: resources,
          Tags: [
            _this.getAutotagPair(),
           {Key: 'OpsAutomater', Value: 'Backup'}
          ]
        }, (err, res) => {
          if (err) {
            reject(err);
          } else {
            resolve(true);
          }
        });
      } catch (e) {
        reject(e);
      }
    });
  }

Then every instance will get the tag, but I don't think we would add this as a feature in general.

from auto-tag.

Would adding additional tags be possible in the Default_Worker? So every new resource would get the additional tag, regardless of the resource type?

from auto-tag.

Would adding additional tags be possible in the Default_Worker? So every new resource would get the additional tag, regardless of the resource type?

Hey Nipazz,

I think you'd want to just add it here in the default_worker...

getAutotagTags() {
    return [
      {Key: 'someNewTagKey', Value: 'someNewTagValue'},
      this.getAutotagCreatorTag(),
      ...(SETTINGS.AutoTags.CreateTime ? [this.getAutotagCreateTimeTag()] : []),
      ...(this.getInvokedByTagValue() && SETTINGS.AutoTags.InvokedBy ? [this.getAutotagInvokedByTag()] : []),
    ];
  }

from auto-tag.