Instances created without specific tags are terminated by AWS SCP.
ibehren1 opened this issue · 2 comments
We have an issue where a new AWS SCP requires certain tags on instances cannot be created. It appears to me that kitchen-ec2 is creating the instance without tags and then trying to tag it.
- Is this correct?
- Is it implemented this way for a specific reason?
- Anyone else have similar issue and possibly a work around?
Thanks
I am sorry, I am not a Ruby guy... I have been looking at the code and seems like it could be altered in this area to add tag_specifications to the create instance call.
https://github.com/test-kitchen/kitchen-ec2/blob/master/lib/kitchen/driver/ec2.rb#L416
# Fog AWS helper for creating the instance
def submit_server
instance_data = instance_generator.ec2_instance_data
debug("Creating EC2 instance in region #{config[:region]} with properties:")
instance_data.each do |key, value|
debug("- #{key} = #{value.inspect}")
end
instance_data[:min_count] = 1
instance_data[:max_count] = 1
ec2.create_instance(instance_data)
end
As I mention above, we have new enterprise policy which uses SCP (Service Control Policies) to stop instances from being created if they do not have proper tags but right now that is stopping us from using test-kitchen which is a real loss. Tagging the instance at creation rather than after it is created and running would solve this issue.
Can someone provide a little insight for me? I would appreciate it!
+1 - having the same issue. SCP is denying EC2s from spinning up because they are missing tags. I also believe they are spinning up without the tags and then trying to tag them.
Seems also a duplicate as this issue - #464
Also seems similar to - #360
Here is a change that someone tried in a PR - https://github.com/test-kitchen/kitchen-ec2/pull/414/files
Or this one - https://github.com/test-kitchen/kitchen-ec2/pull/364/files. Unfortunately neither have been merged.