Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
(cfnspec): Log Group tags unsupported in GovCloud
See original GitHub issueWhat is the problem?
It seems that v49.0.0 of the CloudFormation Spec added a Tags property as supported for the AWS::Logs::LogGroup resource: https://github.com/aws/aws-cdk/pull/17642. It doesn’t seem like CloudFormation supports this property in AWS GovCloud (US) yet. This results in stack creation/update failures due to the CDK now passing a Tags property for AWS::Logs::LogGroup.
The failure appears in 1.134.0 and 1.135.0; 1.132.0 works correctly. 1.133.0 has not been tested, nor have any 2.x versions.
Reproduction Steps
import * as cdk from "@aws-cdk/core";
import * as logs from "@aws-cdk/aws-logs";
class LogsStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
new logs.LogGroup(this, "LogGroup");
}
}
const app = new cdk.App();
const logsStack = new LogsStack(app, "Stack");
cdk.Tags.of(logsStack).add("TestTag", "TestValue");
What did you expect to happen?
The CloudFormation templates emitted by the CDK should work properly whether run in the commercial or GovCloud partitions.
What actually happened?
Encountered unsupported property Tags for AWS::Logs::LogGroup resources
CDK CLI Version
1.135.0
Framework Version
No response
Node.js Version
14
OS
Debian
Language
Typescript
Language Version
No response
Other information
This only seems to be an issue in GovCloud (both East and West). The generated resource is:
LogGroupF5B46931:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 731
Tags:
- Key: TestTag
Value: TestValue
UpdateReplacePolicy: Retain
DeletionPolicy: Retain
Metadata:
aws:cdk:path: Stack/LogGroup/Resource
Here are the stack events:
$ aws cloudformation describe-stack-events --stack-name "Stack" --query 'StackEvents[].{ResourceStatus:ResourceStatus,ResourceStatusReason:ResourceStatusReason}'
[
{
"ResourceStatus": "ROLLBACK_COMPLETE",
"ResourceStatusReason": null
},
{
"ResourceStatus": "DELETE_SKIPPED",
"ResourceStatusReason": null
},
{
"ResourceStatus": "ROLLBACK_IN_PROGRESS",
"ResourceStatusReason": "The following resource(s) failed to create: [LogGroupF5B46931]. Rollback requested by user."
},
{
"ResourceStatus": "CREATE_FAILED",
"ResourceStatusReason": "Encountered unsupported property Tags"
},
{
"ResourceStatus": "CREATE_IN_PROGRESS",
"ResourceStatusReason": "User Initiated"
},
{
"ResourceStatus": "REVIEW_IN_PROGRESS",
"ResourceStatusReason": "User Initiated"
}
]
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks for reporting this @kylelaker ,
I’m sorry this happened, govcloud limitations are frustrating to deal with especially since they can be so unpredictable. I have previously submitted a feature request which should help identify these issues ahead of time https://github.com/aws/aws-cdk/issues/16373. Given the unpredictability of these issues, this feature request will be considered the general solution moving forward (be sure to give it a thumbs up!). Since this issue is relatively easy to work around, I advise sticking to the great workaround you’ve implemented.
A temporary workaround seems to be to apply the following Aspect after anything that would add Tags to the
AWS::Logs::LogGroupresources: