Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tags check fails on aws_cloudwatch_event_target with ecs_target block #616

Open
forstops opened this issue May 9, 2022 · 1 comment
Open

Tags check fails on aws_cloudwatch_event_target with ecs_target block #616

forstops opened this issue May 9, 2022 · 1 comment
Assignees
@eerkunt
Labels
bug

Comments

@forstops
Copy link

forstops commented May 9, 2022
edited

Description

When using "aws_cloudwatch_event_target" block with "ecs_target" block. an check to make sure if tags are present fails
When adding tags to the "ecs_target" block
Passes terraform plan
Fails compliance

When adding tags to "aws_cloudwatch_event_target" and "ecs_target" block check
Fails terraform plan as "aws_cloudwatch_event_target" does not support tags

To Reproduce

Feature File:

Feature: Tagging Enforcement
  In order to keep track of resource ownership
  As engineers
  We'll enforce tagging on all resources

  Scenario: Ensure all resources have tags
    Given I have resource that supports tags defined
    Then it must contain tags
    And its value must not be null

Plan File:

{
  "format_version": "0.1",
  "terraform_version": "0.14.4",
  "planned_values": {
    "root_module": {
      "resources": [
        {
          "address": "aws_cloudwatch_event_rule.console",
          "mode": "managed",
          "type": "aws_cloudwatch_event_rule",
          "name": "console",
          "provider_name": "registry.terraform.io/hashicorp/aws",
          "schema_version": 0,
          "values": {
            "description": "Capture all EC2 scaling events",
            "event_bus_name": "default",
            "event_pattern": "{\"detail-type\":[\"EC2 Instance Launch Successful\",\"EC2 Instance Terminate Successful\",\"EC2 Instance Launch Unsuccessful\",\"EC2 Instance Terminate Unsuccessful\"],\"source\":[\"aws.autoscaling\"]}",
            "is_enabled": true,
            "name": "capture-ec2-scaling-events",
            "role_arn": null,
            "schedule_expression": null,
            "tags": {
              "Environment": "Dev-Test",
              "Name": "test",
              "Project": "3331"
            },
            "tags_all": {
              "Environment": "Dev-Test",
              "Name": "test",
              "Project": "3331"
            }
          }
        },
        {
          "address": "aws_cloudwatch_event_target.yada",
          "mode": "managed",
          "type": "aws_cloudwatch_event_target",
          "name": "yada",
          "provider_name": "registry.terraform.io/hashicorp/aws",
          "schema_version": 1,
          "values": {
            "batch_target": [],
            "dead_letter_config": [],
            "ecs_target": [
              {
                "enable_ecs_managed_tags": false,
                "enable_execute_command": false,
                "group": null,
                "launch_type": "FARGATE",
                "network_configuration": [],
                "placement_constraint": [],
                "platform_version": null,
                "propagate_tags": "TASK_DEFINITION",
                "tags": {
                  "Environment": "Dev-Test",
                  "Name": "test",
                  "Project": "3331"
                },
                "task_count": 1,
                "task_definition_arn": "arn:aws:ecs:eu-west-1:000000000000:task/dev:2"
              }
            ],
            "event_bus_name": "default",
            "http_target": [],
            "input": null,
            "input_path": null,
            "input_transformer": [],
            "kinesis_target": [],
            "redshift_target": [],
            "retry_policy": [],
            "role_arn": null,
            "rule": "capture-ec2-scaling-events",
            "run_command_targets": [],
            "sqs_target": [],
            "target_id": "Yada"
          }
        },
        {
          "address": "aws_kinesis_stream.test_stream",
          "mode": "managed",
          "type": "aws_kinesis_stream",
          "name": "test_stream",
          "provider_name": "registry.terraform.io/hashicorp/aws",
          "schema_version": 1,
          "values": {
            "encryption_type": "NONE",
            "enforce_consumer_deletion": false,
            "kms_key_id": null,
            "name": "terraform-kinesis-test",
            "retention_period": 24,
            "shard_count": 1,
            "shard_level_metrics": null,
            "tags": {
              "Environment": "Dev-Test",
              "Name": "test",
              "Project": "3331"
            },
            "tags_all": {
              "Environment": "Dev-Test",
              "Name": "test",
              "Project": "3331"
            },
            "timeouts": null
          }
        }
      ]
    }
  },
  "resource_changes": [
    {
      "address": "aws_cloudwatch_event_rule.console",
      "mode": "managed",
      "type": "aws_cloudwatch_event_rule",
      "name": "console",
      "provider_name": "registry.terraform.io/hashicorp/aws",
      "change": {
        "actions": [
          "create"
        ],
        "before": null,
        "after": {
          "description": "Capture all EC2 scaling events",
          "event_bus_name": "default",
          "event_pattern": "{\"detail-type\":[\"EC2 Instance Launch Successful\",\"EC2 Instance Terminate Successful\",\"EC2 Instance Launch Unsuccessful\",\"EC2 Instance Terminate Unsuccessful\"],\"source\":[\"aws.autoscaling\"]}",
          "is_enabled": true,
          "name": "capture-ec2-scaling-events",
          "role_arn": null,
          "schedule_expression": null,
          "tags": {
            "Environment": "Dev-Test",
            "Name": "test",
            "Project": "3331"
          },
          "tags_all": {
            "Environment": "Dev-Test",
            "Name": "test",
            "Project": "3331"
          }
        },
        "after_unknown": {
          "arn": true,
          "id": true,
          "name_prefix": true,
          "tags": {},
          "tags_all": {}
        }
      }
    },
    {
      "address": "aws_cloudwatch_event_target.yada",
      "mode": "managed",
      "type": "aws_cloudwatch_event_target",
      "name": "yada",
      "provider_name": "registry.terraform.io/hashicorp/aws",
      "change": {
        "actions": [
          "create"
        ],
        "before": null,
        "after": {
          "batch_target": [],
          "dead_letter_config": [],
          "ecs_target": [
            {
              "enable_ecs_managed_tags": false,
              "enable_execute_command": false,
              "group": null,
              "launch_type": "FARGATE",
              "network_configuration": [],
              "placement_constraint": [],
              "platform_version": null,
              "propagate_tags": "TASK_DEFINITION",
              "tags": {
                "Environment": "Dev-Test",
                "Name": "test",
                "Project": "3331"
              },
              "task_count": 1,
              "task_definition_arn": "arn:aws:ecs:eu-west-1:000000000000:task/dev:2"
            }
          ],
          "event_bus_name": "default",
          "http_target": [],
          "input": null,
          "input_path": null,
          "input_transformer": [],
          "kinesis_target": [],
          "redshift_target": [],
          "retry_policy": [],
          "role_arn": null,
          "rule": "capture-ec2-scaling-events",
          "run_command_targets": [],
          "sqs_target": [],
          "target_id": "Yada"
        },
        "after_unknown": {
          "arn": true,
          "batch_target": [],
          "dead_letter_config": [],
          "ecs_target": [
            {
              "network_configuration": [],
              "placement_constraint": [],
              "tags": {}
            }
          ],
          "http_target": [],
          "id": true,
          "input_transformer": [],
          "kinesis_target": [],
          "redshift_target": [],
          "retry_policy": [],
          "run_command_targets": [],
          "sqs_target": []
        }
      }
    },
    {
      "address": "aws_kinesis_stream.test_stream",
      "mode": "managed",
      "type": "aws_kinesis_stream",
      "name": "test_stream",
      "provider_name": "registry.terraform.io/hashicorp/aws",
      "change": {
        "actions": [
          "create"
        ],
        "before": null,
        "after": {
          "encryption_type": "NONE",
          "enforce_consumer_deletion": false,
          "kms_key_id": null,
          "name": "terraform-kinesis-test",
          "retention_period": 24,
          "shard_count": 1,
          "shard_level_metrics": null,
          "tags": {
            "Environment": "Dev-Test",
            "Name": "test",
            "Project": "3331"
          },
          "tags_all": {
            "Environment": "Dev-Test",
            "Name": "test",
            "Project": "3331"
          },
          "timeouts": null
        },
        "after_unknown": {
          "arn": true,
          "id": true,
          "stream_mode_details": true,
          "tags": {},
          "tags_all": {}
        }
      }
    }
  ],
  "configuration": {
    "root_module": {
      "resources": [
        {
          "address": "aws_cloudwatch_event_rule.console",
          "mode": "managed",
          "type": "aws_cloudwatch_event_rule",
          "name": "console",
          "provider_config_key": "aws",
          "expressions": {
            "description": {
              "constant_value": "Capture all EC2 scaling events"
            },
            "event_pattern": {
              "constant_value": "{\n  \"source\": [\n    \"aws.autoscaling\"\n  ],\n  \"detail-type\": [\n    \"EC2 Instance Launch Successful\",\n    \"EC2 Instance Terminate Successful\",\n    \"EC2 Instance Launch Unsuccessful\",\n    \"EC2 Instance Terminate Unsuccessful\"\n  ]\n}\n"
            },
            "name": {
              "constant_value": "capture-ec2-scaling-events"
            },
            "tags": {
              "references": [
                "local.tags"
              ]
            }
          },
          "schema_version": 0
        },
        {
          "address": "aws_cloudwatch_event_target.yada",
          "mode": "managed",
          "type": "aws_cloudwatch_event_target",
          "name": "yada",
          "provider_config_key": "aws",
          "expressions": {
            "arn": {
              "references": [
                "aws_kinesis_stream.test_stream"
              ]
            },
            "ecs_target": [
              {
                "launch_type": {
                  "constant_value": "FARGATE"
                },
                "tags": {
                  "references": [
                    "local.tags"
                  ]
                },
                "task_count": {
                  "constant_value": 1
                },
                "task_definition_arn": {
                  "constant_value": "arn:aws:ecs:eu-west-1:000000000000:task/dev:2"
                }
              }
            ],
            "rule": {
              "references": [
                "aws_cloudwatch_event_rule.console"
              ]
            },
            "target_id": {
              "constant_value": "Yada"
            }
          },
          "schema_version": 1
        },
        {
          "address": "aws_kinesis_stream.test_stream",
          "mode": "managed",
          "type": "aws_kinesis_stream",
          "name": "test_stream",
          "provider_config_key": "aws",
          "expressions": {
            "name": {
              "constant_value": "terraform-kinesis-test"
            },
            "shard_count": {
              "constant_value": 1
            },
            "tags": {
              "references": [
                "local.tags"
              ]
            }
          },
          "schema_version": 1
        }
      ]
    }
  }
}

Sample Terraform Code:

resource "aws_cloudwatch_event_target" "yada" {
  target_id = "Yada"
  rule      = aws_cloudwatch_event_rule.console.name
  arn       = aws_kinesis_stream.test_stream.arn
  ecs_target {  
   tags = local.tags
   task_count          = 1
   task_definition_arn = "arn:aws:ecs:eu-west-1:000000000000:task/dev:2"
   launch_type = "FARGATE"
 }
}

resource "aws_cloudwatch_event_rule" "console" {
  name        = "capture-ec2-scaling-events"
  description = "Capture all EC2 scaling events"
  tags = local.tags
  event_pattern = <<PATTERN
{
  "source": [
    "aws.autoscaling"
  ],
  "detail-type": [
    "EC2 Instance Launch Successful",
    "EC2 Instance Terminate Successful",
    "EC2 Instance Launch Unsuccessful",
    "EC2 Instance Terminate Unsuccessful"
  ]
}
PATTERN
}

resource "aws_kinesis_stream" "test_stream" {
  name        = "terraform-kinesis-test"
  shard_count = 1
  tags = local.tags
}

locals {
  tags = {
    "Environment"         = "Dev-Test"
    "Project"             = "3331"
    "Name"                = "test"
  }
}

Used terraform-compliance Parameters:

--no-ansi --early-exit --silent

Tested Versions:

  • terraform-compliance version: v1.3.32
  • terraform version: Terraform v0.14.4 provider aws v4.12.1
  • python version: 3.8.0
@forstops forstops added the bug label May 9, 2022
@alaidler2
Copy link

I'm also encountering this issue - the resource is definitely tagged but compliance is flagging an error - having to allow_failure on this job in my CI pipelines really dilutes the effectiveness of the tool..

Any chance of a resolution on this one 🙏 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eerkunt eerkunt

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eerkunt @alaidler2 @forstops