Terraform-provider-aws: Unable to use a tag that starts with aws: in a datasource filter
_This issue was originally opened by @Dchamard as hashicorp/terraform#11838. It was migrated here as part of the provider split. The original body of the issue is below._
Terraform Version
0.8.4
Affected Resource(s)
- aws_security_group (datasource)
It is propably affecting most of the aws datasources as well.
Terraform Configuration Files
data "aws_security_group" "beanstalk_sg" {
count = "${var.beanstalk_sg_manage_enabled}"
tags = {
"aws:cloudformation:logical-id" = "AWSEBLoadBalancerSecurityGroup"
"Name" = "${var.stack_name}"
"service" = "${var.stack_name}-beanstalk"
}
}
Debug Output
2017/02/09 17:14:25 [DEBUG] plugin: terraform: aws-provider (internal) 2017/02/09 17:14:25 [DEBUG] Matching ^aws:* with Name
2017/02/09 17:14:25 [DEBUG] plugin: terraform: aws-provider (internal) 2017/02/09 17:14:25 [DEBUG] Matching ^aws:* with service
2017/02/09 17:14:25 [DEBUG] plugin: terraform: aws-provider (internal) 2017/02/09 17:14:25 [DEBUG] Matching ^aws:* with aws:cloudformation:logical-id
2017/02/09 17:14:25 [DEBUG] plugin: terraform: aws-provider (internal) 2017/02/09 17:14:25 [DEBUG] Found AWS specific tag aws:cloudformation:logical-id (val: AWSEBLoadBalancerSecurityGroup), ignoring.
2017/02/09 17:14:25 [DEBUG] plugin: terraform: aws-provider (internal) 2017/02/09 17:14:25 [DEBUG] Describe Security Groups {
Expected Behavior
I should have been abled to use this tag to find the proper resource for my data source
Actual Behavior
It is ignoring the tag because it starts with aws:
This was introduced in the following issue.
https://github.com/hashicorp/terraform/issues/4513
I understand that those tags cannot be modifed because its used internally by aws but we should be able to use them as data source to find resources.
The data source is using the same 'tagsFromMap' generic method that calls the 'tagIgnored' method that will filter tags that start with aws:
References
hashibot
All 4 comments
I have an outstanding PR, hashicorp/terraform#14116, to address this issue. Would appreciate feedback - if the approach to fix this should be changed, I'd love to get some guidance on that as well.
ericwestfall
on 15 Jun 2017
@Dchamard Did you try with a filter block?
data "aws_security_group" "beanstalk_sg" {
count = "${var.beanstalk_sg_manage_enabled}"
tags = {
"Name" = "${var.stack_name}"
"service" = "${var.stack_name}-beanstalk"
}
filter {
name = "tag:aws:cloudformation:logical-id"
values = ["AWSEBLoadBalancerSecurityGroup"]
}
}
ewbankkit
on 29 Nov 2019
@Dchamard Did you try with a
filterblock?data "aws_security_group" "beanstalk_sg" { count = "${var.beanstalk_sg_manage_enabled}" tags = { "Name" = "${var.stack_name}" "service" = "${var.stack_name}-beanstalk" } filter { name = "tag:aws:cloudformation:logical-id" values = ["AWSEBLoadBalancerSecurityGroup"] } }
Putting the aws:* tags in the filter block works perfectly.
Thanks @ewbankkit
kalhua
on 31 Mar 2020
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 4 Jul 2020
Related issues
andywirv
ยท
3Comments
reedloden
ยท
3Comments
joelittlejohn
ยท
3Comments
gothrek22
ยท
3Comments
hashibot
ยท
3Comments
Most helpful comment
I have an outstanding PR, hashicorp/terraform#14116, to address this issue. Would appreciate feedback - if the approach to fix this should be changed, I'd love to get some guidance on that as well.