Terraform-provider-aws: Add support for ECS tags

Luckily this was already work in progress! More soon. 😄

I've used locals within our microservices.tf and then and merged resource specific tags with the locals to ensure all tags are applied to resources provisioned within the microservice.tf, that is, those that support tagging on creation. I my mind the tags for ECS would apply as with any other resource. However, I cannot test at this time due to Terraform not recognizing the "tags" key.

Resource tag, similar to the example above:

resource "aws_ecs_service" "example" {
tags = "${merge(
local.common_tags,
map(
"tag5", "tag5_value",
"tag6", "tag6_value"
)
)}"
}

Locals would be added at the top of the file but are not depicted in this example.

The tags argument has been added, tested, and documented for the three available ECS resources. This support will be released with version 1.46.0 of the AWS provider, likely sometime before Wednesday.

This has been released in version 1.46.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

This is great that tags are now supported, but they require a manual opt-in step in AWS. Is there any way to automate this opt-in process for particular roles that are created through terraform? Still getting:

InvalidParameterException: Long arn format must be used for tagging operations

currently on version 1.50.0 of the AWS provider

@andrewotoole to do this on the whole account level, you need to log in using the root AWS account and enable it per region you want.

@kl4w thank you! I have spoken to our SRE team and will check back once they are done to let you know if that worked.

@kl4w & @bflad

Not really get the meaning of opted-in. The resource I create is a total new ecs stack.

In the company, I have to login aws with assume role, no root account.

I got this error InvalidParameterException: Long arn format must be used for tagging operations today and I can't apply tags to aws_ecs_service resource.

Test with my own aws account (which I have root access), now I understood the difference.

• Login as assume role, which I can only opted-in for this role. In this case, even I enable to opt in to the new ARN and resource ID format it is useless, I still get the same issue.

• Login as root account, I can see the choices (setting scope) now:

1) set for root (override account default)
2) set for specific IAM user
3) set for specific IAM role

@bflad : although this is working perfectly fine for new ECS resources, this raises an error for resources created before AWS added the support for ECS tags.
InvalidParameterException: Long arn format must be used for tagging operations

I have opted in at root account level.

@ebarault can you please file a new bug report issue filling out the issue template details so we can further triage? Thanks.

@ebarault I just ran into the same issue. Interestingly, AWS wouldn't let me add tags to the ECS service via the AWS console either, so I don't think the issue is Terraform-specific. I had to destroy and recreate the service before I could add tags.

The new long arn has to be used in order to tag any ecs resources. This isn't a bug but rather an expected behavior. This issue is closed and I believe it's working as intended.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!