How do I tag a root volume from an instance created by CloudFormation?
6 minute read
0
I want to tag the root volume of my Amazon Elastic Compute Cloud (Amazon EC2) instances that I created in AWS CloudFormation.
Resolution
To add Amazon EC2 tags to your attached volumes, add PropagateTagstoVolumeOnCreation in the CloudFormation template, and set its value to True.
To tag a root volume, complete the following steps:
-
Open the CloudFormation console.
-
On the dashboard, choose Create stack - With new resources (standard).
-
In the Prerequisite - Prepare template, choose Build from Infrastructure Composer, and then choose Create in Infrastructure Composer.
-
Choose Template, and then use either the YAML or JSON template into your code editor.
JSON template:{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "AWS CloudFormation Sample Template Tagging Root Volumes of EC2 Instances: This template shows you how to automatically tag the root volume of the EC2 instances that are created through the AWS CloudFormation template. This is done through the UserData property of the AWS::EC2::Instance resource. **WARNING** This template creates two Amazon EC2 instances and an IAM role. You will be billed for the AWS resources used if you create a stack from this template.", "Parameters": { "KeyName": { "Type": "AWS::EC2::KeyPair::KeyName", "Description": "Name of an existing EC2 KeyPair to enable SSH access to the ECS instances." }, "InstanceType": { "Description": "EC2 instance type", "Type": "String", "Default": "t2.micro", "AllowedValues": [ "t2.micro", "t2.small", "t2.medium", "t2.large", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge" ], "ConstraintDescription": "Please choose a valid instance type." }, "InstanceAZ": { "Description": "EC2 AZ.", "Type": "AWS::EC2::AvailabilityZone::Name", "ConstraintDescription": "Must be the name of an Availability Zone." }, "WindowsAMIID": { "Description": "The Latest Windows 2016 AMI taken from the public Systems Manager Parameter Store", "Type": "AWS::SSM::Parameter::Value<String>", "Default": "/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-Base" }, "LinuxAMIID": { "Description": "The Latest Amazon Linux 2 AMI taken from the public Systems Manager Parameter Store", "Type": "AWS::SSM::Parameter::Value<String>", "Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" } }, "Resources": { "WindowsInstance": { "Type": "AWS::EC2::Instance", "Properties": { "ImageId": { "Ref": "WindowsAMIID" }, "InstanceType": { "Ref": "InstanceType" }, "AvailabilityZone": { "Ref": "InstanceAZ" }, "IamInstanceProfile": { "Ref": "InstanceProfile" }, "KeyName": { "Ref": "KeyName" }, "PropagateTagsToVolumeOnCreation": "true", "Tags": [ { "Key": "Name", "Value": { "Ref": "AWS::StackName" } } ], "BlockDeviceMappings": [ { "DeviceName": "/dev/sdm", "Ebs": { "VolumeType": "io1", "Iops": "200", "DeleteOnTermination": "true", "VolumeSize": "10" } } ] } }, "LinuxInstance": { "Type": "AWS::EC2::Instance", "Properties": { "ImageId": { "Ref": "LinuxAMIID" }, "InstanceType": { "Ref": "InstanceType" }, "AvailabilityZone": { "Ref": "InstanceAZ" }, "IamInstanceProfile": { "Ref": "InstanceProfile" }, "KeyName": { "Ref": "KeyName" }, "PropagateTagsToVolumeOnCreation": "true", "Tags": [ { "Key": "Name", "Value": { "Ref": "AWS::StackName" } } ], "BlockDeviceMappings": [ { "DeviceName": "/dev/sdm", "Ebs": { "VolumeType": "io1", "Iops": "200", "DeleteOnTermination": "true", "VolumeSize": "10" } } ] } }, "InstanceRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "Policies": [ { "PolicyName": "taginstancepolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ { "Fn::Sub": "arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:volume/*" }, { "Fn::Sub": "arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:instance/*" } ] } ] } } ] } }, "InstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "InstanceRole" } ] } } } }YAML template:
AWSTemplateFormatVersion: 2010-09-09 Description: >- AWS CloudFormation Sample Template Tagging Root Volumes of EC2 Instances: This template shows you how to automatically tag the root volume of the EC2 instances that are created through the AWS CloudFormation template. This is done through the UserData property of the AWS::EC2::Instance resource. **WARNING** This template creates two Amazon EC2 instances and an IAM role. You will be billed for the AWS resources used if you create a stack from this template. Parameters: KeyName: Type: 'AWS::EC2::KeyPair::KeyName' Description: Name of an existing EC2 KeyPair to enable SSH access to the ECS instances. InstanceType: Description: EC2 instance type Type: String Default: t2.micro AllowedValues: - t2.micro - t2.small - t2.medium - t2.large - m3.medium - m3.large - m3.xlarge - m3.2xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge - c4.large - c4.xlarge - c4.2xlarge - c4.4xlarge - c4.8xlarge - c3.large - c3.xlarge - c3.2xlarge - c3.4xlarge - c3.8xlarge - r3.large - r3.xlarge - r3.2xlarge - r3.4xlarge - r3.8xlarge - i2.xlarge - i2.2xlarge - i2.4xlarge - i2.8xlarge ConstraintDescription: Please choose a valid instance type. InstanceAZ: Description: EC2 AZ. Type: 'AWS::EC2::AvailabilityZone::Name' ConstraintDescription: Must be the name of an Availability Zone. WindowsAMIID: Description: >- The Latest Windows 2016 AMI taken from the public Systems Manager Parameter Store Type: 'AWS::SSM::Parameter::Value<String>' Default: /aws/service/ami-windows-latest/Windows_Server-2016-English-Full-Base LinuxAMIID: Description: >- The Latest Amazon Linux 2 AMI taken from the public Systems Manager Parameter Store Type: 'AWS::SSM::Parameter::Value<String>' Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 Resources: WindowsInstance: Type: 'AWS::EC2::Instance' Properties: ImageId: !Ref WindowsAMIID InstanceType: !Ref InstanceType AvailabilityZone: !Ref InstanceAZ IamInstanceProfile: !Ref InstanceProfile KeyName: !Ref KeyName PropagateTagsToVolumeOnCreation: 'true' Tags: - Key: Name Value: !Ref 'AWS::StackName' BlockDeviceMappings: - DeviceName: /dev/sdm Ebs: VolumeType: io1 Iops: '200' DeleteOnTermination: 'true' VolumeSize: '10' LinuxInstance: Type: 'AWS::EC2::Instance' Properties: ImageId: !Ref LinuxAMIID InstanceType: !Ref InstanceType AvailabilityZone: !Ref InstanceAZ IamInstanceProfile: !Ref InstanceProfile KeyName: !Ref KeyName PropagateTagsToVolumeOnCreation: 'true' Tags: - Key: Name Value: !Ref 'AWS::StackName' BlockDeviceMappings: - DeviceName: /dev/sdm Ebs: VolumeType: io1 Iops: '200' DeleteOnTermination: 'true' VolumeSize: '10' InstanceRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: taginstancepolicy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'ec2:Describe*' Resource: '*' - Effect: Allow Action: - 'ec2:CreateTags' Resource: - !Sub 'arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:volume/*' - !Sub 'arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:instance/*' InstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - !Ref InstanceRoleImportant: Add the desired tags in the Tags property of the AWS::EC2::Instance tags.
-
Choose Create template. Then, confirm and continue to CloudFormation.
-
Choose Next.
-
For Stack name, enter a name for your stack.
-
In the Parameters section, enter the information based on the needs of your environment, including your instance type, EC2 key pair, and Amazon Machine Image (AMI).
-
Choose Next.
-
In the Options section, enter the information for your stack. Then, choose Next.
-
Activate the CloudFormation stack to create an AWS Identity and Access Management (IAM) resource. If you agree to the terms, select the I acknowledge that AWS CloudFormation might create IAM resources check box.
-
Choose Submit.
Tag the root volume of the instance
Complete the following steps:
- Open the Amazon EC2 console.
- In the navigation pane, in the Elastic Block Store section, choose Volumes.
- In the Filter field, enter the tag that you set in the CloudFormation stack to confirm that the volume was tagged.
- Topics
- Management & Governance
- Language
- English
AWS OFFICIALUpdated 4 months ago
No comments
Relevant content
- asked 3 years ago
