Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ec2.ClientVpnEndpoint: Tags do not get applied to the created client VPN endpoint #31616

Open
1 task
adam-clauss opened this issue Oct 1, 2024 · 1 comment
Open
1 task

Ec2.ClientVpnEndpoint: Tags do not get applied to the created client VPN endpoint #31616

adam-clauss opened this issue Oct 1, 2024 · 1 comment
Assignees
@khushail
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@adam-clauss
Copy link

Describe the bug

This is essentially a re-opening I believe of #18381.

I found this when using CDK to create a Client VPN endpoint. I used Tags.Of(endpoint).Add() - and the tag was added to the AWS:Logs:LogGroup that gets created, but not to the client VPN endpoint.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

The Client VPN Endpoint gets created with specified tag applied to it.

Current Behavior

The CDK deploy succeeds, however, the Client VPN Endpoint does not have a tag. The LogGroup it creates automatically did get the tag - it is not clear to me if that is intended/desired or not.

Reproduction Steps

C#

ClientVpnEndpoint endpoint = new ClientVpnEndpoint(this, name, new ClientVpnEndpointProps
{
    AuthorizeAllUsersToVpcCidr = false,
    Cidr = cidr,
    ServerCertificateArn = certArn
    UserBasedAuthentication = ClientVpnUserBasedAuthentication.Federated(samlProvider),
    TransportProtocol = TransportProtocol.TCP,
    Vpc = vpc,
    Port = VpnPort.HTTPS,
    SessionTimeout = ClientVpnSessionTimeout.TWELVE_HOURS,
    SecurityGroups = new [] { securityGroup },
    SplitTunnel = true,
    VpcSubnets = new SubnetSelection{ Subnets = privateSubnets },
});

Amazon.CDK.Tags.Of(endpoint).Add("Name", name);

Possible Solution

No response

Additional Information/Context

Specifically, I was trying to apply a name to the Client VPN Endpoint. Based on the AWS console in the browser, this appears to occur not via a Name property on the endpoint, but through a tag named "Name". But as noted above, the loggroup picked up the tag, but not the endpoint. The endpoint displayed a blank value in the AWS console for the Name column.

Manually adding a "Name" tag to the endpoint through the browser filled in the Name column as desired.

CDK CLI Version

2.160.0 (build 7a8ae02)

Framework Version

No response

Node.js Version

20.17.0

OS

Windows 11

Language

.NET

Language Version

.NET 6.0

Other information

No response
@adam-clauss adam-clauss added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 1, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Oct 1, 2024
@khushail khushail added needs-reproduction This issue needs reproduction. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Oct 2, 2024
@khushail khushail self-assigned this Oct 2, 2024
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-reproduction This issue needs reproduction. labels Oct 2, 2024
@khushail
Copy link
Contributor

khushail commented Oct 2, 2024

Hi @adam-clauss , thanks for reaching out.

Let me clarify few things about tagging CDK Resources.

  1. The resources are first checked if those are taggable or not and if yes, then tags are applied.

aws-cdk/packages/aws-cdk-lib/core/lib/tag-manager.ts

Lines 300 to 314 in 0c753c3

export class TagManager {
/**
* Check whether the given construct is Taggable
*/
public static isTaggable(construct: any): construct is ITaggable {
const tags = (construct as any).tags;
return tags !== undefined && tags !== null && typeof tags === 'object' && (tags as any)[TAG_MANAGER_SYM];
}
/**
* Check whether the given construct is ITaggableV2
*/
public static isTaggableV2(construct: any): construct is ITaggableV2 {
return (construct as any).cdkTagManager !== undefined;
}

  1. The vpcEndpoint does not have Tags prop and the tags are defined using the TagSpecifications property -

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-clientvpnendpoint-tagspecification.html

  1. Since Cloudformation L1 construct provides this property, you could define tags this way -
    endpoint.node.defaultChild as ec2.CfnClientVpnEndpoint.TagSpecificationProperty({
      ResourceType: 'client-vpn-endpoint',
      Tags: [
        { Key: 'Name', Value: 'MyVpcEndpoint' }
      ]
    })

let me know if this works for you.

@khushail khushail added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@khushail khushail

Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@khushail @adam-clauss