gorillastack / auto-tag Goto Github PK
View Code? Open in Web Editor NEWAutomatically tag AWS resources on creation, for cost assignment
License: GNU General Public License v3.0
Automatically tag AWS resources on creation, for cost assignment
License: GNU General Public License v3.0
I observed following errors in cloud watch logs regularly. This behavior was seen in 0.2.0 as well as in 0.3.0.
Auto Tag is adding tags to EC2 and S3 (not tested rest) but wonder what cases are missing
{ "errorMessage": "Cannot read property 'instancesSet' of null", "errorType": "TypeError", "stackTrace": [ "AutotagEC2Worker.getInstanceId (/var/task/workers/autotag_ec2_worker.js:105:41)", "_callee$ (/var/task/workers/autotag_ec2_worker.js:71:53)", "tryCatch (/var/task/node_modules/babel-regenerator-runtime/runtime.js:61:40)", "GeneratorFunctionPrototype.invoke [as _invoke] (/var/task/node_modules/babel-regenerator-runtime/runtime.js:329:22)", "GeneratorFunctionPrototype.prototype.(anonymous function) [as next] (/var/task/node_modules/babel-regenerator-runtime/runtime.js:94:21)", "onFulfilled (/var/task/node_modules/co/index.js:65:19)", "run (/var/task/node_modules/babel-polyfill/node_modules/core-js/modules/es6.promise.js:89:22)", "/var/task/node_modules/babel-polyfill/node_modules/core-js/modules/es6.promise.js:102:28", "flush (/var/task/node_modules/babel-polyfill/node_modules/core-js/modules/_microtask.js:18:9)", "nextTickCallbackWith0Args (node.js:415:9)" ] }
{
"errorMessage": "Cannot read property '0' of undefined",
"errorType": "TypeError",
"stackTrace": [
"/var/task/aws_cloud_trail_log_listener.js:119:58",
"AwsCloudTrailLogListener.retrieveLogFileDetails (/var/task/aws_cloud_trail_log_listener.js:117:14)",
"_callee$ (/var/task/aws_cloud_trail_log_listener.js:66:30)",
"tryCatch (/var/task/regenerator-runtime/runtime.js:65:40)",
"GeneratorFunctionPrototype.invoke [as _invoke] (/var/task/regenerator-runtime/runtime.js:303:22)",
"GeneratorFunctionPrototype.prototype.(anonymous function) [as next] (/var/task/regenerator-runtime/runtime.js:117:21)",
"onFulfilled (/var/task/co/index.js:65:19)",
"/var/task/co/index.js:54:5",
"co (/var/task/co/index.js:50:10)",
"AwsCloudTrailLogListener.execute (/var/task/aws_cloud_trail_log_listener.js:58:31)"
]
}
Error while running the lambda for retroTagging
As of now, tagging is supported in IAM resources as well. This is very helpful on who has created a particular user, etc.
Attempting to implement autotagging across accounts. Seems the functionality exists within the code however, execution fails with the following error.
2017-06-02T17:40:35.538Z 6cca367d-47ba-11e7-81aa-e3668cf6c658 { [AccessDenied: Not authorized to perform sts:AssumeRole]
message: 'Not authorized to perform sts:AssumeRole',
code: 'AccessDenied'
Current Deployment does currently tag instances created in the account where the lambda is running.
Any configuration assistance would be appreciated, appears this detail is missing from the Readme, or I have overlooked it.
Will these function work if we update the Node.js.8.10 versions to to Node.js.10.x? Just starting to get EOL messages from Amazon on Node.js.8.x functions.
1/6/2020 customers won't be able to create new functions using 8.10
2/3/2020 customers won't be able to update functions using this version.
existing 8.x functions will continue to be able to process invocation events though
Hey,
while using your Skript this happens to the Cloudwatch log for autotag.The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256
How can I change the authentification for eu-central-1
Like: var s3 = new AWS.S3({signatureVersion: 'v4'});
Getting this error in Lambda function after creating an IAM role to test autotag with latest git pull:
Syntax error in module 'autotag_event': SyntaxError
const handler = async (cloudtrailEvent, context) => {
^
SyntaxError: Unexpected token (
at createScript (vm.js:56:10)
at Object.runInThisContext (vm.js:97:10)
at Module._compile (module.js:542:28)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)
at Function.Module._load (module.js:438:3)
at Module.require (module.js:497:17)
at require (internal/module.js:20:19)
On the https://github.com/GorillaStack/auto-tag/blob/master/cloud_formation/s3object_template/autotag_s3object_main-template.json -file at row 71, the runtime is nodejs6.10. Using this template makes the stack roll back at CloudFormation, because Node 6 is deprecated. Simply changing this line to nodejs8.10 works, but as I'm fairly inexperienced at using GitHub, I prefer just writing about this issue instead of creating Pull Request.
The same issue seems to be here too: https://github.com/GorillaStack/auto-tag/blob/master/cloud_formation/event_multi_region_template/autotag_event_main-template.rb .
On the first file, the default folder and file are outdated (auto-tag-0.3.0.zip), but that's not a huge problem, as creating my own files is simple
had run the prerequisite stacks for the roles in child/master accounts, ran the auto-tag stack in the master account, without issue. When running the stackset, I chose all regions, making the MainAwsRegion us-east-1 and entered all of the child account #s comma separated. The stack instances show 100 and all but two show as outdated with the operation returning "failed". On the two accounts (out of 13) that I ran this against that it created any resources, it appears to only have created the SNS topic/subscription and Cloudwatch rule. The SNS topic points to a subscriber of a Lambda AutoTag function within its own account that doesn't exist. I don't see any event in the stack where it even attempted to create this Lambda function (in child account)
I want to add more tags such as ManagedBy
or Owner
.
The autotag-0.3.0.zip
version of the code that the cloudformation template installs from S3 seems to have had a major refactor from the tagged 0.3.0 version in github.
This is not only strange but a bit concerning since anyone checking out this repo and following the setup instructions is running code that is quite different from what they would assume.
How do you tag multi regions. updating CodeS3Bucket with "gorillastack-autotag-releases-ap-northeast-1, gorillastack-autotag-releases-us-west-2" did not work.
Currently, after receiving an event, we construct the role to assume using the recipient account id (good) with the stack name (bad - as changing between different stacks).
Need to either use a constant role name, or add a parameter to the stack, such that we can easily roll our across many accounts
While deploying in ap-southeast-1, I am facing this issue:
The runtime parameter of nodejs4.3 is no longer supported for creating or updating AWS Lambda
functions. We recommend you use the new runtime (nodejs8.10) while creating or updating functions.
(Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException;
Request ID: XXXXXXXXXXXXXXXXX)
Any workaround on this (as I am not much familiar with node) ?
I tested this in my master payer account, ran the templates for the roles in there and separately in one sub-account I am testing with. Then ran the stackset, besides an STS error for most regions, it appeared to run in the 2 regions I use (the errors probably have to do with an SCP I have that limits to these 2 regions)
In any event, I logged on as a test user and created an EC2 and bucket in the test target account, and there is no activity in the Lambda function in the master payer account. Looks like the cloudwatch Auto-Tag CloudTrailLogs rule is there, but nothing is happening.
I was going through the docs of AWS and I there are several more resources that can be tagged:
@em0ney I was testing all resources as per your list.
Covered EC2,RDS and ELB so far all are tagged.
However EBS volumes (root and other volume) that I created with my Ec2 did not get tagged. Ec2 itself was tagged okay.
Was wondering if there is a debug option in auto tag so we get more info in Cloudwatch.
EBS volumes need to be tagged. Pl suggest.