Instances created without specific tags are terminated by AWS SCP.

[ibehren1]

We have an issue where a new AWS SCP requires certain tags on instances cannot be created. It appears to me that kitchen-ec2 is creating the instance without tags and then trying to tag it.

• Is this correct?
• Is it implemented this way for a specific reason?
• Anyone else have similar issue and possibly a work around?

Thanks

[ibehren1]

I am sorry, I am not a Ruby guy... I have been looking at the code and seems like it could be altered in this area to add tag_specifications to the create instance call.

https://github.com/test-kitchen/kitchen-ec2/blob/master/lib/kitchen/driver/ec2.rb#L416

      # Fog AWS helper for creating the instance
      def submit_server
        instance_data = instance_generator.ec2_instance_data
        debug("Creating EC2 instance in region #{config[:region]} with properties:")
        instance_data.each do |key, value|
          debug("- #{key} = #{value.inspect}")
        end
        instance_data[:min_count] = 1
        instance_data[:max_count] = 1
        ec2.create_instance(instance_data)
      end

As I mention above, we have new enterprise policy which uses SCP (Service Control Policies) to stop instances from being created if they do not have proper tags but right now that is stopping us from using test-kitchen which is a real loss. Tagging the instance at creation rather than after it is created and running would solve this issue.

Can someone provide a little insight for me? I would appreciate it!

[ajkoehler]

+1 - having the same issue. SCP is denying EC2s from spinning up because they are missing tags. I also believe they are spinning up without the tags and then trying to tag them.

Seems also a duplicate as this issue - #464

Also seems similar to - #360

Here is a change that someone tried in a PR - https://github.com/test-kitchen/kitchen-ec2/pull/414/files

Or this one - https://github.com/test-kitchen/kitchen-ec2/pull/364/files. Unfortunately neither have been merged.