How to set tags of the root volume of EC2 instance via CloudFormation

Question

Create EC2 instance using CloudFormation, but the name (tags) of root volume is empty. How to set it using CloudFormation?

# ec2-instance.yml (CloudFormation template)
MyInstance:
  Type: "AWS::EC2::Instance"
  Properties:
    ImageId: "ami-da9e2cbc"
    InstanceType: "t2.nano"
    KeyName: !Ref "KeyPair"
    Tags: # This is for EC2 instance (not root volume)
      - Key: "Name"
        Value: "my-instance"

I find "Volumes" and "BlockDeviceMappings" properties but it could not.

Answer 1

There are some syntax errors under UserData

See below code which make it work

# Download and install AWS CLI
apt-get -y install unzip
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws  
rm -rf awscli-bundle awscli-bundle.zip
EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
EC2_AVAIL_ZONE=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone)
VOLUME_ID=$(aws ec2 describe-volumes --filters Name=attachment.instance-id,Values=$EC2_INSTANCE_ID Name=attachment.device,Values=/dev/sda1 --query 'Volumes[*].[VolumeId]' --region ${AWS::Region} --out text | cut -f 1)
aws ec2 create-tags --resources $VOLUME_ID --tags Key=Name,Value=\"Root Volume my-instance\" --region ${AWS::Region}

Answer 2

CloudFormation does not appear to support this currently. However using an instance user data script, you can do this to tag the root volume:

apt-get -y install unzip
unzip awscli-bundle.zip
./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws    
rm -rf  awscli-bundle awscli-bundle.zip
EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
EC2_REGION=${EC2_AVAIL_ZONE:0:${#EC2_AVAIL_ZONE} - 1}
ROOT_DISK_ID=$(aws ec2 describe-volumes --filters Name=attachment.instance-id,Values={EC2_INSTANCE_ID} Name=attachment.device,Values=/dev/sda1 --query 'Volumes[*].[VolumeId]' --region=${EC2_REGION} --out \"text\" | cut -f 1)
aws ec2 create-tags --resources $ROOT_DISK_ID --tags Key=Name,Value=\"Root Volume my-instance\" --region ${EC2_REGION}

This script will tag the /dev/sda1 EBS volume with Name=Root Volume my-instance

Note that for my Ubuntu AMI I have to install the AWS tools first. The Amazon Linux AMI has those tools installed.

For CloudFormation, you would use:

# ec2-instance.yml (CloudFormation template)
MyInstance:
  Type: "AWS::EC2::Instance"
  Properties:
    ImageId: "ami-da9e2cbc"
    InstanceType: "t2.nano"
    KeyName: !Ref "KeyPair"
    UserData:
      "Fn::Base64": !Sub |
       #!/bin/bash -x
       apt-get -y install unzip
       unzip awscli-bundle.zip
       ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws    
       rm -rf  awscli-bundle awscli-bundle.zip
       EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
       EC2_REGION=${EC2_AVAIL_ZONE:0:${#EC2_AVAIL_ZONE} - 1}
       ROOT_DISK_ID=$(aws ec2 describe-volumes --filters Name=attachment.instance-id,Values={EC2_INSTANCE_ID} Name=attachment.device,Values=/dev/sda1 --query 'Volumes[*].[VolumeId]' --region=${EC2_REGION} --out \"text\" | cut -f 1)
       aws ec2 create-tags --resources $ROOT_DISK_ID --tags Key=Name,Value=\"Root Volume my-instance\" --region ${EC2_REGION}

Answer 3

I know that EC2 RunInstances now supports tagging of EBS volumes on launch but I'm not sure that CloudFormation supports this.

Others have requested this feature in CloudFormation. Also see this thread.

Until this is supported in CloudFormation, you might want to take a look at graffiti-monkey which looks at the tags an EC2 instance has, copies those tags to the EBS Volumes that are attached to the instance, and then copies those tags to the EBS Snapshots. (I have not verified that it propagates the tags to the root device volume, but presume it does.)