A SAR app to propagate CloudFormation tags to unsupported resources

Home Blog A SAR app to propagate CloudFormation tags to unsupported resources
AWS CloudFormation logo on background of clouds in a blue sky.

Did you know that CloudFormation tags don’t automatically propagate to some resource types? Chief among these are CloudWatch log groups, which means you can’t include them in your cost monitoring (via cost allocation tags) among other things.

The only way to tag CloudWatch log groups right now is via API calls. You can do this with the AWS SDK, or using the AWS CLI. This is hugely inconvenient! Until AWS addresses the problem for good, we have published a new app to the Serverless Application Repository to plug the gap. This app will:

  1. Propagate CloudFormation tags to CloudWatch log groups whenever you deploy a new stack or update an existing stag.
  2. When you deploy the app, it’ll run a one-off function to process all existing CloudFormation stacks, and propagate their tags to their CloudWatch log groups

The source code for the SAR app is available on GitHub here.

How to deploy the app

You can either deploy the app manually from the AWS console, or you can do it using CloudFormation, AWS SAM or the Serverless framework.

Via the AWS console

To deploy the app by hand, head over to this page and click Deploy.

Deploying the CloudFormation Tags SAR manually via the AWS console.

In the following screen, make sure you tick the “I acknowledge that this app creates custom IAM roles” box. Then click the Deploy button and you’re done!

Make sure to acknowledge that the app creates custom IAM roles.

Via AWS SAM

You can include the app as part of your template.yml by adding the following resource:

You can deploy the CloudFormation Tags app via AWS SAM by including it as part of your template.yml.

Via Serverless framework

AWS::Serverless::Application is not a natively supported resource type by CloudFormation. Instead, it’s a custom resource that AWS SAM supports via its macro – AWS::Serverless-2016-10-31. Which you can find at the top of every SAM template.yml.

To add a SAR app to the serverless.yml we need to first add this macro to the serverless.yml under resources. For example:

resources:
  Transform: AWS::Serverless-2016-10-31
  Resources:
    PropagateCfnTags:
      Type: AWS::Serverless::Application
      Properties:
        Location:
          ApplicationId: arn:aws:serverlessrepo:...
         SemanticVersion: <enter latest version>

Via CloudFormation

Since both AWS SAM and Serverless framework compile to CloudFormation, there is nothing stopping you from deploying the app with plain CloudFormation.

As with the Serverless framework, you need to add the AWS::Serverless-2016-10-31 macro to your stack. For example:

Transform: AWS::Serverless-2016-10-31
Resources:
    PropagateCfnTags:
      Type: AWS::Serverless::Application
      Properties:
        Location:
          ApplicationId: arn:aws:serverlessrepo:...
         SemanticVersion: <enter latest version>

Future projects

For the time being, this SAR app will only propagate tags to CloudWatch log groups. If you would like us to add support for other unsupported resource types then please let us know by raising a feature request here.

Check out the full list of open source serverless tools available on the Lumigo Github here.