Pass stack tags to nested stack in Cloudformation

问题

I'm easily able to pass parameters to a Nested Cloudformation Stack using AWS::CloudFormation::Stack, including referenced values:

"MyNestedStack" : {
    "Type" : "AWS::CloudFormation::Stack",
    "Condition" : "MyCondition",
    "Properties" : {
        "TemplateURL" : {
            "Fn::Join" : ["", ["https://mybucket.s3.amazonaws.com/", {
                "Ref" : "S3BucketLocation"
            }, "/MyNestedStack.template"]]
        },
        "Parameters": {
            "MyVPC" : {
                "Ref" : "VPC"
            },
            "MySubnet" : {
                "Ref" : "ManagementSubnet"
            },
            "MySubnetAZ" : {
                "Fn::GetAtt" : [ "ManagementSubnet", "AvailabilityZone" ]
            }
            "InstanceType" : "m3.large",
            "KeyName" : "MyKey",
        }
    }
}

But I'm not able to find any documentation how to pass the Stack tags applied to the parent stack down to the child (nested) stack.

The original stack was called by:

#Create Stack
aws cloudformation create-stack --parameters ${parms} --tags Key='Environment Name',Value=${name} Key=Name,Value=${env} --stack-name ${env} --template-url ${url}

The Environment name and Name tags get applied to resources in the original stack, such as instances, but not to resources in the nested stack nor the nested stack itself.

回答1:

AWS have implemented propagation of stack tags to child stacks. I can't find an announcement or documentation reflecting this change, but it now works.

The AWS CloudFormation Resource Tags Type page states:

All stack-level tags, including automatically created tags, are propagated to resources that AWS CloudFormation supports.

In the below example Parent/Child stack templates the Stack Tags on the parent propagate to the EC2 instances in the parent stack, the child stack, the EC2 instance in the child stack.

Note: EC2 tags still don't propagate to volumes created from block device mappings.

Parent Stack Example

{
    "AWSTemplateFormatVersion" : "2010-09-09",

    "Description" : "Test Child Stack Tag Propagation (Parent Stack)",

    "Parameters" : {
        "KeyName": {
            "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
            "Type": "AWS::EC2::KeyPair::KeyName"
        },

        "Subnet": {
            "Type": "AWS::EC2::Subnet::Id"
        },

        "VPC": {
            "Type": "AWS::EC2::VPC::Id"
        },

        "AMI": {
            "Type": "AWS::EC2::Image::Id",
            "Default": "ami-f2210191"
        },

        "ChildTemplateUrl": {
            "Type" : "String"
        }
    },

    "Resources" : {
        "EC2Instance" : {
            "Type" : "AWS::EC2::Instance",
            "Properties" : {
                "InstanceType" : "t2.nano",
                "SecurityGroupIds" : [{"Ref" : "InstanceSecurityGroup"}],
                "SubnetId" : { "Ref" : "Subnet" },
                "KeyName" : { "Ref" : "KeyName" },
                "ImageId" : {"Ref": "AMI"}
            }
        },

        "InstanceSecurityGroup" : {
            "Type" : "AWS::EC2::SecurityGroup",
            "Properties" : {
                "GroupDescription" : "Enable SSH access via port 22",
                "VpcId" : { "Ref": "VPC"},
                "SecurityGroupIngress" : [ {
                    "IpProtocol" : "tcp",
                    "FromPort" : "22",
                    "ToPort" : "22",
                    "CidrIp" : "0.0.0.0/0"
                } ]
            }
        },

        "MyNestedStack" : {
            "Type" : "AWS::CloudFormation::Stack",
            "Properties" : {
                    "TemplateURL" : {"Ref": "ChildTemplateUrl"},
                    "Parameters": {
                            "Subnet" : {"Ref": "Subnet"},
                            "KeyName" : {"Ref": "KeyName"},
                            "AMI" : {"Ref": "AMI"},
                            "SecurityGroup": {"Ref" : "InstanceSecurityGroup"},
                            "VPC": {"Ref": "VPC"}
                    }
            }
        }
    },

    "Outputs" : {
        "InstanceId" : {
            "Description" : "InstanceId of the newly created EC2 instance",
            "Value" : { "Ref" : "EC2Instance" }
        },
        "IP" : {
            "Description" : "Private IP address of the newly created VPC EC2 instance",
            "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PrivateIp" ] }
        }
    }
}

Child Stack Example

{
    "AWSTemplateFormatVersion" : "2010-09-09",

    "Description" : "Test Child Stack Tag Propagation (Child Stack)",

    "Parameters" : {
        "KeyName": {
            "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
            "Type": "AWS::EC2::KeyPair::KeyName"
        },

        "Subnet": {
            "Type": "AWS::EC2::Subnet::Id"
        },

        "VPC": {
            "Type": "AWS::EC2::VPC::Id"
        },

        "AMI": {
            "Type": "AWS::EC2::Image::Id"
        },

        "SecurityGroup": {
            "Type": "AWS::EC2::SecurityGroup::Id"
        }
    },

    "Resources" : {
        "EC2Instance" : {
            "Type" : "AWS::EC2::Instance",
            "Properties" : {
                "InstanceType" : "t2.nano",
                "SecurityGroupIds" : [{"Ref" : "SecurityGroup"}],
                "SubnetId" : { "Ref" : "Subnet" },
                "KeyName" : { "Ref" : "KeyName" },
                "ImageId" : {"Ref": "AMI"}
            }
        }
    },

    "Outputs" : {
        "InstanceId" : {
            "Description" : "InstanceId of the newly created EC2 instance",
            "Value" : { "Ref" : "EC2Instance" }
        },
        "IP" : {
            "Description" : "Private IP address of the newly created VPC EC2 instance",
            "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PrivateIp" ] }
        }
    }
}

来源：https://stackoverflow.com/questions/27613867/pass-stack-tags-to-nested-stack-in-cloudformation