Correctly handle AWS regional resource tags and improve performance
achantavy opened this issue · comments
Description:
What issue is being seen? Describe what should be happening instead of the bug, for example: Cartography should not crash, the expected value isn't returned, the data schema is wrong, etc.
Some AWS resources have regions: RDS, DynamoDB, etc. Some don't: IAM policies, IAM roles, etc.
Asks:
-
The resourcegroupstagging API optionally accepts a region. To avoid unnecessary AWS calls, we should only specify the region when the resource-tag being synced actually has a region.
-
It is possible for a resource with the same name to have different regions, for example we can have an RDS instance with the same name but in us-east-1 and us-east-2. The tags for each of them can differ. When attaching the tag to the regional resource, we should match on the specific regional resource and then attach the tag. This ensures that the correct tag is applied to the correct regional resource.
Closely related to #1094 but not quite a dupe.