fix: msk_cluster not adding tags upon calling create_cluster #2322
Description
Summary
Because of our operational scale we have enforced 3 compulsory tags on each AWS resource.
I'm not able to user MSK module because the module 1st creates the cluster without tags and then it adds/changes the necessary tags. I believe this is not a good strategy as I think many large scale AWS deployments might have the same or similar restrictions.
Issue Type
Bug Report
Component Name
msk_cluster
Ansible Version
ansible [core 2.18.6]
config file = None
configured module search path = ['/home/x/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/x/.local/lib/python3.12/site-packages/ansible
ansible collection location = /home/x/.ansible/collections:/usr/share/ansible/collections
executable location = /home/x/.local/bin/ansible
python version = 3.12.3 (main, Jun 18 2025, 17:59:45) [GCC 13.3.0] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
Collection Versions
$ ansible-galaxy collection list
# /home/x/.ansible/collections/ansible_collections
Collection Version
---------------------------------------- -------
amazon.aws 10.1.0
community.aws 10.0.0
# /home/x/.local/lib/python3.12/site-packages/ansible_collections
Collection Version
---------------------------------------- -------
amazon.aws 9.5.0
ansible.netcommon 7.2.0
ansible.posix 1.6.2
ansible.utils 5.1.2
ansible.windows 2.8.0
arista.eos 10.1.1
awx.awx 24.6.1
azure.azcollection 3.3.1
check_point.mgmt 6.4.0
chocolatey.chocolatey 1.5.3
cisco.aci 2.11.0
cisco.asa 6.1.0
cisco.dnac 6.31.3
cisco.intersight 2.1.0
cisco.ios 9.2.0
cisco.iosxr 10.3.1
cisco.ise 2.10.0
cisco.meraki 2.21.1
cisco.mso 2.10.0
cisco.nxos 9.4.0
cisco.ucs 1.16.0
cloud.common 4.1.0
cloudscale_ch.cloud 2.4.1
community.aws 9.3.0
community.ciscosmb 1.0.10
community.crypto 2.26.1
community.digitalocean 1.27.0
community.dns 3.2.4
community.docker 4.6.0
community.general 10.7.0
community.grafana 2.2.0
community.hashi_vault 6.2.0
community.hrobot 2.3.0
community.library_inventory_filtering_v1 1.1.1
community.libvirt 1.3.1
community.mongodb 1.7.9
community.mysql 3.13.0
community.network 5.1.0
community.okd 4.0.1
community.postgresql 3.14.1
community.proxysql 1.6.0
community.rabbitmq 1.4.0
community.routeros 3.6.0
community.sap_libs 1.4.2
community.sops 2.0.5
community.vmware 5.6.0
community.windows 2.4.0
community.zabbix 3.3.0
containers.podman 1.16.3
cyberark.conjur 1.3.3
cyberark.pas 1.0.35
dellemc.enterprise_sonic 2.5.1
dellemc.openmanage 9.12.0
dellemc.powerflex 2.6.0
dellemc.unity 2.0.0
f5networks.f5_modules 1.35.0
fortinet.fortimanager 2.9.1
fortinet.fortios 2.4.0
google.cloud 1.5.3
grafana.grafana 5.7.0
hetzner.hcloud 4.3.0
hitachivantara.vspone_block 3.4.1
ibm.qradar 4.0.0
ibm.spectrum_virtualize 2.0.0
ibm.storage_virtualize 2.7.3
ieisystem.inmanage 3.0.0
infinidat.infinibox 1.4.5
infoblox.nios_modules 1.8.0
inspur.ispim 2.2.3
junipernetworks.junos 9.1.0
kaytus.ksmanage 2.0.0
kubernetes.core 5.3.0
kubevirt.core 2.2.2
lowlydba.sqlserver 2.6.1
microsoft.ad 1.9.0
microsoft.iis 1.0.2
netapp.cloudmanager 21.24.0
netapp.ontap 22.14.0
netapp.storagegrid 21.14.0
netapp_eseries.santricity 1.4.1
netbox.netbox 3.21.0
ngine_io.cloudstack 2.5.0
openstack.cloud 2.4.1
ovirt.ovirt 3.2.0
purestorage.flasharray 1.34.1
purestorage.flashblade 1.20.0
sensu.sensu_go 1.14.0
splunk.es 4.0.0
telekom_mms.icinga_director 2.2.2
theforeman.foreman 4.2.0
vmware.vmware 1.11.0
vmware.vmware_rest 4.7.0
vultr.cloud 1.13.0
vyos.vyos 5.0.0
wti.remote 1.0.10AWS SDK versions
$ pip show boto boto3 botocore
WARNING: Package(s) not found: boto
Name: boto3
Version: 1.38.23
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /usr/local/lib/python3.12/dist-packages
Requires: botocore, jmespath, s3transfer
Required-by:
---
Name: botocore
Version: 1.38.21
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /home/x/.local/lib/python3.12/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transferConfiguration
$ ansible-config dump --only-changed
CONFIG_FILE() = None
GALAXY_SERVERS:
OS / Environment
N/A
Steps to Reproduce
- name: Create MSK cluster
community.aws.msk_cluster:
name: "{{ item.name }}"
state: "{{ item.state | default('present', true) }}"
profile: "{{ aws_profile }}"
region: "{{ aws_account_default_region }}"
version: "{{ item.version }}"
nodes: "{{ item.nodes }}"
configuration_arn: "{{ generated_msk_cluster_configs[item.configuration].arn }}"
configuration_revision: "{{ generated_msk_cluster_configs[item.configuration].revision }}"
ebs_volume_size: "{{ item.ebs_volume_gb }}"
authentication:
sasl_scram: true
sasl_iam: true
unauthenticated: false
encryption:
in_transit:
client_broker: "TLS"
in_cluster: true
kms_key_id: "{{ generated_msk_kms_keys[item.name + '-msk-kms'] }}"
enhanced_monitoring: "{{ item.enhanced_monitoring }}"
instance_type: "{{ item.instance_type }}"
open_monitoring: "{{ item.open_monitoring }}"
purge_tags: true
tags: "{{ item.tags | combine({'Name': item.name, 'AnsibleManaged': 'true'}) }}"
subnets: "{{ item.subnets }}"
security_groups: "{{ item.security_groups }}"
wait: true
wait_timeout: 1800
loop: "{{ aws_account_msk_clusters }}"
register: generated_msk_clusters
when: aws_account_msk_clusters is defined
Expected Results
I expected a cluster to be created w/ the right tags.
Actual Results
AAWS Throws an exception
Code of Conduct
- I agree to follow the Ansible Code of Conduct