Does aws_ec2_tag work with resources shared by RAM?

According to the documentation, the new aws_ec2_tag resource is supposed to be able to tag resources that have been shared to another account via RAM.

However, when I try to tag a Transit Gateway that has been shared via RAM to another account, I get an error:

error creating EC2 Tag (Coy) for resource (tgw-xxxx): error tagging resource (tgw-xxxx): InvalidTransitGatewayID.NotFound: The transit-gateway ID ‘tgw-xxxx’ does not exist
status code: 400, request id: yyyy-y-y-y-yyyy

Trying the same action in the AWS console in the receiver account, I get the same error:

I haven’t tested with any other resources shared via RAM to another account, so this may be an abnormality with just the Transit Gateway…

But since this appears to be an API limitation, not a Terraform limitation, I wanted to open a discussion before creating a GitHub issue :slight_smile: At minimum, the documentation should be clarified to reflect whatever limitations exist in the AWS API (eg. if certain resources aren’t supported, etc).

Has anyone else been able to successfully tag a shared EC2 Resource?

You can tag shared resources, but not ALL shared resources. I ran into this same problem and from talking with AWS about it TGW is not a resource that supports this - though it has been requested from quite a few customers so they are working toward it.