You have installed CloudFix's read-only stack and have found that some of your resources are being tagged by the CloudFix Finders. You would like to know why this is happening in a read-only setup.
- The tag being referred to has
cloudfixin it along with the Finder name. Eg:
“cloudfix:finderIds” = “DynamoDbInfrequentAccess”.
- The difference of read-only and default Onboarding Template is that CloudFix never executes Fixers in the customer's environment when read-only stack is installed because the corresponding CloudFormation template contains only the Finder role to be installed and not SSM update and execution roles.
- Read-only stack still requires CUR to be setup with write permissions on parent readonly onboarding template.
- Read-only stack tags the resources that are generated as recommendation.
- Adding tags for Finders was implemented when CloudFix was originally created, so that these CloudFix tags can be used for recommendations. The purpose of the tags are for calculation of saving and cost changes. Note that only the CloudFix tags are allowed in the CloudFormation template: