chef-provisioning-aws 2.2.2 → 3.0.0.pre.rc1

data/lib/chef/provider/aws_server_certificate.rb

@@ -10,12 +10,11 @@ class Chef::Provider::AwsServerCertificate < Chef::Provisioning::AWSDriver::AWSP
   def create_aws_object
     converge_by "create server certificate #{new_resource.name}" do
       opts = {
-        :name => new_resource.name,
+        :server_certificate_name => new_resource.name,
         :certificate_body => new_resource.certificate_body,
-        :private_key => new_resource.private_key
-      }
+        :private_key => new_resource.private_key      }
       opts[:certificate_chain] = new_resource.certificate_chain if new_resource.certificate_chain
-      new_resource.driver.iam.server_certificates.upload(**opts)
+      new_resource.driver.iam.upload_server_certificate(**opts)
     end
   end
 

data/lib/chef/provider/aws_sns_topic.rb

@@ -8,7 +8,7 @@ class Chef::Provider::AwsSnsTopic < Chef::Provisioning::AWSDriver::AWSProvider
 
   def create_aws_object
     converge_by "create SNS topic #{new_resource.name} in #{region}" do
-      new_resource.driver.sns.topics.create(new_resource.name)
+      new_resource.driver.sns.create_topic(name: new_resource.name)
     end
   end
 
@@ -16,8 +16,9 @@ class Chef::Provider::AwsSnsTopic < Chef::Provisioning::AWSDriver::AWSProvider
   end
 
   def destroy_aws_object(topic)
-    converge_by "delete SNS topic #{topic.name} in #{region}" do
-      topic.delete
+    topic_arn_name = topic.attributes.values_at("TopicArn").first
+    converge_by "delete SNS topic_arn #{topic_arn_name} in #{region}" do
+      new_resource.driver.sns.delete_topic(topic_arn: topic_arn_name)
     end
   end
 

data/lib/chef/provider/aws_sqs_queue.rb

@@ -4,9 +4,13 @@ class Chef::Provider::AwsSqsQueue < Chef::Provisioning::AWSDriver::AWSProvider
   provides :aws_sqs_queue
   
   def create_aws_object
+    options = AWSResource.lookup_options(new_resource.options || {}, resource: new_resource)
+    option_sqs = {}
+    option_sqs[:queue_name] = new_resource.name if new_resource.name
+    option_sqs[:attributes] = options
     converge_by "create SQS queue #{new_resource.name} in #{region}" do
-      retry_with_backoff(AWS::SQS::Errors::QueueDeletedRecently) do
-        new_resource.driver.sqs.queues.create(new_resource.name, new_resource.options || {})
+      retry_with_backoff(::Aws::SQS::Errors::QueueDeletedRecently) do
+        new_resource.driver.sqs.create_queue(option_sqs)
       end
     end
   end
@@ -16,7 +20,7 @@ class Chef::Provider::AwsSqsQueue < Chef::Provisioning::AWSDriver::AWSProvider
 
   def destroy_aws_object(queue)
     converge_by "delete SQS queue #{new_resource.name} in #{region}" do
-      queue.delete
+      new_resource.driver.sqs.delete_queue(queue_url: queue.queue_url)
     end
   end
 end

data/lib/chef/provider/aws_subnet.rb

@@ -29,15 +29,15 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
     if !cidr_block
       cidr_block = Chef::Resource::AwsVpc.get_aws_object(new_resource.vpc, resource: new_resource).cidr_block
     end
-    options = { :vpc => new_resource.vpc }
+    options = { vpc_id: new_resource.vpc, cidr_block: cidr_block }
     options[:availability_zone] = new_resource.availability_zone if new_resource.availability_zone
     options = Chef::Provisioning::AWSDriver::AWSResource.lookup_options(options, resource: new_resource)
 
-    converge_by "create subnet #{new_resource.name} with CIDR #{cidr_block} in VPC #{new_resource.vpc} (#{options[:vpc]}) in #{region}" do
-      subnet = new_resource.driver.ec2.subnets.create(cidr_block, options)
-      retry_with_backoff(AWS::EC2::Errors::InvalidSubnetID::NotFound) do
-        subnet.tags['Name'] = new_resource.name
-        subnet.tags['VPC'] = new_resource.vpc
+    converge_by "create subnet #{new_resource.name} with CIDR #{cidr_block} in VPC #{new_resource.vpc} (#{options[:vpc_id]}) in #{region}" do
+      subnet = new_resource.driver.ec2_resource.create_subnet(options)
+      retry_with_backoff(::Aws::EC2::Errors::InvalidSubnetIDNotFound) do
+        new_resource.driver.ec2_resource.create_tags(resources: [subnet.id],tags: [{key: "Name", value: new_resource.name}])
+        new_resource.driver.ec2_resource.create_tags(resources: [subnet.id],tags: [{key: "VPC", value: new_resource.vpc}])
       end
       subnet
     end
@@ -49,10 +49,10 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
       raise "cidr_block for subnet #{new_resource.name} is #{new_resource.cidr_block}, but existing subnet (#{subnet.id})'s cidr_block is #{subnet.cidr_block}.  Modification of subnet cidr_block is unsupported!"
     end
     vpc = Chef::Resource::AwsVpc.get_aws_object(new_resource.vpc, resource: new_resource)
-    if vpc && subnet.vpc != vpc
+    if vpc && subnet.vpc.id != vpc.id
       raise "VPC for subnet #{new_resource.name} is #{new_resource.vpc} (#{vpc.id}), but existing subnet (#{subnet.id})'s vpc is #{subnet.vpc.id}.  Modification of subnet VPC is unsupported!"
     end
-    if new_resource.availability_zone && subnet.availability_zone_name != new_resource.availability_zone
+    if new_resource.availability_zone && subnet.availability_zone != new_resource.availability_zone
       raise "availability_zone for subnet #{new_resource.name} is #{new_resource.availability_zone}, but existing subnet (#{subnet.id})'s availability_zone is #{subnet.availability_zone}.  Modification of subnet availability_zone is unsupported!"
     end
   end
@@ -76,7 +76,7 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
         # It is common during subnet purging for the instance to be terminated but
         # temporarily hanging around - this causes a `The network interface at device index 0 cannot be detached`
         # error to be raised when trying to detach
-        retry_with_backoff(AWS::EC2::Errors::OperationNotPermitted) do
+        retry_with_backoff(::Aws::EC2::Errors::OperationNotPermitted) do
           Cheffish.inline_resource(self, action) do
             aws_network_interface network do
               action :purge
@@ -91,7 +91,7 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
       # If the subnet doesn't exist we can't check state on it - state can only be :pending or :available
       begin
         subnet.delete
-      rescue AWS::EC2::Errors::InvalidSubnetID::NotFound
+      rescue ::Aws::EC2::Errors::InvalidSubnetIDNotFound
       end
     end
   end
@@ -100,7 +100,7 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
 
   def update_map_public_ip_on_launch(subnet)
     if !new_resource.map_public_ip_on_launch.nil?
-      subnet_desc = subnet.client.describe_subnets(subnet_ids: [ subnet.id ])[:subnet_set].first
+      subnet_desc = subnet.client.describe_subnets(subnet_ids: [ subnet.id ])[:subnets].first
       if new_resource.map_public_ip_on_launch
         if !subnet_desc[:map_public_ip_on_launch]
           converge_by "turn on automatic public IPs for subnet #{subnet.id}" do
@@ -118,26 +118,46 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
   end
 
   def update_route_table(subnet)
+    current_route_table_association = subnet.client.describe_route_tables(filters: [{name: "vpc-id", values: [subnet.vpc.id]}]).route_tables
+    route_table_entry = nil
+    do_break = false
+    # Below snippet gives the entry of route_table who is associated with current subnet either by matching its 
+    # subnet_id or with a default subnet (i.e by checking association.main == true & in that case
+    # association.subnet_id is nil)
+    current_route_table_association.each do |route_tbl|
+      if !route_tbl.associations.empty?
+        route_tbl.associations.each do |r|
+          if r.subnet_id == subnet.id
+            route_table_entry = r
+            do_break = true
+            break
+          elsif r.subnet_id.nil? && r.main == true
+            route_table_entry = r
+          end
+        end
+        break if do_break
+      end
+    end
     if new_resource.route_table == :default_to_main
-      if !subnet.route_table_association.main?
+      if !route_table_entry.main
         converge_by "reset route table of subnet #{new_resource.name} to the VPC default" do
-          subnet.route_table = nil
+          subnet.client.disassociate_route_table(association_id: route_table_entry.route_table_association_id)
         end
       end
     else
       route_table = Chef::Resource::AwsRouteTable.get_aws_object(new_resource.route_table, resource: new_resource)
-      current_route_table_association = subnet.route_table_association
-      if current_route_table_association.main?
+      if route_table_entry.main && route_table_entry.subnet_id.nil?
         # Even if the user sets the route table explicitly to the main route table,
         # we have work to do here: we need to make the relationship explicit so that
         # it won't be changed when the main route table of the VPC changes.
         converge_by "set route table of subnet #{new_resource.name} to #{new_resource.route_table}" do
-          subnet.route_table = route_table.id
+          subnet.client.associate_route_table(route_table_id: route_table.id, subnet_id: subnet.id)
         end
-      elsif current_route_table_association.route_table.id != route_table.id
+      elsif route_table_entry.route_table_id != route_table.id
         # The route table is different now.  Change it.
-        converge_by "change route table of subnet #{new_resource.name} to #{new_resource.route_table} (was #{current_route_table_association.route_table.id})" do
-          subnet.route_table = route_table.id
+        converge_by "change route table of subnet #{new_resource.name} to #{new_resource.route_table} (was #{route_table_entry.route_table_id})" do
+          subnet.client.disassociate_route_table(association_id: route_table_entry.route_table_association_id) if route_table_entry.main == false
+          subnet.client.associate_route_table(route_table_id: route_table.id, subnet_id: subnet.id)
         end
       end
     end
@@ -147,9 +167,13 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
     if new_resource.network_acl
       network_acl_id =
         AWSResource.lookup_options({ network_acl: new_resource.network_acl }, resource: new_resource)[:network_acl]
-      if subnet.network_acl.id != network_acl_id
+      # Below snippet gives the entry of network_acl who is associated with current subnet by matching its subnet_id
+      network_acl_association = subnet.client.describe_network_acls(filters: [{name: "vpc-id", values: [subnet.vpc.id]}, {name: "association.subnet-id", values: [subnet.id]}]).network_acls.first.associations
+      current_network_acl_association = network_acl_association.find { |r| r.subnet_id == subnet.id } unless network_acl_association.empty?
+
+      if current_network_acl_association.network_acl_id != network_acl_id && !current_network_acl_association.nil?
         converge_by "update network ACL of subnet #{new_resource.name} to #{new_resource.network_acl}" do
-          subnet.network_acl = network_acl_id
+          subnet.client.replace_network_acl_association(association_id: current_network_acl_association.network_acl_association_id, network_acl_id: network_acl_id)
         end
       end
     end

data/lib/chef/provider/aws_vpc.rb

@@ -42,21 +42,23 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
   protected
 
   def create_aws_object
-    options = { }
+    options = {}
     options[:instance_tenancy] = new_resource.instance_tenancy if new_resource.instance_tenancy
+    options[:cidr_block] = new_resource.cidr_block
 
     converge_by "create VPC #{new_resource.name} in #{region}" do
-      vpc = new_resource.driver.ec2.vpcs.create(new_resource.cidr_block, options)
+      ec2_resource = ::Aws::EC2::Resource.new(new_resource.driver.ec2)
+      vpc = ec2_resource.create_vpc({ cidr_block: new_resource.cidr_block, instance_tenancy: options[:instance_tenancy] })
       wait_for_state(vpc, [:available])
-      retry_with_backoff(AWS::EC2::Errors::InvalidVpcID::NotFound) do
-        vpc.tags['Name'] = new_resource.name
+      retry_with_backoff(::Aws::EC2::Errors::InvalidVpcIDNotFound) do
+        ec2_resource.create_tags(resources: [vpc.vpc_id], tags: [{ key: "Name", value: new_resource.name }])
       end
       vpc
     end
   end
 
   def update_aws_object(vpc)
-    if new_resource.instance_tenancy && new_resource.instance_tenancy != vpc.instance_tenancy
+    if new_resource.instance_tenancy && new_resource.instance_tenancy.to_s != vpc.instance_tenancy
       raise "Tenancy of VPC #{new_resource.name} is #{vpc.instance_tenancy}, but desired tenancy is #{new_resource.instance_tenancy}.  Instance tenancy of VPCs cannot be changed!"
     end
     if new_resource.cidr_block && new_resource.cidr_block != vpc.cidr_block
@@ -71,8 +73,8 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
       #SDK V2
       nat_gateways = new_resource.driver.ec2_client.describe_nat_gateways({
           :filter => [
-              { name: 'vpc-id', values: [vpc.id] },
-              { name: 'state', values: ['available', 'pending'] }
+              { name: "vpc-id", values: [vpc.id] },
+              { name: "state", values: ["available", "pending"] },
           ]
       }).nat_gateways
 
@@ -100,7 +102,7 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
       # If any of the below resources start needing complicated delete logic (dependent resources needing to
       # be deleted) move that logic into `delete_aws_resource` and add the purging logic to the resource
       vpc.network_acls.each do |na|
-        next if na.default?
+        next if na.is_default
         Cheffish.inline_resource(self, action) do
           aws_network_acl na do
             action :purge
@@ -118,8 +120,9 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
           end
         end
       end
+
       vpc.security_groups.each do |sg|
-        next if sg.name == 'default'
+        next if sg.group_name == "default"
         Cheffish.inline_resource(self, action) do
           aws_security_group sg do
             action :purge
@@ -151,9 +154,9 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
             :filters => [
                 {
                     :name => filter,
-                    :values => [vpc.id]
-                }
-            ]
+                    :values => [vpc.id],
+                },
+            ],
         }).vpc_peering_connections
       end
 
@@ -170,11 +173,13 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
     end
 
     # Detach or destroy the internet gateway
-    ig = vpc.internet_gateway
+    ig = vpc.internet_gateways.first
     if ig
       Cheffish.inline_resource(self, action) do
         aws_internet_gateway ig do
-          if ig.tags['OwnedByVPC'] == vpc.id
+          ig_tag = ig.tags.find { |i| i.key == "OwnedByVPC" }
+          ig_vpc = ig_tag.value unless ig_tag.nil?
+          if ig_vpc == vpc.id
             action :purge
           else
             action :detach
@@ -218,11 +223,11 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
   end
 
   def update_internet_gateway(vpc)
-    current_ig = vpc.internet_gateway
+    current_ig = vpc.internet_gateways.first
     current_driver = self.new_resource.driver
     current_chef_server = self.new_resource.chef_server
     case new_resource.internet_gateway
-      when String, Chef::Resource::AwsInternetGateway, AWS::EC2::InternetGateway
+      when String, Chef::Resource::AwsInternetGateway, ::Aws::EC2::InternetGateway
         new_ig = Chef::Resource::AwsInternetGateway.get_aws_object(new_resource.internet_gateway, resource: new_resource)
         if !current_ig
           Cheffish.inline_resource(self, action) do
@@ -239,7 +244,9 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
         elsif current_ig != new_ig
           Cheffish.inline_resource(self, action) do
             aws_internet_gateway current_ig do
-              if current_ig.tags['OwnedByVPC'] == vpc.id
+              ig_tag = current_ig.tags.find { |i| i.key == "OwnedByVPC" }
+              ig_vpc = ig_tag.value unless ig_tag.nil?
+              if ig_vpc == vpc.id
                 action :destroy
               else
                 action :detach
@@ -268,8 +275,10 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
       when false
         if current_ig
           Cheffish.inline_resource(self, action) do
-            aws_internet_gateway current_ig.id do
-              if current_ig.tags['OwnedByVPC'] == vpc.id
+            aws_internet_gateway current_ig do
+              ig_tag = current_ig.tags.find { |i| i.key == "OwnedByVPC" }
+              ig_vpc = ig_tag.value unless ig_tag.nil?
+              if ig_vpc == vpc.id
                 action :destroy
               else
                 action :detach
@@ -284,15 +293,28 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
 
   def update_main_route_table(vpc)
     desired_route_table = Chef::Resource::AwsRouteTable.get_aws_object(new_resource.main_route_table, resource: new_resource)
-    current_route_table = vpc.route_tables.main_route_table
-    if current_route_table.id != desired_route_table.id
-      main_association = current_route_table.associations.select { |a| a.main? }.first
-      if !main_association
-        raise "No main route table association found for #{new_resource.to_s} current main route table #{current_route_table.id}: error!  Probably a race condition."
+    main_route_table = nil
+    current_route_table = nil
+    # Below snippet gives the entry of main_route_table and current_route_table entry who is associated with current vpc.It is an replacement of "vpc.route_tables.main_route_table"
+    vpc.route_tables.entries.each do |entry|
+      if !entry.associations.empty?
+        entry.associations.each do |r|
+          if r.main == true
+            main_route_table = r
+          elsif r.main == false
+            current_route_table = r
+          end
+        end
       end
-      converge_by "change main route table for #{new_resource.to_s} to #{desired_route_table.id} (was #{current_route_table.id})" do
+    end
+    current_route_table ||= main_route_table
+    if current_route_table.route_table_id != desired_route_table.id
+      if main_route_table.nil?
+        raise "No main route table association found for #{new_resource.to_s} current main route table. error!  Probably a race condition."
+      end
+      converge_by "change main route table for #{new_resource.to_s} to #{desired_route_table.id} (was #{current_route_table.route_table_id})" do
         vpc.client.replace_route_table_association(
-          association_id: main_association.id,
+          association_id: main_route_table.id,
           route_table_id: desired_route_table.id
         )
       end
@@ -304,12 +326,16 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
     # If no route table is provided and we fetch the current main one from AWS,
     # there is no guarantee that is the 'default' route table created when
     # creating the VPC
-    main_route_table ||= vpc.route_tables.main_route_table
+    main_route_table = nil
+    # Below snippet gives the entry of main_route_table entry who is associated with current vpc.It is an replacement of "vpc.route_tables.main_route_table"
+    vpc.route_tables.entries.each do |entry|
+      main_route_table = entry.associations.find { |r| r.main == true } unless entry.associations.empty?
+    end
     main_routes = new_resource.main_routes
     current_driver = self.new_resource.driver
     current_chef_server = self.new_resource.chef_server
     Cheffish.inline_resource(self, action) do
-      aws_route_table main_route_table.id do
+      aws_route_table main_route_table.route_table_id do
         vpc vpc
         routes main_routes
         driver current_driver
@@ -322,9 +348,12 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
   def update_dhcp_options(vpc)
     dhcp_options = vpc.dhcp_options
     desired_dhcp_options = Chef::Resource::AwsDhcpOptions.get_aws_object(new_resource.dhcp_options, resource: new_resource)
-    if dhcp_options != desired_dhcp_options
+    if dhcp_options.id != desired_dhcp_options.id
       converge_by "change DHCP options for #{new_resource.to_s} to #{new_resource.dhcp_options} (#{desired_dhcp_options.id}) - was #{dhcp_options.id}" do
-        vpc.dhcp_options = desired_dhcp_options
+        vpc.associate_dhcp_options({
+          dhcp_options_id: desired_dhcp_options.id, # required
+          dry_run: false,
+        })
       end
     end
   end

data/lib/chef/provisioning/aws_driver/aws_provider.rb

@@ -29,7 +29,7 @@ class AWSProvider < Chef::Provider::LWRPBase
   end
 
   def region
-    new_resource.driver.region
+    new_resource.driver.aws_config[:region]
   end
 
   #
@@ -273,9 +273,18 @@ class AWSProvider < Chef::Provider::LWRPBase
       Chef::Log.debug("Current exception in wait_for is #{exception.inspect}") if exception
       begin
         yield(aws_object) if block_given?
-        current_response = aws_object.send(query_method)
+        if aws_object.class.to_s.eql?("Aws::EC2::Vpc")
+          vpc = new_resource.driver.ec2.describe_vpcs(vpc_ids: [aws_object.vpc_id]).vpcs
+          current_response = "[:#{vpc[0].state}]"
+        elsif aws_object.class.to_s.eql?("Aws::EC2::NetworkInterface")
+          result = new_resource.driver.ec2_resource.network_interface(aws_object.id)
+          current_response = "[:#{result.status}]"
+          current_response = "[:in_use]" if current_response.eql?("[:in-use]")
+        elsif aws_object.class.to_s.eql?("Aws::EC2::NatGateway")
+          current_response = "[:#{aws_object.state}]"
+        end
         Chef::Log.debug("Current response in wait_for from [#{query_method}] is #{current_response}")
-        unless expected_responses.include?(current_response)
+        unless expected_responses.to_s.include?(current_response)
           raise StatusTimeoutError.new(aws_object, current_response, expected_responses)
         end
       rescue *acceptable_errors

data/lib/chef/provisioning/aws_driver/aws_resource.rb

@@ -1,4 +1,4 @@
-require 'aws'
+require 'aws-sdk'
 require 'chef/provisioning/aws_driver/super_lwrp'
 require 'chef/provisioning/chef_managed_entry_store'
 # Enough resources will eventually require this that we put 1 require in here
@@ -87,7 +87,7 @@ module AWSDriver
     # `AWSResource.lookup_options` will translate each ID with
     # `AwsSubnet.get_aws_object('subnet1')`, which supports Chef names
     # (`mysubnet`) as well as AWS subnet Ids (`subnet-1234abcd`) or AWS objects
-    # (`AWS::EC2::Subnet`).
+    # (`::Aws::EC2::Subnet`).
     #
     # Keys that represent non-AWS-objects (such as `timeout`) are left alone.
     #

data/lib/chef/provisioning/aws_driver/aws_resource_with_entry.rb

@@ -20,7 +20,7 @@ class Chef::Provisioning::AWSDriver::AWSResourceWithEntry < Chef::Provisioning::
   #
   # Save the ID of this object to Chef.
   #
-  # @param aws_object [AWS::EC2::Core] The AWS object containing the ID.
+  # @param aws_object [::Aws::EC2::Core] The AWS object containing the ID.
   # @param action_handler [Chef::Provisioning::ActionHandler] The action handler,
   #        which handles progress reporting, update reporting ("little green text")
   #        and dry run.

data/lib/chef/provisioning/aws_driver/aws_tagger.rb

@@ -16,7 +16,7 @@ class AWSTagger
   def_delegators :@tagging_strategy, :desired_tags, :current_tags, :set_tags, :delete_tags
 
   def converge_tags
-    if desired_tags.nil?
+    if desired_tags.nil? || desired_tags.empty?
       Chef::Log.debug "aws_tags not provided, nothing to converge"
       return
     end
@@ -37,7 +37,7 @@ class AWSTagger
     Retryable.retryable(
       :tries => 20,
       :sleep => lambda { |n| [2**n, 10].min },
-      :on => [AWS::Errors::Base, Aws::Errors::ServiceError,]
+      :on => [::Aws::EC2::Errors, Aws::S3::Errors, ::Aws::S3::Errors::ServiceError,]
     ) do |retries, exception|
       if retries > 0
         Chef::Log.info "Retrying the tagging, previous try failed with #{exception.inspect}"