Adds controller tag support to instance profile.

provider/ec2/environ.go

@@ -190,7 +190,12 @@ func (e *environ) Bootstrap(ctx environs.BootstrapContext, callCtx context.Provi
 		if !ok {
 			return nil, errors.NewNotValid(nil, "cannot find controller name in config")
 		}
-		instProfile, err := ensureControllerInstanceProfile(ctx.Context(), e.iamClient, controllerName)
+		controllerUUID := args.ControllerConfig[controller.ControllerUUIDKey].(string)
+		instProfile, err := ensureControllerInstanceProfile(
+			ctx.Context(),
+			e.iamClient,
+			controllerName,
+			controllerUUID)
 		if err != nil {
 			return nil, err
 		}

provider/ec2/iam.go

@@ -26,6 +26,7 @@ import (
 	"github.com/juju/juju/environs/cloudspec"
 	"github.com/juju/juju/environs/context"
 	"github.com/juju/juju/environs/instances"
+	"github.com/juju/juju/environs/tags"
 )
 
 // instanceProfileClient is a subset interface of the ec2 client for attaching
@@ -70,10 +71,17 @@ func ensureControllerInstanceProfile(
 	ctx stdcontext.Context,
 	client IAMClient,
 	controllerName string,
+	controllerUUID string,
 ) (*iamtypes.InstanceProfile, error) {
 	profileName := fmt.Sprintf("juju-controller-%s", controllerName)
 	res, err := client.CreateInstanceProfile(ctx, &iam.CreateInstanceProfileInput{
 		InstanceProfileName: aws.String(profileName),
+		Tags: []iamtypes.Tag{
+			{
+				Key:   aws.String(tags.JujuController),
+				Value: aws.String(controllerUUID),
+			},
+		},
 	})
 	if err != nil {
 		var alreadyExistsErr *iamtypes.EntityAlreadyExistsException

provider/ec2/iam_test.go

@@ -16,6 +16,8 @@ import (
 	"github.com/juju/errors"
 	jc "github.com/juju/testing/checkers"
 	gc "gopkg.in/check.v1"
+
+	"github.com/juju/juju/environs/tags"
 )
 
 type IAMSuite struct{}
@@ -58,7 +60,12 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileFromScratch(c *gc.C) {
 
 			c.Assert(*i.InstanceProfileName, gc.Equals, "juju-controller-test")
 			c.Assert(i.Path, gc.IsNil)
-			c.Assert(len(i.Tags), gc.Equals, 0)
+			c.Assert(i.Tags, jc.DeepEquals, []types.Tag{
+				{
+					Key:   aws.String(tags.JujuController),
+					Value: aws.String("AABBCC"),
+				},
+			})
 
 			t := time.Now()
 			return &iam.CreateInstanceProfileOutput{
@@ -71,7 +78,7 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileFromScratch(c *gc.C) {
 		},
 	}
 
-	_, err := ensureControllerInstanceProfile(context.TODO(), client, "test")
+	_, err := ensureControllerInstanceProfile(context.TODO(), client, "test", "AABBCC")
 	c.Assert(err, jc.ErrorIsNil)
 }
 
@@ -86,7 +93,12 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileAlreadyExists(c *gc.C) {
 
 			c.Assert(*i.InstanceProfileName, gc.Equals, "juju-controller-test")
 			c.Assert(i.Path, gc.IsNil)
-			c.Assert(len(i.Tags), gc.Equals, 0)
+			c.Assert(i.Tags, jc.DeepEquals, []types.Tag{
+				{
+					Key:   aws.String(tags.JujuController),
+					Value: aws.String("ABCD"),
+				},
+			})
 
 			return nil, &types.EntityAlreadyExistsException{
 				Message: aws.String("already exists"),
@@ -111,7 +123,7 @@ func (*IAMSuite) TestEnsureControllerInstanceProfileAlreadyExists(c *gc.C) {
 		},
 	}
 
-	instanceProfile, err := ensureControllerInstanceProfile(context.TODO(), client, "test")
+	instanceProfile, err := ensureControllerInstanceProfile(context.TODO(), client, "test", "ABCD")
 	c.Assert(err, jc.ErrorIsNil)
 	c.Assert(getInstanceProfileCalled, jc.IsTrue)
 	c.Assert(*instanceProfile.Arn, gc.Equals, "arn://12345")