EC2 Instance Tags have two fields in the spec with different semantics

[justinmir]

EC2 instance tags can currently be specified via TagSpecification and Tags (link).

type InstanceParameters struct {
 	// Tags are used as identification helpers between AWS resources.
	// +optional
	Tags []Tag `json:"tags,omitempty"`

	// The tags to apply to the resources during launch. You can only tag instances
	// and volumes on launch. The specified tags are applied to all instances or
	// volumes that are created during launch. To tag a resource after it has been
	// created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html).
	// +immutable
	// +optional
	TagSpecifications []TagSpecification `json:"tagSpecifications,omitempty"`
}

However, only TagSpecification can be used for tags that must be specified during launch. The EC2 instance controller creates tag specified in Tags in a seperate CreateTags step after the RunInstances call.

How could Crossplane help solve your problem?

Consolidating tags into a single struct Tags would simplify the Spec and make it easier to use. All tags specified in the spec should be applied when the instance is created to ensure that any IAM policies that require tagging are respected.

This would be a backwards incompatible change and any users using TagSpecification would have to migrate to Tags or their tags will be removed on controller upgrade.

However this does make the instance creation a single API call. Currently, if the RunInstances call succeeds but the CreateTags call fails - the instance may be orphaned.