kubernetes-sigs · jeswinkoshyninan · Nov 26, 2024 · Nov 26, 2024 · Jan 24, 2025
diff --git a/docs/deploy/configurations.md b/docs/deploy/configurations.md
@@ -72,7 +72,6 @@ Currently, you can set only 1 namespace to watch in this flag. See [this Kuberne
 | aws-region                                                                      | string                          | [instance metadata](#instance-metadata)    | AWS Region for the kubernetes cluster                                                                                                          |
 | aws-vpc-id                                                                      | string                          | [instance metadata](#instance-metadata)    | AWS VPC ID for the Kubernetes cluster                                                                                                          |
 | aws-vpc-tags                                                                    | stringMap                       |                                            | Tags for the Kubernetes cluster VPC, When both flags `--aws-vpc-id` and `--aws-vpc-tags` are specified, the controller prioritizes `--aws-vpc-id` and ignores the other flag.
-| aws-vpc-tag-key                                                            | string                          | Name                                       | Optional tag key used with aws-vpc-tags add only if VPC name tag key is not the default value "Name"
 | allowed-certificate-authority-arns                                              | stringList                      | []                                         | Specify an optional list of CA ARNs to filter on in cert discovery (empty means all CAs are allowed)                                           |
 | backend-security-group                                                          | string                          |                                            | Backend security group id to use for the ingress rules on the worker node SG                                                                   |
 | cluster-name                                                                    | string                          |                                            | Kubernetes cluster name                                                                                                                        |

diff --git a/docs/deploy/installation.md b/docs/deploy/installation.md
@@ -37,7 +37,7 @@ You can set the IMDSv2 as follows:
 aws ec2 modify-instance-metadata-options --http-put-response-hop-limit 2 --http-tokens required --region <region> --instance-id <instance-id>
 ```
 
-Instead of depending on IMDSv2, you can specify the AWS Region via the controller flag `--aws-region`, and the AWS VPC via controller flag `--aws-vpc-id` or by specifying vpc tags via the flag `--aws-vpc-tags` and an optional flag `--aws-vpc-tag-key` if you have a different key for the tag other than "Name". When both flags `--aws-vpc-id` and `--aws-vpc-tags` are specified, the controller prioritizes `--aws-vpc-id`and ignores the other flag.
+Instead of depending on IMDSv2, you can specify the AWS Region via the controller flag `--aws-region`, and the AWS VPC via controller flag `--aws-vpc-id` or by specifying vpc tags via the flag `--aws-vpc-tags`. When both flags `--aws-vpc-id` and `--aws-vpc-tags` are specified, the controller prioritizes `--aws-vpc-id`and ignores the other flag.
 
 ## Configure IAM
 

diff --git a/pkg/aws/cloud.go b/pkg/aws/cloud.go
@@ -3,17 +3,18 @@ package aws
 import (
 	"context"
 	"fmt"
+	"net"
+	"os"
+	"strings"
+
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/ratelimit"
 	"github.com/aws/aws-sdk-go-v2/aws/retry"
 	"github.com/aws/aws-sdk-go-v2/config"
 	ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	smithymiddleware "github.com/aws/smithy-go/middleware"
-	"net"
-	"os"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/aws/throttle"
 	"sigs.k8s.io/aws-load-balancer-controller/pkg/version"
-	"strings"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
@@ -158,7 +159,7 @@ func getVpcID(cfg CloudConfig, ec2Service services.EC2, ec2Metadata services.EC2
 	}
 
 	if cfg.VpcTags != nil {
-		return inferVPCIDFromTags(ec2Service, cfg.VpcNameTagKey, cfg.VpcTags[cfg.VpcNameTagKey])
+		return inferVPCIDFromTags(ec2Service, cfg.VpcTags)
 	}
 
 	return inferVPCID(ec2Metadata, ec2Service)
@@ -200,23 +201,27 @@ func inferVPCID(ec2Metadata services.EC2Metadata, ec2Service services.EC2) (stri
 	return "", amerrors.NewAggregate(errList)
 }
 
-func inferVPCIDFromTags(ec2Service services.EC2, VpcNameTagKey string, VpcNameTagValue string) (string, error) {
+func inferVPCIDFromTags(ec2Service services.EC2, VpcTags map[string]string) (string, error) {
+	vpcFilter := []ec2types.Filter{}
+
+	for tagKey, tagValue := range VpcTags {
+		vpcFilter = append(vpcFilter, ec2types.Filter{
+			Name:   aws.String(fmt.Sprintf("tag:%s", tagKey)),
+			Values: []string{tagValue},
+		})
+	}
+
 	vpcs, err := ec2Service.DescribeVPCsAsList(context.Background(), &ec2.DescribeVpcsInput{
-		Filters: []ec2types.Filter{
-			{
-				Name:   aws.String("tag:" + VpcNameTagKey),
-				Values: []string{VpcNameTagValue},
-			},
-		},
+		Filters: vpcFilter,
 	})
 	if err != nil {
-		return "", fmt.Errorf("failed to fetch VPC ID with tag: %w", err)
+		return "", fmt.Errorf("failed to fetch VPC ID with tags(s): %w", err)
 	}
 	if len(vpcs) == 0 {
-		return "", fmt.Errorf("no VPC exists with tag: %w", err)
+		return "", fmt.Errorf("no VPC exists with tags(s): %w", err)
 	}
 	if len(vpcs) > 1 {
-		return "", fmt.Errorf("multiple VPCs exists with tag: %w", err)
+		return "", fmt.Errorf("multiple VPCs exists with tag(s): %w", err)
 	}
 
 	return *vpcs[0].VpcId, nil

diff --git a/pkg/aws/cloud_config.go b/pkg/aws/cloud_config.go
@@ -15,9 +15,7 @@ const (
 	flagAWSVpcTags       = "aws-vpc-tags"
 	flagAWSVpcCacheTTL   = "aws-vpc-cache-ttl"
 	flagAWSMaxRetries    = "aws-max-retries"
-	flagAWSVpcNameTagKey = "aws-vpc-tag-key"
 	defaultVpcID         = ""
-	defaultVpcNameTagKey = "Name"
 	defaultRegion        = ""
 	defaultAPIMaxRetries = 10
 )
@@ -53,7 +51,6 @@ func (cfg *CloudConfig) BindFlags(fs *pflag.FlagSet) {
 	fs.Var(cfg.ThrottleConfig, flagAWSAPIThrottle, "throttle settings for AWS APIs, format: serviceID1:operationRegex1=rate:burst,serviceID2:operationRegex2=rate:burst")
 	fs.StringVar(&cfg.VpcID, flagAWSVpcID, defaultVpcID, "AWS VpcID for the LoadBalancer resources")
 	fs.StringToStringVar(&cfg.VpcTags, flagAWSVpcTags, nil, "AWS VPC tags List,format: tagkey1=tagvalue1,tagkey2=tagvalue2")
-	fs.StringVar(&cfg.VpcNameTagKey, flagAWSVpcNameTagKey, defaultVpcNameTagKey, "AWS tag key for identifying the VPC")
 	fs.IntVar(&cfg.MaxRetries, flagAWSMaxRetries, defaultAPIMaxRetries, "Maximum retries for AWS APIs")
 	fs.StringToStringVar(&cfg.AWSEndpoints, flagAWSAPIEndpoints, nil, "Custom AWS endpoint configuration, format: serviceID1=URL1,serviceID2=URL2")
 }