When selecting VPC via tags, only one tag is used (docs claim otherwise) #4633
Description
Bug Description
When I try to lookup my VPC by tags using the CLI arg:
vpc-tags=foo=bar,baz=buzz
as the contract suggests, it doesn't work; in reality it only supports a single tag, by default called Name, with the ability to switch what tag name we use.
Looks like this has been a known issue for a while and was attempted to be fixed but the fix stalled out.
Steps to Reproduce
- Create a VPC with tags
foo: barandbaz: buzz - Deploy with IMDS off, and the helm chart
vpcTags:
foo: bar
baz: buzz
or with the corresponding CLI arg
- Observe that these tags are not looked up
- further observe that the error message itself fails to parse the args:
{"level":"error","ts":"2026-03-20T17:22:08Z","logger":"setup","msg":"unable to initialize AWS
cloud","error":"failed to get VPC ID: no VPC exists with tag: %!w(<nil>)"}
Expected Behavior
Should filter for a VPC with those two tags.
Actual Behavior
Controller can't start due to no matching tags on a VPC.
Regression
Was the functionality working correctly in a previous version ? No, the feature has never worked as described, despite documentation that would indicate it should
Current Workarounds
No workaround available
Environment
- AWS Load Balancer controller version: 3.1
- Kubernetes version: 1.32
- Using EKS (yes/no), if so version?: yes, 1.32
- Using Service or Ingress: service
- AWS region: us-west-1
- How was the aws-load-balancer-controller installed: helm
Possible Solution (Optional)
this PR looks like it got close, but I don't care about the "tag key" part -- if I specify a set of tags, use them all as they are.
Contribution Intention (Optional)
- Yes, I'm willing to submit a PR to fix this issue
- No, I cannot work on a PR at this time
Additional Context