Dear amazon,
Please update default policy arn:aws:iam::aws:policy/aws-service-role/AWSEC2FleetServiceRolePolicy which has section:
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:spot-instances-request/*"
]
},
Which doesn't contain
"arn:aws:ec2:*:*:volume/*"
resource and therefore when fleets create instances with volumes, volumes are not getting tagged even if tags for volumes were present in creation request.
Unfortunately, this service-attached policy is "read only" so we (users) can't fix the issue by ourselves.