2014-06-24 04:01:57 +02:00
|
|
|
package aws
|
|
|
|
|
|
|
|
import (
|
2016-08-09 00:19:06 +02:00
|
|
|
"crypto/tls"
|
2016-09-02 19:36:01 +02:00
|
|
|
"errors"
|
2014-07-30 00:22:37 +02:00
|
|
|
"fmt"
|
2014-11-21 17:58:34 +01:00
|
|
|
"log"
|
2015-12-10 22:43:13 +01:00
|
|
|
"net/http"
|
2016-10-10 23:26:30 +02:00
|
|
|
"os"
|
2015-04-20 00:54:42 +02:00
|
|
|
"strings"
|
2016-10-10 23:26:30 +02:00
|
|
|
"time"
|
2014-06-24 04:01:57 +02:00
|
|
|
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
2015-07-14 23:39:50 +02:00
|
|
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
2016-03-14 17:06:22 +01:00
|
|
|
"github.com/aws/aws-sdk-go/aws/request"
|
2015-10-30 00:52:10 +01:00
|
|
|
"github.com/aws/aws-sdk-go/aws/session"
|
2016-08-22 00:17:19 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/acm"
|
2016-03-05 23:12:19 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/apigateway"
|
2016-07-15 13:54:36 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/applicationautoscaling"
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/autoscaling"
|
2015-07-07 09:00:05 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/cloudformation"
|
2016-04-14 21:55:11 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/cloudfront"
|
2015-08-28 00:11:56 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/cloudtrail"
|
2015-06-07 11:23:32 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/cloudwatch"
|
2016-01-29 20:13:52 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/cloudwatchevents"
|
2015-09-16 23:02:28 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
|
2017-01-12 17:01:15 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/codebuild"
|
2015-10-30 22:35:16 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/codecommit"
|
2015-07-19 06:09:00 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/codedeploy"
|
2017-02-22 18:31:24 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/codepipeline"
|
2017-02-02 23:29:13 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/configservice"
|
2017-02-02 11:30:05 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/databasemigrationservice"
|
2015-09-13 18:57:58 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/directoryservice"
|
2015-06-04 02:12:41 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/dynamodb"
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/ec2"
|
2015-12-22 16:31:30 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/ecr"
|
2015-05-04 23:48:09 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/ecs"
|
2015-06-02 22:19:50 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/efs"
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/elasticache"
|
2016-03-07 21:42:30 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/elasticbeanstalk"
|
2015-10-02 00:12:46 +02:00
|
|
|
elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice"
|
2016-05-27 00:29:42 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/elastictranscoder"
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/elb"
|
2016-08-11 23:25:40 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/elbv2"
|
2016-05-05 12:34:18 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/emr"
|
2015-11-09 23:26:55 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/firehose"
|
2015-09-03 23:57:56 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/glacier"
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/iam"
|
2017-01-17 18:30:46 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/inspector"
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/kinesis"
|
2015-09-09 17:58:24 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/kms"
|
2015-06-09 21:12:47 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/lambda"
|
2016-12-01 18:35:11 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/lightsail"
|
2015-05-11 05:20:17 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/opsworks"
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/rds"
|
2015-11-11 21:51:46 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/redshift"
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/route53"
|
|
|
|
"github.com/aws/aws-sdk-go/service/s3"
|
2016-06-26 23:07:14 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/ses"
|
2017-01-10 15:17:39 +01:00
|
|
|
"github.com/aws/aws-sdk-go/service/sfn"
|
2016-07-12 13:55:58 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/simpledb"
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/sns"
|
|
|
|
"github.com/aws/aws-sdk-go/service/sqs"
|
2016-08-25 10:47:24 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/ssm"
|
2016-04-28 03:49:42 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/sts"
|
2016-09-13 08:32:42 +02:00
|
|
|
"github.com/aws/aws-sdk-go/service/waf"
|
2016-10-10 23:26:30 +02:00
|
|
|
"github.com/davecgh/go-spew/spew"
|
2016-08-09 00:19:06 +02:00
|
|
|
"github.com/hashicorp/errwrap"
|
|
|
|
"github.com/hashicorp/go-cleanhttp"
|
|
|
|
"github.com/hashicorp/terraform/helper/logging"
|
|
|
|
"github.com/hashicorp/terraform/terraform"
|
2014-06-24 04:01:57 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
type Config struct {
|
2016-01-11 16:22:09 +01:00
|
|
|
AccessKey string
|
|
|
|
SecretKey string
|
|
|
|
CredsFilename string
|
|
|
|
Profile string
|
|
|
|
Token string
|
|
|
|
Region string
|
|
|
|
MaxRetries int
|
2015-04-20 00:54:42 +02:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
AssumeRoleARN string
|
|
|
|
AssumeRoleExternalID string
|
|
|
|
AssumeRoleSessionName string
|
2017-01-29 21:32:24 +01:00
|
|
|
AssumeRolePolicy string
|
2016-09-02 19:36:01 +02:00
|
|
|
|
2015-04-20 00:54:42 +02:00
|
|
|
AllowedAccountIds []interface{}
|
|
|
|
ForbiddenAccountIds []interface{}
|
2015-07-22 23:57:29 +02:00
|
|
|
|
2016-08-10 17:46:02 +02:00
|
|
|
DynamoDBEndpoint string
|
|
|
|
KinesisEndpoint string
|
|
|
|
Ec2Endpoint string
|
|
|
|
IamEndpoint string
|
|
|
|
ElbEndpoint string
|
|
|
|
S3Endpoint string
|
|
|
|
Insecure bool
|
|
|
|
|
|
|
|
SkipCredsValidation bool
|
2017-01-23 16:01:22 +01:00
|
|
|
SkipRegionValidation bool
|
2016-08-10 17:46:02 +02:00
|
|
|
SkipRequestingAccountId bool
|
|
|
|
SkipMetadataApiCheck bool
|
2016-08-12 18:52:12 +02:00
|
|
|
S3ForcePathStyle bool
|
2014-11-21 17:58:34 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
type AWSClient struct {
|
2016-05-27 00:29:42 +02:00
|
|
|
cfconn *cloudformation.CloudFormation
|
|
|
|
cloudfrontconn *cloudfront.CloudFront
|
|
|
|
cloudtrailconn *cloudtrail.CloudTrail
|
|
|
|
cloudwatchconn *cloudwatch.CloudWatch
|
|
|
|
cloudwatchlogsconn *cloudwatchlogs.CloudWatchLogs
|
|
|
|
cloudwatcheventsconn *cloudwatchevents.CloudWatchEvents
|
2017-02-02 23:29:13 +01:00
|
|
|
configconn *configservice.ConfigService
|
2017-02-02 11:30:05 +01:00
|
|
|
dmsconn *databasemigrationservice.DatabaseMigrationService
|
2016-05-27 00:29:42 +02:00
|
|
|
dsconn *directoryservice.DirectoryService
|
|
|
|
dynamodbconn *dynamodb.DynamoDB
|
|
|
|
ec2conn *ec2.EC2
|
|
|
|
ecrconn *ecr.ECR
|
|
|
|
ecsconn *ecs.ECS
|
|
|
|
efsconn *efs.EFS
|
|
|
|
elbconn *elb.ELB
|
2016-08-11 23:25:40 +02:00
|
|
|
elbv2conn *elbv2.ELBV2
|
2016-05-27 00:29:42 +02:00
|
|
|
emrconn *emr.EMR
|
|
|
|
esconn *elasticsearch.ElasticsearchService
|
2016-08-22 00:17:19 +02:00
|
|
|
acmconn *acm.ACM
|
2016-05-27 00:29:42 +02:00
|
|
|
apigateway *apigateway.APIGateway
|
2016-07-15 13:54:36 +02:00
|
|
|
appautoscalingconn *applicationautoscaling.ApplicationAutoScaling
|
2016-05-27 00:29:42 +02:00
|
|
|
autoscalingconn *autoscaling.AutoScaling
|
|
|
|
s3conn *s3.S3
|
2016-06-26 23:07:14 +02:00
|
|
|
sesConn *ses.SES
|
2016-07-12 13:55:58 +02:00
|
|
|
simpledbconn *simpledb.SimpleDB
|
2016-05-27 00:29:42 +02:00
|
|
|
sqsconn *sqs.SQS
|
|
|
|
snsconn *sns.SNS
|
|
|
|
stsconn *sts.STS
|
|
|
|
redshiftconn *redshift.Redshift
|
|
|
|
r53conn *route53.Route53
|
2016-10-07 05:36:44 +02:00
|
|
|
partition string
|
2016-05-27 00:29:42 +02:00
|
|
|
accountid string
|
2017-03-16 22:11:55 +01:00
|
|
|
supportedplatforms []string
|
2016-05-27 00:29:42 +02:00
|
|
|
region string
|
|
|
|
rdsconn *rds.RDS
|
|
|
|
iamconn *iam.IAM
|
|
|
|
kinesisconn *kinesis.Kinesis
|
|
|
|
kmsconn *kms.KMS
|
|
|
|
firehoseconn *firehose.Firehose
|
2017-01-17 18:30:46 +01:00
|
|
|
inspectorconn *inspector.Inspector
|
2016-05-27 00:29:42 +02:00
|
|
|
elasticacheconn *elasticache.ElastiCache
|
|
|
|
elasticbeanstalkconn *elasticbeanstalk.ElasticBeanstalk
|
|
|
|
elastictranscoderconn *elastictranscoder.ElasticTranscoder
|
|
|
|
lambdaconn *lambda.Lambda
|
2016-12-01 18:35:11 +01:00
|
|
|
lightsailconn *lightsail.Lightsail
|
2016-05-27 00:29:42 +02:00
|
|
|
opsworksconn *opsworks.OpsWorks
|
|
|
|
glacierconn *glacier.Glacier
|
2017-01-12 17:01:15 +01:00
|
|
|
codebuildconn *codebuild.CodeBuild
|
2016-05-27 00:29:42 +02:00
|
|
|
codedeployconn *codedeploy.CodeDeploy
|
|
|
|
codecommitconn *codecommit.CodeCommit
|
2017-02-22 18:31:24 +01:00
|
|
|
codepipelineconn *codepipeline.CodePipeline
|
2017-01-10 15:17:39 +01:00
|
|
|
sfnconn *sfn.SFN
|
2016-08-25 10:47:24 +02:00
|
|
|
ssmconn *ssm.SSM
|
2016-09-13 08:32:42 +02:00
|
|
|
wafconn *waf.WAF
|
2014-11-21 17:58:34 +01:00
|
|
|
}
|
|
|
|
|
2015-07-22 23:57:29 +02:00
|
|
|
// Client configures and returns a fully initialized AWSClient
|
2014-11-21 17:58:34 +01:00
|
|
|
func (c *Config) Client() (interface{}, error) {
|
|
|
|
// Get the auth and region. This can fail if keys/regions were not
|
|
|
|
// specified and we're attempting to use the environment.
|
2017-01-23 16:01:22 +01:00
|
|
|
if c.SkipRegionValidation {
|
|
|
|
log.Println("[INFO] Skipping region validation")
|
|
|
|
} else {
|
|
|
|
log.Println("[INFO] Building AWS region structure")
|
|
|
|
err := c.ValidateRegion()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2014-11-21 17:58:34 +01:00
|
|
|
}
|
|
|
|
|
2016-03-05 23:12:19 +01:00
|
|
|
var client AWSClient
|
2016-09-02 19:36:01 +02:00
|
|
|
// store AWS region in client struct, for region specific operations such as
|
|
|
|
// bucket storage in S3
|
|
|
|
client.region = c.Region
|
2015-02-20 15:55:54 +01:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
log.Println("[INFO] Building AWS auth structure")
|
|
|
|
creds, err := GetCredentials(c)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
// Call Get to check for credential provider. If nothing found, we'll get an
|
|
|
|
// error, and we can present it nicely to the user
|
|
|
|
cp, err := creds.Get()
|
|
|
|
if err != nil {
|
|
|
|
if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" {
|
|
|
|
return nil, errors.New(`No valid credential sources found for AWS Provider.
|
2016-04-14 21:55:11 +02:00
|
|
|
Please see https://terraform.io/docs/providers/aws/index.html for more information on
|
2016-09-02 19:36:01 +02:00
|
|
|
providing credentials for the AWS Provider`)
|
2015-12-10 22:43:13 +01:00
|
|
|
}
|
2015-12-12 23:58:19 +01:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
return nil, fmt.Errorf("Error loading credentials for AWS Provider: %s", err)
|
|
|
|
}
|
2015-12-12 23:58:19 +01:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
log.Printf("[INFO] AWS Auth provider used: %q", cp.ProviderName)
|
2015-04-13 21:01:41 +02:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
awsConfig := &aws.Config{
|
|
|
|
Credentials: creds,
|
|
|
|
Region: aws.String(c.Region),
|
|
|
|
MaxRetries: aws.Int(c.MaxRetries),
|
|
|
|
HTTPClient: cleanhttp.DefaultClient(),
|
|
|
|
S3ForcePathStyle: aws.Bool(c.S3ForcePathStyle),
|
|
|
|
}
|
2016-03-14 17:17:05 +01:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
if logging.IsDebugOrHigher() {
|
|
|
|
awsConfig.LogLevel = aws.LogLevel(aws.LogDebugWithHTTPBody)
|
|
|
|
awsConfig.Logger = awsLogger{}
|
|
|
|
}
|
2015-12-11 16:27:49 +01:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
if c.Insecure {
|
|
|
|
transport := awsConfig.HTTPClient.Transport.(*http.Transport)
|
|
|
|
transport.TLSClientConfig = &tls.Config{
|
|
|
|
InsecureSkipVerify: true,
|
2016-08-09 00:19:06 +02:00
|
|
|
}
|
2016-09-02 19:36:01 +02:00
|
|
|
}
|
2015-12-11 16:27:49 +01:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
// Set up base session
|
|
|
|
sess, err := session.NewSession(awsConfig)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errwrap.Wrapf("Error creating AWS session: {{err}}", err)
|
|
|
|
}
|
2016-11-02 16:43:35 +01:00
|
|
|
|
|
|
|
// Removes the SDK Version handler, so we only have the provider User-Agent
|
|
|
|
// Ex: "User-Agent: APN/1.0 HashiCorp/1.0 Terraform/0.7.9-dev"
|
|
|
|
sess.Handlers.Build.Remove(request.NamedHandler{Name: "core.SDKVersionUserAgentHandler"})
|
2016-09-02 19:36:01 +02:00
|
|
|
sess.Handlers.Build.PushFrontNamed(addTerraformVersionToUserAgent)
|
2016-07-21 00:49:57 +02:00
|
|
|
|
2016-10-10 23:26:30 +02:00
|
|
|
if extraDebug := os.Getenv("TERRAFORM_AWS_AUTHFAILURE_DEBUG"); extraDebug != "" {
|
|
|
|
sess.Handlers.UnmarshalError.PushFrontNamed(debugAuthFailure)
|
|
|
|
}
|
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
// Some services exist only in us-east-1, e.g. because they manage
|
|
|
|
// resources that can span across multiple regions, or because
|
|
|
|
// signature format v4 requires region to be us-east-1 for global
|
|
|
|
// endpoints:
|
|
|
|
// http://docs.aws.amazon.com/general/latest/gr/sigv4_changes.html
|
|
|
|
usEast1Sess := sess.Copy(&aws.Config{Region: aws.String("us-east-1")})
|
2015-07-14 23:39:50 +02:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
// Some services have user-configurable endpoints
|
|
|
|
awsEc2Sess := sess.Copy(&aws.Config{Endpoint: aws.String(c.Ec2Endpoint)})
|
|
|
|
awsElbSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.ElbEndpoint)})
|
|
|
|
awsIamSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.IamEndpoint)})
|
|
|
|
awsS3Sess := sess.Copy(&aws.Config{Endpoint: aws.String(c.S3Endpoint)})
|
|
|
|
dynamoSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.DynamoDBEndpoint)})
|
|
|
|
kinesisSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.KinesisEndpoint)})
|
2016-07-21 01:38:14 +02:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
// These two services need to be set up early so we can check on AccountID
|
|
|
|
client.iamconn = iam.New(awsIamSess)
|
|
|
|
client.stsconn = sts.New(sess)
|
2016-04-28 03:49:42 +02:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
if !c.SkipCredsValidation {
|
|
|
|
err = c.ValidateCredentials(client.stsconn)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2016-08-10 18:29:07 +02:00
|
|
|
}
|
2016-09-02 19:36:01 +02:00
|
|
|
}
|
2016-08-10 16:10:34 +02:00
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
if !c.SkipRequestingAccountId {
|
2016-10-07 05:36:44 +02:00
|
|
|
partition, accountId, err := GetAccountInfo(client.iamconn, client.stsconn, cp.ProviderName)
|
2016-09-02 19:36:01 +02:00
|
|
|
if err == nil {
|
2016-10-07 05:36:44 +02:00
|
|
|
client.partition = partition
|
2016-09-02 19:36:01 +02:00
|
|
|
client.accountid = accountId
|
2015-04-20 00:54:42 +02:00
|
|
|
}
|
2014-11-21 17:58:34 +01:00
|
|
|
}
|
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
authErr := c.ValidateAccountId(client.accountid)
|
|
|
|
if authErr != nil {
|
2016-09-08 12:46:18 +02:00
|
|
|
return nil, authErr
|
2014-11-21 17:58:34 +01:00
|
|
|
}
|
|
|
|
|
2017-03-16 22:11:55 +01:00
|
|
|
client.ec2conn = ec2.New(awsEc2Sess)
|
|
|
|
|
|
|
|
supportedPlatforms, err := GetSupportedEC2Platforms(client.ec2conn)
|
|
|
|
if err != nil {
|
|
|
|
// We intentionally fail *silently* because there's a chance
|
|
|
|
// user just doesn't have ec2:DescribeAccountAttributes permissions
|
|
|
|
log.Printf("[WARN] Unable to get supported EC2 platforms: %s", err)
|
|
|
|
} else {
|
|
|
|
client.supportedplatforms = supportedPlatforms
|
|
|
|
}
|
|
|
|
|
2016-08-22 00:17:19 +02:00
|
|
|
client.acmconn = acm.New(sess)
|
2016-09-02 19:36:01 +02:00
|
|
|
client.apigateway = apigateway.New(sess)
|
|
|
|
client.appautoscalingconn = applicationautoscaling.New(sess)
|
|
|
|
client.autoscalingconn = autoscaling.New(sess)
|
|
|
|
client.cfconn = cloudformation.New(sess)
|
|
|
|
client.cloudfrontconn = cloudfront.New(sess)
|
|
|
|
client.cloudtrailconn = cloudtrail.New(sess)
|
|
|
|
client.cloudwatchconn = cloudwatch.New(sess)
|
|
|
|
client.cloudwatcheventsconn = cloudwatchevents.New(sess)
|
|
|
|
client.cloudwatchlogsconn = cloudwatchlogs.New(sess)
|
2017-01-12 15:27:04 +01:00
|
|
|
client.codecommitconn = codecommit.New(sess)
|
2017-01-12 17:01:15 +01:00
|
|
|
client.codebuildconn = codebuild.New(sess)
|
2016-09-02 19:36:01 +02:00
|
|
|
client.codedeployconn = codedeploy.New(sess)
|
2017-02-02 23:29:13 +01:00
|
|
|
client.configconn = configservice.New(sess)
|
2017-02-02 11:30:05 +01:00
|
|
|
client.dmsconn = databasemigrationservice.New(sess)
|
2017-02-22 18:31:24 +01:00
|
|
|
client.codepipelineconn = codepipeline.New(sess)
|
2016-09-02 19:36:01 +02:00
|
|
|
client.dsconn = directoryservice.New(sess)
|
|
|
|
client.dynamodbconn = dynamodb.New(dynamoSess)
|
|
|
|
client.ecrconn = ecr.New(sess)
|
|
|
|
client.ecsconn = ecs.New(sess)
|
|
|
|
client.efsconn = efs.New(sess)
|
|
|
|
client.elasticacheconn = elasticache.New(sess)
|
|
|
|
client.elasticbeanstalkconn = elasticbeanstalk.New(sess)
|
|
|
|
client.elastictranscoderconn = elastictranscoder.New(sess)
|
|
|
|
client.elbconn = elb.New(awsElbSess)
|
|
|
|
client.elbv2conn = elbv2.New(awsElbSess)
|
|
|
|
client.emrconn = emr.New(sess)
|
|
|
|
client.esconn = elasticsearch.New(sess)
|
|
|
|
client.firehoseconn = firehose.New(sess)
|
2017-01-17 18:30:46 +01:00
|
|
|
client.inspectorconn = inspector.New(sess)
|
2016-09-02 19:36:01 +02:00
|
|
|
client.glacierconn = glacier.New(sess)
|
|
|
|
client.kinesisconn = kinesis.New(kinesisSess)
|
|
|
|
client.kmsconn = kms.New(sess)
|
|
|
|
client.lambdaconn = lambda.New(sess)
|
2016-12-01 18:35:11 +01:00
|
|
|
client.lightsailconn = lightsail.New(usEast1Sess)
|
2017-03-15 15:17:53 +01:00
|
|
|
client.opsworksconn = opsworks.New(sess)
|
2016-09-02 19:36:01 +02:00
|
|
|
client.r53conn = route53.New(usEast1Sess)
|
|
|
|
client.rdsconn = rds.New(sess)
|
|
|
|
client.redshiftconn = redshift.New(sess)
|
|
|
|
client.simpledbconn = simpledb.New(sess)
|
|
|
|
client.s3conn = s3.New(awsS3Sess)
|
|
|
|
client.sesConn = ses.New(sess)
|
2017-01-10 15:17:39 +01:00
|
|
|
client.sfnconn = sfn.New(sess)
|
2016-09-02 19:36:01 +02:00
|
|
|
client.snsconn = sns.New(sess)
|
|
|
|
client.sqsconn = sqs.New(sess)
|
|
|
|
client.ssmconn = ssm.New(sess)
|
2016-09-13 08:32:42 +02:00
|
|
|
client.wafconn = waf.New(sess)
|
2016-09-02 19:36:01 +02:00
|
|
|
|
2014-11-21 17:58:34 +01:00
|
|
|
return &client, nil
|
2014-06-24 04:01:57 +02:00
|
|
|
}
|
|
|
|
|
2015-04-27 20:06:49 +02:00
|
|
|
// ValidateRegion returns an error if the configured region is not a
|
|
|
|
// valid aws region and nil otherwise.
|
2015-03-13 15:42:50 +01:00
|
|
|
func (c *Config) ValidateRegion() error {
|
2016-10-17 22:35:10 +02:00
|
|
|
var regions = []string{
|
2016-06-28 13:18:36 +02:00
|
|
|
"ap-northeast-1",
|
|
|
|
"ap-northeast-2",
|
|
|
|
"ap-south-1",
|
|
|
|
"ap-southeast-1",
|
|
|
|
"ap-southeast-2",
|
2016-12-09 10:35:07 +01:00
|
|
|
"ca-central-1",
|
2016-06-28 13:18:36 +02:00
|
|
|
"cn-north-1",
|
|
|
|
"eu-central-1",
|
|
|
|
"eu-west-1",
|
2016-12-14 10:33:58 +01:00
|
|
|
"eu-west-2",
|
2016-06-28 13:18:36 +02:00
|
|
|
"sa-east-1",
|
|
|
|
"us-east-1",
|
2016-10-17 22:35:10 +02:00
|
|
|
"us-east-2",
|
2016-06-28 13:18:36 +02:00
|
|
|
"us-gov-west-1",
|
|
|
|
"us-west-1",
|
|
|
|
"us-west-2",
|
|
|
|
}
|
2014-07-30 00:22:37 +02:00
|
|
|
|
|
|
|
for _, valid := range regions {
|
|
|
|
if c.Region == valid {
|
2015-03-13 15:42:50 +01:00
|
|
|
return nil
|
2014-07-30 00:22:37 +02:00
|
|
|
}
|
|
|
|
}
|
2015-03-13 15:42:50 +01:00
|
|
|
return fmt.Errorf("Not a valid region: %s", c.Region)
|
2014-06-24 04:01:57 +02:00
|
|
|
}
|
2015-04-20 00:54:42 +02:00
|
|
|
|
2015-08-07 16:49:59 +02:00
|
|
|
// Validate credentials early and fail before we do any graph walking.
|
2016-06-21 00:14:07 +02:00
|
|
|
func (c *Config) ValidateCredentials(stsconn *sts.STS) error {
|
|
|
|
_, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
|
2015-07-21 15:57:59 +02:00
|
|
|
return err
|
2015-07-14 23:39:50 +02:00
|
|
|
}
|
|
|
|
|
2015-04-27 20:06:49 +02:00
|
|
|
// ValidateAccountId returns a context-specific error if the configured account
|
|
|
|
// id is explicitly forbidden or not authorised; and nil if it is authorised.
|
2016-04-28 03:49:42 +02:00
|
|
|
func (c *Config) ValidateAccountId(accountId string) error {
|
2015-04-20 00:54:42 +02:00
|
|
|
if c.AllowedAccountIds == nil && c.ForbiddenAccountIds == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-09-02 19:36:01 +02:00
|
|
|
log.Println("[INFO] Validating account ID")
|
2015-04-20 00:54:42 +02:00
|
|
|
|
|
|
|
if c.ForbiddenAccountIds != nil {
|
|
|
|
for _, id := range c.ForbiddenAccountIds {
|
2016-04-28 03:49:42 +02:00
|
|
|
if id == accountId {
|
2015-04-20 00:54:42 +02:00
|
|
|
return fmt.Errorf("Forbidden account ID (%s)", id)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.AllowedAccountIds != nil {
|
|
|
|
for _, id := range c.AllowedAccountIds {
|
2016-04-28 03:49:42 +02:00
|
|
|
if id == accountId {
|
2015-04-20 00:54:42 +02:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
2016-04-28 03:49:42 +02:00
|
|
|
return fmt.Errorf("Account ID not allowed (%s)", accountId)
|
2015-04-20 00:54:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2015-12-10 22:43:13 +01:00
|
|
|
|
2017-03-16 22:11:55 +01:00
|
|
|
func GetSupportedEC2Platforms(conn *ec2.EC2) ([]string, error) {
|
|
|
|
attrName := "supported-platforms"
|
|
|
|
|
|
|
|
input := ec2.DescribeAccountAttributesInput{
|
|
|
|
AttributeNames: []*string{aws.String(attrName)},
|
|
|
|
}
|
|
|
|
attributes, err := conn.DescribeAccountAttributes(&input)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var platforms []string
|
|
|
|
for _, attr := range attributes.AccountAttributes {
|
|
|
|
if *attr.AttributeName == attrName {
|
|
|
|
for _, v := range attr.AttributeValues {
|
|
|
|
platforms = append(platforms, *v.AttributeValue)
|
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(platforms) == 0 {
|
|
|
|
return nil, fmt.Errorf("No EC2 platforms detected")
|
|
|
|
}
|
|
|
|
|
|
|
|
return platforms, nil
|
|
|
|
}
|
|
|
|
|
2016-03-14 17:06:22 +01:00
|
|
|
// addTerraformVersionToUserAgent is a named handler that will add Terraform's
|
|
|
|
// version information to requests made by the AWS SDK.
|
|
|
|
var addTerraformVersionToUserAgent = request.NamedHandler{
|
|
|
|
Name: "terraform.TerraformVersionUserAgentHandler",
|
|
|
|
Fn: request.MakeAddToUserAgentHandler(
|
2016-11-02 16:43:35 +01:00
|
|
|
"APN/1.0 HashiCorp/1.0 Terraform", terraform.VersionString()),
|
2016-03-14 17:06:22 +01:00
|
|
|
}
|
2016-03-14 17:17:05 +01:00
|
|
|
|
2016-10-10 23:26:30 +02:00
|
|
|
var debugAuthFailure = request.NamedHandler{
|
|
|
|
Name: "terraform.AuthFailureAdditionalDebugHandler",
|
|
|
|
Fn: func(req *request.Request) {
|
|
|
|
if isAWSErr(req.Error, "AuthFailure", "AWS was not able to validate the provided access credentials") {
|
|
|
|
log.Printf("[INFO] Additional AuthFailure Debugging Context")
|
|
|
|
log.Printf("[INFO] Current system UTC time: %s", time.Now().UTC())
|
|
|
|
log.Printf("[INFO] Request object: %s", spew.Sdump(req))
|
|
|
|
}
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2016-03-14 17:17:05 +01:00
|
|
|
type awsLogger struct{}
|
|
|
|
|
|
|
|
func (l awsLogger) Log(args ...interface{}) {
|
|
|
|
tokens := make([]string, 0, len(args))
|
|
|
|
for _, arg := range args {
|
|
|
|
if token, ok := arg.(string); ok {
|
|
|
|
tokens = append(tokens, token)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
log.Printf("[DEBUG] [aws-sdk-go] %s", strings.Join(tokens, " "))
|
|
|
|
}
|