
2253 lines
56 KiB
Raw Normal View History

2014-07-14 22:28:00 +02:00
package aws
import (
2014-12-03 11:28:51 +01:00
provider/aws: Adding IPv6 address to instance causes perpetual diff Fixes: #14032 When you are using an IPv6 address directly to an instance, it was causing the ipv6_address_count to try and ForceNew resource. It wasn't marked as computed I was able to see this here: ``` -/+ aws_instance.test ami: "ami-c5eabbf5" => "ami-c5eabbf5" associate_public_ip_address: "false" => "<computed>" availability_zone: "us-west-2a" => "<computed>" ebs_block_device.#: "0" => "<computed>" ephemeral_block_device.#: "0" => "<computed>" instance_state: "running" => "<computed>" instance_type: "t2.micro" => "t2.micro" ipv6_address_count: "1" => "0" (forces new resource) ipv6_addresses.#: "1" => "1" ipv6_addresses.0: "2600:1f14:bb2:e501::10" => "2600:1f14:bb2:e501::10" key_name: "" => "<computed>" network_interface.#: "0" => "<computed>" network_interface_id: "eni-d19115ec" => "<computed>" placement_group: "" => "<computed>" primary_network_interface_id: "eni-d19115ec" => "<computed>" private_dns: "ip-10-20-1-252.us-west-2.compute.internal" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" root_block_device.#: "1" => "<computed>" security_groups.#: "0" => "<computed>" source_dest_check: "true" => "true" subnet_id: "subnet-3fdfb476" => "subnet-3fdfb476" tags.%: "1" => "1" tags.Name: "stack72" => "stack72" tenancy: "default" => "<computed>" volume_tags.%: "0" => "<computed>" vpc_security_group_ids.#: "1" => "<computed>" ``` It now works as expected: ``` % terraform plan ✹ ✭ [WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider. If you did not expect to see this message you will need to remove the old plugin. See https://www.terraform.io/docs/internals/internal-plugins.html Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. aws_vpc.foo: Refreshing state... (ID: vpc-fa61669d) aws_subnet.foo: Refreshing state... (ID: subnet-3fdfb476) aws_internet_gateway.foo: Refreshing state... (ID: igw-70629a17) aws_route_table.test: Refreshing state... (ID: rtb-0a52e16c) aws_instance.test: Refreshing state... (ID: i-0971755345296aca5) aws_route_table_association.a: Refreshing state... (ID: rtbassoc-b12493c8) No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, Terraform doesn't need to do anything. ```
2017-05-10 16:20:48 +02:00
2014-07-14 22:28:00 +02:00
2014-07-14 22:28:00 +02:00
2014-12-03 11:28:51 +01:00
2014-07-14 22:28:00 +02:00
func TestAccAWSInstance_basic(t *testing.T) {
2014-07-14 22:28:00 +02:00
var v ec2.Instance
var vol *ec2.Volume
2014-07-14 22:28:00 +02:00
2014-07-15 06:56:37 +02:00
testCheck := func(*terraform.State) error {
if *v.Placement.AvailabilityZone != "us-west-2a" {
return fmt.Errorf("bad availability zone: %#v", *v.Placement.AvailabilityZone)
2014-07-15 06:56:37 +02:00
if len(v.SecurityGroups) == 0 {
return fmt.Errorf("no security groups: %#v", v.SecurityGroups)
if *v.SecurityGroups[0].GroupName != "tf_test_foo" {
2014-07-15 06:56:37 +02:00
return fmt.Errorf("no security groups: %#v", v.SecurityGroups)
return nil
2014-07-14 22:28:00 +02:00
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
// We ignore security groups because even with EC2 classic
// we'll import as VPC security groups, which is fine. We verify
// VPC security group import in other tests
IDRefreshName: "aws_instance.foo",
IDRefreshIgnore: []string{"security_groups", "vpc_security_group_ids"},
2016-04-22 18:37:27 +02:00
2014-07-14 22:28:00 +02:00
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
// Create a volume to cover #1249
// Need a resource in this config so the provisioner will be available
Config: testAccInstanceConfig_pre,
Check: func(*terraform.State) error {
2015-04-16 22:05:55 +02:00
conn := testAccProvider.Meta().(*AWSClient).ec2conn
var err error
vol, err = conn.CreateVolume(&ec2.CreateVolumeInput{
AvailabilityZone: aws.String("us-west-2a"),
Size: aws.Int64(int64(5)),
return err
2014-07-14 22:28:00 +02:00
Config: testAccInstanceConfig,
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo", &v),
2014-07-15 06:56:37 +02:00
"aws_instance.foo", "ebs_block_device.#", "0"),
// We repeat the exact same test so that we can be sure
// that the user data hash stuff is working without generating
// an incorrect diff.
Config: testAccInstanceConfig,
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo", &v),
"aws_instance.foo", "ebs_block_device.#", "0"),
2014-07-14 22:28:00 +02:00
// Clean up volume created above
Config: testAccInstanceConfig,
Check: func(*terraform.State) error {
2015-04-16 22:05:55 +02:00
conn := testAccProvider.Meta().(*AWSClient).ec2conn
_, err := conn.DeleteVolume(&ec2.DeleteVolumeInput{VolumeId: vol.VolumeId})
return err
2014-07-14 22:28:00 +02:00
func TestAccAWSInstance_GP2IopsDevice(t *testing.T) {
var v ec2.Instance
testCheck := func() resource.TestCheckFunc {
return func(*terraform.State) error {
// Map out the block devices by name, which should be unique.
blockDevices := make(map[string]*ec2.InstanceBlockDeviceMapping)
for _, blockDevice := range v.BlockDeviceMappings {
blockDevices[*blockDevice.DeviceName] = blockDevice
// Check if the root block device exists.
if _, ok := blockDevices["/dev/sda1"]; !ok {
return fmt.Errorf("block device doesn't exist: /dev/sda1")
return nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
IDRefreshIgnore: []string{
"ephemeral_block_device", "user_data", "security_groups", "vpc_security_groups"},
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceGP2IopsDevice,
//Config: testAccInstanceConfigBlockDevices,
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo", &v),
"aws_instance.foo", "root_block_device.#", "1"),
"aws_instance.foo", "root_block_device.0.volume_size", "11"),
"aws_instance.foo", "root_block_device.0.volume_type", "gp2"),
"aws_instance.foo", "root_block_device.0.iops", "100"),
providers/aws: add root_block_device to aws_instance AWS provides a single `BlockDeviceMapping` to manage three different kinds of block devices: (a) The root volume (b) Ephemeral storage (c) Additional EBS volumes Each of these types has slightly different semantics [1]. (a) The root volume is defined by the AMI; it can only be customized with `volume_size`, `volume_type`, and `delete_on_termination`. (b) Ephemeral storage is made available based on instance type [2]. It's attached automatically if _no_ block device mappings are specified, and must otherwise be defined with block device mapping entries that contain only DeviceName set to a device like "/dev/sdX" and VirtualName set to "ephemeralN". (c) Additional EBS volumes are controlled by mappings that omit `virtual_name` and can specify `volume_size`, `volume_type`, `delete_on_termination`, `snapshot_id`, and `encryption`. After deciding to ignore root block devices to fix #859, we had users with configurations that were attempting to manage the root block device chime in on #913. Terraform does not have the primitives to be able to properly handle a single collection of resources that is partially managed and partially computed, so our strategy here is to break out logical sub-resources for Terraform and hide the BlockDeviceMapping inside the provider implementation. Now (a) is supported by the `root_block_device` sub-resource, and (b) and (c) are still both merged together under `block_device`, though I have yet to see ephemeral block devices working properly. Looking into possibly separating out `ephemeral_block_device` and `ebs_block_device` sub-resources as well, which seem like the logical next step. We'll wait until the next big release for this, though, since it will break backcompat. [1] http://bit.ly/ec2bdmap [2] http://bit.ly/instancestorebytype Fixes #913 Refs #858
2015-02-18 18:45:30 +01:00
func TestAccAWSInstance_blockDevices(t *testing.T) {
2014-10-31 21:25:16 +01:00
var v ec2.Instance
testCheck := func() resource.TestCheckFunc {
return func(*terraform.State) error {
// Map out the block devices by name, which should be unique.
blockDevices := make(map[string]*ec2.InstanceBlockDeviceMapping)
for _, blockDevice := range v.BlockDeviceMappings {
blockDevices[*blockDevice.DeviceName] = blockDevice
2014-10-31 21:25:16 +01:00
providers/aws: add root_block_device to aws_instance AWS provides a single `BlockDeviceMapping` to manage three different kinds of block devices: (a) The root volume (b) Ephemeral storage (c) Additional EBS volumes Each of these types has slightly different semantics [1]. (a) The root volume is defined by the AMI; it can only be customized with `volume_size`, `volume_type`, and `delete_on_termination`. (b) Ephemeral storage is made available based on instance type [2]. It's attached automatically if _no_ block device mappings are specified, and must otherwise be defined with block device mapping entries that contain only DeviceName set to a device like "/dev/sdX" and VirtualName set to "ephemeralN". (c) Additional EBS volumes are controlled by mappings that omit `virtual_name` and can specify `volume_size`, `volume_type`, `delete_on_termination`, `snapshot_id`, and `encryption`. After deciding to ignore root block devices to fix #859, we had users with configurations that were attempting to manage the root block device chime in on #913. Terraform does not have the primitives to be able to properly handle a single collection of resources that is partially managed and partially computed, so our strategy here is to break out logical sub-resources for Terraform and hide the BlockDeviceMapping inside the provider implementation. Now (a) is supported by the `root_block_device` sub-resource, and (b) and (c) are still both merged together under `block_device`, though I have yet to see ephemeral block devices working properly. Looking into possibly separating out `ephemeral_block_device` and `ebs_block_device` sub-resources as well, which seem like the logical next step. We'll wait until the next big release for this, though, since it will break backcompat. [1] http://bit.ly/ec2bdmap [2] http://bit.ly/instancestorebytype Fixes #913 Refs #858
2015-02-18 18:45:30 +01:00
// Check if the root block device exists.
if _, ok := blockDevices["/dev/sda1"]; !ok {
2015-12-01 16:31:20 +01:00
return fmt.Errorf("block device doesn't exist: /dev/sda1")
providers/aws: add root_block_device to aws_instance AWS provides a single `BlockDeviceMapping` to manage three different kinds of block devices: (a) The root volume (b) Ephemeral storage (c) Additional EBS volumes Each of these types has slightly different semantics [1]. (a) The root volume is defined by the AMI; it can only be customized with `volume_size`, `volume_type`, and `delete_on_termination`. (b) Ephemeral storage is made available based on instance type [2]. It's attached automatically if _no_ block device mappings are specified, and must otherwise be defined with block device mapping entries that contain only DeviceName set to a device like "/dev/sdX" and VirtualName set to "ephemeralN". (c) Additional EBS volumes are controlled by mappings that omit `virtual_name` and can specify `volume_size`, `volume_type`, `delete_on_termination`, `snapshot_id`, and `encryption`. After deciding to ignore root block devices to fix #859, we had users with configurations that were attempting to manage the root block device chime in on #913. Terraform does not have the primitives to be able to properly handle a single collection of resources that is partially managed and partially computed, so our strategy here is to break out logical sub-resources for Terraform and hide the BlockDeviceMapping inside the provider implementation. Now (a) is supported by the `root_block_device` sub-resource, and (b) and (c) are still both merged together under `block_device`, though I have yet to see ephemeral block devices working properly. Looking into possibly separating out `ephemeral_block_device` and `ebs_block_device` sub-resources as well, which seem like the logical next step. We'll wait until the next big release for this, though, since it will break backcompat. [1] http://bit.ly/ec2bdmap [2] http://bit.ly/instancestorebytype Fixes #913 Refs #858
2015-02-18 18:45:30 +01:00
2014-10-31 21:25:16 +01:00
// Check if the secondary block device exists.
if _, ok := blockDevices["/dev/sdb"]; !ok {
2015-12-01 16:31:20 +01:00
return fmt.Errorf("block device doesn't exist: /dev/sdb")
2014-10-31 21:25:16 +01:00
// Check if the third block device exists.
if _, ok := blockDevices["/dev/sdc"]; !ok {
2015-12-01 16:31:20 +01:00
return fmt.Errorf("block device doesn't exist: /dev/sdc")
// Check if the encrypted block device exists
if _, ok := blockDevices["/dev/sdd"]; !ok {
2015-12-01 16:31:20 +01:00
return fmt.Errorf("block device doesn't exist: /dev/sdd")
2014-10-31 21:25:16 +01:00
return nil
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
IDRefreshIgnore: []string{
"ephemeral_block_device", "security_groups", "vpc_security_groups"},
2014-10-31 21:25:16 +01:00
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
2014-10-31 21:25:16 +01:00
Config: testAccInstanceConfigBlockDevices,
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo", &v),
providers/aws: add root_block_device to aws_instance AWS provides a single `BlockDeviceMapping` to manage three different kinds of block devices: (a) The root volume (b) Ephemeral storage (c) Additional EBS volumes Each of these types has slightly different semantics [1]. (a) The root volume is defined by the AMI; it can only be customized with `volume_size`, `volume_type`, and `delete_on_termination`. (b) Ephemeral storage is made available based on instance type [2]. It's attached automatically if _no_ block device mappings are specified, and must otherwise be defined with block device mapping entries that contain only DeviceName set to a device like "/dev/sdX" and VirtualName set to "ephemeralN". (c) Additional EBS volumes are controlled by mappings that omit `virtual_name` and can specify `volume_size`, `volume_type`, `delete_on_termination`, `snapshot_id`, and `encryption`. After deciding to ignore root block devices to fix #859, we had users with configurations that were attempting to manage the root block device chime in on #913. Terraform does not have the primitives to be able to properly handle a single collection of resources that is partially managed and partially computed, so our strategy here is to break out logical sub-resources for Terraform and hide the BlockDeviceMapping inside the provider implementation. Now (a) is supported by the `root_block_device` sub-resource, and (b) and (c) are still both merged together under `block_device`, though I have yet to see ephemeral block devices working properly. Looking into possibly separating out `ephemeral_block_device` and `ebs_block_device` sub-resources as well, which seem like the logical next step. We'll wait until the next big release for this, though, since it will break backcompat. [1] http://bit.ly/ec2bdmap [2] http://bit.ly/instancestorebytype Fixes #913 Refs #858
2015-02-18 18:45:30 +01:00
"aws_instance.foo", "root_block_device.#", "1"),
"aws_instance.foo", "root_block_device.0.volume_size", "11"),
providers/aws: add root_block_device to aws_instance AWS provides a single `BlockDeviceMapping` to manage three different kinds of block devices: (a) The root volume (b) Ephemeral storage (c) Additional EBS volumes Each of these types has slightly different semantics [1]. (a) The root volume is defined by the AMI; it can only be customized with `volume_size`, `volume_type`, and `delete_on_termination`. (b) Ephemeral storage is made available based on instance type [2]. It's attached automatically if _no_ block device mappings are specified, and must otherwise be defined with block device mapping entries that contain only DeviceName set to a device like "/dev/sdX" and VirtualName set to "ephemeralN". (c) Additional EBS volumes are controlled by mappings that omit `virtual_name` and can specify `volume_size`, `volume_type`, `delete_on_termination`, `snapshot_id`, and `encryption`. After deciding to ignore root block devices to fix #859, we had users with configurations that were attempting to manage the root block device chime in on #913. Terraform does not have the primitives to be able to properly handle a single collection of resources that is partially managed and partially computed, so our strategy here is to break out logical sub-resources for Terraform and hide the BlockDeviceMapping inside the provider implementation. Now (a) is supported by the `root_block_device` sub-resource, and (b) and (c) are still both merged together under `block_device`, though I have yet to see ephemeral block devices working properly. Looking into possibly separating out `ephemeral_block_device` and `ebs_block_device` sub-resources as well, which seem like the logical next step. We'll wait until the next big release for this, though, since it will break backcompat. [1] http://bit.ly/ec2bdmap [2] http://bit.ly/instancestorebytype Fixes #913 Refs #858
2015-02-18 18:45:30 +01:00
"aws_instance.foo", "root_block_device.0.volume_type", "gp2"),
"aws_instance.foo", "ebs_block_device.#", "3"),
providers/aws: add root_block_device to aws_instance AWS provides a single `BlockDeviceMapping` to manage three different kinds of block devices: (a) The root volume (b) Ephemeral storage (c) Additional EBS volumes Each of these types has slightly different semantics [1]. (a) The root volume is defined by the AMI; it can only be customized with `volume_size`, `volume_type`, and `delete_on_termination`. (b) Ephemeral storage is made available based on instance type [2]. It's attached automatically if _no_ block device mappings are specified, and must otherwise be defined with block device mapping entries that contain only DeviceName set to a device like "/dev/sdX" and VirtualName set to "ephemeralN". (c) Additional EBS volumes are controlled by mappings that omit `virtual_name` and can specify `volume_size`, `volume_type`, `delete_on_termination`, `snapshot_id`, and `encryption`. After deciding to ignore root block devices to fix #859, we had users with configurations that were attempting to manage the root block device chime in on #913. Terraform does not have the primitives to be able to properly handle a single collection of resources that is partially managed and partially computed, so our strategy here is to break out logical sub-resources for Terraform and hide the BlockDeviceMapping inside the provider implementation. Now (a) is supported by the `root_block_device` sub-resource, and (b) and (c) are still both merged together under `block_device`, though I have yet to see ephemeral block devices working properly. Looking into possibly separating out `ephemeral_block_device` and `ebs_block_device` sub-resources as well, which seem like the logical next step. We'll wait until the next big release for this, though, since it will break backcompat. [1] http://bit.ly/ec2bdmap [2] http://bit.ly/instancestorebytype Fixes #913 Refs #858
2015-02-18 18:45:30 +01:00
"aws_instance.foo", "ebs_block_device.2576023345.device_name", "/dev/sdb"),
providers/aws: add root_block_device to aws_instance AWS provides a single `BlockDeviceMapping` to manage three different kinds of block devices: (a) The root volume (b) Ephemeral storage (c) Additional EBS volumes Each of these types has slightly different semantics [1]. (a) The root volume is defined by the AMI; it can only be customized with `volume_size`, `volume_type`, and `delete_on_termination`. (b) Ephemeral storage is made available based on instance type [2]. It's attached automatically if _no_ block device mappings are specified, and must otherwise be defined with block device mapping entries that contain only DeviceName set to a device like "/dev/sdX" and VirtualName set to "ephemeralN". (c) Additional EBS volumes are controlled by mappings that omit `virtual_name` and can specify `volume_size`, `volume_type`, `delete_on_termination`, `snapshot_id`, and `encryption`. After deciding to ignore root block devices to fix #859, we had users with configurations that were attempting to manage the root block device chime in on #913. Terraform does not have the primitives to be able to properly handle a single collection of resources that is partially managed and partially computed, so our strategy here is to break out logical sub-resources for Terraform and hide the BlockDeviceMapping inside the provider implementation. Now (a) is supported by the `root_block_device` sub-resource, and (b) and (c) are still both merged together under `block_device`, though I have yet to see ephemeral block devices working properly. Looking into possibly separating out `ephemeral_block_device` and `ebs_block_device` sub-resources as well, which seem like the logical next step. We'll wait until the next big release for this, though, since it will break backcompat. [1] http://bit.ly/ec2bdmap [2] http://bit.ly/instancestorebytype Fixes #913 Refs #858
2015-02-18 18:45:30 +01:00
"aws_instance.foo", "ebs_block_device.2576023345.volume_size", "9"),
"aws_instance.foo", "ebs_block_device.2576023345.volume_type", "standard"),
"aws_instance.foo", "ebs_block_device.2554893574.device_name", "/dev/sdc"),
"aws_instance.foo", "ebs_block_device.2554893574.volume_size", "10"),
"aws_instance.foo", "ebs_block_device.2554893574.volume_type", "io1"),
"aws_instance.foo", "ebs_block_device.2554893574.iops", "100"),
"aws_instance.foo", "ebs_block_device.2634515331.device_name", "/dev/sdd"),
"aws_instance.foo", "ebs_block_device.2634515331.encrypted", "true"),
"aws_instance.foo", "ebs_block_device.2634515331.volume_size", "12"),
"aws_instance.foo", "ephemeral_block_device.#", "1"),
"aws_instance.foo", "ephemeral_block_device.1692014856.device_name", "/dev/sde"),
"aws_instance.foo", "ephemeral_block_device.1692014856.virtual_name", "ephemeral0"),
2014-10-31 21:25:16 +01:00
func TestAccAWSInstance_rootInstanceStore(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: `
resource "aws_instance" "foo" {
# us-west-2
# Amazon Linux HVM Instance Store 64-bit (2016.09.0)
# https://aws.amazon.com/amazon-linux-ami
ami = "ami-44c36524"
# Only certain instance types support ephemeral root instance stores.
# http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html
instance_type = "m3.medium"
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo", &v),
"aws_instance.foo", "ami", "ami-44c36524"),
"aws_instance.foo", "ebs_block_device.#", "0"),
"aws_instance.foo", "ebs_optimized", "false"),
"aws_instance.foo", "instance_type", "m3.medium"),
"aws_instance.foo", "root_block_device.#", "0"),
func TestAcctABSInstance_noAMIEphemeralDevices(t *testing.T) {
var v ec2.Instance
testCheck := func() resource.TestCheckFunc {
return func(*terraform.State) error {
// Map out the block devices by name, which should be unique.
blockDevices := make(map[string]*ec2.InstanceBlockDeviceMapping)
for _, blockDevice := range v.BlockDeviceMappings {
blockDevices[*blockDevice.DeviceName] = blockDevice
// Check if the root block device exists.
if _, ok := blockDevices["/dev/sda1"]; !ok {
return fmt.Errorf("block device doesn't exist: /dev/sda1")
// Check if the secondary block not exists.
if _, ok := blockDevices["/dev/sdb"]; ok {
return fmt.Errorf("block device exist: /dev/sdb")
// Check if the third block device not exists.
if _, ok := blockDevices["/dev/sdc"]; ok {
return fmt.Errorf("block device exist: /dev/sdc")
return nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
IDRefreshIgnore: []string{
"ephemeral_block_device", "security_groups", "vpc_security_groups"},
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: `
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-01f05461" // This AMI (Ubuntu) contains two ephemerals
instance_type = "c3.large"
root_block_device {
volume_type = "gp2"
volume_size = 11
ephemeral_block_device {
device_name = "/dev/sdb"
no_device = true
ephemeral_block_device {
device_name = "/dev/sdc"
no_device = true
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo", &v),
"aws_instance.foo", "ami", "ami-01f05461"),
"aws_instance.foo", "ebs_optimized", "false"),
"aws_instance.foo", "instance_type", "c3.large"),
"aws_instance.foo", "root_block_device.#", "1"),
"aws_instance.foo", "root_block_device.0.volume_size", "11"),
"aws_instance.foo", "root_block_device.0.volume_type", "gp2"),
"aws_instance.foo", "ebs_block_device.#", "0"),
"aws_instance.foo", "ephemeral_block_device.#", "2"),
"aws_instance.foo", "ephemeral_block_device.172787947.device_name", "/dev/sdb"),
"aws_instance.foo", "ephemeral_block_device.172787947.no_device", "true"),
"aws_instance.foo", "ephemeral_block_device.3336996981.device_name", "/dev/sdc"),
"aws_instance.foo", "ephemeral_block_device.3336996981.no_device", "true"),
func TestAccAWSInstance_sourceDestCheck(t *testing.T) {
var v ec2.Instance
testCheck := func(enabled bool) resource.TestCheckFunc {
return func(*terraform.State) error {
if v.SourceDestCheck == nil {
return fmt.Errorf("bad source_dest_check: got nil")
if *v.SourceDestCheck != enabled {
return fmt.Errorf("bad source_dest_check: %#v", *v.SourceDestCheck)
return nil
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigSourceDestDisable,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
Config: testAccInstanceConfigSourceDestEnable,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
Config: testAccInstanceConfigSourceDestDisable,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
func TestAccAWSInstance_disableApiTermination(t *testing.T) {
var v ec2.Instance
checkDisableApiTermination := func(expected bool) resource.TestCheckFunc {
return func(*terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn
r, err := conn.DescribeInstanceAttribute(&ec2.DescribeInstanceAttributeInput{
InstanceId: v.InstanceId,
Attribute: aws.String("disableApiTermination"),
if err != nil {
return err
got := *r.DisableApiTermination.Value
if got != expected {
return fmt.Errorf("expected: %t, got: %t", expected, got)
return nil
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigDisableAPITermination(true),
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
Config: testAccInstanceConfigDisableAPITermination(false),
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
func TestAccAWSInstance_vpc(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
IDRefreshIgnore: []string{"associate_public_ip_address"},
2016-04-22 18:37:27 +02:00
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigVPC,
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo", &v),
provider/aws: Implement IPV6 Support for ec2 / VPC (#10538) * provider/aws: Add support for IPV6 enabled VPC ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpc' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2016/12/09 14:07:31 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpc -timeout 120m === RUN TestAccAWSVpc_importBasic --- PASS: TestAccAWSVpc_importBasic (43.03s) === RUN TestAccAWSVpc_basic --- PASS: TestAccAWSVpc_basic (36.32s) === RUN TestAccAWSVpc_enableIpv6 --- PASS: TestAccAWSVpc_enableIpv6 (29.37s) === RUN TestAccAWSVpc_dedicatedTenancy --- PASS: TestAccAWSVpc_dedicatedTenancy (36.63s) === RUN TestAccAWSVpc_tags --- PASS: TestAccAWSVpc_tags (67.54s) === RUN TestAccAWSVpc_update --- PASS: TestAccAWSVpc_update (66.16s) === RUN TestAccAWSVpc_bothDnsOptionsSet --- PASS: TestAccAWSVpc_bothDnsOptionsSet (16.82s) === RUN TestAccAWSVpc_DisabledDnsSupport --- PASS: TestAccAWSVpc_DisabledDnsSupport (36.52s) === RUN TestAccAWSVpc_classiclinkOptionSet --- PASS: TestAccAWSVpc_classiclinkOptionSet (38.13s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 739.543s ``` * provider/aws: New Resource: aws_egress_only_internet_gateway ``` make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEgressOnlyInternetGateway_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2016/12/09 14:22:16 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEgressOnlyInternetGateway_ -timeout 120m === RUN TestAccAWSEgressOnlyInternetGateway_basic --- PASS: TestAccAWSEgressOnlyInternetGateway_basic (32.67s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 32.692s ``` * provider/aws: Add IPV6 support to aws_subnet ``` % make testacc TEST=./builtin/providers/aws % TESTARGS='-run=TestAccAWSSubnet_' % 1 ↵ ✹ ✭ ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/02/27 19:08:34 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSubnet_ -timeout 120m === RUN TestAccAWSSubnet_importBasic --- PASS: TestAccAWSSubnet_importBasic (69.88s) === RUN TestAccAWSSubnet_basic --- PASS: TestAccAWSSubnet_basic (51.28s) === RUN TestAccAWSSubnet_ipv6 --- PASS: TestAccAWSSubnet_ipv6 (90.39s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws211.574s ``` * provider/aws: Add support for running aws_instances with ipv6 addresses
2017-03-01 17:16:59 +01:00
func TestAccAWSInstance_ipv6_supportAddressCount(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigIpv6Support,
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo", &v),
provider/aws: Adding IPv6 address to instance causes perpetual diff Fixes: #14032 When you are using an IPv6 address directly to an instance, it was causing the ipv6_address_count to try and ForceNew resource. It wasn't marked as computed I was able to see this here: ``` -/+ aws_instance.test ami: "ami-c5eabbf5" => "ami-c5eabbf5" associate_public_ip_address: "false" => "<computed>" availability_zone: "us-west-2a" => "<computed>" ebs_block_device.#: "0" => "<computed>" ephemeral_block_device.#: "0" => "<computed>" instance_state: "running" => "<computed>" instance_type: "t2.micro" => "t2.micro" ipv6_address_count: "1" => "0" (forces new resource) ipv6_addresses.#: "1" => "1" ipv6_addresses.0: "2600:1f14:bb2:e501::10" => "2600:1f14:bb2:e501::10" key_name: "" => "<computed>" network_interface.#: "0" => "<computed>" network_interface_id: "eni-d19115ec" => "<computed>" placement_group: "" => "<computed>" primary_network_interface_id: "eni-d19115ec" => "<computed>" private_dns: "ip-10-20-1-252.us-west-2.compute.internal" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" root_block_device.#: "1" => "<computed>" security_groups.#: "0" => "<computed>" source_dest_check: "true" => "true" subnet_id: "subnet-3fdfb476" => "subnet-3fdfb476" tags.%: "1" => "1" tags.Name: "stack72" => "stack72" tenancy: "default" => "<computed>" volume_tags.%: "0" => "<computed>" vpc_security_group_ids.#: "1" => "<computed>" ``` It now works as expected: ``` % terraform plan ✹ ✭ [WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider. If you did not expect to see this message you will need to remove the old plugin. See https://www.terraform.io/docs/internals/internal-plugins.html Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. aws_vpc.foo: Refreshing state... (ID: vpc-fa61669d) aws_subnet.foo: Refreshing state... (ID: subnet-3fdfb476) aws_internet_gateway.foo: Refreshing state... (ID: igw-70629a17) aws_route_table.test: Refreshing state... (ID: rtb-0a52e16c) aws_instance.test: Refreshing state... (ID: i-0971755345296aca5) aws_route_table_association.a: Refreshing state... (ID: rtbassoc-b12493c8) No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, Terraform doesn't need to do anything. ```
2017-05-10 16:20:48 +02:00
func TestAccAWSInstance_ipv6AddressCountAndSingleAddressCausesError(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigIpv6ErrorConfig,
ExpectError: regexp.MustCompile("Only 1 of `ipv6_address_count` or `ipv6_addresses` can be specified"),
func TestAccAWSInstance_multipleRegions(t *testing.T) {
var v ec2.Instance
// record the initialized providers so that we can use them to
// check for the instances in each region
var providers []*schema.Provider
providerFactories := map[string]terraform.ResourceProviderFactory{
"aws": func() (terraform.ResourceProvider, error) {
p := Provider()
providers = append(providers, p.(*schema.Provider))
return p, nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
ProviderFactories: providerFactories,
CheckDestroy: testAccCheckInstanceDestroyWithProviders(&providers),
Steps: []resource.TestStep{
Config: testAccInstanceConfigMultipleRegions,
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo", &v, &providers),
"aws_instance.bar", &v, &providers),
func TestAccAWSInstance_NetworkInstanceSecurityGroups(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo_instance",
IDRefreshIgnore: []string{"associate_public_ip_address"},
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceNetworkInstanceSecurityGroups,
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo_instance", &v),
func TestAccAWSInstance_NetworkInstanceVPCSecurityGroupIDs(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo_instance",
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceNetworkInstanceVPCSecurityGroupIDs,
Check: resource.ComposeTestCheckFunc(
"aws_instance.foo_instance", &v),
"aws_instance.foo_instance", "security_groups.#", "0"),
"aws_instance.foo_instance", "vpc_security_group_ids.#", "1"),
func TestAccAWSInstance_tags(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccCheckInstanceConfigTags,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
testAccCheckTags(&v.Tags, "foo", "bar"),
// Guard against regression of https://github.com/hashicorp/terraform/issues/914
testAccCheckTags(&v.Tags, "#", ""),
Config: testAccCheckInstanceConfigTagsUpdate,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
testAccCheckTags(&v.Tags, "foo", ""),
testAccCheckTags(&v.Tags, "bar", "baz"),
func TestAccAWSInstance_volumeTags(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccCheckInstanceConfigNoVolumeTags,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
"aws_instance.foo", "volume_tags"),
Config: testAccCheckInstanceConfigWithVolumeTags,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
"aws_instance.foo", "volume_tags.%", "1"),
"aws_instance.foo", "volume_tags.Name", "acceptance-test-volume-tag"),
Config: testAccCheckInstanceConfigWithVolumeTagsUpdate,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
"aws_instance.foo", "volume_tags.%", "2"),
"aws_instance.foo", "volume_tags.Name", "acceptance-test-volume-tag"),
"aws_instance.foo", "volume_tags.Environment", "dev"),
Config: testAccCheckInstanceConfigNoVolumeTags,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
"aws_instance.foo", "volume_tags"),
func TestAccAWSInstance_volumeTagsComputed(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccCheckInstanceConfigWithAttachedVolume,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
ExpectNonEmptyPlan: false,
func TestAccAWSInstance_instanceProfileChange(t *testing.T) {
var v ec2.Instance
rName := acctest.RandString(5)
testCheckInstanceProfile := func() resource.TestCheckFunc {
return func(*terraform.State) error {
if v.IamInstanceProfile == nil {
return fmt.Errorf("Instance Profile is nil - we expected an InstanceProfile associated with the Instance")
return nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigWithoutInstanceProfile(rName),
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
Config: testAccInstanceConfigWithInstanceProfile(rName),
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
func TestAccAWSInstance_withIamInstanceProfile(t *testing.T) {
var v ec2.Instance
rName := acctest.RandString(5)
testCheckInstanceProfile := func() resource.TestCheckFunc {
return func(*terraform.State) error {
if v.IamInstanceProfile == nil {
return fmt.Errorf("Instance Profile is nil - we expected an InstanceProfile associated with the Instance")
return nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigWithInstanceProfile(rName),
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
func TestAccAWSInstance_privateIP(t *testing.T) {
var v ec2.Instance
testCheckPrivateIP := func() resource.TestCheckFunc {
return func(*terraform.State) error {
if *v.PrivateIpAddress != "" {
return fmt.Errorf("bad private IP: %s", *v.PrivateIpAddress)
return nil
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigPrivateIP,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
func TestAccAWSInstance_associatePublicIPAndPrivateIP(t *testing.T) {
var v ec2.Instance
testCheckPrivateIP := func() resource.TestCheckFunc {
return func(*terraform.State) error {
if *v.PrivateIpAddress != "" {
return fmt.Errorf("bad private IP: %s", *v.PrivateIpAddress)
return nil
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
IDRefreshIgnore: []string{"associate_public_ip_address"},
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigAssociatePublicIPAndPrivateIP,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
// Guard against regression with KeyPairs
// https://github.com/hashicorp/terraform/issues/2302
func TestAccAWSInstance_keyPairCheck(t *testing.T) {
var v ec2.Instance
testCheckKeyPair := func(keyName string) resource.TestCheckFunc {
return func(*terraform.State) error {
if v.KeyName == nil {
return fmt.Errorf("No Key Pair found, expected(%s)", keyName)
if v.KeyName != nil && *v.KeyName != keyName {
return fmt.Errorf("Bad key name, expected (%s), got (%s)", keyName, *v.KeyName)
return nil
keyPairName := fmt.Sprintf("tf-acc-test-%s", acctest.RandString(5))
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
IDRefreshIgnore: []string{"source_dest_check"},
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigKeyPair(keyPairName),
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
func TestAccAWSInstance_rootBlockDeviceMismatch(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigRootBlockDeviceMismatch,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
"aws_instance.foo", "root_block_device.0.volume_size", "13"),
// This test reproduces the bug here:
// https://github.com/hashicorp/terraform/issues/1752
// I wish there were a way to exercise resources built with helper.Schema in a
// unit context, in which case this test could be moved there, but for now this
// will cover the bugfix.
// The following triggers "diffs didn't match during apply" without the fix in to
// set NewRemoved on the .# field when it changes to 0.
func TestAccAWSInstance_forceNewAndTagsDrift(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
2016-04-22 18:37:27 +02:00
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_instance.foo",
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigForceNewAndTagsDrift,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
ExpectNonEmptyPlan: true,
Config: testAccInstanceConfigForceNewAndTagsDrift_Update,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &v),
func TestAccAWSInstance_changeInstanceType(t *testing.T) {
var before ec2.Instance
var after ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigWithSmallInstanceType,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &before),
Config: testAccInstanceConfigUpdateInstanceType,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &after),
t, &before, &after),
2017-04-19 23:30:58 +02:00
func TestAccAWSInstance_primaryNetworkInterface(t *testing.T) {
var instance ec2.Instance
var ini ec2.NetworkInterface
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigPrimaryNetworkInterface,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &instance),
testAccCheckAWSENIExists("aws_network_interface.bar", &ini),
resource.TestCheckResourceAttr("aws_instance.foo", "network_interface.#", "1"),
provider/aws: Fix source_dest_check with network_interface The default value for `source_dest_check` needs to remain the same, so as not to break any backwards compatibility, however, adding a new `network_interface` parameter with a pre-configured network_interface that has `source_dest_check` set to false throws a diff after initial apply. Since we don't want to change `source_dest_check` to computed in order to not break sane defaults, ignore the diff thrown if `network_interface` attributes are configured on an instance. ``` $ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck" ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/04/28 16:26:02 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck -timeout 120m === RUN TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck --- PASS: TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck (134.20s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 134.211s ``` ``` $ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_sourceDestCheck" ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/04/28 16:15:14 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_sourceDestCheck -timeout 120m === RUN TestAccAWSInstance_sourceDestCheck --- PASS: TestAccAWSInstance_sourceDestCheck (179.81s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 179.815s ``` Fixes: #14068
2017-04-28 22:35:54 +02:00
func TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck(t *testing.T) {
var instance ec2.Instance
var ini ec2.NetworkInterface
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigPrimaryNetworkInterfaceSourceDestCheck,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &instance),
testAccCheckAWSENIExists("aws_network_interface.bar", &ini),
resource.TestCheckResourceAttr("aws_instance.foo", "source_dest_check", "false"),
func TestAccAWSInstance_addSecondaryInterface(t *testing.T) {
var before ec2.Instance
var after ec2.Instance
var iniPrimary ec2.NetworkInterface
var iniSecondary ec2.NetworkInterface
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigAddSecondaryNetworkInterfaceBefore,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &before),
testAccCheckAWSENIExists("aws_network_interface.primary", &iniPrimary),
resource.TestCheckResourceAttr("aws_instance.foo", "network_interface.#", "1"),
Config: testAccInstanceConfigAddSecondaryNetworkInterfaceAfter,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &after),
testAccCheckAWSENIExists("aws_network_interface.secondary", &iniSecondary),
resource.TestCheckResourceAttr("aws_instance.foo", "network_interface.#", "1"),
2017-04-19 23:30:58 +02:00
provider/aws: Fix attach of SG to instance with multiple network interfaces With an EC2 instance that only had a single network interface, the primary interface, the Update function would call `ModifyInstanceAttribute()` on the target instance. This would only work if there was a single network interface attached to the EC2 instance. If, however, a secondary network interface was attached to the instance, the `ModifyInstanceAttribute()` API call would fail with the following error message: > There are multiple interfaces attached to instance 'i-XXXXX'. Please specify an interface ID for the operation instead. After this changeset, modifying instance security groups now makes the correct call to `ModifyNetworkInterfaceAttribute()` in order to modify the list of security groups on the primary network interface, as initially configured during the instances creation. This change is also safe from an instance that has a non-default primary network interface, as the instance attribute `vpc_security_group_ids` conflicts with the new `network_interface` attribute. Test Output: ``` $ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_addSecurityGroupNetworkInterface" ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/05/08 17:52:42 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_addSecurityGroupNetworkInterface -timeout 120m === RUN TestAccAWSInstance_addSecurityGroupNetworkInterface --- PASS: TestAccAWSInstance_addSecurityGroupNetworkInterface (327.75s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 327.756s ```
2017-05-09 00:30:22 +02:00
// https://github.com/hashicorp/terraform/issues/3205
func TestAccAWSInstance_addSecurityGroupNetworkInterface(t *testing.T) {
var before ec2.Instance
var after ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigAddSecurityGroupBefore,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &before),
resource.TestCheckResourceAttr("aws_instance.foo", "vpc_security_group_ids.#", "1"),
Config: testAccInstanceConfigAddSecurityGroupAfter,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("aws_instance.foo", &after),
resource.TestCheckResourceAttr("aws_instance.foo", "vpc_security_group_ids.#", "2"),
func testAccCheckInstanceNotRecreated(t *testing.T,
before, after *ec2.Instance) resource.TestCheckFunc {
return func(s *terraform.State) error {
if *before.InstanceId != *after.InstanceId {
t.Fatalf("AWS Instance IDs have changed. Before %s. After %s", *before.InstanceId, *after.InstanceId)
return nil
2014-07-14 22:28:00 +02:00
func testAccCheckInstanceDestroy(s *terraform.State) error {
return testAccCheckInstanceDestroyWithProvider(s, testAccProvider)
func testAccCheckInstanceDestroyWithProviders(providers *[]*schema.Provider) resource.TestCheckFunc {
return func(s *terraform.State) error {
for _, provider := range *providers {
if provider.Meta() == nil {
if err := testAccCheckInstanceDestroyWithProvider(s, provider); err != nil {
return err
return nil
func testAccCheckInstanceDestroyWithProvider(s *terraform.State, provider *schema.Provider) error {
conn := provider.Meta().(*AWSClient).ec2conn
2014-07-14 22:28:00 +02:00
2014-09-17 02:44:42 +02:00
for _, rs := range s.RootModule().Resources {
2014-07-14 22:28:00 +02:00
if rs.Type != "aws_instance" {
// Try to find the resource
resp, err := conn.DescribeInstances(&ec2.DescribeInstancesInput{
InstanceIds: []*string{aws.String(rs.Primary.ID)},
2014-07-14 22:28:00 +02:00
if err == nil {
for _, r := range resp.Reservations {
for _, i := range r.Instances {
if i.State != nil && *i.State.Name != "terminated" {
return fmt.Errorf("Found unterminated instance: %s", i)
2014-07-14 22:28:00 +02:00
// Verify the error is what we want
if ae, ok := err.(awserr.Error); ok && ae.Code() == "InvalidInstanceID.NotFound" {
2014-07-14 22:28:00 +02:00
return err
2014-07-14 22:28:00 +02:00
return nil
func testAccCheckInstanceExists(n string, i *ec2.Instance) resource.TestCheckFunc {
providers := []*schema.Provider{testAccProvider}
return testAccCheckInstanceExistsWithProviders(n, i, &providers)
func testAccCheckInstanceExistsWithProviders(n string, i *ec2.Instance, providers *[]*schema.Provider) resource.TestCheckFunc {
2014-07-14 22:28:00 +02:00
return func(s *terraform.State) error {
2014-09-17 02:44:42 +02:00
rs, ok := s.RootModule().Resources[n]
2014-07-14 22:28:00 +02:00
if !ok {
return fmt.Errorf("Not found: %s", n)
2014-09-17 02:44:42 +02:00
if rs.Primary.ID == "" {
2014-07-14 22:28:00 +02:00
return fmt.Errorf("No ID is set")
for _, provider := range *providers {
// Ignore if Meta is empty, this can happen for validation providers
if provider.Meta() == nil {
conn := provider.Meta().(*AWSClient).ec2conn
resp, err := conn.DescribeInstances(&ec2.DescribeInstancesInput{
InstanceIds: []*string{aws.String(rs.Primary.ID)},
if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidInstanceID.NotFound" {
if err != nil {
return err
2014-07-14 22:28:00 +02:00
if len(resp.Reservations) > 0 {
*i = *resp.Reservations[0].Instances[0]
return nil
2014-07-14 22:28:00 +02:00
return fmt.Errorf("Instance not found")
2014-07-14 22:28:00 +02:00
2014-12-03 11:28:51 +01:00
func TestInstanceTenancySchema(t *testing.T) {
actualSchema := resourceAwsInstance().Schema["tenancy"]
expectedSchema := &schema.Schema{
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
if !reflect.DeepEqual(actualSchema, expectedSchema) {
2014-12-03 11:28:51 +01:00
func driftTags(instance *ec2.Instance) resource.TestCheckFunc {
return func(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn
_, err := conn.CreateTags(&ec2.CreateTagsInput{
Resources: []*string{instance.InstanceId},
Tags: []*ec2.Tag{
Key: aws.String("Drift"),
Value: aws.String("Happens"),
return err
const testAccInstanceConfig_pre = `
resource "aws_security_group" "tf_test_foo" {
name = "tf_test_foo"
description = "foo"
ingress {
protocol = "icmp"
from_port = -1
to_port = -1
cidr_blocks = [""]
2014-07-14 22:28:00 +02:00
const testAccInstanceConfig = `
2014-07-15 06:56:37 +02:00
resource "aws_security_group" "tf_test_foo" {
name = "tf_test_foo"
description = "foo"
ingress {
protocol = "icmp"
from_port = -1
to_port = -1
cidr_blocks = [""]
2014-07-15 06:56:37 +02:00
2014-07-14 22:28:00 +02:00
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-4fccb37f"
availability_zone = "us-west-2a"
2014-07-14 22:28:00 +02:00
instance_type = "m1.small"
2014-07-15 06:56:37 +02:00
security_groups = ["${aws_security_group.tf_test_foo.name}"]
user_data = "foo:-with-character's"
2014-07-14 22:28:00 +02:00
const testAccInstanceConfigWithSmallInstanceType = `
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-55a7ea65"
availability_zone = "us-west-2a"
instance_type = "m3.medium"
tags {
Name = "tf-acctest"
const testAccInstanceConfigUpdateInstanceType = `
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-55a7ea65"
availability_zone = "us-west-2a"
instance_type = "m3.large"
tags {
Name = "tf-acctest"
const testAccInstanceGP2IopsDevice = `
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-55a7ea65"
# In order to attach an encrypted volume to an instance you need to have an
# m3.medium or larger. See "Supported Instance Types" in:
# http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
instance_type = "m3.medium"
root_block_device {
volume_type = "gp2"
volume_size = 11
2014-10-31 21:25:16 +01:00
const testAccInstanceConfigBlockDevices = `
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-55a7ea65"
2015-04-29 00:19:31 +02:00
# In order to attach an encrypted volume to an instance you need to have an
# m3.medium or larger. See "Supported Instance Types" in:
# http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
instance_type = "m3.medium"
providers/aws: add root_block_device to aws_instance AWS provides a single `BlockDeviceMapping` to manage three different kinds of block devices: (a) The root volume (b) Ephemeral storage (c) Additional EBS volumes Each of these types has slightly different semantics [1]. (a) The root volume is defined by the AMI; it can only be customized with `volume_size`, `volume_type`, and `delete_on_termination`. (b) Ephemeral storage is made available based on instance type [2]. It's attached automatically if _no_ block device mappings are specified, and must otherwise be defined with block device mapping entries that contain only DeviceName set to a device like "/dev/sdX" and VirtualName set to "ephemeralN". (c) Additional EBS volumes are controlled by mappings that omit `virtual_name` and can specify `volume_size`, `volume_type`, `delete_on_termination`, `snapshot_id`, and `encryption`. After deciding to ignore root block devices to fix #859, we had users with configurations that were attempting to manage the root block device chime in on #913. Terraform does not have the primitives to be able to properly handle a single collection of resources that is partially managed and partially computed, so our strategy here is to break out logical sub-resources for Terraform and hide the BlockDeviceMapping inside the provider implementation. Now (a) is supported by the `root_block_device` sub-resource, and (b) and (c) are still both merged together under `block_device`, though I have yet to see ephemeral block devices working properly. Looking into possibly separating out `ephemeral_block_device` and `ebs_block_device` sub-resources as well, which seem like the logical next step. We'll wait until the next big release for this, though, since it will break backcompat. [1] http://bit.ly/ec2bdmap [2] http://bit.ly/instancestorebytype Fixes #913 Refs #858
2015-02-18 18:45:30 +01:00
root_block_device {
volume_type = "gp2"
volume_size = 11
ebs_block_device {
2015-01-28 12:16:04 +01:00
device_name = "/dev/sdb"
providers/aws: add root_block_device to aws_instance AWS provides a single `BlockDeviceMapping` to manage three different kinds of block devices: (a) The root volume (b) Ephemeral storage (c) Additional EBS volumes Each of these types has slightly different semantics [1]. (a) The root volume is defined by the AMI; it can only be customized with `volume_size`, `volume_type`, and `delete_on_termination`. (b) Ephemeral storage is made available based on instance type [2]. It's attached automatically if _no_ block device mappings are specified, and must otherwise be defined with block device mapping entries that contain only DeviceName set to a device like "/dev/sdX" and VirtualName set to "ephemeralN". (c) Additional EBS volumes are controlled by mappings that omit `virtual_name` and can specify `volume_size`, `volume_type`, `delete_on_termination`, `snapshot_id`, and `encryption`. After deciding to ignore root block devices to fix #859, we had users with configurations that were attempting to manage the root block device chime in on #913. Terraform does not have the primitives to be able to properly handle a single collection of resources that is partially managed and partially computed, so our strategy here is to break out logical sub-resources for Terraform and hide the BlockDeviceMapping inside the provider implementation. Now (a) is supported by the `root_block_device` sub-resource, and (b) and (c) are still both merged together under `block_device`, though I have yet to see ephemeral block devices working properly. Looking into possibly separating out `ephemeral_block_device` and `ebs_block_device` sub-resources as well, which seem like the logical next step. We'll wait until the next big release for this, though, since it will break backcompat. [1] http://bit.ly/ec2bdmap [2] http://bit.ly/instancestorebytype Fixes #913 Refs #858
2015-02-18 18:45:30 +01:00
volume_size = 9
2014-10-31 21:25:16 +01:00
ebs_block_device {
device_name = "/dev/sdc"
volume_size = 10
volume_type = "io1"
iops = 100
# Encrypted ebs block device
ebs_block_device {
device_name = "/dev/sdd"
volume_size = 12
encrypted = true
ephemeral_block_device {
device_name = "/dev/sde"
virtual_name = "ephemeral0"
2014-10-31 21:25:16 +01:00
const testAccInstanceConfigSourceDestEnable = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "testAccInstanceConfigSourceDestEnable"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-4fccb37f"
instance_type = "m1.small"
subnet_id = "${aws_subnet.foo.id}"
const testAccInstanceConfigSourceDestDisable = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "testAccInstanceConfigSourceDestDisable"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-4fccb37f"
instance_type = "m1.small"
subnet_id = "${aws_subnet.foo.id}"
source_dest_check = false
func testAccInstanceConfigDisableAPITermination(val bool) string {
return fmt.Sprintf(`
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "testAccInstanceConfigDisableAPITermination"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-4fccb37f"
instance_type = "m1.small"
subnet_id = "${aws_subnet.foo.id}"
disable_api_termination = %t
`, val)
const testAccInstanceConfigVPC = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "testAccInstanceConfigVPC"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-4fccb37f"
instance_type = "m1.small"
subnet_id = "${aws_subnet.foo.id}"
associate_public_ip_address = true
tenancy = "dedicated"
# pre-encoded base64 data
user_data = "3dc39dda39be1205215e776bad998da361a5955d"
provider/aws: Adding IPv6 address to instance causes perpetual diff Fixes: #14032 When you are using an IPv6 address directly to an instance, it was causing the ipv6_address_count to try and ForceNew resource. It wasn't marked as computed I was able to see this here: ``` -/+ aws_instance.test ami: "ami-c5eabbf5" => "ami-c5eabbf5" associate_public_ip_address: "false" => "<computed>" availability_zone: "us-west-2a" => "<computed>" ebs_block_device.#: "0" => "<computed>" ephemeral_block_device.#: "0" => "<computed>" instance_state: "running" => "<computed>" instance_type: "t2.micro" => "t2.micro" ipv6_address_count: "1" => "0" (forces new resource) ipv6_addresses.#: "1" => "1" ipv6_addresses.0: "2600:1f14:bb2:e501::10" => "2600:1f14:bb2:e501::10" key_name: "" => "<computed>" network_interface.#: "0" => "<computed>" network_interface_id: "eni-d19115ec" => "<computed>" placement_group: "" => "<computed>" primary_network_interface_id: "eni-d19115ec" => "<computed>" private_dns: "ip-10-20-1-252.us-west-2.compute.internal" => "<computed>" private_ip: "" => "<computed>" public_dns: "" => "<computed>" public_ip: "" => "<computed>" root_block_device.#: "1" => "<computed>" security_groups.#: "0" => "<computed>" source_dest_check: "true" => "true" subnet_id: "subnet-3fdfb476" => "subnet-3fdfb476" tags.%: "1" => "1" tags.Name: "stack72" => "stack72" tenancy: "default" => "<computed>" volume_tags.%: "0" => "<computed>" vpc_security_group_ids.#: "1" => "<computed>" ``` It now works as expected: ``` % terraform plan ✹ ✭ [WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider. If you did not expect to see this message you will need to remove the old plugin. See https://www.terraform.io/docs/internals/internal-plugins.html Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. aws_vpc.foo: Refreshing state... (ID: vpc-fa61669d) aws_subnet.foo: Refreshing state... (ID: subnet-3fdfb476) aws_internet_gateway.foo: Refreshing state... (ID: igw-70629a17) aws_route_table.test: Refreshing state... (ID: rtb-0a52e16c) aws_instance.test: Refreshing state... (ID: i-0971755345296aca5) aws_route_table_association.a: Refreshing state... (ID: rtbassoc-b12493c8) No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, Terraform doesn't need to do anything. ```
2017-05-10 16:20:48 +02:00
const testAccInstanceConfigIpv6ErrorConfig = `
resource "aws_vpc" "foo" {
cidr_block = ""
assign_generated_ipv6_cidr_block = true
tags {
Name = "tf-ipv6-instance-acc-test"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
ipv6_cidr_block = "${cidrsubnet(aws_vpc.foo.ipv6_cidr_block, 8, 1)}"
tags {
Name = "tf-ipv6-instance-acc-test"
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-c5eabbf5"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.foo.id}"
ipv6_addresses = ["2600:1f14:bb2:e501::10"]
ipv6_address_count = 1
tags {
Name = "tf-ipv6-instance-acc-test"
provider/aws: Implement IPV6 Support for ec2 / VPC (#10538) * provider/aws: Add support for IPV6 enabled VPC ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpc' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2016/12/09 14:07:31 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpc -timeout 120m === RUN TestAccAWSVpc_importBasic --- PASS: TestAccAWSVpc_importBasic (43.03s) === RUN TestAccAWSVpc_basic --- PASS: TestAccAWSVpc_basic (36.32s) === RUN TestAccAWSVpc_enableIpv6 --- PASS: TestAccAWSVpc_enableIpv6 (29.37s) === RUN TestAccAWSVpc_dedicatedTenancy --- PASS: TestAccAWSVpc_dedicatedTenancy (36.63s) === RUN TestAccAWSVpc_tags --- PASS: TestAccAWSVpc_tags (67.54s) === RUN TestAccAWSVpc_update --- PASS: TestAccAWSVpc_update (66.16s) === RUN TestAccAWSVpc_bothDnsOptionsSet --- PASS: TestAccAWSVpc_bothDnsOptionsSet (16.82s) === RUN TestAccAWSVpc_DisabledDnsSupport --- PASS: TestAccAWSVpc_DisabledDnsSupport (36.52s) === RUN TestAccAWSVpc_classiclinkOptionSet --- PASS: TestAccAWSVpc_classiclinkOptionSet (38.13s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 739.543s ``` * provider/aws: New Resource: aws_egress_only_internet_gateway ``` make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEgressOnlyInternetGateway_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2016/12/09 14:22:16 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEgressOnlyInternetGateway_ -timeout 120m === RUN TestAccAWSEgressOnlyInternetGateway_basic --- PASS: TestAccAWSEgressOnlyInternetGateway_basic (32.67s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 32.692s ``` * provider/aws: Add IPV6 support to aws_subnet ``` % make testacc TEST=./builtin/providers/aws % TESTARGS='-run=TestAccAWSSubnet_' % 1 ↵ ✹ ✭ ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/02/27 19:08:34 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSubnet_ -timeout 120m === RUN TestAccAWSSubnet_importBasic --- PASS: TestAccAWSSubnet_importBasic (69.88s) === RUN TestAccAWSSubnet_basic --- PASS: TestAccAWSSubnet_basic (51.28s) === RUN TestAccAWSSubnet_ipv6 --- PASS: TestAccAWSSubnet_ipv6 (90.39s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws211.574s ``` * provider/aws: Add support for running aws_instances with ipv6 addresses
2017-03-01 17:16:59 +01:00
const testAccInstanceConfigIpv6Support = `
resource "aws_vpc" "foo" {
cidr_block = ""
assign_generated_ipv6_cidr_block = true
tags {
Name = "tf-ipv6-instance-acc-test"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
ipv6_cidr_block = "${cidrsubnet(aws_vpc.foo.ipv6_cidr_block, 8, 1)}"
tags {
Name = "tf-ipv6-instance-acc-test"
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-c5eabbf5"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.foo.id}"
ipv6_address_count = 1
tags {
Name = "tf-ipv6-instance-acc-test"
const testAccInstanceConfigMultipleRegions = `
provider "aws" {
alias = "west"
region = "us-west-2"
provider "aws" {
alias = "east"
region = "us-east-1"
resource "aws_instance" "foo" {
# us-west-2
provider = "aws.west"
ami = "ami-4fccb37f"
instance_type = "m1.small"
resource "aws_instance" "bar" {
# us-east-1
provider = "aws.east"
ami = "ami-8c6ea9e4"
instance_type = "m1.small"
const testAccCheckInstanceConfigTags = `
resource "aws_instance" "foo" {
ami = "ami-4fccb37f"
instance_type = "m1.small"
tags {
foo = "bar"
const testAccCheckInstanceConfigWithAttachedVolume = `
data "aws_ami" "debian_jessie_latest" {
most_recent = true
filter {
name = "name"
values = ["debian-jessie-*"]
filter {
name = "virtualization-type"
values = ["hvm"]
filter {
name = "architecture"
values = ["x86_64"]
filter {
name = "root-device-type"
values = ["ebs"]
owners = ["379101102735"] # Debian
resource "aws_instance" "foo" {
ami = "${data.aws_ami.debian_jessie_latest.id}"
associate_public_ip_address = true
count = 1
instance_type = "t2.medium"
root_block_device {
volume_size = "10"
volume_type = "standard"
delete_on_termination = true
tags {
Name = "test-terraform"
resource "aws_ebs_volume" "test" {
depends_on = ["aws_instance.foo"]
availability_zone = "${aws_instance.foo.availability_zone}"
type = "gp2"
size = "10"
tags {
Name = "test-terraform"
resource "aws_volume_attachment" "test" {
depends_on = ["aws_ebs_volume.test"]
device_name = "/dev/xvdg"
volume_id = "${aws_ebs_volume.test.id}"
instance_id = "${aws_instance.foo.id}"
const testAccCheckInstanceConfigNoVolumeTags = `
resource "aws_instance" "foo" {
ami = "ami-55a7ea65"
instance_type = "m3.medium"
root_block_device {
volume_type = "gp2"
volume_size = 11
ebs_block_device {
device_name = "/dev/sdb"
volume_size = 9
ebs_block_device {
device_name = "/dev/sdc"
volume_size = 10
volume_type = "io1"
iops = 100
ebs_block_device {
device_name = "/dev/sdd"
volume_size = 12
encrypted = true
ephemeral_block_device {
device_name = "/dev/sde"
virtual_name = "ephemeral0"
const testAccCheckInstanceConfigWithVolumeTags = `
resource "aws_instance" "foo" {
ami = "ami-55a7ea65"
instance_type = "m3.medium"
root_block_device {
volume_type = "gp2"
volume_size = 11
ebs_block_device {
device_name = "/dev/sdb"
volume_size = 9
ebs_block_device {
device_name = "/dev/sdc"
volume_size = 10
volume_type = "io1"
iops = 100
ebs_block_device {
device_name = "/dev/sdd"
volume_size = 12
encrypted = true
ephemeral_block_device {
device_name = "/dev/sde"
virtual_name = "ephemeral0"
volume_tags {
Name = "acceptance-test-volume-tag"
const testAccCheckInstanceConfigWithVolumeTagsUpdate = `
resource "aws_instance" "foo" {
ami = "ami-55a7ea65"
instance_type = "m3.medium"
root_block_device {
volume_type = "gp2"
volume_size = 11
ebs_block_device {
device_name = "/dev/sdb"
volume_size = 9
ebs_block_device {
device_name = "/dev/sdc"
volume_size = 10
volume_type = "io1"
iops = 100
ebs_block_device {
device_name = "/dev/sdd"
volume_size = 12
encrypted = true
ephemeral_block_device {
device_name = "/dev/sde"
virtual_name = "ephemeral0"
volume_tags {
Name = "acceptance-test-volume-tag"
Environment = "dev"
const testAccCheckInstanceConfigTagsUpdate = `
2014-10-14 21:15:46 +02:00
resource "aws_instance" "foo" {
ami = "ami-4fccb37f"
instance_type = "m1.small"
tags {
bar = "baz"
2014-10-14 21:20:39 +02:00
func testAccInstanceConfigWithoutInstanceProfile(rName string) string {
return fmt.Sprintf(`
resource "aws_iam_role" "test" {
name = "test-%s"
assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}"
resource "aws_iam_instance_profile" "test" {
name = "test-%s"
roles = ["${aws_iam_role.test.name}"]
resource "aws_instance" "foo" {
ami = "ami-4fccb37f"
instance_type = "m1.small"
tags {
bar = "baz"
}`, rName, rName)
func testAccInstanceConfigWithInstanceProfile(rName string) string {
return fmt.Sprintf(`
resource "aws_iam_role" "test" {
name = "test-%s"
assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}"
resource "aws_iam_instance_profile" "test" {
name = "test-%s"
roles = ["${aws_iam_role.test.name}"]
resource "aws_instance" "foo" {
ami = "ami-4fccb37f"
instance_type = "m1.small"
iam_instance_profile = "${aws_iam_instance_profile.test.name}"
tags {
bar = "baz"
}`, rName, rName)
const testAccInstanceConfigPrivateIP = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "testAccInstanceConfigPrivateIP"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo" {
ami = "ami-c5eabbf5"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.foo.id}"
private_ip = ""
const testAccInstanceConfigAssociatePublicIPAndPrivateIP = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "testAccInstanceConfigAssociatePublicIPAndPrivateIP"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo" {
ami = "ami-c5eabbf5"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.foo.id}"
associate_public_ip_address = true
private_ip = ""
const testAccInstanceNetworkInstanceSecurityGroups = `
resource "aws_internet_gateway" "gw" {
vpc_id = "${aws_vpc.foo.id}"
resource "aws_vpc" "foo" {
cidr_block = ""
2015-03-12 21:01:24 +01:00
tags {
Name = "tf-network-test"
resource "aws_security_group" "tf_test_foo" {
name = "tf_test_foo"
description = "foo"
ingress {
protocol = "icmp"
from_port = -1
to_port = -1
cidr_blocks = [""]
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo_instance" {
ami = "ami-21f78e11"
instance_type = "t1.micro"
vpc_security_group_ids = ["${aws_security_group.tf_test_foo.id}"]
subnet_id = "${aws_subnet.foo.id}"
associate_public_ip_address = true
depends_on = ["aws_internet_gateway.gw"]
resource "aws_eip" "foo_eip" {
instance = "${aws_instance.foo_instance.id}"
vpc = true
depends_on = ["aws_internet_gateway.gw"]
const testAccInstanceNetworkInstanceVPCSecurityGroupIDs = `
resource "aws_internet_gateway" "gw" {
vpc_id = "${aws_vpc.foo.id}"
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "tf-network-test"
resource "aws_security_group" "tf_test_foo" {
name = "tf_test_foo"
description = "foo"
ingress {
protocol = "icmp"
from_port = -1
to_port = -1
cidr_blocks = [""]
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo_instance" {
ami = "ami-21f78e11"
instance_type = "t1.micro"
vpc_security_group_ids = ["${aws_security_group.tf_test_foo.id}"]
subnet_id = "${aws_subnet.foo.id}"
depends_on = ["aws_internet_gateway.gw"]
resource "aws_eip" "foo_eip" {
instance = "${aws_instance.foo_instance.id}"
vpc = true
depends_on = ["aws_internet_gateway.gw"]
func testAccInstanceConfigKeyPair(keyPairName string) string {
return fmt.Sprintf(`
provider "aws" {
region = "us-east-1"
resource "aws_key_pair" "debugging" {
key_name = "%s"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 phodgson@thoughtworks.com"
resource "aws_instance" "foo" {
ami = "ami-408c7f28"
instance_type = "t1.micro"
key_name = "${aws_key_pair.debugging.key_name}"
tags {
Name = "testAccInstanceConfigKeyPair_TestAMI"
`, keyPairName)
const testAccInstanceConfigRootBlockDeviceMismatch = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "testAccInstanceConfigRootBlockDeviceMismatch"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo" {
// This is an AMI with RootDeviceName: "/dev/sda1"; actual root: "/dev/sda"
ami = "ami-ef5b69df"
instance_type = "t1.micro"
subnet_id = "${aws_subnet.foo.id}"
root_block_device {
volume_size = 13
const testAccInstanceConfigForceNewAndTagsDrift = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "testAccInstanceConfigForceNewAndTagsDrift"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo" {
ami = "ami-22b9a343"
instance_type = "t2.nano"
subnet_id = "${aws_subnet.foo.id}"
const testAccInstanceConfigForceNewAndTagsDrift_Update = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "testAccInstanceConfigForceNewAndTagsDrift_Update"
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${aws_vpc.foo.id}"
resource "aws_instance" "foo" {
ami = "ami-22b9a343"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.foo.id}"
2017-04-19 23:30:58 +02:00
const testAccInstanceConfigPrimaryNetworkInterface = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "tf-instance-test"
resource "aws_subnet" "foo" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = ""
availability_zone = "us-west-2a"
tags {
Name = "tf-instance-test"
resource "aws_network_interface" "bar" {
subnet_id = "${aws_subnet.foo.id}"
private_ips = [""]
tags {
Name = "primary_network_interface"
provider/aws: Fix source_dest_check with network_interface The default value for `source_dest_check` needs to remain the same, so as not to break any backwards compatibility, however, adding a new `network_interface` parameter with a pre-configured network_interface that has `source_dest_check` set to false throws a diff after initial apply. Since we don't want to change `source_dest_check` to computed in order to not break sane defaults, ignore the diff thrown if `network_interface` attributes are configured on an instance. ``` $ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck" ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/04/28 16:26:02 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck -timeout 120m === RUN TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck --- PASS: TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck (134.20s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 134.211s ``` ``` $ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_sourceDestCheck" ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/04/28 16:15:14 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_sourceDestCheck -timeout 120m === RUN TestAccAWSInstance_sourceDestCheck --- PASS: TestAccAWSInstance_sourceDestCheck (179.81s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 179.815s ``` Fixes: #14068
2017-04-28 22:35:54 +02:00
resource "aws_instance" "foo" {
ami = "ami-22b9a343"
instance_type = "t2.micro"
network_interface {
network_interface_id = "${aws_network_interface.bar.id}"
device_index = 0
const testAccInstanceConfigPrimaryNetworkInterfaceSourceDestCheck = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "tf-instance-test"
resource "aws_subnet" "foo" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = ""
availability_zone = "us-west-2a"
tags {
Name = "tf-instance-test"
resource "aws_network_interface" "bar" {
subnet_id = "${aws_subnet.foo.id}"
private_ips = [""]
source_dest_check = false
tags {
Name = "primary_network_interface"
2017-04-19 23:30:58 +02:00
resource "aws_instance" "foo" {
ami = "ami-22b9a343"
instance_type = "t2.micro"
network_interface {
network_interface_id = "${aws_network_interface.bar.id}"
device_index = 0
const testAccInstanceConfigAddSecondaryNetworkInterfaceBefore = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "tf-instance-test"
resource "aws_subnet" "foo" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = ""
availability_zone = "us-west-2a"
tags {
Name = "tf-instance-test"
resource "aws_network_interface" "primary" {
subnet_id = "${aws_subnet.foo.id}"
private_ips = [""]
tags {
Name = "primary_network_interface"
resource "aws_network_interface" "secondary" {
subnet_id = "${aws_subnet.foo.id}"
private_ips = [""]
tags {
Name = "secondary_network_interface"
resource "aws_instance" "foo" {
ami = "ami-22b9a343"
instance_type = "t2.micro"
network_interface {
network_interface_id = "${aws_network_interface.primary.id}"
device_index = 0
const testAccInstanceConfigAddSecondaryNetworkInterfaceAfter = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "tf-instance-test"
resource "aws_subnet" "foo" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = ""
availability_zone = "us-west-2a"
tags {
Name = "tf-instance-test"
resource "aws_network_interface" "primary" {
subnet_id = "${aws_subnet.foo.id}"
private_ips = [""]
tags {
Name = "primary_network_interface"
// Attach previously created network interface, observe no state diff on instance resource
resource "aws_network_interface" "secondary" {
subnet_id = "${aws_subnet.foo.id}"
private_ips = [""]
tags {
Name = "secondary_network_interface"
attachment {
instance = "${aws_instance.foo.id}"
device_index = 1
resource "aws_instance" "foo" {
ami = "ami-22b9a343"
instance_type = "t2.micro"
network_interface {
network_interface_id = "${aws_network_interface.primary.id}"
device_index = 0
2017-04-19 23:30:58 +02:00
provider/aws: Fix attach of SG to instance with multiple network interfaces With an EC2 instance that only had a single network interface, the primary interface, the Update function would call `ModifyInstanceAttribute()` on the target instance. This would only work if there was a single network interface attached to the EC2 instance. If, however, a secondary network interface was attached to the instance, the `ModifyInstanceAttribute()` API call would fail with the following error message: > There are multiple interfaces attached to instance 'i-XXXXX'. Please specify an interface ID for the operation instead. After this changeset, modifying instance security groups now makes the correct call to `ModifyNetworkInterfaceAttribute()` in order to modify the list of security groups on the primary network interface, as initially configured during the instances creation. This change is also safe from an instance that has a non-default primary network interface, as the instance attribute `vpc_security_group_ids` conflicts with the new `network_interface` attribute. Test Output: ``` $ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_addSecurityGroupNetworkInterface" ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/05/08 17:52:42 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_addSecurityGroupNetworkInterface -timeout 120m === RUN TestAccAWSInstance_addSecurityGroupNetworkInterface --- PASS: TestAccAWSInstance_addSecurityGroupNetworkInterface (327.75s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 327.756s ```
2017-05-09 00:30:22 +02:00
const testAccInstanceConfigAddSecurityGroupBefore = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "tf-eni-test"
resource "aws_subnet" "foo" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = ""
availability_zone = "us-west-2a"
tags {
Name = "tf-foo-instance-add-sg-test"
resource "aws_subnet" "bar" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = ""
availability_zone = "us-west-2a"
tags {
Name = "tf-bar-instance-add-sg-test"
resource "aws_security_group" "foo" {
vpc_id = "${aws_vpc.foo.id}"
description = "foo"
name = "foo"
resource "aws_security_group" "bar" {
vpc_id = "${aws_vpc.foo.id}"
description = "bar"
name = "bar"
resource "aws_instance" "foo" {
ami = "ami-c5eabbf5"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.bar.id}"
associate_public_ip_address = false
vpc_security_group_ids = [
tags {
Name = "foo-instance-sg-add-test"
resource "aws_network_interface" "bar" {
subnet_id = "${aws_subnet.foo.id}"
private_ips = [""]
security_groups = ["${aws_security_group.foo.id}"]
attachment {
instance = "${aws_instance.foo.id}"
device_index = 1
tags {
Name = "bar_interface"
const testAccInstanceConfigAddSecurityGroupAfter = `
resource "aws_vpc" "foo" {
cidr_block = ""
tags {
Name = "tf-eni-test"
resource "aws_subnet" "foo" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = ""
availability_zone = "us-west-2a"
tags {
Name = "tf-foo-instance-add-sg-test"
resource "aws_subnet" "bar" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = ""
availability_zone = "us-west-2a"
tags {
Name = "tf-bar-instance-add-sg-test"
resource "aws_security_group" "foo" {
vpc_id = "${aws_vpc.foo.id}"
description = "foo"
name = "foo"
resource "aws_security_group" "bar" {
vpc_id = "${aws_vpc.foo.id}"
description = "bar"
name = "bar"
resource "aws_instance" "foo" {
ami = "ami-c5eabbf5"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.bar.id}"
associate_public_ip_address = false
vpc_security_group_ids = [
tags {
Name = "foo-instance-sg-add-test"
resource "aws_network_interface" "bar" {
subnet_id = "${aws_subnet.foo.id}"
private_ips = [""]
security_groups = ["${aws_security_group.foo.id}"]
attachment {
instance = "${aws_instance.foo.id}"
device_index = 1
tags {
Name = "bar_interface"