diff --git a/builtin/providers/aws/resource_aws_elastic_beanstalk_environment.go b/builtin/providers/aws/resource_aws_elastic_beanstalk_environment.go index 861722e17..71ee9b343 100644 --- a/builtin/providers/aws/resource_aws_elastic_beanstalk_environment.go +++ b/builtin/providers/aws/resource_aws_elastic_beanstalk_environment.go @@ -685,20 +685,44 @@ func dropGeneratedSecurityGroup(settingValue string, meta interface{}) string { groups := strings.Split(settingValue, ",") - resp, err := conn.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{ - GroupIds: aws.StringSlice(groups), - }) + // Check to see if groups are ec2-classic or vpc security groups + ec2Classic := true + beanstalkSGRegexp := "sg-[0-9a-fA-F]{8}" + for _, g := range groups { + if ok, _ := regexp.MatchString(beanstalkSGRegexp, g); ok { + ec2Classic = false + break + } + } + + var resp *ec2.DescribeSecurityGroupsOutput + var err error + + if ec2Classic { + resp, err = conn.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{ + GroupNames: aws.StringSlice(groups), + }) + } else { + resp, err = conn.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{ + GroupIds: aws.StringSlice(groups), + }) + } if err != nil { log.Printf("[DEBUG] Elastic Beanstalk error describing SecurityGroups: %v", err) return settingValue } + log.Printf("[DEBUG] Elastic Beanstalk using ec2-classic security-groups: %t", ec2Classic) var legitGroups []string for _, group := range resp.SecurityGroups { log.Printf("[DEBUG] Elastic Beanstalk SecurityGroup: %v", *group.GroupName) if !strings.HasPrefix(*group.GroupName, "awseb") { - legitGroups = append(legitGroups, *group.GroupId) + if ec2Classic { + legitGroups = append(legitGroups, *group.GroupName) + } else { + legitGroups = append(legitGroups, *group.GroupId) + } } } diff --git a/builtin/providers/aws/resource_aws_elastic_beanstalk_environment_test.go b/builtin/providers/aws/resource_aws_elastic_beanstalk_environment_test.go index eeb4657c4..4d9481791 100644 --- a/builtin/providers/aws/resource_aws_elastic_beanstalk_environment_test.go +++ b/builtin/providers/aws/resource_aws_elastic_beanstalk_environment_test.go @@ -158,6 +158,26 @@ func TestAccAWSBeanstalkEnv_resource(t *testing.T) { }) } +func TestAccAWSBeanstalkEnv_vpc(t *testing.T) { + var app elasticbeanstalk.EnvironmentDescription + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccCheckBeanstalkEnvDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccBeanstalkEnv_VPC(acctest.RandString(5)), + Check: resource.ComposeTestCheckFunc( + testAccCheckBeanstalkEnvExists("aws_elastic_beanstalk_environment.default", &app), + ), + }, + }, + }) +} + func testAccCheckBeanstalkEnvDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).elasticbeanstalkconn @@ -488,3 +508,66 @@ resource "aws_elastic_beanstalk_environment" "tfenvtest" { } } ` + +func testAccBeanstalkEnv_VPC(name string) string { + return fmt.Sprintf(` +resource "aws_vpc" "tf_b_test" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_internet_gateway" "tf_b_test" { + vpc_id = "${aws_vpc.tf_b_test.id}" +} + +resource "aws_route" "r" { + route_table_id = "${aws_vpc.tf_b_test.main_route_table_id}" + destination_cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.tf_b_test.id}" +} + +resource "aws_subnet" "main" { + vpc_id = "${aws_vpc.tf_b_test.id}" + cidr_block = "10.0.0.0/24" +} + +resource "aws_security_group" "default" { + name = "tf-b-test-%s" + vpc_id = "${aws_vpc.tf_b_test.id}" +} + +resource "aws_elastic_beanstalk_application" "default" { + name = "tf-test-name" + description = "tf-test-desc" +} + +resource "aws_elastic_beanstalk_environment" "default" { + name = "tf-test-name" + application = "${aws_elastic_beanstalk_application.default.name}" + solution_stack_name = "64bit Amazon Linux running Python" + + setting { + namespace = "aws:ec2:vpc" + name = "VPCId" + value = "${aws_vpc.tf_b_test.id}" + } + + setting { + namespace = "aws:ec2:vpc" + name = "Subnets" + value = "${aws_subnet.main.id}" + } + + setting { + namespace = "aws:ec2:vpc" + name = "AssociatePublicIpAddress" + value = "true" + } + + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "SecurityGroups" + value = "${aws_security_group.default.id}" + } +} +`, name) +}