diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go index 51f3dfd03..4a48df0c7 100644 --- a/builtin/providers/aws/config.go +++ b/builtin/providers/aws/config.go @@ -45,6 +45,8 @@ import ( "github.com/aws/aws-sdk-go/service/s3" "github.com/aws/aws-sdk-go/service/sns" "github.com/aws/aws-sdk-go/service/sqs" + "net/http" + "crypto/tls" ) type Config struct { @@ -61,6 +63,10 @@ type Config struct { DynamoDBEndpoint string KinesisEndpoint string + Ec2Endpoint string + IamEndpoint string + ElbEndpoint string + Insecure bool } type AWSClient struct { @@ -136,9 +142,21 @@ func (c *Config) Client() (interface{}, error) { HTTPClient: cleanhttp.DefaultClient(), } + if c.Insecure { + transport := awsConfig.HTTPClient.Transport.(*http.Transport) + transport.TLSClientConfig = &tls.Config{ + InsecureSkipVerify:true, + } + } + log.Println("[INFO] Initializing IAM Connection") sess := session.New(awsConfig) - client.iamconn = iam.New(sess) + + awsIamConfig := *awsConfig + awsIamConfig.Endpoint = aws.String(c.IamEndpoint) + + awsIamSess := session.New(&awsIamConfig) + client.iamconn = iam.New(awsIamSess) err = c.ValidateCredentials(client.iamconn) if err != nil { @@ -166,7 +184,12 @@ func (c *Config) Client() (interface{}, error) { client.dynamodbconn = dynamodb.New(dynamoSess) log.Println("[INFO] Initializing ELB connection") - client.elbconn = elb.New(sess) + awsElbConfig := *awsConfig + awsElbConfig.Endpoint = aws.String(c.ElbEndpoint) + + awsElbSess := session.New(&awsElbConfig) + + client.elbconn = elb.New(awsElbSess) log.Println("[INFO] Initializing S3 connection") client.s3conn = s3.New(sess) @@ -199,7 +222,12 @@ func (c *Config) Client() (interface{}, error) { client.autoscalingconn = autoscaling.New(sess) log.Println("[INFO] Initializing EC2 Connection") - client.ec2conn = ec2.New(sess) + + awsEc2Config := *awsConfig + awsEc2Config.Endpoint = aws.String(c.Ec2Endpoint) + + awsEc2Sess := session.New(&awsEc2Config) + client.ec2conn = ec2.New(awsEc2Sess) log.Println("[INFO] Initializing ECR Connection") client.ecrconn = ecr.New(sess) diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index 5734cbb1c..4de4059db 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -96,6 +96,31 @@ func Provider() terraform.ResourceProvider { Default: "", Description: descriptions["kinesis_endpoint"], }, + "iam_endpoint": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["iam_endpoint"], + }, + + "ec2_endpoint": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["ec2_endpoint"], + }, + "elb_endpoint": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["elb_endpoint"], + }, + "insecure": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: descriptions["insecure"], + }, }, ResourcesMap: map[string]*schema.Resource{ @@ -249,6 +274,15 @@ func init() { "kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + "It's typically used to connect to kinesalite.", + + "iam_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + + "ec2_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + + "elb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + + "insecure" : "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," + + "default value is `false`", } } @@ -263,6 +297,10 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { MaxRetries: d.Get("max_retries").(int), DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string), KinesisEndpoint: d.Get("kinesis_endpoint").(string), + IamEndpoint: d.Get("iam_endpoint").(string), + Ec2Endpoint: d.Get("ec2_endpoint").(string), + ElbEndpoint: d.Get("elb_endpoint").(string), + Insecure: d.Get("insecure").(bool), } if v, ok := d.GetOk("allowed_account_ids"); ok { diff --git a/website/source/docs/providers/aws/index.html.markdown b/website/source/docs/providers/aws/index.html.markdown index 6167bb6b7..3b4430472 100644 --- a/website/source/docs/providers/aws/index.html.markdown +++ b/website/source/docs/providers/aws/index.html.markdown @@ -137,5 +137,24 @@ The following arguments are supported in the `provider` block: URL constructed from the `region`. It's typically used to connect to dynamodb-local. -* `kinesis_endpoint` - (Optional) Use this to override the default endpoint URL - constructed from the `region`. It's typically used to connect to kinesalite. +* `kinesis_endpoint` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + kinesalite. + +* `iam_endpoint` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom iam endpoints. + +* `ec2_endpoint` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom ec2 endpoints. + +* `elb_endpoint` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom elb endpoints. + +* `token` - (Optional) Use this to set an MFA token. It can also be + sourced from the `AWS_SECURITY_TOKEN` environment variable. + +* `insecure` - (Optional) Optional) Explicitly allow the provider to + perform "insecure" SSL requests. If omitted, default value is `false`