From cbb6b97f7e1b9497620d1e6afcfb0b1c1355f082 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Wed, 17 Jun 2015 12:58:08 -0500 Subject: [PATCH 01/10] provider/aws: Docs for FlowLog resource --- .../providers/aws/r/flow_log.html.markdown | 40 +++++++++++++++++++ website/source/layouts/aws.erb | 4 ++ 2 files changed, 44 insertions(+) create mode 100644 website/source/docs/providers/aws/r/flow_log.html.markdown diff --git a/website/source/docs/providers/aws/r/flow_log.html.markdown b/website/source/docs/providers/aws/r/flow_log.html.markdown new file mode 100644 index 000000000..02559e96e --- /dev/null +++ b/website/source/docs/providers/aws/r/flow_log.html.markdown @@ -0,0 +1,40 @@ +--- +layout: "aws" +page_title: "AWS: aws_flow_log" +sidebar_current: "docs-aws-resource-flow-log" +description: |- + Provides a VPC/Subnet/ENI Flow Log +--- + +# aws\_flow\_log + +Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network +interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group. + +``` +resource "aws_flow_log" "test_flow_log" { + log_group_name = "tf-test-log-group" + iam_role_arn = "arn:aws:iam::470663696735:role/tf-test-cloud" + vpc_id = "${aws_vpc.default.id}" + traffic_type = "ALL" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `log_group_name` - (Required) The name of the CloudWatch log group +* `iam_role_arn` - (Required) The ARN for the IAM role that's used to post flow + logs to a CloudWatch Logs log group +* `vpc_id` - (Optional) VPC ID to attach to +* `subnet_id` - (Optional) Subnet ID to attach to +* `eni_id` - (Optional) Elastic Network Interface ID to attach to +* `traffic_type` - (Required) The type of traffic to capture. Valid values: + `ACCEPT`,`REJECT`, `ALL` + +## Attributes Reference + +The following attributes are exported: + +* `id` - The Flow Log ID diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb index 7afd00060..3e17133e1 100644 --- a/website/source/layouts/aws.erb +++ b/website/source/layouts/aws.erb @@ -81,6 +81,10 @@ aws_elb + > + aws_flow_log + + > aws_iam_access_key From 641a86effa7b492e3f7e346fde2203430f4c4232 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Wed, 17 Jun 2015 16:23:56 -0500 Subject: [PATCH 02/10] additional attributes exported --- website/source/docs/providers/aws/r/flow_log.html.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/source/docs/providers/aws/r/flow_log.html.markdown b/website/source/docs/providers/aws/r/flow_log.html.markdown index 02559e96e..fafc5bcc7 100644 --- a/website/source/docs/providers/aws/r/flow_log.html.markdown +++ b/website/source/docs/providers/aws/r/flow_log.html.markdown @@ -38,3 +38,5 @@ The following arguments are supported: The following attributes are exported: * `id` - The Flow Log ID +* `flow_log_status` - The status of the flow log (ex: `ACTIVE`) +* `deliver_log_status` - The status of the logs delivery (ex: `SUCCESS`, `FAILED`) From bfdf11c4777d18ca8e3d0c9069c7e926f898ac3a Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Wed, 17 Jun 2015 16:25:21 -0500 Subject: [PATCH 03/10] provider/aws: Implement AWS Flow Logs --- builtin/providers/aws/provider.go | 3 +- .../providers/aws/resource_aws_flow_log.go | 173 +++++++++++++++ .../aws/resource_aws_flow_log_test.go | 209 ++++++++++++++++++ 3 files changed, 384 insertions(+), 1 deletion(-) create mode 100644 builtin/providers/aws/resource_aws_flow_log.go create mode 100644 builtin/providers/aws/resource_aws_flow_log_test.go diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index f28cf69ea..2a5fff987 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -86,12 +86,13 @@ func Provider() terraform.ResourceProvider { "aws_app_cookie_stickiness_policy": resourceAwsAppCookieStickinessPolicy(), "aws_autoscaling_group": resourceAwsAutoscalingGroup(), "aws_autoscaling_notification": resourceAwsAutoscalingNotification(), + "aws_flow_log": resourceAwsFlowLog(), "aws_customer_gateway": resourceAwsCustomerGateway(), "aws_db_instance": resourceAwsDbInstance(), "aws_db_parameter_group": resourceAwsDbParameterGroup(), "aws_db_security_group": resourceAwsDbSecurityGroup(), "aws_db_subnet_group": resourceAwsDbSubnetGroup(), - "aws_dynamodb_table": resourceAwsDynamoDbTable(), + "aws_dynamodb_table": resourceAwsDynamoDbTable(), "aws_ebs_volume": resourceAwsEbsVolume(), "aws_ecs_cluster": resourceAwsEcsCluster(), "aws_ecs_service": resourceAwsEcsService(), diff --git a/builtin/providers/aws/resource_aws_flow_log.go b/builtin/providers/aws/resource_aws_flow_log.go new file mode 100644 index 000000000..f2bb09890 --- /dev/null +++ b/builtin/providers/aws/resource_aws_flow_log.go @@ -0,0 +1,173 @@ +package aws + +import ( + "fmt" + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsFlowLog() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsLogFlowCreate, + Read: resourceAwsLogFlowRead, + Delete: resourceAwsLogFlowDelete, + + Schema: map[string]*schema.Schema{ + // "client_token": &schema.Schema{ + // Type: schema.TypeString, + // Optional: true, + // Computed: true, + // }, + + "iam_role_arn": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "log_group_name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + + "vpc_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ConflictsWith: []string{"subnet_id", "eni_id"}, + }, + + "subnet_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ConflictsWith: []string{"eni_id", "vpc_id"}, + }, + + "eni_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ConflictsWith: []string{"subnet_id", "vpc_id"}, + }, + + "traffic_type": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "flow_log_status": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + + "deliver_log_status": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +func resourceAwsLogFlowCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).ec2conn + + types := []struct { + ID string + Type string + }{ + {ID: d.Get("vpc_id").(string), Type: "VPC"}, + {ID: d.Get("subnet_id").(string), Type: "Subnet"}, + {ID: d.Get("eni_id").(string), Type: "NetworkInterface"}, + } + + var resourceId string + var resourceType string + for _, t := range types { + if t.ID != "" { + resourceId = t.ID + resourceType = t.Type + break + } + } + + if resourceId == "" || resourceType == "" { + return fmt.Errorf("Error: Flow Logs require either a VPC, Subnet, or ENI ID") + } + + opts := &ec2.CreateFlowLogsInput{ + DeliverLogsPermissionARN: aws.String(d.Get("iam_role_arn").(string)), + LogGroupName: aws.String(d.Get("log_group_name").(string)), + ResourceIDs: []*string{aws.String(resourceId)}, + ResourceType: aws.String(resourceType), + TrafficType: aws.String(d.Get("traffic_type").(string)), + } + resp, err := conn.CreateFlowLogs(opts) + if err != nil { + return fmt.Errorf("Error creating Flow Log for (%s), error: %s", resourceId, err) + } + + if len(resp.FlowLogIDs) > 1 { + return fmt.Errorf("Error: multiple Flow Logs created for (%s), error: %s", resourceId) + } + + d.SetId(*resp.FlowLogIDs[0]) + + return resourceAwsLogFlowRead(d, meta) +} + +func resourceAwsLogFlowRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).ec2conn + + opts := &ec2.DescribeFlowLogsInput{ + FlowLogIDs: []*string{aws.String(d.Id())}, + } + + resp, err := conn.DescribeFlowLogs(opts) + if err != nil { + log.Printf("[WARN] Error describing Flow Logs for id (%s)", d.Id()) + d.SetId("") + return nil + } + + if len(resp.FlowLogs) == 0 { + log.Printf("[WARN] No Flow Logs found for id (%s)", d.Id()) + d.SetId("") + return nil + } + + fl := resp.FlowLogs[0] + + d.Set("traffic_type", fl.TrafficType) + d.Set("log_group_name", fl.LogGroupName) + d.Set("iam_role_arn", fl.DeliverLogsPermissionARN) + d.Set("flow_log_status", fl.FlowLogStatus) + d.Set("deliver_log_status", fl.DeliverLogsStatus) + + return nil +} + +func resourceAwsLogFlowDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).ec2conn + _, err := conn.DeleteFlowLogs(&ec2.DeleteFlowLogsInput{ + FlowLogIDs: []*string{aws.String(d.Id())}, + }) + + if err != nil { + return fmt.Errorf("[WARN] Error deleting Flow Log with ID (%s), error: %s", d.Id(), err) + } + + return nil +} + +func flowLogStateRefreshFunc(conn *ec2.EC2, sn string) resource.StateRefreshFunc { + return func() (interface{}, string, error) { + return nil, "ok", nil + } +} diff --git a/builtin/providers/aws/resource_aws_flow_log_test.go b/builtin/providers/aws/resource_aws_flow_log_test.go new file mode 100644 index 000000000..697d24539 --- /dev/null +++ b/builtin/providers/aws/resource_aws_flow_log_test.go @@ -0,0 +1,209 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/aws-sdk-go/aws" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccFlowLog_basic(t *testing.T) { + var flowLog ec2.FlowLog + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckFlowLogDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccFlowLogConfig_basic, + Check: resource.ComposeTestCheckFunc( + testAccCheckFlowLogExists("aws_flow_log.test_flow_log", &flowLog), + testAccCheckAWSFlowLogAttributes(&flowLog), + ), + }, + }, + }) +} + +func TestAccFlowLog_subnet(t *testing.T) { + var flowLog ec2.FlowLog + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckFlowLogDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccFlowLogConfig_subnet, + Check: resource.ComposeTestCheckFunc( + testAccCheckFlowLogExists("aws_flow_log.test_flow_log_subnet", &flowLog), + testAccCheckAWSFlowLogAttributes(&flowLog), + ), + }, + }, + }) +} + +func testAccCheckFlowLogExists(n string, flowLog *ec2.FlowLog) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No Flow Log ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).ec2conn + describeOpts := &ec2.DescribeFlowLogsInput{ + FlowLogIDs: []*string{aws.String(rs.Primary.ID)}, + } + resp, err := conn.DescribeFlowLogs(describeOpts) + if err != nil { + return err + } + + if len(resp.FlowLogs) > 0 { + *flowLog = *resp.FlowLogs[0] + return nil + } + return fmt.Errorf("No Flow Logs found for id (%s)", rs.Primary.ID) + } +} + +func testAccCheckAWSFlowLogAttributes(flowLog *ec2.FlowLog) resource.TestCheckFunc { + return func(s *terraform.State) error { + if flowLog.FlowLogStatus != nil && *flowLog.FlowLogStatus == "ACTIVE" { + return nil + } + if flowLog.FlowLogStatus == nil { + return fmt.Errorf("Flow Log status is not ACTIVE, is nil") + } else { + return fmt.Errorf("Flow Log status is not ACTIVE, got: %s", *flowLog.FlowLogStatus) + } + } +} + +func testAccCheckFlowLogDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_flow_log" { + continue + } + + return nil + } + + return nil +} + +var testAccFlowLogConfig_basic = ` +resource "aws_vpc" "default" { + cidr_block = "10.0.0.0/16" + tags { + Name = "tf-flow-log-test" + } +} + +resource "aws_subnet" "test_subnet" { + vpc_id = "${aws_vpc.default.id}" + cidr_block = "10.0.1.0/24" + + tags { + Name = "tf-flow-test" + } +} + +resource "aws_iam_role" "test_role" { + name = "test_role" + assume_role_policy = < Date: Wed, 17 Jun 2015 16:26:46 -0500 Subject: [PATCH 04/10] Log Group Name is required/forcenew --- builtin/providers/aws/provider.go | 2 +- builtin/providers/aws/resource_aws_flow_log.go | 10 ++-------- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index 2a5fff987..f1f920f52 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -86,7 +86,6 @@ func Provider() terraform.ResourceProvider { "aws_app_cookie_stickiness_policy": resourceAwsAppCookieStickinessPolicy(), "aws_autoscaling_group": resourceAwsAutoscalingGroup(), "aws_autoscaling_notification": resourceAwsAutoscalingNotification(), - "aws_flow_log": resourceAwsFlowLog(), "aws_customer_gateway": resourceAwsCustomerGateway(), "aws_db_instance": resourceAwsDbInstance(), "aws_db_parameter_group": resourceAwsDbParameterGroup(), @@ -102,6 +101,7 @@ func Provider() terraform.ResourceProvider { "aws_elasticache_security_group": resourceAwsElasticacheSecurityGroup(), "aws_elasticache_subnet_group": resourceAwsElasticacheSubnetGroup(), "aws_elb": resourceAwsElb(), + "aws_flow_log": resourceAwsFlowLog(), "aws_iam_access_key": resourceAwsIamAccessKey(), "aws_iam_group_policy": resourceAwsIamGroupPolicy(), "aws_iam_group": resourceAwsIamGroup(), diff --git a/builtin/providers/aws/resource_aws_flow_log.go b/builtin/providers/aws/resource_aws_flow_log.go index f2bb09890..5e70ea48c 100644 --- a/builtin/providers/aws/resource_aws_flow_log.go +++ b/builtin/providers/aws/resource_aws_flow_log.go @@ -17,12 +17,6 @@ func resourceAwsFlowLog() *schema.Resource { Delete: resourceAwsLogFlowDelete, Schema: map[string]*schema.Schema{ - // "client_token": &schema.Schema{ - // Type: schema.TypeString, - // Optional: true, - // Computed: true, - // }, - "iam_role_arn": &schema.Schema{ Type: schema.TypeString, Required: true, @@ -31,8 +25,8 @@ func resourceAwsFlowLog() *schema.Resource { "log_group_name": &schema.Schema{ Type: schema.TypeString, - Optional: true, - Computed: true, + Required: true, + ForceNew: true, }, "vpc_id": &schema.Schema{ From b3d7bb2b392c48f8d00068979b5cd4b485f4a87b Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Wed, 17 Jun 2015 16:45:14 -0500 Subject: [PATCH 05/10] fix go vet error --- builtin/providers/aws/resource_aws_flow_log.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/builtin/providers/aws/resource_aws_flow_log.go b/builtin/providers/aws/resource_aws_flow_log.go index 5e70ea48c..43e1bb25c 100644 --- a/builtin/providers/aws/resource_aws_flow_log.go +++ b/builtin/providers/aws/resource_aws_flow_log.go @@ -25,8 +25,8 @@ func resourceAwsFlowLog() *schema.Resource { "log_group_name": &schema.Schema{ Type: schema.TypeString, - Required: true, - ForceNew: true, + Required: true, + ForceNew: true, }, "vpc_id": &schema.Schema{ @@ -108,7 +108,7 @@ func resourceAwsLogFlowCreate(d *schema.ResourceData, meta interface{}) error { } if len(resp.FlowLogIDs) > 1 { - return fmt.Errorf("Error: multiple Flow Logs created for (%s), error: %s", resourceId) + return fmt.Errorf("Error: multiple Flow Logs created for (%s)", resourceId) } d.SetId(*resp.FlowLogIDs[0]) From 285a88b6643b8832b049567f5c9050fc2e69cd91 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Thu, 18 Jun 2015 08:28:38 -0500 Subject: [PATCH 06/10] code cleanups --- builtin/providers/aws/resource_aws_flow_log.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/builtin/providers/aws/resource_aws_flow_log.go b/builtin/providers/aws/resource_aws_flow_log.go index 43e1bb25c..e59ab8f27 100644 --- a/builtin/providers/aws/resource_aws_flow_log.go +++ b/builtin/providers/aws/resource_aws_flow_log.go @@ -5,8 +5,8 @@ import ( "log" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" "github.com/aws/aws-sdk-go/service/ec2" - "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" ) @@ -102,6 +102,9 @@ func resourceAwsLogFlowCreate(d *schema.ResourceData, meta interface{}) error { ResourceType: aws.String(resourceType), TrafficType: aws.String(d.Get("traffic_type").(string)), } + + log.Printf( + "[DEBUG] Flow Log Create configuration: %s", awsutil.StringValue(opts)) resp, err := conn.CreateFlowLogs(opts) if err != nil { return fmt.Errorf("Error creating Flow Log for (%s), error: %s", resourceId, err) @@ -149,6 +152,9 @@ func resourceAwsLogFlowRead(d *schema.ResourceData, meta interface{}) error { func resourceAwsLogFlowDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).ec2conn + + log.Printf( + "[DEBUG] Flow Log Destroy: %s", d.Id()) _, err := conn.DeleteFlowLogs(&ec2.DeleteFlowLogsInput{ FlowLogIDs: []*string{aws.String(d.Id())}, }) @@ -159,9 +165,3 @@ func resourceAwsLogFlowDelete(d *schema.ResourceData, meta interface{}) error { return nil } - -func flowLogStateRefreshFunc(conn *ec2.EC2, sn string) resource.StateRefreshFunc { - return func() (interface{}, string, error) { - return nil, "ok", nil - } -} From 0bf127a8057182f90518ddb1ae85895c1c0f4265 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Thu, 18 Jun 2015 08:35:45 -0500 Subject: [PATCH 07/10] update test; fix import, interpolate ENV var for log name --- builtin/providers/aws/resource_aws_flow_log_test.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/builtin/providers/aws/resource_aws_flow_log_test.go b/builtin/providers/aws/resource_aws_flow_log_test.go index 697d24539..b938a6fea 100644 --- a/builtin/providers/aws/resource_aws_flow_log_test.go +++ b/builtin/providers/aws/resource_aws_flow_log_test.go @@ -2,16 +2,18 @@ package aws import ( "fmt" + "os" "testing" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/ec2" - "github.com/hashicorp/aws-sdk-go/aws" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" ) func TestAccFlowLog_basic(t *testing.T) { var flowLog ec2.FlowLog + lgn := os.Getenv("LOG_GROUP_NAME") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -19,7 +21,7 @@ func TestAccFlowLog_basic(t *testing.T) { CheckDestroy: testAccCheckFlowLogDestroy, Steps: []resource.TestStep{ resource.TestStep{ - Config: testAccFlowLogConfig_basic, + Config: fmt.Sprintf(testAccFlowLogConfig_basic, lgn), Check: resource.ComposeTestCheckFunc( testAccCheckFlowLogExists("aws_flow_log.test_flow_log", &flowLog), testAccCheckAWSFlowLogAttributes(&flowLog), @@ -31,6 +33,7 @@ func TestAccFlowLog_basic(t *testing.T) { func TestAccFlowLog_subnet(t *testing.T) { var flowLog ec2.FlowLog + lgn := os.Getenv("LOG_GROUP_NAME") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -38,7 +41,7 @@ func TestAccFlowLog_subnet(t *testing.T) { CheckDestroy: testAccCheckFlowLogDestroy, Steps: []resource.TestStep{ resource.TestStep{ - Config: testAccFlowLogConfig_subnet, + Config: fmt.Sprintf(testAccFlowLogConfig_subnet, lgn), Check: resource.ComposeTestCheckFunc( testAccCheckFlowLogExists("aws_flow_log.test_flow_log_subnet", &flowLog), testAccCheckAWSFlowLogAttributes(&flowLog), @@ -152,7 +155,7 @@ resource "aws_flow_log" "test_flow_log" { resource "aws_flow_log" "test_flow_log_subnet" { # log_group_name needs to exist before hand # until we have a CloudWatch Log Group Resource - log_group_name = "tf-test-log-group" + log_group_name = "%s" iam_role_arn = "${aws_iam_role.test_role.arn}" subnet_id = "${aws_subnet.test_subnet.id}" traffic_type = "ALL" @@ -201,7 +204,7 @@ EOF resource "aws_flow_log" "test_flow_log_subnet" { # log_group_name needs to exist before hand # until we have a CloudWatch Log Group Resource - log_group_name = "tf-test-log-group" + log_group_name = "%s" iam_role_arn = "${aws_iam_role.test_role.arn}" subnet_id = "${aws_subnet.test_subnet.id}" traffic_type = "ALL" From d5f962b14b14d994ef57d3c21154a0b6caf269a4 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Mon, 22 Jun 2015 09:25:27 -0500 Subject: [PATCH 08/10] clean up extra indentation --- website/source/docs/providers/aws/r/flow_log.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/source/docs/providers/aws/r/flow_log.html.markdown b/website/source/docs/providers/aws/r/flow_log.html.markdown index fafc5bcc7..900020974 100644 --- a/website/source/docs/providers/aws/r/flow_log.html.markdown +++ b/website/source/docs/providers/aws/r/flow_log.html.markdown @@ -24,8 +24,8 @@ resource "aws_flow_log" "test_flow_log" { The following arguments are supported: -* `log_group_name` - (Required) The name of the CloudWatch log group -* `iam_role_arn` - (Required) The ARN for the IAM role that's used to post flow +* `log_group_name` - (Required) The name of the CloudWatch log group +* `iam_role_arn` - (Required) The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group * `vpc_id` - (Optional) VPC ID to attach to * `subnet_id` - (Optional) Subnet ID to attach to From 87c7f6337dd628eb98a7a3a3c45069c4d3c45818 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Mon, 22 Jun 2015 09:31:37 -0500 Subject: [PATCH 09/10] remove flow/deliver log status attributes --- builtin/providers/aws/resource_aws_flow_log.go | 12 ------------ .../docs/providers/aws/r/flow_log.html.markdown | 2 -- 2 files changed, 14 deletions(-) diff --git a/builtin/providers/aws/resource_aws_flow_log.go b/builtin/providers/aws/resource_aws_flow_log.go index e59ab8f27..39b3c7566 100644 --- a/builtin/providers/aws/resource_aws_flow_log.go +++ b/builtin/providers/aws/resource_aws_flow_log.go @@ -55,16 +55,6 @@ func resourceAwsFlowLog() *schema.Resource { Required: true, ForceNew: true, }, - - "flow_log_status": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - }, - - "deliver_log_status": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - }, }, } } @@ -144,8 +134,6 @@ func resourceAwsLogFlowRead(d *schema.ResourceData, meta interface{}) error { d.Set("traffic_type", fl.TrafficType) d.Set("log_group_name", fl.LogGroupName) d.Set("iam_role_arn", fl.DeliverLogsPermissionARN) - d.Set("flow_log_status", fl.FlowLogStatus) - d.Set("deliver_log_status", fl.DeliverLogsStatus) return nil } diff --git a/website/source/docs/providers/aws/r/flow_log.html.markdown b/website/source/docs/providers/aws/r/flow_log.html.markdown index 900020974..0858730f1 100644 --- a/website/source/docs/providers/aws/r/flow_log.html.markdown +++ b/website/source/docs/providers/aws/r/flow_log.html.markdown @@ -38,5 +38,3 @@ The following arguments are supported: The following attributes are exported: * `id` - The Flow Log ID -* `flow_log_status` - The status of the flow log (ex: `ACTIVE`) -* `deliver_log_status` - The status of the logs delivery (ex: `SUCCESS`, `FAILED`) From 8e23607b670005883fe3da6f0bd563fa1a07dd8f Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Mon, 22 Jun 2015 10:07:43 -0500 Subject: [PATCH 10/10] update docs to include IAM roles --- .../providers/aws/r/flow_log.html.markdown | 46 ++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/website/source/docs/providers/aws/r/flow_log.html.markdown b/website/source/docs/providers/aws/r/flow_log.html.markdown index 0858730f1..0de997c3d 100644 --- a/website/source/docs/providers/aws/r/flow_log.html.markdown +++ b/website/source/docs/providers/aws/r/flow_log.html.markdown @@ -13,11 +13,55 @@ interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group. ``` resource "aws_flow_log" "test_flow_log" { + # log_group_name needs to exist before hand + # until we have a CloudWatch Log Group Resource log_group_name = "tf-test-log-group" - iam_role_arn = "arn:aws:iam::470663696735:role/tf-test-cloud" + iam_role_arn = "${aws_iam_role.test_role.arn}" vpc_id = "${aws_vpc.default.id}" traffic_type = "ALL" } + +resource "aws_iam_role" "test_role" { + name = "test_role" + assume_role_policy = <