Merge pull request #11505 from ewbankkit/aws_vpc_peering_connection_accepter-resource
provider/aws: Add 'aws_vpc_peering_connection_accepter' resource
This commit is contained in:
commit
25d6507a7a
|
@ -400,20 +400,21 @@ func Provider() terraform.ResourceProvider {
|
||||||
"aws_vpc_dhcp_options_association": resourceAwsVpcDhcpOptionsAssociation(),
|
"aws_vpc_dhcp_options_association": resourceAwsVpcDhcpOptionsAssociation(),
|
||||||
"aws_vpc_dhcp_options": resourceAwsVpcDhcpOptions(),
|
"aws_vpc_dhcp_options": resourceAwsVpcDhcpOptions(),
|
||||||
"aws_vpc_peering_connection": resourceAwsVpcPeeringConnection(),
|
"aws_vpc_peering_connection": resourceAwsVpcPeeringConnection(),
|
||||||
"aws_vpc": resourceAwsVpc(),
|
"aws_vpc_peering_connection_accepter": resourceAwsVpcPeeringConnectionAccepter(),
|
||||||
"aws_vpc_endpoint": resourceAwsVpcEndpoint(),
|
"aws_vpc": resourceAwsVpc(),
|
||||||
"aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(),
|
"aws_vpc_endpoint": resourceAwsVpcEndpoint(),
|
||||||
"aws_vpn_connection": resourceAwsVpnConnection(),
|
"aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(),
|
||||||
"aws_vpn_connection_route": resourceAwsVpnConnectionRoute(),
|
"aws_vpn_connection": resourceAwsVpnConnection(),
|
||||||
"aws_vpn_gateway": resourceAwsVpnGateway(),
|
"aws_vpn_connection_route": resourceAwsVpnConnectionRoute(),
|
||||||
"aws_vpn_gateway_attachment": resourceAwsVpnGatewayAttachment(),
|
"aws_vpn_gateway": resourceAwsVpnGateway(),
|
||||||
"aws_waf_byte_match_set": resourceAwsWafByteMatchSet(),
|
"aws_vpn_gateway_attachment": resourceAwsVpnGatewayAttachment(),
|
||||||
"aws_waf_ipset": resourceAwsWafIPSet(),
|
"aws_waf_byte_match_set": resourceAwsWafByteMatchSet(),
|
||||||
"aws_waf_rule": resourceAwsWafRule(),
|
"aws_waf_ipset": resourceAwsWafIPSet(),
|
||||||
"aws_waf_size_constraint_set": resourceAwsWafSizeConstraintSet(),
|
"aws_waf_rule": resourceAwsWafRule(),
|
||||||
"aws_waf_web_acl": resourceAwsWafWebAcl(),
|
"aws_waf_size_constraint_set": resourceAwsWafSizeConstraintSet(),
|
||||||
"aws_waf_xss_match_set": resourceAwsWafXssMatchSet(),
|
"aws_waf_web_acl": resourceAwsWafWebAcl(),
|
||||||
"aws_waf_sql_injection_match_set": resourceAwsWafSqlInjectionMatchSet(),
|
"aws_waf_xss_match_set": resourceAwsWafXssMatchSet(),
|
||||||
|
"aws_waf_sql_injection_match_set": resourceAwsWafSqlInjectionMatchSet(),
|
||||||
},
|
},
|
||||||
ConfigureFunc: providerConfigure,
|
ConfigureFunc: providerConfigure,
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
package aws
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"log"
|
||||||
|
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
|
)
|
||||||
|
|
||||||
|
func resourceAwsVpcPeeringConnectionAccepter() *schema.Resource {
|
||||||
|
return &schema.Resource{
|
||||||
|
Create: resourceAwsVPCPeeringAccepterCreate,
|
||||||
|
Read: resourceAwsVPCPeeringRead,
|
||||||
|
Update: resourceAwsVPCPeeringUpdate,
|
||||||
|
Delete: resourceAwsVPCPeeringAccepterDelete,
|
||||||
|
|
||||||
|
Schema: map[string]*schema.Schema{
|
||||||
|
"vpc_peering_connection_id": &schema.Schema{
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Required: true,
|
||||||
|
ForceNew: true,
|
||||||
|
Computed: false,
|
||||||
|
},
|
||||||
|
"auto_accept": {
|
||||||
|
Type: schema.TypeBool,
|
||||||
|
Optional: true,
|
||||||
|
},
|
||||||
|
"accept_status": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
|
"vpc_id": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
|
"peer_vpc_id": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
|
"peer_owner_id": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
|
"accepter": vpcPeeringConnectionOptionsSchema(),
|
||||||
|
"requester": vpcPeeringConnectionOptionsSchema(),
|
||||||
|
"tags": tagsSchema(),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func resourceAwsVPCPeeringAccepterCreate(d *schema.ResourceData, meta interface{}) error {
|
||||||
|
id := d.Get("vpc_peering_connection_id").(string)
|
||||||
|
d.SetId(id)
|
||||||
|
|
||||||
|
if err := resourceAwsVPCPeeringRead(d, meta); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if d.Id() == "" {
|
||||||
|
return fmt.Errorf("VPC Peering Connection %q not found", id)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Ensure that this IS as cross-account VPC peering connection.
|
||||||
|
if d.Get("peer_owner_id").(string) == meta.(*AWSClient).accountid {
|
||||||
|
return errors.New("aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections")
|
||||||
|
}
|
||||||
|
|
||||||
|
return resourceAwsVPCPeeringUpdate(d, meta)
|
||||||
|
}
|
||||||
|
|
||||||
|
func resourceAwsVPCPeeringAccepterDelete(d *schema.ResourceData, meta interface{}) error {
|
||||||
|
log.Printf("[WARN] Will not delete VPC peering connection. Terraform will remove this resource from the state file, however resources may remain.")
|
||||||
|
d.SetId("")
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,78 @@
|
||||||
|
// make testacc TEST=./builtin/providers/aws/ TESTARGS='-run=TestAccAwsVPCPeeringConnectionAccepter_'
|
||||||
|
package aws
|
||||||
|
|
||||||
|
import (
|
||||||
|
"regexp"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/helper/resource"
|
||||||
|
"github.com/hashicorp/terraform/terraform"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestAccAwsVPCPeeringConnectionAccepter_sameAccount(t *testing.T) {
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccAwsVPCPeeringConnectionAccepterDestroy,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
resource.TestStep{
|
||||||
|
Config: testAccAwsVPCPeeringConnectionAccepterSameAccountConfig,
|
||||||
|
ExpectError: regexp.MustCompile(`aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections`),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func testAccAwsVPCPeeringConnectionAccepterDestroy(s *terraform.State) error {
|
||||||
|
// We don't destroy the underlying VPC Peering Connection.
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
const testAccAwsVPCPeeringConnectionAccepterSameAccountConfig = `
|
||||||
|
provider "aws" {
|
||||||
|
region = "us-west-2"
|
||||||
|
// Requester's credentials.
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "aws" {
|
||||||
|
alias = "peer"
|
||||||
|
region = "us-west-2"
|
||||||
|
// Accepter's credentials.
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_vpc" "main" {
|
||||||
|
cidr_block = "10.0.0.0/16"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_vpc" "peer" {
|
||||||
|
provider = "aws.peer"
|
||||||
|
cidr_block = "10.1.0.0/16"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "aws_caller_identity" "peer" {
|
||||||
|
provider = "aws.peer"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Requester's side of the connection.
|
||||||
|
resource "aws_vpc_peering_connection" "peer" {
|
||||||
|
vpc_id = "${aws_vpc.main.id}"
|
||||||
|
peer_vpc_id = "${aws_vpc.peer.id}"
|
||||||
|
peer_owner_id = "${data.aws_caller_identity.peer.account_id}"
|
||||||
|
auto_accept = false
|
||||||
|
|
||||||
|
tags {
|
||||||
|
Side = "Requester"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Accepter's side of the connection.
|
||||||
|
resource "aws_vpc_peering_connection_accepter" "peer" {
|
||||||
|
provider = "aws.peer"
|
||||||
|
vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
|
||||||
|
auto_accept = true
|
||||||
|
|
||||||
|
tags {
|
||||||
|
Side = "Accepter"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
`
|
|
@ -3,12 +3,16 @@ layout: "aws"
|
||||||
page_title: "AWS: aws_vpc_peering_connection"
|
page_title: "AWS: aws_vpc_peering_connection"
|
||||||
sidebar_current: "docs-aws-resource-vpc-peering"
|
sidebar_current: "docs-aws-resource-vpc-peering"
|
||||||
description: |-
|
description: |-
|
||||||
Provides an VPC Peering Connection resource.
|
Manage a VPC Peering Connection resource.
|
||||||
---
|
---
|
||||||
|
|
||||||
# aws\_vpc\_peering\_connection
|
# aws\_vpc\_peering\_connection
|
||||||
|
|
||||||
Provides an VPC Peering Connection resource.
|
Provides a resource to manage a VPC Peering Connection resource.
|
||||||
|
|
||||||
|
-> **Note:** For cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connections
|
||||||
|
use the `aws_vpc_peering_connection` resource to manage the requester's side of the connection and
|
||||||
|
use the `aws_vpc_peering_connection_accepter` resource to manage the accepter's side of the connection.
|
||||||
|
|
||||||
## Example Usage
|
## Example Usage
|
||||||
|
|
||||||
|
@ -112,9 +116,9 @@ The following attributes are exported:
|
||||||
|
|
||||||
AWS only supports VPC peering within the same AWS region.
|
AWS only supports VPC peering within the same AWS region.
|
||||||
|
|
||||||
If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute. You will still
|
If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute.
|
||||||
have to accept the VPC Peering Connection request manually using the AWS Management Console, AWS CLI,
|
The accepter can manage its side of the connection using the `aws_vpc_peering_connection_accepter` resource
|
||||||
through SDKs, etc.
|
or accept the connection manually using the AWS Management Console, AWS CLI, through SDKs, etc.
|
||||||
|
|
||||||
## Import
|
## Import
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,105 @@
|
||||||
|
---
|
||||||
|
layout: "aws"
|
||||||
|
page_title: "AWS: aws_vpc_peering_connection_accepter"
|
||||||
|
sidebar_current: "docs-aws-resource-vpc-peering-accepter"
|
||||||
|
description: |-
|
||||||
|
Manage the accepter's side of a cross-account VPC Peering Connection.
|
||||||
|
---
|
||||||
|
|
||||||
|
# aws\_vpc\_peering\_connection\_accepter
|
||||||
|
|
||||||
|
Provides a resource to manage the accepter's side of a cross-account VPC Peering Connection.
|
||||||
|
|
||||||
|
When a cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connection
|
||||||
|
is created, a VPC Peering Connection resource is automatically created in the accepter's account.
|
||||||
|
The requester can use the `aws_vpc_peering_connection` resource to manage its side of the connection
|
||||||
|
and the accepter can use the `aws_vpc_peering_connection_accepter` resource to "adopt" its side of the
|
||||||
|
connection into management.
|
||||||
|
|
||||||
|
## Example Usage
|
||||||
|
|
||||||
|
```
|
||||||
|
provider "aws" {
|
||||||
|
// Requester's credentials.
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "aws" {
|
||||||
|
alias = "peer"
|
||||||
|
// Accepter's credentials.
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_vpc" "main" {
|
||||||
|
cidr_block = "10.0.0.0/16"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_vpc" "peer" {
|
||||||
|
provider = "aws.peer"
|
||||||
|
cidr_block = "10.1.0.0/16"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "aws_caller_identity" "peer" {
|
||||||
|
provider = "aws.peer"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Requester's side of the connection.
|
||||||
|
resource "aws_vpc_peering_connection" "peer" {
|
||||||
|
vpc_id = "${aws_vpc.main.id}"
|
||||||
|
peer_vpc_id = "${aws_vpc.peer.id}"
|
||||||
|
peer_owner_id = "${data.aws_caller_identity.peer.account_id}"
|
||||||
|
auto_accept = false
|
||||||
|
|
||||||
|
tags {
|
||||||
|
Side = "Requester"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Accepter's side of the connection.
|
||||||
|
resource "aws_vpc_peering_connection_accepter" "peer" {
|
||||||
|
provider = "aws.peer"
|
||||||
|
vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
|
||||||
|
auto_accept = true
|
||||||
|
|
||||||
|
tags {
|
||||||
|
Side = "Accepter"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Argument Reference
|
||||||
|
|
||||||
|
The following arguments are supported:
|
||||||
|
|
||||||
|
* `vpc_peering_connection_id` - (Required) The VPC Peering Connection ID to manage.
|
||||||
|
* `auto_accept` - (Optional) Whether or not to accept the peering request. Defaults to `false`.
|
||||||
|
* `tags` - (Optional) A mapping of tags to assign to the resource.
|
||||||
|
|
||||||
|
### Removing `aws_vpc_peering_connection_accepter` from your configuration
|
||||||
|
|
||||||
|
AWS allows a cross-account VPC Peering Connection to be deleted from either the requester's or accepter's side.
|
||||||
|
However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side
|
||||||
|
by removing the corresponding `aws_vpc_peering_connection` resource from your configuration.
|
||||||
|
Removing a `aws_vpc_peering_connection_accepter` resource from your configuration will remove it
|
||||||
|
from your statefile and management, **but will not destroy the VPC Peering Connection.**
|
||||||
|
|
||||||
|
## Attributes Reference
|
||||||
|
|
||||||
|
All of the argument attributes except `auto_accept` are also exported as result attributes.
|
||||||
|
|
||||||
|
* `id` - The ID of the VPC Peering Connection.
|
||||||
|
* `accept_status` - The status of the VPC Peering Connection request.
|
||||||
|
* `vpc_id` - The ID of the accepter VPC.
|
||||||
|
* `peer_vpc_id` - The ID of the requester VPC.
|
||||||
|
* `peer_owner_id` - The AWS account ID of the owner of the requester VPC.
|
||||||
|
* `accepter` - A configuration block that describes [VPC Peering Connection]
|
||||||
|
(http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide) options set for the accepter VPC.
|
||||||
|
* `requester` - A configuration block that describes [VPC Peering Connection]
|
||||||
|
(http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide) options set for the requester VPC.
|
||||||
|
|
||||||
|
#### Accepter and Requester Attributes Reference
|
||||||
|
|
||||||
|
* `allow_remote_vpc_dns_resolution` - Indicates whether a local VPC can resolve public DNS hostnames to
|
||||||
|
private IP addresses when queried from instances in a peer VPC.
|
||||||
|
* `allow_classic_link_to_remote_vpc` - Indicates whether a local ClassicLink connection can communicate
|
||||||
|
with the peer VPC over the VPC Peering Connection.
|
||||||
|
* `allow_vpc_to_remote_classic_link` - Indicates whether a local VPC can communicate with a ClassicLink
|
||||||
|
connection in the peer VPC over the VPC Peering Connection.
|
|
@ -1244,6 +1244,10 @@
|
||||||
<a href="/docs/providers/aws/r/vpc_peering.html">aws_vpc_peering_connection</a>
|
<a href="/docs/providers/aws/r/vpc_peering.html">aws_vpc_peering_connection</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li<%= sidebar_current("docs-aws-resource-vpc-peering-accepter") %>>
|
||||||
|
<a href="/docs/providers/aws/r/vpc_peering_accepter.html">aws_vpc_peering_connection_accepter</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
<li<%= sidebar_current("docs-aws-resource-vpn-connection") %>>
|
<li<%= sidebar_current("docs-aws-resource-vpn-connection") %>>
|
||||||
<a href="/docs/providers/aws/r/vpn_connection.html">aws_vpn_connection</a>
|
<a href="/docs/providers/aws/r/vpn_connection.html">aws_vpn_connection</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
Loading…
Reference in New Issue