Merge pull request #11505 from ewbankkit/aws_vpc_peering_connection_accepter-resource

provider/aws: Add 'aws_vpc_peering_connection_accepter' resource
This commit is contained in:
Clint 2017-02-09 16:30:51 -06:00 committed by GitHub
commit 25d6507a7a
6 changed files with 287 additions and 19 deletions

View File

@ -400,20 +400,21 @@ func Provider() terraform.ResourceProvider {
"aws_vpc_dhcp_options_association": resourceAwsVpcDhcpOptionsAssociation(), "aws_vpc_dhcp_options_association": resourceAwsVpcDhcpOptionsAssociation(),
"aws_vpc_dhcp_options": resourceAwsVpcDhcpOptions(), "aws_vpc_dhcp_options": resourceAwsVpcDhcpOptions(),
"aws_vpc_peering_connection": resourceAwsVpcPeeringConnection(), "aws_vpc_peering_connection": resourceAwsVpcPeeringConnection(),
"aws_vpc": resourceAwsVpc(), "aws_vpc_peering_connection_accepter": resourceAwsVpcPeeringConnectionAccepter(),
"aws_vpc_endpoint": resourceAwsVpcEndpoint(), "aws_vpc": resourceAwsVpc(),
"aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(), "aws_vpc_endpoint": resourceAwsVpcEndpoint(),
"aws_vpn_connection": resourceAwsVpnConnection(), "aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(),
"aws_vpn_connection_route": resourceAwsVpnConnectionRoute(), "aws_vpn_connection": resourceAwsVpnConnection(),
"aws_vpn_gateway": resourceAwsVpnGateway(), "aws_vpn_connection_route": resourceAwsVpnConnectionRoute(),
"aws_vpn_gateway_attachment": resourceAwsVpnGatewayAttachment(), "aws_vpn_gateway": resourceAwsVpnGateway(),
"aws_waf_byte_match_set": resourceAwsWafByteMatchSet(), "aws_vpn_gateway_attachment": resourceAwsVpnGatewayAttachment(),
"aws_waf_ipset": resourceAwsWafIPSet(), "aws_waf_byte_match_set": resourceAwsWafByteMatchSet(),
"aws_waf_rule": resourceAwsWafRule(), "aws_waf_ipset": resourceAwsWafIPSet(),
"aws_waf_size_constraint_set": resourceAwsWafSizeConstraintSet(), "aws_waf_rule": resourceAwsWafRule(),
"aws_waf_web_acl": resourceAwsWafWebAcl(), "aws_waf_size_constraint_set": resourceAwsWafSizeConstraintSet(),
"aws_waf_xss_match_set": resourceAwsWafXssMatchSet(), "aws_waf_web_acl": resourceAwsWafWebAcl(),
"aws_waf_sql_injection_match_set": resourceAwsWafSqlInjectionMatchSet(), "aws_waf_xss_match_set": resourceAwsWafXssMatchSet(),
"aws_waf_sql_injection_match_set": resourceAwsWafSqlInjectionMatchSet(),
}, },
ConfigureFunc: providerConfigure, ConfigureFunc: providerConfigure,
} }

View File

@ -0,0 +1,76 @@
package aws
import (
"errors"
"log"
"fmt"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAwsVpcPeeringConnectionAccepter() *schema.Resource {
return &schema.Resource{
Create: resourceAwsVPCPeeringAccepterCreate,
Read: resourceAwsVPCPeeringRead,
Update: resourceAwsVPCPeeringUpdate,
Delete: resourceAwsVPCPeeringAccepterDelete,
Schema: map[string]*schema.Schema{
"vpc_peering_connection_id": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
Computed: false,
},
"auto_accept": {
Type: schema.TypeBool,
Optional: true,
},
"accept_status": {
Type: schema.TypeString,
Computed: true,
},
"vpc_id": {
Type: schema.TypeString,
Computed: true,
},
"peer_vpc_id": {
Type: schema.TypeString,
Computed: true,
},
"peer_owner_id": {
Type: schema.TypeString,
Computed: true,
},
"accepter": vpcPeeringConnectionOptionsSchema(),
"requester": vpcPeeringConnectionOptionsSchema(),
"tags": tagsSchema(),
},
}
}
func resourceAwsVPCPeeringAccepterCreate(d *schema.ResourceData, meta interface{}) error {
id := d.Get("vpc_peering_connection_id").(string)
d.SetId(id)
if err := resourceAwsVPCPeeringRead(d, meta); err != nil {
return err
}
if d.Id() == "" {
return fmt.Errorf("VPC Peering Connection %q not found", id)
}
// Ensure that this IS as cross-account VPC peering connection.
if d.Get("peer_owner_id").(string) == meta.(*AWSClient).accountid {
return errors.New("aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections")
}
return resourceAwsVPCPeeringUpdate(d, meta)
}
func resourceAwsVPCPeeringAccepterDelete(d *schema.ResourceData, meta interface{}) error {
log.Printf("[WARN] Will not delete VPC peering connection. Terraform will remove this resource from the state file, however resources may remain.")
d.SetId("")
return nil
}

View File

@ -0,0 +1,78 @@
// make testacc TEST=./builtin/providers/aws/ TESTARGS='-run=TestAccAwsVPCPeeringConnectionAccepter_'
package aws
import (
"regexp"
"testing"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAwsVPCPeeringConnectionAccepter_sameAccount(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccAwsVPCPeeringConnectionAccepterDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAwsVPCPeeringConnectionAccepterSameAccountConfig,
ExpectError: regexp.MustCompile(`aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections`),
},
},
})
}
func testAccAwsVPCPeeringConnectionAccepterDestroy(s *terraform.State) error {
// We don't destroy the underlying VPC Peering Connection.
return nil
}
const testAccAwsVPCPeeringConnectionAccepterSameAccountConfig = `
provider "aws" {
region = "us-west-2"
// Requester's credentials.
}
provider "aws" {
alias = "peer"
region = "us-west-2"
// Accepter's credentials.
}
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_vpc" "peer" {
provider = "aws.peer"
cidr_block = "10.1.0.0/16"
}
data "aws_caller_identity" "peer" {
provider = "aws.peer"
}
// Requester's side of the connection.
resource "aws_vpc_peering_connection" "peer" {
vpc_id = "${aws_vpc.main.id}"
peer_vpc_id = "${aws_vpc.peer.id}"
peer_owner_id = "${data.aws_caller_identity.peer.account_id}"
auto_accept = false
tags {
Side = "Requester"
}
}
// Accepter's side of the connection.
resource "aws_vpc_peering_connection_accepter" "peer" {
provider = "aws.peer"
vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
auto_accept = true
tags {
Side = "Accepter"
}
}
`

View File

@ -3,12 +3,16 @@ layout: "aws"
page_title: "AWS: aws_vpc_peering_connection" page_title: "AWS: aws_vpc_peering_connection"
sidebar_current: "docs-aws-resource-vpc-peering" sidebar_current: "docs-aws-resource-vpc-peering"
description: |- description: |-
Provides an VPC Peering Connection resource. Manage a VPC Peering Connection resource.
--- ---
# aws\_vpc\_peering\_connection # aws\_vpc\_peering\_connection
Provides an VPC Peering Connection resource. Provides a resource to manage a VPC Peering Connection resource.
-> **Note:** For cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connections
use the `aws_vpc_peering_connection` resource to manage the requester's side of the connection and
use the `aws_vpc_peering_connection_accepter` resource to manage the accepter's side of the connection.
## Example Usage ## Example Usage
@ -112,9 +116,9 @@ The following attributes are exported:
AWS only supports VPC peering within the same AWS region. AWS only supports VPC peering within the same AWS region.
If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute. You will still If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute.
have to accept the VPC Peering Connection request manually using the AWS Management Console, AWS CLI, The accepter can manage its side of the connection using the `aws_vpc_peering_connection_accepter` resource
through SDKs, etc. or accept the connection manually using the AWS Management Console, AWS CLI, through SDKs, etc.
## Import ## Import

View File

@ -0,0 +1,105 @@
---
layout: "aws"
page_title: "AWS: aws_vpc_peering_connection_accepter"
sidebar_current: "docs-aws-resource-vpc-peering-accepter"
description: |-
Manage the accepter's side of a cross-account VPC Peering Connection.
---
# aws\_vpc\_peering\_connection\_accepter
Provides a resource to manage the accepter's side of a cross-account VPC Peering Connection.
When a cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connection
is created, a VPC Peering Connection resource is automatically created in the accepter's account.
The requester can use the `aws_vpc_peering_connection` resource to manage its side of the connection
and the accepter can use the `aws_vpc_peering_connection_accepter` resource to "adopt" its side of the
connection into management.
## Example Usage
```
provider "aws" {
// Requester's credentials.
}
provider "aws" {
alias = "peer"
// Accepter's credentials.
}
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_vpc" "peer" {
provider = "aws.peer"
cidr_block = "10.1.0.0/16"
}
data "aws_caller_identity" "peer" {
provider = "aws.peer"
}
// Requester's side of the connection.
resource "aws_vpc_peering_connection" "peer" {
vpc_id = "${aws_vpc.main.id}"
peer_vpc_id = "${aws_vpc.peer.id}"
peer_owner_id = "${data.aws_caller_identity.peer.account_id}"
auto_accept = false
tags {
Side = "Requester"
}
}
// Accepter's side of the connection.
resource "aws_vpc_peering_connection_accepter" "peer" {
provider = "aws.peer"
vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
auto_accept = true
tags {
Side = "Accepter"
}
}
```
## Argument Reference
The following arguments are supported:
* `vpc_peering_connection_id` - (Required) The VPC Peering Connection ID to manage.
* `auto_accept` - (Optional) Whether or not to accept the peering request. Defaults to `false`.
* `tags` - (Optional) A mapping of tags to assign to the resource.
### Removing `aws_vpc_peering_connection_accepter` from your configuration
AWS allows a cross-account VPC Peering Connection to be deleted from either the requester's or accepter's side.
However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side
by removing the corresponding `aws_vpc_peering_connection` resource from your configuration.
Removing a `aws_vpc_peering_connection_accepter` resource from your configuration will remove it
from your statefile and management, **but will not destroy the VPC Peering Connection.**
## Attributes Reference
All of the argument attributes except `auto_accept` are also exported as result attributes.
* `id` - The ID of the VPC Peering Connection.
* `accept_status` - The status of the VPC Peering Connection request.
* `vpc_id` - The ID of the accepter VPC.
* `peer_vpc_id` - The ID of the requester VPC.
* `peer_owner_id` - The AWS account ID of the owner of the requester VPC.
* `accepter` - A configuration block that describes [VPC Peering Connection]
(http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide) options set for the accepter VPC.
* `requester` - A configuration block that describes [VPC Peering Connection]
(http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide) options set for the requester VPC.
#### Accepter and Requester Attributes Reference
* `allow_remote_vpc_dns_resolution` - Indicates whether a local VPC can resolve public DNS hostnames to
private IP addresses when queried from instances in a peer VPC.
* `allow_classic_link_to_remote_vpc` - Indicates whether a local ClassicLink connection can communicate
with the peer VPC over the VPC Peering Connection.
* `allow_vpc_to_remote_classic_link` - Indicates whether a local VPC can communicate with a ClassicLink
connection in the peer VPC over the VPC Peering Connection.

View File

@ -1244,6 +1244,10 @@
<a href="/docs/providers/aws/r/vpc_peering.html">aws_vpc_peering_connection</a> <a href="/docs/providers/aws/r/vpc_peering.html">aws_vpc_peering_connection</a>
</li> </li>
<li<%= sidebar_current("docs-aws-resource-vpc-peering-accepter") %>>
<a href="/docs/providers/aws/r/vpc_peering_accepter.html">aws_vpc_peering_connection_accepter</a>
</li>
<li<%= sidebar_current("docs-aws-resource-vpn-connection") %>> <li<%= sidebar_current("docs-aws-resource-vpn-connection") %>>
<a href="/docs/providers/aws/r/vpn_connection.html">aws_vpn_connection</a> <a href="/docs/providers/aws/r/vpn_connection.html">aws_vpn_connection</a>
</li> </li>