Add ability to set peering options in aws_vpc_peering_connection. (#8310)

This commit adds two optional blocks called "accepter" and "requester" to the resource allowing for setting desired VPC Peering Connection options for VPCs that participate in the VPC peering. Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-19 19:19:49 +09:00 · 2016-08-19 19:19:49 +09:00 · 5df0b08e86
parent 73f0c47915
commit 5df0b08e86
3 changed files with 375 additions and 58 deletions
--- a/builtin/providers/aws/resource_aws_vpc_peering_connection.go
+++ b/builtin/providers/aws/resource_aws_vpc_peering_connection.go
@ -47,7 +47,9 @@ func resourceAwsVpcPeeringConnection() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"tags": tagsSchema(),
+			"accepter":  vpcPeeringConnectionOptionsSchema(),
+			"requester": vpcPeeringConnectionOptionsSchema(),
+			"tags":      tagsSchema(),
 		},
 	}
 }
@ -61,7 +63,8 @@ func resourceAwsVPCPeeringCreate(d *schema.ResourceData, meta interface{}) error
 		PeerVpcId:   aws.String(d.Get("peer_vpc_id").(string)),
 		VpcId:       aws.String(d.Get("vpc_id").(string)),
 	}
-	log.Printf("[DEBUG] VPCPeeringCreate create config: %#v", createOpts)
+	log.Printf("[DEBUG] VPC Peering Create options: %#v", createOpts)
+
 	resp, err := conn.CreateVpcPeeringConnection(createOpts)
 	if err != nil {
 		return fmt.Errorf("Error creating vpc peering connection: %s", err)
@ -73,9 +76,7 @@ func resourceAwsVPCPeeringCreate(d *schema.ResourceData, meta interface{}) error
 	log.Printf("[INFO] VPC Peering Connection ID: %s", d.Id())

 	// Wait for the vpc peering connection to become available
-	log.Printf(
-		"[DEBUG] Waiting for vpc peering connection (%s) to become available",
-		d.Id())
+	log.Printf("[DEBUG] Waiting for VPC Peering Connection (%s) to become available.", d.Id())
 	stateConf := &resource.StateChangeConf{
 		Pending: []string{"pending"},
 		Target:  []string{"pending-acceptance"},
@ -84,7 +85,7 @@ func resourceAwsVPCPeeringCreate(d *schema.ResourceData, meta interface{}) error
 	}
 	if _, err := stateConf.WaitForState(); err != nil {
 		return fmt.Errorf(
-			"Error waiting for vpc peering (%s) to become available: %s",
+			"Error waiting for VPC Peering Connection (%s) to become available: %s",
 			d.Id(), err)
 	}

@ -97,6 +98,7 @@ func resourceAwsVPCPeeringRead(d *schema.ResourceData, meta interface{}) error {
 	if err != nil {
 		return err
 	}
+
 	if pcRaw == nil {
 		d.SetId("")
 		return nil
@ -108,25 +110,46 @@ func resourceAwsVPCPeeringRead(d *schema.ResourceData, meta interface{}) error {
 	// connection is gone. Destruction isn't allowed, and it eventually
 	// just "falls off" the console. See GH-2322
 	if pc.Status != nil {
-		if *pc.Status.Code == "failed" || *pc.Status.Code == "deleted" || *pc.Status.Code == "rejected" || *pc.Status.Code == "deleting" || *pc.Status.Code == "expired" {
-			log.Printf("[DEBUG] VPC Peering Connect (%s) in state (%s), removing", d.Id(), *pc.Status.Code)
+		status := map[string]bool{
+			"deleted":  true,
+			"deleting": true,
+			"expired":  true,
+			"failed":   true,
+			"rejected": true,
+		}
+		if _, ok := status[*pc.Status.Code]; ok {
+			log.Printf("[DEBUG] VPC Peering Connection (%s) in state (%s), removing.",
+				d.Id(), *pc.Status.Code)
 			d.SetId("")
 			return nil
 		}
 	}

 	d.Set("accept_status", *pc.Status.Code)
-	d.Set("peer_owner_id", pc.AccepterVpcInfo.OwnerId)
-	d.Set("peer_vpc_id", pc.AccepterVpcInfo.VpcId)
-	d.Set("vpc_id", pc.RequesterVpcInfo.VpcId)
-	d.Set("tags", tagsToMap(pc.Tags))
+	d.Set("peer_owner_id", *pc.AccepterVpcInfo.OwnerId)
+	d.Set("peer_vpc_id", *pc.AccepterVpcInfo.VpcId)
+	d.Set("vpc_id", *pc.RequesterVpcInfo.VpcId)
+
+	err = d.Set("accepter", flattenPeeringOptions(pc.AccepterVpcInfo.PeeringOptions))
+	if err != nil {
+		return err
+	}
+
+	err = d.Set("requester", flattenPeeringOptions(pc.RequesterVpcInfo.PeeringOptions))
+	if err != nil {
+		return err
+	}
+
+	err = d.Set("tags", tagsToMap(pc.Tags))
+	if err != nil {
+		return err
+	}

 	return nil
 }

 func resourceVPCPeeringConnectionAccept(conn *ec2.EC2, id string) (string, error) {
-
-	log.Printf("[INFO] Accept VPC Peering Connection with id: %s", id)
+	log.Printf("[INFO] Accept VPC Peering Connection with ID: %s", id)

 	req := &ec2.AcceptVpcPeeringConnectionInput{
 		VpcPeeringConnectionId: aws.String(id),
@ -137,7 +160,37 @@ func resourceVPCPeeringConnectionAccept(conn *ec2.EC2, id string) (string, error
 		return "", err
 	}
 	pc := resp.VpcPeeringConnection
-	return *pc.Status.Code, err
+
+	return *pc.Status.Code, nil
+}
+
+func resourceVPCPeeringConnectionOptionsModify(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).ec2conn
+
+	modifyOpts := &ec2.ModifyVpcPeeringConnectionOptionsInput{
+		VpcPeeringConnectionId: aws.String(d.Id()),
+	}
+
+	if v, ok := d.GetOk("accepter"); ok {
+		if s := v.([]interface{}); len(s) > 0 {
+			modifyOpts.AccepterPeeringConnectionOptions = expandPeeringOptions(
+				s[0].(map[string]interface{}))
+		}
+	}
+
+	if v, ok := d.GetOk("requester"); ok {
+		if s := v.([]interface{}); len(s) > 0 {
+			modifyOpts.RequesterPeeringConnectionOptions = expandPeeringOptions(
+				s[0].(map[string]interface{}))
+		}
+	}
+
+	log.Printf("[DEBUG] VPC Peering Connection modify options: %#v", modifyOpts)
+	if _, err := conn.ModifyVpcPeeringConnectionOptions(modifyOpts); err != nil {
+		return err
+	}
+
+	return nil
 }

 func resourceAwsVPCPeeringUpdate(d *schema.ResourceData, meta interface{}) error {
@ -151,10 +204,10 @@ func resourceAwsVPCPeeringUpdate(d *schema.ResourceData, meta interface{}) error

 	if _, ok := d.GetOk("auto_accept"); ok {
 		pcRaw, _, err := resourceAwsVPCPeeringConnectionStateRefreshFunc(conn, d.Id())()
-
 		if err != nil {
 			return err
 		}
+
 		if pcRaw == nil {
 			d.SetId("")
 			return nil
@ -166,9 +219,13 @@ func resourceAwsVPCPeeringUpdate(d *schema.ResourceData, meta interface{}) error
 			if err != nil {
 				return err
 			}
-			log.Printf(
-				"[DEBUG] VPC Peering connection accept status: %s",
-				status)
+			log.Printf("[DEBUG] VPC Peering Connection accept status: %s", status)
+		}
+	}
+
+	if d.HasChange("accepter") || d.HasChange("requester") {
+		if err := resourceVPCPeeringConnectionOptionsModify(d, meta); err != nil {
+			return err
 		}
 	}

@ -182,6 +239,7 @@ func resourceAwsVPCPeeringDelete(d *schema.ResourceData, meta interface{}) error
 		&ec2.DeleteVpcPeeringConnectionInput{
 			VpcPeeringConnectionId: aws.String(d.Id()),
 		})
+
 	return err
 }

@ -213,3 +271,49 @@ func resourceAwsVPCPeeringConnectionStateRefreshFunc(conn *ec2.EC2, id string) r
 		return pc, *pc.Status.Code, nil
 	}
 }
+
+func vpcPeeringConnectionOptionsSchema() *schema.Schema {
+	return &schema.Schema{
+		Type:     schema.TypeList,
+		Optional: true,
+		Computed: true,
+		MaxItems: 1,
+		Elem: &schema.Resource{
+			Schema: map[string]*schema.Schema{
+				"allow_remote_vpc_dns_resolution": &schema.Schema{
+					Type:     schema.TypeBool,
+					Optional: true,
+					Computed: true,
+				},
+				"allow_classic_link_to_remote_vpc": &schema.Schema{
+					Type:     schema.TypeBool,
+					Optional: true,
+					Computed: true,
+				},
+				"allow_vpc_to_remote_classic_link": &schema.Schema{
+					Type:     schema.TypeBool,
+					Optional: true,
+					Computed: true,
+				},
+			},
+		},
+	}
+}
+
+func flattenPeeringOptions(options *ec2.VpcPeeringConnectionOptionsDescription) (results []map[string]interface{}) {
+	m := map[string]interface{}{
+		"allow_remote_vpc_dns_resolution":  *options.AllowDnsResolutionFromRemoteVpc,
+		"allow_classic_link_to_remote_vpc": *options.AllowEgressFromLocalClassicLinkToRemoteVpc,
+		"allow_vpc_to_remote_classic_link": *options.AllowEgressFromLocalVpcToRemoteClassicLink,
+	}
+	results = append(results, m)
+	return
+}
+
+func expandPeeringOptions(m map[string]interface{}) *ec2.PeeringConnectionOptionsRequest {
+	return &ec2.PeeringConnectionOptionsRequest{
+		AllowDnsResolutionFromRemoteVpc:            aws.Bool(m["allow_remote_vpc_dns_resolution"].(bool)),
+		AllowEgressFromLocalClassicLinkToRemoteVpc: aws.Bool(m["allow_classic_link_to_remote_vpc"].(bool)),
+		AllowEgressFromLocalVpcToRemoteClassicLink: aws.Bool(m["allow_vpc_to_remote_classic_link"].(bool)),
+	}
+}
--- a/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go
+++ b/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go
@ -4,6 +4,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"reflect"
 	"testing"

 	"github.com/aws/aws-sdk-go/aws"
@ -19,7 +20,7 @@ func TestAccAWSVPCPeeringConnection_basic(t *testing.T) {
 		PreCheck: func() {
 			testAccPreCheck(t)
 			if os.Getenv("AWS_ACCOUNT_ID") == "" {
-				t.Fatal("AWS_ACCOUNT_ID must be set")
+				t.Fatal("AWS_ACCOUNT_ID must be set.")
 			}
 		},

@ -32,7 +33,9 @@ func TestAccAWSVPCPeeringConnection_basic(t *testing.T) {
 			resource.TestStep{
 				Config: testAccVpcPeeringConfig,
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSVpcPeeringConnectionExists("aws_vpc_peering_connection.foo", &connection),
+					testAccCheckAWSVpcPeeringConnectionExists(
+						"aws_vpc_peering_connection.foo",
+						&connection),
 				),
 			},
 		},
@ -45,7 +48,7 @@ func TestAccAWSVPCPeeringConnection_plan(t *testing.T) {
 	// reach out and DELETE the VPC Peering connection outside of Terraform
 	testDestroy := func(*terraform.State) error {
 		conn := testAccProvider.Meta().(*AWSClient).ec2conn
-		log.Printf("[DEBUG] Test deleting VPC Peering connection")
+		log.Printf("[DEBUG] Test deleting the VPC Peering Connection.")
 		_, err := conn.DeleteVpcPeeringConnection(
 			&ec2.DeleteVpcPeeringConnectionInput{
 				VpcPeeringConnectionId: connection.VpcPeeringConnectionId,
@ -60,7 +63,7 @@ func TestAccAWSVPCPeeringConnection_plan(t *testing.T) {
 		PreCheck: func() {
 			testAccPreCheck(t)
 			if os.Getenv("AWS_ACCOUNT_ID") == "" {
-				t.Fatal("AWS_ACCOUNT_ID must be set")
+				t.Fatal("AWS_ACCOUNT_ID must be set.")
 			}
 		},
 		Providers:    testAccProviders,
@ -69,7 +72,9 @@ func TestAccAWSVPCPeeringConnection_plan(t *testing.T) {
 			resource.TestStep{
 				Config: testAccVpcPeeringConfig,
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSVpcPeeringConnectionExists("aws_vpc_peering_connection.foo", &connection),
+					testAccCheckAWSVpcPeeringConnectionExists(
+						"aws_vpc_peering_connection.foo",
+						&connection),
 					testDestroy,
 				),
 				ExpectNonEmptyPlan: true,
@ -82,7 +87,7 @@ func TestAccAWSVPCPeeringConnection_tags(t *testing.T) {
 	var connection ec2.VpcPeeringConnection
 	peerId := os.Getenv("TF_PEER_ID")
 	if peerId == "" {
-		t.Skip("Error: TestAccAWSVPCPeeringConnection_tags requires a peer id to be set")
+		t.Skip("Error: TestAccAWSVPCPeeringConnection_tags requires a peer ID to be set.")
 	}

 	resource.Test(t, resource.TestCase{
@ -97,7 +102,9 @@ func TestAccAWSVPCPeeringConnection_tags(t *testing.T) {
 			resource.TestStep{
 				Config: fmt.Sprintf(testAccVpcPeeringConfigTags, peerId),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSVpcPeeringConnectionExists("aws_vpc_peering_connection.foo", &connection),
+					testAccCheckAWSVpcPeeringConnectionExists(
+						"aws_vpc_peering_connection.foo",
+						&connection),
 					testAccCheckTags(&connection.Tags, "foo", "bar"),
 				),
 			},
@ -105,6 +112,106 @@ func TestAccAWSVPCPeeringConnection_tags(t *testing.T) {
 	})
 }

+func TestAccAWSVPCPeeringConnection_options(t *testing.T) {
+	var connection ec2.VpcPeeringConnection
+
+	testAccepterChange := func(*terraform.State) error {
+		conn := testAccProvider.Meta().(*AWSClient).ec2conn
+		log.Printf("[DEBUG] Test change to the VPC Peering Connection Options.")
+
+		_, err := conn.ModifyVpcPeeringConnectionOptions(
+			&ec2.ModifyVpcPeeringConnectionOptionsInput{
+				VpcPeeringConnectionId: connection.VpcPeeringConnectionId,
+				AccepterPeeringConnectionOptions: &ec2.PeeringConnectionOptionsRequest{
+					AllowDnsResolutionFromRemoteVpc: aws.Bool(false),
+				},
+			})
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			if os.Getenv("AWS_ACCOUNT_ID") == "" {
+				t.Fatal("AWS_ACCOUNT_ID must be set")
+			}
+		},
+
+		IDRefreshName:   "aws_vpc_peering_connection.foo",
+		IDRefreshIgnore: []string{"auto_accept"},
+
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSVpcPeeringConnectionDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccVpcPeeringConfigOptions,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSVpcPeeringConnectionExists(
+						"aws_vpc_peering_connection.foo",
+						&connection),
+					resource.TestCheckResourceAttr(
+						"aws_vpc_peering_connection.foo",
+						"accepter.#", "1"),
+					resource.TestCheckResourceAttr(
+						"aws_vpc_peering_connection.foo",
+						"accepter.0.allow_remote_vpc_dns_resolution", "true"),
+					testAccCheckAWSVpcPeeringConnectionOptions(
+						"aws_vpc_peering_connection.foo", "accepter",
+						&ec2.VpcPeeringConnectionOptionsDescription{
+							AllowDnsResolutionFromRemoteVpc:            aws.Bool(true),
+							AllowEgressFromLocalClassicLinkToRemoteVpc: aws.Bool(false),
+							AllowEgressFromLocalVpcToRemoteClassicLink: aws.Bool(false),
+						}),
+					resource.TestCheckResourceAttr(
+						"aws_vpc_peering_connection.foo",
+						"requester.#", "1"),
+					resource.TestCheckResourceAttr(
+						"aws_vpc_peering_connection.foo",
+						"requester.0.allow_classic_link_to_remote_vpc", "true"),
+					resource.TestCheckResourceAttr(
+						"aws_vpc_peering_connection.foo",
+						"requester.0.allow_vpc_to_remote_classic_link", "true"),
+					testAccCheckAWSVpcPeeringConnectionOptions(
+						"aws_vpc_peering_connection.foo", "requester",
+						&ec2.VpcPeeringConnectionOptionsDescription{
+							AllowDnsResolutionFromRemoteVpc:            aws.Bool(false),
+							AllowEgressFromLocalClassicLinkToRemoteVpc: aws.Bool(true),
+							AllowEgressFromLocalVpcToRemoteClassicLink: aws.Bool(true),
+						},
+					),
+					testAccepterChange,
+				),
+				ExpectNonEmptyPlan: true,
+			},
+			resource.TestStep{
+				Config: testAccVpcPeeringConfigOptions,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSVpcPeeringConnectionExists(
+						"aws_vpc_peering_connection.foo",
+						&connection),
+					resource.TestCheckResourceAttr(
+						"aws_vpc_peering_connection.foo",
+						"accepter.#", "1"),
+					resource.TestCheckResourceAttr(
+						"aws_vpc_peering_connection.foo",
+						"accepter.0.allow_remote_vpc_dns_resolution", "true"),
+					testAccCheckAWSVpcPeeringConnectionOptions(
+						"aws_vpc_peering_connection.foo", "accepter",
+						&ec2.VpcPeeringConnectionOptionsDescription{
+							AllowDnsResolutionFromRemoteVpc:            aws.Bool(true),
+							AllowEgressFromLocalClassicLinkToRemoteVpc: aws.Bool(false),
+							AllowEgressFromLocalVpcToRemoteClassicLink: aws.Bool(false),
+						},
+					),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSVpcPeeringConnectionDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).ec2conn

@ -138,12 +245,12 @@ func testAccCheckAWSVpcPeeringConnectionDestroy(s *terraform.State) error {
 			if *pc.Status.Code == "deleted" {
 				return nil
 			}
-			return fmt.Errorf("Found vpc peering connection in unexpected state: %s", pc)
+			return fmt.Errorf("Found the VPC Peering Connection in an unexpected state: %s", pc)
 		}

 		// return error here; we've found the vpc_peering object we want, however
 		// it's not in an expected state
-		return fmt.Errorf("Fall through error for testAccCheckAWSVpcPeeringConnectionDestroy")
+		return fmt.Errorf("Fall through error for testAccCheckAWSVpcPeeringConnectionDestroy.")
 	}

 	return nil
@ -157,7 +264,7 @@ func testAccCheckAWSVpcPeeringConnectionExists(n string, connection *ec2.VpcPeer
 		}

 		if rs.Primary.ID == "" {
-			return fmt.Errorf("No vpc peering connection id is set")
+			return fmt.Errorf("No VPC Peering Connection ID is set.")
 		}

 		conn := testAccProvider.Meta().(*AWSClient).ec2conn
@ -169,7 +276,7 @@ func testAccCheckAWSVpcPeeringConnectionExists(n string, connection *ec2.VpcPeer
 			return err
 		}
 		if len(resp.VpcPeeringConnections) == 0 {
-			return fmt.Errorf("VPC peering connection not found")
+			return fmt.Errorf("VPC Peering Connection could not be found.")
 		}

 		*connection = *resp.VpcPeeringConnections[0]
@ -178,43 +285,105 @@ func testAccCheckAWSVpcPeeringConnectionExists(n string, connection *ec2.VpcPeer
 	}
 }

+func testAccCheckAWSVpcPeeringConnectionOptions(n, block string, options *ec2.VpcPeeringConnectionOptionsDescription) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No VPC Peering Connection ID is set.")
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).ec2conn
+		resp, err := conn.DescribeVpcPeeringConnections(
+			&ec2.DescribeVpcPeeringConnectionsInput{
+				VpcPeeringConnectionIds: []*string{aws.String(rs.Primary.ID)},
+			})
+		if err != nil {
+			return err
+		}
+
+		pc := resp.VpcPeeringConnections[0]
+
+		o := pc.AccepterVpcInfo
+		if block == "requester" {
+			o = pc.RequesterVpcInfo
+		}
+
+		if !reflect.DeepEqual(o.PeeringOptions, options) {
+			return fmt.Errorf("Expected the VPC Peering Connection Options to be %#v, got %#v",
+				options, o.PeeringOptions)
+		}
+
+		return nil
+	}
+}
+
 const testAccVpcPeeringConfig = `
 resource "aws_vpc" "foo" {
-		cidr_block = "10.0.0.0/16"
-		tags {
-			Name = "TestAccAWSVPCPeeringConnection_basic"
-		}
+	cidr_block = "10.0.0.0/16"
+	tags {
+		Name = "TestAccAWSVPCPeeringConnection_basic"
+	}
 }

 resource "aws_vpc" "bar" {
-		cidr_block = "10.1.0.0/16"
+	cidr_block = "10.1.0.0/16"
 }

 resource "aws_vpc_peering_connection" "foo" {
-		vpc_id = "${aws_vpc.foo.id}"
-		peer_vpc_id = "${aws_vpc.bar.id}"
-		auto_accept = true
+	vpc_id = "${aws_vpc.foo.id}"
+	peer_vpc_id = "${aws_vpc.bar.id}"
+	auto_accept = true
 }
 `

 const testAccVpcPeeringConfigTags = `
 resource "aws_vpc" "foo" {
-		cidr_block = "10.0.0.0/16"
-		tags {
-			Name = "TestAccAWSVPCPeeringConnection_tags"
-		}
+	cidr_block = "10.0.0.0/16"
+	tags {
+		Name = "TestAccAWSVPCPeeringConnection_tags"
+	}
 }

 resource "aws_vpc" "bar" {
-		cidr_block = "10.1.0.0/16"
+	cidr_block = "10.1.0.0/16"
 }

 resource "aws_vpc_peering_connection" "foo" {
-		vpc_id = "${aws_vpc.foo.id}"
-		peer_vpc_id = "${aws_vpc.bar.id}"
-		peer_owner_id = "%s"
-		tags {
-			foo = "bar"
-		}
+	vpc_id = "${aws_vpc.foo.id}"
+	peer_vpc_id = "${aws_vpc.bar.id}"
+	peer_owner_id = "%s"
+	tags {
+		foo = "bar"
+	}
+}
+`
+
+const testAccVpcPeeringConfigOptions = `
+resource "aws_vpc" "foo" {
+	cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_vpc" "bar" {
+	cidr_block = "10.1.0.0/16"
+	enable_dns_hostnames = true
+}
+
+resource "aws_vpc_peering_connection" "foo" {
+	vpc_id = "${aws_vpc.foo.id}"
+	peer_vpc_id = "${aws_vpc.bar.id}"
+	auto_accept = true
+
+	accepter {
+		allow_remote_vpc_dns_resolution = true
+	}
+
+	requester {
+		allow_vpc_to_remote_classic_link = true
+		allow_classic_link_to_remote_vpc = true
+	}
 }
 `
--- a/website/source/docs/providers/aws/r/vpc_peering.html.markdown
+++ b/website/source/docs/providers/aws/r/vpc_peering.html.markdown
@ -22,6 +22,24 @@ resource "aws_vpc_peering_connection" "foo" {
 }
 ```

+Basic usage with connection options:
+
+```
+resource "aws_vpc_peering_connection" "foo" {
+    peer_owner_id = "${var.peer_owner_id}"
+    peer_vpc_id = "${aws_vpc.bar.id}"
+    vpc_id = "${aws_vpc.foo.id}"
+
+    accepter {
+      allow_remote_vpc_dns_resolution = true
+    }
+
+    requester {
+      allow_remote_vpc_dns_resolution = true
+    }
+}
+```
+
 Basic usage with tags:

 ```
@ -30,10 +48,11 @@ resource "aws_vpc_peering_connection" "foo" {
    peer_owner_id = "${var.peer_owner_id}"
    peer_vpc_id = "${aws_vpc.bar.id}"
    vpc_id = "${aws_vpc.foo.id}"
-    
+
    auto_accept = true
-    tags { 
-      Name = "VPC Peering between foo and bar" 
+
+    tags {
+      Name = "VPC Peering between foo and bar"
    }
 }

@ -51,26 +70,51 @@ resource "aws_vpc" "bar" {
 The following arguments are supported:

 * `peer_owner_id` - (Required) The AWS account ID of the owner of the peer VPC.
-* `peer_vpc_id` - (Required) The ID of the VPC with which you are creating the VPC peering connection.
+* `peer_vpc_id` - (Required) The ID of the VPC with which you are creating the VPC Peering Connection.
 * `vpc_id` - (Required) The ID of the requester VPC.
 * `auto_accept` - (Optional) Accept the peering (you need to be the owner of both VPCs).
+* `accepter` (Optional) - An optional configuration block that allows for [VPC Peering Connection]
+(http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide) options to be set for the VPC that accepts
+the peering connection (a maximum of one).
+* `requester` (Optional) - A optional configuration block that allows for [VPC Peering Connection]
+(http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide) options to be set for the VPC that requests
+the peering connection (a maximum of one).
 * `tags` - (Optional) A mapping of tags to assign to the resource.

+#### Accepter and Requester Arguments
+
+-> **Note:** When enabled, the DNS resolution feature requires that VPCs participating in the peering
+must have support for the DNS hostnames enabled. This can be done using the [`enable_dns_hostnames`]
+(vpc.html#enable_dns_hostnames) attribute in the [`aws_vpc`](vpc.html) resource. See [Using DNS with Your VPC]
+(http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html) user guide for more information.
+
+* `allow_remote_vpc_dns_resolution` - (Optional) Allow a local VPC to resolve public DNS hostnames to private
+IP addresses when queried from instances in the peer VPC.
+* `allow_classic_link_to_remote_vpc` - (Optional) Allow a local linked EC2-Classic instance to communicate
+with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection
+to the remote VPC.
+* `allow_vpc_to_remote_classic_link` - (Optional) Allow a local VPC to communicate with a linked EC2-Classic
+instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink
+connection.
+
 ## Attributes Reference

 The following attributes are exported:

-* `id` - The ID of the VPC Peering Connections
-* `accept_status` - The Status of the VPC peering connection request.
+* `id` - The ID of the VPC Peering Connection.
+* `accept_status` - The status of the VPC Peering Connection request.


 ## Notes
-If you are not the owner of both VPCs, or do not enable auto_accept you will still have to accept the peering with the AWS Console, aws-cli or aws-sdk-go.
+
+If you are not the owner of both VPCs, or do not enable the `auto_accept` attribute you will still
+have to accept the VPC Peering Connection request manually using the AWS Management Console, AWS CLI,
+through SDKs, etc.

 ## Import

-VPC Peering resources can be imported using the `vpc peering id`, e.g. 
+VPC Peering resources can be imported using the `vpc peering id`, e.g.

 ```
 $ terraform import aws_vpc_peering_connection.test_connection pcx-111aaa111
-```
+```