provider/aws: Improve error handling in IAM Server Certificates (#6442)

* provider/aws: Improve error handling in IAM Server Certificates

* rename test, add additional empty check

builtin/providers/aws/resource_aws_iam_server_certificate.go

@@ -138,6 +138,11 @@ func resourceAwsIAMServerCertificateRead(d *schema.ResourceData, meta interface{
 
 	if err != nil {
 		if awsErr, ok := err.(awserr.Error); ok {
+			if awsErr.Code() == "NoSuchEntity" {
+				log.Printf("[WARN] IAM Server Cert (%s) not found, removing from state", d.Id())
+				d.SetId("")
+				return nil
+			}
 			return fmt.Errorf("[WARN] Error reading IAM Server Certificate: %s: %s", awsErr.Code(), awsErr.Message())
 		}
 		return fmt.Errorf("[WARN] Error reading IAM Server Certificate: %s", err)
@@ -161,7 +166,7 @@ func resourceAwsIAMServerCertificateRead(d *schema.ResourceData, meta interface{
 func resourceAwsIAMServerCertificateDelete(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).iamconn
 	log.Printf("[INFO] Deleting IAM Server Certificate: %s", d.Id())
-	err := resource.Retry(1*time.Minute, func() *resource.RetryError {
+	err := resource.Retry(3*time.Minute, func() *resource.RetryError {
 		_, err := conn.DeleteServerCertificate(&iam.DeleteServerCertificateInput{
 			ServerCertificateName: aws.String(d.Get("name").(string)),
 		})
@@ -172,6 +177,11 @@ func resourceAwsIAMServerCertificateDelete(d *schema.ResourceData, meta interfac
 					log.Printf("[WARN] Conflict deleting server certificate: %s, retrying", awsErr.Message())
 					return resource.RetryableError(err)
 				}
+				if awsErr.Code() == "NoSuchEntity" {
+					log.Printf("[WARN] IAM Server Certificate (%s) not found, removing from state", d.Id())
+					d.SetId("")
+					return nil
+				}
 			}
 			return resource.NonRetryableError(err)
 		}

builtin/providers/aws/resource_aws_iam_server_certificate_test.go

@@ -51,6 +51,45 @@ func TestAccAWSIAMServerCertificate_name_prefix(t *testing.T) {
 	})
 }
 
+func TestAccAWSIAMServerCertificate_disappears(t *testing.T) {
+	var cert iam.ServerCertificate
+
+	testDestroyCert := func(*terraform.State) error {
+		// reach out and DELETE the Cert
+		conn := testAccProvider.Meta().(*AWSClient).iamconn
+		_, err := conn.DeleteServerCertificate(&iam.DeleteServerCertificateInput{
+			ServerCertificateName: cert.ServerCertificateMetadata.ServerCertificateName,
+		})
+
+		if err != nil {
+			return fmt.Errorf("Error destorying cert in test: %s", err)
+		}
+
+		return nil
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccIAMServerCertConfig_random,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCertExists("aws_iam_server_certificate.test_cert", &cert),
+					testAccCheckAWSServerCertAttributes(&cert),
+					testDestroyCert,
+				),
+				ExpectNonEmptyPlan: true,
+			},
+			// Follow up plan w/ empty config should be empty, since the Cert is gone
+			resource.TestStep{
+				Config: "",
+			},
+		},
+	})
+}
+
 func testAccCheckCertExists(n string, cert *iam.ServerCertificate) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]