Commit Graph

265 Commits

Author SHA1 Message Date
Paul Stack 51f216306f provider/aws: Implement the `aws_elasticache_replication_group` resource (#8275) 2016-08-18 19:42:29 +01:00
James Nugent 59f66eca02 provider/aws: Add aws_alb_listener resource
This commit adds the `aws_alb_listener` resource and associated
acceptance tests and documentation.
2016-08-18 18:49:44 +01:00
James Nugent 531a976306 provider/aws: Add aws_alb_target_group resource
This commit adds a resource, acceptance tests and documentation for the
Target Groups for Application Load Balancers.

This is the second in a series of commits to fully support the new
resources necessary for Application Load Balancers.
2016-08-17 15:48:16 +01:00
James Nugent 0b421b6998 provider/aws: Add `aws_alb` resource
This commit adds a resource, acceptance tests and documentation for the
new Application Load Balancer (aws_alb). We choose to use the name alb
over the package name, elbv2, in order to avoid confusion.

This is the first in a series of commits to fully support the new
resources necessary for Application Load Balancers.
2016-08-17 15:48:06 +01:00
Radek Simko 73791b47b3
aws: Implement naming changes for aws_elb_service_account 2016-08-16 21:05:27 +01:00
Paul Stack 65aa02b6df provider/aws: DataSource for RedShift Account ID (#8224)
When you need to enable monitoring for Redshift, you need to create the
correct policy in the bucket for logging. This needs to have the
Redshift Account ID for a given region. This data source provides a
handy lookup for this

http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging

% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRedshiftAccountId_basic'         2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 14:39:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftAccountId_basic -timeout 120m
=== RUN   TestAccAWSRedshiftAccountId_basic
--- PASS: TestAccAWSRedshiftAccountId_basic (19.47s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    19.483s
2016-08-16 17:58:46 +01:00
Radek Simko e356f27db6
aws: Add elb_account_id data source 2016-08-16 11:36:58 +01:00
James Nugent 3e14f56a96 provider/aws: Add aws_caller_identity data source
This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.

This will need revisiting and further testing once the work for
AssumeRole is integrated.
2016-08-16 11:24:26 +01:00
Renier Morales ef9f3a45b1 Add S3 endpoint override ability and expose S3 path style option (#7871)
* Overriding S3 endpoint - Enable specifying your own
  S3 api endpoint to override the default one, under
  endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
  configuration to the provider.
2016-08-12 17:52:12 +01:00
Radek Simko e251d5c7bd Merge pull request #8114 from TimeIncOSS/f-aws-skip-options
aws: Change names of new skip_* fields + document those
2016-08-12 07:00:14 +01:00
stack72 313ec1252c
Merge branch 'master' of github.com:hashicorp/terraform 2016-08-11 15:15:51 +12:00
Radek Simko 0ab3bc4105
aws: Change field names + desc according to reality
- skip_iam_creds_validation => skip_credentials_validation
 - skip_iam_account_id => skip_requesting_account_id
2016-08-10 16:46:05 +01:00
Renier Morales c2bcb5fbe5 Skip IAM/STS validation and metadata check (#7874)
* Skip IAM/STS validation and metadata check

* Skip IAM/STS identity validation - For environments or other api
  implementations where there are no IAM/STS endpoints available, this
  option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
  time there isn't going to be a metadta api endpoint, this option lets
  you opt out from that check to save time.

* Allow iam/sts initialization even if skipping account/cred validation

(#7874)

* Split out skip of IAM validation into credentials and account id

(#7874)
2016-08-10 15:10:34 +01:00
Mosley, Franklin a6de088375 Add new resource aws_lb_ssl_negotiation_policy
Added new resource to create an AWS ELB SSL negotiation policy, and an
acceptance test.
2016-08-09 15:29:13 -07:00
Martin Atkins c6e8662838 Merge #7984: Data sources for AWS and Fastly IP address ranges 2016-08-09 09:53:05 -07:00
stack72 1a0b2971dd
Merge branch 'elb_backend_auth' of https://github.com/ewdurbin/terraform into ewdurbin-elb_backend_auth 2016-08-09 14:08:28 +12:00
Ernest W. Durbin III 57d3c722e2 rename aws load balancer policy resources
team redundancy team had a good run, but is over now
2016-08-07 23:08:49 -04:00
Krzysztof Wilczynski 9c54e9c955 Add aws_vpn_gateway_attachment resource. (#7870)
This commit adds VPN Gateway attachment resource, and also an initial tests and
documentation stubs.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-07 09:29:51 +10:00
Joern Barthel 8accef2c27 Added IP ranges from AWS 2016-08-04 19:20:14 +02:00
Andreas Skarmutsos Lindh cc912c39e5
AWS Application AutoScaling
Initial work on two new resource types:
* `aws_appautoscaling_target`
* `aws_appautoscaling_policy`

Fix acc tests
2016-07-26 10:43:06 +01:00
stack72 fcbaf3eea6
Merge branch 'feature/data-source-ecs' of https://github.com/nicolai86/terraform into nicolai86-feature/data-source-ecs 2016-07-22 13:43:18 +01:00
Brad Sickles 732b8d3b6e Implementing aws_ami_launch_permission. (#7365) 2016-07-21 23:08:32 +01:00
Jan Schumann ecb4b5aada providers/aws: Opsworks permission resource (#6304)
* add opsworks permission resource

* add docs

* remove permission from state if the permission object could not be found

* remove nil validate function. validation is done in schema.Resource.

* add id to the list of exported values

* renge over permission to check that we have found got the correct one

* removed comment

* removed set id

* fix unknown region us-east-1c

* add user_profile resource

* add docs

* add default value
2016-07-21 00:29:33 +01:00
Martin Häger 32abd937f1 SimpleDB domain resource (#7600) 2016-07-12 12:55:58 +01:00
Ernest W. Durbin III ecadf103cc
implement flexible resources for ELB Policies
allows load balancer policies and their assignment to backend servers or listeners to be configured independently.

this gives flexibility to configure additional policies on aws elastic load balancers aside from the already provided "convenience" wrappers for cookie stickiness
2016-07-02 11:39:20 -04:00
yissachar 1bd8b449e0 Add SES resource (#5387)
* Add SES resource

* Detect ReceiptRule deletion outside of Terraform

* Handle order of rule actions

* Add position field to docs

* Fix hashes, add log messages, and other small cleanup

* Fix rebase issue

* Fix formatting
2016-06-26 22:07:14 +01:00
Keshav Varma 58bd6dfb02 Add an AWS Spot fleet resource 2016-06-21 17:31:30 -07:00
Raphael Randschau 90889632e0 Add aws_ecs_container_definition data source
this datasource allows terraform to work with externally modified state, e.g.
when you're using an ECS service which is continously updated by your CI via the
AWS CLI.

right now you'd have to wrap terraform into a shell script which looks up the
current image digest, so running terraform won't change the updated service.

using the aws_ecs_container_definition data source you can now leverage
terraform, removing the wrapper entirely.
2016-06-19 21:50:37 +02:00
James Bardin cd160d3f3f Merge pull request #6965 from hashicorp/jbardin/GH-3968
Add support for Amazon Elastic Transcoder
2016-06-07 17:28:55 -04:00
James Bardin 5c1b625c84 Add support for Amazon Elastic Transcoder
- Add resources for elastic transcoder pipelines and presets
2016-06-07 16:07:08 -04:00
James Bardin 4c7a31d72a Merge pull request #6879 from hashicorp/jbardin/GH-3999
Add top-level ELB Attachment resource
2016-06-07 10:19:07 -04:00
James Bardin e4d8c6929f Add top-level ELB Attachment resource
Add an aws_elb_attachment resource so that the attment of instances to
an ELB can be managed separately from an aws_elb and prevent dependency
cycles.
2016-06-07 09:46:39 -04:00
Radek Simko d4fe1b9145 provider/aws: Add s3_bucket_object data source 2016-06-01 19:14:17 +01:00
James Nugent c91d62fda0 provider/aws: aws_iam_policy_document data source
This brings over the work done by @apparentlymart and @radeksimko in
PR #3124, and converts it into a data source for the AWS provider:

This commit adds a helper to construct IAM policy documents using
familiar Terraform concepts. It makes Terraform-style interpolations
easier and resolves the syntax conflict between Terraform interpolations
and IAM policy variables by changing the latter to use &{...} for its
interpolations.

Its use is completely optional and users are free to go on using literal
heredocs, file interpolations or whatever else; this just adds another
option that fits more naturally into a Terraform config.
2016-05-31 11:08:02 -05:00
Chris Marchesi 9ac7fb0276 provider/aws: New data source: aws_ami
This data source allows one to look up the most recent AMI for a specific
set of parameters, much like aws ec2 describe-images in the AWS CLI.

Basically a refresh of hashicorp/terraform#4396, in data source form.
2016-05-29 09:55:12 -07:00
Clint 983b6710a5 provider/aws: Add per user, role and group policy attachment (supersedes #5816) (#6858)
* Add per user, role and group policy attachment

* Add docs for new IAM policy attachment resources.

* Make policy attachment resources manage only 1 entity<->policy attachment

* provider/aws: Tidy up IAM Group/User/Role attachments
2016-05-25 11:03:43 -05:00
James Nugent 1ea727eb13 provider/aws: Add aws_availability_zones source
This commit adds a data source with a single list, `instance` for the
schema which gets populated with the availability zones to which an
account has access.
2016-05-24 15:42:45 -05:00
stack72 fdf1962905 Merge branch 'aws-rds-cluster-param-group' of https://github.com/wowgroup/terraform into wowgroup-aws-rds-cluster-param-group 2016-05-12 23:27:20 +01:00
Paul Stack af29a61748 provider/aws: Change `aws_elastic_ip_association` to have computed parameters (#6552)
* New top level AWS resource aws_eip_association

* Add documentation for aws_eip_association

* Add tests for aws_eip_association

* provider/aws: Change `aws_elastic_ip_association` to have computed
parameters

The AWS API was send ing more parameters than we had set. Therefore,
Terraform was showing constant changes when plans were being formed
2016-05-09 18:40:45 +01:00
stack72 8dc123fd94 Scaffold the AWS DB Option Group resource
Change the AWS DB Instance to now include the DB Option Group param. Adds a test to prove that it works

Add acceptance tests for the AWS DB Option Group work. This ensures that Options can be added and updated

Documentation for the AWS DB Option resource
2016-05-08 20:18:53 +01:00
Kraig Amador 1f80ec48d0 Added RDS event subscriptions (#6367) 2016-05-05 11:14:25 +01:00
Radek Simko e3ade6a784 provider/aws: Add support for api_gateway_account (#6321) 2016-04-27 13:08:59 +01:00
Radek Simko d31a6ac47f provider/aws: Add support for api_gateway_authorizer (#6320) 2016-04-25 12:22:37 +01:00
Josh Myers 3be66aa9ed Add cloudwatch_logs_subscription_filter provider (#5996) 2016-04-20 20:05:21 +01:00
Clint fcdcb4b916 provider/aws: Default Network ACL resource (#6165)
* provider/aws: Default Network ACL resource

Provides a resource to manage the default AWS Network ACL. VPC Only.

* Remove subnet_id update, mark as computed value. Remove extra tag update

* refactor default rule number to be a constant

* refactor revokeRulesForType to be revokeAllNetworkACLEntries

Refactor method to delete all network ACL entries, regardless of type. The
previous implementation was under the assumption that we may only eliminate some
rule types and possibly not others, so the split was necessary.

We're now removing them all, so the logic isn't necessary

Several doc and test cleanups are here as well

* smite subnet_id, improve docs
2016-04-18 11:02:00 -05:00
Martin Atkins 94f338d5de Merge #4276: aws_opsworks_instance resource 2016-04-16 10:14:22 -07:00
Martin Atkins bb7b8d6550 Merge #4419: aws_opsworks_application resource 2016-04-16 09:28:12 -07:00
Chris Marchesi a38ccbe074 CloudFront distribution and origin access identity support (#5221)
* CloudFront implementation v3

* Update tests

* Refactor - new resource: aws_cloudfront_distribution

 * Includes a complete re-write of the old aws_cloudfront_web_distribution
   resource to bring it to feature parity with API and CloudFormation.
 * Also includes the aws_cloudfront_origin_access_identity resource to generate
   origin access identities for use with S3.
2016-04-14 14:55:11 -05:00
protomouse b45e941144 add resource aws_rds_cluster_parameter_group 2016-04-11 10:26:47 +02:00
Jan Nabbefeld 6bf9f21c39 Opsworks Application support 2016-04-07 14:18:50 -07:00
KOJIMA Kazunori d646682d7a provider/aws: Support S3 bucket notification
* Implement aws_s3_bucket_notification resource
2016-04-04 21:23:06 -05:00
stack72 7e61947c0a provider/aws: Scaffold `aws_iam_user_ssh_key` resource 2016-03-22 01:19:16 +00:00
Radek Simko 3bfcd47238 provider/aws: Add support for CloudWatch Log Metric Filter 2016-03-15 15:01:20 +00:00
Jeff Tang bcd5904eea Add support for Opsworks Instances
New resource checklist
- [x] Acceptance testing
- [x] Documentation
- [x] Well-formed code
2016-03-14 15:12:43 -04:00
Philip Witty 6648df7acc Added AWS KMS key & alias support 2016-03-08 09:30:47 +00:00
clint shryock f0d3176999 provider/aws: Add Elastic Beanstalk Application, Configuration Template, and Environment
This adds support for Elastic Beanstalk Applications, Configuration Templates,
and Environments.

This is a combined work of @catsby, @dharrisio, @Bowbaq, and @jen20
2016-03-07 14:43:23 -06:00
Radek Simko c6c2752211 provider/aws: Sort API Gateway resources alphabetically 2016-03-06 09:29:31 +00:00
Raphael Randschau 6430fca7f6 Add aws_api_gateway_deployment resource 2016-03-05 23:21:58 +01:00
Raphael Randschau 8c59d0861e Add aws_api_gateway_api_key resource 2016-03-05 23:21:54 +01:00
Raphael Randschau b4c99f1009 Add aws_api_gateway_model resource 2016-03-05 23:21:51 +01:00
Raphael Randschau 4da8b3d03a Add aws_api_gateawy_integration_response resource 2016-03-05 23:21:48 +01:00
Raphael Randschau 1593dbe9c8 Add aws_api_gateway_integration resource 2016-03-05 23:21:44 +01:00
Raphael Randschau 91f5206f8d Add aws_api_gateway_method_response resource 2016-03-05 23:21:41 +01:00
Raphael Randschau 032e6081cb Add aws_api_gateway_method resource 2016-03-05 23:21:38 +01:00
Raphael Randschau 7ead800f6a Add aws_api_gateway_resource resource 2016-03-05 23:21:35 +01:00
Raphael Randschau a73721d248 Add aws_api_gateway_rest_api resource 2016-03-05 23:13:38 +01:00
Radek Simko f7f3d95a9b provider/aws: Add support for AWS Account Password Policy 2016-02-26 11:04:25 +00:00
Radek Simko 64539d30bc provider/aws: Add aws_lambda_permission 2016-02-15 17:16:41 +00:00
Radek Simko 61afc6d34d provider/aws: Add CloudWatch Event Target 2016-02-13 13:21:33 +00:00
Radek Simko ab89e5e528 provider/aws: Add CloudWatch Event Rule 2016-02-13 13:21:32 +00:00
Hasan Türken 766dac4d79 update documentation 2016-02-12 09:56:48 -06:00
Hasan Türken e41266e971 Move endpoint options into endpoints block 2016-02-12 09:38:21 -06:00
Hasan Türken 231604e8b7 support custom endpoints for AWS EC2 ELB and IAM 2016-02-12 09:35:50 -06:00
Trevor Pounds 0cd0ff0f8e Use built-in schema.HashString. 2016-02-07 16:29:34 -08:00
James Nugent ace215481a provider/aws: Add profile to provider config
This allows specification of the profile for the shared credentials
provider for AWS to be specified in Terraform configuration. This is
useful if defining providers with aliases, or if you don't want to set
environment variables. Example:

$ aws configure --profile this_is_dog
... enter keys

$ cat main.tf
provider "aws" {
    profile = "this_is_dog"

    # Optionally also specify the path to the credentials file
    shared_credentials_file = "/tmp/credentials"
}

This is equivalent to specifying AWS_PROFILE or
AWS_SHARED_CREDENTIALS_FILE in the environment.
2016-01-14 15:39:35 +00:00
Clint 7f6624e926 Merge pull request #3862 from stack72/aws-redshift
provider/aws: AWS Redshift
2016-01-13 16:52:47 -06:00
Johannes Boyne df7ac2d51b Add AWS lambda alias support and documentation 2016-01-13 10:05:32 -06:00
nextrevision 6a3ed429ad Adding AWS ECR provider resources
Adds ECR aws_ecr_repository and aws_ecr_repository_policy resources to
the AWS provider.
2015-12-22 10:31:30 -05:00
stack72 bf03752552 Adding the documentation for the AWS Redshift Subnet Group resource
also removed the notion of tags from the redshift security group and
parameter group documentation until that has been implemented

Redshift Cluster CRUD and acceptance tests

Removing the Acceptance test for the Cluster Updates. You cannot delete
a cluster immediately after performing an operation on it. We would need
to add a lot of retry logic to the system to get this test to work

Adding some schema validation for RedShift cluster

Adding the last of the pieces of a first draft of the Redshift work - this is the documentation
2015-12-20 20:20:05 +00:00
stack72 48091e37c7 Adding the documentation for the Redshift Parameter Groups
Changed the aws_redshift_security_group and aws_redshift_parameter_group
to remove the tags from the schema. Tags are a little bit more
complicated than originally though - I will revisit this later

Then added the schema, CRUD functionality and basic acceptance tests for
aws_redshift_subnet_group

Adding an acceptance test for the Update of subnet_ids in AWS Redshift Subnet Group
2015-12-20 20:20:03 +00:00
stack72 249e7df76c Adding the documentation for the Redshift security groups
Creation of the schema, CRUD and acceptance tests for Redshift Parameter Group
2015-12-20 20:20:01 +00:00
stack72 85afc7d614 Initial creation of the work for AWS RedShift Support
Finalising the schema and acceptance tests for the Redshift Security Group's
2015-12-20 20:19:55 +00:00
stack72 2df8d7d9b0 Initial Scaffolding of the AWS Network ACL Entry resource 2015-12-18 23:14:54 +00:00
James Nugent 0bdf249f2c provider/aws: Add aws_nat_gateway Resource 2015-12-18 14:12:27 -05:00
clint shryock 5f5459a1fb provider/aws: Refactor AWS Authentication chain
- update auth checking to check metadata header
- refactor tests to not export os env vars
2015-12-15 10:46:10 -06:00
stack72 c965d2278e Adding a resource for aws_autoscaling_schedule 2015-12-11 18:43:38 +00:00
stack72 d84d6796c4 Initial CRUD work for the Autoscaling Group Scheduled Actions 2015-12-11 10:53:46 +00:00
Chris Marchesi 85627630bd New resource (AWS provider) - aws_lambda_event_source_mapping 2015-11-30 07:45:38 -08:00
Rafal Jeczalik 9e66e18334 provider/aws: fix for https://github.com/aws/aws-sdk-go/issues/452 2015-11-24 09:30:21 +01:00
Paul Hinze 6b6b5a43c3 provider/aws: serialize SG rule access to fix race condition
Because `aws_security_group_rule` resources are an abstraction on top of
Security Groups, they must interact with the AWS Security Group APIs in
a pattern that often results in lots of parallel requests interacting
with the same security group.

We've found that this pattern can trigger race conditions resulting in
inconsistent behavior, including:

 * Rules that report as created but don't actually exist on AWS's side
 * Rules that show up in AWS but don't register as being created
   locally, resulting in follow up attempts to authorize the rule
   failing w/ Duplicate errors

Here, we introduce a per-SG mutex that must be held by any security
group before it is allowed to interact with AWS APIs. This protects the
space between `DescribeSecurityGroup` and `Authorize*` / `Revoke*`
calls, ensuring that no other rules interact with the SG during that
span.

The included test exposes the race by applying a security group with
lots of rules, which based on the dependency graph can all be handled in
parallel. This fails most of the time without the new locking behavior.

I've omitted the mutex from `Read`, since it is only called during the
Refresh walk when no changes are being made, meaning a bunch of parallel
`DescribeSecurityGroup` API calls should be consistent in that case.
2015-11-18 12:39:59 -06:00
Rafal Jeczalik 4f25b552bb use single import path for aws-sdk-go 2015-11-16 00:42:08 +01:00
stack72 fc983c5505 Initial Create, Read and Delete work for the S3 part of the Kinesis Firehose resource 2015-11-09 22:26:55 +00:00
stack72 89ce6f7c83 Started the work for the AWS CodeCommit Repository resource
Starting to add the skeleton for the creation and update of a repository
2015-10-30 21:39:04 +00:00
Clint 5c3c1e2327 Merge pull request #3548 from MDL/aws_route
provider/aws: add aws_route resource (finish)
2015-10-29 17:06:56 -05:00
Clint cb2ecf5733 Merge pull request #3255 from Runscope/local-kinesis
provider/aws: allow local kinesis
2015-10-29 08:24:07 -05:00
Radek Simko a618b048cf aws: Add support for aws_cloudtrail 2015-10-28 17:13:14 +00:00
Radek Simko 0d8d6fde79 Merge pull request #2636 from TimeIncOSS/f-aws-cloudformation
provider/aws: Add aws_cloudformation_stack
2015-10-28 16:16:14 +00:00
Christopher Tiwald a546a12c2d aws: Add support for aws_codedeploy_deployment_group resources 2015-10-20 18:05:40 -04:00
Christopher Tiwald e59fb4e6ca aws: Add support for "aws_codedeploy_app" resources. 2015-10-20 18:05:39 -04:00
gkze ac0afad6e9 Add aws_route resource 2015-10-19 09:16:26 -04:00