Previously lightsail was limited to `us-east-1` only. This restriction has now been lifted to new regions.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLightsailInstance_euRegion'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 16:40:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLightsailInstance_euRegion -timeout 120m
=== RUN TestAccAWSLightsailInstance_euRegion
--- PASS: TestAccAWSLightsailInstance_euRegion (45.31s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 45.319s
```
Fixes: #14668
The previous JSON validator that we were using for IAM policy documents wouldn't catch AWS IAM Policy errors.
The supplied policy document would pass our validator, then fail with the following API error:
```
* aws_iam_role_policy.foo: Error putting IAM role policy tf_test_policy_ymw7hbil9w: MalformedPolicyDocument: The policy failed legacy parsing
status code: 400, request id: e7615d90-3c99-11e7-babc-c14e741605bf
```
This happens if the Policy Document doesn't start with the opening JSON bracket, and often happens in the following case:
```
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
...
}
]
}
EOF
```
Where, when using a HEREDOC, the policy document is indented incorrectly.
The new validation function for the IAM policies verifies that the first character of the supplied policy document is the leading JSON bracket, prior to validating the JSON string.
Test Output:
```
$ make test TEST=./builtin/providers/aws/ TESTARGS="-v -run=TestValidateIAMPolicyJsonString"
==> Checking that code complies with gofmt requirements...
==> Checking AWS provider for unchecked errors...
==> NOTE: at this time we only look for uncheck errors in the AWS package
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:56:32 Generated command/internal_plugin_list.go
go test -i ./builtin/providers/aws/ || exit 1
echo ./builtin/providers/aws/ | \
xargs -t -n4 go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4
go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4 ./builtin/providers/aws/
=== RUN TestValidateIAMPolicyJsonString
--- PASS: TestValidateIAMPolicyJsonString (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.009s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAWSPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:38:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSPolicy_ -timeout 120m
=== RUN TestAWSPolicy_namePrefix
--- PASS: TestAWSPolicy_namePrefix (20.01s)
=== RUN TestAWSPolicy_invalidJson
--- PASS: TestAWSPolicy_invalidJson (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 20.027s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMRolePolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 11:02:56 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMRolePolicy_ -timeout 120m
=== RUN TestAccAWSIAMRolePolicy_importBasic
--- PASS: TestAccAWSIAMRolePolicy_importBasic (18.45s)
=== RUN TestAccAWSIAMRolePolicy_basic
--- PASS: TestAccAWSIAMRolePolicy_basic (35.92s)
=== RUN TestAccAWSIAMRolePolicy_namePrefix
--- PASS: TestAccAWSIAMRolePolicy_namePrefix (14.78s)
=== RUN TestAccAWSIAMRolePolicy_generatedName
--- PASS: TestAccAWSIAMRolePolicy_generatedName (20.20s)
=== RUN TestAccAWSIAMRolePolicy_invalidJSON
--- PASS: TestAccAWSIAMRolePolicy_invalidJSON (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 89.363s
```
Fixes: #14653
I was originally calling the wrong API method and only some of the
values were being persisted to state. By changing the API method, we can
now get all of the values and therefore can detech manual drift
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMMaintenanceWindow_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 16:56:27 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSSMMaintenanceWindow_ -timeout 120m
=== RUN TestAccAWSSSMMaintenanceWindow_basic
--- PASS: TestAccAWSSSMMaintenanceWindow_basic (41.39s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 41.419s
```
Fixes: #14535
When in a `restricted` cloud, we should fall back to the old method of
tagging. Before this change we saw the following:
```
% terraform apply ✭
aws_instance.foo: Creating...
ami: "" => "ami-0fa3c42c"
associate_public_ip_address: "" => "<computed>"
availability_zone: "" => "<computed>"
ebs_block_device.#: "" => "<computed>"
ephemeral_block_device.#: "" => "<computed>"
instance_state: "" => "<computed>"
instance_type: "" => "m1.small"
ipv6_address_count: "" => "<computed>"
ipv6_addresses.#: "" => "<computed>"
key_name: "" => "<computed>"
network_interface.#: "" => "<computed>"
network_interface_id: "" => "<computed>"
placement_group: "" => "<computed>"
primary_network_interface_id: "" => "<computed>"
private_dns: "" => "<computed>"
private_ip: "" => "<computed>"
public_dns: "" => "<computed>"
public_ip: "" => "<computed>"
root_block_device.#: "" => "<computed>"
security_groups.#: "" => "<computed>"
source_dest_check: "" => "true"
subnet_id: "" => "<computed>"
tags.%: "" => "1"
tags.foo: "" => "bar"
tenancy: "" => "<computed>"
volume_tags.%: "" => "<computed>"
vpc_security_group_ids.#: "" => "<computed>"
aws_instance.foo: Creation complete (ID: i-0009f227ae24791b9)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
% terraform plan ✭
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_instance.foo: Refreshing state... (ID: i-0009f227ae24791b9)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
~ aws_instance.foo
tags.%: "0" => "1"
tags.foo: "" => "bar"
Plan: 0 to add, 1 to change, 0 to destroy.
```
After this patch, we see the following:
```
% terraform apply ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
aws_instance.foo: Creating...
ami: "" => "ami-0fa3c42c"
associate_public_ip_address: "" => "<computed>"
availability_zone: "" => "<computed>"
ebs_block_device.#: "" => "<computed>"
ephemeral_block_device.#: "" => "<computed>"
instance_state: "" => "<computed>"
instance_type: "" => "m1.small"
ipv6_address_count: "" => "<computed>"
ipv6_addresses.#: "" => "<computed>"
key_name: "" => "<computed>"
network_interface.#: "" => "<computed>"
network_interface_id: "" => "<computed>"
placement_group: "" => "<computed>"
primary_network_interface_id: "" => "<computed>"
private_dns: "" => "<computed>"
private_ip: "" => "<computed>"
public_dns: "" => "<computed>"
public_ip: "" => "<computed>"
root_block_device.#: "" => "<computed>"
security_groups.#: "" => "<computed>"
source_dest_check: "" => "true"
subnet_id: "" => "<computed>"
tags.%: "" => "1"
tags.foo: "" => "bar"
tenancy: "" => "<computed>"
volume_tags.%: "" => "<computed>"
vpc_security_group_ids.#: "" => "<computed>"
aws_instance.foo: Creation complete (ID: i-04cd122e28f167a14)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_instance.foo: Refreshing state... (ID: i-04cd122e28f167a14)
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```
Fixes: #14530
When we found an update of IPv6 cidr block, we first tried to
disassociate the old cidr block association. This caused errors if there
was none, it threw an error, as we passed an empty associationId:
```
* aws_subnet.public_subnet.0: InvalidSubnetCidrBlockAssociationId.Malformed: The subnet CIDR block with association ID is malformed
status code: 400, request id: f438f468-9ca4-4000-ba78-63a0f25d390a
* aws_subnet.public_subnet[1]: 1 error(s) occurred:
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSubnet_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/16 18:28:45 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSubnet_ -timeout 120m
=== RUN TestAccAWSSubnet_importBasic
--- PASS: TestAccAWSSubnet_importBasic (55.40s)
=== RUN TestAccAWSSubnet_basic
--- PASS: TestAccAWSSubnet_basic (53.62s)
=== RUN TestAccAWSSubnet_ipv6
--- PASS: TestAccAWSSubnet_ipv6 (125.87s)
=== RUN TestAccAWSSubnet_enableIpv6
--- PASS: TestAccAWSSubnet_enableIpv6 (88.88s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 323.787s
```
Fixes: #14361
An IPv6 CIDR block is option and can be added *after* a subnet has been
created. Therefore, we should set it to `Computed: true`
Otherwise, a manually created IPv6 association will be removed on the
next terraform run
* Propagate AWS CodePipeline action roles
* Add acceptance test for AWS CodePipeline action roles
* Isolate AWS CodePipeline service role acceptance test
The existing "tag" field on autoscaling groups is very limited in that it
cannot be used in conjunction with interpolation preventing from adding
dynamic tag entries.
Other AWS resources don't have this restriction on tags because they work
directly on the map type.
AWS autoscaling groups on the other hand have an additional field
"propagate_at_launch" which is not usable with a pure map type.
This fixes it by introducing an additional field called "tags" which
allows specifying a list of maps. This preserves the possibility to
declare tags as with the "tag" field but additionally allows to
construct lists of maps using interpolation syntax.
Fixes: #14503
Changes to root_block_device were not picked up as we had a hash func to
return 0. We changed from set -> list as we only allow 1 value and
immediately we can get changes propagating
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLaunchConfiguration_updateRootBlockDevice'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/15 19:27:39 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLaunchConfiguration_updateRootBlockDevice -timeout 120m
=== RUN TestAccAWSLaunchConfiguration_updateRootBlockDevice
--- PASS: TestAccAWSLaunchConfiguration_updateRootBlockDevice (51.12s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 51.140s
```
Fixes: #14006Fixes: #14464
IPv6 wasn't supported for adding routes to the internet gateway.
Resulted in a message as follows:
```
Error creating route: MissingParameter: The request must contain the parameter destinationCidrBlock or destinationIpv6CidrBlock
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/15 11:50:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute_ -timeout 120m
=== RUN TestAccAWSRoute_basic
--- PASS: TestAccAWSRoute_basic (67.27s)
=== RUN TestAccAWSRoute_ipv6Support
--- PASS: TestAccAWSRoute_ipv6Support (59.35s)
=== RUN TestAccAWSRoute_ipv6ToInternetGateway
--- PASS: TestAccAWSRoute_ipv6ToInternetGateway (67.39s)
=== RUN TestAccAWSRoute_changeCidr
--- PASS: TestAccAWSRoute_changeCidr (103.68s)
=== RUN TestAccAWSRoute_noopdiff
--- PASS: TestAccAWSRoute_noopdiff (194.32s)
=== RUN TestAccAWSRoute_doesNotCrashWithVPCEndpoint
--- PASS: TestAccAWSRoute_doesNotCrashWithVPCEndpoint (71.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 563.397s
```
The acceptance tests for spot_instance_requests were showing falures as
follows:
```
------- Stdout: -------
=== RUN TestAccAWSSpotInstanceRequest_basic
--- FAIL: TestAccAWSSpotInstanceRequest_basic (100.40s)
testing.go:280: Step 0 error: After applying this step, the plan was not empty:
DIFF:
UPDATE: aws_spot_instance_request.foo
volume_tags.%: "" => "<computed>"
```
This was because we were setting volume_tags as computed and thus the
diff. We needed to override the schema to make sure that it was not
being computed - it's only aws_instance that needs computed tags because
of EBS volumes
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotInstanceRequest_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/15 10:41:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotInstanceRequest_ -timeout 120m
=== RUN TestAccAWSSpotInstanceRequest_basic
--- PASS: TestAccAWSSpotInstanceRequest_basic (86.93s)
=== RUN TestAccAWSSpotInstanceRequest_withBlockDuration
--- PASS: TestAccAWSSpotInstanceRequest_withBlockDuration (97.47s)
=== RUN TestAccAWSSpotInstanceRequest_vpc
--- PASS: TestAccAWSSpotInstanceRequest_vpc (234.56s)
=== RUN TestAccAWSSpotInstanceRequest_SubnetAndSG
--- PASS: TestAccAWSSpotInstanceRequest_SubnetAndSG (146.16s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 565.131s
```
Fix an issue when trying to get a public IPv4 address and a public IPv6
address that results in the following error:
Error launching source instance: InvalidParameterCombination:
Network interfaces and an instance-level IPv6 address count may not
be specified on the same request
To fix, in situations where we want a IPv6 addresses AND we need to
manually specify network interfaces on the instance, create the IPv6
addresses on the network interface that we're creating rather than on
the instance itself.
Fixes#13250
Fixes: #14032
When you are using an IPv6 address directly to an instance, it was
causing the ipv6_address_count to try and ForceNew resource. It wasn't
marked as computed
I was able to see this here:
```
-/+ aws_instance.test
ami: "ami-c5eabbf5" => "ami-c5eabbf5"
associate_public_ip_address: "false" => "<computed>"
availability_zone: "us-west-2a" => "<computed>"
ebs_block_device.#: "0" => "<computed>"
ephemeral_block_device.#: "0" => "<computed>"
instance_state: "running" => "<computed>"
instance_type: "t2.micro" => "t2.micro"
ipv6_address_count: "1" => "0" (forces new resource)
ipv6_addresses.#: "1" => "1"
ipv6_addresses.0: "2600:1f14:bb2:e501::10" => "2600:1f14:bb2:e501::10"
key_name: "" => "<computed>"
network_interface.#: "0" => "<computed>"
network_interface_id: "eni-d19115ec" => "<computed>"
placement_group: "" => "<computed>"
primary_network_interface_id: "eni-d19115ec" => "<computed>"
private_dns: "ip-10-20-1-252.us-west-2.compute.internal" => "<computed>"
private_ip: "10.20.1.252" => "<computed>"
public_dns: "" => "<computed>"
public_ip: "" => "<computed>"
root_block_device.#: "1" => "<computed>"
security_groups.#: "0" => "<computed>"
source_dest_check: "true" => "true"
subnet_id: "subnet-3fdfb476" => "subnet-3fdfb476"
tags.%: "1" => "1"
tags.Name: "stack72" => "stack72"
tenancy: "default" => "<computed>"
volume_tags.%: "0" => "<computed>"
vpc_security_group_ids.#: "1" => "<computed>"
```
It now works as expected:
```
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_vpc.foo: Refreshing state... (ID: vpc-fa61669d)
aws_subnet.foo: Refreshing state... (ID: subnet-3fdfb476)
aws_internet_gateway.foo: Refreshing state... (ID: igw-70629a17)
aws_route_table.test: Refreshing state... (ID: rtb-0a52e16c)
aws_instance.test: Refreshing state... (ID: i-0971755345296aca5)
aws_route_table_association.a: Refreshing state... (ID: rtbassoc-b12493c8)
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```
We should error check up front on the use of num_cache_nodes and
cluster_mode. This allows us to write a test to make sure all works as
expected
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/09 19:04:56 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError -timeout 120m
=== RUN TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError
--- PASS: TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError (40.58s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 40.603s
```
Added support for provisioning a native redis cluster elasticache replication group.
A new TypeSet attribute `cluster_mode` has been added. It requires the following
fields:
- `replicas_per_node_group` - The number of replica nodes in each node group
- `num_node_groups` - The number of node groups for this Redis replication group
Notes:
- `automatic_failover_enabled` must be set to true.
- `number_cache_clusters` is now a optional and computed field. If `cluster_mode` is set
its value will be computed as:
```num_node_groups + num_node_groups * replicas_per_node_group```
Below is a sample config:
resource "aws_elasticache_replication_group" "bar" {
replication_group_id = "tf-redis-cluser"
replication_group_description = "test description"
node_type = "cache.t2.micro"
port = 6379
parameter_group_name = "default.redis3.2.cluster.on"
automatic_failover_enabled = true
cluster_mode {
replicas_per_node_group = 1
num_node_groups = 2
}
}
We were too greedy with the AWS specific tags ignore function - we
basically were ignoring anything starting with `aws` rather than just
using `aws:`
Fixes: #14308Fixes: #14247
With an EC2 instance that only had a single network interface, the primary interface, the Update function would call `ModifyInstanceAttribute()` on the target instance. This would only work if there was a single network interface attached to the EC2 instance. If, however, a secondary network interface was attached to the instance, the `ModifyInstanceAttribute()` API call would fail with the following error message:
> There are multiple interfaces attached to instance 'i-XXXXX'. Please specify an interface ID for the operation instead.
After this changeset, modifying instance security groups now makes the correct call to `ModifyNetworkInterfaceAttribute()` in order to modify the list of security groups on the primary network interface, as initially configured during the instances creation.
This change is also safe from an instance that has a non-default primary network interface, as the instance attribute `vpc_security_group_ids` conflicts with the new `network_interface` attribute.
Test Output:
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_addSecurityGroupNetworkInterface"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/08 17:52:42 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_addSecurityGroupNetworkInterface -timeout 120m
=== RUN TestAccAWSInstance_addSecurityGroupNetworkInterface
--- PASS: TestAccAWSInstance_addSecurityGroupNetworkInterface (327.75s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 327.756s
```
* provider/aws: Refresh ssm document from state on 404
Originally reported in #13976
When an SSM Document was deleted outside of Terraform, a terraform
refresh would return the following:
```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_ssm_document.foo: Refreshing state... (ID: test_document-stack72)
Error refreshing state: 1 error(s) occurred:
* aws_ssm_document.foo: aws_ssm_document.foo: [ERROR] Error describing SSM document: InvalidDocument:
status code: 400, request id: 70c9bed1-33bb-11e7-99aa-697e9b0914e9
```
On applying this patch, it now looks as follows:
```
% terraform plan
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_ssm_document.foo: Refreshing state... (ID: test_document-stack72)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_ssm_document.foo
arn: "<computed>"
content: " {\n \"schemaVersion\": \"1.2\",\n \"description\": \"Check ip configuration of a Linux instance.\",\n \"parameters\": {\n\n },\n \"runtimeConfig\": {\n \"aws:runShellScript\": {\n \"properties\": [\n {\n \"id\": \"0.aws:runShellScript\",\n \"runCommand\": [\"ifconfig\"]\n }\n ]\n }\n }\n }\n"
created_date: "<computed>"
default_version: "<computed>"
description: "<computed>"
document_type: "Command"
hash: "<computed>"
hash_type: "<computed>"
latest_version: "<computed>"
name: "test_document-stack72"
owner: "<computed>"
parameter.#: "<computed>"
platform_types.#: "<computed>"
schema_version: "<computed>"
status: "<computed>"
Plan: 1 to add, 0 to change, 0 to destroy.
```
* Update resource_aws_ssm_document.go
Adds computed `arn` to security group data source
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccDataSourceAwsSecurityGroup"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/05 10:17:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccDataSourceAwsSecurityGroup -timeout 120m
=== RUN TestAccDataSourceAwsSecurityGroup
--- PASS: TestAccDataSourceAwsSecurityGroup (56.72s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 56.725s
```