Commit Graph

174 Commits

Author SHA1 Message Date
Paul Stack 93e5d573ce provider/aws: Exclude aws_instance volume tagging for China and Gov Clouds (#14055)
Fixes: #14049

The China and Gov regions do not support the new way of tagging
instances and volumes on creation. Therefore, we need to hack this to
make sure we don't try and set these on instance creation
2017-04-28 12:09:18 +12:00
Gauthier Wallet 80d940d154 provider/aws: Added Cognito Identity Pool (#13783) 2017-04-21 12:53:48 +03:00
Sander van Harmelen 10c6c873ed provider/aws: add an option to skip getting the EC2 platforms (#13672)
* Add an option to skip getting the EC2 platforms

Even through this call fails silently in case of an error (usually lack of rights), it’s still a pretty extensive call.

In our region (eu-west-1) this can take up to 3 seconds. And since we have a system that involves doing much planning with the option `-refresh=false` these additional 3 seconds are really very annoying and totally not needed.

So being able to choose to skip them would make our lives a little better 😉

* Update the docs accordingly
2017-04-14 23:41:59 +02:00
James Bardin 0ec2a5cfd3 add AWSClient methods to get s3 and dyndb conns
Add getters for the AWSClient s3.S3 and dynamodb.DynamoDB clients so the
s3 remote-state backend can use all the same initialization code as the
aws provider.
2017-04-05 12:29:25 -04:00
clint shryock f5b3e0c558 provider/aws: Adjust User-Agent header 2017-03-17 10:30:32 -05:00
Radek Simko 50760374e0 aws: Discover supported EC2 platforms (#7568)
This will make it possible/easier to make decisions based on supported EC2 platforms (VPC and/or EC2 Classic)
in the context of any AWS resource which needs make such decisions.
2017-03-16 21:11:55 +00:00
Paul Stack 4f58099a0e provider/aws: Remove restriction on running aws_opsworks_* on us-east-1 (#12688)
Fixes: #11824

A full set of acceptance tests for *all* OpsWorks tests are below. There is a single issue, opsworks_instance isn't ordering the layer_ids so it's non-deterministic which can come back. This introduces a false positive.

The opsworks tests are running both against us-east-1 for some and us-west-2 for others. This must be marked as a backwards incompatibility in 0.9 just incase people are using the opsworks region parameter to try and override the provider region

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksApplication'                                                              2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:11:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksApplication -timeout 120m
=== RUN   TestAccAWSOpsworksApplication
--- PASS: TestAccAWSOpsworksApplication (164.29s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	164.319s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksCustomLayer'                                                                  ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:16:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksCustomLayer -timeout 120m
=== RUN   TestAccAWSOpsworksCustomLayerImportBasic
--- PASS: TestAccAWSOpsworksCustomLayerImportBasic (105.98s)
=== RUN   TestAccAWSOpsworksCustomLayer
--- PASS: TestAccAWSOpsworksCustomLayer (92.68s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	198.684s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksPermission'                                                                   ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:23:28 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksPermission -timeout 120m
=== RUN   TestAccAWSOpsworksPermission
--- PASS: TestAccAWSOpsworksPermission (226.36s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	226.386s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksRailsAppLayer'                          ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:28:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksRailsAppLayer -timeout 120m
=== RUN   TestAccAWSOpsworksRailsAppLayer
--- PASS: TestAccAWSOpsworksRailsAppLayer (129.39s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	129.426s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksUserProfile'                            ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:37:46 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksUserProfile -timeout 120m
=== RUN   TestAccAWSOpsworksUserProfile
--- PASS: TestAccAWSOpsworksUserProfile (42.60s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	42.624s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksStack'                                                                     2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 18:00:50 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksStack -timeout 120m
=== RUN   TestAccAWSOpsworksStackImportBasic
--- PASS: TestAccAWSOpsworksStackImportBasic (50.28s)
=== RUN   TestAccAWSOpsworksStackNoVpc
--- PASS: TestAccAWSOpsworksStackNoVpc (25.92s)
=== RUN   TestAccAWSOpsworksStackVpc
--- PASS: TestAccAWSOpsworksStackVpc (76.80s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	153.025s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksRdsDbInstance'                                                                                                               ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:38:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksRdsDbInstance -timeout 120m
=== RUN   TestAccAWSOpsworksRdsDbInstance
--- PASS: TestAccAWSOpsworksRdsDbInstance (916.15s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	916.177s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksInstance'           2 ↵
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:26:45 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksInstance -timeout 120m
=== RUN   TestAccAWSOpsworksInstance_importBasic
--- PASS: TestAccAWSOpsworksInstance_importBasic (85.52s)
=== RUN   TestAccAWSOpsworksInstance
--- FAIL: TestAccAWSOpsworksInstance (114.09s)
	testing.go:268: Step 1 error: After applying this step, the plan was not empty:

		DIFF:

		UPDATE: aws_opsworks_instance.tf-acc
		  layer_ids.0: "4c29b76f-df72-409e-a5c4-9459b7d9b4a4" => "a4a859cf-2a07-447e-a151-a97a6d827db7"
		  layer_ids.1: "a4a859cf-2a07-447e-a151-a97a6d827db7" => "4c29b76f-df72-409e-a5c4-9459b7d9b4a4"

      FAIL
      exit status 1
      FAIL	github.com/hashicorp/terraform/builtin/providers/aws	199.643s
      make: *** [testacc] Error 1
```
2017-03-15 16:17:53 +02:00
Erik Jansson 62aa2c583a provider/aws: New resource codepipeline (#11814)
* provider/aws: New resource codepipeline

* Vendor aws/codepipeline

* Add tests

* Add docs

* Bump codepipeline to v1.6.25

* Adjustments based on feedback

* Force new resource on ID change

* Improve tests

* Switch update to read

Since we don't require a second pass, only do a read.

* Skip tests if GITHUB_TOKEN is not set
2017-02-22 19:31:24 +02:00
Radek Simko 1fdd52ea20
provider/aws: Add aws_config_config_rule 2017-02-13 14:01:30 +00:00
liamjbennett 4aa5117e82
New resource aws_codebuild_project 2017-02-02 16:13:51 +00:00
Jack Bruno be56c7d2f6 provider/aws: Add AWS DMS (data migration service) resources (#11122)
* Add aws dms vendoring

* Add aws dms endpoint resource

* Add aws dms replication instance resource

* Add aws dms replication subnet group resource

* Add aws dms replication task resource

* Fix aws dms resource go vet errors

* Review fixes: Add id validators for all resources. Add validator for endpoint engine_name.

* Add aws dms resources to importability list

* Review fixes: Add aws dms iam role dependencies to test cases

* Review fixes: Adjustments for handling input values

* Add aws dms replication subnet group tagging

* Fix aws dms subnet group doesn't use standard error for resource not found

* Missed update of aws dms vendored version

* Add aws dms certificate resource

* Update aws dms resources to force new for immutable attributes

* Fix tests failing on subnet deletion by adding explicit dependencies. Combine import tests with basic tests to cut down runtime.
2017-02-02 10:30:05 +00:00
Paul Stack 4ebd207803 provider/aws: Add support for policy to AWS provider assume_role (#11501)
Fixes: #11461

This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
2017-01-29 20:32:24 +00:00
Radek Simko 6d8d596883
provider/aws: Allow bypassing region validation 2017-01-23 15:04:46 +00:00
David Blooman 05c83a3ca1 provider/aws: Add Inspector Support (#11217)
* provider/aws: Add Inspector Support

* inscrease time to 1 hour
2017-01-17 17:30:46 +00:00
Paul Stack 73e950989c provider/aws: Allow creating aws_codecommit repository outside of (#11177)
us-east-1

Fixes #11175

Because of a previous limitation that codecommit only ran in us-east-1,
we hard coded the session under which it should run. This has caused the
repository to be spun up in the wrong region regardless of what region
was passed to the provider

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCodeCommitRepository_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/12 16:09:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCodeCommitRepository_ -timeout 120m
=== RUN   TestAccAWSCodeCommitRepository_basic
--- PASS: TestAccAWSCodeCommitRepository_basic (23.28s)
=== RUN   TestAccAWSCodeCommitRepository_withChanges
--- PASS: TestAccAWSCodeCommitRepository_withChanges (33.71s)
=== RUN   TestAccAWSCodeCommitRepository_create_default_branch
--- PASS: TestAccAWSCodeCommitRepository_create_default_branch (22.70s)
=== RUN   TestAccAWSCodeCommitRepository_create_and_update_default_branch
--- PASS: TestAccAWSCodeCommitRepository_create_and_update_default_branch (32.72s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	112.437s
```
2017-01-12 16:27:04 +02:00
Ninir fe60b4e90a Added aws-sdk-go SFN service (#11109) 2017-01-10 14:17:39 +00:00
James Nugent a160d1cd69 provider/aws: Support eu-west-2 (#10470)
* provider/aws: Support eu-west-2

This is the new London region - we don't have access yet but several
enquiries have come from customers who do.

* provider/aws: Support eu-west-2 region

* Update hosted_zones.go
2016-12-14 09:33:58 +00:00
Eddy Hernandez 7e737dac62 Add support for AWS CA Central 1 Region (#10618)
* Add support for AWS CA Central 1 Region

* additional metadata for ca-central-1

* add elb metadata for ca-central-1
2016-12-09 10:35:07 +01:00
clint shryock 44ffe71695 provider/aws: Add Lightsail Instance
Adds initial support for AWS Lightsail Instances
2016-12-02 16:35:57 -06:00
Mitchell Hashimoto 125b7f4d44 Merge pull request #9806 from hashicorp/f-modify-aws-user-agent
provider/aws: Modify AWS User-Agent to new format
2016-11-04 08:50:15 -07:00
Paul Hinze ccd745c96f provider/aws: New Data Source: aws_acm_certificate
Use this data source to get the ARN of a certificate in AWS Certificate
Manager (ACM). The process of requesting and verifying a certificate in ACM
requires some manual steps, which means that Terraform cannot automate the
creation of ACM certificates. But using this data source, you can reference
them by domain without having to hard code the ARNs as input.

The acceptance test included requires an ACM certificate be pre-created
in and information about it passed in via environment variables. It's a
bit sad but there's really no other way to do it.
2016-11-03 19:34:19 -04:00
clint shryock 5cd40bce30 provider/aws: Modify AWS User-Agent to new format 2016-11-02 10:43:35 -05:00
Matt Moyer 2b9f5f5f6f Add support for AWS US East (Ohio) region. 2016-10-17 15:48:18 -05:00
James Nugent ad57b445e9 Merge pull request #9273 from jmcarp/issue-5307
Parse AWS partition from ARN.
2016-10-11 11:31:04 -05:00
James Nugent 52f4e23ac3 provider/aws: Add extra logging on AuthFailure
This pull request is intended to add a temporary control to Terraform to
output more verbose logging in the case of an AuthFailure error being
returned by the AWS API.
2016-10-10 17:26:30 -04:00
Joshua Carp 1f8c2e4c69 Parse AWS partition from ARN.
[Resolves #5307]
2016-10-07 00:08:30 -04:00
Anshul Sharma 75e358ab85 Vendored WAF (#8785)
* Vendored WAF

* WAF with tag 1.4.7
2016-09-13 07:32:42 +01:00
Radek Simko 3e3043adf4
provider/aws: Prevent crash on account ID validation 2016-09-08 11:46:18 +01:00
James Nugent e3ccb51168 provider/aws: Add assume_role block to provider
This replaces the previous `role_arn` with a block which looks like
this:

```
provider "aws" {
        // secret key, access key etc

	assume_role {
	        role_arn = "<Role ARN>"
		session_name = "<Session Name>"
		external_id = "<External ID>"
	}
}
```

We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.

Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
2016-09-03 12:54:30 -07:00
Ian Duffy 767914bbdc [GH-1275] Support for AWS access via IAMs AssumeRole functionality
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-09-02 10:22:57 -07:00
Paul Stack 64510d9cfb provider/aws: Adding `aws_ssm_document` resource (#8460)
* provider/aws: add `aws_ssm_document` resource

* provider/aws: Changes to `aws_ssm_document` post code review

The changes are things like using d.Id rather than d.Get("name").(string)

and errwrap.Wrapf rather than fmt.Errorf
2016-08-25 09:47:24 +01:00
Mitchell Hashimoto 13cf04b2b7
providers/aws: fix error on bad session 2016-08-18 22:35:48 -04:00
James Nugent ebdfe76530 provider/aws: Add ELBv2 to AWS config 2016-08-17 13:55:18 +01:00
Renier Morales ef9f3a45b1 Add S3 endpoint override ability and expose S3 path style option (#7871)
* Overriding S3 endpoint - Enable specifying your own
  S3 api endpoint to override the default one, under
  endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
  configuration to the provider.
2016-08-12 17:52:12 +01:00
Radek Simko e251d5c7bd Merge pull request #8114 from TimeIncOSS/f-aws-skip-options
aws: Change names of new skip_* fields + document those
2016-08-12 07:00:14 +01:00
James Nugent 21d1ac41fa Merge branch 'd-update-aws-sdk' 2016-08-11 12:52:35 -04:00
Radek Simko 0e1bccafed
aws: Let acc ID validation fail when we have no ID
- we could've had ConflictsWith between affected fields, but that would make it fail even if skip_requesting_account_id=false and ConflictsWhen is not a thing (yet)
2016-08-10 17:30:49 +01:00
Radek Simko 0ab3bc4105
aws: Change field names + desc according to reality
- skip_iam_creds_validation => skip_credentials_validation
 - skip_iam_account_id => skip_requesting_account_id
2016-08-10 16:46:05 +01:00
Radek Simko 2073e80c66
aws/config: Shortened conditions [cleanup] 2016-08-10 15:25:16 +01:00
Renier Morales c2bcb5fbe5 Skip IAM/STS validation and metadata check (#7874)
* Skip IAM/STS validation and metadata check

* Skip IAM/STS identity validation - For environments or other api
  implementations where there are no IAM/STS endpoints available, this
  option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
  time there isn't going to be a metadta api endpoint, this option lets
  you opt out from that check to save time.

* Allow iam/sts initialization even if skipping account/cred validation

(#7874)

* Split out skip of IAM validation into credentials and account id

(#7874)
2016-08-10 15:10:34 +01:00
James Nugent 6ddb8f5975 provider/aws: session.New -> session.NewSession()
Version 1.3.1 deprecates use of `session.New()` in favour of
`session.NewSession()`, which also returns an error. This commit updates
the various call sites previously making use of `session.New()`.
2016-08-08 17:57:35 -05:00
Andreas Skarmutsos Lindh cc912c39e5
AWS Application AutoScaling
Initial work on two new resource types:
* `aws_appautoscaling_target`
* `aws_appautoscaling_policy`

Fix acc tests
2016-07-26 10:43:06 +01:00
clint shryock c4e6c14fec provider/aws: Restore lost client.simpledbconn initialization
It once was lost but now is found!
2016-07-22 10:33:30 -05:00
James Bardin 2712328d5a Merge pull request #7756 from hashicorp/jbardin/tf-atlas-version
core: send version info to atlas
2016-07-22 10:56:43 -04:00
James Bardin f66d1a10a4 Add VersionString
We conditionally format version with VersionPrerelease in a number of
places. Add a package-level function where we can unify the version
format. Replace most of version formatting in terraform, but leave th
few instances set from the top-level package to make sure we don't break
anything before release.
2016-07-21 16:43:49 -04:00
Paul Hinze df5d2c9a63 provider/aws: pull iamconn setup earlier (#7734)
Fixes problem introduced in re-arrangement of config
2016-07-21 00:38:14 +01:00
Paul Hinze 4078221957 provider/aws: Clean up aws config path a bit (#7672)
Rearrange client setup, and remove the extraneous log lines we make per
connection. There's no need to log one line per API client - we're just
setting up structs for most of them.

Since this collapses the file down quite a bit, switch to alphabetized
client setup, since previously there wasn't much of an order to things.
2016-07-20 23:49:57 +01:00
Martin Häger 32abd937f1 SimpleDB domain resource (#7600) 2016-07-12 12:55:58 +01:00
Radek Simko 68bb58db35 aws: Add new region (Mumbai) (#7383)
* aws: Sort and format list of valid regions

* aws: Add new region (ap-south-1 / Mumbai)

https://aws.amazon.com/about-aws/whats-new/2016/06/announcing-the-aws-asia-pacific-mumbai-region/
2016-06-28 12:18:36 +01:00
yissachar 1bd8b449e0 Add SES resource (#5387)
* Add SES resource

* Detect ReceiptRule deletion outside of Terraform

* Handle order of rule actions

* Add position field to docs

* Fix hashes, add log messages, and other small cleanup

* Fix rebase issue

* Fix formatting
2016-06-26 22:07:14 +01:00