Update the aws_vpc_peering_connection resource to allow peer_owner_id
to be omitted, defaulting to the connected AWS account ID (ie: for
VPC-to-VPC peers in the same account).
Also included is a doc cleanup and updates to the peer test in
resource_aws_route_table_test.go.
This fixeshashicorp/terraform#6396.
This replaces the previous `role_arn` with a block which looks like
this:
```
provider "aws" {
// secret key, access key etc
assume_role {
role_arn = "<Role ARN>"
session_name = "<Session Name>"
external_id = "<External ID>"
}
}
```
We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.
Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.
In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
* [WIP] AWS APIGateway Custom Authorizer
* provider/aws: api_gateway_method - Add missing fields to Read+Update
* provider/aws: Make API Gateway name in test more specific
* provider/aws: APIG - Use minimal configuration in create request
In this example, principal "AWS": "*" tells IAM that any user in the world can assume that role as long as they know the account ID + role name.
In my testing, "Service": "ec2.amazonaws.com" is sufficiently permissive to allow the instance_profile to work without allowing global accesses.
* provider/aws: Add docs for Default Route Table
* add new default_route_table_id attribute, test to VPC
* stub
* add warning to docs
* rough implementation
* first test
* update test, add swap test
* fix typo
Fixes#8468
If a user wished to bump the `engine_version` of an RDS instance,
Terraform was not sending `allow_major_version_upgrade` to the API
*unless* that value also changed at the same time. This caused the
following error from RDS API:
```
* aws_db_instance.bar: Error modifying DB Instance
* tf-20160825101420910562798obb: InvalidParameterCombination: The
* AllowMajorVersionUpgrade flag must be present when upgrading to a new
* major version.
status code: 400, request id: 20e36364-6ab0-11e6-b794-51f12f4135f1
```
This change will always send the `allow_major_version_upgrade` flag to
the API when the `engine_version` changes.
This still relies on the user setting the correct value i.e. if they are
upgrading from postgres 0.4.7 -> 9.5.2 then the config will need to set
the `allow_major_version_upgrade` flag to be `true`
* provider/aws: add `aws_ssm_document` resource
* provider/aws: Changes to `aws_ssm_document` post code review
The changes are things like using d.Id rather than d.Get("name").(string)
and errwrap.Wrapf rather than fmt.Errorf