Commit Graph

146 Commits

Author SHA1 Message Date
James Nugent e3ccb51168 provider/aws: Add assume_role block to provider
This replaces the previous `role_arn` with a block which looks like
this:

```
provider "aws" {
        // secret key, access key etc

	assume_role {
	        role_arn = "<Role ARN>"
		session_name = "<Session Name>"
		external_id = "<External ID>"
	}
}
```

We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.

Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
2016-09-03 12:54:30 -07:00
Ian Duffy 767914bbdc [GH-1275] Support for AWS access via IAMs AssumeRole functionality
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-09-02 10:22:57 -07:00
Paul Stack 64510d9cfb provider/aws: Adding `aws_ssm_document` resource (#8460)
* provider/aws: add `aws_ssm_document` resource

* provider/aws: Changes to `aws_ssm_document` post code review

The changes are things like using d.Id rather than d.Get("name").(string)

and errwrap.Wrapf rather than fmt.Errorf
2016-08-25 09:47:24 +01:00
Mitchell Hashimoto 13cf04b2b7
providers/aws: fix error on bad session 2016-08-18 22:35:48 -04:00
James Nugent ebdfe76530 provider/aws: Add ELBv2 to AWS config 2016-08-17 13:55:18 +01:00
Renier Morales ef9f3a45b1 Add S3 endpoint override ability and expose S3 path style option (#7871)
* Overriding S3 endpoint - Enable specifying your own
  S3 api endpoint to override the default one, under
  endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
  configuration to the provider.
2016-08-12 17:52:12 +01:00
Radek Simko e251d5c7bd Merge pull request #8114 from TimeIncOSS/f-aws-skip-options
aws: Change names of new skip_* fields + document those
2016-08-12 07:00:14 +01:00
James Nugent 21d1ac41fa Merge branch 'd-update-aws-sdk' 2016-08-11 12:52:35 -04:00
Radek Simko 0e1bccafed
aws: Let acc ID validation fail when we have no ID
- we could've had ConflictsWith between affected fields, but that would make it fail even if skip_requesting_account_id=false and ConflictsWhen is not a thing (yet)
2016-08-10 17:30:49 +01:00
Radek Simko 0ab3bc4105
aws: Change field names + desc according to reality
- skip_iam_creds_validation => skip_credentials_validation
 - skip_iam_account_id => skip_requesting_account_id
2016-08-10 16:46:05 +01:00
Radek Simko 2073e80c66
aws/config: Shortened conditions [cleanup] 2016-08-10 15:25:16 +01:00
Renier Morales c2bcb5fbe5 Skip IAM/STS validation and metadata check (#7874)
* Skip IAM/STS validation and metadata check

* Skip IAM/STS identity validation - For environments or other api
  implementations where there are no IAM/STS endpoints available, this
  option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
  time there isn't going to be a metadta api endpoint, this option lets
  you opt out from that check to save time.

* Allow iam/sts initialization even if skipping account/cred validation

(#7874)

* Split out skip of IAM validation into credentials and account id

(#7874)
2016-08-10 15:10:34 +01:00
James Nugent 6ddb8f5975 provider/aws: session.New -> session.NewSession()
Version 1.3.1 deprecates use of `session.New()` in favour of
`session.NewSession()`, which also returns an error. This commit updates
the various call sites previously making use of `session.New()`.
2016-08-08 17:57:35 -05:00
Andreas Skarmutsos Lindh cc912c39e5
AWS Application AutoScaling
Initial work on two new resource types:
* `aws_appautoscaling_target`
* `aws_appautoscaling_policy`

Fix acc tests
2016-07-26 10:43:06 +01:00
clint shryock c4e6c14fec provider/aws: Restore lost client.simpledbconn initialization
It once was lost but now is found!
2016-07-22 10:33:30 -05:00
James Bardin 2712328d5a Merge pull request #7756 from hashicorp/jbardin/tf-atlas-version
core: send version info to atlas
2016-07-22 10:56:43 -04:00
James Bardin f66d1a10a4 Add VersionString
We conditionally format version with VersionPrerelease in a number of
places. Add a package-level function where we can unify the version
format. Replace most of version formatting in terraform, but leave th
few instances set from the top-level package to make sure we don't break
anything before release.
2016-07-21 16:43:49 -04:00
Paul Hinze df5d2c9a63 provider/aws: pull iamconn setup earlier (#7734)
Fixes problem introduced in re-arrangement of config
2016-07-21 00:38:14 +01:00
Paul Hinze 4078221957 provider/aws: Clean up aws config path a bit (#7672)
Rearrange client setup, and remove the extraneous log lines we make per
connection. There's no need to log one line per API client - we're just
setting up structs for most of them.

Since this collapses the file down quite a bit, switch to alphabetized
client setup, since previously there wasn't much of an order to things.
2016-07-20 23:49:57 +01:00
Martin Häger 32abd937f1 SimpleDB domain resource (#7600) 2016-07-12 12:55:58 +01:00
Radek Simko 68bb58db35 aws: Add new region (Mumbai) (#7383)
* aws: Sort and format list of valid regions

* aws: Add new region (ap-south-1 / Mumbai)

https://aws.amazon.com/about-aws/whats-new/2016/06/announcing-the-aws-asia-pacific-mumbai-region/
2016-06-28 12:18:36 +01:00
yissachar 1bd8b449e0 Add SES resource (#5387)
* Add SES resource

* Detect ReceiptRule deletion outside of Terraform

* Handle order of rule actions

* Add position field to docs

* Fix hashes, add log messages, and other small cleanup

* Fix rebase issue

* Fix formatting
2016-06-26 22:07:14 +01:00
Radek Simko 6fed5eb8f0 aws: Use new STS endpoint to validate creds (#6536) 2016-06-20 23:14:07 +01:00
James Bardin 5c1b625c84 Add support for Amazon Elastic Transcoder
- Add resources for elastic transcoder pipelines and presets
2016-06-07 16:07:08 -04:00
Radek Simko e32a8c1c5b Merge pull request #6385 from Ticketmaster/use-sts-GetCallerIdentity
provider/aws: Added sts:GetCallerIdentity to GetAccountId for federated logins
2016-05-05 17:35:32 +01:00
Kraig Amador a23bcf2ec9 Added accountid to AWSClient and set it early in the initialization phase. We use iam.GetUser(nil) scattered around to get the account id, but this isn't the most reliable method. GetAccountId now uses one more method (sts:GetCallerIdentity) to get the account id, this works with federated users. 2016-05-05 07:02:12 -07:00
Blake Smith 8821aea945 provider/aws: Add AWS EMR dependency (#2098) (#6492) 2016-05-05 11:34:18 +01:00
Colin Hebert f1f602cdf6 aws: Enable account ID check for assumed roles + EC2 instances 2016-04-27 12:56:03 +02:00
Chris Marchesi a38ccbe074 CloudFront distribution and origin access identity support (#5221)
* CloudFront implementation v3

* Update tests

* Refactor - new resource: aws_cloudfront_distribution

 * Includes a complete re-write of the old aws_cloudfront_web_distribution
   resource to bring it to feature parity with API and CloudFormation.
 * Also includes the aws_cloudfront_origin_access_identity resource to generate
   origin access identities for use with S3.
2016-04-14 14:55:11 -05:00
Paul Hinze 25fce81bfc provider/aws: log HTTP req/resp at DEBUG level
This should be quite helpful in debugging aws-sdk-go operations.

Required some tweaking around the `helper/logging` functions to expose an
`IsDebugOrHigher()` helper for us to use.
2016-03-14 12:26:37 -05:00
Paul Hinze fff441b4ac provider/aws: send Terraform version in User-Agent 2016-03-14 12:16:49 -05:00
Paul Hinze 60b239d7d1 provider/aws: Switch to session.Copy to build up configs
Found this function which makes the config setup much nicer - looks like
it's meant to be used for the very thing we're doing, which is starting
w/ a base config and customizing it slightly.

https://docs.aws.amazon.com/sdk-for-go/api/aws/session/Session.html#Copy-instance_method

This will make the User-Agent setting code to follow much simpler.
2016-03-14 11:42:37 -05:00
Philip Witty 6648df7acc Added AWS KMS key & alias support 2016-03-08 09:30:47 +00:00
clint shryock f0d3176999 provider/aws: Add Elastic Beanstalk Application, Configuration Template, and Environment
This adds support for Elastic Beanstalk Applications, Configuration Templates,
and Environments.

This is a combined work of @catsby, @dharrisio, @Bowbaq, and @jen20
2016-03-07 14:43:23 -06:00
Raphael Randschau fdf0cfa66d Vendor AWS APIGateway API 2016-03-05 23:12:19 +01:00
Radek Simko ab89e5e528 provider/aws: Add CloudWatch Event Rule 2016-02-13 13:21:32 +00:00
Hasan Türken e41266e971 Move endpoint options into endpoints block 2016-02-12 09:38:21 -06:00
Hasan Türken 231604e8b7 support custom endpoints for AWS EC2 ELB and IAM 2016-02-12 09:35:50 -06:00
clint shryock 45c9a10d0f provider/aws: Provide a better message if no AWS creds are found 2016-01-27 16:30:03 -06:00
James Nugent ace215481a provider/aws: Add profile to provider config
This allows specification of the profile for the shared credentials
provider for AWS to be specified in Terraform configuration. This is
useful if defining providers with aliases, or if you don't want to set
environment variables. Example:

$ aws configure --profile this_is_dog
... enter keys

$ cat main.tf
provider "aws" {
    profile = "this_is_dog"

    # Optionally also specify the path to the credentials file
    shared_credentials_file = "/tmp/credentials"
}

This is equivalent to specifying AWS_PROFILE or
AWS_SHARED_CREDENTIALS_FILE in the environment.
2016-01-14 15:39:35 +00:00
Clint 7f6624e926 Merge pull request #3862 from stack72/aws-redshift
provider/aws: AWS Redshift
2016-01-13 16:52:47 -06:00
Mark Troyer b396bbb3e4 provider/aws: Allow ap-northeast-2 (Seoul) as valid region 2016-01-11 13:46:53 -08:00
nextrevision 6a3ed429ad Adding AWS ECR provider resources
Adds ECR aws_ecr_repository and aws_ecr_repository_policy resources to
the AWS provider.
2015-12-22 10:31:30 -05:00
stack72 85afc7d614 Initial creation of the work for AWS RedShift Support
Finalising the schema and acceptance tests for the Redshift Security Group's
2015-12-20 20:19:55 +00:00
clint shryock adf417809a add some comments on auth refactoring 2015-12-15 10:49:23 -06:00
clint shryock 5f5459a1fb provider/aws: Refactor AWS Authentication chain
- update auth checking to check metadata header
- refactor tests to not export os env vars
2015-12-15 10:46:10 -06:00
stack72 d14d891367 Finishing the first pass at Kinesis Firehose. I have only implemented the S3 configuration right now as Terraform doesn't include RedShift support 2015-11-10 16:24:33 +00:00
stack72 fc983c5505 Initial Create, Read and Delete work for the S3 part of the Kinesis Firehose resource 2015-11-09 22:26:55 +00:00
stack72 63d7f5993d Changing the AWS CodeCommit Connection Initiation to use the new session based work 2015-10-30 22:23:28 +00:00
stack72 89ce6f7c83 Started the work for the AWS CodeCommit Repository resource
Starting to add the skeleton for the creation and update of a repository
2015-10-30 21:39:04 +00:00