This commits changes the documentation of the aws_ecs_task_definition
resource to ensure that the `container_definitions` attribute consumes
a valid JSON document containing a list of valid container definitions,
rather than that the attribute itself is a list, etc.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This adds a note in the `aws_iam_policy_document` documentation that
`resources` is required by AWS if used on an IAM policy. Also added a
note on `aws_iam_policy` that `aws_iam_policy_document` is a good thing
to use when configuring.
Closes#9002
This commit adds a new HTTP method to a list of valid HTTP methods which
is now accepted by API Gateway.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
use us-west-2 region in tests
update test with working config
provider/aws: Update EMR contribution with passing test, polling for instance in DELETE method
remove defaulted role
document emr_cluster
rename aws_emr -> aws_emr_cluster
update docs for name change
update delete timeout/polling
rename emr taskgroup to emr instance group
default instance group count to 0, down from 60
update to ref emr_cluster, emr_instance_group
more cleanups for instance groups; need to read and update
add read, delete method for instance groups
refactor the read method to seperate out the fetching of the specific group
more refactoring for finding instance groups
update emr instance group docs
err check on reading HTTP. Dont' return the error, just log it
refactor the create method to catch optionals
additional cleanups, added a read method
update test to be non-master-only
wrap up the READ method for clusters
poll for instance group to be running after a modification
patch up a possible deref
provider/aws: EMR cleanups
fix test naming
remove outdated docs
randomize emr_profile names
The primary purpose of this data source is to ask the question "what is
my current region?", but it can also be used to retrieve the endpoint
hostname for a particular (possibly non-current) region, should that be
useful for some esoteric case.
This adds a singular data source in addition to the existing plural one.
This allows retrieving data about a specific AZ.
As a helper for writing reusable modules, the AZ letter (without its
usual region name prefix) is exposed so that it can be used in
region-agnostic mappings where a different value is used per AZ, such as
for subnet numbering schemes.
Looks like AWS updated their API and now our tests are failing
because QueryStringCacheKeys was not included in the distribution
configuration.
This adds support for specifying query string cache keys in the
CloudFront distribution configuration, which ensures that only a subset
of query string keys are actually cached when forwarding query strings,
possibly improving performance.
Added http_version to aws_cloudfront_distribution, which allows
selection of the maximum HTTP version to use in the distribution.
Defaults to http2.
Fixeshashicorp/terraform#8730.
* provider/aws: Fix importing of EIP by IP address
EIPs are meant to be imported by their allocation id, however, importing
by their EIP *appears* to work because this API actually accepts IP
lookup, despite the documentation asking for the allocation id.
This PR does:
- update docs on how to import EIPs
- fix case if user imported by IP, to switch to using the alloc id for
the resource id
I chose not to document that looking up by IP is a method of import,
because the AWS API docs do not explicitly say that looking up by IP is
OK, so I'd rather people not do it if it's not documented to stay that
way.
Alternatively, we could parse the resource ID and reject it (remove from
state with error/warning) if it doesn't match the `eipalloc-*` format,
but I thought this was a bit better UX.
* fix issue with swapping IDs on EC2 Classic
* update docs
* update comment
Based on support case with AWS, CloudWatch Events invoking Lambda should also specify the `source_arn`
Example, the resulting policy needs to be like:
```
{
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:events:us-east-1:0123456789:rule/my-cloudwatch-events-rule"
}
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-1:0123456789:function:my-lambda-function",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Sid": "AllowMyCloudWatchEventRuleToCallMyLambda"
}
```
aws_alb_target_group will ForceNew resource
Fixes#8741
The modify-target-group doesn't allow changes to name, port, protocol or
vpc_id - therefore, they should all be ForceNew: true
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/22 16:04:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (50.66s)
=== RUN TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (84.48s)
=== RUN TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (95.89s)
=== RUN TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (85.77s)
=== RUN TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (85.00s)
=== RUN TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (88.11s)
=== RUN TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (82.15s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 572.083s
```
Clarified that to send notifications to more than one Lambda function requires a single `s3_bucket_notification` element with multiple `lambda_function` configuration elements.
If multiple `s3_bucket_notification` elements, each with a single `lambda_function` element are used, one of the configurations is applied, seemingly at random.
When creating a CloudWatch Metric for an Application Load Balancer it is
neccessary to use the suffix of the ARN as the reference to the load
balancer. This commit exposes that as an attribute on the `aws_alb`
resource to prevent the need to use regular expression substitution to
make the reference.
Fixes#8808.
I noticed that Terraform is not (anymore) parsing the value of environment variable `AWS_SECURITY_TOKEN` (which was re-added in May 2015: https://github.com/hashicorp/terraform/pull/1785)
Example ENV:
```
AWS_SECURITY_TOKEN="FQo...vgU="
AWS_ACCESS_KEY_ID="A...A"
AWS_SECRET_ACCESS_KEY="I...t"
AWS_DEFAULT_REGION="eu-west-1"
```
This errors with messages akin to "AWS was not able to validate the provided access credentials".
Setting `AWS_SESSION_TOKEN` instead of `AWS_SECURITY_TOKEN` on the other hand works just fine and seems to be in line with what is suggested in the code: d1ac7d3b2e/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go (L69), making this whole thing a documentation change.
Happy to provide test cases or additional insights though!
In order to satisify scenarios where a lifecycle is block is used, we
would need the AWS ALB name field to be autogenerated. WE follow the
same work as AWS ELB, we prefix it with `tl-lb-`
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/08 12:43:40 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout
120m
=== RUN TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (79.81s)
=== RUN TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (93.81s)
=== RUN TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (73.48s)
=== RUN TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (181.32s)
=== RUN TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (66.03s)
=== RUN TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (130.82s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 625.285s
```
This is a requirement for enabling CloudWatch Logging on Kinesis
Firehost
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudWatchLogStream_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:19:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudWatchLogStream_ -timeout 120m
=== RUN TestAccAWSCloudWatchLogStream_basic
--- PASS: TestAccAWSCloudWatchLogStream_basic (22.31s)
=== RUN TestAccAWSCloudWatchLogStream_disappears
--- PASS: TestAccAWSCloudWatchLogStream_disappears (21.21s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 43.538s
Update the aws_vpc_peering_connection resource to allow peer_owner_id
to be omitted, defaulting to the connected AWS account ID (ie: for
VPC-to-VPC peers in the same account).
Also included is a doc cleanup and updates to the peer test in
resource_aws_route_table_test.go.
This fixeshashicorp/terraform#6396.
This replaces the previous `role_arn` with a block which looks like
this:
```
provider "aws" {
// secret key, access key etc
assume_role {
role_arn = "<Role ARN>"
session_name = "<Session Name>"
external_id = "<External ID>"
}
}
```
We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.
Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.
In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
Pat Downey