This is a requirement for enabling CloudWatch Logging on Kinesis
Firehost
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudWatchLogStream_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:19:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudWatchLogStream_ -timeout 120m
=== RUN TestAccAWSCloudWatchLogStream_basic
--- PASS: TestAccAWSCloudWatchLogStream_basic (22.31s)
=== RUN TestAccAWSCloudWatchLogStream_disappears
--- PASS: TestAccAWSCloudWatchLogStream_disappears (21.21s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 43.538s
Update the aws_vpc_peering_connection resource to allow peer_owner_id
to be omitted, defaulting to the connected AWS account ID (ie: for
VPC-to-VPC peers in the same account).
Also included is a doc cleanup and updates to the peer test in
resource_aws_route_table_test.go.
This fixeshashicorp/terraform#6396.
This replaces the previous `role_arn` with a block which looks like
this:
```
provider "aws" {
// secret key, access key etc
assume_role {
role_arn = "<Role ARN>"
session_name = "<Session Name>"
external_id = "<External ID>"
}
}
```
We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.
Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.
In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
* [WIP] AWS APIGateway Custom Authorizer
* provider/aws: api_gateway_method - Add missing fields to Read+Update
* provider/aws: Make API Gateway name in test more specific
* provider/aws: APIG - Use minimal configuration in create request
In this example, principal "AWS": "*" tells IAM that any user in the world can assume that role as long as they know the account ID + role name.
In my testing, "Service": "ec2.amazonaws.com" is sufficiently permissive to allow the instance_profile to work without allowing global accesses.
* provider/aws: Add docs for Default Route Table
* add new default_route_table_id attribute, test to VPC
* stub
* add warning to docs
* rough implementation
* first test
* update test, add swap test
* fix typo
Fixes#8468
If a user wished to bump the `engine_version` of an RDS instance,
Terraform was not sending `allow_major_version_upgrade` to the API
*unless* that value also changed at the same time. This caused the
following error from RDS API:
```
* aws_db_instance.bar: Error modifying DB Instance
* tf-20160825101420910562798obb: InvalidParameterCombination: The
* AllowMajorVersionUpgrade flag must be present when upgrading to a new
* major version.
status code: 400, request id: 20e36364-6ab0-11e6-b794-51f12f4135f1
```
This change will always send the `allow_major_version_upgrade` flag to
the API when the `engine_version` changes.
This still relies on the user setting the correct value i.e. if they are
upgrading from postgres 0.4.7 -> 9.5.2 then the config will need to set
the `allow_major_version_upgrade` flag to be `true`
* provider/aws: add `aws_ssm_document` resource
* provider/aws: Changes to `aws_ssm_document` post code review
The changes are things like using d.Id rather than d.Get("name").(string)
and errwrap.Wrapf rather than fmt.Errorf
* Fix crash when reading VPC Peering Connection options.
This resolves the issue introduced in #8310.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Do not de-reference values when using Set().
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* provider/aws: Update VPC Peering connect accept/request attributes
* change from type list to type set
* provider/aws: Update VPC Peering accept/requst options, tests
* errwrap some things
* provider/aws: Change Spot Fleet Request to allow a combination of
subnet_id and availability_zone
Also added a complete set of tests that reflect all of the use cases
that Amazon document
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-examples.html
It is important to note there that Terraform will be suggesting that
users create multiple launch configurations rather than AWS's version of
combing values into CSV based parameters. This will ensure that we are
able to enforce the correct state
Also note that `associate_public_ip_address` now defaults to `false` - a migration has been
included in this PR to migration users of this functionality. This needs
to be noted in the changelog. The last part of changing functionality
here is waiting for the state of the request to become `active`. Before
we get to this state, we cannot guarantee that Amazon have accepted the
request or it could have failed validation.
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSSpotFleetRequest_'
% 2 ↵
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 15:44:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN TestAccAWSSpotFleetRequest_changePriceForcesNewRequest
--- PASS: TestAccAWSSpotFleetRequest_changePriceForcesNewRequest (133.90s)
=== RUN TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion (76.67s)
=== RUN TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList (75.22s)
=== RUN TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList (96.95s)
=== RUN TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz (74.44s)
=== RUN TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet (97.82s)
=== RUN TestAccAWSSpotFleetRequest_overriddingSpotPrice
--- PASS: TestAccAWSSpotFleetRequest_overriddingSpotPrice (76.22s)
=== RUN TestAccAWSSpotFleetRequest_diversifiedAllocation
--- PASS: TestAccAWSSpotFleetRequest_diversifiedAllocation (79.81s)
=== RUN TestAccAWSSpotFleetRequest_withWeightedCapacity
--- PASS: TestAccAWSSpotFleetRequest_withWeightedCapacity (77.15s)
=== RUN TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 788.184s
```
* Update resource_aws_spot_fleet_request.go
Replication Groups
In order to be able to restore a named snapshot as ElastiCache Cluster
or a Replication Group, the `snapshot_name` parameter was needed to be
passed. Changing the `snapshot_name` will force a new resource to be
created
```
```
resources
Fixes#8420
Adds the ability to update tags on the ALB resource as well as
supporting tags on `aws_alb_target_group`
```
ALB Tests:
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/23 19:30:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout 120m
=== RUN TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (67.18s)
=== RUN TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (99.88s)
=== RUN TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (62.49s)
=== RUN TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (126.25s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 355.835s
```
```
ALB Target Group Tests:
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/23 19:37:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (47.26s)
=== RUN TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (81.01s)
=== RUN TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (78.74s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 207.025s
```
Renamed the local_name_filter attribute to name_regex and made it clear in the
docs that this runs locally and could have a performance impact on a large set
of AMIs returned from AWS.
`aws_elasticache_replication_group`
Fixes#8377
Now we can output the endpoint of the primary
```
resource "aws_elasticache_replication_group" "bar" {
replication_group_id = "tf-11111"
replication_group_description = "test description"
node_type = "cache.m1.small"
number_cache_clusters = 2
port = 6379
parameter_group_name = "default.redis2.8"
apply_immediately = true
}
output "primary_endpoint_address" {
value = "${aws_elasticache_replication_group.bar.primary_endpoint_address}"
}
```
This gives us:
```
% terraform apply
...................
aws_elasticache_replication_group.bar: Creation complete
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
primary_endpoint_address = tf-11111.d5jx4z.ng.0001.use1.cache.amazonaws.com
```
This was the addition of a computed field only so the basic test still works as expected:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_basic' ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 17:11:13 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticacheReplicationGroup_basic -timeout 120m
=== RUN TestAccAWSElasticacheReplicationGroup_basic
--- PASS: TestAccAWSElasticacheReplicationGroup_basic (741.71s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 741.735s
```
In cases where the filters provided by AWS against the name of an AMI are not
sufficient, allow adding a "local_name_filter" which is a regex that is used
to filter the AMIs returned by amazon.
The Terraform documentation, rather correctly, refers to a list of options
you can pass to an Elastic Load Balancer from the AWS documentation. All but
one of these options works; 'Server Order Preference' doesn't work, because
the API refers to it as 'Server-Defined-Cipher-Order'.
Add a note to explain this, at least as a temporary solution.
Fixes#8340.
This commit adds two optional blocks called "accepter" and "requester" to the
resource allowing for setting desired VPC Peering Connection options for VPCs
that participate in the VPC peering.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds an `arn` field to `aws_alb` and `aws_alb_target_group`
resources, in order to present a more coherant user experience to people
using resource variables in fields suffixed "arn".
This commit adds a resource, acceptance tests and documentation for the
Target Groups for Application Load Balancers.
This is the second in a series of commits to fully support the new
resources necessary for Application Load Balancers.
This commit adds a resource, acceptance tests and documentation for the
new Application Load Balancer (aws_alb). We choose to use the name alb
over the package name, elbv2, in order to avoid confusion.
This is the first in a series of commits to fully support the new
resources necessary for Application Load Balancers.
* provider/aws: Add failing ETC + notifications test
* tidy up the docs some
* provider/aws: Update ElasticTranscoder to allow empty notifications, removing notifications, etc
When you need to enable monitoring for Redshift, you need to create the
correct policy in the bucket for logging. This needs to have the
Redshift Account ID for a given region. This data source provides a
handy lookup for this
http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRedshiftAccountId_basic' 2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 14:39:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftAccountId_basic -timeout 120m
=== RUN TestAccAWSRedshiftAccountId_basic
--- PASS: TestAccAWSRedshiftAccountId_basic (19.47s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 19.483s
The whitespace in the documentation for `aws_appautoscaling_policy` was very confusing. I believe it was due to a mix up of tabs and spaces. It's much prettier and easier to read now.
This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.
This will need revisiting and further testing once the work for
AssumeRole is integrated.
AWS Lambda VPC config is an optional configuration and which needs to both subnet_ids and
security_group_ids to tie the lambda function to a VPC. We should make it optional if
both subnet_ids and security_group_ids are not net which would add better flexiblity in
creation of more useful modules as there are "if else" checks. Without this we are creating
duplicate modules one with VPC and one without VPC resulting in various anomalies.
An S3 Bucket owner may wish to select a different underlying storage class
for an object. This commit adds an optional "storage_class" attribute to the
aws_s3_bucket_object resource so that the owner of the S3 bucket can specify
an appropriate storage class to use when creating an object.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Overriding S3 endpoint - Enable specifying your own
S3 api endpoint to override the default one, under
endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
configuration to the provider.
* provider/aws: Re-implement api gateway parameter handling
this PR cleans up some left overs from PR #4295, namely the parameter handling.
now that GH-2143 is finally closed this PR does away with the ugly
`request_parameters_in_json` and `response_parameters_in_json` hack.
* Add deprecation message and conflictsWith settings
following @radeksimko s advice, keeping the old code around with a deprecation
warning.
this should be cleaned up in a few releases
* provider/aws: fix missing append operation
* provider/aws: mark old parameters clearly as deprecated
* provider/aws work around #8104
following @radeksimko s lead
* provider/aws fix cnp error
An S3 Bucket owner may wish to set a canned ACL (as opposite to explicitly set
grantees, etc.) for an object. This commit adds an optional "acl" attribute to
the aws_s3_bucket_object resource so that the owner of the S3 bucket can
specify an appropriate pre-defined ACL to use when creating an object.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Any S3 Bucket owner may wish to share data but not incur charges associated
with others accessing the data. This commit adds an optional "request_payer"
attribute to the aws_s3_bucket resource so that the owner of the S3 bucket can
specify who should bear the cost of Amazon S3 data transfer.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
### Explanation for this change
Recently, I've been using Terraform to manage AWS API GWs with Lambda backends.
It appears that an explicit dependency is required. Not setting it would lead to this error:
```
[...] Error creating API Gateway Integration Response: NotFoundException: No integration defined for method
```
Thus, I found the thread below which exposes the problem too.
Relevant Terraform version: checked against 0.6.16
Thread issue: https://github.com/hashicorp/terraform/issues/6128
or us-gov
Fixes#7969
`acceleration_status` is not available in China or US-Gov data centers.
Even querying for this will give the following:
```
Error refreshing state: 1 error(s) occurred:
2016/08/04 13:58:52 [DEBUG] plugin: waiting for all plugin processes to
complete...
* aws_s3_bucket.registry_cn: UnsupportedArgument: The request contained
* an unsupported argument.
status code: 400, request id: F74BA6AA0985B103
```
We are going to stop any Read calls for acceleration status from these
data centers
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSS3Bucket_' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSS3Bucket_
-timeout 120m
=== RUN TestAccAWSS3Bucket_Notification
--- PASS: TestAccAWSS3Bucket_Notification (409.46s)
=== RUN TestAccAWSS3Bucket_NotificationWithoutFilter
--- PASS: TestAccAWSS3Bucket_NotificationWithoutFilter (166.84s)
=== RUN TestAccAWSS3Bucket_basic
--- PASS: TestAccAWSS3Bucket_basic (133.48s)
=== RUN TestAccAWSS3Bucket_acceleration
--- PASS: TestAccAWSS3Bucket_acceleration (282.06s)
=== RUN TestAccAWSS3Bucket_Policy
--- PASS: TestAccAWSS3Bucket_Policy (332.14s)
=== RUN TestAccAWSS3Bucket_UpdateAcl
--- PASS: TestAccAWSS3Bucket_UpdateAcl (225.96s)
=== RUN TestAccAWSS3Bucket_Website_Simple
--- PASS: TestAccAWSS3Bucket_Website_Simple (358.15s)
=== RUN TestAccAWSS3Bucket_WebsiteRedirect
--- PASS: TestAccAWSS3Bucket_WebsiteRedirect (380.38s)
=== RUN TestAccAWSS3Bucket_WebsiteRoutingRules
--- PASS: TestAccAWSS3Bucket_WebsiteRoutingRules (258.29s)
=== RUN TestAccAWSS3Bucket_shouldFailNotFound
--- PASS: TestAccAWSS3Bucket_shouldFailNotFound (92.24s)
=== RUN TestAccAWSS3Bucket_Versioning
--- PASS: TestAccAWSS3Bucket_Versioning (654.19s)
=== RUN TestAccAWSS3Bucket_Cors
--- PASS: TestAccAWSS3Bucket_Cors (143.58s)
=== RUN TestAccAWSS3Bucket_Logging
--- PASS: TestAccAWSS3Bucket_Logging (249.79s)
=== RUN TestAccAWSS3Bucket_Lifecycle
--- PASS: TestAccAWSS3Bucket_Lifecycle (259.87s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
3946.464s
```
thanks to @kwilczynski and @radeksimko for the research on how to handle the generic
errors here
Running these over a 4G tethering connection has been painful :)
Add firehose elasticsearch configuration documentation
Adding CRUD for elastic search as firehose destination
Updated the firehose stream documentation to add elastic search as destination example.
Adding testing for es as firehose destination
Update the test case for es
This commit adds VPN Gateway attachment resource, and also an initial tests and
documentation stubs.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
`elasticsearch_version` 2.3
Fixes#7836
This will allow ElasticSearch domains to be deployed with version 2.3 of
ElasticSearch
The other slight modifications are to stop dereferencing values before
passing to d.Set in the Read func. It is safer to pass the pointer to
d.Set and allow that to dereference if there is a value
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticSearchDomain_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticSearchDomain_ -timeout 120m
=== RUN TestAccAWSElasticSearchDomain_basic
--- PASS: TestAccAWSElasticSearchDomain_basic (1611.74s)
=== RUN TestAccAWSElasticSearchDomain_v23
--- PASS: TestAccAWSElasticSearchDomain_v23 (1898.80s)
=== RUN TestAccAWSElasticSearchDomain_complex
--- PASS: TestAccAWSElasticSearchDomain_complex (1802.44s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 5313.006s
```
Update resource_aws_elasticsearch_domain.go
* Add state filter to aws_availability_zones data source.
This commit adds an ability to filter Availability Zones based on state, where
by default it would only list available zones.
Be advised that this does not always works reliably for an older accounts which
have been created in the pre-VPC era of EC2. These accounts tends to retrieve
availability zones that are not VPC-enabled, thus creation of a custom subnet
within such Availability Zone would result in a failure.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Update documentation for aws_availability_zones data source.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Do not filter on state by default.
This commit makes the state filter applicable only when set.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This test overrides the AWS_DEFAULT_REGION parameter as the security
groups are created in us-east-1 (due to classic VPC requirements)
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSecurityGroup_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBSecurityGroup_importBasic -timeout 120m
=== RUN TestAccAWSDBSecurityGroup_importBasic
--- PASS: TestAccAWSDBSecurityGroup_importBasic (49.46s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 49.487s
```
* Add ability to set Performance Mode in aws_efs_file_system.
The Elastic File System (EFS) allows for setting a Performance Mode during
creation, thus enabling anyone to chose performance of the file system according
to their particular needs. This commit adds an optional "performance_mode"
attribte to the aws_efs_file_system resource so that an appropriate mode can be
set as needed.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add test coverage for the ValidateFunc used.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add "creation_token" and deprecate "reference_name".
Add the "creation_token" attribute so that the resource follows the API more
closely (as per the convention), thus deprecate the "reference_name" attribute.
Update tests and documentation accordingly.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
If you specify just a bare ID, then the initial application works but
subsequent applications may end up doing bad things, like:
```
-/+ aws_ebs_volume.vol_1
availability_zone: "us-east-1a" => "us-east-1a"
encrypted: "true" => "true"
iops: "" => "<computed>"
kms_key_id: "arn:aws:kms:us-east-1:123456789:key/59faf88b-0912-4cca-8b6c-bd107a6ba8c4" => "59faf88b-0912-4cca-8b6c-bd107a6ba8c4" (forces new resource)
size: "100" => "100"
snapshot_id: "" => "<computed>"
```
Fixes#7423
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftCluster_loggingEnabled'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftCluster_loggingEnabled -timeout 120m
=== RUN TestAccAWSRedshiftCluster_loggingEnabled
--- PASS: TestAccAWSRedshiftCluster_loggingEnabled (675.21s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 675.233s
```
Expose the network interface ID that is created with a new instance.
This can be useful when associating an existing elastic IP to the
default interface on an instance that has multiple network interfaces.
* provider/aws: Delete access keys before deleting IAM user
* provider/aws: Put IAM key removal behind force_destroy option
* provider/aws: Move all access key deletion under force_destroy
* Add iam_user force_destroy to website
* provider/aws: Improve clarity of looping over pages in delete IAM user
* add opsworks permission resource
* add docs
* remove permission from state if the permission object could not be found
* remove nil validate function. validation is done in schema.Resource.
* add id to the list of exported values
* renge over permission to check that we have found got the correct one
* removed comment
* removed set id
* fix unknown region us-east-1c
* add user_profile resource
* add docs
* add default value
* provider/aws: Support kms_key_id for `aws_rds_cluster`
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRDSCluster_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRDSCluster_
-timeout 120m
=== RUN TestAccAWSRDSCluster_basic
--- PASS: TestAccAWSRDSCluster_basic (127.57s)
=== RUN TestAccAWSRDSCluster_kmsKey
--- PASS: TestAccAWSRDSCluster_kmsKey (323.72s)
=== RUN TestAccAWSRDSCluster_encrypted
--- PASS: TestAccAWSRDSCluster_encrypted (173.25s)
=== RUN TestAccAWSRDSCluster_backupsUpdate
--- PASS: TestAccAWSRDSCluster_backupsUpdate (264.07s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 888.638s
```
* provider/aws: Add KMS Key ID to `aws_rds_cluster_instance`
```
```
* docs/digitalocean: Adding an import section to the bottom of the DO
importable resources
* docs/azurerm: Adding the Import sections for the AzureRM Importable resources
* docs/aws: Adding the import sections to the AWS provider pages
We cannot use the "id" field to represent policy ID, because it is used
internally by Terraform. Also change the "id" field within a statement
to "sid" for consistency with the generated JSON.
When adding multiple notifications from one S3 bucket to one SQS queue, it wasn't immediately intuitive how to do this.
At first I created two `aws_s3_bucket_notification` configs and it seemed to work fine, however the config for one event
will overwrite the other. In order to have multiple events, you can defined the `queue` key twice, or use an array if you're
working with the JSON syntax. I tried to make this more clear in the documentation.
This fixes#7157. It doesn't change the way aws_ami works
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSAMICopy'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMICopy
-timeout 120m
=== RUN TestAccAWSAMICopy
--- PASS: TestAccAWSAMICopy (479.75s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 479.769s
```
allows load balancer policies and their assignment to backend servers or listeners to be configured independently.
this gives flexibility to configure additional policies on aws elastic load balancers aside from the already provided "convenience" wrappers for cookie stickiness
* small doc update
* provider/atlas: Add docs for Artifact Data Source
* provider/atlas: Remove a test method that isn't used
* provider/atlas: Add Data Source for Atlas Artifact
* provider/atlas: Show deprecation error on atlas_artifact resource
* Added support for redshift destination to firehose delivery streams
* Small documentation fix
* go fmt after rebase
* small fixes after rebase
* provider/aws: Firehose test cleanups
* provider/aws: Update docs
* Convert Redshift and S3 blocks to TypeList
* provider/aws: Add migration for S3 Configuration in Kinesis firehose
* providers/aws: Safety first when building Redshift config options
* restore commented out log statements in the migration
* provider/aws: use MaxItems in schema
* Add SES resource
* Detect ReceiptRule deletion outside of Terraform
* Handle order of rule actions
* Add position field to docs
* Fix hashes, add log messages, and other small cleanup
* Fix rebase issue
* Fix formatting
this datasource allows terraform to work with externally modified state, e.g.
when you're using an ECS service which is continously updated by your CI via the
AWS CLI.
right now you'd have to wrap terraform into a shell script which looks up the
current image digest, so running terraform won't change the updated service.
using the aws_ecs_container_definition data source you can now leverage
terraform, removing the wrapper entirely.
Since this resource produces a list it feels more intuitive to give its
attribute a plural name, and since the noun "instance" already means
something specific in the AWS provider that doesn't apply here we use
"names" to indicate that these are availability zone names.
Also includes updating the docs to not show a dynamic count example for
now, since we don't support that yet.
false
Fixes#7035
A known issue in Terraform means that d.GetOk() on a bool which is false
will mean it doesn't get evaulated. Therefore, when people set
publicly_accessible to false, it will never get evaluated on the Create
We are going to make it default to false now
The documentation wording implies that in all cases you have to manually accept peering requests. This change is intended to clarify where this is required. The documentation also separates between "basic usage" and "basic usage with tags", but the expanded usage didn't actually provide much additional useful information. Expanded a bit to show the use of auto_accept since both VPCs are created by the content and to show setting the Name tag for proper display in the console.
The example is referencing a non-existent variable, `allocation_id`, within the `aws_eip` resource. I believe this should actually be `aws_eip.example.id` instead of `aws_eip.example.allocation_id`.
Add the iam_arn attribute to aws_cloudfront_origin_access_identity,
which computes the IAM ARN for a certain CloudFront origin access
identity.
This is necessary because S3 modifies the bucket policy if CanonicalUser
is sent, causing spurious diffs with aws_s3_bucket resources.
This brings over the work done by @apparentlymart and @radeksimko in
PR #3124, and converts it into a data source for the AWS provider:
This commit adds a helper to construct IAM policy documents using
familiar Terraform concepts. It makes Terraform-style interpolations
easier and resolves the syntax conflict between Terraform interpolations
and IAM policy variables by changing the latter to use &{...} for its
interpolations.
Its use is completely optional and users are free to go on using literal
heredocs, file interpolations or whatever else; this just adds another
option that fits more naturally into a Terraform config.
This data source allows one to look up the most recent AMI for a specific
set of parameters, much like aws ec2 describe-images in the AWS CLI.
Basically a refresh of hashicorp/terraform#4396, in data source form.
* Add per user, role and group policy attachment
* Add docs for new IAM policy attachment resources.
* Make policy attachment resources manage only 1 entity<->policy attachment
* provider/aws: Tidy up IAM Group/User/Role attachments
This commit adds a data source with a single list, `instance` for the
schema which gets populated with the availability zones to which an
account has access.
resource
We had a line on the Update func that said:
```
Hash key can only be specified at creation, you cannot modify it.
```
The resource has now been changed to ForceNew on the hashkey
```
aws_dynamodb_table.demo-user-table: Refreshing state... (ID: Users)
aws_dynamodb_table.demo-user-table: Destroying...
aws_dynamodb_table.demo-user-table: Destruction complete
aws_dynamodb_table.demo-user-table: Creating...
aws_dynamodb_table.demo-user-table: Creation complete
```
When stage_name is not passed to the resource
aws_api_gateway_deployment a terraform apply will fail. This is
because the stage_name is required and not optional.
As requested in #4822, add support for a KMS Key ID (ARN) for Db
Instance
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSDBInstance_kmsKey' 2>~/tf.log
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBInstance_kmsKey -timeout 120m
=== RUN TestAccAWSDBInstance_basic
--- PASS: TestAccAWSDBInstance_basic (587.37s)
=== RUN TestAccAWSDBInstance_kmsKey
--- PASS: TestAccAWSDBInstance_kmsKey (625.31s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 1212.684s
```
* New top level AWS resource aws_eip_association
* Add documentation for aws_eip_association
* Add tests for aws_eip_association
* provider/aws: Change `aws_elastic_ip_association` to have computed
parameters
The AWS API was send ing more parameters than we had set. Therefore,
Terraform was showing constant changes when plans were being formed
Added the hosted_zone_id attribute, which aliases to the Route 53
zone ID that can be used to route Alias Resource Record Sets to.
This fixeshashicorp/terraform#6489.
Change the AWS DB Instance to now include the DB Option Group param. Adds a test to prove that it works
Add acceptance tests for the AWS DB Option Group work. This ensures that Options can be added and updated
Documentation for the AWS DB Option resource
automated_snapshot_retention_period
The default value for `automated_snapshot_retention_period` is 1.
Therefore, it can be included in the `CreateClusterInput` without
needing to check that it is set.
This was actually stopping people from setting the value to 0 (disabling
the snapshots) as there is an issue in `d.GetOk()` evaluating 0 for int
* Fix headers and header anchor tags
The markdown parser already generates unique ids for header elements by
downcasing all of the words and replacing spaces with hyphens. Knowing
this, we can take the code blocks out of the headers and use the
generated ids as the link targets.
Aside: I tried to see if there was a standard way of documenting
subresources, but couldn't really find one. Both the aws_elb and
aws_instance resources seem to just say "documented below" without a
link. Then the relevant section is just a new paragraph with a list of
arguments.
* Reformat long lines
I find 80 character lines and whitespaces make the lists much easier to
read :)
* Remove extraneous <a> tags for header anchor tags
Now that middleman generates anchor tags for headers automagically, we
don't need to have blank <a> tags for anchor links to use.
Just saying `id` is ambiguous, it could be interpreted as the resource ID which will fail with the follow error: `CertificateNotFound: Server Certificate not found for the key: <id>`. The AWS documentation states that the ssl certificate id parameter must be the ARN.
Previously we linked to the whole request body definition for valid values of `runtime`.
Now we link directly to the docs for `Runtime`, which will hopefully make it easier to find the valid values.
This fixes#4570.
* provider/aws: Fix hashing on CloudFront certificate parameters
Adding necessary type assertion to values on the viewer_certificate hash
function to ensure that certain fields are indeed not zero string
values, versus simply zero interface{} values (aka nil, as is such for a
map[string]interface{}).
* provider/aws: CloudFront complex structure error handling
Handle errors better on calls to d.Set() in the
aws_cloudfront_distribution, namely in flattenDistributionConfig(). Also
caught a bug in the setting of the origin attribute, was incorrectly
attempting to set origins.
* provider/aws: Pass pointers to set CloudFront primitives
Change a few d.Set() for primitives in aws_cloudfront_distribution and
aws_cloudfront_origin_access_identity to use the pointer versus a
dereference.
* docs: Fix CloudFront examples formatting
Ran each example thru terraform fmt to fix indentation.
* provider/aws: Remove delete retention on CloudFront tests
To play better with Travis and not bloat the test account with disabled
distributions.
Disable-only functionality has been retained - one can enable it with
the TF_TEST_CLOUDFRONT_RETAIN environment variable.
* provider/aws: CloudFront delete waiter error handling
The call to resourceAwsCloudFrontDistributionWaitUntilDeployed() on
deletion of CloudFront distributions was not trapping error messages,
causing issues with waiter failure.
* provider/aws: Default Network ACL resource
Provides a resource to manage the default AWS Network ACL. VPC Only.
* Remove subnet_id update, mark as computed value. Remove extra tag update
* refactor default rule number to be a constant
* refactor revokeRulesForType to be revokeAllNetworkACLEntries
Refactor method to delete all network ACL entries, regardless of type. The
previous implementation was under the assumption that we may only eliminate some
rule types and possibly not others, so the split was necessary.
We're now removing them all, so the logic isn't necessary
Several doc and test cleanups are here as well
* smite subnet_id, improve docs
* CloudFront implementation v3
* Update tests
* Refactor - new resource: aws_cloudfront_distribution
* Includes a complete re-write of the old aws_cloudfront_web_distribution
resource to bring it to feature parity with API and CloudFormation.
* Also includes the aws_cloudfront_origin_access_identity resource to generate
origin access identities for use with S3.
* provider/aws: CodeDeploy Deployment Group Triggers
- Create a Trigger to Send Notifications for AWS CodeDeploy Events
- Update aws_codedeploy_deployment_group docs
* Refactor validateTriggerEvent function and test
- also rename TestAccAWSCodeDeployDeploymentGroup_triggerConfiguration test
* Enhance existing Deployment Group integration tests
- by using built in resource attribute helpers
- these can get quite verbose and repetitive, so passing the resource to a function might be better
- can't use these (yet) to assert trigger configuration state
* Unit tests for conversions between aws TriggerConfig and terraform resource schema
- buildTriggerConfigs
- triggerConfigsToMap
On creating CloudWatch metric alarms, I need to get the HealthCheckId dimension. Reference would be useful.
```
dimensions {
"HealthCheckId" = "${aws_route53_health_check.foo.id}"
}
```
When calling AssociateAddress, the PrivateIpAddress parameter must be
used to select which private IP the EIP should associate with, otherwise
the EIP always associates with the _first_ private IP.
Without this parameter, multiple EIPs couldn't be assigned to a single
ENI. Includes covering test and docs update.
Fixes#2997
* update docs on required parameter for api_gateway_integration
This parameter was required for lambda integration.
Otherwise,
` Error creating API Gateway Integration: BadRequestException: Enumeration value for HttpMethod must be non-empty`
* documentation: Including the AWS type on the api_gateway_integration docs
Documentation for `aws_cloudwatch_event_target` to warn that in order to be
able to have your AWS Lambda function or SNS topic invoked by a CloudWatch
Events rule, you must setup the right permissions
using `aws_lambda_permission` or `aws_sns_topic.policy`
Needed to truncate the identifier for SQL Server engines to keep it at
max 15 chars per the docs. Not a full UUID going into it, but should be
"unique enough" to not matter in practice.
Modified the basic test to use the generated value. Other tests are
still working w/ explicitly specified identifiers.