Commit Graph

351 Commits

Author SHA1 Message Date
Anshul Sharma bc42229b3d Added WAF ACL Resource (#8852) 2016-10-27 12:54:36 +01:00
James Nugent 513c2f9720 provider/aws: aws_iam_user_login_profile resource
This commit introduces an `aws_iam_user_login_profile` resource which
creates a password for an IAM user, and encrypts it using a PGP key
specified in the configuration or obtained from Keybase.

For example:

```
resource "aws_iam_user" "u" {
        name = "auser"
        path = "/"
        force_destroy = true
}

resource "aws_iam_user_login_profile" "u" {
        user = "${aws_iam_user.u.name}"
        pgp_key = "keybase:some_person_that_exists"
}

output "password" {
	value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
```

The resulting attribute "encrypted_password" can be decrypted using
PGP or Keybase - for example:

```
terraform output password | base64 --decode | keybase pgp decrypt
```

Optionally the user can retain the password rather than the default of
being forced to change it at first login. Generated passwords are
currently 20 characters long.
2016-10-25 12:08:50 -05:00
Clint 46ee2ef51a Merge pull request #6819 from hashicorp/f-aws-vpc-data-sources
provider/aws: data sources for AWS network planning
2016-10-13 14:17:55 -05:00
Paul Stack dd66af0fa0 Merge pull request #8701 from steveh/feature/aws-billing-service-account
provider/aws: Add AWS Billing & Cost Management service account
2016-10-07 13:34:51 +01:00
clint shryock dad6face2b re-go-fmt after rebase
use us-west-2 region in tests

update test with working config

provider/aws: Update EMR contribution with passing test, polling for instance in DELETE method

remove defaulted role

document emr_cluster

rename aws_emr -> aws_emr_cluster

update docs for name change

update delete timeout/polling

rename emr taskgroup to emr instance group

default instance group count to 0, down from 60

update to ref emr_cluster, emr_instance_group

more cleanups for instance groups; need to read and update

add read, delete method for instance groups

refactor the read method to seperate out the fetching of the specific group

more refactoring for finding instance groups

update emr instance group docs

err check on reading HTTP. Dont' return the error, just log it

refactor the create method to catch optionals

additional cleanups, added a read method

update test to be non-master-only

wrap up the READ method for clusters

poll for instance group to be running after a modification

patch up a possible deref

provider/aws: EMR cleanups

fix test naming

remove outdated docs

randomize emr_profile names
2016-10-05 14:30:16 -05:00
Brian Chen ad8679e916 basic emr implementation
quick emr resize implementation

ass task group

not force new

add task group

check empty slices

clean up

rename to initial_instance_count

add task instance group as resource

cluster resize core group

clean up

add name option

log info

clean up

change log debug format

clean up

add missing security groups for master and slave

add bootstrap actions

add options for bootstrap action

add tags option

clean up

fix for tags array

support delimiters : =

bootstrap actions fix

add configurations item

load local or remote config

rename function

support multiple bootstrap actions

default value 0 for core group

follow aws api able to create a master only

tags use terraform tag schema

option item for log_uri

ec2_attribute as option

add emr task group accTests

add embedded json config

add embedded json config

add service_role and instance_profile

add partial state support for either the "TERMINATED" or "TERMINATED_WITH_ERRORS" state

not allowing to change name or instance_type for task group

"core_instance_type" change into "Optional" and  "Computed"

apply MaxItems for ec2Attributes

remove all debug "fmt.Println"

clean up debug info and useless variable

Expose visible_to_all_users as an option, default will be true

remove debug info

logging should happen before setId("")

add hanChange checking first

clean up debug log

add some force new

double check the core group existed

add waiting and polling, until cluster up

testcase add EMR cluster id and status checking

clean up using common way to read ec2_attributes
2016-10-05 14:30:16 -05:00
Martin Atkins 94c45c67cd provider/aws: aws_region data source
The primary purpose of this data source is to ask the question "what is
my current region?", but it can also be used to retrieve the endpoint
hostname for a particular (possibly non-current) region, should that be
useful for some esoteric case.
2016-09-24 15:19:33 -07:00
Martin Atkins fca9216f53 provider/aws: availability zone data source
This adds a singular data source in addition to the existing plural one.
This allows retrieving data about a specific AZ.

As a helper for writing reusable modules, the AZ letter (without its
usual region name prefix) is exposed so that it can be used in
region-agnostic mappings where a different value is used per AZ, such as
for subnet numbering schemes.
2016-09-24 15:19:33 -07:00
Martin Atkins aa0b6019f8 provider/aws: aws_vpc data source 2016-09-24 15:19:33 -07:00
Martin Atkins 82f958cc17 provider/aws: aws_subnet data source 2016-09-24 15:19:33 -07:00
Paul Stack e9e1896ad4 Merge pull request #8775 from TimeIncOSS/f-aws-api-gateway-client-cert
provider/aws: Add API Gateway Client Certificate
2016-09-20 16:52:01 +01:00
Clint 79bb2e8a87 provider/aws: Add Default Security Group Resource (#8861)
* Docs for default security group
* overrides of default behavior
* add special disclaimer
* update to support classic environments
2016-09-15 13:59:20 -05:00
stack72 229f2698ce
Merge branch '6973-codecommit-trigger' of https://github.com/optimisticanshul/terraform into optimisticanshul-6973-codecommit-trigger 2016-09-12 10:44:32 +01:00
Radek Simko 46d5d51ad6
provider/aws: Add API Gateway Client Certificate 2016-09-12 10:09:47 +01:00
Radek Simko 2ad84a51df
provider/aws: Fix misspelled words 2016-09-12 07:23:34 +01:00
Anshul Sharma 497063af3e Added Codecommit Trigger 2016-09-12 10:17:04 +05:30
Steve Hoeksema 74587baa4a Add AWS Billing & Cost Management service account
This adds a very simple data source for the AWS Billing account ID magic number.

Used to allow AWS to dump detailed billing reports into an S3 bucket you control.

http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-getting-started.html#step-2
2016-09-07 17:43:45 +12:00
Radek Simko 5820ce6c5c
provider/aws: Add aws_sqs_queue_policy 2016-09-05 08:17:48 +01:00
Radek Simko c1178967b0
provider/aws: Add aws_sns_topic_policy 2016-09-04 18:34:24 +01:00
stack72 49b8568bec
provider/aws: `aws_cloudwatch_log_stream` resource
This is a requirement for enabling CloudWatch Logging on Kinesis
Firehost

% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudWatchLogStream_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:19:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudWatchLogStream_ -timeout 120m
=== RUN   TestAccAWSCloudWatchLogStream_basic
--- PASS: TestAccAWSCloudWatchLogStream_basic (22.31s)
=== RUN   TestAccAWSCloudWatchLogStream_disappears
--- PASS: TestAccAWSCloudWatchLogStream_disappears (21.21s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    43.538s
2016-09-04 00:26:02 +03:00
James Nugent 54784864fc Merge pull request #8640 from TimeIncOSS/f-aws-cloudformation-data-source
provider/aws: Add cloudformation_stack data source
2016-09-03 14:16:46 -07:00
Paul Stack 0370f41df5 Merge pull request #8440 from hashicorp/aws-spotfeed-sub
provider/aws: New resource `aws_spot_datafeed_subscription`
2016-09-04 00:16:14 +03:00
James Nugent e3ccb51168 provider/aws: Add assume_role block to provider
This replaces the previous `role_arn` with a block which looks like
this:

```
provider "aws" {
        // secret key, access key etc

	assume_role {
	        role_arn = "<Role ARN>"
		session_name = "<Session Name>"
		external_id = "<External ID>"
	}
}
```

We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.

Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
2016-09-03 12:54:30 -07:00
stack72 900e14e168
provider/aws: New resource `aws_spot_datafeed_subscription`
Fixes: #4922

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotDatafeedSubscription_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/24 10:46:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSpotDatafeedSubscription_ -timeout 120m
=== RUN   TestAccAWSSpotDatafeedSubscription_importBasic
--- PASS: TestAccAWSSpotDatafeedSubscription_importBasic (56.31s)
=== RUN   TestAccAWSSpotDatafeedSubscription_basic
--- PASS: TestAccAWSSpotDatafeedSubscription_basic (56.77s)
=== RUN   TestAccAWSSpotDatafeedSubscription_disappears
--- PASS: TestAccAWSSpotDatafeedSubscription_disappears (56.79s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    169.893s
```
2016-09-03 20:06:40 +03:00
Radek Simko a3c21d6c3b
provider/aws: Add cloudformation_stack data source 2016-09-03 11:33:59 +01:00
James Nugent d444d122bf provider/aws: Clean up AWS provider schema defns
Remove unnecessary &schema.Schema from the AWS provider schema
definition.
2016-09-02 10:36:52 -07:00
Ian Duffy 767914bbdc [GH-1275] Support for AWS access via IAMs AssumeRole functionality
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-09-02 10:22:57 -07:00
James Nugent 93f31fce17 provider/aws: Add aws_s3_bucket_policy resource
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.

In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
2016-09-02 09:07:54 -07:00
liamjbennett e98e5fb017
provider/aws: add aws_ssm_association resource 2016-09-02 16:46:05 +03:00
Clint 49ecfe8921 provider/aws: Add aws_default_route_table resource (#8323)
* provider/aws: Add docs for Default Route Table

* add new default_route_table_id attribute, test to VPC

* stub

* add warning to docs

* rough implementation

* first test

* update test, add swap test

* fix typo
2016-08-25 16:02:44 -05:00
Paul Stack 64510d9cfb provider/aws: Adding `aws_ssm_document` resource (#8460)
* provider/aws: add `aws_ssm_document` resource

* provider/aws: Changes to `aws_ssm_document` post code review

The changes are things like using d.Id rather than d.Get("name").(string)

and errwrap.Wrapf rather than fmt.Errorf
2016-08-25 09:47:24 +01:00
Ryan Roberts 848f612169 provider/aws: aws_api_gateway_base_path_mapping resource implementation
API Gateway allows users to "claim" a domain name for use as a custom
hostname for deployed API endpoints, and then use this base path mapping
resource to expose a particular API deployment at a path on such a domain.

The acceptance tests use certificates from the aws_api_gateway_domain_name
tests which expire in 2026; we'll need to generate some more certificates
before we get there.
2016-08-22 15:36:20 -07:00
Jarrod Jackson 7010973c5a provider/aws: aws_api_gateway_domain_name resource implementation
API Gateway allows users to "claim" a domain name for use as a custom
hostname for deployed API endpoints. The domain name resource just claims
the domain name; a user would then use a "base path mapping" resource
(to be implemented in a later commit) to map a particular API to a
particular path prefix on that domain.

The acceptance tests contain some TLS certificates that expire in 2026;
we'll need to generate some more certificates before we get there.
2016-08-22 11:40:33 -07:00
James Nugent e4ce708bf9 provider/aws: Add aws_alb_target_group_attachment 2016-08-19 16:12:19 +01:00
James Nugent 417b98bafb provider/aws: Add aws_alb_listener_rule resource
This commit adds the aws_alb_listener_rule resource along with
acceptance tests and documentation.
2016-08-19 13:07:20 +01:00
James Nugent 56907d9931 Merge pull request #8268 from hashicorp/f-aws-application-lb-listener
provider/aws: Add aws_alb_listener resource
2016-08-18 21:18:35 +01:00
Paul Stack 51f216306f provider/aws: Implement the `aws_elasticache_replication_group` resource (#8275) 2016-08-18 19:42:29 +01:00
James Nugent 59f66eca02 provider/aws: Add aws_alb_listener resource
This commit adds the `aws_alb_listener` resource and associated
acceptance tests and documentation.
2016-08-18 18:49:44 +01:00
James Nugent 531a976306 provider/aws: Add aws_alb_target_group resource
This commit adds a resource, acceptance tests and documentation for the
Target Groups for Application Load Balancers.

This is the second in a series of commits to fully support the new
resources necessary for Application Load Balancers.
2016-08-17 15:48:16 +01:00
James Nugent 0b421b6998 provider/aws: Add `aws_alb` resource
This commit adds a resource, acceptance tests and documentation for the
new Application Load Balancer (aws_alb). We choose to use the name alb
over the package name, elbv2, in order to avoid confusion.

This is the first in a series of commits to fully support the new
resources necessary for Application Load Balancers.
2016-08-17 15:48:06 +01:00
Radek Simko 73791b47b3
aws: Implement naming changes for aws_elb_service_account 2016-08-16 21:05:27 +01:00
Paul Stack 65aa02b6df provider/aws: DataSource for RedShift Account ID (#8224)
When you need to enable monitoring for Redshift, you need to create the
correct policy in the bucket for logging. This needs to have the
Redshift Account ID for a given region. This data source provides a
handy lookup for this

http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging

% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRedshiftAccountId_basic'         2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 14:39:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftAccountId_basic -timeout 120m
=== RUN   TestAccAWSRedshiftAccountId_basic
--- PASS: TestAccAWSRedshiftAccountId_basic (19.47s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    19.483s
2016-08-16 17:58:46 +01:00
Radek Simko e356f27db6
aws: Add elb_account_id data source 2016-08-16 11:36:58 +01:00
James Nugent 3e14f56a96 provider/aws: Add aws_caller_identity data source
This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.

This will need revisiting and further testing once the work for
AssumeRole is integrated.
2016-08-16 11:24:26 +01:00
Renier Morales ef9f3a45b1 Add S3 endpoint override ability and expose S3 path style option (#7871)
* Overriding S3 endpoint - Enable specifying your own
  S3 api endpoint to override the default one, under
  endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
  configuration to the provider.
2016-08-12 17:52:12 +01:00
Radek Simko e251d5c7bd Merge pull request #8114 from TimeIncOSS/f-aws-skip-options
aws: Change names of new skip_* fields + document those
2016-08-12 07:00:14 +01:00
stack72 313ec1252c
Merge branch 'master' of github.com:hashicorp/terraform 2016-08-11 15:15:51 +12:00
Radek Simko 0ab3bc4105
aws: Change field names + desc according to reality
- skip_iam_creds_validation => skip_credentials_validation
 - skip_iam_account_id => skip_requesting_account_id
2016-08-10 16:46:05 +01:00
Renier Morales c2bcb5fbe5 Skip IAM/STS validation and metadata check (#7874)
* Skip IAM/STS validation and metadata check

* Skip IAM/STS identity validation - For environments or other api
  implementations where there are no IAM/STS endpoints available, this
  option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
  time there isn't going to be a metadta api endpoint, this option lets
  you opt out from that check to save time.

* Allow iam/sts initialization even if skipping account/cred validation

(#7874)

* Split out skip of IAM validation into credentials and account id

(#7874)
2016-08-10 15:10:34 +01:00
Mosley, Franklin a6de088375 Add new resource aws_lb_ssl_negotiation_policy
Added new resource to create an AWS ELB SSL negotiation policy, and an
acceptance test.
2016-08-09 15:29:13 -07:00
Martin Atkins c6e8662838 Merge #7984: Data sources for AWS and Fastly IP address ranges 2016-08-09 09:53:05 -07:00
stack72 1a0b2971dd
Merge branch 'elb_backend_auth' of https://github.com/ewdurbin/terraform into ewdurbin-elb_backend_auth 2016-08-09 14:08:28 +12:00
Ernest W. Durbin III 57d3c722e2 rename aws load balancer policy resources
team redundancy team had a good run, but is over now
2016-08-07 23:08:49 -04:00
Krzysztof Wilczynski 9c54e9c955 Add aws_vpn_gateway_attachment resource. (#7870)
This commit adds VPN Gateway attachment resource, and also an initial tests and
documentation stubs.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-07 09:29:51 +10:00
Joern Barthel 8accef2c27 Added IP ranges from AWS 2016-08-04 19:20:14 +02:00
Andreas Skarmutsos Lindh cc912c39e5
AWS Application AutoScaling
Initial work on two new resource types:
* `aws_appautoscaling_target`
* `aws_appautoscaling_policy`

Fix acc tests
2016-07-26 10:43:06 +01:00
stack72 fcbaf3eea6
Merge branch 'feature/data-source-ecs' of https://github.com/nicolai86/terraform into nicolai86-feature/data-source-ecs 2016-07-22 13:43:18 +01:00
Brad Sickles 732b8d3b6e Implementing aws_ami_launch_permission. (#7365) 2016-07-21 23:08:32 +01:00
Jan Schumann ecb4b5aada providers/aws: Opsworks permission resource (#6304)
* add opsworks permission resource

* add docs

* remove permission from state if the permission object could not be found

* remove nil validate function. validation is done in schema.Resource.

* add id to the list of exported values

* renge over permission to check that we have found got the correct one

* removed comment

* removed set id

* fix unknown region us-east-1c

* add user_profile resource

* add docs

* add default value
2016-07-21 00:29:33 +01:00
Martin Häger 32abd937f1 SimpleDB domain resource (#7600) 2016-07-12 12:55:58 +01:00
Ernest W. Durbin III ecadf103cc
implement flexible resources for ELB Policies
allows load balancer policies and their assignment to backend servers or listeners to be configured independently.

this gives flexibility to configure additional policies on aws elastic load balancers aside from the already provided "convenience" wrappers for cookie stickiness
2016-07-02 11:39:20 -04:00
yissachar 1bd8b449e0 Add SES resource (#5387)
* Add SES resource

* Detect ReceiptRule deletion outside of Terraform

* Handle order of rule actions

* Add position field to docs

* Fix hashes, add log messages, and other small cleanup

* Fix rebase issue

* Fix formatting
2016-06-26 22:07:14 +01:00
Keshav Varma 58bd6dfb02 Add an AWS Spot fleet resource 2016-06-21 17:31:30 -07:00
Raphael Randschau 90889632e0 Add aws_ecs_container_definition data source
this datasource allows terraform to work with externally modified state, e.g.
when you're using an ECS service which is continously updated by your CI via the
AWS CLI.

right now you'd have to wrap terraform into a shell script which looks up the
current image digest, so running terraform won't change the updated service.

using the aws_ecs_container_definition data source you can now leverage
terraform, removing the wrapper entirely.
2016-06-19 21:50:37 +02:00
James Bardin cd160d3f3f Merge pull request #6965 from hashicorp/jbardin/GH-3968
Add support for Amazon Elastic Transcoder
2016-06-07 17:28:55 -04:00
James Bardin 5c1b625c84 Add support for Amazon Elastic Transcoder
- Add resources for elastic transcoder pipelines and presets
2016-06-07 16:07:08 -04:00
James Bardin 4c7a31d72a Merge pull request #6879 from hashicorp/jbardin/GH-3999
Add top-level ELB Attachment resource
2016-06-07 10:19:07 -04:00
James Bardin e4d8c6929f Add top-level ELB Attachment resource
Add an aws_elb_attachment resource so that the attment of instances to
an ELB can be managed separately from an aws_elb and prevent dependency
cycles.
2016-06-07 09:46:39 -04:00
Radek Simko d4fe1b9145 provider/aws: Add s3_bucket_object data source 2016-06-01 19:14:17 +01:00
James Nugent c91d62fda0 provider/aws: aws_iam_policy_document data source
This brings over the work done by @apparentlymart and @radeksimko in
PR #3124, and converts it into a data source for the AWS provider:

This commit adds a helper to construct IAM policy documents using
familiar Terraform concepts. It makes Terraform-style interpolations
easier and resolves the syntax conflict between Terraform interpolations
and IAM policy variables by changing the latter to use &{...} for its
interpolations.

Its use is completely optional and users are free to go on using literal
heredocs, file interpolations or whatever else; this just adds another
option that fits more naturally into a Terraform config.
2016-05-31 11:08:02 -05:00
Chris Marchesi 9ac7fb0276 provider/aws: New data source: aws_ami
This data source allows one to look up the most recent AMI for a specific
set of parameters, much like aws ec2 describe-images in the AWS CLI.

Basically a refresh of hashicorp/terraform#4396, in data source form.
2016-05-29 09:55:12 -07:00
Clint 983b6710a5 provider/aws: Add per user, role and group policy attachment (supersedes #5816) (#6858)
* Add per user, role and group policy attachment

* Add docs for new IAM policy attachment resources.

* Make policy attachment resources manage only 1 entity<->policy attachment

* provider/aws: Tidy up IAM Group/User/Role attachments
2016-05-25 11:03:43 -05:00
James Nugent 1ea727eb13 provider/aws: Add aws_availability_zones source
This commit adds a data source with a single list, `instance` for the
schema which gets populated with the availability zones to which an
account has access.
2016-05-24 15:42:45 -05:00
stack72 fdf1962905 Merge branch 'aws-rds-cluster-param-group' of https://github.com/wowgroup/terraform into wowgroup-aws-rds-cluster-param-group 2016-05-12 23:27:20 +01:00
Paul Stack af29a61748 provider/aws: Change `aws_elastic_ip_association` to have computed parameters (#6552)
* New top level AWS resource aws_eip_association

* Add documentation for aws_eip_association

* Add tests for aws_eip_association

* provider/aws: Change `aws_elastic_ip_association` to have computed
parameters

The AWS API was send ing more parameters than we had set. Therefore,
Terraform was showing constant changes when plans were being formed
2016-05-09 18:40:45 +01:00
stack72 8dc123fd94 Scaffold the AWS DB Option Group resource
Change the AWS DB Instance to now include the DB Option Group param. Adds a test to prove that it works

Add acceptance tests for the AWS DB Option Group work. This ensures that Options can be added and updated

Documentation for the AWS DB Option resource
2016-05-08 20:18:53 +01:00
Kraig Amador 1f80ec48d0 Added RDS event subscriptions (#6367) 2016-05-05 11:14:25 +01:00
Radek Simko e3ade6a784 provider/aws: Add support for api_gateway_account (#6321) 2016-04-27 13:08:59 +01:00
Radek Simko d31a6ac47f provider/aws: Add support for api_gateway_authorizer (#6320) 2016-04-25 12:22:37 +01:00
Josh Myers 3be66aa9ed Add cloudwatch_logs_subscription_filter provider (#5996) 2016-04-20 20:05:21 +01:00
Clint fcdcb4b916 provider/aws: Default Network ACL resource (#6165)
* provider/aws: Default Network ACL resource

Provides a resource to manage the default AWS Network ACL. VPC Only.

* Remove subnet_id update, mark as computed value. Remove extra tag update

* refactor default rule number to be a constant

* refactor revokeRulesForType to be revokeAllNetworkACLEntries

Refactor method to delete all network ACL entries, regardless of type. The
previous implementation was under the assumption that we may only eliminate some
rule types and possibly not others, so the split was necessary.

We're now removing them all, so the logic isn't necessary

Several doc and test cleanups are here as well

* smite subnet_id, improve docs
2016-04-18 11:02:00 -05:00
Martin Atkins 94f338d5de Merge #4276: aws_opsworks_instance resource 2016-04-16 10:14:22 -07:00
Martin Atkins bb7b8d6550 Merge #4419: aws_opsworks_application resource 2016-04-16 09:28:12 -07:00
Chris Marchesi a38ccbe074 CloudFront distribution and origin access identity support (#5221)
* CloudFront implementation v3

* Update tests

* Refactor - new resource: aws_cloudfront_distribution

 * Includes a complete re-write of the old aws_cloudfront_web_distribution
   resource to bring it to feature parity with API and CloudFormation.
 * Also includes the aws_cloudfront_origin_access_identity resource to generate
   origin access identities for use with S3.
2016-04-14 14:55:11 -05:00
protomouse b45e941144 add resource aws_rds_cluster_parameter_group 2016-04-11 10:26:47 +02:00
Jan Nabbefeld 6bf9f21c39 Opsworks Application support 2016-04-07 14:18:50 -07:00
KOJIMA Kazunori d646682d7a provider/aws: Support S3 bucket notification
* Implement aws_s3_bucket_notification resource
2016-04-04 21:23:06 -05:00
stack72 7e61947c0a provider/aws: Scaffold `aws_iam_user_ssh_key` resource 2016-03-22 01:19:16 +00:00
Radek Simko 3bfcd47238 provider/aws: Add support for CloudWatch Log Metric Filter 2016-03-15 15:01:20 +00:00
Jeff Tang bcd5904eea Add support for Opsworks Instances
New resource checklist
- [x] Acceptance testing
- [x] Documentation
- [x] Well-formed code
2016-03-14 15:12:43 -04:00
Philip Witty 6648df7acc Added AWS KMS key & alias support 2016-03-08 09:30:47 +00:00
clint shryock f0d3176999 provider/aws: Add Elastic Beanstalk Application, Configuration Template, and Environment
This adds support for Elastic Beanstalk Applications, Configuration Templates,
and Environments.

This is a combined work of @catsby, @dharrisio, @Bowbaq, and @jen20
2016-03-07 14:43:23 -06:00
Radek Simko c6c2752211 provider/aws: Sort API Gateway resources alphabetically 2016-03-06 09:29:31 +00:00
Raphael Randschau 6430fca7f6 Add aws_api_gateway_deployment resource 2016-03-05 23:21:58 +01:00
Raphael Randschau 8c59d0861e Add aws_api_gateway_api_key resource 2016-03-05 23:21:54 +01:00
Raphael Randschau b4c99f1009 Add aws_api_gateway_model resource 2016-03-05 23:21:51 +01:00
Raphael Randschau 4da8b3d03a Add aws_api_gateawy_integration_response resource 2016-03-05 23:21:48 +01:00
Raphael Randschau 1593dbe9c8 Add aws_api_gateway_integration resource 2016-03-05 23:21:44 +01:00
Raphael Randschau 91f5206f8d Add aws_api_gateway_method_response resource 2016-03-05 23:21:41 +01:00
Raphael Randschau 032e6081cb Add aws_api_gateway_method resource 2016-03-05 23:21:38 +01:00
Raphael Randschau 7ead800f6a Add aws_api_gateway_resource resource 2016-03-05 23:21:35 +01:00
Raphael Randschau a73721d248 Add aws_api_gateway_rest_api resource 2016-03-05 23:13:38 +01:00
Radek Simko f7f3d95a9b provider/aws: Add support for AWS Account Password Policy 2016-02-26 11:04:25 +00:00
Radek Simko 64539d30bc provider/aws: Add aws_lambda_permission 2016-02-15 17:16:41 +00:00
Radek Simko 61afc6d34d provider/aws: Add CloudWatch Event Target 2016-02-13 13:21:33 +00:00
Radek Simko ab89e5e528 provider/aws: Add CloudWatch Event Rule 2016-02-13 13:21:32 +00:00
Hasan Türken 766dac4d79 update documentation 2016-02-12 09:56:48 -06:00
Hasan Türken e41266e971 Move endpoint options into endpoints block 2016-02-12 09:38:21 -06:00
Hasan Türken 231604e8b7 support custom endpoints for AWS EC2 ELB and IAM 2016-02-12 09:35:50 -06:00
Trevor Pounds 0cd0ff0f8e Use built-in schema.HashString. 2016-02-07 16:29:34 -08:00
James Nugent ace215481a provider/aws: Add profile to provider config
This allows specification of the profile for the shared credentials
provider for AWS to be specified in Terraform configuration. This is
useful if defining providers with aliases, or if you don't want to set
environment variables. Example:

$ aws configure --profile this_is_dog
... enter keys

$ cat main.tf
provider "aws" {
    profile = "this_is_dog"

    # Optionally also specify the path to the credentials file
    shared_credentials_file = "/tmp/credentials"
}

This is equivalent to specifying AWS_PROFILE or
AWS_SHARED_CREDENTIALS_FILE in the environment.
2016-01-14 15:39:35 +00:00
Clint 7f6624e926 Merge pull request #3862 from stack72/aws-redshift
provider/aws: AWS Redshift
2016-01-13 16:52:47 -06:00
Johannes Boyne df7ac2d51b Add AWS lambda alias support and documentation 2016-01-13 10:05:32 -06:00
nextrevision 6a3ed429ad Adding AWS ECR provider resources
Adds ECR aws_ecr_repository and aws_ecr_repository_policy resources to
the AWS provider.
2015-12-22 10:31:30 -05:00
stack72 bf03752552 Adding the documentation for the AWS Redshift Subnet Group resource
also removed the notion of tags from the redshift security group and
parameter group documentation until that has been implemented

Redshift Cluster CRUD and acceptance tests

Removing the Acceptance test for the Cluster Updates. You cannot delete
a cluster immediately after performing an operation on it. We would need
to add a lot of retry logic to the system to get this test to work

Adding some schema validation for RedShift cluster

Adding the last of the pieces of a first draft of the Redshift work - this is the documentation
2015-12-20 20:20:05 +00:00
stack72 48091e37c7 Adding the documentation for the Redshift Parameter Groups
Changed the aws_redshift_security_group and aws_redshift_parameter_group
to remove the tags from the schema. Tags are a little bit more
complicated than originally though - I will revisit this later

Then added the schema, CRUD functionality and basic acceptance tests for
aws_redshift_subnet_group

Adding an acceptance test for the Update of subnet_ids in AWS Redshift Subnet Group
2015-12-20 20:20:03 +00:00
stack72 249e7df76c Adding the documentation for the Redshift security groups
Creation of the schema, CRUD and acceptance tests for Redshift Parameter Group
2015-12-20 20:20:01 +00:00
stack72 85afc7d614 Initial creation of the work for AWS RedShift Support
Finalising the schema and acceptance tests for the Redshift Security Group's
2015-12-20 20:19:55 +00:00
stack72 2df8d7d9b0 Initial Scaffolding of the AWS Network ACL Entry resource 2015-12-18 23:14:54 +00:00
James Nugent 0bdf249f2c provider/aws: Add aws_nat_gateway Resource 2015-12-18 14:12:27 -05:00
clint shryock 5f5459a1fb provider/aws: Refactor AWS Authentication chain
- update auth checking to check metadata header
- refactor tests to not export os env vars
2015-12-15 10:46:10 -06:00
stack72 c965d2278e Adding a resource for aws_autoscaling_schedule 2015-12-11 18:43:38 +00:00
stack72 d84d6796c4 Initial CRUD work for the Autoscaling Group Scheduled Actions 2015-12-11 10:53:46 +00:00
Chris Marchesi 85627630bd New resource (AWS provider) - aws_lambda_event_source_mapping 2015-11-30 07:45:38 -08:00
Rafal Jeczalik 9e66e18334 provider/aws: fix for https://github.com/aws/aws-sdk-go/issues/452 2015-11-24 09:30:21 +01:00
Paul Hinze 6b6b5a43c3 provider/aws: serialize SG rule access to fix race condition
Because `aws_security_group_rule` resources are an abstraction on top of
Security Groups, they must interact with the AWS Security Group APIs in
a pattern that often results in lots of parallel requests interacting
with the same security group.

We've found that this pattern can trigger race conditions resulting in
inconsistent behavior, including:

 * Rules that report as created but don't actually exist on AWS's side
 * Rules that show up in AWS but don't register as being created
   locally, resulting in follow up attempts to authorize the rule
   failing w/ Duplicate errors

Here, we introduce a per-SG mutex that must be held by any security
group before it is allowed to interact with AWS APIs. This protects the
space between `DescribeSecurityGroup` and `Authorize*` / `Revoke*`
calls, ensuring that no other rules interact with the SG during that
span.

The included test exposes the race by applying a security group with
lots of rules, which based on the dependency graph can all be handled in
parallel. This fails most of the time without the new locking behavior.

I've omitted the mutex from `Read`, since it is only called during the
Refresh walk when no changes are being made, meaning a bunch of parallel
`DescribeSecurityGroup` API calls should be consistent in that case.
2015-11-18 12:39:59 -06:00
Rafal Jeczalik 4f25b552bb use single import path for aws-sdk-go 2015-11-16 00:42:08 +01:00
stack72 fc983c5505 Initial Create, Read and Delete work for the S3 part of the Kinesis Firehose resource 2015-11-09 22:26:55 +00:00
stack72 89ce6f7c83 Started the work for the AWS CodeCommit Repository resource
Starting to add the skeleton for the creation and update of a repository
2015-10-30 21:39:04 +00:00
Clint 5c3c1e2327 Merge pull request #3548 from MDL/aws_route
provider/aws: add aws_route resource (finish)
2015-10-29 17:06:56 -05:00
Clint cb2ecf5733 Merge pull request #3255 from Runscope/local-kinesis
provider/aws: allow local kinesis
2015-10-29 08:24:07 -05:00
Radek Simko a618b048cf aws: Add support for aws_cloudtrail 2015-10-28 17:13:14 +00:00
Radek Simko 0d8d6fde79 Merge pull request #2636 from TimeIncOSS/f-aws-cloudformation
provider/aws: Add aws_cloudformation_stack
2015-10-28 16:16:14 +00:00
Christopher Tiwald a546a12c2d aws: Add support for aws_codedeploy_deployment_group resources 2015-10-20 18:05:40 -04:00
Christopher Tiwald e59fb4e6ca aws: Add support for "aws_codedeploy_app" resources. 2015-10-20 18:05:39 -04:00
gkze ac0afad6e9 Add aws_route resource 2015-10-19 09:16:26 -04:00
Garrett Heel 9c2725e0a5 provider/aws: allow local kinesis 2015-10-13 14:29:50 -07:00
Radek Simko 4dfbbe3074 provider/aws: Add implementation for aws_cloudformation_stack 2015-10-13 22:55:55 +02:00
stack72 5266db31e2 Adding the ability to manage a glacier vault 2015-10-13 14:58:29 +01:00
Paul Hinze 61721387b3 Merge pull request #3457 from TimeIncOSS/f-aws-ec2-placement-groups
provider/aws: Add support for EC2 Placement Group
2015-10-12 14:24:12 -05:00
Martin Atkins 091d3fe206 Merge #3351: aws_autoscaling_lifecycle_hook resource 2015-10-11 22:52:00 -07:00
Jonathan Leibiusky 57c80a0d46 Add support for aws autoscaling lifecycle hooks. 2015-10-11 20:42:40 -03:00
Radek Simko a66ac7e751 provider/aws: Add aws_directory_service_directory resource 2015-10-08 17:06:39 -07:00
Radek Simko 110be439e2 provider/aws: Add aws_placement_group 2015-10-08 12:44:14 -07:00
Radek Simko 2b9f4f895e provider/aws: Add support for aws_elasticsearch_domain 2015-10-07 16:57:46 -07:00
Radek Simko f9efede852 gofmt files from recently merged PRs 2015-10-07 13:35:06 -07:00
Clint Shryock 5739c4869c provider/aws: Docs for RDS Cluster, Cluster Instance 2015-10-07 11:26:23 -05:00
Martin Atkins 6c71504073 Various AWS OpsWorks layer resource types.
A "Layer" is a particular service that forms part of the infrastructure for
a set of applications. Some layers are application servers and others are
pure infrastructure, like MySQL servers or load balancers.

Although the AWS API only has one type called "Layer", it actually has
a number of different "soft" types that each have slightly different
validation rules and extra properties that are packed into the Attributes
map.

To make the validation rule differences explicit in Terraform, and to make
the Terraform structure more closely resemble the OpsWorks UI than its
API, we use a separate resource type per layer type, with the common code
factored out into a shared struct type.
2015-10-05 22:47:44 -07:00
Martin Atkins 4ce3d089fb aws_opswork_stack resource type.
"Stack" is the root concept in OpsWorks, and acts as a container for a number
of different "layers" that each provide some service for an application.
A stack isn't very interesting on its own, but it needs to be created before
any layers can be created.
2015-10-05 22:47:44 -07:00
Radek Simko 167b44770f provider/aws: Add efs_mount_target 2015-10-03 19:35:06 -07:00