* Added Step Function Activity & Step Function State Machine
* Added SFN State Machine documentation
* Added aws_sfn_activity & documentation
* Allowed import of sfn resources
* Added more checks on tests, fixed documentation
* Handled the update case of a SFN function (might be already deleting)
* Removed the State Machine import test file
* Fixed the eventual consistency of the read after delete for SFN functions
* added server_side_encryption to s3_bucket_object resource including associated acceptance test and documentation.
* got acceptance tests passing.
* made server_side_encryption a computed attribute and only set kms_key_id attribute if an S3 non-default master key is in use.
* ensured kms api is only interrogated if required.
Implementing vpc_peering_connection_accept.
Additions from @ewbankkit:
Rename 'aws_vpc_peering_connection_accept' to 'aws_vpc_peering_connection_accepter'.
Get it working reusing functionality from 'aws_vpc_peering_connection' resource.
* Add a new data provider to decrypt AWS KMS secrets
* Address feedback
* Rename aws_kms_secrets to aws_kms_secret
* Add more examples to the documentation
Fixes: #11461
This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
- When creating an `iam_instance_profile` you will receive an error if you have multiple roles defined but have not increased your AWS limit for the number of roles you can assign to an `iam_instance_profile`.
- See more on defaults: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html
* Added aws_api_gateway_integration request_templates in the documentation
* Added aws_api_gateway_integration_response response_templates in the documentation
* provider/aws: Remove hardcoded https from the ecr repository
When the ECR resource was created, we hardcoded the repository URL to
start with https://
This was a mistake as all interaction with the repository now must
include a replace function for the https:// to "" for this to be usable
We need to note this change in the backward incompatibilities
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEcrRepository_' ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/20 14:37:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEcrRepository_ -timeout 120m
=== RUN TestAccAWSEcrRepository_importBasic
--- PASS: TestAccAWSEcrRepository_importBasic (20.46s)
=== RUN TestAccAWSEcrRepository_basic
--- PASS: TestAccAWSEcrRepository_basic (18.77s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.251s
```
* Update ecr_repository.html.markdown
Updates ECS task_definition documentation, and schema validation functions to match the AWS API documentation.
Updates ECS service documentation, and schema validation functions match the AWS API documentation.
```
1 error(s) occurred:
* aws_elasticache_replication_group.cache: Error creating Elasticache Replication Group: InvalidParameterCombination: Expected a parameter group of family redis3.2 but found one of family redis2.8
status code: 400, request id: 9e6563a4-dd91-11e6-bc8b-ed011a44f429
```
Example code fails a validation:
```
Errors:
* aws_elasticache_replication_group.cache: "replication_group_id" must contain from 1 to 20 alphanumeric characters or hyphens
```
statistic
Fixes: #11189
This introduces a new parameter and makes an existing parameter from
`required` to `optional` as both cannot be specified together
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudWatchMetricAlarm_' 2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/13 11:25:24 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCloudWatchMetricAlarm_ -timeout 120m
=== RUN TestAccAWSCloudWatchMetricAlarm_importBasic
--- PASS: TestAccAWSCloudWatchMetricAlarm_importBasic (19.80s)
=== RUN TestAccAWSCloudWatchMetricAlarm_basic
--- PASS: TestAccAWSCloudWatchMetricAlarm_basic (20.42s)
=== RUN TestAccAWSCloudWatchMetricAlarm_extendedStatistic
--- PASS: TestAccAWSCloudWatchMetricAlarm_extendedStatistic (18.92s)
PASS
```
* provider/aws: New DataSource: aws_elb_hosted_zone_id
This datasource is a list of all of the ELB DualStack Hosted Zone IDs.
This will allow us to reference the correct hosted zone id when creating
route53 alias records
There are many bugs for this - this is just the beginning of fixing them
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElbHostedZoneId_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/04 13:04:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElbHostedZoneId_basic -timeout 120m
=== RUN TestAccAWSElbHostedZoneId_basic
--- PASS: TestAccAWSElbHostedZoneId_basic (20.46s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 20.484s
```
* Update elb_hosted_zone_id.html.markdown
Documentation for the `aws_route_table` data source mentions that it supports a route table `id` as an argument, however it was missing from the actual provider code.
Adds in the missing provider code, adds a test, and updates the documentation to use `rtb_id` as the argument, instead of the more ambiguous `id`.
* provider/aws: New Resource - aws_codedeploy_deployment_config
* provider/aws: Adding acceptance tests for new
aws_codedeploy_deployment_config resource
* provider/aws: Documentation for the aws_codedeploy_deployment_config resource
* Update codedeploy_deployment_config.html.markdown
aws_api_gateway_integration_response
This continues the work carried out in #10696
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAPIGatewayIntegrationResponse_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/03 14:18:46 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSAPIGatewayIntegrationResponse_ -timeout 120m
=== RUN TestAccAWSAPIGatewayIntegrationResponse_basic
--- PASS: TestAccAWSAPIGatewayIntegrationResponse_basic (57.33s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws57.352s
```
Fixes:#10902
AWS introduced a change to the Mount Target DNS Name to remove the
availability_zone from it -
https://aws.amazon.com/about-aws/whats-new/2016/12/simplified-mounting-of-amazon-efs-file-systems/
This was because there used to be a limit of 1 mount target per AZ -
this has been raised.
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEFSMountTarget_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/04 10:45:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEFSMountTarget_ -timeout 120m
=== RUN TestAccAWSEFSMountTarget_importBasic
--- PASS: TestAccAWSEFSMountTarget_importBasic (236.19s)
=== RUN TestAccAWSEFSMountTarget_basic
--- PASS: TestAccAWSEFSMountTarget_basic (445.52s)
=== RUN TestAccAWSEFSMountTarget_disappears
--- PASS: TestAccAWSEFSMountTarget_disappears (228.31s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 910.044s
```
* Add 'aws_vpc_peering_connection' data source.
* Changes after code review.
* Add 'accepter' and 'requester' blocks to aws_vpc_peering_connection data source output attributes.
* provider/aws: data source for AWS Hosted Zone
* add caller_reference, resource_record_set_count fields, manage private zone and trailing dot
* fix fmt
* update documentation, use string function in hostedZoneNamewq
* add vpc_id support
* add tags support
* add documentation for hosted zone data source tags support
* provider/aws: Add the aws_eip data source
* Document the aws_eip data source on the website
* provider/aws: support query by public_ip for aws_eip data source
Fixes#8455, #5390
This add a new `no_device` attribute to `ephemeral_block_device` block,
which allows users omit ephemeral devices from AMI's predefined block
device mappings, which is useful for EBS-only instance types.
* add rds db for opsworks
* switched to stack in vpc
* implement update method
* add docs
* implement and document force new resource behavior
* implement retry for update and delete
* add test that forces new resource
* Add new aws_vpc_endpoint_route_table_association resource.
This commit adds a new resource which allows to a list of route tables to be
either added and/or removed from an existing VPC Endpoint. This resource would
also be complimentary to the existing `aws_vpc_endpoint` resource where the
route tables might not be specified (not a requirement for a VPC Endpoint to
be created successfully) during creation, especially where the workflow is
such where the route tables are not immediately known.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Additions by Kit Ewbank <Kit_Ewbank@hotmail.com>:
* Add functionality
* Add documentation
* Add acceptance tests
* Set VPC endpoint route_table_ids attribute to "Computed"
* Changes after review - Set resource ID in create function.
* Changes after code review by @kwilczynski:
* Removed error types and simplified the error handling in 'resourceAwsVPCEndpointRouteTableAssociationRead'
* Simplified logging in 'resourceAwsVPCEndpointRouteTableAssociationDelete'
* provider/aws: Add DeploymentRollback as a valid TriggerEvent type
* provider/aws: Add auto_rollback_configuration to aws_codedeploy_deployment_group
* provider/aws: Document auto_rollback_configuration
- part of aws_codedeploy_deployment_group
* provider/aws: Support removing and disabling auto_rollback_configuration
- part of aws_codedeploy_deployment_group resource
- when removing configuration, ensure events are removed
- when disabling configuration, preserve events in case configuration is re-enabled
* provider/aws: Add alarm_configuration to aws_codedeploy_deployment_group
* provider/aws: Document alarm_configuration
- part of aws_codedeploy_deployment_group
* provider/aws: Support removing alarm_configuration
- part of aws_codedeploy_deployment_group resource
- disabling configuration doesn't appear to work...
* provider/aws: Refactor auto_rollback_configuration tests
- Add create test
- SKIP failing test for now
- Add tests for build & map functions
* provider/aws: Refactor new aws_code_deploy_deployment_group tests
- alarm_configuration and auto_rollback_configuration only
- add assertions to deployment_group basic test
- rename config funcs to be more easy to read
- group public tests together
* provider/aws: A max of 10 alarms can be added to a deployment group.
- aws_code_deploy_deployment_group.alarm_configuration.alarms
- verified this causes test failure with expected exception
* provider/aws: Test disabling alarm_configuration and auto_rollback_configuration
- the tests now pass after rebasing the latest master branch
The current example using the ELB's account ID will trigger an update for a resource that uses the `.id` instead if the `.arn` syntax.
Once updated to the `.arn`, no changes are detected.
[ci skip]
* provider/aws: Add ability to create aws_ebs_snapshot
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSSnapshot_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 14:18:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSSnapshot_
-timeout 120m
=== RUN TestAccAWSEBSSnapshot_basic
--- PASS: TestAccAWSEBSSnapshot_basic (31.56s)
=== RUN TestAccAWSEBSSnapshot_withDescription
--- PASS: TestAccAWSEBSSnapshot_withDescription (189.35s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws220.928s
```
* docs/aws: Addition of the docs for aws_ebs_snapshot resource
* provider/aws: Creation of shared schema funcs for common AWS data source
patterns
* provider/aws: Create aws_ebs_snapshot datasource
Fixes#8828
This data source will use a number of filters, owner_ids, snapshot_ids
and restorable_by_user_ids in order to find the correct snapshot. The
data source has no real use case for most_recent and will error on no
snapshots found or greater than 1 snapshot found
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsSnapshotDataSource_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 14:34:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsSnapshotDataSource_ -timeout 120m
=== RUN TestAccAWSEbsSnapshotDataSource_basic
--- PASS: TestAccAWSEbsSnapshotDataSource_basic (192.66s)
=== RUN TestAccAWSEbsSnapshotDataSource_multipleFilters
--- PASS: TestAccAWSEbsSnapshotDataSource_multipleFilters (33.84s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws226.522s
```
* docs/aws: Addition of docs for the aws_ebs_snapshot data source
Adds the new resource `aws_ebs_snapshot`
* provider/aws: Add aws_alb data source
This adds the aws_alb data source for getting information on an AWS
Application Load Balancer.
The schema is nearly the same as the resource of the same name, with
most of the resource population logic de-coupled into its own function
so that they can be shared between the resource and data source.
* provider/aws: aws_alb data source language revisions
* Multiple/zero result error slightly updated to be a bit more
specific.
* Fixed relic of the copy of the resource docs (resource -> data
source)
When `force_destroy` was specifed on an `aws_iam_user` resource, only IAM
access keys and the login profile were destroyed. If a multi-factor auth
device had been activated for that user, deletion would fail as follows:
```
* aws_iam_user.testuser1: Error deleting IAM User testuser1: DeleteConflict: Cannot delete entity, must delete MFA device first.
status code: 409, request id: aa41b1b7-ac4d-11e6-bb3f-3b4c7a310c65
```
This commit iterates over any of the user's MFA devices and deactivates
them before deleting the user. It follows a pattern similar to that used
to remove users' IAM access keys before deletion.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/20 17:09:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (5.70s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (11.12s)
PASS
ok github.com/rhenning/terraform/builtin/providers/aws 20.840s
```
The docs for the CreateDBInstance API call include quite a bit more information about each individual option, (for example `Engine` has each of the possible options listed, whilst the cli reference doesn't).
existing example returns an error like the following should you try to
run `terraform plan` against it:
Error reading config for aws_subnet[example]: data.aws_availability_zone.name_suffix: data variables must be four parts: data.TYPE.NAME.ATTR in:
${cidrsubnet(aws_vpc.example.cidr_block, 4, var.az_number[data.aws_availability_zone.name_suffix])}
* provider/aws: Add aws_alb_listener data source
This adds the aws_alb_listener data source to get information on an AWS
Application Load Balancer listener.
The schema is slightly modified (only option-wise, attributes are the
same) and we use the aws_alb_listener resource read function to get the
data.
Note that the HTTPS test here may fail due until
hashicorp/terraform#10180 is merged.
* provider/aws: Add aws_alb_listener data source docs
Now documented.
* Added key_name_prefix to aws_key_pair resource schema.
* Added logic to prefix the aws_key_pair name on create.
* Added aws_key_pair test config for key_name_prefix case.
* Copied test cases from testAccAWSSecurityGroup namespace.
* Modified copied test case to suit aws_key_pair resource.
* Changed required flag to optional on key_name argument for aws_key_pair resource.
* Added documentation for key_name_prefix argument.
* Code style fix.
* Fixed undefined variable error in test.
fixes#9110
An error was found where, static_routes_only was not set on a vpn
connection import. This commit introduces setting the static_routes_only
to false when no Options are found. This follows the AWS convention as follows:
```
- options (structure)
Indicates whether the VPN connection requires static routes. If you are creating a VPN connection for a device that does not support BGP, you must specify true .
Default: false
```
So we take it that `static_options_only` is false by default
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 10:38:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnConnection_ -timeout 120m
=== RUN TestAccAWSVpnConnection_importBasic
--- PASS: TestAccAWSVpnConnection_importBasic (178.29s)
=== RUN TestAccAWSVpnConnection_basic
--- PASS: TestAccAWSVpnConnection_basic (336.81s)
=== RUN TestAccAWSVpnConnection_withoutStaticRoutes
--- PASS: TestAccAWSVpnConnection_withoutStaticRoutes (195.45s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 710.572s
```