github.com/dougneal/terraform@v0.6.15-0.20170330092735-b6a3840768a4/builtin/providers/aws/resource_aws_opsworks_stack_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/hashicorp/terraform/helper/acctest" 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 11 "github.com/aws/aws-sdk-go/aws" 12 "github.com/aws/aws-sdk-go/aws/awserr" 13 "github.com/aws/aws-sdk-go/service/opsworks" 14 ) 15 16 /////////////////////////////// 17 //// Tests for the No-VPC case 18 /////////////////////////////// 19 20 func TestAccAWSOpsworksStackNoVpc(t *testing.T) { 21 stackName := fmt.Sprintf("tf-opsworks-acc-%d", acctest.RandInt()) 22 var opsstack opsworks.Stack 23 resource.Test(t, resource.TestCase{ 24 PreCheck: func() { testAccPreCheck(t) }, 25 Providers: testAccProviders, 26 CheckDestroy: testAccCheckAwsOpsworksStackDestroy, 27 Steps: []resource.TestStep{ 28 { 29 Config: testAccAwsOpsworksStackConfigNoVpcCreate(stackName), 30 Check: resource.ComposeTestCheckFunc( 31 testAccCheckAWSOpsworksStackExists( 32 "aws_opsworks_stack.tf-acc", false, &opsstack), 33 testAccCheckAWSOpsworksCreateStackAttributes( 34 &opsstack, "us-east-1a", stackName), 35 testAccAwsOpsworksStackCheckResourceAttrsCreate( 36 "us-east-1a", stackName), 37 ), 38 }, 39 }, 40 }) 41 } 42 43 func TestAccAWSOpsworksStackVpc(t *testing.T) { 44 stackName := fmt.Sprintf("tf-opsworks-acc-%d", acctest.RandInt()) 45 var opsstack opsworks.Stack 46 resource.Test(t, resource.TestCase{ 47 PreCheck: func() { testAccPreCheck(t) }, 48 Providers: testAccProviders, 49 CheckDestroy: testAccCheckAwsOpsworksStackDestroy, 50 Steps: []resource.TestStep{ 51 { 52 Config: testAccAwsOpsworksStackConfigVpcCreate(stackName), 53 Check: resource.ComposeTestCheckFunc( 54 testAccCheckAWSOpsworksStackExists( 55 "aws_opsworks_stack.tf-acc", true, &opsstack), 56 testAccCheckAWSOpsworksCreateStackAttributes( 57 &opsstack, "us-west-2a", stackName), 58 testAccAwsOpsworksStackCheckResourceAttrsCreate( 59 "us-west-2a", stackName), 60 ), 61 }, 62 { 63 Config: testAccAWSOpsworksStackConfigVpcUpdate(stackName), 64 Check: resource.ComposeTestCheckFunc( 65 testAccCheckAWSOpsworksStackExists( 66 "aws_opsworks_stack.tf-acc", true, &opsstack), 67 testAccCheckAWSOpsworksUpdateStackAttributes( 68 &opsstack, "us-west-2a", stackName), 69 testAccAwsOpsworksStackCheckResourceAttrsUpdate( 70 "us-west-2a", stackName), 71 ), 72 }, 73 }, 74 }) 75 } 76 77 // Tests the addition of regional endpoints and supporting the classic link used 78 // to create Stack's prior to v0.9.0. 79 // See https://github.com/hashicorp/terraform/issues/12842 80 func TestAccAWSOpsWorksStack_classic_endpoints(t *testing.T) { 81 stackName := fmt.Sprintf("tf-opsworks-acc-%d", acctest.RandInt()) 82 rInt := acctest.RandInt() 83 var opsstack opsworks.Stack 84 resource.Test(t, resource.TestCase{ 85 PreCheck: func() { testAccPreCheck(t) }, 86 Providers: testAccProviders, 87 CheckDestroy: testAccCheckAwsOpsworksStackDestroy, 88 Steps: []resource.TestStep{ 89 resource.TestStep{ 90 Config: testAccAwsOpsWorksStack_classic_endpoint(stackName, rInt), 91 Check: resource.ComposeTestCheckFunc( 92 testAccCheckAWSOpsworksStackExists( 93 "aws_opsworks_stack.main", false, &opsstack), 94 ), 95 }, 96 // Ensure that changing to us-west-2 region results in no plan 97 resource.TestStep{ 98 Config: testAccAwsOpsWorksStack_regional_endpoint(stackName, rInt), 99 PlanOnly: true, 100 }, 101 }, 102 }) 103 104 } 105 106 func testAccAwsOpsWorksStack_classic_endpoint(rName string, rInt int) string { 107 return fmt.Sprintf(` 108 provider "aws" { 109 region = "us-east-1" 110 } 111 112 resource "aws_opsworks_stack" "main" { 113 name = "%s" 114 region = "us-west-2" 115 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 116 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 117 118 configuration_manager_version = "12" 119 default_availability_zone = "us-west-2b" 120 } 121 122 resource "aws_iam_role" "opsworks_service" { 123 name = "tf_opsworks_service_%d" 124 125 assume_role_policy = <<EOT 126 { 127 "Version": "2008-10-17", 128 "Statement": [ 129 { 130 "Sid": "", 131 "Effect": "Allow", 132 "Principal": { 133 "Service": "opsworks.amazonaws.com" 134 }, 135 "Action": "sts:AssumeRole" 136 } 137 ] 138 } 139 EOT 140 } 141 142 resource "aws_iam_role_policy" "opsworks_service" { 143 name = "tf_opsworks_service_%d" 144 role = "${aws_iam_role.opsworks_service.id}" 145 146 policy = <<EOT 147 { 148 "Statement": [ 149 { 150 "Action": [ 151 "ec2:*", 152 "iam:PassRole", 153 "cloudwatch:GetMetricStatistics", 154 "elasticloadbalancing:*", 155 "rds:*" 156 ], 157 "Effect": "Allow", 158 "Resource": ["*"] 159 } 160 ] 161 } 162 EOT 163 } 164 165 resource "aws_iam_role" "opsworks_instance" { 166 name = "tf_opsworks_instance_%d" 167 168 assume_role_policy = <<EOT 169 { 170 "Version": "2008-10-17", 171 "Statement": [ 172 { 173 "Sid": "", 174 "Effect": "Allow", 175 "Principal": { 176 "Service": "ec2.amazonaws.com" 177 }, 178 "Action": "sts:AssumeRole" 179 } 180 ] 181 } 182 EOT 183 } 184 185 resource "aws_iam_instance_profile" "opsworks_instance" { 186 name = "%s_profile" 187 roles = ["${aws_iam_role.opsworks_instance.name}"] 188 }`, rName, rInt, rInt, rInt, rName) 189 } 190 191 func testAccAwsOpsWorksStack_regional_endpoint(rName string, rInt int) string { 192 return fmt.Sprintf(` 193 provider "aws" { 194 region = "us-west-2" 195 } 196 197 resource "aws_opsworks_stack" "main" { 198 name = "%s" 199 region = "us-west-2" 200 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 201 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 202 203 configuration_manager_version = "12" 204 default_availability_zone = "us-west-2b" 205 } 206 207 resource "aws_iam_role" "opsworks_service" { 208 name = "tf_opsworks_service_%d" 209 210 assume_role_policy = <<EOT 211 { 212 "Version": "2008-10-17", 213 "Statement": [ 214 { 215 "Sid": "", 216 "Effect": "Allow", 217 "Principal": { 218 "Service": "opsworks.amazonaws.com" 219 }, 220 "Action": "sts:AssumeRole" 221 } 222 ] 223 } 224 EOT 225 } 226 227 resource "aws_iam_role_policy" "opsworks_service" { 228 name = "tf_opsworks_service_%d" 229 role = "${aws_iam_role.opsworks_service.id}" 230 231 policy = <<EOT 232 { 233 "Statement": [ 234 { 235 "Action": [ 236 "ec2:*", 237 "iam:PassRole", 238 "cloudwatch:GetMetricStatistics", 239 "elasticloadbalancing:*", 240 "rds:*" 241 ], 242 "Effect": "Allow", 243 "Resource": ["*"] 244 } 245 ] 246 } 247 EOT 248 } 249 250 resource "aws_iam_role" "opsworks_instance" { 251 name = "tf_opsworks_instance_%d" 252 253 assume_role_policy = <<EOT 254 { 255 "Version": "2008-10-17", 256 "Statement": [ 257 { 258 "Sid": "", 259 "Effect": "Allow", 260 "Principal": { 261 "Service": "ec2.amazonaws.com" 262 }, 263 "Action": "sts:AssumeRole" 264 } 265 ] 266 } 267 EOT 268 } 269 270 resource "aws_iam_instance_profile" "opsworks_instance" { 271 name = "%s_profile" 272 roles = ["${aws_iam_role.opsworks_instance.name}"] 273 }`, rName, rInt, rInt, rInt, rName) 274 } 275 276 //////////////////////////// 277 //// Checkers and Utilities 278 //////////////////////////// 279 280 func testAccAwsOpsworksStackCheckResourceAttrsCreate(zone, stackName string) resource.TestCheckFunc { 281 return resource.ComposeTestCheckFunc( 282 resource.TestCheckResourceAttr( 283 "aws_opsworks_stack.tf-acc", 284 "name", 285 stackName, 286 ), 287 resource.TestCheckResourceAttr( 288 "aws_opsworks_stack.tf-acc", 289 "default_availability_zone", 290 zone, 291 ), 292 resource.TestCheckResourceAttr( 293 "aws_opsworks_stack.tf-acc", 294 "default_os", 295 "Amazon Linux 2016.09", 296 ), 297 resource.TestCheckResourceAttr( 298 "aws_opsworks_stack.tf-acc", 299 "default_root_device_type", 300 "ebs", 301 ), 302 resource.TestCheckResourceAttr( 303 "aws_opsworks_stack.tf-acc", 304 "custom_json", 305 `{"key": "value"}`, 306 ), 307 resource.TestCheckResourceAttr( 308 "aws_opsworks_stack.tf-acc", 309 "configuration_manager_version", 310 "11.10", 311 ), 312 resource.TestCheckResourceAttr( 313 "aws_opsworks_stack.tf-acc", 314 "use_opsworks_security_groups", 315 "false", 316 ), 317 ) 318 } 319 320 func testAccAwsOpsworksStackCheckResourceAttrsUpdate(zone, stackName string) resource.TestCheckFunc { 321 return resource.ComposeTestCheckFunc( 322 resource.TestCheckResourceAttr( 323 "aws_opsworks_stack.tf-acc", 324 "name", 325 stackName, 326 ), 327 resource.TestCheckResourceAttr( 328 "aws_opsworks_stack.tf-acc", 329 "default_availability_zone", 330 zone, 331 ), 332 resource.TestCheckResourceAttr( 333 "aws_opsworks_stack.tf-acc", 334 "default_os", 335 "Amazon Linux 2015.09", 336 ), 337 resource.TestCheckResourceAttr( 338 "aws_opsworks_stack.tf-acc", 339 "default_root_device_type", 340 "ebs", 341 ), 342 resource.TestCheckResourceAttr( 343 "aws_opsworks_stack.tf-acc", 344 "custom_json", 345 `{"key": "value"}`, 346 ), 347 resource.TestCheckResourceAttr( 348 "aws_opsworks_stack.tf-acc", 349 "configuration_manager_version", 350 "11.10", 351 ), 352 resource.TestCheckResourceAttr( 353 "aws_opsworks_stack.tf-acc", 354 "use_opsworks_security_groups", 355 "false", 356 ), 357 resource.TestCheckResourceAttr( 358 "aws_opsworks_stack.tf-acc", 359 "use_custom_cookbooks", 360 "true", 361 ), 362 resource.TestCheckResourceAttr( 363 "aws_opsworks_stack.tf-acc", 364 "manage_berkshelf", 365 "true", 366 ), 367 resource.TestCheckResourceAttr( 368 "aws_opsworks_stack.tf-acc", 369 "custom_cookbooks_source.0.type", 370 "git", 371 ), 372 resource.TestCheckResourceAttr( 373 "aws_opsworks_stack.tf-acc", 374 "custom_cookbooks_source.0.revision", 375 "master", 376 ), 377 resource.TestCheckResourceAttr( 378 "aws_opsworks_stack.tf-acc", 379 "custom_cookbooks_source.0.url", 380 "https://github.com/aws/opsworks-example-cookbooks.git", 381 ), 382 ) 383 } 384 385 func testAccCheckAWSOpsworksStackExists( 386 n string, vpc bool, opsstack *opsworks.Stack) resource.TestCheckFunc { 387 return func(s *terraform.State) error { 388 rs, ok := s.RootModule().Resources[n] 389 if !ok { 390 return fmt.Errorf("Not found: %s", n) 391 } 392 393 if rs.Primary.ID == "" { 394 return fmt.Errorf("No ID is set") 395 } 396 397 conn := testAccProvider.Meta().(*AWSClient).opsworksconn 398 399 params := &opsworks.DescribeStacksInput{ 400 StackIds: []*string{aws.String(rs.Primary.ID)}, 401 } 402 resp, err := conn.DescribeStacks(params) 403 404 if err != nil { 405 return err 406 } 407 408 if v := len(resp.Stacks); v != 1 { 409 return fmt.Errorf("Expected 1 response returned, got %d", v) 410 } 411 412 *opsstack = *resp.Stacks[0] 413 414 if vpc { 415 if rs.Primary.Attributes["vpc_id"] != *opsstack.VpcId { 416 return fmt.Errorf("VPCID Got %s, expected %s", *opsstack.VpcId, rs.Primary.Attributes["vpc_id"]) 417 } 418 if rs.Primary.Attributes["default_subnet_id"] != *opsstack.DefaultSubnetId { 419 return fmt.Errorf("Default subnet Id Got %s, expected %s", *opsstack.DefaultSubnetId, rs.Primary.Attributes["default_subnet_id"]) 420 } 421 } 422 423 return nil 424 } 425 } 426 427 func testAccCheckAWSOpsworksCreateStackAttributes( 428 opsstack *opsworks.Stack, zone, stackName string) resource.TestCheckFunc { 429 return func(s *terraform.State) error { 430 if *opsstack.Name != stackName { 431 return fmt.Errorf("Unnexpected stackName: %s", *opsstack.Name) 432 } 433 434 if *opsstack.DefaultAvailabilityZone != zone { 435 return fmt.Errorf("Unnexpected DefaultAvailabilityZone: %s", *opsstack.DefaultAvailabilityZone) 436 } 437 438 if *opsstack.DefaultOs != "Amazon Linux 2016.09" { 439 return fmt.Errorf("Unnexpected stackName: %s", *opsstack.DefaultOs) 440 } 441 442 if *opsstack.DefaultRootDeviceType != "ebs" { 443 return fmt.Errorf("Unnexpected DefaultRootDeviceType: %s", *opsstack.DefaultRootDeviceType) 444 } 445 446 if *opsstack.CustomJson != `{"key": "value"}` { 447 return fmt.Errorf("Unnexpected CustomJson: %s", *opsstack.CustomJson) 448 } 449 450 if *opsstack.ConfigurationManager.Version != "11.10" { 451 return fmt.Errorf("Unnexpected Version: %s", *opsstack.ConfigurationManager.Version) 452 } 453 454 if *opsstack.UseOpsworksSecurityGroups { 455 return fmt.Errorf("Unnexpected UseOpsworksSecurityGroups: %t", *opsstack.UseOpsworksSecurityGroups) 456 } 457 458 return nil 459 } 460 } 461 462 func testAccCheckAWSOpsworksUpdateStackAttributes( 463 opsstack *opsworks.Stack, zone, stackName string) resource.TestCheckFunc { 464 return func(s *terraform.State) error { 465 if *opsstack.Name != stackName { 466 return fmt.Errorf("Unnexpected stackName: %s", *opsstack.Name) 467 } 468 469 if *opsstack.DefaultAvailabilityZone != zone { 470 return fmt.Errorf("Unnexpected DefaultAvailabilityZone: %s", *opsstack.DefaultAvailabilityZone) 471 } 472 473 if *opsstack.DefaultOs != "Amazon Linux 2015.09" { 474 return fmt.Errorf("Unnexpected stackName: %s", *opsstack.DefaultOs) 475 } 476 477 if *opsstack.DefaultRootDeviceType != "ebs" { 478 return fmt.Errorf("Unnexpected DefaultRootDeviceType: %s", *opsstack.DefaultRootDeviceType) 479 } 480 481 if *opsstack.CustomJson != `{"key": "value"}` { 482 return fmt.Errorf("Unnexpected CustomJson: %s", *opsstack.CustomJson) 483 } 484 485 if *opsstack.ConfigurationManager.Version != "11.10" { 486 return fmt.Errorf("Unnexpected Version: %s", *opsstack.ConfigurationManager.Version) 487 } 488 489 if !*opsstack.UseCustomCookbooks { 490 return fmt.Errorf("Unnexpected UseCustomCookbooks: %t", *opsstack.UseCustomCookbooks) 491 } 492 493 if !*opsstack.ChefConfiguration.ManageBerkshelf { 494 return fmt.Errorf("Unnexpected ManageBerkshelf: %t", *opsstack.ChefConfiguration.ManageBerkshelf) 495 } 496 497 if *opsstack.CustomCookbooksSource.Type != "git" { 498 return fmt.Errorf("Unnexpected *opsstack.CustomCookbooksSource.Type: %s", *opsstack.CustomCookbooksSource.Type) 499 } 500 501 if *opsstack.CustomCookbooksSource.Revision != "master" { 502 return fmt.Errorf("Unnexpected *opsstack.CustomCookbooksSource.Type: %s", *opsstack.CustomCookbooksSource.Revision) 503 } 504 505 if *opsstack.CustomCookbooksSource.Url != "https://github.com/aws/opsworks-example-cookbooks.git" { 506 return fmt.Errorf("Unnexpected *opsstack.CustomCookbooksSource.Type: %s", *opsstack.CustomCookbooksSource.Url) 507 } 508 509 return nil 510 } 511 } 512 513 func testAccCheckAwsOpsworksStackDestroy(s *terraform.State) error { 514 opsworksconn := testAccProvider.Meta().(*AWSClient).opsworksconn 515 for _, rs := range s.RootModule().Resources { 516 if rs.Type != "aws_opsworks_stack" { 517 continue 518 } 519 520 req := &opsworks.DescribeStacksInput{ 521 StackIds: []*string{ 522 aws.String(rs.Primary.ID), 523 }, 524 } 525 526 _, err := opsworksconn.DescribeStacks(req) 527 if err != nil { 528 if awserr, ok := err.(awserr.Error); ok { 529 if awserr.Code() == "ResourceNotFoundException" { 530 // not found, all good 531 return nil 532 } 533 } 534 return err 535 } 536 } 537 return fmt.Errorf("Fall through error for OpsWorks stack test") 538 } 539 540 ////////////////////////////////////////////////// 541 //// Helper configs for the necessary IAM objects 542 ////////////////////////////////////////////////// 543 544 func testAccAwsOpsworksStackConfigNoVpcCreate(name string) string { 545 return fmt.Sprintf(` 546 provider "aws" { 547 region = "us-east-1" 548 } 549 resource "aws_opsworks_stack" "tf-acc" { 550 name = "%s" 551 region = "us-east-1" 552 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 553 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 554 default_availability_zone = "us-east-1a" 555 default_os = "Amazon Linux 2016.09" 556 default_root_device_type = "ebs" 557 custom_json = "{\"key\": \"value\"}" 558 configuration_manager_version = "11.10" 559 use_opsworks_security_groups = false 560 } 561 562 resource "aws_iam_role" "opsworks_service" { 563 name = "%s_opsworks_service" 564 assume_role_policy = <<EOT 565 { 566 "Version": "2008-10-17", 567 "Statement": [ 568 { 569 "Sid": "", 570 "Effect": "Allow", 571 "Principal": { 572 "Service": "opsworks.amazonaws.com" 573 }, 574 "Action": "sts:AssumeRole" 575 } 576 ] 577 } 578 EOT 579 } 580 581 resource "aws_iam_role_policy" "opsworks_service" { 582 name = "%s_opsworks_service" 583 role = "${aws_iam_role.opsworks_service.id}" 584 policy = <<EOT 585 { 586 "Statement": [ 587 { 588 "Action": [ 589 "ec2:*", 590 "iam:PassRole", 591 "cloudwatch:GetMetricStatistics", 592 "elasticloadbalancing:*", 593 "rds:*" 594 ], 595 "Effect": "Allow", 596 "Resource": ["*"] 597 } 598 ] 599 } 600 EOT 601 } 602 603 resource "aws_iam_role" "opsworks_instance" { 604 name = "%s_opsworks_instance" 605 assume_role_policy = <<EOT 606 { 607 "Version": "2008-10-17", 608 "Statement": [ 609 { 610 "Sid": "", 611 "Effect": "Allow", 612 "Principal": { 613 "Service": "ec2.amazonaws.com" 614 }, 615 "Action": "sts:AssumeRole" 616 } 617 ] 618 } 619 EOT 620 } 621 622 resource "aws_iam_instance_profile" "opsworks_instance" { 623 name = "%s_opsworks_instance" 624 roles = ["${aws_iam_role.opsworks_instance.name}"] 625 }`, name, name, name, name, name) 626 } 627 628 //////////////////////////// 629 //// Tests for the VPC case 630 //////////////////////////// 631 632 func testAccAwsOpsworksStackConfigVpcCreate(name string) string { 633 return fmt.Sprintf(` 634 resource "aws_vpc" "tf-acc" { 635 cidr_block = "10.3.5.0/24" 636 } 637 resource "aws_subnet" "tf-acc" { 638 vpc_id = "${aws_vpc.tf-acc.id}" 639 cidr_block = "${aws_vpc.tf-acc.cidr_block}" 640 availability_zone = "us-west-2a" 641 } 642 resource "aws_opsworks_stack" "tf-acc" { 643 name = "%s" 644 region = "us-west-2" 645 vpc_id = "${aws_vpc.tf-acc.id}" 646 default_subnet_id = "${aws_subnet.tf-acc.id}" 647 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 648 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 649 default_os = "Amazon Linux 2016.09" 650 default_root_device_type = "ebs" 651 custom_json = "{\"key\": \"value\"}" 652 configuration_manager_version = "11.10" 653 use_opsworks_security_groups = false 654 } 655 656 resource "aws_iam_role" "opsworks_service" { 657 name = "%s_opsworks_service" 658 assume_role_policy = <<EOT 659 { 660 "Version": "2008-10-17", 661 "Statement": [ 662 { 663 "Sid": "", 664 "Effect": "Allow", 665 "Principal": { 666 "Service": "opsworks.amazonaws.com" 667 }, 668 "Action": "sts:AssumeRole" 669 } 670 ] 671 } 672 EOT 673 } 674 675 resource "aws_iam_role_policy" "opsworks_service" { 676 name = "%s_opsworks_service" 677 role = "${aws_iam_role.opsworks_service.id}" 678 policy = <<EOT 679 { 680 "Statement": [ 681 { 682 "Action": [ 683 "ec2:*", 684 "iam:PassRole", 685 "cloudwatch:GetMetricStatistics", 686 "elasticloadbalancing:*", 687 "rds:*" 688 ], 689 "Effect": "Allow", 690 "Resource": ["*"] 691 } 692 ] 693 } 694 EOT 695 } 696 697 resource "aws_iam_role" "opsworks_instance" { 698 name = "%s_opsworks_instance" 699 assume_role_policy = <<EOT 700 { 701 "Version": "2008-10-17", 702 "Statement": [ 703 { 704 "Sid": "", 705 "Effect": "Allow", 706 "Principal": { 707 "Service": "ec2.amazonaws.com" 708 }, 709 "Action": "sts:AssumeRole" 710 } 711 ] 712 } 713 EOT 714 } 715 716 resource "aws_iam_instance_profile" "opsworks_instance" { 717 name = "%s_opsworks_instance" 718 roles = ["${aws_iam_role.opsworks_instance.name}"] 719 } 720 `, name, name, name, name, name) 721 } 722 723 func testAccAWSOpsworksStackConfigVpcUpdate(name string) string { 724 return fmt.Sprintf(` 725 resource "aws_vpc" "tf-acc" { 726 cidr_block = "10.3.5.0/24" 727 } 728 resource "aws_subnet" "tf-acc" { 729 vpc_id = "${aws_vpc.tf-acc.id}" 730 cidr_block = "${aws_vpc.tf-acc.cidr_block}" 731 availability_zone = "us-west-2a" 732 } 733 resource "aws_opsworks_stack" "tf-acc" { 734 name = "%s" 735 region = "us-west-2" 736 vpc_id = "${aws_vpc.tf-acc.id}" 737 default_subnet_id = "${aws_subnet.tf-acc.id}" 738 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 739 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 740 default_os = "Amazon Linux 2015.09" 741 default_root_device_type = "ebs" 742 custom_json = "{\"key\": \"value\"}" 743 configuration_manager_version = "11.10" 744 use_opsworks_security_groups = false 745 use_custom_cookbooks = true 746 manage_berkshelf = true 747 custom_cookbooks_source { 748 type = "git" 749 revision = "master" 750 url = "https://github.com/aws/opsworks-example-cookbooks.git" 751 } 752 } 753 754 resource "aws_iam_role" "opsworks_service" { 755 name = "%s_opsworks_service" 756 assume_role_policy = <<EOT 757 { 758 "Version": "2008-10-17", 759 "Statement": [ 760 { 761 "Sid": "", 762 "Effect": "Allow", 763 "Principal": { 764 "Service": "opsworks.amazonaws.com" 765 }, 766 "Action": "sts:AssumeRole" 767 } 768 ] 769 } 770 EOT 771 } 772 773 resource "aws_iam_role_policy" "opsworks_service" { 774 name = "%s_opsworks_service" 775 role = "${aws_iam_role.opsworks_service.id}" 776 policy = <<EOT 777 { 778 "Statement": [ 779 { 780 "Action": [ 781 "ec2:*", 782 "iam:PassRole", 783 "cloudwatch:GetMetricStatistics", 784 "elasticloadbalancing:*", 785 "rds:*" 786 ], 787 "Effect": "Allow", 788 "Resource": ["*"] 789 } 790 ] 791 } 792 EOT 793 } 794 795 resource "aws_iam_role" "opsworks_instance" { 796 name = "%s_opsworks_instance" 797 assume_role_policy = <<EOT 798 { 799 "Version": "2008-10-17", 800 "Statement": [ 801 { 802 "Sid": "", 803 "Effect": "Allow", 804 "Principal": { 805 "Service": "ec2.amazonaws.com" 806 }, 807 "Action": "sts:AssumeRole" 808 } 809 ] 810 } 811 EOT 812 } 813 814 resource "aws_iam_instance_profile" "opsworks_instance" { 815 name = "%s_opsworks_instance" 816 roles = ["${aws_iam_role.opsworks_instance.name}"] 817 } 818 819 `, name, name, name, name, name) 820 }