github.com/koding/terraform@v0.6.4-0.20170608090606-5d7e0339779d/builtin/providers/aws/provider.go (about) 1 package aws 2 3 import ( 4 "bytes" 5 "fmt" 6 "log" 7 8 "github.com/hashicorp/terraform/helper/hashcode" 9 "github.com/hashicorp/terraform/helper/mutexkv" 10 "github.com/hashicorp/terraform/helper/schema" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 // Provider returns a terraform.ResourceProvider. 15 func Provider() terraform.ResourceProvider { 16 // TODO: Move the validation to this, requires conditional schemas 17 // TODO: Move the configuration to this, requires validation 18 19 // The actual provider 20 return &schema.Provider{ 21 Schema: map[string]*schema.Schema{ 22 "access_key": { 23 Type: schema.TypeString, 24 Optional: true, 25 Default: "", 26 Description: descriptions["access_key"], 27 }, 28 29 "secret_key": { 30 Type: schema.TypeString, 31 Optional: true, 32 Default: "", 33 Description: descriptions["secret_key"], 34 }, 35 36 "profile": { 37 Type: schema.TypeString, 38 Optional: true, 39 Default: "", 40 Description: descriptions["profile"], 41 }, 42 43 "assume_role": assumeRoleSchema(), 44 45 "shared_credentials_file": { 46 Type: schema.TypeString, 47 Optional: true, 48 Default: "", 49 Description: descriptions["shared_credentials_file"], 50 }, 51 52 "token": { 53 Type: schema.TypeString, 54 Optional: true, 55 Default: "", 56 Description: descriptions["token"], 57 }, 58 59 "region": { 60 Type: schema.TypeString, 61 Required: true, 62 DefaultFunc: schema.MultiEnvDefaultFunc([]string{ 63 "AWS_REGION", 64 "AWS_DEFAULT_REGION", 65 }, nil), 66 Description: descriptions["region"], 67 InputDefault: "us-east-1", 68 }, 69 70 "max_retries": { 71 Type: schema.TypeInt, 72 Optional: true, 73 Default: 25, 74 Description: descriptions["max_retries"], 75 }, 76 77 "allowed_account_ids": { 78 Type: schema.TypeSet, 79 Elem: &schema.Schema{Type: schema.TypeString}, 80 Optional: true, 81 ConflictsWith: []string{"forbidden_account_ids"}, 82 Set: schema.HashString, 83 }, 84 85 "forbidden_account_ids": { 86 Type: schema.TypeSet, 87 Elem: &schema.Schema{Type: schema.TypeString}, 88 Optional: true, 89 ConflictsWith: []string{"allowed_account_ids"}, 90 Set: schema.HashString, 91 }, 92 93 "dynamodb_endpoint": { 94 Type: schema.TypeString, 95 Optional: true, 96 Default: "", 97 Description: descriptions["dynamodb_endpoint"], 98 Removed: "Use `dynamodb` inside `endpoints` block instead", 99 }, 100 101 "kinesis_endpoint": { 102 Type: schema.TypeString, 103 Optional: true, 104 Default: "", 105 Description: descriptions["kinesis_endpoint"], 106 Removed: "Use `kinesis` inside `endpoints` block instead", 107 }, 108 109 "endpoints": endpointsSchema(), 110 111 "insecure": { 112 Type: schema.TypeBool, 113 Optional: true, 114 Default: false, 115 Description: descriptions["insecure"], 116 }, 117 118 "skip_credentials_validation": { 119 Type: schema.TypeBool, 120 Optional: true, 121 Default: false, 122 Description: descriptions["skip_credentials_validation"], 123 }, 124 125 "skip_get_ec2_platforms": { 126 Type: schema.TypeBool, 127 Optional: true, 128 Default: false, 129 Description: descriptions["skip_get_ec2_platforms"], 130 }, 131 132 "skip_region_validation": { 133 Type: schema.TypeBool, 134 Optional: true, 135 Default: false, 136 Description: descriptions["skip_region_validation"], 137 }, 138 139 "skip_requesting_account_id": { 140 Type: schema.TypeBool, 141 Optional: true, 142 Default: false, 143 Description: descriptions["skip_requesting_account_id"], 144 }, 145 146 "skip_metadata_api_check": { 147 Type: schema.TypeBool, 148 Optional: true, 149 Default: false, 150 Description: descriptions["skip_metadata_api_check"], 151 }, 152 153 "s3_force_path_style": { 154 Type: schema.TypeBool, 155 Optional: true, 156 Default: false, 157 Description: descriptions["s3_force_path_style"], 158 }, 159 }, 160 161 DataSourcesMap: map[string]*schema.Resource{ 162 "aws_acm_certificate": dataSourceAwsAcmCertificate(), 163 "aws_alb": dataSourceAwsAlb(), 164 "aws_alb_listener": dataSourceAwsAlbListener(), 165 "aws_ami": dataSourceAwsAmi(), 166 "aws_ami_ids": dataSourceAwsAmiIds(), 167 "aws_autoscaling_groups": dataSourceAwsAutoscalingGroups(), 168 "aws_availability_zone": dataSourceAwsAvailabilityZone(), 169 "aws_availability_zones": dataSourceAwsAvailabilityZones(), 170 "aws_billing_service_account": dataSourceAwsBillingServiceAccount(), 171 "aws_caller_identity": dataSourceAwsCallerIdentity(), 172 "aws_canonical_user_id": dataSourceAwsCanonicalUserId(), 173 "aws_cloudformation_stack": dataSourceAwsCloudFormationStack(), 174 "aws_db_instance": dataSourceAwsDbInstance(), 175 "aws_db_snapshot": dataSourceAwsDbSnapshot(), 176 "aws_ebs_snapshot": dataSourceAwsEbsSnapshot(), 177 "aws_ebs_snapshot_ids": dataSourceAwsEbsSnapshotIds(), 178 "aws_ebs_volume": dataSourceAwsEbsVolume(), 179 "aws_ecs_cluster": dataSourceAwsEcsCluster(), 180 "aws_ecs_container_definition": dataSourceAwsEcsContainerDefinition(), 181 "aws_ecs_task_definition": dataSourceAwsEcsTaskDefinition(), 182 "aws_efs_file_system": dataSourceAwsEfsFileSystem(), 183 "aws_eip": dataSourceAwsEip(), 184 "aws_elastic_beanstalk_solution_stack": dataSourceAwsElasticBeanstalkSolutionStack(), 185 "aws_elasticache_cluster": dataSourceAwsElastiCacheCluster(), 186 "aws_elb_hosted_zone_id": dataSourceAwsElbHostedZoneId(), 187 "aws_elb_service_account": dataSourceAwsElbServiceAccount(), 188 "aws_iam_account_alias": dataSourceAwsIamAccountAlias(), 189 "aws_iam_policy_document": dataSourceAwsIamPolicyDocument(), 190 "aws_iam_role": dataSourceAwsIAMRole(), 191 "aws_iam_server_certificate": dataSourceAwsIAMServerCertificate(), 192 "aws_instance": dataSourceAwsInstance(), 193 "aws_ip_ranges": dataSourceAwsIPRanges(), 194 "aws_kinesis_stream": dataSourceAwsKinesisStream(), 195 "aws_kms_alias": dataSourceAwsKmsAlias(), 196 "aws_kms_ciphertext": dataSourceAwsKmsCiphetext(), 197 "aws_kms_secret": dataSourceAwsKmsSecret(), 198 "aws_partition": dataSourceAwsPartition(), 199 "aws_prefix_list": dataSourceAwsPrefixList(), 200 "aws_redshift_service_account": dataSourceAwsRedshiftServiceAccount(), 201 "aws_region": dataSourceAwsRegion(), 202 "aws_route_table": dataSourceAwsRouteTable(), 203 "aws_route53_zone": dataSourceAwsRoute53Zone(), 204 "aws_s3_bucket_object": dataSourceAwsS3BucketObject(), 205 "aws_sns_topic": dataSourceAwsSnsTopic(), 206 "aws_ssm_parameter": dataSourceAwsSsmParameter(), 207 "aws_subnet": dataSourceAwsSubnet(), 208 "aws_subnet_ids": dataSourceAwsSubnetIDs(), 209 "aws_security_group": dataSourceAwsSecurityGroup(), 210 "aws_vpc": dataSourceAwsVpc(), 211 "aws_vpc_endpoint": dataSourceAwsVpcEndpoint(), 212 "aws_vpc_endpoint_service": dataSourceAwsVpcEndpointService(), 213 "aws_vpc_peering_connection": dataSourceAwsVpcPeeringConnection(), 214 "aws_vpn_gateway": dataSourceAwsVpnGateway(), 215 }, 216 217 ResourcesMap: map[string]*schema.Resource{ 218 "aws_alb": resourceAwsAlb(), 219 "aws_alb_listener": resourceAwsAlbListener(), 220 "aws_alb_listener_rule": resourceAwsAlbListenerRule(), 221 "aws_alb_target_group": resourceAwsAlbTargetGroup(), 222 "aws_alb_target_group_attachment": resourceAwsAlbTargetGroupAttachment(), 223 "aws_ami": resourceAwsAmi(), 224 "aws_ami_copy": resourceAwsAmiCopy(), 225 "aws_ami_from_instance": resourceAwsAmiFromInstance(), 226 "aws_ami_launch_permission": resourceAwsAmiLaunchPermission(), 227 "aws_api_gateway_account": resourceAwsApiGatewayAccount(), 228 "aws_api_gateway_api_key": resourceAwsApiGatewayApiKey(), 229 "aws_api_gateway_authorizer": resourceAwsApiGatewayAuthorizer(), 230 "aws_api_gateway_base_path_mapping": resourceAwsApiGatewayBasePathMapping(), 231 "aws_api_gateway_client_certificate": resourceAwsApiGatewayClientCertificate(), 232 "aws_api_gateway_deployment": resourceAwsApiGatewayDeployment(), 233 "aws_api_gateway_domain_name": resourceAwsApiGatewayDomainName(), 234 "aws_api_gateway_integration": resourceAwsApiGatewayIntegration(), 235 "aws_api_gateway_integration_response": resourceAwsApiGatewayIntegrationResponse(), 236 "aws_api_gateway_method": resourceAwsApiGatewayMethod(), 237 "aws_api_gateway_method_response": resourceAwsApiGatewayMethodResponse(), 238 "aws_api_gateway_method_settings": resourceAwsApiGatewayMethodSettings(), 239 "aws_api_gateway_model": resourceAwsApiGatewayModel(), 240 "aws_api_gateway_resource": resourceAwsApiGatewayResource(), 241 "aws_api_gateway_rest_api": resourceAwsApiGatewayRestApi(), 242 "aws_api_gateway_stage": resourceAwsApiGatewayStage(), 243 "aws_api_gateway_usage_plan": resourceAwsApiGatewayUsagePlan(), 244 "aws_api_gateway_usage_plan_key": resourceAwsApiGatewayUsagePlanKey(), 245 "aws_app_cookie_stickiness_policy": resourceAwsAppCookieStickinessPolicy(), 246 "aws_appautoscaling_target": resourceAwsAppautoscalingTarget(), 247 "aws_appautoscaling_policy": resourceAwsAppautoscalingPolicy(), 248 "aws_autoscaling_attachment": resourceAwsAutoscalingAttachment(), 249 "aws_autoscaling_group": resourceAwsAutoscalingGroup(), 250 "aws_autoscaling_notification": resourceAwsAutoscalingNotification(), 251 "aws_autoscaling_policy": resourceAwsAutoscalingPolicy(), 252 "aws_autoscaling_schedule": resourceAwsAutoscalingSchedule(), 253 "aws_cloudformation_stack": resourceAwsCloudFormationStack(), 254 "aws_cloudfront_distribution": resourceAwsCloudFrontDistribution(), 255 "aws_cloudfront_origin_access_identity": resourceAwsCloudFrontOriginAccessIdentity(), 256 "aws_cloudtrail": resourceAwsCloudTrail(), 257 "aws_cloudwatch_event_rule": resourceAwsCloudWatchEventRule(), 258 "aws_cloudwatch_event_target": resourceAwsCloudWatchEventTarget(), 259 "aws_cloudwatch_log_destination": resourceAwsCloudWatchLogDestination(), 260 "aws_cloudwatch_log_destination_policy": resourceAwsCloudWatchLogDestinationPolicy(), 261 "aws_cloudwatch_log_group": resourceAwsCloudWatchLogGroup(), 262 "aws_cloudwatch_log_metric_filter": resourceAwsCloudWatchLogMetricFilter(), 263 "aws_cloudwatch_log_stream": resourceAwsCloudWatchLogStream(), 264 "aws_cloudwatch_log_subscription_filter": resourceAwsCloudwatchLogSubscriptionFilter(), 265 "aws_config_config_rule": resourceAwsConfigConfigRule(), 266 "aws_config_configuration_recorder": resourceAwsConfigConfigurationRecorder(), 267 "aws_config_configuration_recorder_status": resourceAwsConfigConfigurationRecorderStatus(), 268 "aws_config_delivery_channel": resourceAwsConfigDeliveryChannel(), 269 "aws_cognito_identity_pool": resourceAwsCognitoIdentityPool(), 270 "aws_autoscaling_lifecycle_hook": resourceAwsAutoscalingLifecycleHook(), 271 "aws_cloudwatch_metric_alarm": resourceAwsCloudWatchMetricAlarm(), 272 "aws_codedeploy_app": resourceAwsCodeDeployApp(), 273 "aws_codedeploy_deployment_config": resourceAwsCodeDeployDeploymentConfig(), 274 "aws_codedeploy_deployment_group": resourceAwsCodeDeployDeploymentGroup(), 275 "aws_codecommit_repository": resourceAwsCodeCommitRepository(), 276 "aws_codecommit_trigger": resourceAwsCodeCommitTrigger(), 277 "aws_codebuild_project": resourceAwsCodeBuildProject(), 278 "aws_codepipeline": resourceAwsCodePipeline(), 279 "aws_customer_gateway": resourceAwsCustomerGateway(), 280 "aws_db_event_subscription": resourceAwsDbEventSubscription(), 281 "aws_db_instance": resourceAwsDbInstance(), 282 "aws_db_option_group": resourceAwsDbOptionGroup(), 283 "aws_db_parameter_group": resourceAwsDbParameterGroup(), 284 "aws_db_security_group": resourceAwsDbSecurityGroup(), 285 "aws_db_snapshot": resourceAwsDbSnapshot(), 286 "aws_db_subnet_group": resourceAwsDbSubnetGroup(), 287 "aws_devicefarm_project": resourceAwsDevicefarmProject(), 288 "aws_directory_service_directory": resourceAwsDirectoryServiceDirectory(), 289 "aws_dms_certificate": resourceAwsDmsCertificate(), 290 "aws_dms_endpoint": resourceAwsDmsEndpoint(), 291 "aws_dms_replication_instance": resourceAwsDmsReplicationInstance(), 292 "aws_dms_replication_subnet_group": resourceAwsDmsReplicationSubnetGroup(), 293 "aws_dms_replication_task": resourceAwsDmsReplicationTask(), 294 "aws_dynamodb_table": resourceAwsDynamoDbTable(), 295 "aws_ebs_snapshot": resourceAwsEbsSnapshot(), 296 "aws_ebs_volume": resourceAwsEbsVolume(), 297 "aws_ecr_repository": resourceAwsEcrRepository(), 298 "aws_ecr_repository_policy": resourceAwsEcrRepositoryPolicy(), 299 "aws_ecs_cluster": resourceAwsEcsCluster(), 300 "aws_ecs_service": resourceAwsEcsService(), 301 "aws_ecs_task_definition": resourceAwsEcsTaskDefinition(), 302 "aws_efs_file_system": resourceAwsEfsFileSystem(), 303 "aws_efs_mount_target": resourceAwsEfsMountTarget(), 304 "aws_egress_only_internet_gateway": resourceAwsEgressOnlyInternetGateway(), 305 "aws_eip": resourceAwsEip(), 306 "aws_eip_association": resourceAwsEipAssociation(), 307 "aws_elasticache_cluster": resourceAwsElasticacheCluster(), 308 "aws_elasticache_parameter_group": resourceAwsElasticacheParameterGroup(), 309 "aws_elasticache_replication_group": resourceAwsElasticacheReplicationGroup(), 310 "aws_elasticache_security_group": resourceAwsElasticacheSecurityGroup(), 311 "aws_elasticache_subnet_group": resourceAwsElasticacheSubnetGroup(), 312 "aws_elastic_beanstalk_application": resourceAwsElasticBeanstalkApplication(), 313 "aws_elastic_beanstalk_application_version": resourceAwsElasticBeanstalkApplicationVersion(), 314 "aws_elastic_beanstalk_configuration_template": resourceAwsElasticBeanstalkConfigurationTemplate(), 315 "aws_elastic_beanstalk_environment": resourceAwsElasticBeanstalkEnvironment(), 316 "aws_elasticsearch_domain": resourceAwsElasticSearchDomain(), 317 "aws_elasticsearch_domain_policy": resourceAwsElasticSearchDomainPolicy(), 318 "aws_elastictranscoder_pipeline": resourceAwsElasticTranscoderPipeline(), 319 "aws_elastictranscoder_preset": resourceAwsElasticTranscoderPreset(), 320 "aws_elb": resourceAwsElb(), 321 "aws_elb_attachment": resourceAwsElbAttachment(), 322 "aws_emr_cluster": resourceAwsEMRCluster(), 323 "aws_emr_instance_group": resourceAwsEMRInstanceGroup(), 324 "aws_emr_security_configuration": resourceAwsEMRSecurityConfiguration(), 325 "aws_flow_log": resourceAwsFlowLog(), 326 "aws_glacier_vault": resourceAwsGlacierVault(), 327 "aws_iam_access_key": resourceAwsIamAccessKey(), 328 "aws_iam_account_alias": resourceAwsIamAccountAlias(), 329 "aws_iam_account_password_policy": resourceAwsIamAccountPasswordPolicy(), 330 "aws_iam_group_policy": resourceAwsIamGroupPolicy(), 331 "aws_iam_group": resourceAwsIamGroup(), 332 "aws_iam_group_membership": resourceAwsIamGroupMembership(), 333 "aws_iam_group_policy_attachment": resourceAwsIamGroupPolicyAttachment(), 334 "aws_iam_instance_profile": resourceAwsIamInstanceProfile(), 335 "aws_iam_openid_connect_provider": resourceAwsIamOpenIDConnectProvider(), 336 "aws_iam_policy": resourceAwsIamPolicy(), 337 "aws_iam_policy_attachment": resourceAwsIamPolicyAttachment(), 338 "aws_iam_role_policy_attachment": resourceAwsIamRolePolicyAttachment(), 339 "aws_iam_role_policy": resourceAwsIamRolePolicy(), 340 "aws_iam_role": resourceAwsIamRole(), 341 "aws_iam_saml_provider": resourceAwsIamSamlProvider(), 342 "aws_iam_server_certificate": resourceAwsIAMServerCertificate(), 343 "aws_iam_user_policy_attachment": resourceAwsIamUserPolicyAttachment(), 344 "aws_iam_user_policy": resourceAwsIamUserPolicy(), 345 "aws_iam_user_ssh_key": resourceAwsIamUserSshKey(), 346 "aws_iam_user": resourceAwsIamUser(), 347 "aws_iam_user_login_profile": resourceAwsIamUserLoginProfile(), 348 "aws_inspector_assessment_target": resourceAWSInspectorAssessmentTarget(), 349 "aws_inspector_assessment_template": resourceAWSInspectorAssessmentTemplate(), 350 "aws_inspector_resource_group": resourceAWSInspectorResourceGroup(), 351 "aws_instance": resourceAwsInstance(), 352 "aws_internet_gateway": resourceAwsInternetGateway(), 353 "aws_key_pair": resourceAwsKeyPair(), 354 "aws_kinesis_firehose_delivery_stream": resourceAwsKinesisFirehoseDeliveryStream(), 355 "aws_kinesis_stream": resourceAwsKinesisStream(), 356 "aws_kms_alias": resourceAwsKmsAlias(), 357 "aws_kms_key": resourceAwsKmsKey(), 358 "aws_lambda_function": resourceAwsLambdaFunction(), 359 "aws_lambda_event_source_mapping": resourceAwsLambdaEventSourceMapping(), 360 "aws_lambda_alias": resourceAwsLambdaAlias(), 361 "aws_lambda_permission": resourceAwsLambdaPermission(), 362 "aws_launch_configuration": resourceAwsLaunchConfiguration(), 363 "aws_lightsail_domain": resourceAwsLightsailDomain(), 364 "aws_lightsail_instance": resourceAwsLightsailInstance(), 365 "aws_lightsail_key_pair": resourceAwsLightsailKeyPair(), 366 "aws_lightsail_static_ip": resourceAwsLightsailStaticIp(), 367 "aws_lightsail_static_ip_attachment": resourceAwsLightsailStaticIpAttachment(), 368 "aws_lb_cookie_stickiness_policy": resourceAwsLBCookieStickinessPolicy(), 369 "aws_load_balancer_policy": resourceAwsLoadBalancerPolicy(), 370 "aws_load_balancer_backend_server_policy": resourceAwsLoadBalancerBackendServerPolicies(), 371 "aws_load_balancer_listener_policy": resourceAwsLoadBalancerListenerPolicies(), 372 "aws_lb_ssl_negotiation_policy": resourceAwsLBSSLNegotiationPolicy(), 373 "aws_main_route_table_association": resourceAwsMainRouteTableAssociation(), 374 "aws_nat_gateway": resourceAwsNatGateway(), 375 "aws_network_acl": resourceAwsNetworkAcl(), 376 "aws_default_network_acl": resourceAwsDefaultNetworkAcl(), 377 "aws_network_acl_rule": resourceAwsNetworkAclRule(), 378 "aws_network_interface": resourceAwsNetworkInterface(), 379 "aws_network_interface_attachment": resourceAwsNetworkInterfaceAttachment(), 380 "aws_opsworks_application": resourceAwsOpsworksApplication(), 381 "aws_opsworks_stack": resourceAwsOpsworksStack(), 382 "aws_opsworks_java_app_layer": resourceAwsOpsworksJavaAppLayer(), 383 "aws_opsworks_haproxy_layer": resourceAwsOpsworksHaproxyLayer(), 384 "aws_opsworks_static_web_layer": resourceAwsOpsworksStaticWebLayer(), 385 "aws_opsworks_php_app_layer": resourceAwsOpsworksPhpAppLayer(), 386 "aws_opsworks_rails_app_layer": resourceAwsOpsworksRailsAppLayer(), 387 "aws_opsworks_nodejs_app_layer": resourceAwsOpsworksNodejsAppLayer(), 388 "aws_opsworks_memcached_layer": resourceAwsOpsworksMemcachedLayer(), 389 "aws_opsworks_mysql_layer": resourceAwsOpsworksMysqlLayer(), 390 "aws_opsworks_ganglia_layer": resourceAwsOpsworksGangliaLayer(), 391 "aws_opsworks_custom_layer": resourceAwsOpsworksCustomLayer(), 392 "aws_opsworks_instance": resourceAwsOpsworksInstance(), 393 "aws_opsworks_user_profile": resourceAwsOpsworksUserProfile(), 394 "aws_opsworks_permission": resourceAwsOpsworksPermission(), 395 "aws_opsworks_rds_db_instance": resourceAwsOpsworksRdsDbInstance(), 396 "aws_placement_group": resourceAwsPlacementGroup(), 397 "aws_proxy_protocol_policy": resourceAwsProxyProtocolPolicy(), 398 "aws_rds_cluster": resourceAwsRDSCluster(), 399 "aws_rds_cluster_instance": resourceAwsRDSClusterInstance(), 400 "aws_rds_cluster_parameter_group": resourceAwsRDSClusterParameterGroup(), 401 "aws_redshift_cluster": resourceAwsRedshiftCluster(), 402 "aws_redshift_security_group": resourceAwsRedshiftSecurityGroup(), 403 "aws_redshift_parameter_group": resourceAwsRedshiftParameterGroup(), 404 "aws_redshift_subnet_group": resourceAwsRedshiftSubnetGroup(), 405 "aws_route53_delegation_set": resourceAwsRoute53DelegationSet(), 406 "aws_route53_record": resourceAwsRoute53Record(), 407 "aws_route53_zone_association": resourceAwsRoute53ZoneAssociation(), 408 "aws_route53_zone": resourceAwsRoute53Zone(), 409 "aws_route53_health_check": resourceAwsRoute53HealthCheck(), 410 "aws_route": resourceAwsRoute(), 411 "aws_route_table": resourceAwsRouteTable(), 412 "aws_default_route_table": resourceAwsDefaultRouteTable(), 413 "aws_route_table_association": resourceAwsRouteTableAssociation(), 414 "aws_ses_active_receipt_rule_set": resourceAwsSesActiveReceiptRuleSet(), 415 "aws_ses_domain_identity": resourceAwsSesDomainIdentity(), 416 "aws_ses_receipt_filter": resourceAwsSesReceiptFilter(), 417 "aws_ses_receipt_rule": resourceAwsSesReceiptRule(), 418 "aws_ses_receipt_rule_set": resourceAwsSesReceiptRuleSet(), 419 "aws_ses_configuration_set": resourceAwsSesConfigurationSet(), 420 "aws_ses_event_destination": resourceAwsSesEventDestination(), 421 "aws_s3_bucket": resourceAwsS3Bucket(), 422 "aws_s3_bucket_policy": resourceAwsS3BucketPolicy(), 423 "aws_s3_bucket_object": resourceAwsS3BucketObject(), 424 "aws_s3_bucket_notification": resourceAwsS3BucketNotification(), 425 "aws_security_group": resourceAwsSecurityGroup(), 426 "aws_default_security_group": resourceAwsDefaultSecurityGroup(), 427 "aws_security_group_rule": resourceAwsSecurityGroupRule(), 428 "aws_simpledb_domain": resourceAwsSimpleDBDomain(), 429 "aws_ssm_activation": resourceAwsSsmActivation(), 430 "aws_ssm_association": resourceAwsSsmAssociation(), 431 "aws_ssm_document": resourceAwsSsmDocument(), 432 "aws_ssm_maintenance_window": resourceAwsSsmMaintenanceWindow(), 433 "aws_ssm_maintenance_window_target": resourceAwsSsmMaintenanceWindowTarget(), 434 "aws_ssm_maintenance_window_task": resourceAwsSsmMaintenanceWindowTask(), 435 "aws_ssm_patch_baseline": resourceAwsSsmPatchBaseline(), 436 "aws_ssm_patch_group": resourceAwsSsmPatchGroup(), 437 "aws_ssm_parameter": resourceAwsSsmParameter(), 438 "aws_spot_datafeed_subscription": resourceAwsSpotDataFeedSubscription(), 439 "aws_spot_instance_request": resourceAwsSpotInstanceRequest(), 440 "aws_spot_fleet_request": resourceAwsSpotFleetRequest(), 441 "aws_sqs_queue": resourceAwsSqsQueue(), 442 "aws_sqs_queue_policy": resourceAwsSqsQueuePolicy(), 443 "aws_snapshot_create_volume_permission": resourceAwsSnapshotCreateVolumePermission(), 444 "aws_sns_topic": resourceAwsSnsTopic(), 445 "aws_sns_topic_policy": resourceAwsSnsTopicPolicy(), 446 "aws_sns_topic_subscription": resourceAwsSnsTopicSubscription(), 447 "aws_sfn_activity": resourceAwsSfnActivity(), 448 "aws_sfn_state_machine": resourceAwsSfnStateMachine(), 449 "aws_default_subnet": resourceAwsDefaultSubnet(), 450 "aws_subnet": resourceAwsSubnet(), 451 "aws_volume_attachment": resourceAwsVolumeAttachment(), 452 "aws_vpc_dhcp_options_association": resourceAwsVpcDhcpOptionsAssociation(), 453 "aws_default_vpc_dhcp_options": resourceAwsDefaultVpcDhcpOptions(), 454 "aws_vpc_dhcp_options": resourceAwsVpcDhcpOptions(), 455 "aws_vpc_peering_connection": resourceAwsVpcPeeringConnection(), 456 "aws_vpc_peering_connection_accepter": resourceAwsVpcPeeringConnectionAccepter(), 457 "aws_default_vpc": resourceAwsDefaultVpc(), 458 "aws_vpc": resourceAwsVpc(), 459 "aws_vpc_endpoint": resourceAwsVpcEndpoint(), 460 "aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(), 461 "aws_vpn_connection": resourceAwsVpnConnection(), 462 "aws_vpn_connection_route": resourceAwsVpnConnectionRoute(), 463 "aws_vpn_gateway": resourceAwsVpnGateway(), 464 "aws_vpn_gateway_attachment": resourceAwsVpnGatewayAttachment(), 465 "aws_waf_byte_match_set": resourceAwsWafByteMatchSet(), 466 "aws_waf_ipset": resourceAwsWafIPSet(), 467 "aws_waf_rule": resourceAwsWafRule(), 468 "aws_waf_size_constraint_set": resourceAwsWafSizeConstraintSet(), 469 "aws_waf_web_acl": resourceAwsWafWebAcl(), 470 "aws_waf_xss_match_set": resourceAwsWafXssMatchSet(), 471 "aws_waf_sql_injection_match_set": resourceAwsWafSqlInjectionMatchSet(), 472 "aws_wafregional_byte_match_set": resourceAwsWafRegionalByteMatchSet(), 473 "aws_wafregional_ipset": resourceAwsWafRegionalIPSet(), 474 }, 475 ConfigureFunc: providerConfigure, 476 } 477 } 478 479 var descriptions map[string]string 480 481 func init() { 482 descriptions = map[string]string{ 483 "region": "The region where AWS operations will take place. Examples\n" + 484 "are us-east-1, us-west-2, etc.", 485 486 "access_key": "The access key for API operations. You can retrieve this\n" + 487 "from the 'Security & Credentials' section of the AWS console.", 488 489 "secret_key": "The secret key for API operations. You can retrieve this\n" + 490 "from the 'Security & Credentials' section of the AWS console.", 491 492 "profile": "The profile for API operations. If not set, the default profile\n" + 493 "created with `aws configure` will be used.", 494 495 "shared_credentials_file": "The path to the shared credentials file. If not set\n" + 496 "this defaults to ~/.aws/credentials.", 497 498 "token": "session token. A session token is only required if you are\n" + 499 "using temporary security credentials.", 500 501 "max_retries": "The maximum number of times an AWS API request is\n" + 502 "being executed. If the API request still fails, an error is\n" + 503 "thrown.", 504 505 "cloudformation_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 506 507 "cloudwatch_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 508 509 "cloudwatchevents_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 510 511 "cloudwatchlogs_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 512 513 "devicefarm_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 514 515 "dynamodb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + 516 "It's typically used to connect to dynamodb-local.", 517 518 "kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + 519 "It's typically used to connect to kinesalite.", 520 521 "kms_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 522 523 "iam_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 524 525 "ec2_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 526 527 "elb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 528 529 "rds_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 530 531 "s3_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 532 533 "sns_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 534 535 "sqs_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 536 537 "insecure": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," + 538 "default value is `false`", 539 540 "skip_credentials_validation": "Skip the credentials validation via STS API. " + 541 "Used for AWS API implementations that do not have STS available/implemented.", 542 543 "skip_get_ec2_platforms": "Skip getting the supported EC2 platforms. " + 544 "Used by users that don't have ec2:DescribeAccountAttributes permissions.", 545 546 "skip_region_validation": "Skip static validation of region name. " + 547 "Used by users of alternative AWS-like APIs or users w/ access to regions that are not public (yet).", 548 549 "skip_requesting_account_id": "Skip requesting the account ID. " + 550 "Used for AWS API implementations that do not have IAM/STS API and/or metadata API.", 551 552 "skip_medatadata_api_check": "Skip the AWS Metadata API check. " + 553 "Used for AWS API implementations that do not have a metadata api endpoint.", 554 555 "s3_force_path_style": "Set this to true to force the request to use path-style addressing,\n" + 556 "i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\n" + 557 "use virtual hosted bucket addressing when possible\n" + 558 "(http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.", 559 560 "assume_role_role_arn": "The ARN of an IAM role to assume prior to making API calls.", 561 562 "assume_role_session_name": "The session name to use when assuming the role. If omitted," + 563 " no session name is passed to the AssumeRole call.", 564 565 "assume_role_external_id": "The external ID to use when assuming the role. If omitted," + 566 " no external ID is passed to the AssumeRole call.", 567 568 "assume_role_policy": "The permissions applied when assuming a role. You cannot use," + 569 " this policy to grant further permissions that are in excess to those of the, " + 570 " role that is being assumed.", 571 } 572 } 573 574 func providerConfigure(d *schema.ResourceData) (interface{}, error) { 575 config := Config{ 576 AccessKey: d.Get("access_key").(string), 577 SecretKey: d.Get("secret_key").(string), 578 Profile: d.Get("profile").(string), 579 CredsFilename: d.Get("shared_credentials_file").(string), 580 Token: d.Get("token").(string), 581 Region: d.Get("region").(string), 582 MaxRetries: d.Get("max_retries").(int), 583 Insecure: d.Get("insecure").(bool), 584 SkipCredsValidation: d.Get("skip_credentials_validation").(bool), 585 SkipGetEC2Platforms: d.Get("skip_get_ec2_platforms").(bool), 586 SkipRegionValidation: d.Get("skip_region_validation").(bool), 587 SkipRequestingAccountId: d.Get("skip_requesting_account_id").(bool), 588 SkipMetadataApiCheck: d.Get("skip_metadata_api_check").(bool), 589 S3ForcePathStyle: d.Get("s3_force_path_style").(bool), 590 } 591 592 assumeRoleList := d.Get("assume_role").(*schema.Set).List() 593 if len(assumeRoleList) == 1 { 594 assumeRole := assumeRoleList[0].(map[string]interface{}) 595 config.AssumeRoleARN = assumeRole["role_arn"].(string) 596 config.AssumeRoleSessionName = assumeRole["session_name"].(string) 597 config.AssumeRoleExternalID = assumeRole["external_id"].(string) 598 599 if v := assumeRole["policy"].(string); v != "" { 600 config.AssumeRolePolicy = v 601 } 602 603 log.Printf("[INFO] assume_role configuration set: (ARN: %q, SessionID: %q, ExternalID: %q, Policy: %q)", 604 config.AssumeRoleARN, config.AssumeRoleSessionName, config.AssumeRoleExternalID, config.AssumeRolePolicy) 605 } else { 606 log.Printf("[INFO] No assume_role block read from configuration") 607 } 608 609 endpointsSet := d.Get("endpoints").(*schema.Set) 610 611 for _, endpointsSetI := range endpointsSet.List() { 612 endpoints := endpointsSetI.(map[string]interface{}) 613 config.CloudFormationEndpoint = endpoints["cloudformation"].(string) 614 config.CloudWatchEndpoint = endpoints["cloudwatch"].(string) 615 config.CloudWatchEventsEndpoint = endpoints["cloudwatchevents"].(string) 616 config.CloudWatchLogsEndpoint = endpoints["cloudwatchlogs"].(string) 617 config.DeviceFarmEndpoint = endpoints["devicefarm"].(string) 618 config.DynamoDBEndpoint = endpoints["dynamodb"].(string) 619 config.Ec2Endpoint = endpoints["ec2"].(string) 620 config.ElbEndpoint = endpoints["elb"].(string) 621 config.IamEndpoint = endpoints["iam"].(string) 622 config.KinesisEndpoint = endpoints["kinesis"].(string) 623 config.KmsEndpoint = endpoints["kms"].(string) 624 config.RdsEndpoint = endpoints["rds"].(string) 625 config.S3Endpoint = endpoints["s3"].(string) 626 config.SnsEndpoint = endpoints["sns"].(string) 627 config.SqsEndpoint = endpoints["sqs"].(string) 628 } 629 630 if v, ok := d.GetOk("allowed_account_ids"); ok { 631 config.AllowedAccountIds = v.(*schema.Set).List() 632 } 633 634 if v, ok := d.GetOk("forbidden_account_ids"); ok { 635 config.ForbiddenAccountIds = v.(*schema.Set).List() 636 } 637 638 return config.Client() 639 } 640 641 // This is a global MutexKV for use within this plugin. 642 var awsMutexKV = mutexkv.NewMutexKV() 643 644 func assumeRoleSchema() *schema.Schema { 645 return &schema.Schema{ 646 Type: schema.TypeSet, 647 Optional: true, 648 MaxItems: 1, 649 Elem: &schema.Resource{ 650 Schema: map[string]*schema.Schema{ 651 "role_arn": { 652 Type: schema.TypeString, 653 Optional: true, 654 Description: descriptions["assume_role_role_arn"], 655 }, 656 657 "session_name": { 658 Type: schema.TypeString, 659 Optional: true, 660 Description: descriptions["assume_role_session_name"], 661 }, 662 663 "external_id": { 664 Type: schema.TypeString, 665 Optional: true, 666 Description: descriptions["assume_role_external_id"], 667 }, 668 669 "policy": { 670 Type: schema.TypeString, 671 Optional: true, 672 Description: descriptions["assume_role_policy"], 673 }, 674 }, 675 }, 676 Set: assumeRoleToHash, 677 } 678 } 679 680 func assumeRoleToHash(v interface{}) int { 681 var buf bytes.Buffer 682 m := v.(map[string]interface{}) 683 buf.WriteString(fmt.Sprintf("%s-", m["role_arn"].(string))) 684 buf.WriteString(fmt.Sprintf("%s-", m["session_name"].(string))) 685 buf.WriteString(fmt.Sprintf("%s-", m["external_id"].(string))) 686 buf.WriteString(fmt.Sprintf("%s-", m["policy"].(string))) 687 return hashcode.String(buf.String()) 688 } 689 690 func endpointsSchema() *schema.Schema { 691 return &schema.Schema{ 692 Type: schema.TypeSet, 693 Optional: true, 694 Elem: &schema.Resource{ 695 Schema: map[string]*schema.Schema{ 696 "cloudwatch": { 697 Type: schema.TypeString, 698 Optional: true, 699 Default: "", 700 Description: descriptions["cloudwatch_endpoint"], 701 }, 702 "cloudwatchevents": { 703 Type: schema.TypeString, 704 Optional: true, 705 Default: "", 706 Description: descriptions["cloudwatchevents_endpoint"], 707 }, 708 "cloudwatchlogs": { 709 Type: schema.TypeString, 710 Optional: true, 711 Default: "", 712 Description: descriptions["cloudwatchlogs_endpoint"], 713 }, 714 "cloudformation": { 715 Type: schema.TypeString, 716 Optional: true, 717 Default: "", 718 Description: descriptions["cloudformation_endpoint"], 719 }, 720 "devicefarm": { 721 Type: schema.TypeString, 722 Optional: true, 723 Default: "", 724 Description: descriptions["devicefarm_endpoint"], 725 }, 726 "dynamodb": { 727 Type: schema.TypeString, 728 Optional: true, 729 Default: "", 730 Description: descriptions["dynamodb_endpoint"], 731 }, 732 "iam": { 733 Type: schema.TypeString, 734 Optional: true, 735 Default: "", 736 Description: descriptions["iam_endpoint"], 737 }, 738 739 "ec2": { 740 Type: schema.TypeString, 741 Optional: true, 742 Default: "", 743 Description: descriptions["ec2_endpoint"], 744 }, 745 746 "elb": { 747 Type: schema.TypeString, 748 Optional: true, 749 Default: "", 750 Description: descriptions["elb_endpoint"], 751 }, 752 "kinesis": { 753 Type: schema.TypeString, 754 Optional: true, 755 Default: "", 756 Description: descriptions["kinesis_endpoint"], 757 }, 758 "kms": { 759 Type: schema.TypeString, 760 Optional: true, 761 Default: "", 762 Description: descriptions["kms_endpoint"], 763 }, 764 "rds": { 765 Type: schema.TypeString, 766 Optional: true, 767 Default: "", 768 Description: descriptions["rds_endpoint"], 769 }, 770 "s3": { 771 Type: schema.TypeString, 772 Optional: true, 773 Default: "", 774 Description: descriptions["s3_endpoint"], 775 }, 776 "sns": { 777 Type: schema.TypeString, 778 Optional: true, 779 Default: "", 780 Description: descriptions["sns_endpoint"], 781 }, 782 "sqs": { 783 Type: schema.TypeString, 784 Optional: true, 785 Default: "", 786 Description: descriptions["sqs_endpoint"], 787 }, 788 }, 789 }, 790 Set: endpointsToHash, 791 } 792 } 793 794 func endpointsToHash(v interface{}) int { 795 var buf bytes.Buffer 796 m := v.(map[string]interface{}) 797 buf.WriteString(fmt.Sprintf("%s-", m["cloudwatch"].(string))) 798 buf.WriteString(fmt.Sprintf("%s-", m["cloudwatchevents"].(string))) 799 buf.WriteString(fmt.Sprintf("%s-", m["cloudwatchlogs"].(string))) 800 buf.WriteString(fmt.Sprintf("%s-", m["cloudformation"].(string))) 801 buf.WriteString(fmt.Sprintf("%s-", m["devicefarm"].(string))) 802 buf.WriteString(fmt.Sprintf("%s-", m["dynamodb"].(string))) 803 buf.WriteString(fmt.Sprintf("%s-", m["iam"].(string))) 804 buf.WriteString(fmt.Sprintf("%s-", m["ec2"].(string))) 805 buf.WriteString(fmt.Sprintf("%s-", m["elb"].(string))) 806 buf.WriteString(fmt.Sprintf("%s-", m["kinesis"].(string))) 807 buf.WriteString(fmt.Sprintf("%s-", m["kms"].(string))) 808 buf.WriteString(fmt.Sprintf("%s-", m["rds"].(string))) 809 buf.WriteString(fmt.Sprintf("%s-", m["s3"].(string))) 810 buf.WriteString(fmt.Sprintf("%s-", m["sns"].(string))) 811 buf.WriteString(fmt.Sprintf("%s-", m["sqs"].(string))) 812 813 return hashcode.String(buf.String()) 814 }