github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_flow_log.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  	"strings"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/service/ec2"
    10  	"github.com/hashicorp/terraform/helper/schema"
    11  )
    12  
    13  func resourceAwsFlowLog() *schema.Resource {
    14  	return &schema.Resource{
    15  		Create: resourceAwsLogFlowCreate,
    16  		Read:   resourceAwsLogFlowRead,
    17  		Delete: resourceAwsLogFlowDelete,
    18  		Importer: &schema.ResourceImporter{
    19  			State: schema.ImportStatePassthrough,
    20  		},
    21  
    22  		Schema: map[string]*schema.Schema{
    23  			"iam_role_arn": &schema.Schema{
    24  				Type:     schema.TypeString,
    25  				Required: true,
    26  				ForceNew: true,
    27  			},
    28  
    29  			"log_group_name": &schema.Schema{
    30  				Type:     schema.TypeString,
    31  				Required: true,
    32  				ForceNew: true,
    33  			},
    34  
    35  			"vpc_id": &schema.Schema{
    36  				Type:          schema.TypeString,
    37  				Optional:      true,
    38  				ForceNew:      true,
    39  				ConflictsWith: []string{"subnet_id", "eni_id"},
    40  			},
    41  
    42  			"subnet_id": &schema.Schema{
    43  				Type:          schema.TypeString,
    44  				Optional:      true,
    45  				ForceNew:      true,
    46  				ConflictsWith: []string{"eni_id", "vpc_id"},
    47  			},
    48  
    49  			"eni_id": &schema.Schema{
    50  				Type:          schema.TypeString,
    51  				Optional:      true,
    52  				ForceNew:      true,
    53  				ConflictsWith: []string{"subnet_id", "vpc_id"},
    54  			},
    55  
    56  			"traffic_type": &schema.Schema{
    57  				Type:     schema.TypeString,
    58  				Required: true,
    59  				ForceNew: true,
    60  			},
    61  		},
    62  	}
    63  }
    64  
    65  func resourceAwsLogFlowCreate(d *schema.ResourceData, meta interface{}) error {
    66  	conn := meta.(*AWSClient).ec2conn
    67  
    68  	types := []struct {
    69  		ID   string
    70  		Type string
    71  	}{
    72  		{ID: d.Get("vpc_id").(string), Type: "VPC"},
    73  		{ID: d.Get("subnet_id").(string), Type: "Subnet"},
    74  		{ID: d.Get("eni_id").(string), Type: "NetworkInterface"},
    75  	}
    76  
    77  	var resourceId string
    78  	var resourceType string
    79  	for _, t := range types {
    80  		if t.ID != "" {
    81  			resourceId = t.ID
    82  			resourceType = t.Type
    83  			break
    84  		}
    85  	}
    86  
    87  	if resourceId == "" || resourceType == "" {
    88  		return fmt.Errorf("Error: Flow Logs require either a VPC, Subnet, or ENI ID")
    89  	}
    90  
    91  	opts := &ec2.CreateFlowLogsInput{
    92  		DeliverLogsPermissionArn: aws.String(d.Get("iam_role_arn").(string)),
    93  		LogGroupName:             aws.String(d.Get("log_group_name").(string)),
    94  		ResourceIds:              []*string{aws.String(resourceId)},
    95  		ResourceType:             aws.String(resourceType),
    96  		TrafficType:              aws.String(d.Get("traffic_type").(string)),
    97  	}
    98  
    99  	log.Printf(
   100  		"[DEBUG] Flow Log Create configuration: %s", opts)
   101  	resp, err := conn.CreateFlowLogs(opts)
   102  	if err != nil {
   103  		return fmt.Errorf("Error creating Flow Log for (%s), error: %s", resourceId, err)
   104  	}
   105  
   106  	if len(resp.FlowLogIds) > 1 {
   107  		return fmt.Errorf("Error: multiple Flow Logs created for (%s)", resourceId)
   108  	}
   109  
   110  	d.SetId(*resp.FlowLogIds[0])
   111  
   112  	return resourceAwsLogFlowRead(d, meta)
   113  }
   114  
   115  func resourceAwsLogFlowRead(d *schema.ResourceData, meta interface{}) error {
   116  	conn := meta.(*AWSClient).ec2conn
   117  
   118  	opts := &ec2.DescribeFlowLogsInput{
   119  		FlowLogIds: []*string{aws.String(d.Id())},
   120  	}
   121  
   122  	resp, err := conn.DescribeFlowLogs(opts)
   123  	if err != nil {
   124  		log.Printf("[WARN] Error describing Flow Logs for id (%s)", d.Id())
   125  		d.SetId("")
   126  		return nil
   127  	}
   128  
   129  	if len(resp.FlowLogs) == 0 {
   130  		log.Printf("[WARN] No Flow Logs found for id (%s)", d.Id())
   131  		d.SetId("")
   132  		return nil
   133  	}
   134  
   135  	fl := resp.FlowLogs[0]
   136  	d.Set("traffic_type", fl.TrafficType)
   137  	d.Set("log_group_name", fl.LogGroupName)
   138  	d.Set("iam_role_arn", fl.DeliverLogsPermissionArn)
   139  
   140  	var resourceKey string
   141  	if strings.HasPrefix(*fl.ResourceId, "vpc-") {
   142  		resourceKey = "vpc_id"
   143  	} else if strings.HasPrefix(*fl.ResourceId, "subnet-") {
   144  		resourceKey = "subnet_id"
   145  	} else if strings.HasPrefix(*fl.ResourceId, "eni-") {
   146  		resourceKey = "eni_id"
   147  	}
   148  	if resourceKey != "" {
   149  		d.Set(resourceKey, fl.ResourceId)
   150  	}
   151  
   152  	return nil
   153  }
   154  
   155  func resourceAwsLogFlowDelete(d *schema.ResourceData, meta interface{}) error {
   156  	conn := meta.(*AWSClient).ec2conn
   157  
   158  	log.Printf(
   159  		"[DEBUG] Flow Log Destroy: %s", d.Id())
   160  	_, err := conn.DeleteFlowLogs(&ec2.DeleteFlowLogsInput{
   161  		FlowLogIds: []*string{aws.String(d.Id())},
   162  	})
   163  
   164  	if err != nil {
   165  		return fmt.Errorf("[WARN] Error deleting Flow Log with ID (%s), error: %s", d.Id(), err)
   166  	}
   167  
   168  	return nil
   169  }