func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
p := meta.(*ResourceProvider)
ec2conn := p.ec2conn
securityGroupOpts := ec2.SecurityGroup{
Name: d.Get("name").(string),
}
if v := d.Get("vpc_id"); v != nil {
securityGroupOpts.VpcId = v.(string)
}
if v := d.Get("description"); v != nil {
securityGroupOpts.Description = v.(string)
}
log.Printf(
"[DEBUG] Security Group create configuration: %#v", securityGroupOpts)
createResp, err := ec2conn.CreateSecurityGroup(securityGroupOpts)
if err != nil {
return fmt.Errorf("Error creating Security Group: %s", err)
}
d.SetId(createResp.Id)
group := createResp.SecurityGroup
log.Printf("[INFO] Security Group ID: %s", d.Id())
// Wait for the security group to truly exist
log.Printf(
"[DEBUG] Waiting for Security Group (%s) to exist",
d.Id())
stateConf := &resource.StateChangeConf{
Pending: []string{""},
Target: "exists",
Refresh: SGStateRefreshFunc(ec2conn, d.Id()),
Timeout: 1 * time.Minute,
}
if _, err := stateConf.WaitForState(); err != nil {
return fmt.Errorf(
"Error waiting for Security Group (%s) to become available: %s",
d.Id(), err)
}
// Expand the "ingress" array to goamz compat []ec2.IPPerm
ingressRaw := d.Get("ingress")
if ingressRaw == nil {
ingressRaw = new(schema.Set)
}
ingressList := ingressRaw.(*schema.Set).List()
if len(ingressList) > 0 {
ingressRules := expandIPPerms(ingressList)
_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
if err != nil {
return fmt.Errorf("Error authorizing security group ingress rules: %s", err)
}
}
return resourceAwsSecurityGroupRead(d, meta)
}
func (srv *Server) describeSecurityGroups(w http.ResponseWriter, req *http.Request, reqId string) interface{} {
// BUG similar bug to describeInstances, but for GroupName and GroupId
srv.mu.Lock()
defer srv.mu.Unlock()
var groups []*securityGroup
for name, vals := range req.Form {
var g ec2.SecurityGroup
switch {
case strings.HasPrefix(name, "GroupName."):
g.Name = vals[0]
case strings.HasPrefix(name, "GroupId."):
g.Id = vals[0]
default:
continue
}
sg := srv.group(g)
if sg == nil {
fatalf(400, "InvalidGroup.NotFound", "no such group %v", g)
}
groups = append(groups, sg)
}
if len(groups) == 0 {
for _, g := range srv.groups {
groups = append(groups, g)
}
}
f := newFilter(req.Form)
var resp ec2.SecurityGroupsResp
resp.RequestId = reqId
for _, group := range groups {
ok, err := f.ok(group)
if ok {
resp.Groups = append(resp.Groups, ec2.SecurityGroupInfo{
OwnerId: ownerId,
SecurityGroup: group.ec2SecurityGroup(),
Description: group.description,
IPPerms: group.ec2Perms(),
})
} else if err != nil {
fatalf(400, "InvalidParameterValue", "describe security groups: %v", err)
}
}
return &resp
}
func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn
securityGroupOpts := ec2.SecurityGroup{
Name: d.Get("name").(string),
}
if v := d.Get("vpc_id"); v != nil {
securityGroupOpts.VpcId = v.(string)
}
if v := d.Get("description"); v != nil {
securityGroupOpts.Description = v.(string)
}
log.Printf(
"[DEBUG] Security Group create configuration: %#v", securityGroupOpts)
createResp, err := ec2conn.CreateSecurityGroup(securityGroupOpts)
if err != nil {
return fmt.Errorf("Error creating Security Group: %s", err)
}
d.SetId(createResp.Id)
log.Printf("[INFO] Security Group ID: %s", d.Id())
// Wait for the security group to truly exist
log.Printf(
"[DEBUG] Waiting for Security Group (%s) to exist",
d.Id())
stateConf := &resource.StateChangeConf{
Pending: []string{""},
Target: "exists",
Refresh: SGStateRefreshFunc(ec2conn, d.Id()),
Timeout: 1 * time.Minute,
}
if _, err := stateConf.WaitForState(); err != nil {
return fmt.Errorf(
"Error waiting for Security Group (%s) to become available: %s",
d.Id(), err)
}
return resourceAwsSecurityGroupUpdate(d, meta)
}
func resource_aws_security_group_create(
s *terraform.ResourceState,
d *terraform.ResourceDiff,
meta interface{}) (*terraform.ResourceState, error) {
p := meta.(*ResourceProvider)
ec2conn := p.ec2conn
// Merge the diff into the state so that we have all the attributes
// properly.
rs := s.MergeDiff(d)
securityGroupOpts := ec2.SecurityGroup{
Name: rs.Attributes["name"],
}
if rs.Attributes["vpc_id"] != "" {
securityGroupOpts.VpcId = rs.Attributes["vpc_id"]
}
if rs.Attributes["description"] != "" {
securityGroupOpts.Description = rs.Attributes["description"]
}
log.Printf("[DEBUG] Security Group create configuration: %#v", securityGroupOpts)
createResp, err := ec2conn.CreateSecurityGroup(securityGroupOpts)
if err != nil {
return nil, fmt.Errorf("Error creating Security Group: %s", err)
}
rs.ID = createResp.Id
group := createResp.SecurityGroup
log.Printf("[INFO] Security Group ID: %s", rs.ID)
// Wait for the security group to truly exist
log.Printf(
"[DEBUG] Waiting for SG (%s) to exist",
s.ID)
stateConf := &resource.StateChangeConf{
Pending: []string{""},
Target: "exists",
Refresh: SGStateRefreshFunc(ec2conn, rs.ID),
Timeout: 1 * time.Minute,
}
if _, err := stateConf.WaitForState(); err != nil {
return s, fmt.Errorf(
"Error waiting for SG (%s) to become available: %s",
rs.ID, err)
}
// Expand the "ingress" array to goamz compat []ec2.IPPerm
ingressRules := []ec2.IPPerm{}
v, ok := flatmap.Expand(rs.Attributes, "ingress").([]interface{})
if ok {
ingressRules, err = expandIPPerms(v)
if err != nil {
return rs, err
}
}
if len(ingressRules) > 0 {
_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
if err != nil {
return rs, fmt.Errorf("Error authorizing security group ingress rules: %s", err)
}
}
return resource_aws_security_group_refresh(rs, meta)
}
func resource_aws_instance_create(
s *terraform.ResourceState,
d *terraform.ResourceDiff,
meta interface{}) (*terraform.ResourceState, error) {
p := meta.(*ResourceProvider)
ec2conn := p.ec2conn
// Merge the diff into the state so that we have all the attributes
// properly.
rs := s.MergeDiff(d)
delete(rs.Attributes, "source_dest_check")
// Figure out user data
userData := ""
if attr, ok := d.Attributes["user_data"]; ok {
userData = attr.NewExtra.(string)
}
associatePublicIPAddress := false
if rs.Attributes["associate_public_ip_address"] == "true" {
associatePublicIPAddress = true
}
// Build the creation struct
runOpts := &ec2.RunInstances{
ImageId: rs.Attributes["ami"],
InstanceType: rs.Attributes["instance_type"],
KeyName: rs.Attributes["key_name"],
SubnetId: rs.Attributes["subnet_id"],
AssociatePublicIpAddress: associatePublicIPAddress,
UserData: []byte(userData),
}
if raw := flatmap.Expand(rs.Attributes, "security_groups"); raw != nil {
if sgs, ok := raw.([]interface{}); ok {
for _, sg := range sgs {
str, ok := sg.(string)
if !ok {
continue
}
var g ec2.SecurityGroup
if runOpts.SubnetId != "" {
g.Id = str
} else {
g.Name = str
}
runOpts.SecurityGroups = append(runOpts.SecurityGroups, g)
}
}
}
// Create the instance
log.Printf("[DEBUG] Run configuration: %#v", runOpts)
runResp, err := ec2conn.RunInstances(runOpts)
if err != nil {
return nil, fmt.Errorf("Error launching source instance: %s", err)
}
instance := &runResp.Instances[0]
log.Printf("[INFO] Instance ID: %s", instance.InstanceId)
// Store the resulting ID so we can look this up later
rs.ID = instance.InstanceId
// Wait for the instance to become running so we can get some attributes
// that aren't available until later.
log.Printf(
"[DEBUG] Waiting for instance (%s) to become running",
instance.InstanceId)
stateConf := &resource.StateChangeConf{
Pending: []string{"pending"},
Target: "running",
Refresh: InstanceStateRefreshFunc(ec2conn, instance.InstanceId),
Timeout: 10 * time.Minute,
Delay: 10 * time.Second,
MinTimeout: 3 * time.Second,
}
instanceRaw, err := stateConf.WaitForState()
if err != nil {
return rs, fmt.Errorf(
"Error waiting for instance (%s) to become ready: %s",
instance.InstanceId, err)
}
instance = instanceRaw.(*ec2.Instance)
// Initialize the connection info
rs.ConnInfo["type"] = "ssh"
rs.ConnInfo["host"] = instance.PublicIpAddress
// Set our attributes
rs, err = resource_aws_instance_update_state(rs, instance)
if err != nil {
return rs, err
}
// Update if we need to
return resource_aws_instance_update(rs, d, meta)
}
// parsePerms returns a slice of permKey values extracted
// from the permission fields in req.
func (srv *Server) parsePerms(req *http.Request) []permKey {
// perms maps an index found in the form to its associated
// IPPerm. For instance, the form value with key
// "IpPermissions.3.FromPort" will be stored in perms[3].FromPort
perms := make(map[int]ec2.IPPerm)
type subgroupKey struct {
id1, id2 int
}
// Each IPPerm can have many source security groups. The form key
// for a source security group contains two indices: the index
// of the IPPerm and the sub-index of the security group. The
// sourceGroups map maps from a subgroupKey containing these
// two indices to the associated security group. For instance,
// the form value with key "IPPermissions.3.Groups.2.GroupName"
// will be stored in sourceGroups[subgroupKey{3, 2}].Name.
sourceGroups := make(map[subgroupKey]ec2.UserSecurityGroup)
// For each value in the form we store its associated information in the
// above maps. The maps are necessary because the form keys may
// arrive in any order, and the indices are not
// necessarily sequential or even small.
for name, vals := range req.Form {
val := vals[0]
var id1 int
var rest string
if x, _ := fmt.Sscanf(name, "IpPermissions.%d.%s", &id1, &rest); x != 2 {
continue
}
ec2p := perms[id1]
switch {
case rest == "FromPort":
ec2p.FromPort = atoi(val)
case rest == "ToPort":
ec2p.ToPort = atoi(val)
case rest == "IpProtocol":
switch val {
case "tcp", "udp", "icmp":
ec2p.Protocol = val
default:
// check it's a well formed number
atoi(val)
ec2p.Protocol = val
}
case strings.HasPrefix(rest, "Groups."):
k := subgroupKey{id1: id1}
if x, _ := fmt.Sscanf(rest[len("Groups."):], "%d.%s", &k.id2, &rest); x != 2 {
continue
}
g := sourceGroups[k]
switch rest {
case "UserId":
// BUG if the user id is blank, this does not conform to the
// way that EC2 handles it - a specified but blank owner id
// can cause RevokeSecurityGroupIngress to fail with
// "group not found" even if the security group id has been
// correctly specified.
// By failing here, we ensure that we fail early in this case.
if !ownerIdPat.MatchString(val) {
fatalf(400, "InvalidUserID.Malformed", "Invalid user ID: %q", val)
}
g.OwnerId = val
case "GroupName":
g.Name = val
case "GroupId":
if !secGroupPat.MatchString(val) {
fatalf(400, "InvalidGroupId.Malformed", "Invalid group ID: %q", val)
}
g.Id = val
default:
fatalf(400, "UnknownParameter", "unknown parameter %q", name)
}
sourceGroups[k] = g
case strings.HasPrefix(rest, "IpRanges."):
var id2 int
if x, _ := fmt.Sscanf(rest[len("IpRanges."):], "%d.%s", &id2, &rest); x != 2 {
continue
}
switch rest {
case "CidrIp":
if !ipPat.MatchString(val) {
fatalf(400, "InvalidPermission.Malformed", "Invalid IP range: %q", val)
}
ec2p.SourceIPs = append(ec2p.SourceIPs, val)
default:
fatalf(400, "UnknownParameter", "unknown parameter %q", name)
}
default:
fatalf(400, "UnknownParameter", "unknown parameter %q", name)
}
perms[id1] = ec2p
}
// Associate each set of source groups with its IPPerm.
for k, g := range sourceGroups {
p := perms[k.id1]
p.SourceGroups = append(p.SourceGroups, g)
perms[k.id1] = p
}
// Now that we have built up the IPPerms we need, we check for
// parameter errors and build up a permKey for each permission,
// looking up security groups from srv as we do so.
var result []permKey
for _, p := range perms {
if p.FromPort > p.ToPort {
fatalf(400, "InvalidParameterValue", "invalid port range")
}
k := permKey{
protocol: p.Protocol,
fromPort: p.FromPort,
toPort: p.ToPort,
}
for _, g := range p.SourceGroups {
if g.OwnerId != "" && g.OwnerId != ownerId {
fatalf(400, "InvalidGroup.NotFound", "group %q not found", g.Name)
}
var ec2g ec2.SecurityGroup
switch {
case g.Id != "":
ec2g.Id = g.Id
case g.Name != "":
ec2g.Name = g.Name
}
k.group = srv.group(ec2g)
if k.group == nil {
fatalf(400, "InvalidGroup.NotFound", "group %v not found", g)
}
result = append(result, k)
}
k.group = nil
for _, ip := range p.SourceIPs {
k.ipAddr = ip
result = append(result, k)
}
}
return result
}
func resourceAwsInstanceCreate(d *schema.ResourceData, meta interface{}) error {
p := meta.(*ResourceProvider)
ec2conn := p.ec2conn
// Figure out user data
userData := ""
if v := d.Get("user_data"); v != nil {
userData = v.(string)
}
associatePublicIPAddress := false
if v := d.Get("associate_public_ip_addresss"); v != nil {
associatePublicIPAddress = v.(bool)
}
// Build the creation struct
runOpts := &ec2.RunInstances{
ImageId: d.Get("ami").(string),
AvailZone: d.Get("availability_zone").(string),
InstanceType: d.Get("instance_type").(string),
KeyName: d.Get("key_name").(string),
SubnetId: d.Get("subnet_id").(string),
PrivateIPAddress: d.Get("private_ip").(string),
AssociatePublicIpAddress: associatePublicIPAddress,
UserData: []byte(userData),
}
if v := d.Get("security_groups"); v != nil {
for _, v := range v.(*schema.Set).List() {
str := v.(string)
var g ec2.SecurityGroup
if runOpts.SubnetId != "" {
g.Id = str
} else {
g.Name = str
}
runOpts.SecurityGroups = append(runOpts.SecurityGroups, g)
}
}
// Create the instance
log.Printf("[DEBUG] Run configuration: %#v", runOpts)
runResp, err := ec2conn.RunInstances(runOpts)
if err != nil {
return fmt.Errorf("Error launching source instance: %s", err)
}
instance := &runResp.Instances[0]
log.Printf("[INFO] Instance ID: %s", instance.InstanceId)
// Store the resulting ID so we can look this up later
d.SetId(instance.InstanceId)
// Wait for the instance to become running so we can get some attributes
// that aren't available until later.
log.Printf(
"[DEBUG] Waiting for instance (%s) to become running",
instance.InstanceId)
stateConf := &resource.StateChangeConf{
Pending: []string{"pending"},
Target: "running",
Refresh: InstanceStateRefreshFunc(ec2conn, instance.InstanceId),
Timeout: 10 * time.Minute,
Delay: 10 * time.Second,
MinTimeout: 3 * time.Second,
}
instanceRaw, err := stateConf.WaitForState()
if err != nil {
return fmt.Errorf(
"Error waiting for instance (%s) to become ready: %s",
instance.InstanceId, err)
}
instance = instanceRaw.(*ec2.Instance)
// Initialize the connection info
d.SetConnInfo(map[string]string{
"type": "ssh",
"host": instance.PublicIpAddress,
})
// Set our attributes
if err := resourceAwsInstanceRead(d, meta); err != nil {
return err
}
// Update if we need to
return resourceAwsInstanceUpdate(d, meta)
}
func resourceAwsInstanceCreate(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn
// Figure out user data
userData := ""
if v := d.Get("user_data"); v != nil {
userData = v.(string)
}
associatePublicIPAddress := false
if v := d.Get("associate_public_ip_address"); v != nil {
associatePublicIPAddress = v.(bool)
}
// Build the creation struct
runOpts := &ec2.RunInstances{
ImageId: d.Get("ami").(string),
AvailZone: d.Get("availability_zone").(string),
InstanceType: d.Get("instance_type").(string),
KeyName: d.Get("key_name").(string),
SubnetId: d.Get("subnet_id").(string),
PrivateIPAddress: d.Get("private_ip").(string),
AssociatePublicIpAddress: associatePublicIPAddress,
UserData: []byte(userData),
EbsOptimized: d.Get("ebs_optimized").(bool),
IamInstanceProfile: d.Get("iam_instance_profile").(string),
Tenancy: d.Get("tenancy").(string),
}
if v := d.Get("security_groups"); v != nil {
for _, v := range v.(*schema.Set).List() {
str := v.(string)
var g ec2.SecurityGroup
if runOpts.SubnetId != "" {
g.Id = str
} else {
g.Name = str
}
runOpts.SecurityGroups = append(runOpts.SecurityGroups, g)
}
}
if v := d.Get("block_device"); v != nil {
vs := v.(*schema.Set).List()
if len(vs) > 0 {
runOpts.BlockDevices = make([]ec2.BlockDeviceMapping, len(vs))
for i, v := range vs {
bd := v.(map[string]interface{})
runOpts.BlockDevices[i].DeviceName = bd["device_name"].(string)
runOpts.BlockDevices[i].VirtualName = bd["virtual_name"].(string)
runOpts.BlockDevices[i].SnapshotId = bd["snapshot_id"].(string)
runOpts.BlockDevices[i].VolumeType = bd["volume_type"].(string)
runOpts.BlockDevices[i].VolumeSize = int64(bd["volume_size"].(int))
runOpts.BlockDevices[i].DeleteOnTermination = bd["delete_on_termination"].(bool)
runOpts.BlockDevices[i].Encrypted = bd["encrypted"].(bool)
}
}
}
// Create the instance
log.Printf("[DEBUG] Run configuration: %#v", runOpts)
runResp, err := ec2conn.RunInstances(runOpts)
if err != nil {
return fmt.Errorf("Error launching source instance: %s", err)
}
instance := &runResp.Instances[0]
log.Printf("[INFO] Instance ID: %s", instance.InstanceId)
// Store the resulting ID so we can look this up later
d.SetId(instance.InstanceId)
// Wait for the instance to become running so we can get some attributes
// that aren't available until later.
log.Printf(
"[DEBUG] Waiting for instance (%s) to become running",
instance.InstanceId)
stateConf := &resource.StateChangeConf{
Pending: []string{"pending"},
Target: "running",
Refresh: InstanceStateRefreshFunc(ec2conn, instance.InstanceId),
Timeout: 10 * time.Minute,
Delay: 10 * time.Second,
MinTimeout: 3 * time.Second,
}
instanceRaw, err := stateConf.WaitForState()
if err != nil {
return fmt.Errorf(
"Error waiting for instance (%s) to become ready: %s",
instance.InstanceId, err)
}
instance = instanceRaw.(*ec2.Instance)
// Initialize the connection info
d.SetConnInfo(map[string]string{
"type": "ssh",
"host": instance.PublicIpAddress,
})
// Set our attributes
if err := resourceAwsInstanceRead(d, meta); err != nil {
return err
}
// Update if we need to
return resourceAwsInstanceUpdate(d, meta)
}
