func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
p := meta.(*ResourceProvider)
ec2conn := p.ec2conn
securityGroupOpts := ec2.SecurityGroup{
Name: d.Get("name").(string),
}
if v := d.Get("vpc_id"); v != nil {
securityGroupOpts.VpcId = v.(string)
}
if v := d.Get("description"); v != nil {
securityGroupOpts.Description = v.(string)
}
log.Printf(
"[DEBUG] Security Group create configuration: %#v", securityGroupOpts)
createResp, err := ec2conn.CreateSecurityGroup(securityGroupOpts)
if err != nil {
return fmt.Errorf("Error creating Security Group: %s", err)
}
d.SetId(createResp.Id)
group := createResp.SecurityGroup
log.Printf("[INFO] Security Group ID: %s", d.Id())
// Wait for the security group to truly exist
log.Printf(
"[DEBUG] Waiting for Security Group (%s) to exist",
d.Id())
stateConf := &resource.StateChangeConf{
Pending: []string{""},
Target: "exists",
Refresh: SGStateRefreshFunc(ec2conn, d.Id()),
Timeout: 1 * time.Minute,
}
if _, err := stateConf.WaitForState(); err != nil {
return fmt.Errorf(
"Error waiting for Security Group (%s) to become available: %s",
d.Id(), err)
}
// Expand the "ingress" array to goamz compat []ec2.IPPerm
ingressRaw := d.Get("ingress")
if ingressRaw == nil {
ingressRaw = new(schema.Set)
}
ingressList := ingressRaw.(*schema.Set).List()
if len(ingressList) > 0 {
ingressRules := expandIPPerms(ingressList)
_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
if err != nil {
return fmt.Errorf("Error authorizing security group ingress rules: %s", err)
}
}
return resourceAwsSecurityGroupRead(d, meta)
}
func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn
securityGroupOpts := ec2.SecurityGroup{
Name: d.Get("name").(string),
}
if v := d.Get("vpc_id"); v != nil {
securityGroupOpts.VpcId = v.(string)
}
if v := d.Get("description"); v != nil {
securityGroupOpts.Description = v.(string)
}
log.Printf(
"[DEBUG] Security Group create configuration: %#v", securityGroupOpts)
createResp, err := ec2conn.CreateSecurityGroup(securityGroupOpts)
if err != nil {
return fmt.Errorf("Error creating Security Group: %s", err)
}
d.SetId(createResp.Id)
log.Printf("[INFO] Security Group ID: %s", d.Id())
// Wait for the security group to truly exist
log.Printf(
"[DEBUG] Waiting for Security Group (%s) to exist",
d.Id())
stateConf := &resource.StateChangeConf{
Pending: []string{""},
Target: "exists",
Refresh: SGStateRefreshFunc(ec2conn, d.Id()),
Timeout: 1 * time.Minute,
}
if _, err := stateConf.WaitForState(); err != nil {
return fmt.Errorf(
"Error waiting for Security Group (%s) to become available: %s",
d.Id(), err)
}
return resourceAwsSecurityGroupUpdate(d, meta)
}
func resource_aws_security_group_create(
s *terraform.ResourceState,
d *terraform.ResourceDiff,
meta interface{}) (*terraform.ResourceState, error) {
p := meta.(*ResourceProvider)
ec2conn := p.ec2conn
// Merge the diff into the state so that we have all the attributes
// properly.
rs := s.MergeDiff(d)
securityGroupOpts := ec2.SecurityGroup{
Name: rs.Attributes["name"],
}
if rs.Attributes["vpc_id"] != "" {
securityGroupOpts.VpcId = rs.Attributes["vpc_id"]
}
if rs.Attributes["description"] != "" {
securityGroupOpts.Description = rs.Attributes["description"]
}
log.Printf("[DEBUG] Security Group create configuration: %#v", securityGroupOpts)
createResp, err := ec2conn.CreateSecurityGroup(securityGroupOpts)
if err != nil {
return nil, fmt.Errorf("Error creating Security Group: %s", err)
}
rs.ID = createResp.Id
group := createResp.SecurityGroup
log.Printf("[INFO] Security Group ID: %s", rs.ID)
// Wait for the security group to truly exist
log.Printf(
"[DEBUG] Waiting for SG (%s) to exist",
s.ID)
stateConf := &resource.StateChangeConf{
Pending: []string{""},
Target: "exists",
Refresh: SGStateRefreshFunc(ec2conn, rs.ID),
Timeout: 1 * time.Minute,
}
if _, err := stateConf.WaitForState(); err != nil {
return s, fmt.Errorf(
"Error waiting for SG (%s) to become available: %s",
rs.ID, err)
}
// Expand the "ingress" array to goamz compat []ec2.IPPerm
ingressRules := []ec2.IPPerm{}
v, ok := flatmap.Expand(rs.Attributes, "ingress").([]interface{})
if ok {
ingressRules, err = expandIPPerms(v)
if err != nil {
return rs, err
}
}
if len(ingressRules) > 0 {
_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
if err != nil {
return rs, fmt.Errorf("Error authorizing security group ingress rules: %s", err)
}
}
return resource_aws_security_group_refresh(rs, meta)
}
