func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ec2conn
securityGroupOpts := &ec2.CreateSecurityGroupInput{}
if v, ok := d.GetOk("vpc_id"); ok {
securityGroupOpts.VpcId = aws.String(v.(string))
}
if v := d.Get("description"); v != nil {
securityGroupOpts.Description = aws.String(v.(string))
}
var groupName string
if v, ok := d.GetOk("name"); ok {
groupName = v.(string)
} else if v, ok := d.GetOk("name_prefix"); ok {
groupName = resource.PrefixedUniqueId(v.(string))
} else {
groupName = resource.UniqueId()
}
securityGroupOpts.GroupName = aws.String(groupName)
var err error
log.Printf(
"[DEBUG] Security Group create configuration: %#v", securityGroupOpts)
createResp, err := conn.CreateSecurityGroup(securityGroupOpts)
if err != nil {
return fmt.Errorf("Error creating Security Group: %s", err)
}
d.SetId(*createResp.GroupId)
log.Printf("[INFO] Security Group ID: %s", d.Id())
// Wait for the security group to truly exist
log.Printf(
"[DEBUG] Waiting for Security Group (%s) to exist",
d.Id())
stateConf := &resource.StateChangeConf{
Pending: []string{""},
Target: "exists",
Refresh: SGStateRefreshFunc(conn, d.Id()),
Timeout: 1 * time.Minute,
}
resp, err := stateConf.WaitForState()
if err != nil {
return fmt.Errorf(
"Error waiting for Security Group (%s) to become available: %s",
d.Id(), err)
}
// AWS defaults all Security Groups to have an ALLOW ALL egress rule. Here we
// revoke that rule, so users don't unknowningly have/use it.
group := resp.(*ec2.SecurityGroup)
if group.VpcId != nil && *group.VpcId != "" {
log.Printf("[DEBUG] Revoking default egress rule for Security Group for %s", d.Id())
req := &ec2.RevokeSecurityGroupEgressInput{
GroupId: createResp.GroupId,
IpPermissions: []*ec2.IpPermission{
&ec2.IpPermission{
FromPort: aws.Int64(int64(0)),
ToPort: aws.Int64(int64(0)),
IpRanges: []*ec2.IpRange{
&ec2.IpRange{
CidrIp: aws.String("0.0.0.0/0"),
},
},
IpProtocol: aws.String("-1"),
},
},
}
if _, err = conn.RevokeSecurityGroupEgress(req); err != nil {
return fmt.Errorf(
"Error revoking default egress rule for Security Group (%s): %s",
d.Id(), err)
}
}
return resourceAwsSecurityGroupUpdate(d, meta)
}
func resourceAwsElbCreate(d *schema.ResourceData, meta interface{}) error {
elbconn := meta.(*AWSClient).elbconn
// Expand the "listener" set to aws-sdk-go compat []*elb.Listener
listeners, err := expandListeners(d.Get("listener").(*schema.Set).List())
if err != nil {
return err
}
var elbName string
if v, ok := d.GetOk("name"); ok {
elbName = v.(string)
} else {
elbName = resource.PrefixedUniqueId("tf-lb-")
d.Set("name", elbName)
}
tags := tagsFromMapELB(d.Get("tags").(map[string]interface{}))
// Provision the elb
elbOpts := &elb.CreateLoadBalancerInput{
LoadBalancerName: aws.String(elbName),
Listeners: listeners,
Tags: tags,
}
if scheme, ok := d.GetOk("internal"); ok && scheme.(bool) {
elbOpts.Scheme = aws.String("internal")
}
if v, ok := d.GetOk("availability_zones"); ok {
elbOpts.AvailabilityZones = expandStringList(v.(*schema.Set).List())
}
if v, ok := d.GetOk("security_groups"); ok {
elbOpts.SecurityGroups = expandStringList(v.(*schema.Set).List())
}
if v, ok := d.GetOk("subnets"); ok {
elbOpts.Subnets = expandStringList(v.(*schema.Set).List())
}
log.Printf("[DEBUG] ELB create configuration: %#v", elbOpts)
err = resource.Retry(1*time.Minute, func() error {
_, err := elbconn.CreateLoadBalancer(elbOpts)
if err != nil {
if awsErr, ok := err.(awserr.Error); ok {
// Check for IAM SSL Cert error, eventual consistancy issue
if awsErr.Code() == "CertificateNotFound" {
return fmt.Errorf("[WARN] Error creating ELB Listener with SSL Cert, retrying: %s", err)
}
}
return resource.RetryError{Err: err}
}
return nil
})
if err != nil {
return err
}
// Assign the elb's unique identifier for use later
d.SetId(elbName)
log.Printf("[INFO] ELB ID: %s", d.Id())
// Enable partial mode and record what we set
d.Partial(true)
d.SetPartial("name")
d.SetPartial("internal")
d.SetPartial("availability_zones")
d.SetPartial("listener")
d.SetPartial("security_groups")
d.SetPartial("subnets")
d.Set("tags", tagsToMapELB(tags))
return resourceAwsElbUpdate(d, meta)
}
func resourceAwsAutoscalingGroupCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).autoscalingconn
var autoScalingGroupOpts autoscaling.CreateAutoScalingGroupInput
var asgName string
if v, ok := d.GetOk("name"); ok {
asgName = v.(string)
} else {
asgName = resource.PrefixedUniqueId("tf-asg-")
d.Set("name", asgName)
}
autoScalingGroupOpts.AutoScalingGroupName = aws.String(asgName)
autoScalingGroupOpts.LaunchConfigurationName = aws.String(d.Get("launch_configuration").(string))
autoScalingGroupOpts.MinSize = aws.Int64(int64(d.Get("min_size").(int)))
autoScalingGroupOpts.MaxSize = aws.Int64(int64(d.Get("max_size").(int)))
// Availability Zones are optional if VPC Zone Identifer(s) are specified
if v, ok := d.GetOk("availability_zones"); ok && v.(*schema.Set).Len() > 0 {
autoScalingGroupOpts.AvailabilityZones = expandStringList(v.(*schema.Set).List())
}
if v, ok := d.GetOk("tag"); ok {
autoScalingGroupOpts.Tags = autoscalingTagsFromMap(
setToMapByKey(v.(*schema.Set), "key"), d.Get("name").(string))
}
if v, ok := d.GetOk("default_cooldown"); ok {
autoScalingGroupOpts.DefaultCooldown = aws.Int64(int64(v.(int)))
}
if v, ok := d.GetOk("health_check_type"); ok && v.(string) != "" {
autoScalingGroupOpts.HealthCheckType = aws.String(v.(string))
}
if v, ok := d.GetOk("desired_capacity"); ok {
autoScalingGroupOpts.DesiredCapacity = aws.Int64(int64(v.(int)))
}
if v, ok := d.GetOk("health_check_grace_period"); ok {
autoScalingGroupOpts.HealthCheckGracePeriod = aws.Int64(int64(v.(int)))
}
if v, ok := d.GetOk("placement_group"); ok {
autoScalingGroupOpts.PlacementGroup = aws.String(v.(string))
}
if v, ok := d.GetOk("load_balancers"); ok && v.(*schema.Set).Len() > 0 {
autoScalingGroupOpts.LoadBalancerNames = expandStringList(
v.(*schema.Set).List())
}
if v, ok := d.GetOk("vpc_zone_identifier"); ok && v.(*schema.Set).Len() > 0 {
autoScalingGroupOpts.VPCZoneIdentifier = expandVpcZoneIdentifiers(v.(*schema.Set).List())
}
if v, ok := d.GetOk("termination_policies"); ok && len(v.([]interface{})) > 0 {
autoScalingGroupOpts.TerminationPolicies = expandStringList(v.([]interface{}))
}
log.Printf("[DEBUG] AutoScaling Group create configuration: %#v", autoScalingGroupOpts)
_, err := conn.CreateAutoScalingGroup(&autoScalingGroupOpts)
if err != nil {
return fmt.Errorf("Error creating Autoscaling Group: %s", err)
}
d.SetId(d.Get("name").(string))
log.Printf("[INFO] AutoScaling Group ID: %s", d.Id())
if err := waitForASGCapacity(d, meta); err != nil {
return err
}
return resourceAwsAutoscalingGroupRead(d, meta)
}
func resourceAwsLaunchConfigurationCreate(d *schema.ResourceData, meta interface{}) error {
autoscalingconn := meta.(*AWSClient).autoscalingconn
ec2conn := meta.(*AWSClient).ec2conn
createLaunchConfigurationOpts := autoscaling.CreateLaunchConfigurationInput{
LaunchConfigurationName: aws.String(d.Get("name").(string)),
ImageId: aws.String(d.Get("image_id").(string)),
InstanceType: aws.String(d.Get("instance_type").(string)),
EbsOptimized: aws.Bool(d.Get("ebs_optimized").(bool)),
}
if v, ok := d.GetOk("user_data"); ok {
userData := base64.StdEncoding.EncodeToString([]byte(v.(string)))
createLaunchConfigurationOpts.UserData = aws.String(userData)
}
createLaunchConfigurationOpts.InstanceMonitoring = &autoscaling.InstanceMonitoring{
Enabled: aws.Bool(d.Get("enable_monitoring").(bool)),
}
if v, ok := d.GetOk("iam_instance_profile"); ok {
createLaunchConfigurationOpts.IamInstanceProfile = aws.String(v.(string))
}
if v, ok := d.GetOk("placement_tenancy"); ok {
createLaunchConfigurationOpts.PlacementTenancy = aws.String(v.(string))
}
if v, ok := d.GetOk("associate_public_ip_address"); ok {
createLaunchConfigurationOpts.AssociatePublicIpAddress = aws.Bool(v.(bool))
}
if v, ok := d.GetOk("key_name"); ok {
createLaunchConfigurationOpts.KeyName = aws.String(v.(string))
}
if v, ok := d.GetOk("spot_price"); ok {
createLaunchConfigurationOpts.SpotPrice = aws.String(v.(string))
}
if v, ok := d.GetOk("security_groups"); ok {
createLaunchConfigurationOpts.SecurityGroups = expandStringList(
v.(*schema.Set).List(),
)
}
var blockDevices []*autoscaling.BlockDeviceMapping
if v, ok := d.GetOk("ebs_block_device"); ok {
vL := v.(*schema.Set).List()
for _, v := range vL {
bd := v.(map[string]interface{})
ebs := &autoscaling.Ebs{
DeleteOnTermination: aws.Bool(bd["delete_on_termination"].(bool)),
Encrypted: aws.Bool(bd["encrypted"].(bool)),
}
if v, ok := bd["snapshot_id"].(string); ok && v != "" {
ebs.SnapshotId = aws.String(v)
}
if v, ok := bd["volume_size"].(int); ok && v != 0 {
ebs.VolumeSize = aws.Int64(int64(v))
}
if v, ok := bd["volume_type"].(string); ok && v != "" {
ebs.VolumeType = aws.String(v)
}
if v, ok := bd["iops"].(int); ok && v > 0 {
ebs.Iops = aws.Int64(int64(v))
}
blockDevices = append(blockDevices, &autoscaling.BlockDeviceMapping{
DeviceName: aws.String(bd["device_name"].(string)),
Ebs: ebs,
})
}
}
if v, ok := d.GetOk("ephemeral_block_device"); ok {
vL := v.(*schema.Set).List()
for _, v := range vL {
bd := v.(map[string]interface{})
blockDevices = append(blockDevices, &autoscaling.BlockDeviceMapping{
DeviceName: aws.String(bd["device_name"].(string)),
VirtualName: aws.String(bd["virtual_name"].(string)),
})
}
}
if v, ok := d.GetOk("root_block_device"); ok {
vL := v.(*schema.Set).List()
if len(vL) > 1 {
return fmt.Errorf("Cannot specify more than one root_block_device.")
}
for _, v := range vL {
bd := v.(map[string]interface{})
ebs := &autoscaling.Ebs{
DeleteOnTermination: aws.Bool(bd["delete_on_termination"].(bool)),
}
if v, ok := bd["volume_size"].(int); ok && v != 0 {
ebs.VolumeSize = aws.Int64(int64(v))
}
if v, ok := bd["volume_type"].(string); ok && v != "" {
ebs.VolumeType = aws.String(v)
}
if v, ok := bd["iops"].(int); ok && v > 0 {
ebs.Iops = aws.Int64(int64(v))
}
if dn, err := fetchRootDeviceName(d.Get("image_id").(string), ec2conn); err == nil {
if dn == nil {
return fmt.Errorf(
"Expected to find a Root Device name for AMI (%s), but got none",
d.Get("image_id").(string))
}
blockDevices = append(blockDevices, &autoscaling.BlockDeviceMapping{
DeviceName: dn,
Ebs: ebs,
})
} else {
return err
}
}
}
if len(blockDevices) > 0 {
createLaunchConfigurationOpts.BlockDeviceMappings = blockDevices
}
var lcName string
if v, ok := d.GetOk("name"); ok {
lcName = v.(string)
} else if v, ok := d.GetOk("name_prefix"); ok {
lcName = resource.PrefixedUniqueId(v.(string))
} else {
lcName = resource.UniqueId()
}
createLaunchConfigurationOpts.LaunchConfigurationName = aws.String(lcName)
log.Printf(
"[DEBUG] autoscaling create launch configuration: %s", createLaunchConfigurationOpts)
// IAM profiles can take ~10 seconds to propagate in AWS:
// http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#launch-instance-with-role-console
err := resource.Retry(30*time.Second, func() error {
_, err := autoscalingconn.CreateLaunchConfiguration(&createLaunchConfigurationOpts)
if err != nil {
if awsErr, ok := err.(awserr.Error); ok {
if awsErr.Message() == "Invalid IamInstanceProfile" {
return err
}
}
return &resource.RetryError{
Err: err,
}
}
return nil
})
if err != nil {
return fmt.Errorf("Error creating launch configuration: %s", err)
}
d.SetId(lcName)
log.Printf("[INFO] launch configuration ID: %s", d.Id())
// We put a Retry here since sometimes eventual consistency bites
// us and we need to retry a few times to get the LC to load properly
return resource.Retry(30*time.Second, func() error {
return resourceAwsLaunchConfigurationRead(d, meta)
})
}