func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).ec2conn securityGroupOpts := &ec2.CreateSecurityGroupInput{} if v, ok := d.GetOk("vpc_id"); ok { securityGroupOpts.VpcId = aws.String(v.(string)) } if v := d.Get("description"); v != nil { securityGroupOpts.Description = aws.String(v.(string)) } var groupName string if v, ok := d.GetOk("name"); ok { groupName = v.(string) } else if v, ok := d.GetOk("name_prefix"); ok { groupName = resource.PrefixedUniqueId(v.(string)) } else { groupName = resource.UniqueId() } securityGroupOpts.GroupName = aws.String(groupName) var err error log.Printf( "[DEBUG] Security Group create configuration: %#v", securityGroupOpts) createResp, err := conn.CreateSecurityGroup(securityGroupOpts) if err != nil { return fmt.Errorf("Error creating Security Group: %s", err) } d.SetId(*createResp.GroupId) log.Printf("[INFO] Security Group ID: %s", d.Id()) // Wait for the security group to truly exist log.Printf( "[DEBUG] Waiting for Security Group (%s) to exist", d.Id()) stateConf := &resource.StateChangeConf{ Pending: []string{""}, Target: "exists", Refresh: SGStateRefreshFunc(conn, d.Id()), Timeout: 1 * time.Minute, } resp, err := stateConf.WaitForState() if err != nil { return fmt.Errorf( "Error waiting for Security Group (%s) to become available: %s", d.Id(), err) } // AWS defaults all Security Groups to have an ALLOW ALL egress rule. Here we // revoke that rule, so users don't unknowningly have/use it. group := resp.(*ec2.SecurityGroup) if group.VpcId != nil && *group.VpcId != "" { log.Printf("[DEBUG] Revoking default egress rule for Security Group for %s", d.Id()) req := &ec2.RevokeSecurityGroupEgressInput{ GroupId: createResp.GroupId, IpPermissions: []*ec2.IpPermission{ &ec2.IpPermission{ FromPort: aws.Int64(int64(0)), ToPort: aws.Int64(int64(0)), IpRanges: []*ec2.IpRange{ &ec2.IpRange{ CidrIp: aws.String("0.0.0.0/0"), }, }, IpProtocol: aws.String("-1"), }, }, } if _, err = conn.RevokeSecurityGroupEgress(req); err != nil { return fmt.Errorf( "Error revoking default egress rule for Security Group (%s): %s", d.Id(), err) } } return resourceAwsSecurityGroupUpdate(d, meta) }
func resourceAwsElbCreate(d *schema.ResourceData, meta interface{}) error { elbconn := meta.(*AWSClient).elbconn // Expand the "listener" set to aws-sdk-go compat []*elb.Listener listeners, err := expandListeners(d.Get("listener").(*schema.Set).List()) if err != nil { return err } var elbName string if v, ok := d.GetOk("name"); ok { elbName = v.(string) } else { elbName = resource.PrefixedUniqueId("tf-lb-") d.Set("name", elbName) } tags := tagsFromMapELB(d.Get("tags").(map[string]interface{})) // Provision the elb elbOpts := &elb.CreateLoadBalancerInput{ LoadBalancerName: aws.String(elbName), Listeners: listeners, Tags: tags, } if scheme, ok := d.GetOk("internal"); ok && scheme.(bool) { elbOpts.Scheme = aws.String("internal") } if v, ok := d.GetOk("availability_zones"); ok { elbOpts.AvailabilityZones = expandStringList(v.(*schema.Set).List()) } if v, ok := d.GetOk("security_groups"); ok { elbOpts.SecurityGroups = expandStringList(v.(*schema.Set).List()) } if v, ok := d.GetOk("subnets"); ok { elbOpts.Subnets = expandStringList(v.(*schema.Set).List()) } log.Printf("[DEBUG] ELB create configuration: %#v", elbOpts) err = resource.Retry(1*time.Minute, func() error { _, err := elbconn.CreateLoadBalancer(elbOpts) if err != nil { if awsErr, ok := err.(awserr.Error); ok { // Check for IAM SSL Cert error, eventual consistancy issue if awsErr.Code() == "CertificateNotFound" { return fmt.Errorf("[WARN] Error creating ELB Listener with SSL Cert, retrying: %s", err) } } return resource.RetryError{Err: err} } return nil }) if err != nil { return err } // Assign the elb's unique identifier for use later d.SetId(elbName) log.Printf("[INFO] ELB ID: %s", d.Id()) // Enable partial mode and record what we set d.Partial(true) d.SetPartial("name") d.SetPartial("internal") d.SetPartial("availability_zones") d.SetPartial("listener") d.SetPartial("security_groups") d.SetPartial("subnets") d.Set("tags", tagsToMapELB(tags)) return resourceAwsElbUpdate(d, meta) }
func resourceAwsAutoscalingGroupCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).autoscalingconn var autoScalingGroupOpts autoscaling.CreateAutoScalingGroupInput var asgName string if v, ok := d.GetOk("name"); ok { asgName = v.(string) } else { asgName = resource.PrefixedUniqueId("tf-asg-") d.Set("name", asgName) } autoScalingGroupOpts.AutoScalingGroupName = aws.String(asgName) autoScalingGroupOpts.LaunchConfigurationName = aws.String(d.Get("launch_configuration").(string)) autoScalingGroupOpts.MinSize = aws.Int64(int64(d.Get("min_size").(int))) autoScalingGroupOpts.MaxSize = aws.Int64(int64(d.Get("max_size").(int))) // Availability Zones are optional if VPC Zone Identifer(s) are specified if v, ok := d.GetOk("availability_zones"); ok && v.(*schema.Set).Len() > 0 { autoScalingGroupOpts.AvailabilityZones = expandStringList(v.(*schema.Set).List()) } if v, ok := d.GetOk("tag"); ok { autoScalingGroupOpts.Tags = autoscalingTagsFromMap( setToMapByKey(v.(*schema.Set), "key"), d.Get("name").(string)) } if v, ok := d.GetOk("default_cooldown"); ok { autoScalingGroupOpts.DefaultCooldown = aws.Int64(int64(v.(int))) } if v, ok := d.GetOk("health_check_type"); ok && v.(string) != "" { autoScalingGroupOpts.HealthCheckType = aws.String(v.(string)) } if v, ok := d.GetOk("desired_capacity"); ok { autoScalingGroupOpts.DesiredCapacity = aws.Int64(int64(v.(int))) } if v, ok := d.GetOk("health_check_grace_period"); ok { autoScalingGroupOpts.HealthCheckGracePeriod = aws.Int64(int64(v.(int))) } if v, ok := d.GetOk("placement_group"); ok { autoScalingGroupOpts.PlacementGroup = aws.String(v.(string)) } if v, ok := d.GetOk("load_balancers"); ok && v.(*schema.Set).Len() > 0 { autoScalingGroupOpts.LoadBalancerNames = expandStringList( v.(*schema.Set).List()) } if v, ok := d.GetOk("vpc_zone_identifier"); ok && v.(*schema.Set).Len() > 0 { autoScalingGroupOpts.VPCZoneIdentifier = expandVpcZoneIdentifiers(v.(*schema.Set).List()) } if v, ok := d.GetOk("termination_policies"); ok && len(v.([]interface{})) > 0 { autoScalingGroupOpts.TerminationPolicies = expandStringList(v.([]interface{})) } log.Printf("[DEBUG] AutoScaling Group create configuration: %#v", autoScalingGroupOpts) _, err := conn.CreateAutoScalingGroup(&autoScalingGroupOpts) if err != nil { return fmt.Errorf("Error creating Autoscaling Group: %s", err) } d.SetId(d.Get("name").(string)) log.Printf("[INFO] AutoScaling Group ID: %s", d.Id()) if err := waitForASGCapacity(d, meta); err != nil { return err } return resourceAwsAutoscalingGroupRead(d, meta) }
func resourceAwsLaunchConfigurationCreate(d *schema.ResourceData, meta interface{}) error { autoscalingconn := meta.(*AWSClient).autoscalingconn ec2conn := meta.(*AWSClient).ec2conn createLaunchConfigurationOpts := autoscaling.CreateLaunchConfigurationInput{ LaunchConfigurationName: aws.String(d.Get("name").(string)), ImageId: aws.String(d.Get("image_id").(string)), InstanceType: aws.String(d.Get("instance_type").(string)), EbsOptimized: aws.Bool(d.Get("ebs_optimized").(bool)), } if v, ok := d.GetOk("user_data"); ok { userData := base64.StdEncoding.EncodeToString([]byte(v.(string))) createLaunchConfigurationOpts.UserData = aws.String(userData) } createLaunchConfigurationOpts.InstanceMonitoring = &autoscaling.InstanceMonitoring{ Enabled: aws.Bool(d.Get("enable_monitoring").(bool)), } if v, ok := d.GetOk("iam_instance_profile"); ok { createLaunchConfigurationOpts.IamInstanceProfile = aws.String(v.(string)) } if v, ok := d.GetOk("placement_tenancy"); ok { createLaunchConfigurationOpts.PlacementTenancy = aws.String(v.(string)) } if v, ok := d.GetOk("associate_public_ip_address"); ok { createLaunchConfigurationOpts.AssociatePublicIpAddress = aws.Bool(v.(bool)) } if v, ok := d.GetOk("key_name"); ok { createLaunchConfigurationOpts.KeyName = aws.String(v.(string)) } if v, ok := d.GetOk("spot_price"); ok { createLaunchConfigurationOpts.SpotPrice = aws.String(v.(string)) } if v, ok := d.GetOk("security_groups"); ok { createLaunchConfigurationOpts.SecurityGroups = expandStringList( v.(*schema.Set).List(), ) } var blockDevices []*autoscaling.BlockDeviceMapping if v, ok := d.GetOk("ebs_block_device"); ok { vL := v.(*schema.Set).List() for _, v := range vL { bd := v.(map[string]interface{}) ebs := &autoscaling.Ebs{ DeleteOnTermination: aws.Bool(bd["delete_on_termination"].(bool)), Encrypted: aws.Bool(bd["encrypted"].(bool)), } if v, ok := bd["snapshot_id"].(string); ok && v != "" { ebs.SnapshotId = aws.String(v) } if v, ok := bd["volume_size"].(int); ok && v != 0 { ebs.VolumeSize = aws.Int64(int64(v)) } if v, ok := bd["volume_type"].(string); ok && v != "" { ebs.VolumeType = aws.String(v) } if v, ok := bd["iops"].(int); ok && v > 0 { ebs.Iops = aws.Int64(int64(v)) } blockDevices = append(blockDevices, &autoscaling.BlockDeviceMapping{ DeviceName: aws.String(bd["device_name"].(string)), Ebs: ebs, }) } } if v, ok := d.GetOk("ephemeral_block_device"); ok { vL := v.(*schema.Set).List() for _, v := range vL { bd := v.(map[string]interface{}) blockDevices = append(blockDevices, &autoscaling.BlockDeviceMapping{ DeviceName: aws.String(bd["device_name"].(string)), VirtualName: aws.String(bd["virtual_name"].(string)), }) } } if v, ok := d.GetOk("root_block_device"); ok { vL := v.(*schema.Set).List() if len(vL) > 1 { return fmt.Errorf("Cannot specify more than one root_block_device.") } for _, v := range vL { bd := v.(map[string]interface{}) ebs := &autoscaling.Ebs{ DeleteOnTermination: aws.Bool(bd["delete_on_termination"].(bool)), } if v, ok := bd["volume_size"].(int); ok && v != 0 { ebs.VolumeSize = aws.Int64(int64(v)) } if v, ok := bd["volume_type"].(string); ok && v != "" { ebs.VolumeType = aws.String(v) } if v, ok := bd["iops"].(int); ok && v > 0 { ebs.Iops = aws.Int64(int64(v)) } if dn, err := fetchRootDeviceName(d.Get("image_id").(string), ec2conn); err == nil { if dn == nil { return fmt.Errorf( "Expected to find a Root Device name for AMI (%s), but got none", d.Get("image_id").(string)) } blockDevices = append(blockDevices, &autoscaling.BlockDeviceMapping{ DeviceName: dn, Ebs: ebs, }) } else { return err } } } if len(blockDevices) > 0 { createLaunchConfigurationOpts.BlockDeviceMappings = blockDevices } var lcName string if v, ok := d.GetOk("name"); ok { lcName = v.(string) } else if v, ok := d.GetOk("name_prefix"); ok { lcName = resource.PrefixedUniqueId(v.(string)) } else { lcName = resource.UniqueId() } createLaunchConfigurationOpts.LaunchConfigurationName = aws.String(lcName) log.Printf( "[DEBUG] autoscaling create launch configuration: %s", createLaunchConfigurationOpts) // IAM profiles can take ~10 seconds to propagate in AWS: // http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#launch-instance-with-role-console err := resource.Retry(30*time.Second, func() error { _, err := autoscalingconn.CreateLaunchConfiguration(&createLaunchConfigurationOpts) if err != nil { if awsErr, ok := err.(awserr.Error); ok { if awsErr.Message() == "Invalid IamInstanceProfile" { return err } } return &resource.RetryError{ Err: err, } } return nil }) if err != nil { return fmt.Errorf("Error creating launch configuration: %s", err) } d.SetId(lcName) log.Printf("[INFO] launch configuration ID: %s", d.Id()) // We put a Retry here since sometimes eventual consistency bites // us and we need to retry a few times to get the LC to load properly return resource.Retry(30*time.Second, func() error { return resourceAwsLaunchConfigurationRead(d, meta) }) }