diff --git a/builtin/providers/aws/resource_aws_elb.go b/builtin/providers/aws/resource_aws_elb.go index 86ec3d570..80178c02c 100644 --- a/builtin/providers/aws/resource_aws_elb.go +++ b/builtin/providers/aws/resource_aws_elb.go @@ -353,6 +353,7 @@ func resource_aws_elb_validation() *config.Validator { }, Optional: []string{ "instances.*", + "listener.*.ssl_certificate_id", "internal", "availability_zones.*", "security_groups.*", diff --git a/builtin/providers/aws/resource_aws_elb_test.go b/builtin/providers/aws/resource_aws_elb_test.go index a0a1c657c..73a1503dd 100644 --- a/builtin/providers/aws/resource_aws_elb_test.go +++ b/builtin/providers/aws/resource_aws_elb_test.go @@ -2,6 +2,7 @@ package aws import ( "fmt" + "os" "reflect" "testing" @@ -12,6 +13,7 @@ import ( func TestAccAWSELB_basic(t *testing.T) { var conf elb.LoadBalancer + ssl_certificate_id := os.Getenv("AWS_SSL_CERTIFICATE_ID") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -35,6 +37,8 @@ func TestAccAWSELB_basic(t *testing.T) { "aws_elb.bar", "listener.0.instance_port", "8000"), resource.TestCheckResourceAttr( "aws_elb.bar", "listener.0.instance_protocol", "http"), + resource.TestCheckResourceAttr( + "aws_elb.bar", "listener.0.ssl_certificate_id", ssl_certificate_id), resource.TestCheckResourceAttr( "aws_elb.bar", "listener.0.lb_port", "80"), resource.TestCheckResourceAttr( @@ -277,6 +281,21 @@ resource "aws_instance" "foo" { } ` +const testAccAWSELBConfigListenerSSLCertificateId = ` +resource "aws_elb" "bar" { + name = "foobar-terraform-test" + availability_zones = ["us-west-2a"] + + listener { + instance_port = 8000 + instance_protocol = "http" + ssl_certificate_id = "%s" + lb_port = 443 + lb_protocol = "https" + } +} +` + const testAccAWSELBConfigHealthCheck = ` resource "aws_elb" "bar" { name = "foobar-terraform-test" diff --git a/builtin/providers/aws/resource_provider_test.go b/builtin/providers/aws/resource_provider_test.go index b376f62b8..18df993c2 100644 --- a/builtin/providers/aws/resource_provider_test.go +++ b/builtin/providers/aws/resource_provider_test.go @@ -92,4 +92,7 @@ func testAccPreCheck(t *testing.T) { log.Println("[INFO] Test: Using us-west-2 as test region") os.Setenv("AWS_REGION", "us-west-2") } + if v := os.Getenv("AWS_SSL_CERTIFICATE_ID"); v == "" { + t.Fatal("AWS_SSL_CERTIFICATE_ID must be set for acceptance tests") + } } diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go index fee36600a..017123b94 100644 --- a/builtin/providers/aws/structure.go +++ b/builtin/providers/aws/structure.go @@ -33,6 +33,11 @@ func expandListeners(configured []interface{}) ([]elb.Listener, error) { Protocol: newL["lb_protocol"].(string), } + if attr, ok := newL["ssl_certificate_id"].(string); ok { + l.SSLCertificateId = attr + } + + listeners = append(listeners, l) } diff --git a/builtin/providers/aws/structure_test.go b/builtin/providers/aws/structure_test.go index 81e67a9b6..a65fdc83c 100644 --- a/builtin/providers/aws/structure_test.go +++ b/builtin/providers/aws/structure_test.go @@ -70,9 +70,9 @@ func Test_expandIPPerms(t *testing.T) { }, }, ec2.IPPerm{ - Protocol: "icmp", - FromPort: 1, - ToPort: -1, + Protocol: "icmp", + FromPort: 1, + ToPort: -1, SourceGroups: []ec2.UserSecurityGroup{ ec2.UserSecurityGroup{ Id: "foo", diff --git a/website/source/docs/providers/aws/r/elb.html.markdown b/website/source/docs/providers/aws/r/elb.html.markdown index e919bdab9..3420c7726 100644 --- a/website/source/docs/providers/aws/r/elb.html.markdown +++ b/website/source/docs/providers/aws/r/elb.html.markdown @@ -23,6 +23,14 @@ resource "aws_elb" "bar" { lb_protocol = "http" } + listener { + instance_port = 8000 + instance_protocol = "http" + lb_port = 443 + lb_protocol = "https" + ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName" + } + health_check { healthy_threshold = 2 unhealthy_threshold = 2 @@ -54,6 +62,7 @@ Listeners support the following: * `instance_protocol` - (Required) The the protocol to use to the instance. * `lb_port` - (Required) The port to listen on for the load balancer * `lb_protocol` - (Required) The protocol to listen on. +* `ssl_certificate_id` - (Optional) The id of an SSL certificate you have uploaded to AWS IAM. Health Check supports the following: