* provider/aws: Fix importing of EIP by IP address
EIPs are meant to be imported by their allocation id, however, importing
by their EIP *appears* to work because this API actually accepts IP
lookup, despite the documentation asking for the allocation id.
This PR does:
- update docs on how to import EIPs
- fix case if user imported by IP, to switch to using the alloc id for
the resource id
I chose not to document that looking up by IP is a method of import,
because the AWS API docs do not explicitly say that looking up by IP is
OK, so I'd rather people not do it if it's not documented to stay that
way.
Alternatively, we could parse the resource ID and reject it (remove from
state with error/warning) if it doesn't match the `eipalloc-*` format,
but I thought this was a bit better UX.
* fix issue with swapping IDs on EC2 Classic
* update docs
* update comment
Based on support case with AWS, CloudWatch Events invoking Lambda should also specify the `source_arn`
Example, the resulting policy needs to be like:
```
{
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:events:us-east-1:0123456789:rule/my-cloudwatch-events-rule"
}
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-1:0123456789:function:my-lambda-function",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Sid": "AllowMyCloudWatchEventRuleToCallMyLambda"
}
```
aws_alb_target_group will ForceNew resource
Fixes#8741
The modify-target-group doesn't allow changes to name, port, protocol or
vpc_id - therefore, they should all be ForceNew: true
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/22 16:04:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (50.66s)
=== RUN TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (84.48s)
=== RUN TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (95.89s)
=== RUN TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (85.77s)
=== RUN TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (85.00s)
=== RUN TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (88.11s)
=== RUN TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (82.15s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 572.083s
```
Clarified that to send notifications to more than one Lambda function requires a single `s3_bucket_notification` element with multiple `lambda_function` configuration elements.
If multiple `s3_bucket_notification` elements, each with a single `lambda_function` element are used, one of the configurations is applied, seemingly at random.
Fixes#3605 and adds the functionality suggested in PR #7440.
This PR is using a different appraoch that (IMHO) feels cleaner and (even more important) adds support for Windows at the same time.
- add remote state provider backed by Joyent's Manta
- add documentation of Manta remote state provider
- explicitly check for passphrase-protected SSH keys, which are currently
unsupported, and generate a more helpful error (borrowed from Packer's
solution to the same problem):
https://github.com/mitchellh/packer/blob/master/common/ssh/key.go#L27
When creating a CloudWatch Metric for an Application Load Balancer it is
neccessary to use the suffix of the ARN as the reference to the load
balancer. This commit exposes that as an attribute on the `aws_alb`
resource to prevent the need to use regular expression substitution to
make the reference.
Fixes#8808.
I noticed that Terraform is not (anymore) parsing the value of environment variable `AWS_SECURITY_TOKEN` (which was re-added in May 2015: https://github.com/hashicorp/terraform/pull/1785)
Example ENV:
```
AWS_SECURITY_TOKEN="FQo...vgU="
AWS_ACCESS_KEY_ID="A...A"
AWS_SECRET_ACCESS_KEY="I...t"
AWS_DEFAULT_REGION="eu-west-1"
```
This errors with messages akin to "AWS was not able to validate the provided access credentials".
Setting `AWS_SESSION_TOKEN` instead of `AWS_SECURITY_TOKEN` on the other hand works just fine and seems to be in line with what is suggested in the code: d1ac7d3b2e/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go (L69), making this whole thing a documentation change.
Happy to provide test cases or additional insights though!
Paul Stack