Merge remote-tracking branch 'sjones-and/f-vpn-acceleration' into v2.…

…56.0-custom
gazoakley · Apr 7, 2020 · ebb23a5 · ebb23a5
2 parents cbd456b + bb5d282
commit ebb23a5
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 2 deletions.
diff --git a/aws/resource_aws_vpn_connection.go b/aws/resource_aws_vpn_connection.go
@@ -109,6 +109,13 @@ func resourceAwsVpnConnection() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"enable_acceleration": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+
 			"tunnel1_inside_cidr": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -291,8 +298,9 @@ func resourceAwsVpnConnectionCreate(d *schema.ResourceData, meta interface{}) er
 	}
 
 	connectOpts := &ec2.VpnConnectionOptionsSpecification{
-		StaticRoutesOnly: aws.Bool(d.Get("static_routes_only").(bool)),
-		TunnelOptions:    options,
+		EnableAcceleration: aws.Bool(d.Get("enable_acceleration").(bool)),
+		StaticRoutesOnly:   aws.Bool(d.Get("static_routes_only").(bool)),
+		TunnelOptions:      options,
 	}
 
 	createOpts := &ec2.CreateVpnConnectionInput{
@@ -303,6 +311,11 @@ func resourceAwsVpnConnectionCreate(d *schema.ResourceData, meta interface{}) er
 
 	if v, ok := d.GetOk("transit_gateway_id"); ok {
 		createOpts.TransitGatewayId = aws.String(v.(string))
+	} else {
+		// VPN Acceleration can't be enabled unless the connection's to a Transit Gateway
+		if d.Get("enable_acceleration").(bool) {
+			return fmt.Errorf("Error creating vpn connection: Accelerated VPN is only available for VPN connections to a Transit Gateway")
+		}
 	}
 
 	if v, ok := d.GetOk("vpn_gateway_id"); ok {
@@ -440,9 +453,15 @@ func resourceAwsVpnConnectionRead(d *schema.ResourceData, meta interface{}) erro
 		if err := d.Set("static_routes_only", vpnConnection.Options.StaticRoutesOnly); err != nil {
 			return err
 		}
+
+		if err := d.Set("enable_acceleration", vpnConnection.Options.EnableAcceleration); err != nil {
+			return err
+		}
 	} else {
 		//If there no Options on the connection then we do not support *static_routes*
 		d.Set("static_routes_only", false)
+		//If there no Options on the connection then *enable_acceleration* is not set
+		d.Set("enable_acceleration", false)
 	}
 
 	// Set read only attributes.

diff --git a/aws/resource_aws_vpn_connection_test.go b/aws/resource_aws_vpn_connection_test.go
@@ -90,6 +90,7 @@ func TestAccAWSVpnConnection_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccAwsVpnConnectionExists(resourceName, &vpn),
 					resource.TestCheckResourceAttr(resourceName, "transit_gateway_attachment_id", ""),
+					resource.TestCheckResourceAttr(resourceName, "enable_acceleration", "false"),
 				),
 			},
 			{
@@ -246,6 +247,34 @@ func TestAccAWSVpnConnection_withoutStaticRoutes(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccAwsVpnConnectionExists(resourceName, &vpn),
 					resource.TestCheckResourceAttr(resourceName, "static_routes_only", "false"),
+					resource.TestCheckResourceAttr(resourceName, "enable_acceleration", "false"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAWSVpnConnection_withEnableAcceleration(t *testing.T) {
+	rBgpAsn := acctest.RandIntRange(64512, 65534)
+	resourceName := "aws_vpn_connection.test"
+	var vpn ec2.VpnConnection
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t) },
+		IDRefreshName: resourceName,
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccAwsVpnConnectionDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAwsVpnConnectionConfigEnableAcceleration(rBgpAsn),
+				Check: resource.ComposeTestCheckFunc(
+					testAccAwsVpnConnectionExists(resourceName, &vpn),
+					resource.TestCheckResourceAttr(resourceName, "enable_acceleration", "true"),
 				),
 			},
 			{
@@ -486,10 +515,35 @@ resource "aws_vpn_connection" "test" {
   customer_gateway_id = "${aws_customer_gateway.customer_gateway.id}"
   type                = "ipsec.1"
   static_routes_only  = false
+  enable_acceleration = false
 }
 `, rBgpAsn, rInt)
 }
 
+func testAccAwsVpnConnectionConfigEnableAcceleration(rBgpAsn int) string {
+	return fmt.Sprintf(`
+resource "aws_ec2_transit_gateway" "test" {}
+
+resource "aws_customer_gateway" "customer_gateway" {
+  bgp_asn    = %d
+  ip_address = "178.0.0.1"
+  type       = "ipsec.1"
+
+  tags = {
+    Name = "tf-acc-test-ec2-vpn-connection-enable-acceleration"
+  }
+}
+
+resource "aws_vpn_connection" "test" {
+  customer_gateway_id = "${aws_customer_gateway.customer_gateway.id}"
+  transit_gateway_id  = "${aws_ec2_transit_gateway.test.id}"
+  type                = "ipsec.1"
+  static_routes_only  = false
+  enable_acceleration = true
+}
+`, rBgpAsn)
+}
+
 func testAccAwsVpnConnectionConfigSingleTunnelOptions(rBgpAsn int, psk string, tunnelCidr string) string {
 	return fmt.Sprintf(`
 resource "aws_vpn_gateway" "vpn_gateway" {

diff --git a/website/docs/r/vpn_connection.html.markdown b/website/docs/r/vpn_connection.html.markdown
@@ -75,6 +75,7 @@ One of the following arguments is required:
 
 Other arguments:
 
+* `enable_acceleration` - (Optional, Default `false`) Whether the VPN connection uses acceleration.  Acceleration can only be enabled on VPNs terminated on a Transit Gateway.
 * `static_routes_only` - (Optional, Default `false`) Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
 * `tags` - (Optional) Tags to apply to the connection.
 * `tunnel1_inside_cidr` - (Optional) The CIDR block of the inside IP addresses for the first VPN tunnel.