Merge pull request #7721 from parabolic/Issue_1769_AWS_Shield_Protect…

…ion_feature Issue 1769 add aws shield protection feature ( Part II )
hashicorp · May 15, 2019 · 2a7385e · 2a7385e
2 parents a2f67b5 + 6a53956
commit 2a7385e
Show file tree

Hide file tree

Showing 6 changed files with 689 additions and 2 deletions.
diff --git a/aws/config.go b/aws/config.go
@@ -390,7 +390,7 @@ func (c *Config) Client() (interface{}, error) {
 		fsxconn:                             fsx.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["fsx"])})),
 		gameliftconn:                        gamelift.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["gamelift"])})),
 		glacierconn:                         glacier.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["glacier"])})),
-		globalacceleratorconn:               globalaccelerator.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["globalaccelerator"])})),
+		globalacceleratorconn:               globalaccelerator.New(sess.Copy(&aws.Config{Region: aws.String("us-west-2"), Endpoint: aws.String(c.Endpoints["globalaccelerator"])})),
 		glueconn:                            glue.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["glue"])})),
 		guarddutyconn:                       guardduty.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["guardduty"])})),
 		iamconn:                             iam.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["iam"])})),
@@ -439,7 +439,7 @@ func (c *Config) Client() (interface{}, error) {
 		serverlessapplicationrepositoryconn: serverlessapplicationrepository.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["serverlessrepo"])})),
 		sesConn:                             ses.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["ses"])})),
 		sfnconn:                             sfn.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["stepfunctions"])})),
-		shieldconn:                          shield.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["shield"])})),
+		shieldconn:                          shield.New(sess.Copy(&aws.Config{Region: aws.String("us-east-1"), Endpoint: aws.String(c.Endpoints["shield"])})),
 		simpledbconn:                        simpledb.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["sdb"])})),
 		snsconn:                             sns.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["sns"])})),
 		sqsconn:                             sqs.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["sqs"])})),

diff --git a/aws/provider.go b/aws/provider.go
@@ -666,6 +666,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_service_discovery_private_dns_namespace":             resourceAwsServiceDiscoveryPrivateDnsNamespace(),
 			"aws_service_discovery_public_dns_namespace":              resourceAwsServiceDiscoveryPublicDnsNamespace(),
 			"aws_service_discovery_service":                           resourceAwsServiceDiscoveryService(),
+			"aws_shield_protection":                                   resourceAwsShieldProtection(),
 			"aws_simpledb_domain":                                     resourceAwsSimpleDBDomain(),
 			"aws_ssm_activation":                                      resourceAwsSsmActivation(),
 			"aws_ssm_association":                                     resourceAwsSsmAssociation(),

diff --git a/aws/resource_aws_shield_protection.go b/aws/resource_aws_shield_protection.go
@@ -0,0 +1,85 @@
+package aws
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/shield"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsShieldProtection() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsShieldProtectionCreate,
+		Read:   resourceAwsShieldProtectionRead,
+		Delete: resourceAwsShieldProtectionDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"resource_arn": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateArn,
+			},
+		},
+	}
+}
+
+func resourceAwsShieldProtectionCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).shieldconn
+
+	input := &shield.CreateProtectionInput{
+		Name:        aws.String(d.Get("name").(string)),
+		ResourceArn: aws.String(d.Get("resource_arn").(string)),
+	}
+
+	resp, err := conn.CreateProtection(input)
+	if err != nil {
+		return fmt.Errorf("error creating Shield Protection: %s", err)
+	}
+	d.SetId(*resp.ProtectionId)
+	return resourceAwsShieldProtectionRead(d, meta)
+}
+
+func resourceAwsShieldProtectionRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).shieldconn
+
+	input := &shield.DescribeProtectionInput{
+		ProtectionId: aws.String(d.Id()),
+	}
+
+	resp, err := conn.DescribeProtection(input)
+	if err != nil {
+		return fmt.Errorf("error reading Shield Protection (%s): %s", d.Id(), err)
+	}
+	d.Set("name", resp.Protection.Name)
+	d.Set("resource_arn", resp.Protection.ResourceArn)
+	return nil
+}
+
+func resourceAwsShieldProtectionDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).shieldconn
+
+	input := &shield.DeleteProtectionInput{
+		ProtectionId: aws.String(d.Id()),
+	}
+
+	_, err := conn.DeleteProtection(input)
+
+	if isAWSErr(err, shield.ErrCodeResourceNotFoundException, "") {
+		return nil
+	}
+
+	if err != nil {
+		return fmt.Errorf("error deleting Shield Protection (%s): %s", d.Id(), err)
+	}
+	return nil
+}