Skip to content

Commit

Permalink
resource/aws_dms_endpoint: Add retry to allow IAM to propagate
Browse files Browse the repository at this point in the history
Allows the IAM Role for DynamoDB to propagate for use in DMS Endpoint
  • Loading branch information
stack72 committed Jun 29, 2017
1 parent 84e031a commit 7d3d642
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 10 deletions.
17 changes: 16 additions & 1 deletion aws/resource_aws_dms_endpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,12 @@ package aws
import (
"log"
"strings"
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
dms "github.com/aws/aws-sdk-go/service/databasemigrationservice"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
)
Expand Down Expand Up @@ -159,7 +161,20 @@ func resourceAwsDmsEndpointCreate(d *schema.ResourceData, meta interface{}) erro

log.Println("[DEBUG] DMS create endpoint:", request)

_, err := conn.CreateEndpoint(request)
err := resource.Retry(5*time.Minute, func() *resource.RetryError {
if _, err := conn.CreateEndpoint(request); err != nil {
if awserr, ok := err.(awserr.Error); ok {
switch awserr.Code() {
case "AccessDeniedFault":
return resource.RetryableError(awserr)
}
}
// Didn't recognize the error, so shouldn't retry.
return resource.NonRetryableError(err)
}
// Successful delete
return nil
})
if err != nil {
return err
}
Expand Down
6 changes: 2 additions & 4 deletions aws/resource_aws_dms_endpoint_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,6 @@ func TestAccAwsDmsEndpointDynamoDb(t *testing.T) {
Config: dmsEndpointDynamoDbConfigUpdate(randId),
Check: resource.ComposeTestCheckFunc(
checkDmsEndpointExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "ssl_mode", "none"),
resource.TestCheckResourceAttr(resourceName, "server_name", "tftestupdate"),
),
},
},
Expand Down Expand Up @@ -182,14 +180,15 @@ resource "aws_dms_endpoint" "dms_endpoint" {
endpoint_id = "tf-test-dms-endpoint-%[1]s"
endpoint_type = "target"
engine_name = "dynamodb"
server_name = "tftest"
service_access_role = "${aws_iam_role.iam_role.arn}"
ssl_mode = "none"
tags {
Name = "tf-test-dynamodb-endpoint-%[1]s"
Update = "to-update"
Remove = "to-remove"
}
depends_on = ["aws_iam_role_policy.dms_dynamodb_access"]
}
resource "aws_iam_role" "iam_role" {
name = "tf-test-iam-dynamodb-role-%[1]s"
Expand Down Expand Up @@ -244,7 +243,6 @@ resource "aws_dms_endpoint" "dms_endpoint" {
endpoint_id = "tf-test-dms-endpoint-%[1]s"
endpoint_type = "target"
engine_name = "dynamodb"
server_name = "tftestupdate"
service_access_role = "${aws_iam_role.iam_role.arn}"
ssl_mode = "none"
tags {
Expand Down
10 changes: 5 additions & 5 deletions website/docs/r/dms_endpoint.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -53,15 +53,15 @@ The following arguments are supported:
- Must not contain two consecutive hyphens

* `endpoint_type` - (Required) The type of endpoint. Can be one of `source | target`.
* `engine_name` - (Required) The type of engine for the endpoint. Can be one of `mysql | oracle | postgres | mariadb | aurora | redshift | sybase | sqlserver`.
* `engine_name` - (Required) The type of engine for the endpoint. Can be one of `mysql | oracle | postgres | mariadb | aurora | redshift | sybase | sqlserver | dynamodb`.
* `extra_connection_attributes` - (Optional) Additional attributes associated with the connection. For available attributes see [Using Extra Connection Attributes with AWS Database Migration Service](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Introduction.ConnectionAttributes.html).
* `kms_key_arn` - (Optional) The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.
* `password` - (Required) The password to be used to login to the endpoint database.
* `port` - (Required) The port used by the endpoint database.
* `server_name` - (Required) The host name of the server.
* `password` - (Optional) The password to be used to login to the endpoint database.
* `port` - (Optional) The port used by the endpoint database.
* `server_name` - (Optional) The host name of the server.
* `ssl_mode` - (Optional, Default: none) The SSL mode to use for the connection. Can be one of `none | require | verify-ca | verify-full`
* `tags` - (Optional) A mapping of tags to assign to the resource.
* `username` - (Required) The user name to be used to login to the endpoint database.
* `username` - (Optional) The user name to be used to login to the endpoint database.

## Attributes Reference

Expand Down

0 comments on commit 7d3d642

Please sign in to comment.