resource/aws_flow_log: Support S3 logging

* Add `log_destination` and `log_destination_type` arguments * Deprecate `log_group_name` and conflict it with `log_destination` * Mark `iam_role_arn` as Optional ``` $ make testacc TEST=./aws TESTARGS='-run=TestAccAWSFlowLog_' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -run=TestAccAWSFlowLog_ -timeout 120m === RUN TestAccAWSFlowLog_VPCID --- PASS: TestAccAWSFlowLog_VPCID (75.46s) === RUN TestAccAWSFlowLog_SubnetID --- PASS: TestAccAWSFlowLog_SubnetID (28.62s) === RUN TestAccAWSFlowLog_LogDestinationType_CloudWatchLogs --- PASS: TestAccAWSFlowLog_LogDestinationType_CloudWatchLogs (28.68s) === RUN TestAccAWSFlowLog_LogDestinationType_S3 --- PASS: TestAccAWSFlowLog_LogDestinationType_S3 (153.81s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 287.945s ```
hashicorp · Oct 19, 2018 · f38bf13 · f38bf13
1 parent 72e8bb4
commit f38bf13
Show file tree

Hide file tree

Showing 3 changed files with 284 additions and 103 deletions.
diff --git a/aws/resource_aws_flow_log.go b/aws/resource_aws_flow_log.go
@@ -8,6 +8,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
 )
 
 func resourceAwsFlowLog() *schema.Resource {
@@ -22,14 +23,37 @@ func resourceAwsFlowLog() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"iam_role_arn": {
 				Type:     schema.TypeString,
-				Required: true,
+				Optional: true,
 				ForceNew: true,
 			},
 
-			"log_group_name": {
+			"log_destination": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ForceNew:      true,
+				ConflictsWith: []string{"log_group_name"},
+				ValidateFunc:  validateArn,
+			},
+
+			"log_destination_type": {
 				Type:     schema.TypeString,
-				Required: true,
+				Optional: true,
 				ForceNew: true,
+				Default:  ec2.LogDestinationTypeCloudWatchLogs,
+				ValidateFunc: validation.StringInSlice([]string{
+					ec2.LogDestinationTypeCloudWatchLogs,
+					ec2.LogDestinationTypeS3,
+				}, false),
+			},
+
+			"log_group_name": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ForceNew:      true,
+				ConflictsWith: []string{"log_destination"},
+				Deprecated:    "use 'log_destination' argument instead",
 			},
 
 			"vpc_id": {
@@ -89,11 +113,22 @@ func resourceAwsLogFlowCreate(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	opts := &ec2.CreateFlowLogsInput{
-		DeliverLogsPermissionArn: aws.String(d.Get("iam_role_arn").(string)),
-		LogGroupName:             aws.String(d.Get("log_group_name").(string)),
-		ResourceIds:              []*string{aws.String(resourceId)},
-		ResourceType:             aws.String(resourceType),
-		TrafficType:              aws.String(d.Get("traffic_type").(string)),
+		LogDestinationType: aws.String(d.Get("log_destination_type").(string)),
+		ResourceIds:        []*string{aws.String(resourceId)},
+		ResourceType:       aws.String(resourceType),
+		TrafficType:        aws.String(d.Get("traffic_type").(string)),
+	}
+
+	if v, ok := d.GetOk("iam_role_arn"); ok && v != "" {
+		opts.DeliverLogsPermissionArn = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("log_destination"); ok && v != "" {
+		opts.LogDestination = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("log_group_name"); ok && v != "" {
+		opts.LogGroupName = aws.String(v.(string))
 	}
 
 	log.Printf(
@@ -134,6 +169,8 @@ func resourceAwsLogFlowRead(d *schema.ResourceData, meta interface{}) error {
 
 	fl := resp.FlowLogs[0]
 	d.Set("traffic_type", fl.TrafficType)
+	d.Set("log_destination", fl.LogDestination)
+	d.Set("log_destination_type", fl.LogDestinationType)
 	d.Set("log_group_name", fl.LogGroupName)
 	d.Set("iam_role_arn", fl.DeliverLogsPermissionArn)