hashicorp · ewbankkit · Aug 2, 2024 · Aug 1, 2024 · Aug 1, 2024 · Aug 1, 2024
@@ -0,0 +1,3 @@
+```release-note:new-resource
+aws_ebs_snapshot_block_public_access
+```
@@ -0,0 +1,91 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package ec2
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/enum"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+// @SDKResource("aws_ebs_snapshot_block_public_access", name="EBS Snapshot Block Public Access")
+func resourceEBSSnapshotBlockPublicAccess() *schema.Resource {
+	return &schema.Resource{
+		CreateWithoutTimeout: resourceEBSSnapshotBlockPublicAccessPut,
+		ReadWithoutTimeout:   resourceEBSSnapshotBlockPublicAccessRead,
+		UpdateWithoutTimeout: resourceEBSSnapshotBlockPublicAccessPut,
+		DeleteWithoutTimeout: resourceEBSSnapshotBlockPublicAccessDelete,
+
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: map[string]*schema.Schema{
+			names.AttrState: {
+				Type:             schema.TypeString,
+				Required:         true,
+				ValidateDiagFunc: enum.Validate[types.SnapshotBlockPublicAccessState](),
+			},
+		},
+	}
+}
+
+func resourceEBSSnapshotBlockPublicAccessPut(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).EC2Client(ctx)
+
+	state := d.Get(names.AttrState).(string)
+	input := &ec2.EnableSnapshotBlockPublicAccessInput{
+		State: types.SnapshotBlockPublicAccessState(state),
+	}
+
+	_, err := conn.EnableSnapshotBlockPublicAccess(ctx, input)
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "enabling EBS Snapshot Block Public Access (%s): %s", state, err)
+	}
+
+	if d.IsNewResource() {
+		d.SetId(meta.(*conns.AWSClient).Region)
+	}
+
+	return append(diags, resourceEBSSnapshotBlockPublicAccessRead(ctx, d, meta)...)
+}
+
+func resourceEBSSnapshotBlockPublicAccessRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).EC2Client(ctx)
+
+	input := &ec2.GetSnapshotBlockPublicAccessStateInput{}
+	output, err := conn.GetSnapshotBlockPublicAccessState(ctx, input)
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "reading EBS Snapshot Block Public Access: %s", err)
+	}
+
+	d.Set(names.AttrState, output.State)
+
+	return diags
+}
+
+func resourceEBSSnapshotBlockPublicAccessDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).EC2Client(ctx)
+
+	// Removing the resource disables blocking of EBS snapshot sharing.
+	_, err := conn.DisableSnapshotBlockPublicAccess(ctx, &ec2.DisableSnapshotBlockPublicAccessInput{})
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "disabling EBS Snapshot Block Public Access: %s", err)
+	}
+
+	return diags
+}
@@ -0,0 +1,75 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package ec2_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccEC2EBSSnapshotBlockPublicAccess_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_ebs_snapshot_block_public_access.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.EC2ServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		WorkingDir:               "/tmp",
+		CheckDestroy:             testAccCheckEBSSnapshotBlockAccessDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				ResourceName: resourceName,
+				Config:       testAccEBSSnapshotBlockPublicAccess_basic(string(types.SnapshotBlockPublicAccessStateBlockAllSharing)),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, names.AttrState, "block-all-sharing"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				ResourceName: resourceName,
+				Config:       testAccEBSSnapshotBlockPublicAccess_basic(string(types.SnapshotBlockPublicAccessStateBlockNewSharing)),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, names.AttrState, "block-new-sharing"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckEBSSnapshotBlockAccessDestroy(ctx context.Context) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx)
+		response, err := conn.GetSnapshotBlockPublicAccessState(ctx, &ec2.GetSnapshotBlockPublicAccessStateInput{})
+		if err != nil {
+			return err
+		}
+
+		if response.State != types.SnapshotBlockPublicAccessStateUnblocked {
+			return fmt.Errorf("EBS encryption by default is not in expected state (%s)", types.SnapshotBlockPublicAccessStateUnblocked)
+		}
+		return nil
+	}
+}
+
+func testAccEBSSnapshotBlockPublicAccess_basic(state string) string {
+	return fmt.Sprintf(`
+resource "aws_ebs_snapshot_block_public_access" "test" {
+  state = %[1]q
+}
+`, state)
+}
@@ -0,0 +1,48 @@
+---
+subcategory: "EBS (EC2)"
+layout: "aws"
+page_title: "AWS: aws_ebs_snapshot_block_public_access"
+description: |-
+  Manages EBS snapshot public access block configuration.
+---
+
+# Resource: aws_ebs_snapshot_block_public_access
+
+Provides a resource to manage the state of the "Block public access for snapshots" setting on region level.
+
+~> **NOTE:** Removing this Terraform resource disables blocking.
+
+## Example Usage
+
+```terraform
+resource "aws_ebs_snapshot_block_public_access" "example" {
+  state = "block-all-sharing"
+}
+```
+
+## Argument Reference
+
+This resource supports the following arguments:
+
+* `state` - (Required) The mode in which to enable "Block public access for snapshots" for the region. Allowed values are `block-all`, `block-new-sharing`, `unblocked`.
+
+## Attribute Reference
+
+This resource exports no additional attributes.
+
+## Import
+
+In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import the current state. For example:
+
+```terraform
+import {
+  to = aws_ebs_snapshot_block_public_access.example
+  id = "default"
+}
+```
+
+Using `terraform import`, import the state. For example:
+
+```console
+% terraform import aws_ebs_snapshot_block_public_access.example default
+```