hashicorp · gdavison · Nov 7, 2024 · Nov 1, 2024 · Nov 1, 2024 · Nov 4, 2024
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_api_gateway_account: Supports unregistering account settings.
+```
@@ -25,7 +25,7 @@ func resourceAccount() *schema.Resource {
 		CreateWithoutTimeout: resourceAccountUpdate,
 		ReadWithoutTimeout:   resourceAccountRead,
 		UpdateWithoutTimeout: resourceAccountUpdate,
-		DeleteWithoutTimeout: schema.NoopContext,
+		DeleteWithoutTimeout: resourceAccountDelete,
 
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
@@ -66,7 +66,7 @@ func resourceAccount() *schema.Resource {
 	}
 }
 
-func resourceAccountUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+func resourceAccountUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).APIGatewayClient(ctx)
 
@@ -82,12 +82,12 @@ func resourceAccountUpdate(ctx context.Context, d *schema.ResourceData, meta int
 		input.PatchOperations = []types.PatchOperation{{
 			Op:    types.OpReplace,
 			Path:  aws.String("/cloudwatchRoleArn"),
-			Value: aws.String(""),
+			Value: nil,
 		}}
 	}
 
 	_, err := tfresource.RetryWhen(ctx, propagationTimeout,
-		func() (interface{}, error) {
+		func() (any, error) {
 			return conn.UpdateAccount(ctx, input)
 		},
 		func(err error) (bool, error) {
@@ -114,7 +114,7 @@ func resourceAccountUpdate(ctx context.Context, d *schema.ResourceData, meta int
 	return append(diags, resourceAccountRead(ctx, d, meta)...)
 }
 
-func resourceAccountRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+func resourceAccountRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).APIGatewayClient(ctx)
 
@@ -140,6 +140,25 @@ func resourceAccountRead(ctx context.Context, d *schema.ResourceData, meta inter
 	return diags
 }
 
+func resourceAccountDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).APIGatewayClient(ctx)
+
+	input := &apigateway.UpdateAccountInput{}
+
+	input.PatchOperations = []types.PatchOperation{{
+		Op:    types.OpReplace,
+		Path:  aws.String("/cloudwatchRoleArn"),
+		Value: nil,
+	}}
+
+	_, err := conn.UpdateAccount(ctx, input)
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "resetting API Gateway Account: %s", err)
+	}
+	return diags
+}
+
 func findAccount(ctx context.Context, conn *apigateway.Client) (*apigateway.GetAccountOutput, error) {
 	input := &apigateway.GetAccountInput{}
 

@@ -4,12 +4,16 @@
 package apigateway_test
 
 import (
+	"context"
 	"fmt"
 	"testing"
 
 	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	tfapigateway "github.com/hashicorp/terraform-provider-aws/internal/service/apigateway"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
@@ -22,7 +26,7 @@ func testAccAccount_basic(t *testing.T) {
 		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
 		ErrorCheck:               acctest.ErrorCheck(t, names.APIGatewayServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		CheckDestroy:             acctest.CheckDestroyNoop,
+		CheckDestroy:             testAccCheckAccountDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
 				Config: testAccAccountConfig_role0(rName),
@@ -56,6 +60,32 @@ func testAccAccount_basic(t *testing.T) {
 	})
 }
 
+func testAccCheckAccountDestroy(ctx context.Context) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn := acctest.Provider.Meta().(*conns.AWSClient).APIGatewayClient(ctx)
+
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "aws_api_gateway_stage" {
+				continue
+			}
+
+			account, err := tfapigateway.FindAccount(ctx, conn)
+			if err != nil {
+				return err
+			}
+
+			if account.CloudwatchRoleArn == nil {
+				// Settings have been reset
+				continue
+			}
+
+			return fmt.Errorf("API Gateway Stage %s still exists", rs.Primary.ID)
+		}
+
+		return nil
+	}
+}
+
 const testAccAccountConfig_empty = `
 resource "aws_api_gateway_account" "test" {}
 `

@@ -31,6 +31,7 @@ var (
 	ResourceVPCLink              = resourceVPCLink
 
 	DefaultAuthorizerTTL                 = defaultAuthorizerTTL
+	FindAccount                          = findAccount
 	FindAPIKeyByID                       = findAPIKeyByID
 	FindAuthorizerByTwoPartKey           = findAuthorizerByTwoPartKey
 	FindBasePathMappingByTwoPartKey      = findBasePathMappingByTwoPartKey

@@ -4,18 +4,25 @@
 package apigateway
 
 import (
+	"context"
 	"fmt"
 	"log"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/apigateway"
 	"github.com/aws/aws-sdk-go-v2/service/apigateway/types"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/sweep"
 	"github.com/hashicorp/terraform-provider-aws/internal/sweep/awsv2"
+	"github.com/hashicorp/terraform-provider-aws/internal/sweep/sdk"
 )
 
 func RegisterSweepers() {
+	awsv2.Register("aws_api_gateway_account", sweepAccounts,
+		"aws_api_gateway_rest_api",
+	)
+
 	resource.AddTestSweepers("aws_api_gateway_rest_api", &resource.Sweeper{
 		Name: "aws_api_gateway_rest_api",
 		F:    sweepRestAPIs,
@@ -50,6 +57,15 @@ func RegisterSweepers() {
 	})
 }
 
+func sweepAccounts(ctx context.Context, client *conns.AWSClient) ([]sweep.Sweepable, error) {
+	r := resourceAccount()
+	d := r.Data(nil)
+
+	return []sweep.Sweepable{
+		sdk.NewSweepResource(r, d, client),
+	}, nil
+}
+
 func sweepRestAPIs(region string) error {
 	ctx := sweep.Context(region)
 	client, err := sweep.SharedRegionalSweepClient(ctx, region)

@@ -10,8 +10,6 @@ description: |-
 
 Provides a settings of an API Gateway Account. Settings is applied region-wide per `provider` block.
 
--> **Note:** As there is no API method for deleting account settings or resetting it to defaults, destroying this resource will keep your account settings intact
-
 ## Example Usage
 
 ```terraform