aws

package
v1.56.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2019 License: MPL-2.0 Imports: 158 Imported by: 0

Documentation ¶

Index ¶

Constants ¶

View Source
const (
	AWSAMIRetryTimeout       = 40 * time.Minute
	AWSAMIDeleteRetryTimeout = 90 * time.Minute
	AWSAMIRetryDelay         = 5 * time.Second
	AWSAMIRetryMinTimeout    = 3 * time.Second
)
View Source
const (
	AWSRDSClusterEndpointRetryDelay      = 5 * time.Second
	AWSRDSClusterEndpointRetryMinTimeout = 3 * time.Second
)
View Source
const (
	MINIMUM_VERSIONED_SCHEMA             = 2.0
	SSM_DOCUMENT_PERMISSIONS_BATCH_LIMIT = 20
)
View Source
const (
	GatewayAssociationStateDeleted = "deleted"
)
View Source
const (
	VpcCidrBlockStateCodeDeleted = "deleted"
)

Variables ¶

View Source
var LambdaFunctionRegexp = `^(arn:[\w-]+:lambda:)?([a-z]{2}-(?:[a-z]+-){1,2}\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$`
View Source
var SNSAttributeMap = map[string]string{
	"application_failure_feedback_role_arn":    "ApplicationFailureFeedbackRoleArn",
	"application_success_feedback_role_arn":    "ApplicationSuccessFeedbackRoleArn",
	"application_success_feedback_sample_rate": "ApplicationSuccessFeedbackSampleRate",
	"arn":                                 "TopicArn",
	"delivery_policy":                     "DeliveryPolicy",
	"display_name":                        "DisplayName",
	"http_failure_feedback_role_arn":      "HTTPFailureFeedbackRoleArn",
	"http_success_feedback_role_arn":      "HTTPSuccessFeedbackRoleArn",
	"http_success_feedback_sample_rate":   "HTTPSuccessFeedbackSampleRate",
	"kms_master_key_id":                   "KmsMasterKeyId",
	"lambda_failure_feedback_role_arn":    "LambdaFailureFeedbackRoleArn",
	"lambda_success_feedback_role_arn":    "LambdaSuccessFeedbackRoleArn",
	"lambda_success_feedback_sample_rate": "LambdaSuccessFeedbackSampleRate",
	"policy":                              "Policy",
	"sqs_failure_feedback_role_arn":       "SQSFailureFeedbackRoleArn",
	"sqs_success_feedback_role_arn":       "SQSSuccessFeedbackRoleArn",
	"sqs_success_feedback_sample_rate":    "SQSSuccessFeedbackSampleRate",
}

Mutable attributes

Functions ¶

func AMIStateRefreshFunc ¶

func AMIStateRefreshFunc(client *ec2.EC2, id string) resource.StateRefreshFunc

func BucketRegionalDomainName ¶ added in v1.21.0

func BucketRegionalDomainName(bucket string, region string) (string, error)

https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

func DBClusterEndpointStateRefreshFunc ¶ added in v1.52.0

func DBClusterEndpointStateRefreshFunc(conn *rds.RDS, id string) resource.StateRefreshFunc

func EcsContainerDefinitionsAreEquivalent ¶ added in v1.43.0

func EcsContainerDefinitionsAreEquivalent(def1, def2 string, isAWSVPC bool) (bool, error)

EcsContainerDefinitionsAreEquivalent determines equality between two ECS container definition JSON strings Note: This function will be moved out of the aws package in the future.

func FQDN ¶

func FQDN(name string) string

func GetAccountIDAndPartition ¶ added in v1.31.0

func GetAccountIDAndPartition(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, string, error)

func GetAccountIDAndPartitionFromEC2Metadata ¶ added in v1.31.0

func GetAccountIDAndPartitionFromEC2Metadata() (string, string, error)

func GetAccountIDAndPartitionFromIAMGetUser ¶ added in v1.31.0

func GetAccountIDAndPartitionFromIAMGetUser(iamconn *iam.IAM) (string, string, error)

func GetAccountIDAndPartitionFromIAMListRoles ¶ added in v1.31.0

func GetAccountIDAndPartitionFromIAMListRoles(iamconn *iam.IAM) (string, string, error)

func GetAccountIDAndPartitionFromSTSGetCallerIdentity ¶ added in v1.31.0

func GetAccountIDAndPartitionFromSTSGetCallerIdentity(stsconn *sts.STS) (string, string, error)

func GetCredentials ¶

func GetCredentials(c *Config) (*awsCredentials.Credentials, error)

This function is responsible for reading credentials from the environment in the case that they're not explicitly specified in the Terraform configuration.

func GetSupportedEC2Platforms ¶

func GetSupportedEC2Platforms(conn *ec2.EC2) ([]string, error)

func HostedZoneIDForRegion ¶

func HostedZoneIDForRegion(region string) (string, error)

Returns the hosted zone ID for an S3 website endpoint region. This can be used as input to the aws_route53_record resource's zone_id argument.

func IGAttachStateRefreshFunc ¶

func IGAttachStateRefreshFunc(conn *ec2.EC2, id string, expected string) resource.StateRefreshFunc

IGAttachStateRefreshFunc returns a resource.StateRefreshFunc that is used watch the state of an internet gateway's attachment.

func IGStateRefreshFunc ¶

func IGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc

IGStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch an internet gateway.

func InstanceStateRefreshFunc ¶

func InstanceStateRefreshFunc(conn *ec2.EC2, instanceID string, failStates []string) resource.StateRefreshFunc

InstanceStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch an EC2 instance.

func Ipv6CidrStateRefreshFunc ¶

func Ipv6CidrStateRefreshFunc(conn *ec2.EC2, id string, associationId string) resource.StateRefreshFunc

func IsAWSErrExtended ¶ added in v1.43.0

func IsAWSErrExtended(err error, code string, message string, origErrMessage string) bool

IsAWSErrExtended returns true if the error matches all conditions

  • err is of type awserr.Error
  • Error.Code() matches code
  • Error.Message() contains message
  • Error.OrigErr() contains origErrMessage

Note: This function will be moved out of the aws package in the future.

func NGStateRefreshFunc ¶

func NGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc

NGStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch a NAT Gateway.

func OpsworksInstanceStateRefreshFunc ¶

func OpsworksInstanceStateRefreshFunc(conn *opsworks.OpsWorks, instanceID string) resource.StateRefreshFunc

func Provider ¶

func Provider() terraform.ResourceProvider

Provider returns a terraform.ResourceProvider.

func RetryOnAwsCodes ¶ added in v1.43.0

func RetryOnAwsCodes(codes []string, f func() (interface{}, error)) (interface{}, error)

RetryOnAwsCodes retries AWS error codes for one minute Note: This function will be moved out of the aws package in the future.

func SGStateRefreshFunc ¶

func SGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc

SGStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch a security group.

func SpotInstanceStateRefreshFunc ¶

func SpotInstanceStateRefreshFunc(
	conn *ec2.EC2, sir ec2.SpotInstanceRequest) resource.StateRefreshFunc

SpotInstanceStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch an EC2 spot instance request

func SubnetIpv6CidrStateRefreshFunc ¶

func SubnetIpv6CidrStateRefreshFunc(conn *ec2.EC2, id string, associationId string) resource.StateRefreshFunc

func SubnetStateRefreshFunc ¶

func SubnetStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc

SubnetStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch a Subnet.

func VPCStateRefreshFunc ¶

func VPCStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc

VPCStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch a VPC.

func WebsiteDomainUrl ¶

func WebsiteDomainUrl(region string) string

Types ¶

type AWSClient ¶

type AWSClient struct {
	// contains filtered or unexported fields
}

func (*AWSClient) DynamoDB ¶

func (c *AWSClient) DynamoDB() *dynamodb.DynamoDB

func (*AWSClient) IsChinaCloud ¶

func (c *AWSClient) IsChinaCloud() bool

func (*AWSClient) S3 ¶

func (c *AWSClient) S3() *s3.S3

type ByGroupPair ¶

type ByGroupPair []*ec2.UserIdGroupPair

ByGroupPair implements sort.Interface for []*ec2.UserIDGroupPairs based on GroupID or GroupName field (only one should be set).

func (ByGroupPair) Len ¶

func (b ByGroupPair) Len() int

func (ByGroupPair) Less ¶

func (b ByGroupPair) Less(i, j int) bool

func (ByGroupPair) Swap ¶

func (b ByGroupPair) Swap(i, j int)

type CloudWatchEventPermissionPolicyDoc ¶ added in v1.7.0

type CloudWatchEventPermissionPolicyDoc struct {
	Version    string
	ID         string                                     `json:"Id,omitempty"`
	Statements []CloudWatchEventPermissionPolicyStatement `json:"Statement"`
}

CloudWatchEventPermissionPolicyDoc represents the Policy attribute of DescribeEventBus See also: https://docs.aws.amazon.com/AmazonCloudWatchEvents/latest/APIReference/API_DescribeEventBus.html

type CloudWatchEventPermissionPolicyStatement ¶ added in v1.7.0

type CloudWatchEventPermissionPolicyStatement struct {
	Sid       string
	Effect    string
	Action    string
	Condition *CloudWatchEventPermissionPolicyStatementCondition `json:"Condition,omitempty"`
	Principal interface{}                                        // "*" or {"AWS": "arn:aws:iam::111111111111:root"}
	Resource  string
}

CloudWatchEventPermissionPolicyStatement represents the Statement attribute of CloudWatchEventPermissionPolicyDoc See also: https://docs.aws.amazon.com/AmazonCloudWatchEvents/latest/APIReference/API_DescribeEventBus.html

type CloudWatchEventPermissionPolicyStatementCondition ¶ added in v1.42.0

type CloudWatchEventPermissionPolicyStatementCondition struct {
	Key   string
	Type  string
	Value string
}

CloudWatchEventPermissionPolicyStatementCondition represents the Condition attribute of CloudWatchEventPermissionPolicyStatement See also: https://docs.aws.amazon.com/AmazonCloudWatchEvents/latest/APIReference/API_DescribeEventBus.html

func (*CloudWatchEventPermissionPolicyStatementCondition) UnmarshalJSON ¶ added in v1.42.0

func (condition *CloudWatchEventPermissionPolicyStatementCondition) UnmarshalJSON(b []byte) error

type Config ¶

type Config struct {
	AccessKey     string
	SecretKey     string
	CredsFilename string
	Profile       string
	Token         string
	Region        string
	MaxRetries    int

	AssumeRoleARN         string
	AssumeRoleExternalID  string
	AssumeRoleSessionName string
	AssumeRolePolicy      string

	AllowedAccountIds   []interface{}
	ForbiddenAccountIds []interface{}

	AcmEndpoint              string
	ApigatewayEndpoint       string
	CloudFormationEndpoint   string
	CloudWatchEndpoint       string
	CloudWatchEventsEndpoint string
	CloudWatchLogsEndpoint   string
	DynamoDBEndpoint         string
	DeviceFarmEndpoint       string
	Ec2Endpoint              string
	EcsEndpoint              string
	AutoscalingEndpoint      string
	EcrEndpoint              string
	EfsEndpoint              string
	EsEndpoint               string
	ElbEndpoint              string
	IamEndpoint              string
	KinesisEndpoint          string
	KinesisAnalyticsEndpoint string
	KmsEndpoint              string
	LambdaEndpoint           string
	RdsEndpoint              string
	R53Endpoint              string
	S3Endpoint               string
	S3ControlEndpoint        string
	SnsEndpoint              string
	SqsEndpoint              string
	StsEndpoint              string
	SsmEndpoint              string
	Insecure                 bool

	SkipCredsValidation     bool
	SkipGetEC2Platforms     bool
	SkipRegionValidation    bool
	SkipRequestingAccountId bool
	SkipMetadataApiCheck    bool
	S3ForcePathStyle        bool
}

func (*Config) Client ¶

func (c *Config) Client() (interface{}, error)

Client configures and returns a fully initialized AWSClient

func (*Config) ValidateAccountId ¶

func (c *Config) ValidateAccountId(accountId string) error

ValidateAccountId returns a context-specific error if the configured account id is explicitly forbidden or not authorised; and nil if it is authorised.

func (*Config) ValidateRegion ¶

func (c *Config) ValidateRegion() error

ValidateRegion returns an error if the configured region is not a valid aws region and nil otherwise.

type GroupIdentifier ¶ added in v1.1.0

type GroupIdentifier struct {
	// The ID of the security group.
	GroupId *string

	// The name of the security group.
	GroupName *string

	Description *string
}

Like ec2.GroupIdentifier but with additional rule description.

type IAMPolicyDoc ¶

type IAMPolicyDoc struct {
	Version    string                `json:",omitempty"`
	Id         string                `json:",omitempty"`
	Statements []*IAMPolicyStatement `json:"Statement"`
}

func (*IAMPolicyDoc) Merge ¶ added in v1.9.0

func (self *IAMPolicyDoc) Merge(newDoc *IAMPolicyDoc)

type IAMPolicyStatement ¶

type IAMPolicyStatement struct {
	Sid           string
	Effect        string                         `json:",omitempty"`
	Actions       interface{}                    `json:"Action,omitempty"`
	NotActions    interface{}                    `json:"NotAction,omitempty"`
	Resources     interface{}                    `json:"Resource,omitempty"`
	NotResources  interface{}                    `json:"NotResource,omitempty"`
	Principals    IAMPolicyStatementPrincipalSet `json:"Principal,omitempty"`
	NotPrincipals IAMPolicyStatementPrincipalSet `json:"NotPrincipal,omitempty"`
	Conditions    IAMPolicyStatementConditionSet `json:"Condition,omitempty"`
}

type IAMPolicyStatementCondition ¶

type IAMPolicyStatementCondition struct {
	Test     string
	Variable string
	Values   interface{}
}

type IAMPolicyStatementConditionSet ¶

type IAMPolicyStatementConditionSet []IAMPolicyStatementCondition

func (IAMPolicyStatementConditionSet) MarshalJSON ¶

func (cs IAMPolicyStatementConditionSet) MarshalJSON() ([]byte, error)

func (*IAMPolicyStatementConditionSet) UnmarshalJSON ¶ added in v1.9.0

func (cs *IAMPolicyStatementConditionSet) UnmarshalJSON(b []byte) error

type IAMPolicyStatementPrincipal ¶

type IAMPolicyStatementPrincipal struct {
	Type        string
	Identifiers interface{}
}

type IAMPolicyStatementPrincipalSet ¶

type IAMPolicyStatementPrincipalSet []IAMPolicyStatementPrincipal

func (IAMPolicyStatementPrincipalSet) MarshalJSON ¶

func (ps IAMPolicyStatementPrincipalSet) MarshalJSON() ([]byte, error)

func (*IAMPolicyStatementPrincipalSet) UnmarshalJSON ¶ added in v1.9.0

func (ps *IAMPolicyStatementPrincipalSet) UnmarshalJSON(b []byte) error

type KmsGrantMissingError ¶ added in v1.12.0

type KmsGrantMissingError string

Custom error, so we don't have to rely on the content of an error message

func NewKmsGrantMissingError ¶ added in v1.12.0

func NewKmsGrantMissingError(msg string) KmsGrantMissingError

func (KmsGrantMissingError) Error ¶ added in v1.12.0

func (e KmsGrantMissingError) Error() string

type LambdaPolicy ¶

type LambdaPolicy struct {
	Version   string
	Statement []LambdaPolicyStatement
	Id        string
}

type LambdaPolicyStatement ¶

type LambdaPolicyStatement struct {
	Condition map[string]map[string]string
	Action    string
	Resource  string
	Effect    string
	Principal map[string]string
	Sid       string
}

type Reassignment ¶

type Reassignment struct {
	// contains filtered or unexported fields
}

type S3Website ¶

type S3Website struct {
	Endpoint, Domain string
}

func WebsiteEndpoint ¶

func WebsiteEndpoint(bucket string, region string) *S3Website

type StringPtrSlice ¶

type StringPtrSlice []*string

Define Sort interface for []*string so we can ensure the order of geo_restrictions.locations

func (StringPtrSlice) Len ¶

func (p StringPtrSlice) Len() int

func (StringPtrSlice) Less ¶

func (p StringPtrSlice) Less(i, j int) bool

func (StringPtrSlice) Swap ¶

func (p StringPtrSlice) Swap(i, j int)

type TunnelInfo ¶

type TunnelInfo struct {
	Tunnel1Address          string
	Tunnel1CgwInsideAddress string
	Tunnel1VgwInsideAddress string
	Tunnel1PreSharedKey     string
	Tunnel1BGPASN           string
	Tunnel1BGPHoldTime      int
	Tunnel2Address          string
	Tunnel2CgwInsideAddress string
	Tunnel2VgwInsideAddress string
	Tunnel2PreSharedKey     string
	Tunnel2BGPASN           string
	Tunnel2BGPHoldTime      int
}

type WafRegionalRetryer ¶

type WafRegionalRetryer struct {
	Connection *wafregional.WAFRegional
	Region     string
}

func (*WafRegionalRetryer) RetryWithToken ¶

func (t *WafRegionalRetryer) RetryWithToken(f withRegionalTokenFunc) (interface{}, error)

type WafRetryer ¶

type WafRetryer struct {
	Connection *waf.WAF
}

func (*WafRetryer) RetryWithToken ¶

func (t *WafRetryer) RetryWithToken(f withTokenFunc) (interface{}, error)

type XmlIpsecTunnel ¶

type XmlIpsecTunnel struct {
	OutsideAddress   string `xml:"vpn_gateway>tunnel_outside_address>ip_address"`
	BGPASN           string `xml:"vpn_gateway>bgp>asn"`
	BGPHoldTime      int    `xml:"vpn_gateway>bgp>hold_time"`
	PreSharedKey     string `xml:"ike>pre_shared_key"`
	CgwInsideAddress string `xml:"customer_gateway>tunnel_inside_address>ip_address"`
	VgwInsideAddress string `xml:"vpn_gateway>tunnel_inside_address>ip_address"`
}

type XmlVpnConnectionConfig ¶

type XmlVpnConnectionConfig struct {
	Tunnels []XmlIpsecTunnel `xml:"ipsec_tunnel"`
}

func (XmlVpnConnectionConfig) Len ¶

func (slice XmlVpnConnectionConfig) Len() int

func (XmlVpnConnectionConfig) Less ¶

func (slice XmlVpnConnectionConfig) Less(i, j int) bool

func (XmlVpnConnectionConfig) Swap ¶

func (slice XmlVpnConnectionConfig) Swap(i, j int)

Source Files ¶

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL