Merge pull request #41042 from acwwat/f-aws_vpc_endpoint_security_gro…

…up_association-add_import

feat: Support resource import for aws_vpc_endpoint_security_group_association

.changelog/41042.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_vpc_endpoint_security_group_association: Add import support
+```

internal/service/ec2/vpc_endpoint_security_group_association.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"strings"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
@@ -25,6 +26,9 @@ func resourceVPCEndpointSecurityGroupAssociation() *schema.Resource {
 		CreateWithoutTimeout: resourceVPCEndpointSecurityGroupAssociationCreate,
 		ReadWithoutTimeout:   resourceVPCEndpointSecurityGroupAssociationRead,
 		DeleteWithoutTimeout: resourceVPCEndpointSecurityGroupAssociationDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: resourceVPCEndpointSecurityGroupAssociationImport,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"replace_default_association": {
@@ -207,3 +211,21 @@ func deleteVPCEndpointSecurityGroupAssociation(ctx context.Context, conn *ec2.Cl
 
 	return nil
 }
+
+func resourceVPCEndpointSecurityGroupAssociationImport(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	parts := strings.Split(d.Id(), "/")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("wrong format of import ID (%s), use: 'vpc-endpoint-id/security-group-id'", d.Id())
+	}
+
+	endpointID := parts[0]
+	securityGroupID := parts[1]
+	log.Printf("[DEBUG] Importing VPC Endpoint (%s) Security Group (%s) Association", endpointID, securityGroupID)
+
+	d.SetId(vpcEndpointSecurityGroupAssociationCreateID(endpointID, securityGroupID))
+	d.Set(names.AttrVPCEndpointID, endpointID)
+	d.Set("security_group_id", securityGroupID)
+	d.Set("replace_default_association", false)
+
+	return []*schema.ResourceData{d}, nil
+}

internal/service/ec2/vpc_endpoint_security_group_association_test.go

@@ -38,6 +38,13 @@ func TestAccVPCEndpointSecurityGroupAssociation_basic(t *testing.T) {
 					testAccCheckVPCEndpointSecurityGroupAssociationNumAssociations(&v, 2),
 				),
 			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateIdFunc:       testAccVPCEndpointSecurityGroupAssociationImportStateIdFunc(resourceName),
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"replace_default_association"},
+			},
 		},
 	})
 }
@@ -112,6 +119,13 @@ func TestAccVPCEndpointSecurityGroupAssociation_replaceDefaultAssociation(t *tes
 					testAccCheckVPCEndpointSecurityGroupAssociationNumAssociations(&v, 1),
 				),
 			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateIdFunc:       testAccVPCEndpointSecurityGroupAssociationImportStateIdFunc(resourceName),
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"replace_default_association"},
+			},
 		},
 	})
 }
@@ -173,6 +187,18 @@ func testAccCheckVPCEndpointSecurityGroupAssociationExists(ctx context.Context,
 	}
 }
 
+func testAccVPCEndpointSecurityGroupAssociationImportStateIdFunc(n string) resource.ImportStateIdFunc {
+	return func(s *terraform.State) (string, error) {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return "", fmt.Errorf("Not found: %s", n)
+		}
+
+		id := fmt.Sprintf("%s/%s", rs.Primary.Attributes[names.AttrVPCEndpointID], rs.Primary.Attributes["security_group_id"])
+		return id, nil
+	}
+}
+
 func testAccCheckVPCEndpointSecurityGroupAssociationNumAssociations(v *awstypes.VpcEndpoint, n int) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if len := len(v.Groups); len != n {

website/docs/r/vpc_endpoint_security_group_association.html.markdown

@@ -33,10 +33,27 @@ This resource supports the following arguments:
 
 * `security_group_id` - (Required) The ID of the security group to be associated with the VPC endpoint.
 * `vpc_endpoint_id` - (Required) The ID of the VPC endpoint with which the security group will be associated.
-* `replace_default_association` - (Optional) Whether this association should replace the association with the VPC's default security group that is created when no security groups are specified during VPC endpoint creation. At most 1 association per-VPC endpoint should be configured with `replace_default_association = true`.
+* `replace_default_association` - (Optional) Whether this association should replace the association with the VPC's default security group that is created when no security groups are specified during VPC endpoint creation. At most 1 association per-VPC endpoint should be configured with `replace_default_association = true`. `false` should be used when importing resources.
 
 ## Attribute Reference
 
 This resource exports the following attributes in addition to the arguments above:
 
 * `id` - The ID of the association.
+
+## Import
+
+In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import VPC Endpoint Security Group Associations using `vpc_endpoint_id` together with `security_group_id`. For example:
+
+```terraform
+import {
+  to = aws_vpc_endpoint_security_group_association.example
+  id = "vpce-aaaaaaaa/sg-bbbbbbbbbbbbbbbbb"
+}
+```
+
+Using `terraform import`, import VPC Endpoint Security Group Associations using `vpc_endpoint_id` together with `security_group_id`. For example:
+
+```console
+% terraform import aws_vpc_endpoint_security_group_association.example vpce-aaaaaaaa/sg-bbbbbbbbbbbbbbbbb
+```