diff --git a/.changelog/41042.txt b/.changelog/41042.txt new file mode 100644 index 00000000000..cf97c1b7238 --- /dev/null +++ b/.changelog/41042.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_vpc_endpoint_security_group_association: Add import support +``` \ No newline at end of file diff --git a/internal/service/ec2/vpc_endpoint_security_group_association.go b/internal/service/ec2/vpc_endpoint_security_group_association.go index 74de96a8436..1f4be637abd 100644 --- a/internal/service/ec2/vpc_endpoint_security_group_association.go +++ b/internal/service/ec2/vpc_endpoint_security_group_association.go @@ -7,6 +7,7 @@ import ( "context" "fmt" "log" + "strings" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/ec2" @@ -25,6 +26,9 @@ func resourceVPCEndpointSecurityGroupAssociation() *schema.Resource { CreateWithoutTimeout: resourceVPCEndpointSecurityGroupAssociationCreate, ReadWithoutTimeout: resourceVPCEndpointSecurityGroupAssociationRead, DeleteWithoutTimeout: resourceVPCEndpointSecurityGroupAssociationDelete, + Importer: &schema.ResourceImporter{ + StateContext: resourceVPCEndpointSecurityGroupAssociationImport, + }, Schema: map[string]*schema.Schema{ "replace_default_association": { @@ -207,3 +211,21 @@ func deleteVPCEndpointSecurityGroupAssociation(ctx context.Context, conn *ec2.Cl return nil } + +func resourceVPCEndpointSecurityGroupAssociationImport(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + parts := strings.Split(d.Id(), "/") + if len(parts) != 2 { + return nil, fmt.Errorf("wrong format of import ID (%s), use: 'vpc-endpoint-id/security-group-id'", d.Id()) + } + + endpointID := parts[0] + securityGroupID := parts[1] + log.Printf("[DEBUG] Importing VPC Endpoint (%s) Security Group (%s) Association", endpointID, securityGroupID) + + d.SetId(vpcEndpointSecurityGroupAssociationCreateID(endpointID, securityGroupID)) + d.Set(names.AttrVPCEndpointID, endpointID) + d.Set("security_group_id", securityGroupID) + d.Set("replace_default_association", false) + + return []*schema.ResourceData{d}, nil +} diff --git a/internal/service/ec2/vpc_endpoint_security_group_association_test.go b/internal/service/ec2/vpc_endpoint_security_group_association_test.go index dd86a8dcfac..cc93ff4fd3a 100644 --- a/internal/service/ec2/vpc_endpoint_security_group_association_test.go +++ b/internal/service/ec2/vpc_endpoint_security_group_association_test.go @@ -38,6 +38,13 @@ func TestAccVPCEndpointSecurityGroupAssociation_basic(t *testing.T) { testAccCheckVPCEndpointSecurityGroupAssociationNumAssociations(&v, 2), ), }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateIdFunc: testAccVPCEndpointSecurityGroupAssociationImportStateIdFunc(resourceName), + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"replace_default_association"}, + }, }, }) } @@ -112,6 +119,13 @@ func TestAccVPCEndpointSecurityGroupAssociation_replaceDefaultAssociation(t *tes testAccCheckVPCEndpointSecurityGroupAssociationNumAssociations(&v, 1), ), }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateIdFunc: testAccVPCEndpointSecurityGroupAssociationImportStateIdFunc(resourceName), + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"replace_default_association"}, + }, }, }) } @@ -173,6 +187,18 @@ func testAccCheckVPCEndpointSecurityGroupAssociationExists(ctx context.Context, } } +func testAccVPCEndpointSecurityGroupAssociationImportStateIdFunc(n string) resource.ImportStateIdFunc { + return func(s *terraform.State) (string, error) { + rs, ok := s.RootModule().Resources[n] + if !ok { + return "", fmt.Errorf("Not found: %s", n) + } + + id := fmt.Sprintf("%s/%s", rs.Primary.Attributes[names.AttrVPCEndpointID], rs.Primary.Attributes["security_group_id"]) + return id, nil + } +} + func testAccCheckVPCEndpointSecurityGroupAssociationNumAssociations(v *awstypes.VpcEndpoint, n int) resource.TestCheckFunc { return func(s *terraform.State) error { if len := len(v.Groups); len != n { diff --git a/website/docs/r/vpc_endpoint_security_group_association.html.markdown b/website/docs/r/vpc_endpoint_security_group_association.html.markdown index 99974036e29..b25d7974f1f 100644 --- a/website/docs/r/vpc_endpoint_security_group_association.html.markdown +++ b/website/docs/r/vpc_endpoint_security_group_association.html.markdown @@ -33,10 +33,27 @@ This resource supports the following arguments: * `security_group_id` - (Required) The ID of the security group to be associated with the VPC endpoint. * `vpc_endpoint_id` - (Required) The ID of the VPC endpoint with which the security group will be associated. -* `replace_default_association` - (Optional) Whether this association should replace the association with the VPC's default security group that is created when no security groups are specified during VPC endpoint creation. At most 1 association per-VPC endpoint should be configured with `replace_default_association = true`. +* `replace_default_association` - (Optional) Whether this association should replace the association with the VPC's default security group that is created when no security groups are specified during VPC endpoint creation. At most 1 association per-VPC endpoint should be configured with `replace_default_association = true`. `false` should be used when importing resources. ## Attribute Reference This resource exports the following attributes in addition to the arguments above: * `id` - The ID of the association. + +## Import + +In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import VPC Endpoint Security Group Associations using `vpc_endpoint_id` together with `security_group_id`. For example: + +```terraform +import { + to = aws_vpc_endpoint_security_group_association.example + id = "vpce-aaaaaaaa/sg-bbbbbbbbbbbbbbbbb" +} +``` + +Using `terraform import`, import VPC Endpoint Security Group Associations using `vpc_endpoint_id` together with `security_group_id`. For example: + +```console +% terraform import aws_vpc_endpoint_security_group_association.example vpce-aaaaaaaa/sg-bbbbbbbbbbbbbbbbb +```