2015-05-01 11:22:52 -05:00
package aws
import (
2015-06-03 13:36:57 -05:00
2015-05-01 11:22:52 -05:00
func resourceAwsVpnConnection() *schema.Resource {
return &schema.Resource{
Create: resourceAwsVpnConnectionCreate,
Read: resourceAwsVpnConnectionRead,
Update: resourceAwsVpnConnectionUpdate,
Delete: resourceAwsVpnConnectionDelete,
Schema: map[string]*schema.Schema{
"vpn_gateway_id": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
"customer_gateway_id": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
"type": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
"static_routes_only": &schema.Schema{
Type: schema.TypeBool,
Required: true,
ForceNew: true,
"tags": tagsSchema(),
// Begin read only attributes
"customer_gateway_configuration": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Optional: true,
"routes": &schema.Schema{
Type: schema.TypeSet,
Computed: true,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"destination_cidr_block": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Optional: true,
"source": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Optional: true,
"state": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Optional: true,
Set: func(v interface{}) int {
var buf bytes.Buffer
m := v.(map[string]interface{})
buf.WriteString(fmt.Sprintf("%s-", m["destination_cidr_block"].(string)))
buf.WriteString(fmt.Sprintf("%s-", m["source"].(string)))
buf.WriteString(fmt.Sprintf("%s-", m["state"].(string)))
return hashcode.String(buf.String())
"vgw_telemetry": &schema.Schema{
Type: schema.TypeSet,
Computed: true,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"accepted_route_count": &schema.Schema{
Type: schema.TypeInt,
Computed: true,
Optional: true,
"last_status_change": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Optional: true,
"outside_ip_address": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Optional: true,
"status": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Optional: true,
"status_message": &schema.Schema{
Type: schema.TypeString,
Computed: true,
Optional: true,
Set: func(v interface{}) int {
var buf bytes.Buffer
m := v.(map[string]interface{})
buf.WriteString(fmt.Sprintf("%s-", m["outside_ip_address"].(string)))
return hashcode.String(buf.String())
func resourceAwsVpnConnectionCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ec2conn
2015-08-17 13:27:16 -05:00
connectOpts := &ec2.VpnConnectionOptionsSpecification{
2015-07-28 15:29:46 -05:00
StaticRoutesOnly: aws.Bool(d.Get("static_routes_only").(bool)),
2015-05-01 11:22:52 -05:00
2015-08-17 13:27:16 -05:00
createOpts := &ec2.CreateVpnConnectionInput{
CustomerGatewayId: aws.String(d.Get("customer_gateway_id").(string)),
2015-05-01 11:22:52 -05:00
Options: connectOpts,
Type: aws.String(d.Get("type").(string)),
2015-08-17 13:27:16 -05:00
VpnGatewayId: aws.String(d.Get("vpn_gateway_id").(string)),
2015-05-01 11:22:52 -05:00
// Create the VPN Connection
log.Printf("[DEBUG] Creating vpn connection")
2015-08-17 13:27:16 -05:00
resp, err := conn.CreateVpnConnection(createOpts)
2015-05-01 11:22:52 -05:00
if err != nil {
return fmt.Errorf("Error creating vpn connection: %s", err)
// Store the ID
2015-08-17 13:27:16 -05:00
vpnConnection := resp.VpnConnection
log.Printf("[INFO] VPN connection ID: %s", *vpnConnection.VpnConnectionId)
2015-05-01 11:22:52 -05:00
// Wait for the connection to become available. This has an obscenely
// high default timeout because AWS VPN connections are notoriously
// slow at coming up or going down. There's also no point in checking
// more frequently than every ten seconds.
stateConf := &resource.StateChangeConf{
Pending: []string{"pending"},
2016-01-20 19:20:41 -06:00
Target: []string{"available"},
2015-08-17 13:27:16 -05:00
Refresh: vpnConnectionRefreshFunc(conn, *vpnConnection.VpnConnectionId),
2015-05-01 11:22:52 -05:00
Timeout: 30 * time.Minute,
Delay: 10 * time.Second,
MinTimeout: 10 * time.Second,
_, stateErr := stateConf.WaitForState()
if stateErr != nil {
return fmt.Errorf(
"Error waiting for VPN connection (%s) to become ready: %s",
2015-08-17 13:27:16 -05:00
*vpnConnection.VpnConnectionId, err)
2015-05-01 11:22:52 -05:00
// Create tags.
2015-05-12 14:58:10 -05:00
if err := setTags(conn, d); err != nil {
2015-05-01 11:22:52 -05:00
return err
// Read off the API to populate our RO fields.
return resourceAwsVpnConnectionRead(d, meta)
func vpnConnectionRefreshFunc(conn *ec2.EC2, connectionId string) resource.StateRefreshFunc {
return func() (interface{}, string, error) {
2015-08-17 13:27:16 -05:00
resp, err := conn.DescribeVpnConnections(&ec2.DescribeVpnConnectionsInput{
VpnConnectionIds: []*string{aws.String(connectionId)},
2015-05-01 11:22:52 -05:00
if err != nil {
2015-05-20 06:21:23 -05:00
if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidVpnConnectionID.NotFound" {
2015-05-01 11:22:52 -05:00
resp = nil
} else {
log.Printf("Error on VPNConnectionRefresh: %s", err)
return nil, "", err
2015-08-17 13:27:16 -05:00
if resp == nil || len(resp.VpnConnections) == 0 {
2015-05-01 11:22:52 -05:00
return nil, "", nil
2015-08-17 13:27:16 -05:00
connection := resp.VpnConnections[0]
2015-05-01 11:22:52 -05:00
return connection, *connection.State, nil
func resourceAwsVpnConnectionRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ec2conn
2015-08-17 13:27:16 -05:00
resp, err := conn.DescribeVpnConnections(&ec2.DescribeVpnConnectionsInput{
VpnConnectionIds: []*string{aws.String(d.Id())},
2015-05-01 11:22:52 -05:00
if err != nil {
2015-05-20 06:21:23 -05:00
if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidVpnConnectionID.NotFound" {
2015-05-01 11:22:52 -05:00
return nil
} else {
log.Printf("[ERROR] Error finding VPN connection: %s", err)
return err
2015-08-17 13:27:16 -05:00
if len(resp.VpnConnections) != 1 {
2015-05-01 11:22:52 -05:00
return fmt.Errorf("[ERROR] Error finding VPN connection: %s", d.Id())
2015-08-17 13:27:16 -05:00
vpnConnection := resp.VpnConnections[0]
2015-05-01 11:22:52 -05:00
// Set attributes under the user's control.
2015-08-17 13:27:16 -05:00
d.Set("vpn_gateway_id", vpnConnection.VpnGatewayId)
d.Set("customer_gateway_id", vpnConnection.CustomerGatewayId)
2015-05-01 11:22:52 -05:00
d.Set("type", vpnConnection.Type)
2015-05-12 14:58:10 -05:00
d.Set("tags", tagsToMap(vpnConnection.Tags))
2015-05-01 11:22:52 -05:00
if vpnConnection.Options != nil {
if err := d.Set("static_routes_only", vpnConnection.Options.StaticRoutesOnly); err != nil {
return err
// Set read only attributes.
d.Set("customer_gateway_configuration", vpnConnection.CustomerGatewayConfiguration)
2015-08-17 13:27:16 -05:00
if err := d.Set("vgw_telemetry", telemetryToMapList(vpnConnection.VgwTelemetry)); err != nil {
2015-05-01 11:22:52 -05:00
return err
if vpnConnection.Routes != nil {
if err := d.Set("routes", routesToMapList(vpnConnection.Routes)); err != nil {
return err
return nil
func resourceAwsVpnConnectionUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ec2conn
// Update tags if required.
2015-05-12 14:58:10 -05:00
if err := setTags(conn, d); err != nil {
2015-05-01 11:22:52 -05:00
return err
return resourceAwsVpnConnectionRead(d, meta)
func resourceAwsVpnConnectionDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ec2conn
2015-08-17 13:27:16 -05:00
_, err := conn.DeleteVpnConnection(&ec2.DeleteVpnConnectionInput{
VpnConnectionId: aws.String(d.Id()),
2015-05-01 11:22:52 -05:00
if err != nil {
2015-05-20 06:21:23 -05:00
if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidVpnConnectionID.NotFound" {
2015-05-01 11:22:52 -05:00
return nil
} else {
log.Printf("[ERROR] Error deleting VPN connection: %s", err)
return err
// These things can take quite a while to tear themselves down and any
// attempt to modify resources they reference (e.g. CustomerGateways or
// VPN Gateways) before deletion will result in an error. Furthermore,
// they don't just disappear. The go into "deleted" state. We need to
// wait to ensure any other modifications the user might make to their
// VPC stack can safely run.
stateConf := &resource.StateChangeConf{
Pending: []string{"deleting"},
2016-01-20 19:20:41 -06:00
Target: []string{"deleted"},
2015-05-01 11:22:52 -05:00
Refresh: vpnConnectionRefreshFunc(conn, d.Id()),
Timeout: 30 * time.Minute,
Delay: 10 * time.Second,
MinTimeout: 10 * time.Second,
_, stateErr := stateConf.WaitForState()
if stateErr != nil {
return fmt.Errorf(
"Error waiting for VPN connection (%s) to delete: %s", d.Id(), err)
return nil
// routesToMapList turns the list of routes into a list of maps.
2015-08-17 13:27:16 -05:00
func routesToMapList(routes []*ec2.VpnStaticRoute) []map[string]interface{} {
2015-05-01 11:22:52 -05:00
result := make([]map[string]interface{}, 0, len(routes))
for _, r := range routes {
staticRoute := make(map[string]interface{})
2015-08-17 13:27:16 -05:00
staticRoute["destination_cidr_block"] = *r.DestinationCidrBlock
2015-05-01 11:22:52 -05:00
staticRoute["state"] = *r.State
if r.Source != nil {
staticRoute["source"] = *r.Source
result = append(result, staticRoute)
return result
// telemetryToMapList turns the VGW telemetry into a list of maps.
2015-08-17 13:27:16 -05:00
func telemetryToMapList(telemetry []*ec2.VgwTelemetry) []map[string]interface{} {
2015-05-01 11:22:52 -05:00
result := make([]map[string]interface{}, 0, len(telemetry))
for _, t := range telemetry {
vgw := make(map[string]interface{})
vgw["accepted_route_count"] = *t.AcceptedRouteCount
2015-08-17 13:27:16 -05:00
vgw["outside_ip_address"] = *t.OutsideIpAddress
2015-05-01 11:22:52 -05:00
vgw["status"] = *t.Status
vgw["status_message"] = *t.StatusMessage
// LastStatusChange is a time.Time(). Convert it into a string
// so it can be handled by schema's type system.
vgw["last_status_change"] = t.LastStatusChange.String()
result = append(result, vgw)
return result