Tighten up documentation, same-account acceptance test, better error handling.

builtin/providers/aws/resource_aws_vpc_peering_connection_accepter.go

@@ -4,6 +4,8 @@ import (
 	"errors"
 	"log"
 
+	"fmt"
+
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -49,17 +51,22 @@ func resourceAwsVpcPeeringConnectionAccepter() *schema.Resource {
 }
 
 func resourceAwsVPCPeeringAccepterCreate(d *schema.ResourceData, meta interface{}) error {
-	d.SetId(d.Get("vpc_peering_connection_id").(string))
+	id := d.Get("vpc_peering_connection_id").(string)
+	d.SetId(id)
 
-	if err := resourceAwsVPCPeeringUpdate(d, meta); err != nil {
+	if err := resourceAwsVPCPeeringRead(d, meta); err != nil {
 		return err
 	}
+	if d.Id() == "" {
+		return fmt.Errorf("VPC Peering Connection %q not found", id)
+	}
 
 	// Ensure that this IS as cross-account VPC peering connection.
 	if d.Get("peer_owner_id").(string) == meta.(*AWSClient).accountid {
 		return errors.New("aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections")
 	}
-	return nil
+
+	return resourceAwsVPCPeeringUpdate(d, meta)
 }
 
 func resourceAwsVPCPeeringAccepterDelete(d *schema.ResourceData, meta interface{}) error {

builtin/providers/aws/resource_aws_vpc_peering_connection_accepter_test.go

@@ -2,32 +2,77 @@
 package aws
 
 import (
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
 )
 
-func TestAccAwsVPCPeeringConnectionAccepter_basic(t *testing.T) {
+func TestAccAwsVPCPeeringConnectionAccepter_sameAccount(t *testing.T) {
 	resource.Test(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheck(t) },
-		Providers: testAccProviders,
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccAwsVPCPeeringConnectionAccepterDestroy,
 		Steps: []resource.TestStep{
-			{
-				Config: testAccAwsVPCPeeringConnectionAccepterConfig,
-				Check: resource.ComposeTestCheckFunc(
-					testAccAwsVPCPeeringConnectionAccepterCheckSomething(""),
-				),
+			resource.TestStep{
+				Config:      testAccAwsVPCPeeringConnectionAccepterSameAccountConfig,
+				ExpectError: regexp.MustCompile(`aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections`),
 			},
 		},
 	})
 }
 
-func testAccAwsVPCPeeringConnectionAccepterCheckSomething(name string) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		return nil
-	}
+func testAccAwsVPCPeeringConnectionAccepterDestroy(s *terraform.State) error {
+	// We don't destroy the underlying VPC Peering Connection.
+	return nil
 }
 
-const testAccAwsVPCPeeringConnectionAccepterConfig = `
+const testAccAwsVPCPeeringConnectionAccepterSameAccountConfig = `
+provider "aws" {
+    region = "us-west-2"
+    // Requester's credentials.
+}
+
+provider "aws" {
+    alias = "peer"
+    region = "us-west-2"
+    // Accepter's credentials.
+}
+
+resource "aws_vpc" "main" {
+    cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_vpc" "peer" {
+    provider = "aws.peer"
+    cidr_block = "10.1.0.0/16"
+}
+
+data "aws_caller_identity" "peer" {
+    provider = "aws.peer"
+}
+
+// Requester's side of the connection.
+resource "aws_vpc_peering_connection" "peer" {
+    vpc_id = "${aws_vpc.main.id}"
+    peer_vpc_id = "${aws_vpc.peer.id}"
+    peer_owner_id = "${data.aws_caller_identity.peer.account_id}"
+    auto_accept = false
+
+    tags {
+      Side = "Requester"
+    }
+}
+
+// Accepter's side of the connection.
+resource "aws_vpc_peering_connection_accepter" "peer" {
+    provider = "aws.peer"
+    vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
+    auto_accept = true
+
+    tags {
+       Side = "Accepter"
+    }
+}
 `

website/source/docs/providers/aws/r/vpc_peering.html.markdown

@@ -3,12 +3,16 @@ layout: "aws"
 page_title: "AWS: aws_vpc_peering_connection"
 sidebar_current: "docs-aws-resource-vpc-peering"
 description: |-
-  Provides a VPC Peering Connection resource.
+  Manage a VPC Peering Connection resource.
 ---
 
 # aws\_vpc\_peering\_connection
 
-Provides a VPC Peering Connection resource.
+Provides a resource to manage a VPC Peering Connection resource.
+
+-> **Note:** For cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connections
+use the `aws_vpc_peering_connection` resource to manage the requester's side of the connection and
+use the `aws_vpc_peering_connection_accepter` resource to manage the accepter's side of the connection.
 
 ## Example Usage
 
@@ -112,9 +116,9 @@ The following attributes are exported:
 
 AWS only supports VPC peering within the same AWS region.
 
-If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute. You will still
-have to accept the VPC Peering Connection request manually using the AWS Management Console, AWS CLI,
-through SDKs, etc.
+If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute.
+The accepter can manage its side of the connection using the `aws_vpc_peering_connection_accepter` resource
+or accept the connection manually using the AWS Management Console, AWS CLI, through SDKs, etc.
 
 ## Import
 

website/source/docs/providers/aws/r/vpc_peering_accepter.html.markdown

@@ -3,17 +3,18 @@ layout: "aws"
 page_title: "AWS: aws_vpc_peering_connection_accepter"
 sidebar_current: "docs-aws-resource-vpc-peering-accepter"
 description: |-
-  Manage the accepter's side of a cross-account VPC peering connection.
+  Manage the accepter's side of a cross-account VPC Peering Connection.
 ---
 
 # aws\_vpc\_peering\_connection\_accepter
 
-Provides a resource to manage the accepter's side of a cross-account VPC peering connection.
+Provides a resource to manage the accepter's side of a cross-account VPC Peering Connection.
 
-When a cross-account (requester's AWS account differs from the accepter's) VPC peering connection is created,
-a VPC peering connection resource is automatically created in the accepter's account. The requester can use
-the `aws_vpc_peering_connection` resource to manage its side of the connection and the accepter can use the
-`aws_vpc_peering_connection_accepter` resource to "adopt" its side of the connection into management.
+When a cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connection
+is created, a VPC Peering Connection resource is automatically created in the accepter's account.
+The requester can use the `aws_vpc_peering_connection` resource to manage its side of the connection
+and the accepter can use the `aws_vpc_peering_connection_accepter` resource to "adopt" its side of the
+connection into management.
 
 ## Example Usage
 
@@ -72,6 +73,14 @@ The following arguments are supported:
 * `auto_accept` - (Optional) Whether or not to accept the peering request. Defaults to `false`.
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
+### Removing `aws_vpc_peering_connection_accepter` from your configuration
+
+AWS allows a cross-account VPC Peering Connection to be deleted from either the requester's or accepter's side.
+However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side
+by removing the corresponding `aws_vpc_peering_connection` resource from your configuration.
+Removing a `aws_vpc_peering_connection_accepter` resource from your configuration will remove it
+from your statefile and management, **but will not destroy the VPC Peering Connection.**
+
 ## Attributes Reference
 
 All of the argument attributes except `auto_accept` are also exported as result attributes.
@@ -91,6 +100,6 @@ All of the argument attributes except `auto_accept` are also exported as result
 * `allow_remote_vpc_dns_resolution` - Indicates whether a local VPC can resolve public DNS hostnames to
 private IP addresses when queried from instances in a peer VPC.
 * `allow_classic_link_to_remote_vpc` - Indicates whether a local ClassicLink connection can communicate
-with the peer VPC over the VPC peering connection.
+with the peer VPC over the VPC Peering Connection.
 * `allow_vpc_to_remote_classic_link` - Indicates whether a local VPC can communicate with a ClassicLink
-connection in the peer VPC over the VPC peering connection.
+connection in the peer VPC over the VPC Peering Connection.