Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

resource/aws_ssm_parameter: Error reading SSM Parameter after creation: this can indicate that the provided parameter value could not be validated by SSM #14513

Closed
bflad opened this issue Aug 7, 2020 · 3 comments · Fixed by #14514
Assignees
Labels
bug Addresses a defect in current functionality. service/ssm Issues and PRs that pertain to the ssm service.
Milestone

Comments

@bflad
Copy link
Contributor

bflad commented Aug 7, 2020

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In version 3.1.0 of the Terraform AWS Provider, we began supporting the data_type argument for the aws_ssm_parameter resource. This allows configuring specific value types, such as AMI IDs (aws:ec2:image), where SSM will validate the value on creation and not create the SSM Parameter if it is invalid.

However, the SSM validation process is asynchronous to the SSM Parameter creation, so while the initial API call will succeed, there is the potential for the resource to disappear after creation. Specialized error handling was added for this case, but setting up retries to handle the asynchronous nature of this validation process was not, which can be seen in the following mostly consistent test failure:

=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
TestAccAWSSSMParameter_DataType_AwsEc2Image: testing.go:684: Step 0 error: errors during apply:
Error: error reading SSM Parameter (tf-acc-test-7563037611392826762) after creation: this can indicate that the provided parameter value could not be validated by SSM

Affected Resource(s)

  • aws_ssm_parameter

Definition of Done

  • TestAccAWSSSMParameter_DataType_AwsEc2Image testing passes consistently

References

@bflad bflad added bug Addresses a defect in current functionality. service/ssm Issues and PRs that pertain to the ssm service. labels Aug 7, 2020
@bflad bflad self-assigned this Aug 7, 2020
bflad added a commit that referenced this issue Aug 7, 2020
…or asynchronous validation process

Reference: #14513

Previously (depending on relative distance and asynchronous validation timing of SSM API):

```
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
    TestAccAWSSSMParameter_DataType_AwsEc2Image: testing.go:684: Step 0 error: errors during apply:

        Error: error reading SSM Parameter (tf-acc-test-7552804317262985734) after creation: this can indicate that the provided parameter value could not be validated by SSM
```

Now consistently:

```console
$ TF_ACC=1 go test ./aws -v -count 10 -timeout 120m -parallel 20 -run='TestAccAWSSSMParameter_DataType_AwsEc2Image'
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.37s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.66s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (10.05s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.75s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (9.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.31s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.14s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.25s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.64s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	85.316s
```

Output from acceptance testing:

```
--- PASS: TestAccAWSSSMParameter_disappears (5.12s)
--- PASS: TestAccAWSSSMParameter_basic (7.31s)
--- PASS: TestAccAWSSSMParameter_secure (8.34s)
--- PASS: TestAccAWSSSMParameter_changeNameForcesNew (12.40s)
--- PASS: TestAccAWSSSMParameter_updateDescription (12.63s)
--- PASS: TestAccAWSSSMParameter_overwrite (13.83s)
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (15.06s)
--- PASS: TestAccAWSSSMParameter_fullPath (17.87s)
--- PASS: TestAccAWSSSMParameter_Tier (18.01s)
--- PASS: TestAccAWSSSMParameter_secure_keyUpdate (19.02s)
--- PASS: TestAccAWSSSMParameter_secure_with_key (22.61s)
--- PASS: TestAccAWSSSMParameter_updateType (24.92s)
--- PASS: TestAccAWSSSMParameter_tags (38.88s)
```
@bflad bflad added this to the v3.3.0 milestone Aug 18, 2020
bflad added a commit that referenced this issue Aug 18, 2020
…or asynchronous validation process (#14514)

Reference: #14513

Previously (depending on relative distance and asynchronous validation timing of SSM API):

```
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
    TestAccAWSSSMParameter_DataType_AwsEc2Image: testing.go:684: Step 0 error: errors during apply:

        Error: error reading SSM Parameter (tf-acc-test-7552804317262985734) after creation: this can indicate that the provided parameter value could not be validated by SSM
```

Now consistently:

```console
$ TF_ACC=1 go test ./aws -v -count 10 -timeout 120m -parallel 20 -run='TestAccAWSSSMParameter_DataType_AwsEc2Image'
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.37s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.66s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (10.05s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.75s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (9.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.31s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.14s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.25s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.64s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	85.316s
```

Output from acceptance testing:

```
--- PASS: TestAccAWSSSMParameter_disappears (5.12s)
--- PASS: TestAccAWSSSMParameter_basic (7.31s)
--- PASS: TestAccAWSSSMParameter_secure (8.34s)
--- PASS: TestAccAWSSSMParameter_changeNameForcesNew (12.40s)
--- PASS: TestAccAWSSSMParameter_updateDescription (12.63s)
--- PASS: TestAccAWSSSMParameter_overwrite (13.83s)
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (15.06s)
--- PASS: TestAccAWSSSMParameter_fullPath (17.87s)
--- PASS: TestAccAWSSSMParameter_Tier (18.01s)
--- PASS: TestAccAWSSSMParameter_secure_keyUpdate (19.02s)
--- PASS: TestAccAWSSSMParameter_secure_with_key (22.61s)
--- PASS: TestAccAWSSSMParameter_updateType (24.92s)
--- PASS: TestAccAWSSSMParameter_tags (38.88s)
```
@bflad
Copy link
Contributor Author

bflad commented Aug 18, 2020

The fix for this has been merged and will release with version 3.3.0 of the Terraform AWS Provider, later this week. 👍

@ghost
Copy link

ghost commented Aug 20, 2020

This has been released in version 3.3.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

Avolynsk added a commit to Avolynsk/terraform-provider-aws that referenced this issue Aug 30, 2020
* Update CHANGELOG for #14650

* refactor: renaming CloudFormationTemplate to JsonOrYaml

* v3.2.0

* Cleanup after v3.2.0 release

* resource/aws_lb_ssl_negotiation_policy: Fix parsing of resource ID. (#14644)

* resource/aws_apigatewayv2_stage: Set 'execution_arn' attribute for HTTP APIs. (#14638)

* Update CHANGELOG for #14638

* Update module aws/aws-sdk-go to v1.34.4 (#14523)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* provider: Remove website and website-test Makefile targets (#14503)

Since the provider has been migrated to the Terraform Registry documentation, the provider website portions for terraform.io in the terraform-website repository will be removed soon. There is currently no replacement for fully emulating the whole provider documentation, but there is existing functionality for parts of this today. In the future, full emulation might be possible again but there are no timelines for that implementation.

* Link checking handled via GitHub Actions and `markdown-link-check` (see `.github/workflows/website.yml`)
* Terraform Registry documentation preview rendering (single source code page): https://registry.terraform.io/tools/doc-preview

At some point, we can also remove the legacy `website/aws.erb` side navigation file, however doing so will break open contributions modifying the file.

* docs/provider: Document requirement of Terraform CLI v0.12.26+ for acceptance tests. (#14659)

* resource/aws_dms_replication_instance: Add `allow_major_version_upgrade` argument (#14550)

* r/aws_dms_replication_instance: Support allow_major_version_upgrade attribute

* Stop setting AllowMajorVersionUpgrade

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Optionally include allow_major_version_upgrade

Co-authored-by: Brian Flad <bflad417@gmail.com>

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update CHANGELOG for #14550

* Update module bflad/tfproviderlint to v0.18.0 (#14654)

* Update module bflad/tfproviderlint to v0.18.0

* deps: go mod tidy for github.com/bflad/tfproviderlint@v0.18.0

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Brian Flad <bflad417@gmail.com>

* expect config additional opts to be set in aws-sdk-go-base

* Update website/docs/index.html.markdown

Co-authored-by: Brian Flad <bflad417@gmail.com>

* update db cluster snapshot create with retry logic

* add forwarded_ip_config attribute to geo and rate_based statements

* docs/provider: Fix broken link in Contribution Checklist (#14466)

* Fix broken link in Contribution Checklist

* Actually fix the link.

* Documentation: Replace aws_ec2_instance_spot_price by aws_ec2_spot_price (#14680)

Co-authored-by: ktalhi <katia.talhi@alterway.fr>

* tests/provider: Update resource testing to 0.12 syntax (K Resources)

* Remove quoted deprecated syntax

* tests/provider: Update resource testing to 0.12 syntax (I Resources)

* AWS Lambda support for Java 8 (Corretto) and custom runtimes on Amazon Linux 2.

* tests/provider: Update resource testing to 0.12 syntax (IAM Resources)

* Simplify aws_lambda_function runtime acceptance tests.

* Update documentation references to latest Lambda Node.js runtime (nodejs12.x).

* Don't attempt to validate EOL runtimes.

* tests/provider: Update resource testing to 0.12 syntax (Q Resources)

* tests/provider: Update resource testing to 0.12 syntax (Ra/RD/Re Resources)

* add test for regex matching in typesets

* tests/provider: Update resource testing to 0.12 syntax (Ss-Sw Resources)

* tests/provider: Update resource testing to 0.12 syntax (W Resources)

* tests/provider: Update resource testing to 0.12 syntax (WAFReg Resources)

* tests/provider: Update resource testing to 0.12 syntax (Ro Resources)

* Update CHANGELOG for #12567

* tests/provider: Update resource testing to 0.12 syntax (S3/Sa Resources)

* tests/provider: Update resource testing to 0.12 syntax (Sec/Ser Resources)

* tests/provider: Update resource testing to 0.12 syntax (Ses Resources)

* Update CHANGELOG for #14663

* tests/provider: Update resource testing to 0.12 syntax (Si-Sq Resources)

* tests/provider: Update resource testing to 0.12 syntax (T Resources)

* Remove extra whitespace with HEREDOCs

* Add note on how to use aws_wafv2_web_acl_association with Cloudfront

The existing docs mention that this resource should only be used with an ALB or API Gateway, but doesn't mention how to get the association to work in Cloudfronts case. This PR ammends that.

* tests/provider: Update hardcoded AZs (lb)

* resource/aws_launch_template: add support for "spot-instances-request" and "elastic-gpu" tag spec (#14662)

* add support for more tagging types

* Update website/docs/r/launch_template.html.markdown

Co-authored-by: Kit Ewbank <Kit_Ewbank@hotmail.com>

Co-authored-by: Kit Ewbank <Kit_Ewbank@hotmail.com>

* Update CHANGELOG for #14662

* tests/provider: Update hardcoded AZs (VPC Endpoint)

* docs/provider: Remove mention of side navigation file in Contributing Guide (#14713)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14712

The `website/aws.erb` file no longer has any effect and will be removed in the future.

* docs/provider: Re-add Release Process section to maintaining guide (#14652)

* infrastructure/repository: Sync recent new AWS service labels (#14641)

Reference: https://github.com/aws/aws-sdk-go/releases/tag/v1.34.4
Reference: https://github.com/aws/aws-sdk-go/releases/tag/v1.33.6
Reference: https://github.com/aws/aws-sdk-go/releases/tag/v1.32.9

* resource/aws_ssm_parameter: Handle data_type retries after creation for asynchronous validation process (#14514)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14513

Previously (depending on relative distance and asynchronous validation timing of SSM API):

```
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
    TestAccAWSSSMParameter_DataType_AwsEc2Image: testing.go:684: Step 0 error: errors during apply:

        Error: error reading SSM Parameter (tf-acc-test-7552804317262985734) after creation: this can indicate that the provided parameter value could not be validated by SSM
```

Now consistently:

```console
$ TF_ACC=1 go test ./aws -v -count 10 -timeout 120m -parallel 20 -run='TestAccAWSSSMParameter_DataType_AwsEc2Image'
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.37s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.66s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (10.05s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.75s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (9.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.31s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.14s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.25s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.64s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	85.316s
```

Output from acceptance testing:

```
--- PASS: TestAccAWSSSMParameter_disappears (5.12s)
--- PASS: TestAccAWSSSMParameter_basic (7.31s)
--- PASS: TestAccAWSSSMParameter_secure (8.34s)
--- PASS: TestAccAWSSSMParameter_changeNameForcesNew (12.40s)
--- PASS: TestAccAWSSSMParameter_updateDescription (12.63s)
--- PASS: TestAccAWSSSMParameter_overwrite (13.83s)
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (15.06s)
--- PASS: TestAccAWSSSMParameter_fullPath (17.87s)
--- PASS: TestAccAWSSSMParameter_Tier (18.01s)
--- PASS: TestAccAWSSSMParameter_secure_keyUpdate (19.02s)
--- PASS: TestAccAWSSSMParameter_secure_with_key (22.61s)
--- PASS: TestAccAWSSSMParameter_updateType (24.92s)
--- PASS: TestAccAWSSSMParameter_tags (38.88s)
```

* Update CHANGELOG for #14514

* Update module hashicorp/aws-sdk-go-base to v0.6.0

* use error method migrated to tfawserr package

* tests/provider: Update hardcoded AZs (Data subnet ids)

* Update CHANGELOG for #14555

* add webacl geo-match tests

* docs/resource/aws_s3_bucket_inventory: Clarify bucket argument (#14726)

Co-authored-by: ktalhi <katia.talhi@alterway.fr>

* resource/aws_eks_node_group: Support `AL2_ARM_64` value for `ami_type` argument plan-time validation (#14729)

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_AmiType (1539.32s)
```

* Update CHANGELOG for #14729

* resource/aws_user_pool_domain: Remove from state when deleted + move waiters to their own package (#14732)

Output from acceptance testing:

```
--- PASS: TestAccAWSCognitoUserPoolDomain_disappears (15.35s)
--- PASS: TestAccAWSCognitoUserPoolDomain_basic (17.98s)
```

* Update CHANGELOG for #14732

* docs/provider: Remove legacy side navigation file (#14734)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14712

* service/ec2: Support additional tag on create resources (#14501)

* vpc resource tags on create + align test with contrib guide

* customer gateway resource tags on create

* vpn connection resource tags on create

* vpn gateway resource tags on create

* spot instance request resource tags on create + test

* dhcp options resource tags on create

* route table resource tags on create + tags test

* security group resource tags on create + test

* vpc basic check for empty tags

* network acl resource tags on create + test

* route table empty tag test

* IGW resource tags on create + test

* Egress Only IGW resource tags on create + test

* vpc peering connection resource tags on create + test

* spot instance resource tags on create + test

* ENI resource tags on create + test

* subent tag on create + test

* subent tag on create + test

* use `testAccAvailableAZsNoOptInConfig()``

* docs for spot instance tags

* Update aws/resource_aws_subnet_test.go

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update website/docs/r/spot_instance_request.html.markdown

Co-authored-by: Brian Flad <bflad417@gmail.com>

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update CHANGELOG for #14501

* r/aws_rds_cluster_parameter_group and r/aws_db_parameter_group: Restore ability to change parameter values

References:
* https://github.com/terraform-providers/terraform-provider-aws/issues/11846
* https://github.com/terraform-providers/terraform-provider-aws/pull/11540

In #11540, support was added to the rds parameter group resources for
resetting parameter values to AWS defaults when parameters are removed
from config. A side-effect of these changes, however, was that
parameters which remain in the config but whose values have been changed
would also be reset to AWS defaults. This commit restores the ability
for parameter values to be updated in the config while retaining the
ability for parameters being removed from the config to be reset to AWS
defaults.

Output from acceptance testing:

```
make testacc TEST=./aws TESTARGS='-run=TestAccAWSDBClusterParameterGroup_'
...
--- PASS: TestAccAWSDBClusterParameterGroup_disappears (18.01s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix (23.28s)
--- PASS: TestAccAWSDBClusterParameterGroup_only (23.40s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName (23.42s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName_Parameter (23.77s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix_Parameter (23.79s)
--- PASS: TestAccAWSDBClusterParameterGroup_withApplyMethod (23.89s)
--- PASS: TestAccAWSDBClusterParameterGroup_basic (86.64s)
--- PASS: TestAccAWSDBClusterParameterGroup_updateParameters (24.48s)
```

```
make testacc TEST=./aws TESTARGS='-run=TestAccAWSDBParameterGroup_'
...
--- PASS: TestAccAWSDBParameterGroup_Disappears (18.18s)
--- PASS: TestAccAWSDBParameterGroup_generatedName (22.40s)
--- PASS: TestAccAWSDBParameterGroup_namePrefix (22.69s)
--- PASS: TestAccAWSDBParameterGroup_Only (23.40s)
--- PASS: TestAccAWSDBParameterGroup_MatchDefault (24.19s)
--- PASS: TestAccAWSDBParameterGroup_withApplyMethod (25.23s)
--- PASS: TestAccAWSDBParameterGroup_limit (45.08s)
--- PASS: TestAccAWSDBParameterGroup_basic (75.38s)
--- PASS: TestAccAWSDBParameterGroup_updateParameters (30.10s)
```

* Update CHANGELOG for #12112

* wafv2_web_acl_logging_configuration docs: inspect -> redact

The word `Redact` seemed to make it more clear than `inspect` in regards to what will actually happen with that field.

* Check for null regexp in 'testCheckTypeSetElemNestedAttrsInState'.

* resource/aws_eks_node_group: Add launch_template configuration block (#14639)

Reference: https://github.com/aws/aws-sdk-go/releases/tag/v1.34.4
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/14523

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MinSize (1167.16s)
--- PASS: TestAccAWSEksNodeGroup_AmiType (1173.29s)
--- PASS: TestAccAWSEksNodeGroup_disappears (1179.53s)
--- PASS: TestAccAWSEksNodeGroup_basic (1204.59s)
--- PASS: TestAccAWSEksNodeGroup_DiskSize (1217.40s)
--- PASS: TestAccAWSEksNodeGroup_LaunchTemplate_Version (1217.81s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_Ec2SshKey (1218.04s)
--- PASS: TestAccAWSEksNodeGroup_Tags (1222.27s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_SourceSecurityGroupIds (1228.60s)
--- PASS: TestAccAWSEksNodeGroup_InstanceTypes (1235.81s)
--- PASS: TestAccAWSEksNodeGroup_Labels (1288.05s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_DesiredSize (1293.11s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MaxSize (1322.00s)
--- PASS: TestAccAWSEksNodeGroup_LaunchTemplate_Id (1569.19s)
--- PASS: TestAccAWSEksNodeGroup_LaunchTemplate_Name (1632.97s)
--- PASS: TestAccAWSEksNodeGroup_ReleaseVersion (3301.17s)
--- PASS: TestAccAWSEksNodeGroup_ForceUpdateVersion (3331.88s)
--- PASS: TestAccAWSEksNodeGroup_Version (3503.58s)
```

* Update CHANGELOG for #14639

* tests/provider: Update hardcoded AZs (Redshift)

* Update CHANGELOG for #14685

* docs/resource/aws_cloudtrail: Update CloudWatch Log group argument reference (#14751)

Co-authored-by: ktalhi <katia.talhi@alterway.fr>

* resource/aws_ec2_client_vpn_network_association: Support resource import and additional security groups (#14146)

Output from acceptance testing:

```
--- PASS: TestAccAwsEc2ClientVpn_serial (4.84s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/AuthorizationRule_basic (39.99s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/AuthorizationRule_disappears (36.20s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/AuthorizationRule_groups (76.62s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/AuthorizationRule_Subnets (56.20s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_basic (16.91s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_disappears (14.36s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_msAD (1700.14s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_mutualAuthAndMsAD (1842.62s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_splitTunnel (28.99s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_tags (41.65s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_withDNSServers (27.10s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_withLogGroup (29.64s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/NetworkAssociation_basic (552.68s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/NetworkAssociation_disappears (538.30s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/NetworkAssociation_securityGroups (570.08s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Route_basic (575.22s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Route_description (564.03s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Route_disappears (596.19s)
```

* Update CHANGELOG for #14146

* update to using AWS SDK defined values arrays

* resource/aws_api_gateway_vpc_link: Remove customizable timeout and increase previous hardcoded timeouts to 20 minutes

Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/10407/files#r463739571

Output from acceptance testing:

```
--- PASS: TestAccAWSAPIGatewayVpcLink_basic (696.12s)
--- PASS: TestAccAWSAPIGatewayVpcLink_tags (717.57s)
--- PASS: TestAccAWSAPIGatewayVpcLink_disappears (717.60s)
```

* Update CHANGELOG for #10407

* awsproviderlint: Add AWSV001 check, switch fmtsprintfcallexpr pass to upstream (#14681)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14601
Reference: https://github.com/bflad/tfproviderlint/releases/tag/v0.17.0

* resource/aws_storagegatway_smb_file_share: Add audit_destination_arn and smb_acl_enabled arguments (#13572)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewaySmbFileShare_KMSEncrypted (236.89s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_Authentication_GuestAccess (242.87s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_Tags (361.66s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_audit (370.31s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_ReadOnly (375.13s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_RequesterPays (400.47s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_ObjectACL (401.00s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_KMSKeyArn (408.98s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_DefaultStorageClass (409.85s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_GuessMIMETypeEnabled (419.67s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_Authentication_ActiveDirectory (828.73s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_InvalidUserList (872.04s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_smb_acl (898.73s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_ValidUserList (912.84s)
```

* Update CHANGELOG for #13572

* resource/aws_subnet: Fix removing ipv6 cidr block from subnet (#12303)

Output from acceptance testing:

```
--- PASS: TestAccAWSSubnet_disappears (24.88s)
--- PASS: TestAccAWSSubnet_basic (29.51s)
--- PASS: TestAccAWSSubnet_availabilityZoneId (31.44s)
--- PASS: TestAccAWSSubnet_ignoreTags (43.52s)
--- PASS: TestAccAWSSubnet_tags (60.81s)
--- PASS: TestAccAWSSubnet_enableIpv6 (61.10s)
--- PASS: TestAccAWSSubnet_ipv6 (63.05s)
```

* Update CHANGELOG for #12303

* resource/aws_storagegateway_nfs_file_share: Skip UpdateSMBFileShare API call when only tags change and remove extraneous ListTagsForResource API call during read (#13590)

* Update CHANGELOG for #13590

* v3.3.0

* Address review comments

* Add Security Hub custom action resource

* docs/resource/aws_cloudfront_distribution: Clarified arguments requirement for default_cache_behavior (#14760)

* docs/resource/aws_instance: Update volume_type default to gp2 (#14767)

Per https://aws.amazon.com/about-aws/whats-new/2019/07/ebs-default-volume-type-updated-to-gp2/ we are updating the default to the correct type

* tests/resource/aws_cloudtrail: fix testAccAWSCloudTrail_cloudwatch (#14762)

Output from acceptance testing:

```
--- PASS: TestAccAWSCloudTrail_serial (314.43s)
    --- PASS: TestAccAWSCloudTrail_serial/Trail (314.43s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/tags (38.95s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/eventSelector (71.74s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/cloudwatch (45.68s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/includeGlobalServiceEvents (15.43s)
        --- SKIP: TestAccAWSCloudTrail_serial/Trail/isOrganization (1.01s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/logValidation (26.69s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/basic (26.08s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/enableLogging (36.95s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/isMultiRegion (36.16s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/kmsKey (15.73s)
```

* Add 'ewbankkit' as maintainer of select services. (#14246)

* resource/aws_storagegateway_cached_iscsi_volume: Add kms_encrypted and kms_key arguments (#12066)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_kms (179.65s)
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_Tags (226.14s)
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_SnapshotId (229.53s)
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_basic (230.15s)
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_disappears (287.92s)
```

* Update CHANGELOG for #12066

* resource/aws_storagegateway_gateway: Add `smb_security_strategy` argument (#13563)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Cached (186.23s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_FileS3 (186.34s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Vtl (199.67s)
--- PASS: TestAccAWSStorageGatewayGateway_disappears (201.12s)
--- PASS: TestAccAWSStorageGatewayGateway_SmbGuestPassword (207.36s)
--- PASS: TestAccAWSStorageGatewayGateway_CloudWatchLogs (208.89s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Stored (214.16s)
--- PASS: TestAccAWSStorageGatewayGateway_SMBSecurityStrategy (227.07s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayTimezone (230.14s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayName (232.70s)
--- PASS: TestAccAWSStorageGatewayGateway_tags (254.53s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayVpcEndpoint (303.37s)
--- PASS: TestAccAWSStorageGatewayGateway_SmbActiveDirectorySettings (793.66s)
```

* Update CHANGELOG for #13563

* resource/aws_appmesh_virtual_node: Disallow empty 'backend' blocks. (#14074)

* Update CHANGELOG for #14074

* update iam related tests with formatting change and regex to catch trailing resources

* resource/aws_storagegateway_nfs_file_share: Add cache_attributes configuration block and support S3 Intelligent Tiering (#14759)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewayNfsFileShare_disappears (211.77s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_KMSEncrypted (223.93s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_basic (228.23s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_Squash (267.47s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_DefaultStorageClass (271.02s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_ReadOnly (271.44s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_tags (272.90s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_RequesterPays (286.51s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_GuessMIMETypeEnabled (288.90s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_ObjectACL (299.74s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_NFSFileShareDefaults (317.19s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_ClientList (329.73s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_cacheAttributes (334.51s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_KMSKeyArn (366.22s)
```

* Update CHANGELOG for #14759

* service/acmpca: Add activation of ACMPCA CA to acceptance tests (#13684)

* r/aws_acmpca_certificate_authority: Test CA activation.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsAcmpcaCertificateAuthority_Enabled'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -count 1 -parallel 20 -run=TestAccAwsAcmpcaCertificateAuthority_Enabled -timeout 120m
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Enabled
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_Enabled
=== CONT  TestAccAwsAcmpcaCertificateAuthority_Enabled
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Enabled (69.95s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	69.989s

Add 'TestAccAwsAcmpcaCertificateAuthority_disappears'.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsAcmpcaCertificateAuthority_disappears'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -count 1 -parallel 20 -run=TestAccAwsAcmpcaCertificateAuthority_disappears -timeout 120m
=== RUN   TestAccAwsAcmpcaCertificateAuthority_disappears
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_disappears
=== CONT  TestAccAwsAcmpcaCertificateAuthority_disappears
--- PASS: TestAccAwsAcmpcaCertificateAuthority_disappears (25.10s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	25.138s

* r/aws_acmpca_certificate_authority: Remove CAs with DELETED status.

* Update CHANGELOG for #13684

* CODEOWNERS- Add @drfaust92 as services maintainer (#14051)

* Update CODEOWNERS

* add docs

* update list of services to maintain

to include sageamker, glue, codeartifact and storagegateway

* provider: Alphabetize services in CODEOWNERS

Also ensures HashiCorp maintainers are still pinged on reviews for now.

* service/globalaccelerator: Support Client IP address preservation, increase default accelerator creation timeout, remove health_check_path default (#14486)

* Add client_ip_preservation_enabled to global accelerator

* commit test

* r/aws_globalaccelerator_endpoint_group: Use 'tfawsresource.TestCheckTypeSetElemNestedAttrs'.

* r/aws_globalaccelerator_endpoint: Increase deployment wait time (#14161).

* r/aws_globalaccelerator_endpoint_group: Make 'client_ip_preservation_enabled' computed.

* r/aws_globalaccelerator_endpoint_group: Delete security group created by Global Accelerator service in acceptance tests.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP
--- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP (650.27s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	650.320s

* r/aws_globalaccelerator_endpoint_group: Document 'client_ip_preservation_enabled'.

* r/aws_globalaccelerator_endpoint_group: Add 'TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint'.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint
    testing.go:684: Step 0 error: errors during apply:

        Error: Error creating Global Accelerator endpoint group: InvalidArgumentException: Client IP Preservation cannot be set to false for EC2 instances

          on /tmp/tf-test004466997/main.tf line 86:
          (source code not available)

--- FAIL: TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint (133.29s)
FAIL
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	133.338s
FAIL
GNUmakefile:26: recipe for target 'testacc' failed
make: *** [testacc] Error 1

* r/aws_globalaccelerator_endpoint_group: Simplify 'TestAccAwsGlobalAcceleratorEndpointGroup_basic'.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_basic -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_basic
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_basic
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_basic
    testing.go:684: Step 0 error: After applying this step, the plan was not empty:

        DIFF:

        UPDATE: aws_globalaccelerator_endpoint_group.test
          endpoint_configuration.#:      "0" => "0"
          endpoint_group_region:         "us-west-2" => "us-west-2"
          health_check_interval_seconds: "30" => "30"
          health_check_path:             "" => "/"
          health_check_port:             "80" => ""
          health_check_protocol:         "TCP" => "TCP"
          id:                            "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005" => "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005"
          listener_arn:                  "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59" => "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59"
          threshold_count:               "3" => "3"
          traffic_dial_percentage:       "100" => "100"

        STATE:

        aws_globalaccelerator_accelerator.test:
          ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0
          provider = provider.aws
          attributes.# = 1
          attributes.0.flow_logs_enabled = false
          attributes.0.flow_logs_s3_bucket =
          attributes.0.flow_logs_s3_prefix =
          dns_name = a9225ffbbaaf25cce.awsglobalaccelerator.com
          enabled = false
          hosted_zone_id = Z2BJ6XQ5FK7U4H
          ip_address_type = IPV4
          ip_sets.# = 1
          ip_sets.0.ip_addresses.# = 2
          ip_sets.0.ip_addresses.0 = 75.2.20.133
          ip_sets.0.ip_addresses.1 = 99.83.169.50
          ip_sets.0.ip_family = IPv4
          name = tf-acc-test-809980946792323534
        aws_globalaccelerator_endpoint_group.test:
          ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005
          provider = provider.aws
          endpoint_group_region = us-west-2
          health_check_interval_seconds = 30
          health_check_path =
          health_check_port = 80
          health_check_protocol = TCP
          listener_arn = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59
          threshold_count = 3
          traffic_dial_percentage = 100

          Dependencies:
            aws_globalaccelerator_listener.test
        aws_globalaccelerator_listener.test:
          ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59
          provider = provider.aws
          accelerator_arn = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0
          client_affinity = NONE
          port_range.# = 1
          port_range.0.from_port = 80
          port_range.0.to_port = 80
          protocol = TCP

          Dependencies:
            aws_globalaccelerator_accelerator.test
--- FAIL: TestAccAwsGlobalAcceleratorEndpointGroup_basic (179.82s)
FAIL
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	179.872s
FAIL
GNUmakefile:26: recipe for target 'testacc' failed
make: *** [testacc] Error 1

* Fix health_check_path for GA TCP endpoint group

- Set `health_check_path` to Computed without Default
- Update documentation

* Update website/docs/r/globalaccelerator_endpoint_group.html.markdown

Co-authored-by: Brian Flad <bflad417@gmail.com>

* r/aws_globalaccelerator_endpoint_group: Change 'health_check_port' to Computed (#12882).

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_basic -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_basic
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_basic
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_basic
--- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_basic (183.26s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	183.312s
$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_update'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_update -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_update
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_update
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_update
--- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_update (241.78s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	241.856s

* r/aws_globalaccelerator_endpoint_group: Add '_disappears' acceptance test (#13527, #13826).

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_disappears'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_disappears -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_disappears
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_disappears
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_disappears
--- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_disappears (191.83s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	191.883s

* r/aws_globalaccelerator_endpoint_group: Set 'client_ip_preservation_enabled' to 'true' for EC2 instance endpoint test.

Co-authored-by: Zuhaib Siddique <zuhaib@launchdarkly.com>
Co-authored-by: LOU Xun <aquarhead@ela.build>
Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update CHANGELOG for #14486

* resource/aws_service_discovery_http_namespace: Correct name validation (#14749)

* Update elasticache_replication_group.html.markdown

* allow removing schedule

* refactor disappears test

* Update CHANGELOG for #14792

* service/appmesh: Update AppMesh resource acceptance tests to 0.12 syntax (#14795)

* r/aws_appmesh_mesh: Update resource testing to 0.12 syntax.

* r/aws_appmesh_route: Update resource testing to 0.12 syntax.

* r/aws_appmesh_virtual_node: Update resource testing to 0.12 syntax.

* r/aws_appmesh_virtual_router: Update resource testing to 0.12 syntax.

* r/aws_appmesh_virtual_service: Update resource testing to 0.12 syntax.

* resource/aws_storagegateway_smb_file_share: Support cache attributes and case sensitivity, remove errant docs (#14790)

* remove smb file share defaults as it doesnt exist

* plan time validation refactor

* add cache attributes

* disappears test

* use %w for errors

* use %#v for structs

* support case sensitivity

* Update CHANGELOG for #14790

* update tf syntax

* resource/aws_storagegateway_gateway: Add support for bandwidth values (#13568)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewayGateway_disappears (182.38s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Stored (206.84s)
--- PASS: TestAccAWSStorageGatewayGateway_SmbGuestPassword (210.94s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_FileS3 (227.23s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayName (233.03s)
--- PASS: TestAccAWSStorageGatewayGateway_CloudWatchLogs (238.19s)
--- PASS: TestAccAWSStorageGatewayGateway_tags (244.80s)
--- PASS: TestAccAWSStorageGatewayGateway_bandwidthUpload (244.86s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Vtl (248.04s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Cached (248.57s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayTimezone (262.73s)
--- PASS: TestAccAWSStorageGatewayGateway_SMBSecurityStrategy (262.76s)
--- PASS: TestAccAWSStorageGatewayGateway_bandwidthDownload (281.07s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayVpcEndpoint (297.35s)
--- PASS: TestAccAWSStorageGatewayGateway_bandwidthAll (300.14s)
--- PASS: TestAccAWSStorageGatewayGateway_SmbActiveDirectorySettings (744.76s)
```

* update test description

* Update CHANGELOG for #13568

* docs/resource/aws_cloudwatch_log_group: Add information about 0 value for retention_in_days argument (#14791)

* Update module aws/aws-sdk-go to v1.34.10 (#14665)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* New Resource: aws_emr_managed_scaling_policy (#13965)

Output from acceptance testing:

```
--- PASS: TestAccAwsEmrManagedScalingPolicy_ComputeLimits_MaximumOndemandCapacityUnits (469.63s)
--- PASS: TestAccAwsEmrManagedScalingPolicy_basic (475.17s)
--- PASS: TestAccAwsEmrManagedScalingPolicy_ComputeLimits_MaximumCoreCapacityUnits (483.48s)
--- PASS: TestAccAwsEmrManagedScalingPolicy_disappears (493.32s)
```

* Update CHANGELOG for #13965

* tests/resource/aws_codepipeline: Fix TestAccAWSCodePipeline_deployWithServiceRole (#14830)

* resource/aws_xray_sampling_rule: Add tags argument (#14831)

Output from acceptance testing:

```
--- PASS: TestAccAWSXraySamplingRule_basic (13.93s)
--- PASS: TestAccAWSXraySamplingRule_disappears (19.04s)
--- PASS: TestAccAWSXraySamplingRule_update (22.61s)
--- PASS: TestAccAWSXraySamplingRule_tags (53.74s)
```

* Update CHANGELOG for #14831

* Updates Terraform syntax for data source acceptance tests

* tests/resource/aws_redshift_subnet_group: Implement sweeper and disappears test (#14828)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13826
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14574

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSRedshiftSubnetGroup_disappears (26.83s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- PASS: TestAccAWSRedshiftSubnetGroup_disappears (30.85s)
```

Output from sweeper in AWS Commercial (aws_redshift_cluster failures unrelated):

```
2020/08/25 10:13:32 [DEBUG] Running Sweepers for region (us-west-2):
2020/08/25 10:13:32 [DEBUG] Running Sweeper (aws_redshift_cluster) in region (us-west-2)
2020/08/25 10:13:34 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-2045223997271387682): InvalidClusterState: Unable to delete the cluster tf-redshift-cluster-2045223997271387682. You can only delete clusters with ACTIVE, INCOMPATIBLE_NETWORK, INCOMPATIBLE_HSM, INCOMPATIBLE_RESTORE, INSUFFICIENT_CAPACITY, or HARDWARE_FAILURE lifecycle.
	status code: 400, request id: fda93346-21d9-46ae-b70a-637edb91777d
2020/08/25 10:13:34 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-8644196052749068490): InvalidClusterState: Unable to delete the cluster tf-redshift-cluster-8644196052749068490. You can only delete clusters with ACTIVE, INCOMPATIBLE_NETWORK, INCOMPATIBLE_HSM, INCOMPATIBLE_RESTORE, INSUFFICIENT_CAPACITY, or HARDWARE_FAILURE lifecycle.
	status code: 400, request id: 980f1a92-52d8-41d0-b942-608b8a28d2b0
2020/08/25 10:13:34 [DEBUG] Running Sweeper (aws_redshift_subnet_group) in region (us-west-2)
2020/08/25 10:13:34 [INFO] Deleting Redshift Cluster Subnet Group: foo-1532990571165558666
2020/08/25 10:13:35 [INFO] Deleting Redshift Cluster Subnet Group: foo-2826273713642737832
2020/08/25 10:13:35 [INFO] Deleting Redshift Cluster Subnet Group: foo-2972341912917468064
2020/08/25 10:13:35 [INFO] Deleting Redshift Cluster Subnet Group: foo-548170896135551408
2020/08/25 10:13:36 [INFO] Deleting Redshift Cluster Subnet Group: foo-6210951272445705940
2020/08/25 10:13:36 [INFO] Deleting Redshift Cluster Subnet Group: foo-6650827170013194054
2020/08/25 10:13:37 [INFO] Deleting Redshift Cluster Subnet Group: foo-8947122441846412195
2020/08/25 10:13:37 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-1033431615102227004
2020/08/25 10:13:37 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-3356016725088449244
2020/08/25 10:13:38 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-366062263239024705
2020/08/25 10:13:38 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-4635827958397283374
2020/08/25 10:13:38 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-1676492653723899859
2020/08/25 10:13:39 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-1799088798996484452
2020/08/25 10:13:39 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-3024108242023612112
2020/08/25 10:13:40 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-3299406627706074951
2020/08/25 10:13:40 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-5403800648237234931
2020/08/25 10:13:40 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-625135235143178083
2020/08/25 10:13:41 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-8306727858374757773
2020/08/25 10:13:41 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-8365684838675699564
2020/08/25 10:13:41 Sweeper Tests ran successfully:
	- aws_redshift_cluster
	- aws_redshift_subnet_group
2020/08/25 10:13:41 [DEBUG] Running Sweepers for region (us-east-1):
2020/08/25 10:13:41 [DEBUG] Running Sweeper (aws_redshift_cluster) in region (us-east-1)
2020/08/25 10:13:42 [DEBUG] No Redshift clusters to sweep
2020/08/25 10:13:42 [DEBUG] Running Sweeper (aws_redshift_subnet_group) in region (us-east-1)
2020/08/25 10:13:42 Sweeper Tests ran successfully:
	- aws_redshift_subnet_group
	- aws_redshift_cluster
ok  	github.com/terraform-providers/terraform-provider-aws/aws	12.691s
```

Output from sweeper in AWS GovCloud (US) (aws_redshift_cluster failures unrelated):

```
2020/08/25 10:13:40 [DEBUG] Running Sweepers for region (us-gov-west-1):
2020/08/25 10:13:40 [DEBUG] Running Sweeper (aws_redshift_cluster) in region (us-gov-west-1)
2020/08/25 10:13:43 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-1216426925668034673): InvalidClusterState: Unable to delete the cluster tf-redshift-cluster-1216426925668034673. You can only delete clusters with ACTIVE, INCOMPATIBLE_NETWORK, INCOMPATIBLE_HSM, INCOMPATIBLE_RESTORE, INSUFFICIENT_CAPACITY, or HARDWARE_FAILURE lifecycle.
	status code: 400, request id: 7b5f4c9e-959f-4e80-b01a-65f2cd066f71
2020/08/25 10:13:44 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-219584981761242852): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 1c672709-d60b-43b0-aadd-1bdf6a5f4797
2020/08/25 10:13:44 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-2558072814228197965): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: cc46c761-1a19-4f3e-844d-6c5514eedbf1
2020/08/25 10:13:45 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-6093122516016678979): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 24d63cb2-7635-4448-878e-2ccde8e03478
2020/08/25 10:13:45 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-6534318059499305980): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 28e83e42-6e20-4366-9c86-25f04d5138ad
2020/08/25 10:13:46 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-7172132402108784395): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 1f2cef04-05ef-42dc-bc2c-ce937032db61
2020/08/25 10:13:46 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-8068671586261296151): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 7abeafb4-268c-4b4d-abae-91e1bcab4e01
2020/08/25 10:13:46 [DEBUG] Running Sweeper (aws_redshift_subnet_group) in region (us-gov-west-1)
2020/08/25 10:13:47 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-2418503084750398980
2020/08/25 10:13:48 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-2939943196500636311
2020/08/25 10:13:48 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-8506717930441343050
2020/08/25 10:13:49 Sweeper Tests ran successfully:
	- aws_redshift_cluster
	- aws_redshift_subnet_group
ok  	github.com/terraform-providers/terraform-provider-aws/aws	10.018s
```

* Small syntax fixes

* update test configs to fix failing tests

* update to using data source instance types

* docs/resource/aws_autoscaling_policy: Add missing min_adjustment_magnitude argument (#14807)

* missing min_adjustment_magnitude argument in the docs

* Update website/docs/r/autoscaling_policy.html.markdown

Co-authored-by: Brian Flad <bflad417@gmail.com>

Co-authored-by: Brian Flad <bflad417@gmail.com>

* New Resource: aws_guardduty_publishing_destination (#13894)

* Implementation of resource new resource type for GuardDuty S3 Export (#10920)

* Added tests and documentation

* Fixed test namings

* Fixed linter issues and removed explicit import test case

* Fixed HCL formatting in documentation

* Fixed some namings and sidebar link

* Update/refactor publishing destination (#1)

* Merged latest master changes and resolved conflicts

* Merged from Upstream master and squashed commits

* Delete defaults.go

* Removed changes from vendor subdirectory and synched with master.

* Refactor GuardDuty to waiter pattern

* Remove unused constant

* Small refactor based on PR review

* Add disappears test and refactor based on PR review

* Refactor based on PR review

* Refactor according to PR review

* Additional fix wrt tf 0.12

Co-authored-by: Sebastian Häpe <Sebastian.Haepe@nordcloud.com>
Co-authored-by: shaepe <44882151+shaepe@users.noreply.github.com>

* Update CHANGELOG for #13894

* resource/aws_guardduty_publishing_destination: Minor adjustments for initial resource

Output from acceptance testing:

```
    --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination (59.25s)
        --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination/basic (30.31s)
        --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination/disappears (28.94s)
```

* internal/service/guardduty/waiter: Refactor Publishing Destination status handling

Output from acceptance testing:

```
    --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination (64.97s)
        --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination/disappears (31.59s)
        --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination/basic (33.39s)
```

* r/aws_cloudfront_distribution: Avoid raw pointer dereferences (#12992).

* r/aws_cloudfront_distribution: Fix 'TestAccAWSCloudFrontDistribution_OriginGroups'.

* resource/aws_securityhub_action_target: Finishing touches for initial resource

Output from acceptance testing:

```
    --- PASS: TestAccAWSSecurityHub_serial/ActionTarget (73.84s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/Description (24.16s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/Name (23.25s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/basic (14.02s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/disappears (12.41s)
```

* Update CHANGELOG for #10493

* deps: Allow dependabot to upgrade GitHub action versions (#14835)

* Allow dependabot to upgrad GitHub action versions

* Add dependencies section to hashibot w/ dependabot

* Fix aws_ecs_task_definition docs markdown links

It looks like these were broken due to line wrapping.

* remove aws webite ref

* Update CHANGELOG for #14844

* tests/provider: Update hardcoded AZs (Default Subnet)

* New Resource: aws_xray_group (#13597)

Output from acceptance testing:

```
--- PASS: TestAccAWSXrayGroup_disappears (12.57s)
--- PASS: TestAccAWSXrayGroup_basic (28.65s)
--- PASS: TestAccAWSXrayGroup_tags (39.39s)
```

* Update CHANGELOG for #13597

* tests/resource/aws_elb: Fix TestAccAWSELB_swap_subnets (#14865)

Output from acceptance testing:

```
--- PASS: TestAccAWSELB_swap_subnets (45.08s)
```

* Update website/docs/r/elasticache_replication_group.html.markdown

Co-authored-by: angie pinilla <angelinepinilla@gmail.com>

* New Resource: aws_xray_encryption_config (#13600)

Output from acceptance testing:

```
--- PASS: TestAccAWSXrayEncryptionConfig_basic (941.85s)
```

* Update CHANGELOG for #13600

* resource/aws_apigatewayv2_integration: AWS service integrations for HTTP APIs. (#14860)

Output from acceptance testing:

```
--- PASS: TestAccAWSAPIGatewayV2Integration_disappears (29.00s)
--- PASS: TestAccAWSAPIGatewayV2Integration_basicHttp (30.37s)
--- PASS: TestAccAWSAPIGatewayV2IntegrationResponse_basic (32.64s)
--- PASS: TestAccAWSAPIGatewayV2Integration_basicWebSocket (32.81s)
--- PASS: TestAccAWSAPIGatewayV2Integration_AwsServiceIntegration (33.16s)
--- PASS: TestAccAWSAPIGatewayV2IntegrationResponse_disappears (36.85s)
--- PASS: TestAccAWSAPIGatewayV2Integration_IntegrationTypeHttp (41.16s)
--- PASS: TestAccAWSAPIGatewayV2IntegrationResponse_AllAttributes (42.63s)
--- PASS: TestAccAWSAPIGatewayV2Integration_LambdaHttp (46.09s)
--- PASS: TestAccAWSAPIGatewayV2Integration_LambdaWebSocket (52.54s)
--- PASS: TestAccAWSAPIGatewayV2Integration_VpcLinkHttp (417.62s)
--- PASS: TestAccAWSAPIGatewayV2Integration_VpcLinkWebSocket (687.74s)
```

* Update CHANGELOG for #14860

* Update CHANGELOG for #12974

* tests/provider: Ensure GitHub Actions workflow for markdown-lint checks out code and can fetch latest v1 (#14849)

* tests/provider: Ensure GitHub Actions workflow for markdown-lint checks out code and can fetch latest v1

Previously in GitHub Actions production it was exiting immediately with the help message and not failing the step (will need to report upstream):

```
/usr/bin/docker run --name b3ac6370f976814a74da68d2a7f92df15b742_274a0b --label 3b3ac6 --workdir /github/workspace --rm -e GO_VERSION -e GO111MODULE -e TFLINT_VERSION -e INPUT_CONFIG -e INPUT_ARGS -e INPUT_RULES -e INPUT_FIX -e INPUT_OUTPUT -e INPUT_IGNORE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/terraform-provider-aws/terraform-provider-aws":"/github/workspace" 3b3ac6:370f976814a74da68d2a7f92df15b742  "website/docs"

  Usage: markdownlint [options] <files|directories|globs>

  MarkdownLint Command Line Interface

  Options:

    -h, --help                                  output usage information
    -V, --version                               output the version number
    -f, --fix                                   fix basic errors (does not work with STDIN)
    -s, --stdin                                 read from STDIN (does not work with files)
    -o, --output [outputFile]                   write issues to file (no console)
    -c, --config [configFile]                   configuration file (JSON, JSONC, JS, or YAML)
    -i, --ignore [file|directory|glob]          file(s) to ignore/exclude
    -p, --ignore-path [file]                    path to file with ignore pattern(s)
    -r, --rules  [file|directory|glob|package]  custom rule files
```

Which could also be seen with GitHub Actions testing in `act`:

```console
$ act push -j markdown-lint
[Website Checks/markdown-lint      ] 🚀  Start image=nektos/act-environments-ubuntu:18.04
[Documentation Checks/markdown-lint] 🚀  Start image=nektos/act-environments-ubuntu:18.04
[Documentation Checks/markdown-lint]   🐳  docker run image=nektos/act-environments-ubuntu:18.04 entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[Website Checks/markdown-lint      ]   🐳  docker run image=nektos/act-environments-ubuntu:18.04 entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[Documentation Checks/markdown-lint] ⭐  Run avto-dev/markdown-lint@v1.3.0
[Documentation Checks/markdown-lint]   ☁  git clone 'https://github.com/avto-dev/markdown-lint' # ref=v1.3.0
[Website Checks/markdown-lint      ] ⭐  Run avto-dev/markdown-lint@v1.3.0
[Website Checks/markdown-lint      ]   ☁  git clone 'https://github.com/avto-dev/markdown-lint' # ref=v1.3.0
[Documentation Checks/markdown-lint]   🐳  docker build -t act-avto-dev-markdown-lint-v1-3-0:latest /Users/bflad/.cache/act/avto-dev-markdown-lint@v1.3.0
[Documentation Checks/markdown-lint]   🐳  docker run image=act-avto-dev-markdown-lint-v1-3-0:latest entrypoint=[] cmd=["docs"]
[Website Checks/markdown-lint      ]   🐳  docker build -t act-avto-dev-markdown-lint-v1-3-0:latest /Users/bflad/.cache/act/avto-dev-markdown-lint@v1.3.0
[Website Checks/markdown-lint      ]   🐳  docker run image=act-avto-dev-markdown-lint-v1-3-0:latest entrypoint=[] cmd=["website/docs"]
|
|   Usage: markdownlint [options] <files|directories|globs>
|
|   MarkdownLint Command Line Interface
|
|   Options:
|
|     -h, --help                                  output usage information
|     -V, --version                               output the version number
|     -f, --fix                                   fix basic errors (does not work with STDIN)
|     -s, --stdin                                 read from STDIN (does not work with files)
|     -o, --output [outputFile]                   write issues to file (no console)
|     -c, --config [configFile]                   configuration file (JSON, JSONC, JS, or YAML)
|     -i, --ignore [file|directory|glob]          file(s) to ignore/exclude
|     -p, --ignore-path [file]                    path to file with ignore pattern(s)
|     -r, --rules  [file|directory|glob|package]  custom rule files
|
[Documentation Checks/markdown-lint]   ✅  Success - avto-dev/markdown-lint@v1.3.0
|
|   Usage: markdownlint [options] <files|directories|globs>
|
|   MarkdownLint Command Line Interface
|
|   Options:
|
|     -h, --help                                  output usage information
|     -V, --version                               output the version number
|     -f, --fix                                   fix basic errors (does not work with STDIN)
|     -s, --stdin                                 read from STDIN (does not work with files)
|     -o, --output [outputFile]                   write issues to file (no console)
|     -c, --config [configFile]                   configuration file (JSON, JSONC, JS, or YAML)
|     -i, --ignore [file|directory|glob]          file(s) to ignore/exclude
|     -p, --ignore-path [file]                    path to file with ignore pattern(s)
|     -r, --rules  [file|directory|glob|package]  custom rule files
|
[Website Checks/markdown-lint      ]   ✅  Success - avto-dev/markdown-lint@v1.3.0
```

Now with GitHub Actions testing in `act`:

```console
$ act push -j markdown-lint
[Website Checks/markdown-lint      ] 🚀  Start image=nektos/act-environments-ubuntu:18.04
[Documentation Checks/markdown-lint] 🚀  Start image=nektos/act-environments-ubuntu:18.04
[Documentation Checks/markdown-lint]   🐳  docker run image=nektos/act-environments-ubuntu:18.04 entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[Website Checks/markdown-lint      ]   🐳  docker run image=nektos/act-environments-ubuntu:18.04 entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[Website Checks/markdown-lint      ]   🐳  docker cp src=/Users/bflad/src/github.com/terraform-providers/terraform-provider-aws/. dst=/github/workspace
[Documentation Checks/markdown-lint]   🐳  docker cp src=/Users/bflad/src/github.com/terraform-providers/terraform-provider-aws/. dst=/github/workspace
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] ⭐  Run actions/checkout@v2
[Website Checks/markdown-lint      ]   ✅  Success - actions/checkout@v2
[Website Checks/markdown-lint      ] ⭐  Run avto-dev/markdown-lint@v1
[Website Checks/markdown-lint      ]   ☁  git clone 'https://github.com/avto-dev/markdown-lint' # ref=v1
[Documentation Checks/markdown-lint] ⭐  Run actions/checkout@v2
[Documentation Checks/markdown-lint]   ✅  Success - actions/checkout@v2
[Documentation Checks/markdown-lint] ⭐  Run avto-dev/markdown-lint@v1
[Documentation Checks/markdown-lint]   ☁  git clone 'https://github.com/avto-dev/markdown-lint' # ref=v1
[Website Checks/markdown-lint      ]   🐳  docker build -t act-avto-dev-markdown-lint-v1:latest /Users/bflad/.cache/act/avto-dev-markdown-lint@v1
[Documentation Checks/markdown-lint]   🐳  docker build -t act-avto-dev-markdown-lint-v1:latest /Users/bflad/.cache/act/avto-dev-markdown-lint@v1
[Website Checks/markdown-lint      ]   🐳  docker run image=act-avto-dev-markdown-lint-v1:latest entrypoint=[] cmd=["website/docs"]
[Documentation Checks/markdown-lint]   🐳  docker run image=act-avto-dev-markdown-lint-v1:latest entrypoint=[] cmd=["docs"]
[Documentation Checks/markdown-lint]   ✅  Success - avto-dev/markdown-lint@v1
| website/docs/r/emr_managed_scaling_policy.html.markdown:60 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "```console"]
| website/docs/r/spot_instance_request.html.markdown:69 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "* `tags` - (Optional) A map of..."]
[Website Checks/markdown-lint      ]   ❌  Failure - avto-dev/markdown-lint@v1
Error: exit with `FAILURE`: 1
```

These failures will be addressed separately.

* docs/provider: Fix markdown-lint reports

Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/14849

* resource/aws_emr_instance_group: Extend instance group timeout by 50% (#13077)

* Update CHANGELOG for #13077

* resource/aws_emr_instance_group: Increase creation and update timeouts to 30 minutes (#14106)

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update CHANGELOG for #14106

* Update CHANGELOG for #9525

* add create timeout for rds_cluster_endpoint resource

* v3.4.0

* Cleanup after v3.4.0 release

* add diffsupressfunc for json field

* refactor opsworks_slack tests and update enumerated values

* add "other" to source type values

Co-authored-by: Brian Flad <bflad417@gmail.com>

* resource/aws_acm_certificate: Provide additional plan-time validation for subject_alternative_names values (#14782)

Previously:

```
    TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString: resource_aws_acm_certificate_test.go:315: Step 1/1, expected an error with pattern, no match on: terraform failed: exit status 1

        stderr:

        Error: Error requesting certificate: ValidationException: 1 validation error detected: Value '[]' at 'subjectAlternativeNames' failed to satisfy constraint: Member must satisfy constraint: [Member must have length less than or equal to 253, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: ^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$]
        	status code: 400, request id: c82c20fc-931d-4e04-b79f-d9795db14fa9
```

The intention of this change was test and prevent against panic in Terraform 0.11, however since the provider no longer supports 0.11 and earlier, this is now merely an enhancement. We could also attempt the same regular expression validation, however that seems more likely to change in the future, should ACM support additional characters in domain naming so its omitted for now.

Output from acceptance testing (unrelated failures due to testing account quota issues):

```
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (2.66s)
--- PASS: TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString (2.94s)
--- FAIL: TestAccAWSAcmCertificate_imported_DomainName (6.59s)
--- FAIL: TestAccAWSAcmCertificate_imported_IpAddress (6.22s)
--- PASS: TestAccAWSAcmCertificate_root (19.80s)
--- PASS: TestAccAWSAcmCertificate_emailValidation (20.68s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (21.38s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (21.73s)
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (21.82s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (22.66s)
--- PASS: TestAccAWSAcmCertificate_san_multiple (23.00s)
--- PASS: TestAccAWSAcmCertificate_wildcard (23.41s)
--- PASS: TestAccAWSAcmCertificate_privateCert (23.68s)
--- PASS: TestAccAWSAcmCertificate_san_single (24.92s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (35.64s)
--- PASS: TestAccAWSAcmCertificate_tags (54.65s)
```

* Update CHANGELOG for #14782

* resource/aws_msk_configuration: Implement Update and Delete support (#14826)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14822

Fixes consistent test failures like the following, since the deletion API did not exist previously:

```
=== CONT  TestAccAWSMskConfigurationDataSource_Name
TestAccAWSMskConfigurationDataSource_Name: data_source_aws_msk_configuration_test.go:16: Step 1/1 error: terraform failed: exit status 1
stderr:
Error: error creating MSK Configuration: LimitExceededException:
  status code: 429, request id: 2d1a5f7b-9810-4721-8aba-5873760578f7
--- FAIL: TestAccAWSMskConfigurationDataSource_Name (3942.7…
@ghost
Copy link

ghost commented Sep 17, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Sep 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. service/ssm Issues and PRs that pertain to the ssm service.
Projects
None yet
1 participant