-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP]New Resource: aws_shield_protection, aws_shield_subscription #1899
Conversation
Hi @atsushi-ishibashi Do you mind submitting all changes in Thanks. |
@radeksimko Thank you for teaching me. I have submitted #1901 |
@radeksimko I asked the AWS support how to use shield api without the subscription of Shield Advanced but it's impossible... |
Just FYI - we reached out to AWS to ask about this too, in the context of our testing account. I will keep you posted. |
My company has Shield Advanced and we would love to be able to leverage this for our teams. How can I test this? |
I was able to test this successfully with |
Hey Everyone, Is there anyone available who can also test this PR? Hashicorp has informed us they are waiting for another company to test it. Any help would be much appreciated, we have a lot of projects that would benefit from this. |
Hello, I'm looking for a second +1 on this. If anyone tracking this can do so, that would be wonderful and appreciated. |
While I'm really looking forward for the https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_DeleteSubscription.html I'd also like to mention that a Shield subscription is only necessary once per AWS organization. Thus, even if a company has multiple AWS accounts, the Shield subscription is only necessary once. This means, it's not really useful to manage this as code. |
@bcornils @jansiwy are either of you able to test this(requires shield advanced subscription)/ update the Go code to remove the part about the subscription(I agree, it doesn't make sense to manage that via Terraform)? I haven't worked with Go, though deleting stuff probably wouldn't be too difficult. I have been in contact with Hashicorp support and they accepted my testing, but said that they would like another company to test it as well. Please let me know, I would be happy to test again. |
@akataz @jansiwy @bcornils |
I've tried to run the test from the branch -> issue1769 in @atsushi-ishibashi fork and I got the following error. make testacc TESTARGS='-run=TestAccAWSShieldProtection'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccAWSShieldProtection -timeout 120m
? github.com/terraform-providers/terraform-provider-aws [no test files]
# github.com/terraform-providers/terraform-provider-aws/aws
aws/resource_aws_vpc_endpoint.go:206: Printf format %q has arg input.VpcEndpointId of wrong type *string
aws/resource_aws_api_gateway_resource_test.go:75: Errorf format %q has arg conf.Path of wrong type *string
aws/resource_aws_spot_fleet_request_test.go:493: Errorf format %q has arg placement.Tenancy of wrong type *string
FAIL github.com/terraform-providers/terraform-provider-aws/aws [build failed]
make: *** [GNUmakefile:15: testacc] Error 2 And it is about files unrelated to shield, so I would suggest if we don't get a response from @atsushi-ishibashi I will take out the needed parts and create a new PR. |
Hi, I still think that the subscription resource is a good resource to have? Because it's required to enable the subscription for every account, even though the organisation is only billed once. Cheers, |
Hi @JoshiiSinfield. This is not testable by the acceptance tests as:
At most we can add a tooltip on top of the resource documentation that explains all of this. https://docs.aws.amazon.com/cli/latest/reference/shield/index.html |
Hi @parabolic , No problem I understand. I'll test the PR. Cheers, |
With that in mind, does that mean that the aws_shield_subscription resource is not going to make it into terraform? |
For folks following this pull request, #7721 is almost ready for merge and includes a new Thanks @atsushi-ishibashi for your initial work here! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
#1769
Sorry for adding two resource at a time because I found aws_shield_protection requires aws_shield_subscription during development.
I have a trouble about shield subscription. AWS Shield Advanced costs $3,000/month and I couldn't find the documentation describing the charge after deactivating.
So far, I removed
TestAccAWSShieldSubscription
.There isn't
shield
package so I added it.