Add aws_ec2_serial_console_access

Based on the aws_ebs_encryption_by_default resource & data source.

Fixes hashicorp#18503

internal/provider/provider.go

@@ -528,6 +528,7 @@ func Provider() *schema.Provider {
 			"aws_ec2_local_gateway":                          ec2.DataSourceLocalGateway(),
 			"aws_ec2_local_gateways":                         ec2.DataSourceLocalGateways(),
 			"aws_ec2_managed_prefix_list":                    ec2.DataSourceManagedPrefixList(),
+			"aws_ec2_serial_console_access":                  ec2.DataSourceSerialConsoleAccess(),
 			"aws_ec2_spot_price":                             ec2.DataSourceSpotPrice(),
 			"aws_ec2_transit_gateway":                        ec2.DataSourceTransitGateway(),
 			"aws_ec2_transit_gateway_dx_gateway_attachment":  ec2.DataSourceTransitGatewayDxGatewayAttachment(),
@@ -1195,6 +1196,7 @@ func Provider() *schema.Provider {
 			"aws_ec2_local_gateway_route_table_vpc_association":    ec2.ResourceLocalGatewayRouteTableVPCAssociation(),
 			"aws_ec2_managed_prefix_list":                          ec2.ResourceManagedPrefixList(),
 			"aws_ec2_managed_prefix_list_entry":                    ec2.ResourceManagedPrefixListEntry(),
+			"aws_ec2_serial_console_access":                        ec2.ResourceSerialConsoleAccess(),
 			"aws_ec2_subnet_cidr_reservation":                      ec2.ResourceSubnetCIDRReservation(),
 			"aws_ec2_tag":                                          ec2.ResourceTag(),
 			"aws_ec2_traffic_mirror_filter":                        ec2.ResourceTrafficMirrorFilter(),

internal/service/ec2/serial_console_access.go

@@ -0,0 +1,90 @@
+package ec2
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+)
+
+func ResourceSerialConsoleAccess() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceSerialConsoleAccessCreate,
+		Read:   resourceSerialConsoleAccessRead,
+		Update: resourceSerialConsoleAccessUpdate,
+		Delete: resourceSerialConsoleAccessDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+		},
+	}
+}
+
+func resourceSerialConsoleAccessCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*conns.AWSClient).EC2Conn
+
+	enabled := d.Get("enabled").(bool)
+	if err := setSerialConsoleAccess(conn, enabled); err != nil {
+		return fmt.Errorf("error creating serial console access (%t): %s", enabled, err)
+	}
+
+	//lintignore:R015 // Allow legacy unstable ID usage in managed resource
+	d.SetId(resource.UniqueId())
+
+	return resourceSerialConsoleAccessRead(d, meta)
+}
+
+func resourceSerialConsoleAccessRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*conns.AWSClient).EC2Conn
+
+	resp, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{})
+	if err != nil {
+		return fmt.Errorf("error reading serial console access: %s", err)
+	}
+
+	d.Set("enabled", resp.SerialConsoleAccessEnabled)
+
+	return nil
+}
+
+func resourceSerialConsoleAccessUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*conns.AWSClient).EC2Conn
+
+	enabled := d.Get("enabled").(bool)
+	if err := setSerialConsoleAccess(conn, enabled); err != nil {
+		return fmt.Errorf("error updating serial console access (%t): %s", enabled, err)
+	}
+
+	return resourceSerialConsoleAccessRead(d, meta)
+}
+
+func resourceSerialConsoleAccessDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*conns.AWSClient).EC2Conn
+
+	// Removing the resource disables default encryption.
+	if err := setSerialConsoleAccess(conn, false); err != nil {
+		return fmt.Errorf("error disabling serial console access: %s", err)
+	}
+
+	return nil
+}
+
+func setSerialConsoleAccess(conn *ec2.EC2, enabled bool) error {
+	var err error
+
+	if enabled {
+		_, err = conn.EnableSerialConsoleAccess(&ec2.EnableSerialConsoleAccessInput{})
+	} else {
+		_, err = conn.DisableSerialConsoleAccess(&ec2.DisableSerialConsoleAccessInput{})
+	}
+
+	return err
+}

internal/service/ec2/serial_console_access_data_source.go

@@ -0,0 +1,35 @@
+package ec2
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+)
+
+func DataSourceSerialConsoleAccess() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceSerialConsoleAccessRead,
+
+		Schema: map[string]*schema.Schema{
+			"enabled": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+		},
+	}
+}
+func dataSourceSerialConsoleAccessRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*conns.AWSClient).EC2Conn
+
+	res, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{})
+	if err != nil {
+		return fmt.Errorf("Error reading serial console access toggle: %w", err)
+	}
+
+	d.SetId(meta.(*conns.AWSClient).Region)
+	d.Set("enabled", res.SerialConsoleAccessEnabled)
+
+	return nil
+}

internal/service/ec2/serial_console_access_data_source_test.go

@@ -0,0 +1,62 @@
+package ec2_test
+
+import (
+	"fmt"
+	"strconv"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+)
+
+func TestAccEC2SerialConsoleAccessDataSource_basic(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:   func() { acctest.PreCheck(t) },
+		ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID),
+		Providers:  acctest.Providers,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSerialConsoleAccessDataSourceConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckSerialConsoleAccessDataSource("data.aws_ec2_serial_console_access.current"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckSerialConsoleAccessDataSource(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn
+
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		actual, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{})
+		if err != nil {
+			return fmt.Errorf("Error reading serial console access toggle: %q", err)
+		}
+
+		attr, _ := strconv.ParseBool(rs.Primary.Attributes["enabled"])
+
+		if attr != aws.BoolValue(actual.SerialConsoleAccessEnabled) {
+			return fmt.Errorf("Serial console access is not in expected state (%t)", aws.BoolValue(actual.SerialConsoleAccessEnabled))
+		}
+
+		return nil
+	}
+}
+
+const testAccSerialConsoleAccessDataSourceConfig = `
+data "aws_ec2_serial_console_access" "current" {}
+`

internal/service/ec2/serial_console_access_test.go

@@ -0,0 +1,94 @@
+package ec2_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+)
+
+func TestAccEC2SerialConsoleAccess_basic(t *testing.T) {
+	resourceName := "aws_ec2_serial_console_access.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acctest.PreCheck(t) },
+		ErrorCheck:   acctest.ErrorCheck(t, ec2.EndpointsID),
+		Providers:    acctest.Providers,
+		CheckDestroy: testAccCheckSerialConsoleAccessDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSerialConsoleAccessConfig(false),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckSerialConsoleAccess(resourceName, false),
+					resource.TestCheckResourceAttr(resourceName, "enabled", "false"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccSerialConsoleAccessConfig(true),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckSerialConsoleAccess(resourceName, true),
+					resource.TestCheckResourceAttr(resourceName, "enabled", "true"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckSerialConsoleAccessDestroy(s *terraform.State) error {
+	conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn
+
+	response, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{})
+	if err != nil {
+		return err
+	}
+
+	if aws.BoolValue(response.SerialConsoleAccessEnabled) != false {
+		return fmt.Errorf("Serial console access not disabled on resource removal")
+	}
+
+	return nil
+}
+
+func testAccCheckSerialConsoleAccess(n string, enabled bool) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn
+
+		response, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{})
+		if err != nil {
+			return err
+		}
+
+		if aws.BoolValue(response.SerialConsoleAccessEnabled) != enabled {
+			return fmt.Errorf("Serial console access is not in expected state (%t)", enabled)
+		}
+
+		return nil
+	}
+}
+
+func testAccSerialConsoleAccessConfig(enabled bool) string {
+	return fmt.Sprintf(`
+resource "aws_ec2_serial_console_access" "test" {
+  enabled = %[1]t
+}
+`, enabled)
+}

website/docs/d/ec2_serial_console_access.html.markdown

@@ -0,0 +1,24 @@
+---
+subcategory: "EC2"
+layout: "aws"
+page_title: "AWS: aws_ec2_serial_console_access"
+description: |-
+  Checks whether serial console access is enabled for your AWS account in the current AWS region.
+---
+
+# Data Source: aws_ec2_serial_console_access
+
+Provides a way to check whether serial console access is enabled for your AWS account in the current AWS region.
+
+## Example Usage
+
+```terraform
+data "aws_ec2_serial_console_access" "current" {}
+```
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `enabled` - Whether or not serial console access is enabled. Returns as `true` or `false`.
+* `id` - Region of serial console access.

website/docs/r/ec2_serial_console_access.html.markdown

@@ -0,0 +1,39 @@
+---
+subcategory: "EC2"
+layout: "aws"
+page_title: "AWS: aws_ec2_serial_console_access"
+description: |-
+  Manages whether serial console access is enabled for your AWS account in the current AWS region.
+---
+
+# Resource: aws_ec2_serial_console_access
+
+Provides a resource to manage whether serial console access is enabled for your AWS account in the current AWS region.
+
+~> **NOTE:** Removing this Terraform resource disables serial console access.
+
+## Example Usage
+
+```terraform
+resource "aws_ec2_serial_console_access" "example" {
+  enabled = true
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `enabled` - (Optional) Whether or not serial console access is enabled. Valid values are `true` or `false`. Defaults to `true`.
+
+## Attributes Reference
+
+No additional attributes are exported.
+
+## Import
+
+Serial console access state can be imported, e.g.,
+
+```
+$ terraform import aws_ec2_serial_console_access.example default
+```