Merge pull request #26525 from hashicorp/td-ec2-classic-retirement-ph…

…ase2 EC2-Classic retirement phase 2: Prevent creation of new EC2-Classic resources
hashicorp · Sep 1, 2022 · 9a1e362 · 9a1e362
2 parents 60ec508 + 86ba57c
commit 9a1e362
Show file tree

Hide file tree

Showing 35 changed files with 1,237 additions and 3,089 deletions.
diff --git a/.changelog/26525.txt b/.changelog/26525.txt
@@ -0,0 +1,59 @@
+```release-note:note
+resource/aws_default_vpc: With AWS's retirement of EC2-Classic the`enable_classiclink` and `enable_classiclink_dns_support` attributes have been deprecated and will be removed in a future version
+```
+
+```release-note:note
+resource/aws_db_security_group: With AWS's retirement of EC2-Classic no new RDS DB Security Groups can be created
+```
+
+```release-note:note
+resource/aws_redshift_security_group: With AWS's retirement of EC2-Classic no new Redshift Security Groups can be created
+```
+
+```release-note:note
+resource/aws_elasticache_security_group: With AWS's retirement of EC2-Classic no new ElastiCache Security Groups can be created
+```
+
+```release-note:note
+resource/aws_db_instance: With AWS's retirement of EC2-Classic no new RDS DB Instances can be created referencing RDS DB Security Groups
+```
+
+```release-note:note
+resource/aws_redshift_cluster: With AWS's retirement of EC2-Classic no new Redshift Clusters can be created referencing Redshift Security Groups
+```
+
+```release-note:note
+resource/aws_elasticache_cluster: With AWS's retirement of EC2-Classic no new ElastiCache Clusters can be created referencing ElastiCache Security Groups
+```
+
+```release-note:note
+resource/aws_opsworks_stack: With AWS's retirement of EC2-Classic no new OpsWorks Stacks can be created without referencing a VPC
+```
+
+```release-note:note
+resource/aws_launch_configuration: With AWS's retirement of EC2-Classic no new Auto Scaling Launch Configurations can be created referencing ClassicLink
+```
+
+```release-note:note
+resource/aws_eip: With AWS's retirement of EC2-Classic no new non-VPC EC2 EIPs can be created
+```
+
+```release-note:note
+resource/aws_vpc: With AWS's retirement of EC2-Classic no new VPCs can be created with ClassicLink enabled
+```
+
+```release-note:note
+resource/aws_vpc_peering_connection: With AWS's retirement of EC2-Classic no new VPC Peering Connections can be created with ClassicLink options enabled
+```
+
+```release-note:note
+resource/aws_vpc_peering_connection_options: With AWS's retirement of EC2-Classic no new VPC Peering Connection Options can be created with ClassicLink options enabled
+```
+
+```release-note:note
+resource/aws_vpc_peering_connection_accepter: With AWS's retirement of EC2-Classic no VPC Peering Connections can be accepted with ClassicLink options enabled
+```
+
+```release-note:note
+resource/aws_security_group: With AWS's retirement of EC2-Classic no new Security Groups can be created without referencing a VPC
+```
diff --git a/.changelog/26553.txt b/.changelog/26553.txt
@@ -1,15 +1,3 @@
 ```release-note:bug
 resource/aws_security_group: Fix complex dependency violations such as using a security group with an EMR cluster
 ```
-
-```release-note:note
-resource/aws_security_group: With AWS's retirement of EC2-Classic, `aws_security_group` has been updated to remove support for EC2-Classic
-```
-
-```release-note:note
-resource/aws_default_security_group: With AWS's retirement of EC2-Classic, `aws_default_security_group` has been updated to remove support for EC2-Classic
-```
-
-```release-note:note
-resource/aws_security_group_rule: With AWS's retirement of EC2-Classic, `aws_security_group_rule` has been updated to remove support for EC2-Classic
-```
diff --git a/internal/service/autoscaling/launch_configuration.go b/internal/service/autoscaling/launch_configuration.go
@@ -1,10 +1,10 @@
 package autoscaling
 
 import ( // nosemgrep:ci.aws-sdk-go-multiple-service-imports
-
 	"crypto/sha1"
 	"encoding/base64"
 	"encoding/hex"
+	"errors"
 	"fmt"
 	"log"
 
@@ -326,6 +326,14 @@ func resourceLaunchConfigurationCreate(d *schema.ResourceData, meta interface{})
 	autoscalingconn := meta.(*conns.AWSClient).AutoScalingConn
 	ec2conn := meta.(*conns.AWSClient).EC2Conn
 
+	if _, ok := d.GetOk("vpc_classic_link_id"); ok {
+		return errors.New(`with the retirement of EC2-Classic no new Auto Scaling Launch Configurations can be created referencing ClassicLink`)
+	}
+
+	if v, ok := d.GetOk("vpc_classic_link_security_groups"); ok && v.(*schema.Set).Len() > 0 {
+		return errors.New(`with the retirement of EC2-Classic no new Auto Scaling Launch Configurations can be created referencing ClassicLink`)
+	}
+
 	lcName := create.Name(d.Get("name").(string), d.Get("name_prefix").(string))
 	input := autoscaling.CreateLaunchConfigurationInput{
 		EbsOptimized:            aws.Bool(d.Get("ebs_optimized").(bool)),
@@ -339,14 +347,6 @@ func resourceLaunchConfigurationCreate(d *schema.ResourceData, meta interface{})
 		input.AssociatePublicIpAddress = aws.Bool(associatePublicIPAddress.True())
 	}
 
-	if v, ok := d.GetOk("vpc_classic_link_id"); ok {
-		input.ClassicLinkVPCId = aws.String(v.(string))
-	}
-
-	if v, ok := d.GetOk("vpc_classic_link_security_groups"); ok && v.(*schema.Set).Len() > 0 {
-		input.ClassicLinkVPCSecurityGroups = flex.ExpandStringSet(v.(*schema.Set))
-	}
-
 	if v, ok := d.GetOk("iam_instance_profile"); ok {
 		input.IamInstanceProfile = aws.String(v.(string))
 	}