Add hsm2m.medium as valid type for hsm_type on aws_cloudhsm_v2_cluste…

…r, and add mode as property

CHANGELOG.md

@@ -88,6 +88,7 @@ BUG FIXES:
 * resource/aws_cloudformation_stack_set_instance: Fix crash during construction of the `id` attribute when `deployment_targets` does not include organizational unit IDs. ([#38969](https://github.com/hashicorp/terraform-provider-aws/issues/38969))
 * resource/aws_glue_trigger: Fix crash when null `action` is configured ([#38994](https://github.com/hashicorp/terraform-provider-aws/issues/38994))
 * resource/aws_rds_cluster: Allow Web Service Data API (`enabled_http_endpoint`) to be enabled and disabled for `provisioned` engine mode and serverlessv2 ([#38997](https://github.com/hashicorp/terraform-provider-aws/issues/38997))
+* resource/aws_cloudhsm_v2_cluster: Add `hsm2m.medium` as a valid `hsm_type` and `mode` as a new property ([#39018](https://github.com/hashicorp/terraform-provider-aws/issues/39018))
 
 ## 5.63.1 (August 20, 2024)
 

internal/service/cloudhsmv2/cloudhsmv2_test.go

@@ -17,6 +17,7 @@ func TestAccCloudHSMV2_serial(t *testing.T) {
  acctest.CtBasic: testAccCluster_basic,
  acctest.CtDisappears: testAccCluster_disappears,
  "tags": testAccCluster_tags,
+ "hsmType": testAccCluster_hsmtype,
  },
  "Hsm": {
  "availabilityZone": testAccHSM_AvailabilityZone,

internal/service/cloudhsmv2/cluster.go

@@ -88,7 +88,13 @@ func resourceCluster() *schema.Resource {
  Type: schema.TypeString,
  Required: true,
  ForceNew: true,
- ValidateFunc: validation.StringInSlice([]string{"hsm1.medium"}, false),
+ ValidateFunc: validation.StringInSlice([]string{"hsm1.medium", "hsm2m.medium"}, false),
+ },
+ "mode": {
+ Type: schema.TypeString,
+ Optional: true,
+ Default: string(types.ClusterModeFips),
+ ValidateFunc: validation.StringInSlice(validClusterModes(), false),
  },
  "security_group_id": {
  Type: schema.TypeString,
@@ -127,6 +133,17 @@ func resourceClusterCreate(ctx context.Context, d *schema.ResourceData, meta int
  TagList: getTagsIn(ctx),
  }
 
+ if v, ok := d.GetOk("mode"); ok && v != "" {
+ switch v.(string) {
+ case string(types.ClusterModeFips):
+ input.Mode = types.ClusterModeFips
+ case string(types.ClusterModeNonFips):
+ input.Mode = types.ClusterModeNonFips
+ default:
+ sdkdiag.AppendErrorf(diags, "invalid cluster mode: %s", v)
+ }
+ }
+
  if v, ok := d.GetOk("source_backup_identifier"); ok {
  input.SourceBackupId = aws.String(v.(string))
  }
@@ -173,6 +190,7 @@ func resourceClusterRead(ctx context.Context, d *schema.ResourceData, meta inter
  d.Set("cluster_id", cluster.ClusterId)
  d.Set("cluster_state", cluster.State)
  d.Set("hsm_type", cluster.HsmType)
+ d.Set("mode", cluster.Mode)
  d.Set("security_group_id", cluster.SecurityGroup)
  d.Set("source_backup_identifier", cluster.SourceBackupId)
  d.Set(names.AttrSubnetIDs, tfmaps.Values(cluster.SubnetMapping))
@@ -371,3 +389,12 @@ func flattenCertificates(apiObject *types.Cluster) []map[string]interface{} {
 
  return []map[string]interface{}{}
 }
+
+func validClusterModes() []string {
+ var clusterModeStrings []string
+ for _, mode := range types.ClusterModeFips.Values() {
+ clusterModeStrings = append(clusterModeStrings, string(mode))
+ }
+
+ return clusterModeStrings
+}

internal/service/cloudhsmv2/cluster_test.go

@@ -126,6 +126,34 @@ func testAccCluster_tags(t *testing.T) {
  })
 }
 
+func testAccCluster_hsmtype(t *testing.T) {
+ ctx := acctest.Context(t)
+ resourceName := "aws_cloudhsm_v2_cluster.test"
+ rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { acctest.PreCheck(ctx, t) },
+ ErrorCheck: acctest.ErrorCheck(t, names.CloudHSMV2ServiceID),
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+ CheckDestroy: testAccCheckClusterDestroy(ctx),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccClusterConfig_hsm2m_medium(rName),
+ Check: resource.ComposeAggregateTestCheckFunc(
+ testAccCheckClusterExists(ctx, resourceName),
+ resource.TestCheckResourceAttr(resourceName, "hsm_type", "hsm2m.medium"),
+ ),
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"cluster_certificates"},
+ },
+ },
+ })
+}
+
 func testAccCheckClusterDestroy(ctx context.Context) resource.TestCheckFunc {
  return func(s *terraform.State) error {
  conn := acctest.Provider.Meta().(*conns.AWSClient).CloudHSMV2Client(ctx)
@@ -180,6 +208,16 @@ resource "aws_cloudhsm_v2_cluster" "test" {
 `)
 }
 
+func testAccClusterConfig_hsm2m_medium(rName string) string {
+ return acctest.ConfigCompose(testAccClusterConfig_base(rName), `
+resource "aws_cloudhsm_v2_cluster" "test" {
+ hsm_type = "hsm2m.medium"
+ mode = "NON_FIPS"
+ subnet_ids = aws_subnet.test[*].id
+}
+`)
+}
+
 func testAccClusterConfig_tags1(rName, tagKey1, tagValue1 string) string {
  return acctest.ConfigCompose(testAccClusterConfig_base(rName), fmt.Sprintf(`
 resource "aws_cloudhsm_v2_cluster" "test" {

website/docs/cdktf/python/r/cloudhsm_v2_cluster.html.markdown

@@ -83,7 +83,8 @@ class MyConvertedCode(TerraformStack):
 This resource supports the following arguments:
 
 * `source_backup_identifier` - (Optional) ID of Cloud HSM v2 cluster backup to be restored.
-* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported.
+* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, `hsm1.medium` and `hsm2m.medium` are supported.
+* `mode` - (Optional) The mode to use in the cluster. The allowed values are `FIPS` and `NON_FIPS`. This field is required if `hsm_type` is `hsm2m.medium`.
 * `subnet_ids` - (Required) The IDs of subnets in which cluster will operate.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 

website/docs/cdktf/typescript/r/cloudhsm_v2_cluster.html.markdown

@@ -90,7 +90,8 @@ class MyConvertedCode extends TerraformStack {
 This resource supports the following arguments:
 
 * `sourceBackupIdentifier` - (Optional) ID of Cloud HSM v2 cluster backup to be restored.
-* `hsmType` - (Required) The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported.
+* `hsmType` - (Required) The type of HSM module in the cluster. Currently, `hsm1.medium` and `hsm2m.medium` are supported.
+* `mode` - (Optional) The mode to use in the cluster. The allowed values are `FIPS` and `NON_FIPS`. This field is required if `hsm_type` is `hsm2m.medium`.
 * `subnetIds` - (Required) The IDs of subnets in which cluster will operate.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`defaultTags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 

website/docs/r/cloudhsm_v2_cluster.html.markdown

@@ -65,8 +65,9 @@ resource "aws_cloudhsm_v2_cluster" "cloudhsm_v2_cluster" {
 This resource supports the following arguments:
 
 * `source_backup_identifier` - (Optional) ID of Cloud HSM v2 cluster backup to be restored.
-* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported.
+* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, `hsm1.medium` and `hsm2m.medium` are supported.
 * `subnet_ids` - (Required) The IDs of subnets in which cluster will operate.
+* `mode` - (Optional) The mode to use in the cluster. The allowed values are `FIPS` and `NON_FIPS`. This field is required if `hsm_type` is `hsm2m.medium`.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 
 ## Attribute Reference