Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r/aws_iam_organization_features: IAM Organizations Root Access Management new resource #40164

Merged
merged 12 commits into from
Nov 26, 2024
Merged
Prev Previous commit
Next Next commit
'aws_iam_organization_features' -> 'aws_iam_organizations_features'.
  • Loading branch information
ewbankkit committed Nov 25, 2024

Verified

This commit was signed with the committer’s verified signature.
ewbankkit Kit Ewbank
commit 42429096ce4dfedb2ecdc3ddf1df0df2d6c096c5
2 changes: 1 addition & 1 deletion .changelog/40164.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
```release-note:new-resource
aws_iam_organization_features
aws_iam_organizations_features
```
1 change: 1 addition & 0 deletions internal/service/iam/exports_test.go
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@ var (
ResourceGroupPolicyAttachment = resourceGroupPolicyAttachment
ResourceInstanceProfile = resourceInstanceProfile
ResourceOpenIDConnectProvider = resourceOpenIDConnectProvider
ResourceOrganizationsFeatures = newOrganizationsFeaturesResource
ResourcePolicy = resourcePolicy
ResourcePolicyAttachment = resourcePolicyAttachment
ResourceRolePolicy = resourceRolePolicy
Original file line number Diff line number Diff line change
@@ -22,25 +22,25 @@ import (
"github.com/hashicorp/terraform-provider-aws/names"
)

// @FrameworkResource("aws_iam_organization_features", name="Organization Features")
func newResourceOrganizationFeatures(_ context.Context) (resource.ResourceWithConfigure, error) {
r := &resourceOrganizationFeatures{}
// @FrameworkResource("aws_iam_organizations_features", name="Organizations Features")
func newOrganizationsFeaturesResource(context.Context) (resource.ResourceWithConfigure, error) {
r := &organizationsFeaturesResource{}
return r, nil
}

const (
ResNameOrganizationFeatures = "IAM Organization Features"
)

type resourceOrganizationFeatures struct {
type organizationsFeaturesResource struct {
framework.ResourceWithConfigure
}

func (r *resourceOrganizationFeatures) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
func (*organizationsFeaturesResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
resp.TypeName = "aws_iam_organization_features"
}

func (r *resourceOrganizationFeatures) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
func (r *organizationsFeaturesResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
resp.Schema = schema.Schema{
Attributes: map[string]schema.Attribute{
names.AttrID: schema.StringAttribute{
@@ -60,7 +60,7 @@ func (r *resourceOrganizationFeatures) Schema(ctx context.Context, req resource.
}
}

func (r *resourceOrganizationFeatures) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
func (r *organizationsFeaturesResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
conn := r.Meta().IAMClient(ctx)

var plan resourceOrganizationFeaturesModel
@@ -92,7 +92,7 @@ func (r *resourceOrganizationFeatures) Create(ctx context.Context, req resource.
resp.Diagnostics.Append(resp.State.Set(ctx, plan)...)
}

func (r *resourceOrganizationFeatures) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
func (r *organizationsFeaturesResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
conn := r.Meta().IAMClient(ctx)

var state resourceOrganizationFeaturesModel
@@ -119,7 +119,7 @@ func (r *resourceOrganizationFeatures) Read(ctx context.Context, req resource.Re
resp.Diagnostics.Append(resp.State.Set(ctx, &state)...)
}

func (r *resourceOrganizationFeatures) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
func (r *organizationsFeaturesResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
conn := r.Meta().IAMClient(ctx)

var plan, state resourceOrganizationFeaturesModel
@@ -152,7 +152,7 @@ func (r *resourceOrganizationFeatures) Update(ctx context.Context, req resource.
resp.Diagnostics.Append(resp.State.Set(ctx, &plan)...)
}

func (r *resourceOrganizationFeatures) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
func (r *organizationsFeaturesResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
conn := r.Meta().IAMClient(ctx)

var state resourceOrganizationFeaturesModel
@@ -175,7 +175,7 @@ func (r *resourceOrganizationFeatures) Delete(ctx context.Context, req resource.
}
}

func (r *resourceOrganizationFeatures) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
func (r *organizationsFeaturesResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
resource.ImportStatePassthroughID(ctx, path.Root(names.AttrID), req, resp)
}

Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ import (
"github.com/hashicorp/terraform-provider-aws/names"
)

func TestAccIAMOrganizationFeatures_basic(t *testing.T) {
func TestAccIAMOrganizationsFeatures_basic(t *testing.T) {
ctx := acctest.Context(t)
var organizationfeatures iam.ListOrganizationsFeaturesOutput
resourceName := "aws_iam_organization_features.test"
@@ -33,12 +33,12 @@ func TestAccIAMOrganizationFeatures_basic(t *testing.T) {
},
ErrorCheck: acctest.ErrorCheck(t, names.IAMServiceID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckOrganizationFeaturesDestroy(ctx),
CheckDestroy: testAccCheckOrganizationsFeaturesDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccOrganizationFeaturesConfig_basic([]string{"RootCredentialsManagement", "RootSessions"}),
Config: testAccOrganizationsFeaturesConfig_basic([]string{"RootCredentialsManagement", "RootSessions"}),
Check: resource.ComposeTestCheckFunc(
testAccCheckOrganizationFeaturesExists(ctx, resourceName, &organizationfeatures),
testAccCheckOrganizationsFeaturesExists(ctx, resourceName, &organizationfeatures),
resource.TestCheckResourceAttr(resourceName, "features.0", "RootCredentialsManagement"),
resource.TestCheckResourceAttr(resourceName, "features.1", "RootSessions"),
),
@@ -49,9 +49,9 @@ func TestAccIAMOrganizationFeatures_basic(t *testing.T) {
ImportStateVerify: false,
},
{
Config: testAccOrganizationFeaturesConfig_basic([]string{"RootCredentialsManagement"}),
Config: testAccOrganizationsFeaturesConfig_basic([]string{"RootCredentialsManagement"}),
Check: resource.ComposeTestCheckFunc(
testAccCheckOrganizationFeaturesExists(ctx, resourceName, &organizationfeatures),
testAccCheckOrganizationsFeaturesExists(ctx, resourceName, &organizationfeatures),
resource.TestCheckResourceAttr(resourceName, "features.0", "RootCredentialsManagement"),
),
}, {
@@ -60,17 +60,17 @@ func TestAccIAMOrganizationFeatures_basic(t *testing.T) {
ImportStateVerify: false,
},
{
Config: testAccOrganizationFeaturesConfig_basic([]string{"RootSessions"}),
Config: testAccOrganizationsFeaturesConfig_basic([]string{"RootSessions"}),
Check: resource.ComposeTestCheckFunc(
testAccCheckOrganizationFeaturesExists(ctx, resourceName, &organizationfeatures),
testAccCheckOrganizationsFeaturesExists(ctx, resourceName, &organizationfeatures),
resource.TestCheckResourceAttr(resourceName, "features.0", "RootSessions"),
),
},
},
})
}

func testAccCheckOrganizationFeaturesDestroy(ctx context.Context) resource.TestCheckFunc {
func testAccCheckOrganizationsFeaturesDestroy(ctx context.Context) resource.TestCheckFunc {
return func(s *terraform.State) error {
conn := acctest.Provider.Meta().(*conns.AWSClient).IAMClient(ctx)

@@ -94,7 +94,7 @@ func testAccCheckOrganizationFeaturesDestroy(ctx context.Context) resource.TestC
}
}

func testAccCheckOrganizationFeaturesExists(ctx context.Context, name string, organizationfeatures *iam.ListOrganizationsFeaturesOutput) resource.TestCheckFunc {
func testAccCheckOrganizationsFeaturesExists(ctx context.Context, name string, organizationfeatures *iam.ListOrganizationsFeaturesOutput) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[name]
if !ok {
@@ -113,7 +113,7 @@ func testAccCheckOrganizationFeaturesExists(ctx context.Context, name string, or
}
}

func testAccOrganizationFeaturesConfig_basic(features []string) string {
func testAccOrganizationsFeaturesConfig_basic(features []string) string {
return fmt.Sprintf(`
resource "aws_iam_organization_features" "test" {
features = [%[1]s]
8 changes: 4 additions & 4 deletions internal/service/iam/service_package_gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

58 changes: 0 additions & 58 deletions website/docs/r/iam_organization_features.html.markdown

This file was deleted.

58 changes: 58 additions & 0 deletions website/docs/r/iam_organizations_features.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
subcategory: "IAM (Identity & Access Management)"
layout: "aws"
page_title: "AWS: aws_iam_organizations_features"
description: |-
Manages centralized root access features.
---

# Resource: aws_iam_organizations_features

Manages centralized root access features across AWS member accounts managed using AWS Organizations. More information about managing root access in IAM can be found in the [Centralize root access for member accounts](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html).

~> **NOTE:** The AWS account utilizing this resource must be an Organizations management account. Also, you must enable trusted access for AWS Identity and Access Management in AWS Organizations.

## Example Usage

```terraform
resource "aws_organizations_organization" "example" {
aws_service_access_principals = ["iam.amazonaws.com"]
feature_set = "ALL"
}

resource "aws_iam_organizations_features" "example" {
features = [
"RootCredentialsManagement",
"RootSessions"
]
}
```

## Argument Reference

The following arguments are required:

* `features` - (Required) List of IAM features to enable. Valid values are `RootCredentialsManagement` and `RootSessions`.

## Attribute Reference

This resource exports the following attributes in addition to the arguments above:

* `id` - AWS Organization identifier.

## Import

In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import root access features using the `id`. For example:

```terraform
import {
to = aws_iam_organizations_features.example
id = "o-1234567"
}
```

Using `terraform import`, import root access features using the `id`. For example:

```console
% terraform import aws_iam_organizations_features.example o-1234567
```