From b1492dce59c8ef074c1dce5102ea695c6ba8e8c5 Mon Sep 17 00:00:00 2001
From: "matt.mercer" <matt.mercer@nhs.net>
Date: Sat, 26 May 2018 18:07:53 +0100
Subject: [PATCH] added support for custom endpoints for SSM

---
 aws/config.go                    | 4 +++-
 aws/provider.go                  | 9 +++++++++
 website/docs/index.html.markdown | 4 ++++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/aws/config.go b/aws/config.go
index a0db21fb7ac..ddd37e24c7a 100644
--- a/aws/config.go
+++ b/aws/config.go
@@ -136,6 +136,7 @@ type Config struct {
 	SnsEndpoint              string
 	SqsEndpoint              string
 	StsEndpoint              string
+	SsmEndpoint              string
 	Insecure                 bool
 
 	SkipCredsValidation     bool
@@ -400,6 +401,7 @@ func (c *Config) Client() (interface{}, error) {
 	awsSqsSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.SqsEndpoint)})
 	awsStsSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.StsEndpoint)})
 	awsDeviceFarmSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.DeviceFarmEndpoint)})
+	awsSsmSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.SsmEndpoint)})
 
 	log.Println("[INFO] Initializing DeviceFarm SDK connection")
 	client.devicefarmconn = devicefarm.New(awsDeviceFarmSess)
@@ -506,7 +508,7 @@ func (c *Config) Client() (interface{}, error) {
 	client.sfnconn = sfn.New(sess)
 	client.snsconn = sns.New(awsSnsSess)
 	client.sqsconn = sqs.New(awsSqsSess)
-	client.ssmconn = ssm.New(sess)
+	client.ssmconn = ssm.New(awsSsmSess)
 	client.wafconn = waf.New(sess)
 	client.wafregionalconn = wafregional.New(sess)
 	client.batchconn = batch.New(sess)
diff --git a/aws/provider.go b/aws/provider.go
index 28768518399..4cfc8797fd9 100644
--- a/aws/provider.go
+++ b/aws/provider.go
@@ -699,6 +699,8 @@ func init() {
 
 		"sqs_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
 
+		"ssm_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n",
+
 		"insecure": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," +
 			"default value is `false`",
 
@@ -804,6 +806,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		config.SnsEndpoint = endpoints["sns"].(string)
 		config.SqsEndpoint = endpoints["sqs"].(string)
 		config.StsEndpoint = endpoints["sts"].(string)
+		config.SsmEndpoint = endpoints["ssm"].(string)
 	}
 
 	if v, ok := d.GetOk("allowed_account_ids"); ok {
@@ -1003,6 +1006,12 @@ func endpointsSchema() *schema.Schema {
 					Default:     "",
 					Description: descriptions["sts_endpoint"],
 				},
+				"ssm": {
+					Type:        schema.TypeString,
+					Optional:    true,
+					Default:     "",
+					Description: descriptions["ssm_endpoint"],
+				},
 			},
 		},
 		Set: endpointsToHash,
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
index 04daada8cbf..09f612fc83d 100644
--- a/website/docs/index.html.markdown
+++ b/website/docs/index.html.markdown
@@ -343,6 +343,10 @@ Nested `endpoints` block supports the following:
   URL constructed from the `region`. It's typically used to connect to
   custom STS endpoints.
 
+* `ssm` - (Optional) Use this to override the default endpoint
+  URL constructed from the `region`. It's typically used to connect to
+  custom STS endpoints.
+
 ## Getting the Account ID
 
 If you use either `allowed_account_ids` or `forbidden_account_ids`,