Merge pull request #350 from pmoust/elb_ssl_certificate_id

Add listener.ssl_certificate_id support to AWS ELB

CHANGELOG.md

@@ -28,8 +28,9 @@ IMPROVEMENTS:
   * providers/aws: New resource `db_subnet_group`. [GH-295]
   * providers/aws: Add `map_public_ip_on_launch` for subnets. [GH-285]
   * providers/aws: Add `iam_instance_profile` for instances. [GH-319]
-  * providers/aws: add `internal` option for ELBs. [GH-303]
-  * providers/aws: add `self` option for security groups for ingress
+  * providers/aws: Add `internal` option for ELBs. [GH-303]
+  * providers/aws: Add `ssl_certificate_id` for ELB listeners. [GH-350]
+  * providers/aws: Add `self` option for security groups for ingress
       rules with self as source. [GH-303]
   * providers/google: Support `target_tags` for firewalls. [GH-324]
 

builtin/providers/aws/resource_aws_elb.go

@@ -353,6 +353,7 @@ func resource_aws_elb_validation() *config.Validator {
 		},
 		Optional: []string{
 			"instances.*",
+			"listener.*.ssl_certificate_id",
 			"internal",
 			"availability_zones.*",
 			"security_groups.*",

builtin/providers/aws/resource_aws_elb_test.go

@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"os"
 	"reflect"
 	"testing"
 
@@ -12,6 +13,7 @@ import (
 
 func TestAccAWSELB_basic(t *testing.T) {
 	var conf elb.LoadBalancer
+	ssl_certificate_id := os.Getenv("AWS_SSL_CERTIFICATE_ID")
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -35,6 +37,8 @@ func TestAccAWSELB_basic(t *testing.T) {
 						"aws_elb.bar", "listener.0.instance_port", "8000"),
 					resource.TestCheckResourceAttr(
 						"aws_elb.bar", "listener.0.instance_protocol", "http"),
+					resource.TestCheckResourceAttr(
+						"aws_elb.bar", "listener.0.ssl_certificate_id", ssl_certificate_id),
 					resource.TestCheckResourceAttr(
 						"aws_elb.bar", "listener.0.lb_port", "80"),
 					resource.TestCheckResourceAttr(
@@ -277,6 +281,21 @@ resource "aws_instance" "foo" {
 }
 `
 
+const testAccAWSELBConfigListenerSSLCertificateId = `
+resource "aws_elb" "bar" {
+  name = "foobar-terraform-test"
+  availability_zones = ["us-west-2a"]
+
+  listener {
+    instance_port = 8000
+    instance_protocol = "http"
+    ssl_certificate_id = "%s"
+    lb_port = 443
+    lb_protocol = "https"
+  }
+}
+`
+
 const testAccAWSELBConfigHealthCheck = `
 resource "aws_elb" "bar" {
   name = "foobar-terraform-test"

builtin/providers/aws/resource_provider_test.go

@@ -92,4 +92,7 @@ func testAccPreCheck(t *testing.T) {
 		log.Println("[INFO] Test: Using us-west-2 as test region")
 		os.Setenv("AWS_REGION", "us-west-2")
 	}
+	if v := os.Getenv("AWS_SSL_CERTIFICATE_ID"); v == "" {
+		t.Fatal("AWS_SSL_CERTIFICATE_ID must be set for acceptance tests")
+	}
 }

builtin/providers/aws/structure.go

@@ -33,6 +33,11 @@ func expandListeners(configured []interface{}) ([]elb.Listener, error) {
 			Protocol:         newL["lb_protocol"].(string),
 		}
 
+		if attr, ok := newL["ssl_certificate_id"].(string); ok {
+			l.SSLCertificateId = attr
+		}
+
+
 		listeners = append(listeners, l)
 	}
 

builtin/providers/aws/structure_test.go

@@ -70,9 +70,9 @@ func Test_expandIPPerms(t *testing.T) {
 			},
 		},
 		ec2.IPPerm{
-			Protocol:  "icmp",
-			FromPort:  1,
-			ToPort:    -1,
+			Protocol: "icmp",
+			FromPort: 1,
+			ToPort:   -1,
 			SourceGroups: []ec2.UserSecurityGroup{
 				ec2.UserSecurityGroup{
 					Id: "foo",

website/source/docs/providers/aws/r/elb.html.markdown

@@ -23,6 +23,14 @@ resource "aws_elb" "bar" {
     lb_protocol = "http"
   }
 
+  listener {
+    instance_port = 8000
+    instance_protocol = "http"
+    lb_port = 443
+    lb_protocol = "https"
+    ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName" 
+  }
+
   health_check {
     healthy_threshold = 2
     unhealthy_threshold = 2
@@ -54,6 +62,7 @@ Listeners support the following:
 * `instance_protocol` - (Required) The the protocol to use to the instance.
 * `lb_port` - (Required) The port to listen on for the load balancer
 * `lb_protocol` - (Required) The protocol to listen on.
+* `ssl_certificate_id` - (Optional) The id of an SSL certificate you have uploaded to AWS IAM.
 
 Health Check supports the following: