From cc79e6cb8d4971abb31d41e69265b963ae81dd1f Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Tue, 7 Jul 2015 12:06:36 -0600
Subject: [PATCH] provider/aws: Fix issue in Classic env with external Security
 Groups

Linking a security group from another account requires setting the UserID, which
we were stripping out
---
 builtin/providers/aws/structure.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go
index d4847de1d7e5..59bc61b14aba 100644
--- a/builtin/providers/aws/structure.go
+++ b/builtin/providers/aws/structure.go
@@ -157,12 +157,15 @@ func expandIPPerms(
 
 				perm.UserIDGroupPairs[i] = &ec2.UserIDGroupPair{
 					GroupID: aws.String(id),
-					UserID:  aws.String(ownerId),
 				}
+
+				if ownerId != "" {
+					perm.UserIDGroupPairs[i].UserID = aws.String(ownerId)
+				}
+
 				if !vpc {
 					perm.UserIDGroupPairs[i].GroupID = nil
 					perm.UserIDGroupPairs[i].GroupName = aws.String(id)
-					perm.UserIDGroupPairs[i].UserID = nil
 				}
 			}
 		}