resource/aws_dms_endpoint: Add retry to allow IAM to propagate

Allows the IAM Role for DynamoDB to propagate for use in DMS Endpoint
hashicorp · Jun 29, 2017 · eac5ceb · eac5ceb
1 parent 84e031a
commit eac5ceb
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 10 deletions.
diff --git a/aws/resource_aws_dms_endpoint.go b/aws/resource_aws_dms_endpoint.go
@@ -4,9 +4,12 @@ import (
 	"log"
 	"strings"
 
+	"time"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	dms "github.com/aws/aws-sdk-go/service/databasemigrationservice"
+	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/validation"
 )
@@ -159,7 +162,20 @@ func resourceAwsDmsEndpointCreate(d *schema.ResourceData, meta interface{}) erro
 
 	log.Println("[DEBUG] DMS create endpoint:", request)
 
-	_, err := conn.CreateEndpoint(request)
+	err := resource.Retry(5*time.Minute, func() *resource.RetryError {
+		if _, err := conn.CreateEndpoint(request); err != nil {
+			if awserr, ok := err.(awserr.Error); ok {
+				switch awserr.Code() {
+				case "AccessDeniedFault":
+					return resource.RetryableError(awserr)
+				}
+			}
+			// Didn't recognize the error, so shouldn't retry.
+			return resource.NonRetryableError(err)
+		}
+		// Successful delete
+		return nil
+	})
 	if err != nil {
 		return err
 	}

diff --git a/aws/resource_aws_dms_endpoint_test.go b/aws/resource_aws_dms_endpoint_test.go
@@ -76,8 +76,6 @@ func TestAccAwsDmsEndpointDynamoDb(t *testing.T) {
 				Config: dmsEndpointDynamoDbConfigUpdate(randId),
 				Check: resource.ComposeTestCheckFunc(
 					checkDmsEndpointExists(resourceName),
-					resource.TestCheckResourceAttr(resourceName, "ssl_mode", "none"),
-					resource.TestCheckResourceAttr(resourceName, "server_name", "tftestupdate"),
 				),
 			},
 		},
@@ -182,14 +180,15 @@ resource "aws_dms_endpoint" "dms_endpoint" {
 	endpoint_id = "tf-test-dms-endpoint-%[1]s"
 	endpoint_type = "target"
 	engine_name = "dynamodb"
-	server_name = "tftest"
 	service_access_role = "${aws_iam_role.iam_role.arn}"
 	ssl_mode = "none"
 	tags {
 		Name = "tf-test-dynamodb-endpoint-%[1]s"
 		Update = "to-update"
 		Remove = "to-remove"
 	}
+
+	depends_on = ["aws_iam_role_policy.dms_dynamodb_access"]
 }
 resource "aws_iam_role" "iam_role" {
   name = "tf-test-iam-dynamodb-role-%[1]s"
@@ -244,7 +243,6 @@ resource "aws_dms_endpoint" "dms_endpoint" {
 	endpoint_id = "tf-test-dms-endpoint-%[1]s"
 	endpoint_type = "target"
 	engine_name = "dynamodb"
-	server_name = "tftestupdate"
 	service_access_role = "${aws_iam_role.iam_role.arn}"
 	ssl_mode = "none"
 	tags {

diff --git a/website/docs/r/dms_endpoint.html.markdown b/website/docs/r/dms_endpoint.html.markdown
@@ -53,15 +53,15 @@ The following arguments are supported:
     - Must not contain two consecutive hyphens
 
 * `endpoint_type` - (Required) The type of endpoint. Can be one of `source | target`.
-* `engine_name` - (Required) The type of engine for the endpoint. Can be one of `mysql | oracle | postgres | mariadb | aurora | redshift | sybase | sqlserver`.
+* `engine_name` - (Required) The type of engine for the endpoint. Can be one of `mysql | oracle | postgres | mariadb | aurora | redshift | sybase | sqlserver | dynamodb`.
 * `extra_connection_attributes` - (Optional) Additional attributes associated with the connection. For available attributes see [Using Extra Connection Attributes with AWS Database Migration Service](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Introduction.ConnectionAttributes.html).
 * `kms_key_arn` - (Optional) The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.
-* `password` - (Required) The password to be used to login to the endpoint database.
-* `port` - (Required) The port used by the endpoint database.
-* `server_name` - (Required) The host name of the server.
+* `password` - (Optional) The password to be used to login to the endpoint database.
+* `port` - (Optional) The port used by the endpoint database.
+* `server_name` - (Optional) The host name of the server.
 * `ssl_mode` - (Optional, Default: none) The SSL mode to use for the connection. Can be one of `none | require | verify-ca | verify-full`
 * `tags` - (Optional) A mapping of tags to assign to the resource.
-* `username` - (Required) The user name to be used to login to the endpoint database.
+* `username` - (Optional) The user name to be used to login to the endpoint database.
 
 ## Attributes Reference