hashicorp · grubernaut · May 17, 2017 · Feb 10, 2017
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
@@ -370,7 +370,6 @@ func Provider() terraform.ResourceProvider {
 			"aws_nat_gateway":                              resourceAwsNatGateway(),
 			"aws_network_acl":                              resourceAwsNetworkAcl(),
 			"aws_default_network_acl":                      resourceAwsDefaultNetworkAcl(),
-			"aws_default_route_table":                      resourceAwsDefaultRouteTable(),
 			"aws_network_acl_rule":                         resourceAwsNetworkAclRule(),
 			"aws_network_interface":                        resourceAwsNetworkInterface(),
 			"aws_network_interface_attachment":             resourceAwsNetworkInterfaceAttachment(),
@@ -406,6 +405,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_route53_health_check":                     resourceAwsRoute53HealthCheck(),
 			"aws_route":                                    resourceAwsRoute(),
 			"aws_route_table":                              resourceAwsRouteTable(),
+			"aws_default_route_table":                      resourceAwsDefaultRouteTable(),
 			"aws_route_table_association":                  resourceAwsRouteTableAssociation(),
 			"aws_ses_active_receipt_rule_set":              resourceAwsSesActiveReceiptRuleSet(),
 			"aws_ses_domain_identity":                      resourceAwsSesDomainIdentity(),
@@ -418,8 +418,8 @@ func Provider() terraform.ResourceProvider {
 			"aws_s3_bucket_policy":                         resourceAwsS3BucketPolicy(),
 			"aws_s3_bucket_object":                         resourceAwsS3BucketObject(),
 			"aws_s3_bucket_notification":                   resourceAwsS3BucketNotification(),
-			"aws_default_security_group":                   resourceAwsDefaultSecurityGroup(),
 			"aws_security_group":                           resourceAwsSecurityGroup(),
+			"aws_default_security_group":                   resourceAwsDefaultSecurityGroup(),
 			"aws_security_group_rule":                      resourceAwsSecurityGroupRule(),
 			"aws_simpledb_domain":                          resourceAwsSimpleDBDomain(),
 			"aws_ssm_activation":                           resourceAwsSsmActivation(),
@@ -447,22 +447,23 @@ func Provider() terraform.ResourceProvider {
 			"aws_vpc_dhcp_options":                         resourceAwsVpcDhcpOptions(),
 			"aws_vpc_peering_connection":                   resourceAwsVpcPeeringConnection(),
 			"aws_vpc_peering_connection_accepter":          resourceAwsVpcPeeringConnectionAccepter(),
-			"aws_vpc":                                  resourceAwsVpc(),
-			"aws_vpc_endpoint":                         resourceAwsVpcEndpoint(),
-			"aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(),
-			"aws_vpn_connection":                       resourceAwsVpnConnection(),
-			"aws_vpn_connection_route":                 resourceAwsVpnConnectionRoute(),
-			"aws_vpn_gateway":                          resourceAwsVpnGateway(),
-			"aws_vpn_gateway_attachment":               resourceAwsVpnGatewayAttachment(),
-			"aws_waf_byte_match_set":                   resourceAwsWafByteMatchSet(),
-			"aws_waf_ipset":                            resourceAwsWafIPSet(),
-			"aws_waf_rule":                             resourceAwsWafRule(),
-			"aws_waf_size_constraint_set":              resourceAwsWafSizeConstraintSet(),
-			"aws_waf_web_acl":                          resourceAwsWafWebAcl(),
-			"aws_waf_xss_match_set":                    resourceAwsWafXssMatchSet(),
-			"aws_waf_sql_injection_match_set":          resourceAwsWafSqlInjectionMatchSet(),
-			"aws_wafregional_byte_match_set":           resourceAwsWafRegionalByteMatchSet(),
-			"aws_wafregional_ipset":                    resourceAwsWafRegionalIPSet(),
+			"aws_default_vpc":                              resourceAwsDefaultVpc(),
+			"aws_vpc":                                      resourceAwsVpc(),
+			"aws_vpc_endpoint":                             resourceAwsVpcEndpoint(),
+			"aws_vpc_endpoint_route_table_association":     resourceAwsVpcEndpointRouteTableAssociation(),
+			"aws_vpn_connection":                           resourceAwsVpnConnection(),
+			"aws_vpn_connection_route":                     resourceAwsVpnConnectionRoute(),
+			"aws_vpn_gateway":                              resourceAwsVpnGateway(),
+			"aws_vpn_gateway_attachment":                   resourceAwsVpnGatewayAttachment(),
+			"aws_waf_byte_match_set":                       resourceAwsWafByteMatchSet(),
+			"aws_waf_ipset":                                resourceAwsWafIPSet(),
+			"aws_waf_rule":                                 resourceAwsWafRule(),
+			"aws_waf_size_constraint_set":                  resourceAwsWafSizeConstraintSet(),
+			"aws_waf_web_acl":                              resourceAwsWafWebAcl(),
+			"aws_waf_xss_match_set":                        resourceAwsWafXssMatchSet(),
+			"aws_waf_sql_injection_match_set":              resourceAwsWafSqlInjectionMatchSet(),
+			"aws_wafregional_byte_match_set":               resourceAwsWafRegionalByteMatchSet(),
+			"aws_wafregional_ipset":                        resourceAwsWafRegionalIPSet(),
 		},
 		ConfigureFunc: providerConfigure,
 	}

diff --git a/builtin/providers/aws/resource_aws_default_vpc.go b/builtin/providers/aws/resource_aws_default_vpc.go
@@ -0,0 +1,61 @@
+package aws
+
+import (
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsDefaultVpc() *schema.Resource {
+	// reuse aws_vpc schema, and methods for READ, UPDATE
+	dvpc := resourceAwsVpc()
+	dvpc.Create = resourceAwsDefaultVpcCreate
+	dvpc.Delete = resourceAwsDefaultVpcDelete
+
+	// cidr_block is a computed value for Default VPCs
+	dvpc.Schema["cidr_block"] = &schema.Schema{
+		Type:     schema.TypeString,
+		Computed: true,
+	}
+	// instance_tenancy is a computed value for Default VPCs
+	dvpc.Schema["instance_tenancy"] = &schema.Schema{
+		Type:     schema.TypeString,
+		Computed: true,
+	}
+	// assign_generated_ipv6_cidr_block is a computed value for Default VPCs
+	dvpc.Schema["assign_generated_ipv6_cidr_block"] = &schema.Schema{
+		Type:     schema.TypeBool,
+		Computed: true,
+	}
+
+	return dvpc
+}
+
+func resourceAwsDefaultVpcCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).ec2conn
+	req := &ec2.DescribeVpcsInput{
+		Filters: []*ec2.Filter{
+			&ec2.Filter{
+				Name:   aws.String("isDefault"),
+				Values: aws.StringSlice([]string{"true"}),
+			},
+		},
+	}
+
+	resp, err := conn.DescribeVpcs(req)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(aws.StringValue(resp.Vpcs[0].VpcId))
+
+	return resourceAwsVpcUpdate(d, meta)
+}
+
+func resourceAwsDefaultVpcDelete(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[WARN] Cannot destroy Default VPC. Terraform will remove this resource from the state file, however resources may remain.")
+	d.SetId("")
+	return nil
+}
diff --git a/builtin/providers/aws/resource_aws_default_vpc_test.go b/builtin/providers/aws/resource_aws_default_vpc_test.go
@@ -0,0 +1,58 @@
+// make testacc TEST=./builtin/providers/aws/ TESTARGS='-run=TestAccAWSDefaultVpc_'
+package aws
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSDefaultVpc_basic(t *testing.T) {
+	var vpc ec2.Vpc
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSDefaultVpcDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSDefaultVpcConfigBasic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVpcExists("aws_default_vpc.foo", &vpc),
+					testAccCheckVpcCidr(&vpc, "172.31.0.0/16"),
+					resource.TestCheckResourceAttr(
+						"aws_default_vpc.foo", "cidr_block", "172.31.0.0/16"),
+					resource.TestCheckResourceAttr(
+						"aws_default_vpc.foo", "tags.%", "1"),
+					resource.TestCheckResourceAttr(
+						"aws_default_vpc.foo", "tags.Name", "Default VPC"),
+					resource.TestCheckNoResourceAttr(
+						"aws_default_vpc.foo", "assign_generated_ipv6_cidr_block"),
+					resource.TestCheckNoResourceAttr(
+						"aws_default_vpc.foo", "ipv6_association_id"),
+					resource.TestCheckNoResourceAttr(
+						"aws_default_vpc.foo", "ipv6_cidr_block"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAWSDefaultVpcDestroy(s *terraform.State) error {
+	// We expect VPC to still exist
+	return nil
+}
+
+const testAccAWSDefaultVpcConfigBasic = `
+provider "aws" {
+    region = "us-west-2"
+}
+
+resource "aws_default_vpc" "foo" {
+	tags {
+		Name = "Default VPC"
+	}
+}
+`
diff --git a/website/source/docs/providers/aws/r/default_vpc.html.markdown b/website/source/docs/providers/aws/r/default_vpc.html.markdown
@@ -0,0 +1,76 @@
+---
+layout: "aws"
+page_title: "AWS: aws_default_vpc"
+sidebar_current: "docs-aws-resource-default-vpc"
+description: |-
+  Manage the default VPC resource.
+---
+
+# aws\_default\_vpc
+
+Provides a resource to manage the [default AWS VPC](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html)
+in the current region.
+
+For AWS accounts created after 2013-12-04, each region comes with a Default VPC.
+**This is an advanced resource**, and has special caveats to be aware of when
+using it. Please read this document in its entirety before using this resource.
+
+The `aws_default_vpc` behaves differently from normal resources, in that
+Terraform does not _create_ this resource, but instead "adopts" it
+into management. 
+
+## Example Usage
+
+Basic usage with tags:
+
+```
+resource "aws_default_vpc" "default" {
+	tags {
+		Name = "Default VPC"
+	}
+}
+```
+
+## Argument Reference
+
+The arguments of an `aws_default_vpc` differ slightly from `aws_vpc` 
+resources. Namely, the `cidr_block`, `instance_tenancy` and `assign_generated_ipv6_cidr_block`
+arguments are computed. The following arguments are still supported: 
+
+* `enable_dns_support` - (Optional) A boolean flag to enable/disable DNS support in the VPC. Defaults true.
+* `enable_dns_hostnames` - (Optional) A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.
+* `enable_classiclink` - (Optional) A boolean flag to enable/disable ClassicLink 
+  for the VPC. Only valid in regions and accounts that support EC2 Classic.
+  See the [ClassicLink documentation][1] for more information. Defaults false.
+* `tags` - (Optional) A mapping of tags to assign to the resource.
+
+### Removing `aws_default_vpc` from your configuration
+
+The `aws_default_vpc` resource allows you to manage a region's default VPC,
+but Terraform cannot destroy it. Removing this resource from your configuration
+will remove it from your statefile and management, but will not destroy the VPC.
+You can resume managing the VPC via the AWS Console.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID of the VPC
+* `cidr_block` - The CIDR block of the VPC
+* `instance_tenancy` - Tenancy of instances spin up within VPC.
+* `enable_dns_support` - Whether or not the VPC has DNS support
+* `enable_dns_hostnames` - Whether or not the VPC has DNS hostname support
+* `enable_classiclink` - Whether or not the VPC has Classiclink enabled
+* `assign_generated_ipv6_cidr_block` - Whether or not an Amazon-provided IPv6 CIDR 
+block with a /56 prefix length for the VPC was assigned
+* `main_route_table_id` - The ID of the main route table associated with
+     this VPC. Note that you can change a VPC's main route table by using an
+     [`aws_main_route_table_association`](/docs/providers/aws/r/main_route_table_assoc.html)
+* `default_network_acl_id` - The ID of the network ACL created by default on VPC creation
+* `default_security_group_id` - The ID of the security group created by default on VPC creation
+* `default_route_table_id` - The ID of the route table created by default on VPC creation
+* `ipv6_association_id` - The association ID for the IPv6 CIDR block of the VPC
+* `ipv6_cidr_block` - The IPv6 CIDR block of the VPC
+
+
+[1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
@@ -1349,6 +1349,10 @@
                             <a href="/docs/providers/aws/r/default_subnet.html">aws_default_subnet</a>
                         </li>
 
+                        <li<%= sidebar_current("docs-aws-resource-default-vpc") %>>
+                            <a href="/docs/providers/aws/r/default_vpc.html">aws_default_vpc</a>
+                        </li>
+
                         <li<%= sidebar_current("docs-aws-resource-default-vpc-dhcp-options") %>>
                             <a href="/docs/providers/aws/r/default_vpc_dhcp_options.html">aws_default_vpc_dhcp_options</a>
                         </li>