diff --git a/.changelog/25496.txt b/.changelog/25496.txt new file mode 100644 index 000000000000..ec7eb88762ea --- /dev/null +++ b/.changelog/25496.txt @@ -0,0 +1,3 @@ +```release-note:new-data-source +aws_route53_resolver_firewall_config +``` \ No newline at end of file diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 2231aa86af9c..99ded78c4718 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -846,9 +846,10 @@ func New(_ context.Context) (*schema.Provider, error) { "aws_route53_traffic_policy_document": route53.DataSourceTrafficPolicyDocument(), "aws_route53_zone": route53.DataSourceZone(), - "aws_route53_resolver_endpoint": route53resolver.DataSourceEndpoint(), - "aws_route53_resolver_rule": route53resolver.DataSourceRule(), - "aws_route53_resolver_rules": route53resolver.DataSourceRules(), + "aws_route53_resolver_endpoint": route53resolver.DataSourceEndpoint(), + "aws_route53_resolver_firewall_config": route53resolver.DataSourceFirewallConfig(), + "aws_route53_resolver_rule": route53resolver.DataSourceRule(), + "aws_route53_resolver_rules": route53resolver.DataSourceRules(), "aws_canonical_user_id": s3.DataSourceCanonicalUserID(), "aws_s3_bucket": s3.DataSourceBucket(), diff --git a/internal/service/route53resolver/firewall_config_data_source.go b/internal/service/route53resolver/firewall_config_data_source.go new file mode 100644 index 000000000000..3632bac69ff6 --- /dev/null +++ b/internal/service/route53resolver/firewall_config_data_source.go @@ -0,0 +1,54 @@ +package route53resolver + +import ( + "context" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/route53resolver" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-aws/internal/conns" +) + +func DataSourceFirewallConfig() *schema.Resource { + return &schema.Resource{ + ReadWithoutTimeout: dataSourceFirewallConfigRead, + + Schema: map[string]*schema.Schema{ + "firewall_fail_open": { + Type: schema.TypeString, + Computed: true, + }, + "owner_id": { + Type: schema.TypeString, + Computed: true, + }, + "resource_id": { + Type: schema.TypeString, + Required: true, + }, + }, + } +} + +func dataSourceFirewallConfigRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + conn := meta.(*conns.AWSClient).Route53ResolverConn + + input := &route53resolver.GetFirewallConfigInput{ + ResourceId: aws.String(d.Get("resource_id").(string)), + } + + output, err := conn.GetFirewallConfigWithContext(ctx, input) + + if err != nil { + return diag.Errorf("reading Route53 Resolver Firewall Config: %s", err) + } + + firewallConfig := output.FirewallConfig + d.SetId(aws.StringValue(firewallConfig.Id)) + d.Set("firewall_fail_open", firewallConfig.FirewallFailOpen) + d.Set("owner_id", firewallConfig.OwnerId) + d.Set("resource_id", firewallConfig.ResourceId) + + return nil +} diff --git a/internal/service/route53resolver/firewall_config_data_source_test.go b/internal/service/route53resolver/firewall_config_data_source_test.go new file mode 100644 index 000000000000..e8c5ca21dc28 --- /dev/null +++ b/internal/service/route53resolver/firewall_config_data_source_test.go @@ -0,0 +1,56 @@ +package route53resolver_test + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/service/route53resolver" + sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" +) + +func TestAccRoute53ResolverFirewallConfigDataSource_basic(t *testing.T) { + dataSourceName := "data.aws_route53_resolver_firewall_config.test" + resourceName := "aws_route53_resolver_firewall_config.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t); testAccPreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, route53resolver.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccFirewallConfigDataSourceConfig_basic(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "firewall_fail_open", resourceName, "firewall_fail_open"), + resource.TestCheckResourceAttrPair(dataSourceName, "owner_id", resourceName, "owner_id"), + resource.TestCheckResourceAttrPair(dataSourceName, "resource_id", resourceName, "resource_id"), + ), + }, + }, + }) +} + +func testAccFirewallConfigDataSourceConfig_basic(rName string) string { + return fmt.Sprintf(` +resource "aws_vpc" "test" { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true + + tags = { + Name = %[1]q + } +} + +resource "aws_route53_resolver_firewall_config" "test" { + resource_id = aws_vpc.test.id + firewall_fail_open = "ENABLED" +} + +data "aws_route53_resolver_firewall_config" "test" { + resource_id = aws_vpc.test.id +} +`, rName) +} diff --git a/website/docs/d/route53_resolver_firewall_config.html.markdown b/website/docs/d/route53_resolver_firewall_config.html.markdown new file mode 100644 index 000000000000..c4b04149ab50 --- /dev/null +++ b/website/docs/d/route53_resolver_firewall_config.html.markdown @@ -0,0 +1,33 @@ +--- +subcategory: "Route 53 Resolver" +layout: "aws" +page_title: "AWS: aws_route53_resolver_firewall_config" +description: |- + Provides details about a specific a Route 53 Resolver DNS Firewall config. +--- + +# Data Source: aws_route53_resolver_firewall_config + +`aws_route53_resolver_firewall_config` provides details about a specific a Route 53 Resolver DNS Firewall config. + +This data source allows to find a details about a specific a Route 53 Resolver DNS Firewall config. + +## Example Usage + +The following example shows how to get a firewall config using the VPC ID. + +```terraform +data "aws_route53_resolver_firewall_config" "example" { + resource_id = "vpc-exampleid" +} +``` + +## Argument Reference + +* `resource_id` - (Required) The ID of the VPC from Amazon VPC that the configuration is for. + +The following attribute is additionally exported: + +* `firewall_fail_open` - Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. +* `id` - The ID of the firewall configuration. +* `owner_id` - The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to.