Merge commit '5293a0e3b1366ee16d8742b9b2354781a79bfbd9'

* commit '5293a0e3b1366ee16d8742b9b2354781a79bfbd9': (224 commits)
  v1.9.0
  Update CHANGELOG for hashicorp#1101 and hashicorp#3283
  docs/resource/aws_sns_platform_application: Add note about platform_credential and platform_principal hashing
  resource/aws_sns_platform_application: Refactor ID parsing to its own function, use testing.T in testAccAwsSnsPlatformApplicationPlatformFromEnv
  Add lambda example (hashicorp#3168)
  Update CHANGELOG for hashicorp#3157
  docs/data-source/aws_region: Remove now deprecated current argument
  data-source/aws_region: Refactor logic into findRegionByEc2Endpoint and findRegionByName functions
  Update CHANGELOG for hashicorp#3301
  Update CHANGELOG for hashicorp#2559 and hashicorp#3240
  Update CHANGELOG.md
  resource/aws_kinesis_stream: Retry deletion on LimitExceededException (hashicorp#3108)
  Update CHANGELOG.md
  resource/aws_dynamodb_table_item: Cleanup + add missing bits
  Added dynamodb_table_item resource hashicorp#517
  Update CHANGELOG.md
  New Resource: aws_cloud9_environment_ec2
  Update CHANGELOG.md
  Fixed markdown typo in docs
  resource/aws_kinesis_firehose_delivery_stream: Prevent crashes on empty CloudWatchLoggingOptions and fix extended_s3_configuration kms_key_arn
  ...

# Conflicts:
#	aws/validators.go

.github/CONTRIBUTING.md

@@ -255,16 +255,16 @@ into Terraform.
 
 #### New Region
 
-Implementing a new region gives Terraform the ability to connect and interact
-with endpoints in a new geographic area. While baseline region support is fairly
-trivial to add, new regions are generally limited in which services they support.
+While region validation is automatically added with SDK updates, new regions
+are generally limited in which services they support. Below are some
+manually sourced values from documentation.
 
- - [ ] Add region to `aws/config.go`
  - [ ] Check [Regions and Endpoints ELB regions](https://docs.aws.amazon.com/general/latest/gr/rande.html#elb_region) and add Route53 Hosted Zone ID if available to `aws/data_source_aws_elb_hosted_zone_id.go`
  - [ ] Check [Regions and Endpoints S3 website endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_website_region_endpoints) and add Route53 Hosted Zone ID if available to `aws/hosted_zones.go`
  - [ ] Check [CloudTrail Supported Regions docs](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-regions.html) and add AWS Account ID if available to `aws/data_source_aws_cloudtrail_service_account.go`
  - [ ] Check [Elastic Load Balancing Access Logs docs](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy) and add Elastic Load Balancing Account ID if available to `aws/data_source_aws_elb_service_account.go`
  - [ ] Check [Redshift Database Audit Logging docs](https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html) and add AWS Account ID if available to `aws/data_source_aws_redshift_service_account.go`
+ - [ ] Check [Regions and Endpoints Elastic Beanstalk](https://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region) and add Route53 Hosted Zone ID if available to `aws/data_source_aws_elastic_beanstalk_hosted_zone.go`]
 
 #### Terraform Schema and Code Idiosyncracies
 
@@ -280,17 +280,17 @@ and style
  - [ ] __`Computed`__: The `Computed` attribute is generally used in isolation for
    any IDs or anything not defined in the config and returned by the API.
  - [ ] __`Computed` with `Optional`__: The `Computed` attribute is generally used
-   in conjunction with `Optional` when the API automatically sets unpredictable 
-   default value or when the value is generally not static and depends on other 
+   in conjunction with `Optional` when the API automatically sets unpredictable
+   default value or when the value is generally not static and depends on other
    attributes.
- - [ ] __Spelling__: When referencing reosources in the AWS API, use spelling which 
+ - [ ] __Spelling__: When referencing resources in the AWS API, use spelling which
    matches that of official AWS documentation. In all other cases, use American
    spelling for variables, functions, and constants.
  - [ ] __Removed Resources__:  If a resource is removed from AWS outside of
    Terraform (e.g. via different tool, API or web UI), make sure to catch this case.
    Print a `[WARN]` log message, and use `d.SetId("")` to remove the resource from
    state inside `Read()`.
- 
+
 
 ### Writing Acceptance Tests
 

.goreleaser.yml

@@ -7,10 +7,6 @@ builds:
       - linux
     goarch:
       - amd64
-      - 386
-    ignore:
-      - goos: darwin
-        goarch: 386
 
 # Archive customization
 archive:

CHANGELOG.md

@@ -1,3 +1,76 @@
+## 1.9.0 (February 09, 2018)
+
+NOTES:
+
+* data-source/aws_region: `current` field is deprecated and the data source defaults to the provider region if no endpoint or name is specified ([#3157](https://github.com/terraform-providers/terraform-provider-aws/issues/3157))
+
+FEATURES:
+
+* **New Data Source:** `aws_elastic_beanstalk_hosted_zone` ([#3208](https://github.com/terraform-providers/terraform-provider-aws/issues/3208))
+* **New Data Source:** `aws_iam_policy` ([#1999](https://github.com/terraform-providers/terraform-provider-aws/issues/1999))
+* **New Resource:** `aws_acm_certificate` ([#2813](https://github.com/terraform-providers/terraform-provider-aws/issues/2813))
+* **New Resource:** `aws_acm_certificate_validation` ([#2813](https://github.com/terraform-providers/terraform-provider-aws/issues/2813))
+* **New Resource:** `aws_api_gateway_documentation_version` ([#3287](https://github.com/terraform-providers/terraform-provider-aws/issues/3287))
+* **New Resource:** `aws_cloud9_environment_ec2` ([#3291](https://github.com/terraform-providers/terraform-provider-aws/issues/3291))
+* **New Resource:** `aws_cognito_user_group` ([#3010](https://github.com/terraform-providers/terraform-provider-aws/issues/3010))
+* **New Resource:** `aws_dynamodb_table_item` ([#3238](https://github.com/terraform-providers/terraform-provider-aws/issues/3238))
+* **New Resource:** `aws_guardduty_ipset` ([#3161](https://github.com/terraform-providers/terraform-provider-aws/issues/3161))
+* **New Resource:** `aws_guardduty_threatintelset` ([#3200](https://github.com/terraform-providers/terraform-provider-aws/issues/3200))
+* **New Resource:** `aws_iot_topic_rule` ([#1858](https://github.com/terraform-providers/terraform-provider-aws/issues/1858))
+* **New Resource:** `aws_sns_platform_application` ([#1101](https://github.com/terraform-providers/terraform-provider-aws/issues/1101)] [[#3283](https://github.com/terraform-providers/terraform-provider-aws/issues/3283))
+* **New Resource:** `aws_vpc_endpoint_service_allowed_principal` ([#2515](https://github.com/terraform-providers/terraform-provider-aws/issues/2515))
+* **New Resource:** `aws_vpc_endpoint_service_connection_notification` ([#2515](https://github.com/terraform-providers/terraform-provider-aws/issues/2515))
+* **New Resource:** `aws_vpc_endpoint_service` ([#2515](https://github.com/terraform-providers/terraform-provider-aws/issues/2515))
+* **New Resource:** `aws_vpc_endpoint_subnet_association` ([#2515](https://github.com/terraform-providers/terraform-provider-aws/issues/2515))
+
+ENHANCEMENTS:
+
+* provider: Automatically determine AWS partition from configured region ([#3173](https://github.com/terraform-providers/terraform-provider-aws/issues/3173))
+* provider: Automatically validate new regions from AWS SDK ([#3159](https://github.com/terraform-providers/terraform-provider-aws/issues/3159))
+* data-source/aws_acm_certificate Add `most_recent` attribute for filtering ([#1837](https://github.com/terraform-providers/terraform-provider-aws/issues/1837))
+* data-source/aws_iam_policy_document: Support layering via source_json and override_json attributes ([#2890](https://github.com/terraform-providers/terraform-provider-aws/issues/2890))
+* data-source/aws_lb_listener: Support load_balancer_arn and port arguments ([#2886](https://github.com/terraform-providers/terraform-provider-aws/issues/2886))
+* data-source/aws_network_interface: Add filter attribute ([#2851](https://github.com/terraform-providers/terraform-provider-aws/issues/2851))
+* data-source/aws_region: Remove EC2 API call and default to current if no endpoint or name specified ([#3157](https://github.com/terraform-providers/terraform-provider-aws/issues/3157))
+* data-source/aws_vpc_endpoint: Support AWS PrivateLink ([#2515](https://github.com/terraform-providers/terraform-provider-aws/issues/2515))
+* data-source/aws_vpc_endpoint_service: Support AWS PrivateLink ([#2515](https://github.com/terraform-providers/terraform-provider-aws/issues/2515))
+* resource/aws_athena_named_query: Support import ([#3231](https://github.com/terraform-providers/terraform-provider-aws/issues/3231))
+* resource/aws_dynamodb_table: Add custom creation timeout ([#3195](https://github.com/terraform-providers/terraform-provider-aws/issues/3195))
+* resource/aws_dynamodb_table: Validate attribute types ([#3188](https://github.com/terraform-providers/terraform-provider-aws/issues/3188))
+* resource/aws_ecr_lifecycle_policy: Support import ([#3246](https://github.com/terraform-providers/terraform-provider-aws/issues/3246))
+* resource/aws_ecs_service: Support import ([#2764](https://github.com/terraform-providers/terraform-provider-aws/issues/2764))
+* resource/aws_ecs_service: Add public_assign_ip argument for Fargate services ([#2559](https://github.com/terraform-providers/terraform-provider-aws/issues/2559))
+* resource/aws_kinesis_firehose_delivery_stream: Add splunk configuration ([#3117](https://github.com/terraform-providers/terraform-provider-aws/issues/3117))
+* resource/aws_mq_broker: Validate user password ([#3164](https://github.com/terraform-providers/terraform-provider-aws/issues/3164))
+* resource/aws_service_discovery_public_dns_namespace: Support import ([#3229](https://github.com/terraform-providers/terraform-provider-aws/issues/3229))
+* resource/aws_service_discovery_service: Support import ([#3227](https://github.com/terraform-providers/terraform-provider-aws/issues/3227))
+* resource/aws_rds_cluster: Add support for Aurora MySQL 5.7 ([#3278](https://github.com/terraform-providers/terraform-provider-aws/issues/3278))
+* resource/aws_sns_topic: Add support for delivery status ([#2872](https://github.com/terraform-providers/terraform-provider-aws/issues/2872))
+* resource/aws_sns_topic: Add support for name prefixes and fully generated names ([#2753](https://github.com/terraform-providers/terraform-provider-aws/issues/2753))
+* resource/aws_sns_topic_subscription: Support filter policy ([#2806](https://github.com/terraform-providers/terraform-provider-aws/issues/2806))
+* resource/aws_ssm_resource_data_sync: Support import ([#3232](https://github.com/terraform-providers/terraform-provider-aws/issues/3232))
+* resource/aws_vpc_endpoint: Support AWS PrivateLink ([#2515](https://github.com/terraform-providers/terraform-provider-aws/issues/2515))
+* resource/aws_vpc_endpoint_service: Support AWS PrivateLink ([#2515](https://github.com/terraform-providers/terraform-provider-aws/issues/2515))
+* resource/aws_vpn_gateway: Add support for Amazon side private ASN ([#1888](https://github.com/terraform-providers/terraform-provider-aws/issues/1888))
+
+BUG FIXES:
+
+* data-source/aws_kms_alias: Prevent crash on aliases without target key ([#3203](https://github.com/terraform-providers/terraform-provider-aws/issues/3203))
+* data-source/aws_ssm_parameter: Fix wrong arn attribute for full path parameter names ([#3211](https://github.com/terraform-providers/terraform-provider-aws/issues/3211))
+* resource/aws_instance: Fix perpertual diff on default VPC instances using vpc_security_group_ids ([#2338](https://github.com/terraform-providers/terraform-provider-aws/issues/2338))
+* resource/aws_codebuild_project: Prevent crash when using source auth configuration ([#3271](https://github.com/terraform-providers/terraform-provider-aws/issues/3271))
+* resource/aws_cognito_identity_pool_roles_attachment: Fix validation for Token types ([#2894](https://github.com/terraform-providers/terraform-provider-aws/issues/2894))
+* resource/aws_db_parameter_group: fix permanent diff when specifying parameters with database-default values ([#3182](https://github.com/terraform-providers/terraform-provider-aws/issues/3182))
+* resource/aws_ecs_service: Retry only on ECS and IAM related InvalidParameterException ([#3240](https://github.com/terraform-providers/terraform-provider-aws/issues/3240))
+* resource/aws_kinesis_firehose_delivery_stream: Prevent crashes on empty CloudWatchLoggingOptions ([#3301](https://github.com/terraform-providers/terraform-provider-aws/issues/3301))
+* resource/aws_kinesis_firehose_delivery_stream: Fix extended_s3_configuration kms_key_arn handling from AWS API ([#3301](https://github.com/terraform-providers/terraform-provider-aws/issues/3301))
+* resource/aws_kinesis_stream: Retry deletion on `LimitExceededException` ([#3108](https://github.com/terraform-providers/terraform-provider-aws/issues/3108))
+* resource/aws_route53_record: Fix dualstack alias name regression trimming too many characters ([#3187](https://github.com/terraform-providers/terraform-provider-aws/issues/3187))
+* resource/aws_ses_template: Send only specified attributes for update ([#3214](https://github.com/terraform-providers/terraform-provider-aws/issues/3214))
+* resource/aws_dynamodb_table: Allow disabling stream with empty `stream_view_type` ([#3197](https://github.com/terraform-providers/terraform-provider-aws/issues/3197)] [[#3224](https://github.com/terraform-providers/terraform-provider-aws/issues/3224))
+* resource/aws_dx_connection_association: Retry disassociation ([#3212](https://github.com/terraform-providers/terraform-provider-aws/issues/3212))
+* resource/aws_volume_attachment: Allow updating `skip_destroy` and `force_detach` ([#2810](https://github.com/terraform-providers/terraform-provider-aws/issues/2810))
+
 ## 1.8.0 (January 29, 2018)
 
 FEATURES:

aws/auth_helpers.go

@@ -5,10 +5,10 @@ import (
 	"fmt"
 	"log"
 	"os"
-	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	awsCredentials "github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
@@ -23,7 +23,7 @@ import (
 	"github.com/hashicorp/go-multierror"
 )
 
-func GetAccountInfo(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, string, error) {
+func GetAccountID(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, error) {
 	var errors error
 	// If we have creds from instance profile, we can use metadata API
 	if authProviderName == ec2rolecreds.ProviderName {
@@ -33,13 +33,13 @@ func GetAccountInfo(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string)
 		setOptionalEndpoint(cfg)
 		sess, err := session.NewSession(cfg)
 		if err != nil {
-			return "", "", errwrap.Wrapf("Error creating AWS session: {{err}}", err)
+			return "", errwrap.Wrapf("Error creating AWS session: {{err}}", err)
 		}
 
 		metadataClient := ec2metadata.New(sess)
 		info, err := metadataClient.IAMInfo()
 		if err == nil {
-			return parseAccountInfoFromArn(info.InstanceProfileArn)
+			return parseAccountIDFromArn(info.InstanceProfileArn)
 		}
 		log.Printf("[DEBUG] Failed to get account info from metadata service: %s", err)
 		errors = multierror.Append(errors, err)
@@ -55,14 +55,14 @@ func GetAccountInfo(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string)
 		log.Println("[DEBUG] Trying to get account ID via iam:GetUser")
 		outUser, err := iamconn.GetUser(nil)
 		if err == nil {
-			return parseAccountInfoFromArn(*outUser.User.Arn)
+			return parseAccountIDFromArn(*outUser.User.Arn)
 		}
 		errors = multierror.Append(errors, err)
 		awsErr, ok := err.(awserr.Error)
 		// AccessDenied and ValidationError can be raised
 		// if credentials belong to federated profile, so we ignore these
 		if !ok || (awsErr.Code() != "AccessDenied" && awsErr.Code() != "ValidationError" && awsErr.Code() != "InvalidClientTokenId") {
-			return "", "", fmt.Errorf("Failed getting account ID via 'iam:GetUser': %s", err)
+			return "", fmt.Errorf("Failed getting account ID via 'iam:GetUser': %s", err)
 		}
 		log.Printf("[DEBUG] Getting account ID via iam:GetUser failed: %s", err)
 	}
@@ -71,7 +71,7 @@ func GetAccountInfo(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string)
 	log.Println("[DEBUG] Trying to get account ID via sts:GetCallerIdentity")
 	outCallerIdentity, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
 	if err == nil {
-		return parseAccountInfoFromArn(*outCallerIdentity.Arn)
+		return parseAccountIDFromArn(*outCallerIdentity.Arn)
 	}
 	log.Printf("[DEBUG] Getting account ID via sts:GetCallerIdentity failed: %s", err)
 	errors = multierror.Append(errors, err)
@@ -84,25 +84,25 @@ func GetAccountInfo(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string)
 	if err != nil {
 		log.Printf("[DEBUG] Failed to get account ID via iam:ListRoles: %s", err)
 		errors = multierror.Append(errors, err)
-		return "", "", fmt.Errorf("Failed getting account ID via all available methods. Errors: %s", errors)
+		return "", fmt.Errorf("Failed getting account ID via all available methods. Errors: %s", errors)
 	}
 
 	if len(outRoles.Roles) < 1 {
 		err = fmt.Errorf("Failed to get account ID via iam:ListRoles: No roles available")
 		log.Printf("[DEBUG] %s", err)
 		errors = multierror.Append(errors, err)
-		return "", "", fmt.Errorf("Failed getting account ID via all available methods. Errors: %s", errors)
+		return "", fmt.Errorf("Failed getting account ID via all available methods. Errors: %s", errors)
 	}
 
-	return parseAccountInfoFromArn(*outRoles.Roles[0].Arn)
+	return parseAccountIDFromArn(*outRoles.Roles[0].Arn)
 }
 
-func parseAccountInfoFromArn(arn string) (string, string, error) {
-	parts := strings.Split(arn, ":")
-	if len(parts) < 5 {
-		return "", "", fmt.Errorf("Unable to parse ID from invalid ARN: %q", arn)
+func parseAccountIDFromArn(inputARN string) (string, error) {
+	arn, err := arn.Parse(inputARN)
+	if err != nil {
+		return "", fmt.Errorf("Unable to parse ID from invalid ARN: %q", arn)
 	}
-	return parts[1], parts[4], nil
+	return arn.AccountID, nil
 }
 
 // This function is responsible for reading credentials from the