provider: Adjust globalaccelerator, route53, and shield service clien…

…t regions to only configure in appropriate partition Reference: #8999 Reference: https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-route-53-launches-private-dns-and-health-checks-in-the-aws-govcloud-us-west-region/ Previously, the provider service client customizations would hardcode the following region configurations: * globalaccelerator: us-west-2 * route53: us-east-1 * shield: us-east-1 With the launch of private Route 53 Hosted Zones in AWS GovCloud (US), hardcoding the Route 53 service region to us-east-1 is no longer appropriate in all cases. The provider initialization logic now uses the inferred AWS partition information to set these clients to known regions in known partitions now. To also support the launch of Route 53 in AWS GovCloud (US), the provider initialization will configure the endpoint in that partition to the appropriate hostname, until the AWS Go SDK is updated to include that endpoint information. Previous output from acceptance testing in AWS GovCloud (US): ``` --- FAIL: TestAccAwsGlobalAcceleratorAccelerator_basic (4.14s) testing.go:568: Step 0 error: errors during apply: Error: Error creating Global Accelerator accelerator: UnrecognizedClientException: The security token included in the request is invalid. --- FAIL: TestAccAWSRoute53Zone_VPC_Single (17.10s) testing.go:568: Step 0 error: errors during apply: Error: error creating Route53 Hosted Zone: InvalidClientTokenId: The security token included in the request is invalid. --- FAIL: TestAccAWSRoute53Zone_VPC_Multiple (17.12s) testing.go:568: Step 0 error: errors during apply: Error: error creating Route53 Hosted Zone: InvalidClientTokenId: The security token included in the request is invalid. --- FAIL: TestAccAWSRoute53Zone_VPC_Updates (17.35s) testing.go:568: Step 0 error: errors during apply: Error: error creating Route53 Hosted Zone: InvalidClientTokenId: The security token included in the request is invalid. --- FAIL: TestAccAWSShieldProtection_ElasticIPAddress (1.53s) resource_aws_shield_protection_test.go:225: unexpected PreCheck error: UnrecognizedClientException: The security token included in the request is invalid. ``` Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAwsGlobalAcceleratorAccelerator_basic (67.03s) --- PASS: TestAccAWSRoute53Zone_VPC_Single (65.90s) --- PASS: TestAccAWSRoute53Zone_VPC_Multiple (110.68s) --- PASS: TestAccAWSRoute53Zone_VPC_Updates (195.53s) --- PASS: TestAccAWSShieldProtection_ElasticIPAddress (13.39s) ``` Output from acceptance testing in AWS GovCloud (US) (handling now correct for partition): ``` --- FAIL: TestAccAwsGlobalAcceleratorAccelerator_basic (5.42s) testing.go:568: Step 0 error: errors during apply: Error: Error creating Global Accelerator accelerator: RequestError: send request failed caused by: Post https://globalaccelerator.us-gov-west-1.amazonaws.com/: dial tcp: lookup globalaccelerator.us-gov-west-1.amazonaws.com: no such host --- PASS: TestAccAWSRoute53Zone_VPC_Single (62.37s) --- PASS: TestAccAWSRoute53Zone_VPC_Multiple (93.66s) --- PASS: TestAccAWSRoute53Zone_VPC_Updates (164.85s) --- SKIP: TestAccAWSShieldProtection_ElasticIPAddress (1.48s) resource_aws_shield_protection_test.go:221: skipping acceptance testing: RequestError: send request failed caused by: Post https://shield.us-gov-west-1.amazonaws.com/: dial tcp: lookup shield.us-gov-west-1.amazonaws.com: no such host ```
hashicorp · Jun 17, 2019 · 7214515 · 7214515
1 parent 5daf292
commit 7214515
Showing 1 changed file with 32 additions and 4 deletions.
diff --git a/aws/config.go b/aws/config.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/service/acm"
 	"github.com/aws/aws-sdk-go/service/acmpca"
@@ -393,7 +394,6 @@ func (c *Config) Client() (interface{}, error) {
 		fsxconn:                             fsx.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["fsx"])})),
 		gameliftconn:                        gamelift.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["gamelift"])})),
 		glacierconn:                         glacier.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["glacier"])})),
-		globalacceleratorconn:               globalaccelerator.New(sess.Copy(&aws.Config{Region: aws.String("us-west-2"), Endpoint: aws.String(c.Endpoints["globalaccelerator"])})),
 		glueconn:                            glue.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["glue"])})),
 		guarddutyconn:                       guardduty.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["guardduty"])})),
 		iamconn:                             iam.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["iam"])})),
@@ -425,7 +425,6 @@ func (c *Config) Client() (interface{}, error) {
 		pinpointconn:                        pinpoint.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["pinpoint"])})),
 		pricingconn:                         pricing.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["pricing"])})),
 		quicksightconn:                      quicksight.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["quicksight"])})),
-		r53conn:                             route53.New(sess.Copy(&aws.Config{Region: aws.String("us-east-1"), Endpoint: aws.String(c.Endpoints["route53"])})),
 		ramconn:                             ram.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["ram"])})),
 		rdsconn:                             rds.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["rds"])})),
 		redshiftconn:                        redshift.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["redshift"])})),
@@ -442,7 +441,6 @@ func (c *Config) Client() (interface{}, error) {
 		serverlessapplicationrepositoryconn: serverlessapplicationrepository.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["serverlessrepo"])})),
 		sesConn:                             ses.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["ses"])})),
 		sfnconn:                             sfn.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["stepfunctions"])})),
-		shieldconn:                          shield.New(sess.Copy(&aws.Config{Region: aws.String("us-east-1"), Endpoint: aws.String(c.Endpoints["shield"])})),
 		simpledbconn:                        simpledb.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["sdb"])})),
 		snsconn:                             sns.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["sns"])})),
 		sqsconn:                             sqs.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["sqs"])})),
@@ -458,14 +456,44 @@ func (c *Config) Client() (interface{}, error) {
 		xrayconn:                            xray.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["xray"])})),
 	}
 
+	// "Global" services that require customizations
+	globalAcceleratorConfig := &aws.Config{
+		Endpoint: aws.String(c.Endpoints["globalaccelerator"]),
+	}
+	route53Config := &aws.Config{
+		Endpoint: aws.String(c.Endpoints["route53"]),
+	}
+	shieldConfig := &aws.Config{
+		Endpoint: aws.String(c.Endpoints["shield"]),
+	}
+
 	// Handle deprecated endpoint configurations
 	if c.Endpoints["kinesis_analytics"] != "" {
 		client.kinesisanalyticsconn = kinesisanalytics.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["kinesis_analytics"])}))
 	}
 	if c.Endpoints["r53"] != "" {
-		client.r53conn = route53.New(sess.Copy(&aws.Config{Region: aws.String("us-east-1"), Endpoint: aws.String(c.Endpoints["r53"])}))
+		route53Config.Endpoint = aws.String(c.Endpoints["r53"])
 	}
 
+	// Force "global" services to correct regions
+	switch partition {
+	case endpoints.AwsPartitionID:
+		globalAcceleratorConfig.Region = aws.String(endpoints.UsWest2RegionID)
+		route53Config.Region = aws.String(endpoints.UsEast1RegionID)
+		shieldConfig.Region = aws.String(endpoints.UsEast1RegionID)
+	case endpoints.AwsUsGovPartitionID:
+		// The AWS Go SDK is missing endpoint information for Route 53 in the AWS GovCloud (US) partition.
+		// This can likely be removed in the future.
+		if aws.StringValue(route53Config.Endpoint) == "" {
+			route53Config.Endpoint = aws.String("https://route53.us-gov.amazonaws.com")
+		}
+		route53Config.Region = aws.String(endpoints.UsGovWest1RegionID)
+	}
+
+	client.globalacceleratorconn = globalaccelerator.New(sess.Copy(globalAcceleratorConfig))
+	client.r53conn = route53.New(sess.Copy(route53Config))
+	client.shieldconn = shield.New(sess.Copy(shieldConfig))
+
 	// Workaround for https://github.com/aws/aws-sdk-go/issues/1376
 	client.kinesisconn.Handlers.Retry.PushBack(func(r *request.Request) {
 		if !strings.HasPrefix(r.Operation.Name, "Describe") && !strings.HasPrefix(r.Operation.Name, "List") {