Merge pull request #37715 from theipster/fix-vpc-endpoint-private-dns…

…-enabled

r/aws_vpc_endpoint: Fix `private_dns_enabled` when `false` or undefined

.changelog/37715.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_vpc_endpoint: Restore pre-v5.51.0 default of `false` for `private_dns_enabled`
+```

internal/service/ec2/exports.go

@@ -13,4 +13,5 @@ var (
 	NewCustomFilterListFrameworkV2                                   = newCustomFilterListFrameworkV2
 	NewFilter                                                        = newFilter
 	NewFilterV2                                                      = newFilterV2
+	VPCEndpointCreationTimeout                                       = vpcEndpointCreationTimeout
 )

internal/service/ec2/exports_test.go

@@ -39,6 +39,7 @@ var (
 	ResourceSecurityGroupIngressRule         = newSecurityGroupIngressRuleResource
 	ResourceTag                              = resourceTag
 	ResourceTransitGatewayPeeringAttachment  = resourceTransitGatewayPeeringAttachment
+	ResourceVPCEndpoint                      = resourceVPCEndpoint
 	ResourceVPNConnection                    = resourceVPNConnection
 	ResourceVPNConnectionRoute               = resourceVPNConnectionRoute
 	ResourceVPNGateway                       = resourceVPNGateway

internal/service/ec2/sweep.go

@@ -2369,7 +2369,7 @@ func sweepVPCEndpoints(region string) error {
 				continue
 			}
 
-			r := ResourceVPCEndpoint()
+			r := resourceVPCEndpoint()
 			d := r.Data(nil)
 			d.SetId(id)
 

internal/service/ec2/vpc_endpoint.go

@@ -33,14 +33,14 @@ import (
 )
 
 const (
-	// Maximum amount of time to wait for VPC Endpoint creation
-	VPCEndpointCreationTimeout = 10 * time.Minute
+	// Maximum amount of time to wait for VPC Endpoint creation.
+	vpcEndpointCreationTimeout = 10 * time.Minute
 )
 
 // @SDKResource("aws_vpc_endpoint", name="VPC Endpoint")
 // @Tags(identifierAttribute="id")
 // @Testing(tagsTest=false)
-func ResourceVPCEndpoint() *schema.Resource {
+func resourceVPCEndpoint() *schema.Resource {
 	return &schema.Resource{
 		CreateWithoutTimeout: resourceVPCEndpointCreate,
 		ReadWithoutTimeout:   resourceVPCEndpointRead,
@@ -186,7 +186,7 @@ func ResourceVPCEndpoint() *schema.Resource {
 		},
 
 		Timeouts: &schema.ResourceTimeout{
-			Create: schema.DefaultTimeout(VPCEndpointCreationTimeout),
+			Create: schema.DefaultTimeout(vpcEndpointCreationTimeout),
 			Update: schema.DefaultTimeout(10 * time.Minute),
 			Delete: schema.DefaultTimeout(10 * time.Minute),
 		},
@@ -203,6 +203,7 @@ func resourceVPCEndpointCreate(ctx context.Context, d *schema.ResourceData, meta
 	serviceName := d.Get(names.AttrServiceName).(string)
 	input := &ec2.CreateVpcEndpointInput{
 		ClientToken:       aws.String(id.UniqueId()),
+		PrivateDnsEnabled: aws.Bool(d.Get("private_dns_enabled").(bool)),
 		ServiceName:       aws.String(serviceName),
 		TagSpecifications: getTagSpecificationsInV2(ctx, awstypes.ResourceTypeVpcEndpoint),
 		VpcEndpointType:   awstypes.VpcEndpointType(d.Get("vpc_endpoint_type").(string)),
@@ -233,10 +234,6 @@ func resourceVPCEndpointCreate(ctx context.Context, d *schema.ResourceData, meta
 		input.PolicyDocument = aws.String(policy)
 	}
 
-	if v, ok := d.GetOk("private_dns_enabled"); ok {
-		input.PrivateDnsEnabled = aws.Bool(v.(bool))
-	}
-
 	if v, ok := d.GetOk("route_table_ids"); ok && v.(*schema.Set).Len() > 0 {
 		input.RouteTableIds = flex.ExpandStringValueSet(v.(*schema.Set))
 	}

internal/service/ec2/vpc_endpoint_private_dns_test.go

@@ -60,6 +60,45 @@ func TestAccVPCEndpointPrivateDNS_basic(t *testing.T) {
 		},
 	})
 }
+func TestAccVPCEndpointPrivateDNS_disabled(t *testing.T) {
+	ctx := acctest.Context(t)
+	if testing.Short() {
+		t.Skip("skipping long-running test in short mode")
+	}
+
+	var endpoint awstypes.VpcEndpoint
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_vpc_endpoint_private_dns.test"
+	endpointResourceName := "aws_vpc_endpoint.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.EC2)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.EC2ServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckVPCEndpointDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccVPCEndpointPrivateDNSConfig_disabled(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVPCEndpointExists(ctx, endpointResourceName, &endpoint),
+					testAccCheckVPCEndpointPrivateDNSDisabled(ctx, endpointResourceName),
+					resource.TestCheckResourceAttrPair(endpointResourceName, names.AttrID, resourceName, names.AttrVPCEndpointID),
+					resource.TestCheckResourceAttr(resourceName, "private_dns_enabled", acctest.CtFalse),
+				),
+			},
+			{
+				ResourceName:                         resourceName,
+				ImportState:                          true,
+				ImportStateIdFunc:                    testAccVPCEndpointPrivateDNSImportStateIdFunc(resourceName),
+				ImportStateVerify:                    true,
+				ImportStateVerifyIdentifierAttribute: names.AttrVPCEndpointID,
+			},
+		},
+	})
+}
 
 func TestAccVPCEndpointPrivateDNS_disappears_Endpoint(t *testing.T) {
 	ctx := acctest.Context(t)
@@ -235,3 +274,32 @@ resource "aws_vpc_endpoint_private_dns" "test" {
 }
 `, rName, enabled)
 }
+
+func testAccVPCEndpointPrivateDNSConfig_disabled(rName string) string {
+	return fmt.Sprintf(`
+data "aws_region" "current" {}
+
+resource "aws_vpc" "test" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_vpc_endpoint" "test" {
+  vpc_id            = aws_vpc.test.id
+  service_name      = "com.amazonaws.${data.aws_region.current.name}.ec2"
+  vpc_endpoint_type = "Interface"
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_vpc_endpoint_private_dns" "test" {
+  vpc_endpoint_id     = aws_vpc_endpoint.test.id
+  private_dns_enabled = false
+}
+`, rName)
+}