resource/aws_ssm_activation: Add automation_target_parameter_name a…

…rgument (#11755)

Output from acceptance testing:

```
--- PASS: TestAccAWSSSMAssociation_withScheduleExpression (28.01s)
--- PASS: TestAccAWSSSMAssociation_withAssociationName (34.13s)
--- PASS: TestAccAWSSSMAssociation_withComplianceSeverity (35.60s)
--- PASS: TestAccAWSSSMAssociation_withParameters (40.37s)
--- PASS: TestAccAWSSSMAssociation_rateControl (42.95s)
--- PASS: TestAccAWSSSMAssociation_withAutomationTargetParamName (47.04s)
--- PASS: TestAccAWSSSMAssociation_withTargets (49.46s)
--- PASS: TestAccAWSSSMAssociation_withOutputLocation (55.73s)
--- PASS: TestAccAWSSSMAssociation_withDocumentVersion (57.38s)
--- PASS: TestAccAWSSSMAssociation_withAssociationNameAndScheduleExpression (60.95s)
--- PASS: TestAccAWSSSMAssociation_basic (85.25s)
```

aws/resource_aws_ssm_association.go

@@ -114,6 +114,10 @@ func resourceAwsSsmAssociation() *schema.Resource {
 					ssm.ComplianceSeverityCritical,
 				}, false),
 			},
+			"automation_target_parameter_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -167,6 +171,10 @@ func resourceAwsSsmAssociationCreate(d *schema.ResourceData, meta interface{}) e
 		associationInput.MaxErrors = aws.String(v.(string))
 	}
 
+	if v, ok := d.GetOk("automation_target_parameter_name"); ok {
+		associationInput.AutomationTargetParameterName = aws.String(v.(string))
+	}
+
 	resp, err := ssmconn.CreateAssociation(associationInput)
 	if err != nil {
 		return fmt.Errorf("Error creating SSM association: %s", err)
@@ -215,6 +223,7 @@ func resourceAwsSsmAssociationRead(d *schema.ResourceData, meta interface{}) err
 	d.Set("compliance_severity", association.ComplianceSeverity)
 	d.Set("max_concurrency", association.MaxConcurrency)
 	d.Set("max_errors", association.MaxErrors)
+	d.Set("automation_target_parameter_name", association.AutomationTargetParameterName)
 
 	if err := d.Set("targets", flattenAwsSsmTargets(association.Targets)); err != nil {
 		return fmt.Errorf("Error setting targets error: %#v", err)
@@ -273,6 +282,10 @@ func resourceAwsSsmAssociationUpdate(d *schema.ResourceData, meta interface{}) e
 		associationInput.MaxErrors = aws.String(v.(string))
 	}
 
+	if v, ok := d.GetOk("automation_target_parameter_name"); ok {
+		associationInput.AutomationTargetParameterName = aws.String(v.(string))
+	}
+
 	_, err := ssmconn.UpdateAssociation(associationInput)
 	if err != nil {
 		return fmt.Errorf("Error updating SSM association: %s", err)

aws/resource_aws_ssm_association_test.go

@@ -5,7 +5,6 @@ import (
 	"testing"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/ssm"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
@@ -326,6 +325,41 @@ func TestAccAWSSSMAssociation_withOutputLocation(t *testing.T) {
 	})
 }
 
+func TestAccAWSSSMAssociation_withAutomationTargetParamName(t *testing.T) {
+	name := acctest.RandString(10)
+	resourceName := "aws_ssm_association.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSSMAssociationDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSSSMAssociationBasicConfigWithAutomationTargetParamName(name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSSMAssociationExists(resourceName),
+					resource.TestCheckResourceAttr(
+						resourceName, "parameters.Directory", "myWorkSpace"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"parameters"},
+			},
+			{
+				Config: testAccAWSSSMAssociationBasicConfigWithParametersUpdated(name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSSMAssociationExists(resourceName),
+					resource.TestCheckResourceAttr(
+						resourceName, "parameters.Directory", "myWorkSpaceUpdated"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSSSMAssociation_withScheduleExpression(t *testing.T) {
 	name := acctest.RandString(10)
 	resourceName := "aws_ssm_association.test"
@@ -457,7 +491,7 @@ func testAccCheckAWSSSMAssociationExists(n string) resource.TestCheckFunc {
 		})
 
 		if err != nil {
-			if wserr, ok := err.(awserr.Error); ok && wserr.Code() == "AssociationDoesNotExist" {
+			if isAWSErr(err, ssm.ErrCodeAssociationDoesNotExist, "") {
 				return nil
 			}
 			return err
@@ -480,7 +514,7 @@ func testAccCheckAWSSSMAssociationDestroy(s *terraform.State) error {
 		})
 
 		if err != nil {
-			if wserr, ok := err.(awserr.Error); ok && wserr.Code() == "AssociationDoesNotExist" {
+			if isAWSErr(err, ssm.ErrCodeAssociationDoesNotExist, "") {
 				return nil
 			}
 			return err
@@ -494,7 +528,125 @@ func testAccCheckAWSSSMAssociationDestroy(s *terraform.State) error {
 	return fmt.Errorf("Default error in SSM Association Test")
 }
 
-func testAccAWSSSMAssociationBasicConfigWithParameters(rName string) string {
+func testAccAWSSSMAssociationBasicConfigWithAutomationTargetParamName(rName string) string {
+	return fmt.Sprintf(`
+data "aws_ami" "ssm_ami" {
+  most_recent = true
+  owners      = ["099720109477"] # Canonical
+
+  filter {
+    name   = "name"
+    values = ["*hvm-ssd/ubuntu-trusty-14.04*"]
+  }
+}
+
+resource "aws_iam_instance_profile" "ssm_profile" {
+  name = "ssm_profile-%[1]s"
+  role = "${aws_iam_role.ssm_role.name}"
+}
+
+resource "aws_iam_role" "ssm_role" {
+  name = "ssm_role-%[1]s"
+  path = "/"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Principal": {
+               "Service": "ec2.amazonaws.com"
+            },
+            "Effect": "Allow",
+            "Sid": ""
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_ssm_document" "foo" {
+  name          = "test_document-%[1]s"
+  document_type = "Automation"
+
+  content = <<DOC
+	{
+	   "description": "Systems Manager Automation Demo",
+	   "schemaVersion": "0.3",
+	   "assumeRole": "${aws_iam_role.ssm_role.arn}",
+       "parameters":{
+	     "Directory": {
+		    "description":"(Optional) The path to the working directory on your instance.",
+		    "default":"",
+		    "type": "String",
+		    "maxChars": 4096
+	     }
+       },
+	   "mainSteps": [
+	      {
+	         "name": "startInstances",
+	         "action": "aws:runInstances",
+	         "timeoutSeconds": 1200,
+	         "maxAttempts": 1,
+	         "onFailure": "Abort",
+	         "inputs": {
+	            "ImageId": "${data.aws_ami.ssm_ami.id}",
+	            "InstanceType": "t2.small",
+	            "MinInstanceCount": 1,
+	            "MaxInstanceCount": 1,
+	            "IamInstanceProfileName": "${aws_iam_instance_profile.ssm_profile.name}"
+	         }
+	      },
+	      {
+	         "name": "stopInstance",
+	         "action": "aws:changeInstanceState",
+	         "maxAttempts": 1,
+	         "onFailure": "Continue",
+	         "inputs": {
+	            "InstanceIds": [
+	               "{{ startInstances.InstanceIds }}"
+	            ],
+	            "DesiredState": "stopped"
+	         }
+	      },
+	      {
+	         "name": "terminateInstance",
+	         "action": "aws:changeInstanceState",
+	         "maxAttempts": 1,
+	         "onFailure": "Continue",
+	         "inputs": {
+	            "InstanceIds": [
+	               "{{ startInstances.InstanceIds }}"
+	            ],
+	            "DesiredState": "terminated"
+	         }
+	      }
+	   ]
+	}
+DOC
+}
+
+resource "aws_ssm_association" "test" {
+  name = "${aws_ssm_document.foo.name}"
+  automation_target_parameter_name = "Directory"
+
+  parameters = {
+    AutomationAssumeRole = "${aws_iam_role.ssm_role.id}"
+    Directory            = "myWorkSpace"
+  }
+
+  targets {
+    key      = "tag:myTagName"
+    values   = ["myTagValue"]
+  }
+
+  schedule_expression = "rate(60 minutes)"
+}
+`, rName)
+}
+
+func testAccAWSSSMAssociationBasicConfigWithParametersUpdated(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_ssm_document" "test" {
   name          = "test_document_association-%s"
@@ -530,7 +682,7 @@ resource "aws_ssm_association" "test" {
   name = "${aws_ssm_document.test.name}"
 
   parameters = {
-    Directory = "myWorkSpace"
+    Directory = "myWorkSpaceUpdated"
   }
 
   targets {
@@ -541,7 +693,7 @@ resource "aws_ssm_association" "test" {
 `, rName)
 }
 
-func testAccAWSSSMAssociationBasicConfigWithParametersUpdated(rName string) string {
+func testAccAWSSSMAssociationBasicConfigWithParameters(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_ssm_document" "test" {
   name          = "test_document_association-%s"
@@ -577,7 +729,7 @@ resource "aws_ssm_association" "test" {
   name = "${aws_ssm_document.test.name}"
 
   parameters = {
-    Directory = "myWorkSpaceUpdated"
+    Directory = "myWorkSpace"
   }
 
   targets {

website/docs/r/ssm_association.html.markdown

@@ -38,6 +38,7 @@ The following arguments are supported:
 * `compliance_severity` - (Optional) The compliance severity for the association. Can be one of the following: `UNSPECIFIED`, `LOW`, `MEDIUM`, `HIGH` or `CRITICAL`
 * `max_concurrency` - (Optional) The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.
 * `max_errors` - (Optional) The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.
+* `automation_target_parameter_name` - (Optional) Specify the target for the association. This target is required for associations that use an `Automation` document and target resources by using rate controls.
 
 Output Location (`output_location`) is an S3 bucket where you want to store the results of this association: