diff --git a/aws/network_acl_entry.go b/aws/network_acl_entry.go index ee76ca3e0f1..8e25ca6f446 100644 --- a/aws/network_acl_entry.go +++ b/aws/network_acl_entry.go @@ -43,7 +43,7 @@ func expandNetworkAclEntries(configured []interface{}, entryType string) ([]*ec2 } // Specify additional required fields for ICMP - if p == 1 { + if p == 1 || p == 58 { e.IcmpTypeCode = &ec2.IcmpTypeCode{} if v, ok := data["icmp_code"]; ok { e.IcmpTypeCode.Code = aws.Int64(int64(v.(int))) diff --git a/aws/resource_aws_network_acl_test.go b/aws/resource_aws_network_acl_test.go index 9700b3f5993..d97cae8e5eb 100644 --- a/aws/resource_aws_network_acl_test.go +++ b/aws/resource_aws_network_acl_test.go @@ -8,6 +8,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" ) @@ -443,6 +444,26 @@ func TestAccAWSNetworkAcl_ipv6Rules(t *testing.T) { }) } +func TestAccAWSNetworkAcl_ipv6ICMPRules(t *testing.T) { + var networkAcl ec2.NetworkAcl + rName := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_network_acl.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSNetworkAclDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSNetworkAclConfigIpv6ICMP(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSNetworkAclExists(resourceName, &networkAcl), + ), + }, + }, + }) +} + func TestAccAWSNetworkAcl_ipv6VpcRules(t *testing.T) { var networkAcl ec2.NetworkAcl @@ -615,6 +636,37 @@ func testAccCheckSubnetIsNotAssociatedWithAcl(acl string, subnet string) resourc } } +func testAccAWSNetworkAclConfigIpv6ICMP(rName string) string { + return fmt.Sprintf(` +resource "aws_vpc" "test" { + cidr_block = "10.1.0.0/16" + + tags { + Name = %q + } +} + +resource "aws_network_acl" "test" { + vpc_id = "${aws_vpc.test.id}" + + ingress { + action = "allow" + from_port = 0 + icmp_code = -1 + icmp_type = -1 + ipv6_cidr_block = "::/0" + protocol = 58 + rule_no = 1 + to_port = 0 + } + + tags { + Name = %q + } +} +`, rName, rName) +} + const testAccAWSNetworkAclIpv6Config = ` resource "aws_vpc" "foo" { cidr_block = "10.1.0.0/16"