hashicorp · YakDriver · Jul 25, 2022 · Apr 25, 2020 · Feb 19, 2021 · Jul 14, 2022
diff --git a/aws/provider.go b/aws/provider.go
@@ -796,6 +796,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_ssm_patch_group":                                     resourceAwsSsmPatchGroup(),
 			"aws_ssm_parameter":                                       resourceAwsSsmParameter(),
 			"aws_ssm_resource_data_sync":                              resourceAwsSsmResourceDataSync(),
+			"aws_ssm_service_setting":                                 resourceAwsSsmServiceSetting(),
 			"aws_storagegateway_cache":                                resourceAwsStorageGatewayCache(),
 			"aws_storagegateway_cached_iscsi_volume":                  resourceAwsStorageGatewayCachedIscsiVolume(),
 			"aws_storagegateway_gateway":                              resourceAwsStorageGatewayGateway(),

diff --git a/aws/resource_aws_ssm_service_setting.go b/aws/resource_aws_ssm_service_setting.go
@@ -0,0 +1,115 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ssm"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func resourceAwsSsmServiceSetting() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsSsmServiceSettingUpdate,
+		Read:   resourceAwsSsmServiceSettingRead,
+		Update: resourceAwsSsmServiceSettingUpdate,
+		Delete: resourceAwsSsmServiceSettingReset,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"setting_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"setting_value": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"last_modified_date": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"last_modified_user": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"status": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceAwsSsmServiceSettingUpdate(d *schema.ResourceData, meta interface{}) error {
+	ssmconn := meta.(*AWSClient).ssmconn
+
+	log.Printf("[DEBUG] SSM service setting create: %s", d.Id())
+
+	updateServiceSettingInput := &ssm.UpdateServiceSettingInput{
+		SettingId:    aws.String(d.Get("setting_id").(string)),
+		SettingValue: aws.String(d.Get("setting_value").(string)),
+	}
+
+	if _, err := ssmconn.UpdateServiceSetting(updateServiceSettingInput); err != nil {
+		return fmt.Errorf("Error updating SSM service setting: %s", err)
+	}
+
+	d.SetId(d.Get("setting_id").(string))
+
+	return resourceAwsSsmServiceSettingRead(d, meta)
+}
+
+func resourceAwsSsmServiceSettingRead(d *schema.ResourceData, meta interface{}) error {
+	ssmconn := meta.(*AWSClient).ssmconn
+
+	log.Printf("[DEBUG] Reading SSM Activation: %s", d.Id())
+
+	params := &ssm.GetServiceSettingInput{
+		SettingId: aws.String(d.Id()),
+	}
+
+	resp, err := ssmconn.GetServiceSetting(params)
+
+	if err != nil {
+		return fmt.Errorf("Error reading SSM service setting: %s", err)
+	}
+
+	serviceSetting := resp.ServiceSetting
+	// AWS SSM service setting API requires the entire ARN as input,
+	// but setting_id in the output is only a part of ARN.
+	d.Set("setting_id", serviceSetting.ARN)
+	d.Set("setting_value", serviceSetting.SettingValue)
+	d.Set("arn", serviceSetting.ARN)
+	d.Set("last_modified_date", aws.TimeValue(serviceSetting.LastModifiedDate).Format(time.RFC3339))
+	d.Set("last_modified_user", serviceSetting.LastModifiedUser)
+	d.Set("status", serviceSetting.Status)
+
+	return nil
+}
+
+func resourceAwsSsmServiceSettingReset(d *schema.ResourceData, meta interface{}) error {
+	ssmconn := meta.(*AWSClient).ssmconn
+
+	log.Printf("[DEBUG] Deleting SSM Service Setting: %s", d.Id())
+
+	resetServiceSettingInput := &ssm.ResetServiceSettingInput{
+		SettingId: aws.String(d.Get("setting_id").(string)),
+	}
+
+	_, err := ssmconn.ResetServiceSetting(resetServiceSettingInput)
+
+	if err != nil {
+		return fmt.Errorf("Error deleting SSM Service Setting: %s", err)
+	}
+
+	return nil
+}
diff --git a/aws/resource_aws_ssm_service_setting_test.go b/aws/resource_aws_ssm_service_setting_test.go
@@ -0,0 +1,105 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/ssm"
+	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+)
+
+func TestAccAWSSSMServiceSetting_basic(t *testing.T) {
+	var setting ssm.GetServiceSettingOutput
+	resourceName := "aws_ssm_service_setting.test"
+	awsSession := session.New()
+	stssvc := sts.New(awsSession)
+	result, _ := stssvc.GetCallerIdentity(&sts.GetCallerIdentityInput{})
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSSMServiceSettingDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSSSMServiceSetting(aws.StringValue(result.Account), aws.StringValue(awsSession.Config.Region), "false"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSSMServiceSettingExists(resourceName, &setting),
+					resource.TestCheckResourceAttr(resourceName, "setting_value", "false"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccAWSSSMServiceSetting(aws.StringValue(result.Account), aws.StringValue(awsSession.Config.Region), "true"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSSMServiceSettingExists(resourceName, &setting),
+					resource.TestCheckResourceAttr(resourceName, "setting_value", "true"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAWSSSMServiceSettingDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).ssmconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_ssm_service_setting" {
+			continue
+		}
+
+		output, err := conn.GetServiceSetting(&ssm.GetServiceSettingInput{
+			SettingId: aws.String(rs.Primary.Attributes["setting_id"]),
+		})
+		_, ok := err.(awserr.Error)
+		if !ok {
+			return err
+		}
+		if output.ServiceSetting.Status != aws.String("default") {
+			return fmt.Errorf("SSM Service Setting still customized")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckAWSSSMServiceSettingExists(n string, res *ssm.GetServiceSettingOutput) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).ssmconn
+
+		resp, err := conn.GetServiceSetting(&ssm.GetServiceSettingInput{
+			SettingId: aws.String(rs.Primary.Attributes["setting_id"]),
+		})
+		if err != nil {
+			return err
+		}
+
+		*res = *resp
+
+		return nil
+	}
+}
+
+func testAccAWSSSMServiceSetting(accountID, region, value string) string {
+	return fmt.Sprintf(testSettingTemplate, region, accountID, value)
+}
+
+const testSettingTemplate = `
+resource "aws_ssm_service_setting" "test" {
+	setting_id = "arn:aws:ssm:%s:%s:servicesetting/ssm/parameter-store/high-throughput-enabled"
+	setting_value = "%s"
+}
+`
diff --git a/website/ssm_service_setting.markdown b/website/ssm_service_setting.markdown
@@ -0,0 +1,44 @@
+---
+subcategory: "SSM"
+layout: "aws"
+page_title: "AWS: aws_ssm_service_setting"
+description: |-
+  Defines how a user interacts with or uses a service or a feature of a SSM service.
+---
+
+# Resource: aws_ssm_service_setting
+
+Defines how a user interacts with or uses a service or a feature of a SSM service.
+
+## Example Usage
+
+```hcl
+resource "aws_ssm_service_setting" "test_setting" {
+  service_id    = "arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled"
+  service_value = "true"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `service_id` - (Required) The ID of the service setting.
+* `service_value` - (Required) The value of the service setting.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `arn` - The ARN of the service setting.
+* `last_modified_date` - The last time the service setting was modified.
+* `last_modified_user` - The ARN of the last modified user. This field is populated only if the setting value was overwritten.
+* `status` - The status of the service setting. The value can be Default, Customized or PendingUpdate.
+
+## Import
+
+AWS SSM Service Setting can be imported using the `setting_id`, e.g.
+
+```sh
+$ terraform import aws_ssm_service_setting.example arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled
+```