[Enhancement] Add support for Site-to-Site VPN Concentrator

.changelog/45175.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_vpn_connection: Add `vpn_concentrator_id` argument to support Site-to-Site VPN Concentrator
+```
+
+```release-note:new-resource
+aws_vpn_concentrator
+```

internal/service/ec2/exports.go

@@ -22,6 +22,7 @@ var (
 	FindTransitGatewayAttachmentByTransitGatewayIDAndDirectConnectGatewayID = findTransitGatewayAttachmentByTransitGatewayIDAndDirectConnectGatewayID
 	FindVPCByID                                                             = findVPCByID
 	FindVPCEndpointByID                                                     = findVPCEndpointByID
+	FindVPNConcentratorByID                                                 = findVPNConcentratorByID
 	NetworkInterfaceDetachedTimeout                                         = networkInterfaceDetachedTimeout
 	NewCustomFilterListFramework                                            = newCustomFilterListFramework
 	NewFilter                                                               = newFilter

internal/service/ec2/exports_test.go

@@ -121,6 +121,7 @@ var (
 	ResourceVPCRouteServerPeer                            = newVPCRouteServerPeerResource
 	ResourceVPCRouteServerPropagation                     = newVPCRouteServerPropagationResource
 	ResourceVPCRouteServerVPCAssociation                  = newVPCRouteServerVPCAssociationResource
+	ResourceVPNConcentrator                               = newVPNConcentratorResource
 	ResourceVPNConnection                                 = resourceVPNConnection
 	ResourceVPNConnectionRoute                            = resourceVPNConnectionRoute
 	ResourceVPNGateway                                    = resourceVPNGateway

internal/service/ec2/status.go

@@ -1083,6 +1083,22 @@ func statusVPNGatewayVPCAttachment(ctx context.Context, conn *ec2.Client, vpnGat
 	}
 }
 
+func statusVPNConcentrator(ctx context.Context, conn *ec2.Client, id string) retry.StateRefreshFunc {
+	return func() (any, string, error) {
+		output, err := findVPNConcentratorByID(ctx, conn, id)
+
+		if tfresource.NotFound(err) {
+			return nil, "", nil
+		}
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		return output, aws.ToString(output.State), nil
+	}
+}
+
 func statusCustomerGateway(ctx context.Context, conn *ec2.Client, id string) retry.StateRefreshFunc {
 	return func() (any, string, error) {
 		output, err := findCustomerGatewayByID(ctx, conn, id)

internal/service/ec2/testdata/VPNConcentrator/tags/main_gen.tf

@@ -0,0 +1,28 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+resource "aws_ec2_transit_gateway" "test" {
+  tags = {
+    Name = var.rName
+  }
+}
+
+resource "aws_vpn_concentrator" "test" {
+  type               = "ipsec.1"
+  transit_gateway_id = aws_ec2_transit_gateway.test.id
+
+  tags = var.resource_tags
+}
+
+variable "rName" {
+  description = "Name for resource"
+  type        = string
+  nullable    = false
+}
+
+variable "resource_tags" {
+  description = "Tags to set on resource. To specify no tags, set to `null`"
+  # Not setting a default, so that this must explicitly be set to `null` to specify no tags
+  type     = map(string)
+  nullable = true
+}

internal/service/ec2/testdata/VPNConcentrator/tagsComputed1/main_gen.tf

@@ -0,0 +1,32 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+provider "null" {}
+
+resource "aws_ec2_transit_gateway" "test" {
+  tags = {
+    Name = var.rName
+  }
+}
+
+resource "aws_vpn_concentrator" "test" {
+  type               = "ipsec.1"
+  transit_gateway_id = aws_ec2_transit_gateway.test.id
+
+  tags = {
+    (var.unknownTagKey) = null_resource.test.id
+  }
+}
+
+resource "null_resource" "test" {}
+
+variable "rName" {
+  description = "Name for resource"
+  type        = string
+  nullable    = false
+}
+
+variable "unknownTagKey" {
+  type     = string
+  nullable = false
+}

internal/service/ec2/testdata/VPNConcentrator/tagsComputed2/main_gen.tf

@@ -0,0 +1,43 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+provider "null" {}
+
+resource "aws_ec2_transit_gateway" "test" {
+  tags = {
+    Name = var.rName
+  }
+}
+
+resource "aws_vpn_concentrator" "test" {
+  type               = "ipsec.1"
+  transit_gateway_id = aws_ec2_transit_gateway.test.id
+
+  tags = {
+    (var.unknownTagKey) = null_resource.test.id
+    (var.knownTagKey)   = var.knownTagValue
+  }
+}
+
+resource "null_resource" "test" {}
+
+variable "rName" {
+  description = "Name for resource"
+  type        = string
+  nullable    = false
+}
+
+variable "unknownTagKey" {
+  type     = string
+  nullable = false
+}
+
+variable "knownTagKey" {
+  type     = string
+  nullable = false
+}
+
+variable "knownTagValue" {
+  type     = string
+  nullable = false
+}

internal/service/ec2/testdata/VPNConcentrator/tags_defaults/main_gen.tf

@@ -0,0 +1,39 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+provider "aws" {
+  default_tags {
+    tags = var.provider_tags
+  }
+}
+
+resource "aws_ec2_transit_gateway" "test" {
+  tags = {
+    Name = var.rName
+  }
+}
+
+resource "aws_vpn_concentrator" "test" {
+  type               = "ipsec.1"
+  transit_gateway_id = aws_ec2_transit_gateway.test.id
+
+  tags = var.resource_tags
+}
+
+variable "rName" {
+  description = "Name for resource"
+  type        = string
+  nullable    = false
+}
+
+variable "resource_tags" {
+  description = "Tags to set on resource. To specify no tags, set to `null`"
+  # Not setting a default, so that this must explicitly be set to `null` to specify no tags
+  type     = map(string)
+  nullable = true
+}
+
+variable "provider_tags" {
+  type     = map(string)
+  nullable = false
+}

internal/service/ec2/testdata/VPNConcentrator/tags_ignore/main_gen.tf

@@ -0,0 +1,48 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+provider "aws" {
+  default_tags {
+    tags = var.provider_tags
+  }
+  ignore_tags {
+    keys = var.ignore_tag_keys
+  }
+}
+
+resource "aws_ec2_transit_gateway" "test" {
+  tags = {
+    Name = var.rName
+  }
+}
+
+resource "aws_vpn_concentrator" "test" {
+  type               = "ipsec.1"
+  transit_gateway_id = aws_ec2_transit_gateway.test.id
+
+  tags = var.resource_tags
+}
+
+variable "rName" {
+  description = "Name for resource"
+  type        = string
+  nullable    = false
+}
+
+variable "resource_tags" {
+  description = "Tags to set on resource. To specify no tags, set to `null`"
+  # Not setting a default, so that this must explicitly be set to `null` to specify no tags
+  type     = map(string)
+  nullable = true
+}
+
+variable "provider_tags" {
+  type     = map(string)
+  nullable = true
+  default  = null
+}
+
+variable "ignore_tag_keys" {
+  type     = set(string)
+  nullable = false
+}

internal/service/ec2/testdata/tmpl/vpn_concentrator_tags.gtpl

@@ -0,0 +1,12 @@
+resource "aws_ec2_transit_gateway" "test" {
+  tags = {
+    Name = var.rName
+  }
+}
+
+resource "aws_vpn_concentrator" "test" {
+  type               = "ipsec.1"
+  transit_gateway_id = aws_ec2_transit_gateway.test.id
+
+{{- template "tags" . }}
+}