hashicorp
diff --git a/‎.changelog/45217.txt‎
Lines changed: 3 additions & 0 deletions b/‎.changelog/45217.txt‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎internal/acctest/import.go‎
Lines changed: 7 additions & 0 deletions b/‎internal/acctest/import.go‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎internal/generate/identitytests/resource_test.go.gtpl‎
Lines changed: 9 additions & 3 deletions b/‎internal/generate/identitytests/resource_test.go.gtpl‎
Lines changed: 9 additions & 3 deletions
diff --git a/‎internal/generate/servicepackage/service_package_gen.go.gtpl‎
Lines changed: 2 additions & 2 deletions b/‎internal/generate/servicepackage/service_package_gen.go.gtpl‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎internal/service/iam/exports_test.go‎
Lines changed: 23 additions & 21 deletions b/‎internal/service/iam/exports_test.go‎
Lines changed: 23 additions & 21 deletions
diff --git a/‎internal/service/iam/outbound_web_identity_federation.go‎
Lines changed: 149 additions & 0 deletions b/‎internal/service/iam/outbound_web_identity_federation.go‎
Lines changed: 149 additions & 0 deletions
diff --git a/‎internal/service/iam/outbound_web_identity_federation_identity_gen_test.go‎
Lines changed: 95 additions & 0 deletions b/‎internal/service/iam/outbound_web_identity_federation_identity_gen_test.go‎
Lines changed: 95 additions & 0 deletions
@@ -0,0 +1,3 @@
+```release-note:new-resource
+aws_iam_outbound_web_identity_federation
+```
@@ -4,6 +4,7 @@
 package acctest
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"regexp"
@@ -84,3 +85,9 @@ func ImportCheckResourceAttrSet(key string) resource.ImportStateCheckFunc {
 		return nil
 	}
 }
+
+func ImportStateIDAccountID(ctx context.Context) resource.ImportStateIdFunc {
+	return func(*terraform.State) (string, error) {
+		return AccountID(ctx), nil
+	}
+}
@@ -138,7 +138,9 @@ ImportPlanChecks: resource.ImportPlanChecks{
 		{{ else if .IsRegionalSingleton -}}
 			plancheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrID), knownvalue.StringExact(acctest.Region())),
 		{{ else if .IsGlobalSingleton -}}
-			plancheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrID), tfknownvalue.AccountID()),
+			{{ if .HasIdentityDuplicateAttrs -}}
+				plancheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrID), tfknownvalue.AccountID()),
+			{{ end -}}
 		{{ else if .HasIDAttrDuplicates -}}
 			plancheck.ExpectKnownValue(resourceName, tfjsonpath.New({{ .IDAttrDuplicates }}), knownvalue.NotNull()),
 			plancheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrID), knownvalue.NotNull()),
@@ -181,7 +183,9 @@ ImportPlanChecks: resource.ImportPlanChecks{
 		{{ else if .IsRegionalSingleton -}}
 			plancheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrID), knownvalue.StringExact(acctest.AlternateRegion())),
 		{{ else if .IsGlobalSingleton -}}
-			plancheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrID), tfknownvalue.AccountID()),
+			{{ if .HasIdentityDuplicateAttrs -}}
+				plancheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrID), tfknownvalue.AccountID()),
+			{{ end -}}
 		{{ else if gt (len .IdentityAttributes) 0 -}}
 			{{ range .IdentityAttributes -}}
 				plancheck.ExpectKnownValue(resourceName, tfjsonpath.New({{ .Name }}), knownvalue.NotNull()),
@@ -272,7 +276,9 @@ func {{ template "testname" . }}_Identity_Basic(t *testing.T) {
 						{{ end -}}
 					{{ end -}}
 					{{ if .IsGlobalSingleton -}}
-						statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrID), tfknownvalue.AccountID()),
+						{{ if .HasIdentityDuplicateAttrs -}}
+							statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrID), tfknownvalue.AccountID()),
+						{{ end -}}
 					{{ else if .HasIdentityDuplicateAttrs -}}
 						{{ range .IdentityDuplicateAttrs -}}
 							statecheck.CompareValuePairs(resourceName, tfjsonpath.New({{ . }}), resourceName, tfjsonpath.New({{ $.IdentityAttribute }}), compare.ValuesSame()),
 
@@ -249,7 +249,7 @@ func (p *servicePackage) FrameworkResources(ctx context.Context) []*inttypes.Ser
 							{{- end -}}
 							{{- template "CommonIdentityOpts" . -}}
 						),
-					{{ else }}
+					{{- else }}
 						inttypes.RegionalSingletonIdentity(
 							{{- if .HasIdentityDuplicateAttrs -}}
 								inttypes.WithIdentityDuplicateAttrs({{ range .IdentityDuplicateAttrs }}{{ . }}, {{ end }}),
@@ -379,7 +379,7 @@ func (p *servicePackage) FrameworkListResources(ctx context.Context) iter.Seq[*i
 							{{- end -}}
 							{{- template "CommonIdentityOpts" . -}}
 						),
-					{{ else }}
+					{{- else }}
 						inttypes.RegionalSingletonIdentity(
 							{{- if .HasIdentityDuplicateAttrs -}}
 								inttypes.WithIdentityDuplicateAttrs({{ range .IdentityDuplicateAttrs }}{{ . }}, {{ end }}),
 
@@ -10,27 +10,28 @@ var (
 	ResourceAccountPasswordPolicy = resourceAccountPasswordPolicy
 	ResourceGroup                 = resourceGroup
 	// ResourceGroupMembership       = resourceGroupMembership
-	ResourceGroupPolicy               = resourceGroupPolicy
-	ResourceGroupPolicyAttachment     = resourceGroupPolicyAttachment
-	ResourceInstanceProfile           = resourceInstanceProfile
-	ResourceOpenIDConnectProvider     = resourceOpenIDConnectProvider
-	ResourceOrganizationsFeatures     = newOrganizationsFeaturesResource
-	ResourcePolicy                    = resourcePolicy
-	ResourcePolicyAttachment          = resourcePolicyAttachment
-	ResourceRolePolicy                = resourceRolePolicy
-	ResourceRolePolicyAttachment      = resourceRolePolicyAttachment
-	ResourceSAMLProvider              = resourceSAMLProvider
-	ResourceServerCertificate         = resourceServerCertificate
-	ResourceServiceLinkedRole         = resourceServiceLinkedRole
-	ResourceServiceSpecificCredential = resourceServiceSpecificCredential
-	ResourceSigningCertificate        = resourceSigningCertificate
-	ResourceUser                      = resourceUser
-	ResourceUserGroupMembership       = resourceUserGroupMembership
-	ResourceUserLoginProfile          = resourceUserLoginProfile
-	ResourceUserPolicy                = resourceUserPolicy
-	ResourceUserPolicyAttachment      = resourceUserPolicyAttachment
-	ResourceUserSSHKey                = resourceUserSSHKey
-	ResourceVirtualMFADevice          = resourceVirtualMFADevice
+	ResourceGroupPolicy                   = resourceGroupPolicy
+	ResourceGroupPolicyAttachment         = resourceGroupPolicyAttachment
+	ResourceInstanceProfile               = resourceInstanceProfile
+	ResourceOpenIDConnectProvider         = resourceOpenIDConnectProvider
+	ResourceOrganizationsFeatures         = newOrganizationsFeaturesResource
+	ResourceOutboundWebIdentityFederation = newOutboundWebIdentityFederationResource
+	ResourcePolicy                        = resourcePolicy
+	ResourcePolicyAttachment              = resourcePolicyAttachment
+	ResourceRolePolicy                    = resourceRolePolicy
+	ResourceRolePolicyAttachment          = resourceRolePolicyAttachment
+	ResourceSAMLProvider                  = resourceSAMLProvider
+	ResourceServerCertificate             = resourceServerCertificate
+	ResourceServiceLinkedRole             = resourceServiceLinkedRole
+	ResourceServiceSpecificCredential     = resourceServiceSpecificCredential
+	ResourceSigningCertificate            = resourceSigningCertificate
+	ResourceUser                          = resourceUser
+	ResourceUserGroupMembership           = resourceUserGroupMembership
+	ResourceUserLoginProfile              = resourceUserLoginProfile
+	ResourceUserPolicy                    = resourceUserPolicy
+	ResourceUserPolicyAttachment          = resourceUserPolicyAttachment
+	ResourceUserSSHKey                    = resourceUserSSHKey
+	ResourceVirtualMFADevice              = resourceVirtualMFADevice
 
 	FindAccessKeyByTwoPartKey                   = findAccessKeyByTwoPartKey
 	FindAccountAlias                            = findAccountAlias
@@ -49,6 +50,7 @@ var (
 	FindInstanceProfileByName                   = findInstanceProfileByName
 	FindOpenIDConnectProviderByARN              = findOpenIDConnectProviderByARN
 	FindOrganizationsFeatures                   = findOrganizationsFeatures
+	FindOutboundWebIdentityFederation           = findOutboundWebIdentityFederation
 	FindPolicyByARN                             = findPolicyByARN
 	FindRolePolicyByTwoPartKey                  = findRolePolicyByTwoPartKey
 	FindRolePoliciesByName                      = findRolePoliciesByName
 
@@ -0,0 +1,149 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package iam
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/iam"
+	awstypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/fwdiag"
+	"github.com/hashicorp/terraform-provider-aws/internal/framework"
+	fwflex "github.com/hashicorp/terraform-provider-aws/internal/framework/flex"
+	"github.com/hashicorp/terraform-provider-aws/internal/retry"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
+)
+
+// @FrameworkResource("aws_iam_outbound_web_identity_federation", name="Outbound Web Identity Federation")
+// @SingletonIdentity
+// @Testing(hasNoPreExistingResource=true)
+// @Testing(serialize=true)
+// @Testing(importStateIdFunc=importStateIDAccountID", importStateIdAttribute="issuer_identifier")
+// @Testing(generator=false)
+// @Testing(existsTakesT=true, destroyTakesT=true)
+func newOutboundWebIdentityFederationResource(_ context.Context) (resource.ResourceWithConfigure, error) {
+	r := &outboundWebIdentityFederationResource{}
+
+	return r, nil
+}
+
+type outboundWebIdentityFederationResource struct {
+	framework.ResourceWithModel[outboundWebIdentityFederationResourceModel]
+	framework.WithNoUpdate
+	framework.WithImportByIdentity
+}
+
+func (r *outboundWebIdentityFederationResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: map[string]schema.Attribute{
+			"issuer_identifier": schema.StringAttribute{
+				Computed: true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.UseStateForUnknown(),
+				},
+			},
+		},
+	}
+}
+
+func (r *outboundWebIdentityFederationResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data outboundWebIdentityFederationResourceModel
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	conn := r.Meta().IAMClient(ctx)
+
+	var input iam.EnableOutboundWebIdentityFederationInput
+	out, err := conn.EnableOutboundWebIdentityFederation(ctx, &input)
+	if err != nil {
+		resp.Diagnostics.AddError("enabling IAM Outbound Web Identity Federation", err.Error())
+		return
+	}
+
+	// Set values for unknowns.
+	data.IssuerIdentifier = fwflex.StringToFramework(ctx, out.IssuerIdentifier)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, data)...)
+}
+
+func (r *outboundWebIdentityFederationResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data outboundWebIdentityFederationResourceModel
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	conn := r.Meta().IAMClient(ctx)
+
+	out, err := findOutboundWebIdentityFederation(ctx, conn)
+	if retry.NotFound(err) {
+		resp.Diagnostics.Append(fwdiag.NewResourceNotFoundWarningDiagnostic(err))
+		resp.State.RemoveResource(ctx)
+		return
+	}
+	if err != nil {
+		resp.Diagnostics.AddError("reading IAM Outbound Web Identity Federation", err.Error())
+		return
+	}
+
+	// Set attributes for import.
+	data.IssuerIdentifier = fwflex.StringToFramework(ctx, out.IssuerIdentifier)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *outboundWebIdentityFederationResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	conn := r.Meta().IAMClient(ctx)
+
+	var input iam.DisableOutboundWebIdentityFederationInput
+	_, err := conn.DisableOutboundWebIdentityFederation(ctx, &input)
+	if errs.IsA[*awstypes.FeatureDisabledException](err) {
+		return
+	}
+	if err != nil {
+		resp.Diagnostics.AddError("disabling IAM Outbound Web Identity Federation", err.Error())
+		return
+	}
+}
+
+func (r *outboundWebIdentityFederationResource) ImportState(ctx context.Context, request resource.ImportStateRequest, response *resource.ImportStateResponse) {
+	r.WithImportByIdentity.ImportState(ctx, request, response)
+
+	// Touch a value to bypass a Framework check
+	response.Diagnostics.Append(response.State.SetAttribute(ctx, path.Root("issuer_identifier"), types.StringUnknown())...)
+}
+
+func findOutboundWebIdentityFederation(ctx context.Context, conn *iam.Client) (*iam.GetOutboundWebIdentityFederationInfoOutput, error) {
+	var input iam.GetOutboundWebIdentityFederationInfoInput
+	out, err := conn.GetOutboundWebIdentityFederationInfo(ctx, &input)
+
+	if errs.IsA[*awstypes.FeatureDisabledException](err) {
+		return nil, &retry.NotFoundError{
+			LastError: err,
+		}
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if out == nil {
+		return nil, tfresource.NewEmptyResultError(&input)
+	}
+
+	return out, nil
+}
+
+type outboundWebIdentityFederationResourceModel struct {
+	IssuerIdentifier types.String `tfsdk:"issuer_identifier"`
+}
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:new-resource
	`2`	`+aws_iam_outbound_web_identity_federation`
	`3`	+```