hashicorp · alexbacchin · Nov 14, 2024 · Nov 14, 2024 · Nov 14, 2024
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_route53_resolver_rule: Add `server_name_indication` argument to `target_ip` block
+```
@@ -112,6 +112,11 @@ func resourceRule() *schema.Resource {
 							Default:          awstypes.ProtocolDo53,
 							ValidateDiagFunc: enum.Validate[awstypes.Protocol](),
 						},
+						"server_name_indication": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validation.StringLenBetween(0, 255),
+						},
 					},
 				},
 			},
@@ -391,6 +396,9 @@ func expandRuleTargetIPs(vTargetIps *schema.Set) []awstypes.TargetAddress {
 		if vProtocol, ok := mTargetIp[names.AttrProtocol].(string); ok && vProtocol != "" {
 			targetAddress.Protocol = awstypes.Protocol(vProtocol)
 		}
+		if vServerNameIndication, ok := mTargetIp["server_name_indication"].(string); ok && vServerNameIndication != "" {
+			targetAddress.ServerNameIndication = aws.String(vServerNameIndication)
+		}
 
 		targetAddresses = append(targetAddresses, targetAddress)
 	}
@@ -407,10 +415,11 @@ func flattenRuleTargetIPs(targetAddresses []awstypes.TargetAddress) []interface{
 
 	for _, targetAddress := range targetAddresses {
 		mTargetIp := map[string]interface{}{
-			"ip":               aws.ToString(targetAddress.Ip),
-			"ipv6":             aws.ToString(targetAddress.Ipv6),
-			names.AttrPort:     int(aws.ToInt32(targetAddress.Port)),
-			names.AttrProtocol: targetAddress.Protocol,
+			"ip":                     aws.ToString(targetAddress.Ip),
+			"ipv6":                   aws.ToString(targetAddress.Ipv6),
+			names.AttrPort:           int(aws.ToInt32(targetAddress.Port)),
+			names.AttrProtocol:       targetAddress.Protocol,
+			"server_name_indication": aws.ToString(targetAddress.ServerNameIndication),
 		}
 
 		vTargetIps = append(vTargetIps, mTargetIp)

@@ -311,6 +311,7 @@ func TestAccRoute53ResolverRule_forwardMultiProtocol(t *testing.T) {
 	resourceName := "aws_route53_resolver_rule.test"
 	epResourceName := "aws_route53_resolver_endpoint.test.0"
 	domainName := acctest.RandomDomainName()
+	serverNameIndication := acctest.RandomDomainName()
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -356,6 +357,23 @@ func TestAccRoute53ResolverRule_forwardMultiProtocol(t *testing.T) {
 					}),
 				),
 			},
+			{
+				Config: testAccRuleConfig_forwardMultiProtocol_serverNameIndication(rName, domainName, serverNameIndication),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckRuleExists(ctx, resourceName, &rule),
+					resource.TestCheckResourceAttr(resourceName, names.AttrDomainName, domainName),
+					resource.TestCheckResourceAttr(resourceName, names.AttrName, rName),
+					resource.TestCheckResourceAttr(resourceName, "rule_type", "FORWARD"),
+					resource.TestCheckResourceAttrPair(resourceName, "resolver_endpoint_id", epResourceName, names.AttrID),
+					resource.TestCheckResourceAttr(resourceName, "target_ip.#", "1"),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "target_ip.*", map[string]string{
+						"ip":                     "192.0.2.6",
+						names.AttrPort:           "443",
+						names.AttrProtocol:       "DoH",
+						"server_name_indication": serverNameIndication,
+					}),
+				),
+			},
 			{
 				Config: testAccRuleConfig_forwardMultiProtocol(rName, domainName, "Do53"),
 				Check: resource.ComposeTestCheckFunc(
@@ -718,6 +736,25 @@ resource "aws_route53_resolver_rule" "test" {
 `, rName, domainName, protocol))
 }
 
+func testAccRuleConfig_forwardMultiProtocol_serverNameIndication(rName, domainName, sni string) string {
+	return acctest.ConfigCompose(testAccRuleConfig_resolverEndpointMultiProtocolBase(rName), fmt.Sprintf(`
+resource "aws_route53_resolver_rule" "test" {
+  domain_name = %[2]q
+  rule_type   = "FORWARD"
+  name        = %[1]q
+
+  resolver_endpoint_id = aws_route53_resolver_endpoint.test[0].id
+
+  target_ip {
+    ip                     = "192.0.2.6"
+    protocol               = "DoH"
+    port                   = 443
+    server_name_indication = %[3]q
+  }
+}
+`, rName, domainName, sni))
+}
+
 func testAccRuleConfig_forwardTargetIPChanged(rName, domainName string) string {
 	return acctest.ConfigCompose(testAccRuleConfig_resolverEndpointBase(rName), fmt.Sprintf(`
 resource "aws_route53_resolver_rule" "test" {

@@ -78,6 +78,7 @@ The `target_ip` object supports the following:
 * `ipv6` - (Optional) One IPv6 address that you want to forward DNS queries to.
 * `port` - (Optional) Port at `ip` that you want to forward DNS queries to. Default value is `53`.
 * `protocol` - (Optional) Protocol for the resolver endpoint. Valid values can be found in the [AWS documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_TargetAddress.html). Default value is `Do53`.
+* `server_name_indication` -  (Optional) The Server Name Indication of the DoH server that you want to forward queries to. This is only used if the `protocol` is `DoH`.
 
 ## Attribute Reference