From c0446a5968ceedc98a067f8602a78919b97121a5 Mon Sep 17 00:00:00 2001
From: rajbnag <rajbnag@amazon.com>
Date: Mon, 24 Apr 2023 12:27:59 +0100
Subject: [PATCH 01/11] Adding new resource aws_vpclatttice_resource_policy

---
 .../service/vpclattice/resource_policy.go     | 169 ++++++++++++++++++
 .../vpclattice/resource_policy_test.go        | 166 +++++++++++++++++
 .../service/vpclattice/service_package_gen.go |   5 +
 .../vpclattice_resource_policy.html.markdown  |  53 ++++++
 4 files changed, 393 insertions(+)
 create mode 100644 internal/service/vpclattice/resource_policy.go
 create mode 100644 internal/service/vpclattice/resource_policy_test.go
 create mode 100644 website/docs/r/vpclattice_resource_policy.html.markdown

diff --git a/internal/service/vpclattice/resource_policy.go b/internal/service/vpclattice/resource_policy.go
new file mode 100644
index 000000000000..15065a75776e
--- /dev/null
+++ b/internal/service/vpclattice/resource_policy.go
@@ -0,0 +1,169 @@
+package vpclattice
+
+import (
+	"context"
+	"errors"
+	"log"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/vpclattice"
+	"github.com/aws/aws-sdk-go-v2/service/vpclattice/types"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/create"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
+	"github.com/hashicorp/terraform-provider-aws/internal/verify"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+// Function annotations are used for resource registration to the Provider. DO NOT EDIT.
+// @SDKResource("aws_vpclattice_resource_policy", name="Resource Policy")
+func ResourceResourcePolicy() *schema.Resource {
+	return &schema.Resource{
+
+		CreateWithoutTimeout: resourceResourcePolicyPut,
+		ReadWithoutTimeout:   resourceResourcePolicyRead,
+		UpdateWithoutTimeout: resourceResourcePolicyPut,
+		DeleteWithoutTimeout: resourceResourcePolicyDelete,
+
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(30 * time.Minute),
+			Update: schema.DefaultTimeout(30 * time.Minute),
+			Delete: schema.DefaultTimeout(30 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"policy": {
+				Type:             schema.TypeString,
+				Required:         true,
+				ValidateFunc:     validation.StringIsJSON,
+				DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs,
+				StateFunc: func(v interface{}) string {
+					json, _ := structure.NormalizeJsonString(v)
+					return json
+				},
+			},
+			"resource_arn": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: verify.ValidARN,
+			},
+		},
+	}
+}
+
+const (
+	ResNameResourcePolicy = "Resource Policy"
+)
+
+func resourceResourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*conns.AWSClient).VPCLatticeClient()
+	resourceArn := d.Get("resource_arn").(string)
+
+	policy, err := structure.NormalizeJsonString(d.Get("policy").(string))
+
+	if err != nil {
+		return diag.Errorf("policy (%s) is invalid JSON: %s", policy, err)
+	}
+
+	in := &vpclattice.PutResourcePolicyInput{
+		ResourceArn: aws.String(resourceArn),
+		Policy:      aws.String(policy),
+	}
+
+	log.Printf("[DEBUG] Putting VPC Lattice Resource Policy for resource: %s", resourceArn)
+
+	_, err = conn.PutResourcePolicy(ctx, in)
+	if err != nil {
+		return create.DiagError(names.VPCLattice, create.ErrActionCreating, ResNameResourcePolicy, d.Get("policy").(string), err)
+	}
+
+	d.SetId(resourceArn)
+
+	return resourceResourcePolicyRead(ctx, d, meta)
+}
+
+func resourceResourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*conns.AWSClient).VPCLatticeClient()
+	resourceArn := d.Id()
+
+	log.Printf("[DEBUG] Reading VPC Lattice Resource Policy for resource: %s", resourceArn)
+
+	policy, err := findResourcePolicyByID(ctx, conn, resourceArn)
+	if !d.IsNewResource() && tfresource.NotFound(err) {
+		log.Printf("[WARN] VPCLattice ResourcePolicy (%s) not found, removing from state", d.Id())
+		d.SetId("")
+		return nil
+	}
+
+	if err != nil {
+		return create.DiagError(names.VPCLattice, create.ErrActionReading, ResNameResourcePolicy, d.Id(), err)
+	}
+
+	if policy == nil {
+		return create.DiagError(names.VPCLattice, create.ErrActionReading, ResNameResourcePolicy, d.Id(), err)
+	}
+
+	d.Set("resource_arn", resourceArn)
+
+	policyToSet, err := verify.PolicyToSet(d.Get("policy").(string), aws.ToString(policy.Policy))
+
+	if err != nil {
+		return diag.Errorf("setting policy %s: %s", aws.ToString(policy.Policy), err)
+	}
+
+	d.Set("policy", policyToSet)
+
+	return nil
+}
+
+func resourceResourcePolicyDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*conns.AWSClient).VPCLatticeClient()
+
+	log.Printf("[INFO] Deleting VPCLattice ResourcePolicy %s", d.Id())
+
+	_, err := conn.DeleteResourcePolicy(ctx, &vpclattice.DeleteResourcePolicyInput{
+		ResourceArn: aws.String(d.Id()),
+	})
+
+	if err != nil {
+		var nfe *types.ResourceNotFoundException
+		if errors.As(err, &nfe) {
+			return nil
+		}
+
+		return create.DiagError(names.VPCLattice, create.ErrActionDeleting, ResNameResourcePolicy, d.Id(), err)
+	}
+
+	return nil
+}
+
+func findResourcePolicyByID(ctx context.Context, conn *vpclattice.Client, id string) (*vpclattice.GetResourcePolicyOutput, error) {
+	in := &vpclattice.GetResourcePolicyInput{
+		ResourceArn: aws.String(id),
+	}
+	out, err := conn.GetResourcePolicy(ctx, in)
+	if err != nil {
+		var nfe *types.ResourceNotFoundException
+		if errors.As(err, &nfe) {
+			return nil, &retry.NotFoundError{
+				LastError:   err,
+				LastRequest: in,
+			}
+		}
+
+		return nil, err
+	}
+
+	return out, nil
+}
diff --git a/internal/service/vpclattice/resource_policy_test.go b/internal/service/vpclattice/resource_policy_test.go
new file mode 100644
index 000000000000..1e35f757019d
--- /dev/null
+++ b/internal/service/vpclattice/resource_policy_test.go
@@ -0,0 +1,166 @@
+package vpclattice_test
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/vpclattice"
+	"github.com/aws/aws-sdk-go-v2/service/vpclattice/types"
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/create"
+
+	tfvpclattice "github.com/hashicorp/terraform-provider-aws/internal/service/vpclattice"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccVPCLatticeResourcePolicy_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+
+	var resourcepolicy vpclattice.GetResourcePolicyOutput
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_vpclattice_resource_policy.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.VPCLatticeEndpointID)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.VPCLatticeEndpointID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckResourcePolicyDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccResourcePolicyConfig_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckResourcePolicyExists(ctx, resourceName, &resourcepolicy),
+					resource.TestMatchResourceAttr(resourceName, "policy", regexp.MustCompile(`"Action":"*"`)),
+					resource.TestCheckResourceAttrPair(resourceName, "resource_arn", "aws_vpclattice_service.test", "arn"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccVPCLatticeResourcePolicy_disappears(t *testing.T) {
+	ctx := acctest.Context(t)
+
+	var resourcepolicy vpclattice.GetResourcePolicyOutput
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_vpclattice_resource_policy.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.VPCLatticeEndpointID)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.VPCLatticeEndpointID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckResourcePolicyDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccResourcePolicyConfig_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckResourcePolicyExists(ctx, resourceName, &resourcepolicy),
+					acctest.CheckResourceDisappears(ctx, acctest.Provider, tfvpclattice.ResourceResourcePolicy(), resourceName),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
+func testAccCheckResourcePolicyDestroy(ctx context.Context) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn := acctest.Provider.Meta().(*conns.AWSClient).VPCLatticeClient()
+
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "aws_vpclattice_resource_policy" {
+				continue
+			}
+
+			policy, err := conn.GetResourcePolicy(ctx, &vpclattice.GetResourcePolicyInput{
+				ResourceArn: aws.String(rs.Primary.ID),
+			})
+			if err != nil {
+				var nfe *types.ResourceNotFoundException
+				if errors.As(err, &nfe) {
+					return nil
+				}
+				return err
+			}
+
+			if policy != nil {
+				return create.Error(names.VPCLattice, create.ErrActionCheckingDestroyed, tfvpclattice.ResNameResourcePolicy, rs.Primary.ID, errors.New("Resource Policy not destroyed"))
+			}
+
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckResourcePolicyExists(ctx context.Context, name string, resourcepolicy *vpclattice.GetResourcePolicyOutput) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return create.Error(names.VPCLattice, create.ErrActionCheckingExistence, tfvpclattice.ResNameResourcePolicy, name, errors.New("not found"))
+		}
+
+		if rs.Primary.ID == "" {
+			return create.Error(names.VPCLattice, create.ErrActionCheckingExistence, tfvpclattice.ResNameResourcePolicy, name, errors.New("not set"))
+		}
+
+		conn := acctest.Provider.Meta().(*conns.AWSClient).VPCLatticeClient()
+		resp, err := conn.GetResourcePolicy(ctx, &vpclattice.GetResourcePolicyInput{
+			ResourceArn: aws.String(rs.Primary.ID),
+		})
+
+		if err != nil {
+			return create.Error(names.VPCLattice, create.ErrActionCheckingExistence, tfvpclattice.ResNameResourcePolicy, rs.Primary.ID, err)
+		}
+
+		*resourcepolicy = *resp
+
+		return nil
+	}
+}
+
+func testAccResourcePolicyConfig_basic(rName string) string {
+	return fmt.Sprintf(`
+data "aws_partition" "current" {}
+
+data "aws_caller_identity" "current" {}
+
+resource "aws_vpclattice_service" "test" {
+		name               = %[1]q
+		auth_type          = "AWS_IAM"
+		custom_domain_name = "example.com"
+}
+
+resource "aws_vpclattice_service_network" "test" {
+  name = %[1]q
+}
+
+resource "aws_vpclattice_resource_policy" "test" {
+ 	 	resource_arn		= aws_vpclattice_service_network.test.arn
+		policy 				= <<EOT
+{"Version": "2012-10-17","Statement": [{"Sid": "test-pol-principals-4","Effect": "Allow","Principal": {"AWS": "arn:aws:iam::867034315045:root"},"Action": ["vpc-lattice:CreateServiceNetworkVpcAssociation","vpc-lattice:CreateServiceNetworkServiceAssociation","vpc-lattice:GetServiceNetwork"],"Resource": "arn:aws:vpc-lattice:us-west-2:818997251555:servicenetwork/sn-04a4ab5237c89b893"}]}
+EOT
+}
+`, rName)
+}
diff --git a/internal/service/vpclattice/service_package_gen.go b/internal/service/vpclattice/service_package_gen.go
index c4d9dc57fe8c..9e3b2adef070 100644
--- a/internal/service/vpclattice/service_package_gen.go
+++ b/internal/service/vpclattice/service_package_gen.go
@@ -51,6 +51,11 @@ func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePacka
 				IdentifierAttribute: "arn",
 			},
 		},
+		{
+			Factory:  ResourceResourcePolicy,
+			TypeName: "aws_vpclattice_resource_policy",
+			Name:     "Resource Policy",
+		},
 		{
 			Factory:  ResourceService,
 			TypeName: "aws_vpclattice_service",
diff --git a/website/docs/r/vpclattice_resource_policy.html.markdown b/website/docs/r/vpclattice_resource_policy.html.markdown
new file mode 100644
index 000000000000..240ad08f6de0
--- /dev/null
+++ b/website/docs/r/vpclattice_resource_policy.html.markdown
@@ -0,0 +1,53 @@
+---
+subcategory: "VPC Lattice"
+layout: "aws"
+page_title: "AWS: aws_vpclattice_resource_policy"
+description: |-
+  Terraform resource for managing an AWS VPC Lattice Resource Policy.
+---
+
+# Resource: aws_vpclattice_resource_policy
+
+Terraform resource for managing an AWS VPC Lattice Resource Policy.
+
+## Example Usage
+
+### Basic Usage
+
+```terraform
+resource "aws_vpclattice_resource_policy" "example" {
+}
+```
+
+## Argument Reference
+
+The following arguments are required:
+
+* `example_arg` - (Required) Concise argument description. Do not begin the description with "An", "The", "Defines", "Indicates", or "Specifies," as these are verbose. In other words, "Indicates the amount of storage," can be rewritten as "Amount of storage," without losing any information.
+
+The following arguments are optional:
+
+* `optional_arg` - (Optional) Concise argument description. Do not begin the description with "An", "The", "Defines", "Indicates", or "Specifies," as these are verbose. In other words, "Indicates the amount of storage," can be rewritten as "Amount of storage," without losing any information.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `arn` - ARN of the Resource Policy. Do not begin the description with "An", "The", "Defines", "Indicates", or "Specifies," as these are verbose. In other words, "Indicates the amount of storage," can be rewritten as "Amount of storage," without losing any information.
+* `example_attribute` - Concise description. Do not begin the description with "An", "The", "Defines", "Indicates", or "Specifies," as these are verbose. In other words, "Indicates the amount of storage," can be rewritten as "Amount of storage," without losing any information.
+
+## Timeouts
+
+[Configuration options](https://developer.hashicorp.com/terraform/language/resources/syntax#operation-timeouts):
+
+* `create` - (Default `60m`)
+* `update` - (Default `180m`)
+* `delete` - (Default `90m`)
+
+## Import
+
+VPC Lattice Resource Policy can be imported using the `example_id_arg`, e.g.,
+
+```
+$ terraform import aws_vpclattice_resource_policy.example rft-8012925589
+```

From 0e852caa4c57efeb7b5987b29d81ae86e3122714 Mon Sep 17 00:00:00 2001
From: rajbnag <rajbnag@amazon.com>
Date: Mon, 24 Apr 2023 17:03:04 +0100
Subject: [PATCH 02/11] New resource aws_vpclatttice_resource_policy

---
 .changelog/30900.txt                          |  3 ++
 .../vpclattice/resource_policy_test.go        | 32 ++++++++++------
 .../vpclattice_resource_policy.html.markdown  | 38 +++++++++++++------
 3 files changed, 50 insertions(+), 23 deletions(-)
 create mode 100644 .changelog/30900.txt

diff --git a/.changelog/30900.txt b/.changelog/30900.txt
new file mode 100644
index 000000000000..de37ee443985
--- /dev/null
+++ b/.changelog/30900.txt
@@ -0,0 +1,3 @@
+```release-note:new-resource
+aws_vpclattice_resource_policy
+```
\ No newline at end of file
diff --git a/internal/service/vpclattice/resource_policy_test.go b/internal/service/vpclattice/resource_policy_test.go
index 1e35f757019d..1692632dd2c2 100644
--- a/internal/service/vpclattice/resource_policy_test.go
+++ b/internal/service/vpclattice/resource_policy_test.go
@@ -42,8 +42,8 @@ func TestAccVPCLatticeResourcePolicy_basic(t *testing.T) {
 				Config: testAccResourcePolicyConfig_basic(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckResourcePolicyExists(ctx, resourceName, &resourcepolicy),
-					resource.TestMatchResourceAttr(resourceName, "policy", regexp.MustCompile(`"Action":"*"`)),
-					resource.TestCheckResourceAttrPair(resourceName, "resource_arn", "aws_vpclattice_service.test", "arn"),
+					resource.TestMatchResourceAttr(resourceName, "policy", regexp.MustCompile(`"vpc-lattice:CreateServiceNetworkVpcAssociation","vpc-lattice:CreateServiceNetworkServiceAssociation","vpc-lattice:GetServiceNetwork"`)),
+					resource.TestCheckResourceAttrPair(resourceName, "resource_arn", "aws_vpclattice_service_network.test", "arn"),
 				),
 			},
 			{
@@ -142,15 +142,8 @@ func testAccCheckResourcePolicyExists(ctx context.Context, name string, resource
 
 func testAccResourcePolicyConfig_basic(rName string) string {
 	return fmt.Sprintf(`
-data "aws_partition" "current" {}
-
 data "aws_caller_identity" "current" {}
 
-resource "aws_vpclattice_service" "test" {
-		name               = %[1]q
-		auth_type          = "AWS_IAM"
-		custom_domain_name = "example.com"
-}
 
 resource "aws_vpclattice_service_network" "test" {
   name = %[1]q
@@ -158,9 +151,24 @@ resource "aws_vpclattice_service_network" "test" {
 
 resource "aws_vpclattice_resource_policy" "test" {
  	 	resource_arn		= aws_vpclattice_service_network.test.arn
-		policy 				= <<EOT
-{"Version": "2012-10-17","Statement": [{"Sid": "test-pol-principals-4","Effect": "Allow","Principal": {"AWS": "arn:aws:iam::867034315045:root"},"Action": ["vpc-lattice:CreateServiceNetworkVpcAssociation","vpc-lattice:CreateServiceNetworkServiceAssociation","vpc-lattice:GetServiceNetwork"],"Resource": "arn:aws:vpc-lattice:us-west-2:818997251555:servicenetwork/sn-04a4ab5237c89b893"}]}
-EOT
+        policy = jsonencode({
+  Version = "2012-10-17",
+  Statement = [
+    {
+      Sid = "test-pol-principals-6"
+      Effect = "Allow"
+      Principal = {
+        "AWS" = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+      }
+      Action = [
+        "vpc-lattice:CreateServiceNetworkVpcAssociation",
+        "vpc-lattice:CreateServiceNetworkServiceAssociation",
+        "vpc-lattice:GetServiceNetwork"
+      ]
+      Resource ="${aws_vpclattice_service_network.test.arn}"
+    }
+  ]
+})
 }
 `, rName)
 }
diff --git a/website/docs/r/vpclattice_resource_policy.html.markdown b/website/docs/r/vpclattice_resource_policy.html.markdown
index 240ad08f6de0..a1838d0e872f 100644
--- a/website/docs/r/vpclattice_resource_policy.html.markdown
+++ b/website/docs/r/vpclattice_resource_policy.html.markdown
@@ -15,7 +15,32 @@ Terraform resource for managing an AWS VPC Lattice Resource Policy.
 ### Basic Usage
 
 ```terraform
+data "aws_caller_identity" "current" {}
+
+resource "aws_vpclattice_service_network" "example" {
+  name = "example-vpclattice-service-network"
+}
+
 resource "aws_vpclattice_resource_policy" "example" {
+  resource_arn  = aws_vpclattice_service_network.example.arn
+  policy        = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Sid    = "example-policy-statement"
+        Effect = "Allow"
+        Principal = {
+          "AWS" = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+        }
+        Action = [
+          "vpc-lattice:CreateServiceNetworkVpcAssociation",
+          "vpc-lattice:CreateServiceNetworkServiceAssociation",
+          "vpc-lattice:GetServiceNetwork"
+        ]
+        Resource = "${aws_vpclattice_service_network.example.arn}"
+      }
+    ]
+  })
 }
 ```
 
@@ -23,18 +48,9 @@ resource "aws_vpclattice_resource_policy" "example" {
 
 The following arguments are required:
 
-* `example_arg` - (Required) Concise argument description. Do not begin the description with "An", "The", "Defines", "Indicates", or "Specifies," as these are verbose. In other words, "Indicates the amount of storage," can be rewritten as "Amount of storage," without losing any information.
-
-The following arguments are optional:
-
-* `optional_arg` - (Optional) Concise argument description. Do not begin the description with "An", "The", "Defines", "Indicates", or "Specifies," as these are verbose. In other words, "Indicates the amount of storage," can be rewritten as "Amount of storage," without losing any information.
-
-## Attributes Reference
-
-In addition to all arguments above, the following attributes are exported:
+* `resource_arn` - (Required) The ID or Amazon Resource Name (ARN) of the service network or service for which the policy is created.
+* `policy` - (Required) An IAM policy. The policy string in JSON must not contain newlines or blank lines.
 
-* `arn` - ARN of the Resource Policy. Do not begin the description with "An", "The", "Defines", "Indicates", or "Specifies," as these are verbose. In other words, "Indicates the amount of storage," can be rewritten as "Amount of storage," without losing any information.
-* `example_attribute` - Concise description. Do not begin the description with "An", "The", "Defines", "Indicates", or "Specifies," as these are verbose. In other words, "Indicates the amount of storage," can be rewritten as "Amount of storage," without losing any information.
 
 ## Timeouts
 

From 95b81d71f9550643760eed42f39984a05ad1c887 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Mon, 1 May 2023 16:35:23 -0400
Subject: [PATCH 03/11] Fix terrafmt errors.

---
 .../service/vpclattice/resource_policy_test.go | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/internal/service/vpclattice/resource_policy_test.go b/internal/service/vpclattice/resource_policy_test.go
index 1692632dd2c2..65232373a2bf 100644
--- a/internal/service/vpclattice/resource_policy_test.go
+++ b/internal/service/vpclattice/resource_policy_test.go
@@ -144,17 +144,16 @@ func testAccResourcePolicyConfig_basic(rName string) string {
 	return fmt.Sprintf(`
 data "aws_caller_identity" "current" {}
 
-
 resource "aws_vpclattice_service_network" "test" {
   name = %[1]q
 }
 
 resource "aws_vpclattice_resource_policy" "test" {
- 	 	resource_arn		= aws_vpclattice_service_network.test.arn
-        policy = jsonencode({
-  Version = "2012-10-17",
-  Statement = [
-    {
+  resource_arn		= aws_vpclattice_service_network.test.arn
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [{
       Sid = "test-pol-principals-6"
       Effect = "Allow"
       Principal = {
@@ -165,10 +164,9 @@ resource "aws_vpclattice_resource_policy" "test" {
         "vpc-lattice:CreateServiceNetworkServiceAssociation",
         "vpc-lattice:GetServiceNetwork"
       ]
-      Resource ="${aws_vpclattice_service_network.test.arn}"
-    }
-  ]
-})
+      Resource =aws_vpclattice_service_network.test.arn
+    }]
+  })
 }
 `, rName)
 }

From 9179826705f1f5836c79f91295bfbb1af3730f75 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Mon, 1 May 2023 16:41:04 -0400
Subject: [PATCH 04/11] Fix providerlint 'AWSAT005: avoid hardcoded ARN AWS
 partitions, use aws_partition data source'.

---
 internal/service/vpclattice/resource_policy_test.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/internal/service/vpclattice/resource_policy_test.go b/internal/service/vpclattice/resource_policy_test.go
index 65232373a2bf..dce5861d3f8c 100644
--- a/internal/service/vpclattice/resource_policy_test.go
+++ b/internal/service/vpclattice/resource_policy_test.go
@@ -143,13 +143,14 @@ func testAccCheckResourcePolicyExists(ctx context.Context, name string, resource
 func testAccResourcePolicyConfig_basic(rName string) string {
 	return fmt.Sprintf(`
 data "aws_caller_identity" "current" {}
+data "aws_partition" "current" {}
 
 resource "aws_vpclattice_service_network" "test" {
   name = %[1]q
 }
 
 resource "aws_vpclattice_resource_policy" "test" {
-  resource_arn		= aws_vpclattice_service_network.test.arn
+  resource_arn = aws_vpclattice_service_network.test.arn
 
   policy = jsonencode({
     Version = "2012-10-17",
@@ -157,7 +158,7 @@ resource "aws_vpclattice_resource_policy" "test" {
       Sid = "test-pol-principals-6"
       Effect = "Allow"
       Principal = {
-        "AWS" = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+        "AWS" = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"
       }
       Action = [
         "vpc-lattice:CreateServiceNetworkVpcAssociation",

From 5983c1cec9aa3164debe73efa61132fe939bfe14 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Mon, 1 May 2023 16:42:10 -0400
Subject: [PATCH 05/11] Fix golangci-lint 'whitespace'.

---
 internal/service/vpclattice/resource_policy_test.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/internal/service/vpclattice/resource_policy_test.go b/internal/service/vpclattice/resource_policy_test.go
index dce5861d3f8c..cf745015a536 100644
--- a/internal/service/vpclattice/resource_policy_test.go
+++ b/internal/service/vpclattice/resource_policy_test.go
@@ -107,7 +107,6 @@ func testAccCheckResourcePolicyDestroy(ctx context.Context) resource.TestCheckFu
 			if policy != nil {
 				return create.Error(names.VPCLattice, create.ErrActionCheckingDestroyed, tfvpclattice.ResNameResourcePolicy, rs.Primary.ID, errors.New("Resource Policy not destroyed"))
 			}
-
 		}
 
 		return nil

From ddd4942779a81ddbb21559b7df0ff9b066f5e898 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Mon, 1 May 2023 16:44:31 -0400
Subject: [PATCH 06/11] Fix importlint error.

---
 internal/service/vpclattice/resource_policy_test.go     | 1 -
 website/docs/r/vpclattice_resource_policy.html.markdown | 1 -
 2 files changed, 2 deletions(-)

diff --git a/internal/service/vpclattice/resource_policy_test.go b/internal/service/vpclattice/resource_policy_test.go
index cf745015a536..a71928f7054b 100644
--- a/internal/service/vpclattice/resource_policy_test.go
+++ b/internal/service/vpclattice/resource_policy_test.go
@@ -16,7 +16,6 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/create"
-
 	tfvpclattice "github.com/hashicorp/terraform-provider-aws/internal/service/vpclattice"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
diff --git a/website/docs/r/vpclattice_resource_policy.html.markdown b/website/docs/r/vpclattice_resource_policy.html.markdown
index a1838d0e872f..5a09ba05db13 100644
--- a/website/docs/r/vpclattice_resource_policy.html.markdown
+++ b/website/docs/r/vpclattice_resource_policy.html.markdown
@@ -51,7 +51,6 @@ The following arguments are required:
 * `resource_arn` - (Required) The ID or Amazon Resource Name (ARN) of the service network or service for which the policy is created.
 * `policy` - (Required) An IAM policy. The policy string in JSON must not contain newlines or blank lines.
 
-
 ## Timeouts
 
 [Configuration options](https://developer.hashicorp.com/terraform/language/resources/syntax#operation-timeouts):

From 285d6fe4dbdb43a9f9dbf8b4c805c1f400f72d16 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Mon, 1 May 2023 16:46:01 -0400
Subject: [PATCH 07/11] Fix terrafmt errors in documentation.

---
 .../vpclattice_resource_policy.html.markdown  | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/website/docs/r/vpclattice_resource_policy.html.markdown b/website/docs/r/vpclattice_resource_policy.html.markdown
index 5a09ba05db13..7659374e0a4b 100644
--- a/website/docs/r/vpclattice_resource_policy.html.markdown
+++ b/website/docs/r/vpclattice_resource_policy.html.markdown
@@ -16,30 +16,30 @@ Terraform resource for managing an AWS VPC Lattice Resource Policy.
 
 ```terraform
 data "aws_caller_identity" "current" {}
+data "aws_partition" "current" {}
 
 resource "aws_vpclattice_service_network" "example" {
   name = "example-vpclattice-service-network"
 }
 
 resource "aws_vpclattice_resource_policy" "example" {
-  resource_arn  = aws_vpclattice_service_network.example.arn
-  policy        = jsonencode({
+  resource_arn = aws_vpclattice_service_network.example.arn
+
+  policy = jsonencode({
     Version = "2012-10-17",
-    Statement = [
-      {
-        Sid    = "example-policy-statement"
-        Effect = "Allow"
-        Principal = {
-          "AWS" = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
-        }
-        Action = [
-          "vpc-lattice:CreateServiceNetworkVpcAssociation",
-          "vpc-lattice:CreateServiceNetworkServiceAssociation",
-          "vpc-lattice:GetServiceNetwork"
-        ]
-        Resource = "${aws_vpclattice_service_network.example.arn}"
+    Statement = [{
+      Sid = "test-pol-principals-6"
+      Effect = "Allow"
+      Principal = {
+        "AWS" = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"
       }
-    ]
+      Action = [
+        "vpc-lattice:CreateServiceNetworkVpcAssociation",
+        "vpc-lattice:CreateServiceNetworkServiceAssociation",
+        "vpc-lattice:GetServiceNetwork"
+      ]
+      Resource =aws_vpclattice_service_network.example.arn
+    }]
   })
 }
 ```

From f3338dc8833f2db032a68f48a642b4d97ce9b356 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Mon, 1 May 2023 16:48:39 -0400
Subject: [PATCH 08/11] r/aws_vpclattice_resource_policy: Tidy up.

---
 internal/service/vpclattice/resource_policy.go  | 17 +++--------------
 .../r/vpclattice_resource_policy.html.markdown  | 10 +---------
 2 files changed, 4 insertions(+), 23 deletions(-)

diff --git a/internal/service/vpclattice/resource_policy.go b/internal/service/vpclattice/resource_policy.go
index 15065a75776e..8f467aab3fa0 100644
--- a/internal/service/vpclattice/resource_policy.go
+++ b/internal/service/vpclattice/resource_policy.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"log"
-	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/vpclattice"
@@ -25,7 +24,6 @@ import (
 // @SDKResource("aws_vpclattice_resource_policy", name="Resource Policy")
 func ResourceResourcePolicy() *schema.Resource {
 	return &schema.Resource{
-
 		CreateWithoutTimeout: resourceResourcePolicyPut,
 		ReadWithoutTimeout:   resourceResourcePolicyRead,
 		UpdateWithoutTimeout: resourceResourcePolicyPut,
@@ -35,12 +33,6 @@ func ResourceResourcePolicy() *schema.Resource {
 			StateContext: schema.ImportStatePassthroughContext,
 		},
 
-		Timeouts: &schema.ResourceTimeout{
-			Create: schema.DefaultTimeout(30 * time.Minute),
-			Update: schema.DefaultTimeout(30 * time.Minute),
-			Delete: schema.DefaultTimeout(30 * time.Minute),
-		},
-
 		Schema: map[string]*schema.Schema{
 			"policy": {
 				Type:             schema.TypeString,
@@ -81,9 +73,8 @@ func resourceResourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta
 		Policy:      aws.String(policy),
 	}
 
-	log.Printf("[DEBUG] Putting VPC Lattice Resource Policy for resource: %s", resourceArn)
-
 	_, err = conn.PutResourcePolicy(ctx, in)
+
 	if err != nil {
 		return create.DiagError(names.VPCLattice, create.ErrActionCreating, ResNameResourcePolicy, d.Get("policy").(string), err)
 	}
@@ -95,9 +86,8 @@ func resourceResourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta
 
 func resourceResourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	conn := meta.(*conns.AWSClient).VPCLatticeClient()
-	resourceArn := d.Id()
 
-	log.Printf("[DEBUG] Reading VPC Lattice Resource Policy for resource: %s", resourceArn)
+	resourceArn := d.Id()
 
 	policy, err := findResourcePolicyByID(ctx, conn, resourceArn)
 	if !d.IsNewResource() && tfresource.NotFound(err) {
@@ -130,8 +120,7 @@ func resourceResourcePolicyRead(ctx context.Context, d *schema.ResourceData, met
 func resourceResourcePolicyDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	conn := meta.(*conns.AWSClient).VPCLatticeClient()
 
-	log.Printf("[INFO] Deleting VPCLattice ResourcePolicy %s", d.Id())
-
+	log.Printf("[INFO] Deleting VPCLattice ResourcePolicy: %s", d.Id())
 	_, err := conn.DeleteResourcePolicy(ctx, &vpclattice.DeleteResourcePolicyInput{
 		ResourceArn: aws.String(d.Id()),
 	})
diff --git a/website/docs/r/vpclattice_resource_policy.html.markdown b/website/docs/r/vpclattice_resource_policy.html.markdown
index 7659374e0a4b..51827b3d5fa9 100644
--- a/website/docs/r/vpclattice_resource_policy.html.markdown
+++ b/website/docs/r/vpclattice_resource_policy.html.markdown
@@ -51,17 +51,9 @@ The following arguments are required:
 * `resource_arn` - (Required) The ID or Amazon Resource Name (ARN) of the service network or service for which the policy is created.
 * `policy` - (Required) An IAM policy. The policy string in JSON must not contain newlines or blank lines.
 
-## Timeouts
-
-[Configuration options](https://developer.hashicorp.com/terraform/language/resources/syntax#operation-timeouts):
-
-* `create` - (Default `60m`)
-* `update` - (Default `180m`)
-* `delete` - (Default `90m`)
-
 ## Import
 
-VPC Lattice Resource Policy can be imported using the `example_id_arg`, e.g.,
+VPC Lattice Resource Policy can be imported using the `resource_arn`, e.g.,
 
 ```
 $ terraform import aws_vpclattice_resource_policy.example rft-8012925589

From e5675045a90cf654a4e4d17a7b224996d5ec6602 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Mon, 1 May 2023 16:51:13 -0400
Subject: [PATCH 09/11] Fix terrafmt errors in acceptance test configuration.

---
 internal/service/vpclattice/resource_policy_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/service/vpclattice/resource_policy_test.go b/internal/service/vpclattice/resource_policy_test.go
index a71928f7054b..5344d5e906f3 100644
--- a/internal/service/vpclattice/resource_policy_test.go
+++ b/internal/service/vpclattice/resource_policy_test.go
@@ -153,7 +153,7 @@ resource "aws_vpclattice_resource_policy" "test" {
   policy = jsonencode({
     Version = "2012-10-17",
     Statement = [{
-      Sid = "test-pol-principals-6"
+      Sid    = "test-pol-principals-6"
       Effect = "Allow"
       Principal = {
         "AWS" = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"
@@ -163,7 +163,7 @@ resource "aws_vpclattice_resource_policy" "test" {
         "vpc-lattice:CreateServiceNetworkServiceAssociation",
         "vpc-lattice:GetServiceNetwork"
       ]
-      Resource =aws_vpclattice_service_network.test.arn
+      Resource = aws_vpclattice_service_network.test.arn
     }]
   })
 }

From b2b502a16348b9a45e6171008163f9763223b072 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Mon, 1 May 2023 16:51:38 -0400
Subject: [PATCH 10/11] Fix terrafmt errors in documentation.

---
 website/docs/r/vpclattice_resource_policy.html.markdown | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/docs/r/vpclattice_resource_policy.html.markdown b/website/docs/r/vpclattice_resource_policy.html.markdown
index 51827b3d5fa9..4f9a0239f61d 100644
--- a/website/docs/r/vpclattice_resource_policy.html.markdown
+++ b/website/docs/r/vpclattice_resource_policy.html.markdown
@@ -28,7 +28,7 @@ resource "aws_vpclattice_resource_policy" "example" {
   policy = jsonencode({
     Version = "2012-10-17",
     Statement = [{
-      Sid = "test-pol-principals-6"
+      Sid    = "test-pol-principals-6"
       Effect = "Allow"
       Principal = {
         "AWS" = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"
@@ -38,7 +38,7 @@ resource "aws_vpclattice_resource_policy" "example" {
         "vpc-lattice:CreateServiceNetworkServiceAssociation",
         "vpc-lattice:GetServiceNetwork"
       ]
-      Resource =aws_vpclattice_service_network.example.arn
+      Resource = aws_vpclattice_service_network.example.arn
     }]
   })
 }

From fb0ce097efe859f3a1382668710281fe125c3d78 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Mon, 1 May 2023 17:09:32 -0400
Subject: [PATCH 11/11] Fix tfproviderdocs 'missing attributes section: ##
 Attributes Reference'.

---
 website/docs/r/vpclattice_resource_policy.html.markdown | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/website/docs/r/vpclattice_resource_policy.html.markdown b/website/docs/r/vpclattice_resource_policy.html.markdown
index 4f9a0239f61d..e50e9ad31616 100644
--- a/website/docs/r/vpclattice_resource_policy.html.markdown
+++ b/website/docs/r/vpclattice_resource_policy.html.markdown
@@ -51,6 +51,10 @@ The following arguments are required:
 * `resource_arn` - (Required) The ID or Amazon Resource Name (ARN) of the service network or service for which the policy is created.
 * `policy` - (Required) An IAM policy. The policy string in JSON must not contain newlines or blank lines.
 
+## Attributes Reference
+
+No additional attributes are exported.
+
 ## Import
 
 VPC Lattice Resource Policy can be imported using the `resource_arn`, e.g.,