Fix crash on unsuccessful flow log creation

[phy1729]

Changes proposed in this pull request:

• Error instead of crashing when the flow log's destination S3 bucket is not accessible.

Crash reproducer:

resource "aws_vpc" "main" {
  cidr_block = "10.17.29.0/24"
}

resource "aws_flow_log" "main" {
  log_destination_type = "s3"
  log_destination      = "arn:aws:s3:::does-not-exist"
  vpc_id               = "${aws_vpc.main.id}"
  traffic_type         = "ALL"
}

Actual output:

panic: runtime error: index out of range
[... crash text ...]

due to https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_flow_log.go#L149 referencing the 0th element of the empty list resp.FlowLogIds

Output with PR:

Error: Error applying plan:

1 error(s) occurred:

* aws_flow_log.main: 1 error(s) occurred:

* aws_flow_log.main: Error creating Flow Log for (vpc-X), error: Access Denied for LogDestination: does-not-exist. Please check LogDestination permission

[bflad]

Thanks for the detailed pull request summary and fix, @phy1729! Using your information, I was able to recreate the panic in an acceptance test and ensure that the fix is covered in the future. 🚀

func TestAccAWSFlowLog_LogDestinationType_S3_Invalid(t *testing.T) {
	rName := acctest.RandomWithPrefix("tf-acc-test-flow-log-s3-invalid")

	resource.ParallelTest(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckFlowLogDestroy,
		Steps: []resource.TestStep{
			{
				Config:      testAccFlowLogConfig_LogDestinationType_S3_Invalid(rName),
				ExpectError: regexp.MustCompile(`Access Denied for LogDestination`),
			},
		},
	})
}

func testAccFlowLogConfig_LogDestinationType_S3_Invalid(rName string) string {
	return fmt.Sprintf(`
resource "aws_vpc" "test" {
  cidr_block = "10.0.0.0/16"

  tags = {
    Name = %q
  }
}

resource "aws_flow_log" "test" {
  log_destination      = "arn:aws:s3:::does-not-exist"
  log_destination_type = "s3"
  traffic_type         = "ALL"
  vpc_id               = "${aws_vpc.test.id}"
}
`, rName)
}

Output from acceptance testing (before fix):

=== CONT  TestAccAWSFlowLog_LogDestinationType_S3_Invalid
panic: runtime error: index out of range

goroutine 249 [running]:
github.com/terraform-providers/terraform-provider-aws/aws.resourceAwsLogFlowCreate(0xc000a38fc0, 0x4838760, 0xc0004c1800, 0xc000a38fc0, 0x0)
	/Users/bflad/src/github.com/terraform-providers/terraform-provider-aws/aws/resource_aws_flow_log.go:149 +0xc6e
github.com/hashicorp/terraform/helper/schema.(*Resource).Apply(0xc00024fc70, 0xc0004fad70, 0xc0007187a0, 0x4838760, 0xc0004c1800, 0xc000510e01, 0x31, 0x0)
	/Users/bflad/go/pkg/mod/github.com/hashicorp/terraform@v0.11.9-beta1/helper/schema/resource.go:225 +0x351

Output from acceptance testing (after fix):

--- PASS: TestAccAWSFlowLog_LogDestinationType_S3_Invalid (74.41s)

[bflad]

This has been released in version 1.60.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!