Firewall Manager - FMS: take into account ResourceTagLogicalOperator feature

[vhiribarren]

Description

This PR introduces the usage of the ResourceTagLogicalOperator argument, to decide if there is a logical "AND" or "OR" between the resource tags, in Firewall Manager.

Relations

Closes #41273

References

https://docs.aws.amazon.com/fr_fr/AWSCloudFormation/latest/TemplateReference/aws-resource-fms-policy.html#cfn-fms-policy-resourcetaglogicaloperator

Output from Acceptance Testing

Sorry, I cannot test. The environment on which I have access too is quite restricted, and the default configurations provided in the existing tests are not compatible with my environment.

I inserted 3 acceptance tests, but I cannot launch them (it compiles with them, though).

However I did tested the creation of resource with the parameter, with the following elements:

• no resource tags
• with resource tags, and no resource_tag_logical_operator
• with resource tags, and resource_tag_logical_operator set to "AND"
• with resource tags, and no resource_tag_logical_operator set to "OR"
• with resource tags, and no resource_tag_logical_operator set to something else (which fails, of course)

[github-actions]

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[ewbankkit]

LGTM 🚀.

% AWS_DEFAULT_REGION=us-east-1 make testacc TESTARGS='-run=TestAccFMS_serial/^Policy$$/^resourceTag\|TestAccFMS_serial/^Policy$$/^includeMap$$\|TestAccFMS_serial/^Policy$$/^policyOption$$' PKG=fms
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.10 test ./internal/service/fms/... -v -count 1 -parallel 20  -run=TestAccFMS_serial/^Policy$/^resourceTag\|TestAccFMS_serial/^Policy$/^includeMap$\|TestAccFMS_serial/^Policy$/^policyOption$ -timeout 360m -vet=off
2025/06/17 15:04:43 Initializing Terraform AWS Provider...
=== RUN   TestAccFMS_serial
=== PAUSE TestAccFMS_serial
=== CONT  TestAccFMS_serial
=== RUN   TestAccFMS_serial/Policy
=== RUN   TestAccFMS_serial/Policy/resourceTagLogicalOperator
    policy_test.go:276: Step 1/3 error: Check failed: Check 1/1 error: aws_fms_policy.test: Attribute 'resource_tag_logical_operator' expected "AND", got ""
=== RUN   TestAccFMS_serial/Policy/policyOption
    policy_test.go:193: PolicyOption not returned from AWS API
=== RUN   TestAccFMS_serial/Policy/resourceTags
=== RUN   TestAccFMS_serial/Policy/includeMap
--- PASS: TestAccFMS_serial (7313.25s)
    --- PASS: TestAccFMS_serial/Policy (7313.25s)
        --- PASS: TestAccFMS_serial/Policy/resourceTagLogicalOperator (693.04s)
        --- SKIP: TestAccFMS_serial/Policy/policyOption (0.00s)
        --- PASS: TestAccFMS_serial/Policy/resourceTags (2361.42s)
        --- PASS: TestAccFMS_serial/Policy/includeMap (2372.71s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/fms	7317.934s

[jar-b]

LGTM 🚀

[ewbankkit]

@vhiribarren Thanks for the contribution 🎉 👏.

[github-actions]

Warning

This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

This functionality has been released in v6.1.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.