hashicorp
diff --git a/‎.changelog/26673.txt
+3 b/‎.changelog/26673.txt
+3
diff --git a/‎internal/acctest/acctest.go
+10-10 b/‎internal/acctest/acctest.go
+10-10
diff --git a/‎internal/service/ec2/find.go
+37-23 b/‎internal/service/ec2/find.go
+37-23
diff --git a/‎internal/service/ec2/status.go
+2-2 b/‎internal/service/ec2/status.go
+2-2
diff --git a/‎internal/service/ec2/vpnsite_customer_gateway.go
+32-28 b/‎internal/service/ec2/vpnsite_customer_gateway.go
+32-28
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_customer_gateway: Make `ip_address` optional
+```
@@ -1421,7 +1421,7 @@ func CheckACMPCACertificateAuthorityActivateRootCA(certificateAuthority *acmpca.
 		})
 
 		if err != nil {
-			return fmt.Errorf("error getting ACM PCA Certificate Authority (%s) CSR: %w", arn, err)
+			return fmt.Errorf("getting ACM PCA Certificate Authority (%s) CSR: %w", arn, err)
 		}
 
 		issueCertOutput, err := conn.IssueCertificate(&acmpca.IssueCertificateInput{
@@ -1437,7 +1437,7 @@ func CheckACMPCACertificateAuthorityActivateRootCA(certificateAuthority *acmpca.
 		})
 
 		if err != nil {
-			return fmt.Errorf("error issuing ACM PCA Certificate Authority (%s) Root CA certificate from CSR: %w", arn, err)
+			return fmt.Errorf("issuing ACM PCA Certificate Authority (%s) Root CA certificate from CSR: %w", arn, err)
 		}
 
 		// Wait for certificate status to become ISSUED.
@@ -1447,7 +1447,7 @@ func CheckACMPCACertificateAuthorityActivateRootCA(certificateAuthority *acmpca.
 		})
 
 		if err != nil {
-			return fmt.Errorf("error waiting for ACM PCA Certificate Authority (%s) Root CA certificate to become ISSUED: %w", arn, err)
+			return fmt.Errorf("waiting for ACM PCA Certificate Authority (%s) Root CA certificate to become ISSUED: %w", arn, err)
 		}
 
 		getCertOutput, err := conn.GetCertificate(&acmpca.GetCertificateInput{
@@ -1456,7 +1456,7 @@ func CheckACMPCACertificateAuthorityActivateRootCA(certificateAuthority *acmpca.
 		})
 
 		if err != nil {
-			return fmt.Errorf("error getting ACM PCA Certificate Authority (%s) issued Root CA certificate: %w", arn, err)
+			return fmt.Errorf("getting ACM PCA Certificate Authority (%s) issued Root CA certificate: %w", arn, err)
 		}
 
 		_, err = conn.ImportCertificateAuthorityCertificate(&acmpca.ImportCertificateAuthorityCertificateInput{
@@ -1465,7 +1465,7 @@ func CheckACMPCACertificateAuthorityActivateRootCA(certificateAuthority *acmpca.
 		})
 
 		if err != nil {
-			return fmt.Errorf("error importing ACM PCA Certificate Authority (%s) Root CA certificate: %w", arn, err)
+			return fmt.Errorf("importing ACM PCA Certificate Authority (%s) Root CA certificate: %w", arn, err)
 		}
 
 		return err
@@ -1487,7 +1487,7 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(rootCertificateAuthori
 		})
 
 		if err != nil {
-			return fmt.Errorf("error getting ACM PCA Certificate Authority (%s) CSR: %w", arn, err)
+			return fmt.Errorf("getting ACM PCA Certificate Authority (%s) CSR: %w", arn, err)
 		}
 
 		rootCertificateAuthorityArn := aws.StringValue(rootCertificateAuthority.Arn)
@@ -1505,7 +1505,7 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(rootCertificateAuthori
 		})
 
 		if err != nil {
-			return fmt.Errorf("error issuing ACM PCA Certificate Authority (%s) Subordinate CA certificate from CSR: %w", arn, err)
+			return fmt.Errorf("issuing ACM PCA Certificate Authority (%s) Subordinate CA certificate from CSR: %w", arn, err)
 		}
 
 		// Wait for certificate status to become ISSUED.
@@ -1515,7 +1515,7 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(rootCertificateAuthori
 		})
 
 		if err != nil {
-			return fmt.Errorf("error waiting for ACM PCA Certificate Authority (%s) Subordinate CA certificate to become ISSUED: %w", arn, err)
+			return fmt.Errorf("waiting for ACM PCA Certificate Authority (%s) Subordinate CA certificate to become ISSUED: %w", arn, err)
 		}
 
 		getCertOutput, err := conn.GetCertificate(&acmpca.GetCertificateInput{
@@ -1524,7 +1524,7 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(rootCertificateAuthori
 		})
 
 		if err != nil {
-			return fmt.Errorf("error getting ACM PCA Certificate Authority (%s) issued Subordinate CA certificate: %w", arn, err)
+			return fmt.Errorf("getting ACM PCA Certificate Authority (%s) issued Subordinate CA certificate: %w", arn, err)
 		}
 
 		_, err = conn.ImportCertificateAuthorityCertificate(&acmpca.ImportCertificateAuthorityCertificateInput{
@@ -1534,7 +1534,7 @@ func CheckACMPCACertificateAuthorityActivateSubordinateCA(rootCertificateAuthori
 		})
 
 		if err != nil {
-			return fmt.Errorf("error importing ACM PCA Certificate Authority (%s) Subordinate CA certificate: %w", arn, err)
+			return fmt.Errorf("importing ACM PCA Certificate Authority (%s) Subordinate CA certificate: %w", arn, err)
 		}
 
 		return err
 
@@ -3358,36 +3358,26 @@ func FindVPNGateway(conn *ec2.EC2, input *ec2.DescribeVpnGatewaysInput) (*ec2.Vp
 	return output.VpnGateways[0], nil
 }
 
-func FindCustomerGatewayByID(conn *ec2.EC2, id string) (*ec2.CustomerGateway, error) {
-	input := &ec2.DescribeCustomerGatewaysInput{
-		CustomerGatewayIds: aws.StringSlice([]string{id}),
-	}
-
-	output, err := FindCustomerGateway(conn, input)
+func FindCustomerGateway(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeCustomerGatewaysInput) (*ec2.CustomerGateway, error) {
+	output, err := FindCustomerGateways(ctx, conn, input)
 
 	if err != nil {
 		return nil, err
 	}
 
-	if state := aws.StringValue(output.State); state == CustomerGatewayStateDeleted {
-		return nil, &resource.NotFoundError{
-			Message:     state,
-			LastRequest: input,
-		}
+	if len(output) == 0 || output[0] == nil {
+		return nil, tfresource.NewEmptyResultError(input)
 	}
 
-	// Eventual consistency check.
-	if aws.StringValue(output.CustomerGatewayId) != id {
-		return nil, &resource.NotFoundError{
-			LastRequest: input,
-		}
+	if count := len(output); count > 1 {
+		return nil, tfresource.NewTooManyResultsError(count, input)
 	}
 
-	return output, nil
+	return output[0], nil
 }
 
-func FindCustomerGateway(conn *ec2.EC2, input *ec2.DescribeCustomerGatewaysInput) (*ec2.CustomerGateway, error) {
-	output, err := conn.DescribeCustomerGateways(input)
+func FindCustomerGateways(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeCustomerGatewaysInput) ([]*ec2.CustomerGateway, error) {
+	output, err := conn.DescribeCustomerGatewaysWithContext(ctx, input)
 
 	if tfawserr.ErrCodeEquals(err, errCodeInvalidCustomerGatewayIDNotFound) {
 		return nil, &resource.NotFoundError{
@@ -3400,15 +3390,39 @@ func FindCustomerGateway(conn *ec2.EC2, input *ec2.DescribeCustomerGatewaysInput
 		return nil, err
 	}
 
-	if output == nil || len(output.CustomerGateways) == 0 || output.CustomerGateways[0] == nil {
+	if output == nil {
 		return nil, tfresource.NewEmptyResultError(input)
 	}
 
-	if count := len(output.CustomerGateways); count > 1 {
-		return nil, tfresource.NewTooManyResultsError(count, input)
+	return output.CustomerGateways, nil
+}
+
+func FindCustomerGatewayByID(ctx context.Context, conn *ec2.EC2, id string) (*ec2.CustomerGateway, error) {
+	input := &ec2.DescribeCustomerGatewaysInput{
+		CustomerGatewayIds: aws.StringSlice([]string{id}),
+	}
+
+	output, err := FindCustomerGateway(ctx, conn, input)
+
+	if err != nil {
+		return nil, err
 	}
 
-	return output.CustomerGateways[0], nil
+	if state := aws.StringValue(output.State); state == CustomerGatewayStateDeleted {
+		return nil, &resource.NotFoundError{
+			Message:     state,
+			LastRequest: input,
+		}
+	}
+
+	// Eventual consistency check.
+	if aws.StringValue(output.CustomerGatewayId) != id {
+		return nil, &resource.NotFoundError{
+			LastRequest: input,
+		}
+	}
+
+	return output, nil
 }
 
 func FindVPNConnectionByID(conn *ec2.EC2, id string) (*ec2.VpnConnection, error) {
 
@@ -1006,9 +1006,9 @@ func StatusVPNGatewayVPCAttachmentState(conn *ec2.EC2, vpnGatewayID, vpcID strin
 	}
 }
 
-func StatusCustomerGatewayState(conn *ec2.EC2, id string) resource.StateRefreshFunc {
+func StatusCustomerGatewayState(ctx context.Context, conn *ec2.EC2, id string) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
-		output, err := FindCustomerGatewayByID(conn, id)
+		output, err := FindCustomerGatewayByID(ctx, conn, id)
 
 		if tfresource.NotFound(err) {
 			return nil, "", nil
 
@@ -1,6 +1,7 @@
 package ec2
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"strconv"
@@ -9,6 +10,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
@@ -19,10 +21,10 @@ import (
 
 func ResourceCustomerGateway() *schema.Resource {
 	return &schema.Resource{
-		Create: resourceCustomerGatewayCreate,
-		Read:   resourceCustomerGatewayRead,
-		Update: resourceCustomerGatewayUpdate,
-		Delete: resourceCustomerGatewayDelete,
+		CreateWithoutTimeout: resourceCustomerGatewayCreate,
+		ReadWithoutTimeout:   resourceCustomerGatewayRead,
+		UpdateWithoutTimeout: resourceCustomerGatewayUpdate,
+		DeleteWithoutTimeout: resourceCustomerGatewayDelete,
 
 		Importer: &schema.ResourceImporter{
 			State: schema.ImportStatePassthrough,
@@ -53,7 +55,7 @@ func ResourceCustomerGateway() *schema.Resource {
 			},
 			"ip_address": {
 				Type:         schema.TypeString,
-				Required:     true,
+				Optional:     true,
 				ForceNew:     true,
 				ValidateFunc: validation.IsIPv4Address,
 			},
@@ -71,13 +73,12 @@ func ResourceCustomerGateway() *schema.Resource {
 	}
 }
 
-func resourceCustomerGatewayCreate(d *schema.ResourceData, meta interface{}) error {
+func resourceCustomerGatewayCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	conn := meta.(*conns.AWSClient).EC2Conn
 	defaultTagsConfig := meta.(*conns.AWSClient).DefaultTagsConfig
 	tags := defaultTagsConfig.MergeTags(tftags.New(d.Get("tags").(map[string]interface{})))
 
 	input := &ec2.CreateCustomerGatewayInput{
-		IpAddress:         aws.String(d.Get("ip_address").(string)),
 		TagSpecifications: tagSpecificationsFromKeyValueTags(tags, ec2.ResourceTypeCustomerGateway),
 		Type:              aws.String(d.Get("type").(string)),
 	}
@@ -86,7 +87,7 @@ func resourceCustomerGatewayCreate(d *schema.ResourceData, meta interface{}) err
 		v, err := strconv.ParseInt(v.(string), 10, 64)
 
 		if err != nil {
-			return err
+			return diag.FromErr(err)
 		}
 
 		input.BgpAsn = aws.Int64(v)
@@ -100,28 +101,31 @@ func resourceCustomerGatewayCreate(d *schema.ResourceData, meta interface{}) err
 		input.DeviceName = aws.String(v.(string))
 	}
 
-	log.Printf("[DEBUG] Creating EC2 Customer Gateway: %s", input)
-	output, err := conn.CreateCustomerGateway(input)
+	if v, ok := d.GetOk("ip_address"); ok {
+		input.IpAddress = aws.String(v.(string))
+	}
+
+	output, err := conn.CreateCustomerGatewayWithContext(ctx, input)
 
 	if err != nil {
-		return fmt.Errorf("error creating EC2 Customer Gateway: %w", err)
+		return diag.Errorf("creating EC2 Customer Gateway: %s", err)
 	}
 
 	d.SetId(aws.StringValue(output.CustomerGateway.CustomerGatewayId))
 
-	if _, err := WaitCustomerGatewayCreated(conn, d.Id()); err != nil {
-		return fmt.Errorf("error waiting for EC2 Customer Gateway (%s) create: %w", d.Id(), err)
+	if _, err := WaitCustomerGatewayCreated(ctx, conn, d.Id()); err != nil {
+		return diag.Errorf("waiting for EC2 Customer Gateway (%s) create: %s", d.Id(), err)
 	}
 
-	return resourceCustomerGatewayRead(d, meta)
+	return resourceCustomerGatewayRead(ctx, d, meta)
 }
 
-func resourceCustomerGatewayRead(d *schema.ResourceData, meta interface{}) error {
+func resourceCustomerGatewayRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	conn := meta.(*conns.AWSClient).EC2Conn
 	defaultTagsConfig := meta.(*conns.AWSClient).DefaultTagsConfig
 	ignoreTagsConfig := meta.(*conns.AWSClient).IgnoreTagsConfig
 
-	customerGateway, err := FindCustomerGatewayByID(conn, d.Id())
+	customerGateway, err := FindCustomerGatewayByID(ctx, conn, d.Id())
 
 	if !d.IsNewResource() && tfresource.NotFound(err) {
 		log.Printf("[WARN] EC2 Customer Gateway (%s) not found, removing from state", d.Id())
@@ -130,7 +134,7 @@ func resourceCustomerGatewayRead(d *schema.ResourceData, meta interface{}) error
 	}
 
 	if err != nil {
-		return fmt.Errorf("error reading EC2 Customer Gateway (%s): %w", d.Id(), err)
+		return diag.Errorf("reading EC2 Customer Gateway (%s): %s", d.Id(), err)
 	}
 
 	arn := arn.ARN{
@@ -151,35 +155,35 @@ func resourceCustomerGatewayRead(d *schema.ResourceData, meta interface{}) error
 
 	//lintignore:AWSR002
 	if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
-		return fmt.Errorf("error setting tags: %w", err)
+		return diag.Errorf("setting tags: %s", err)
 	}
 
 	if err := d.Set("tags_all", tags.Map()); err != nil {
-		return fmt.Errorf("error setting tags_all: %w", err)
+		return diag.Errorf("setting tags_all: %s", err)
 	}
 
 	return nil
 }
 
-func resourceCustomerGatewayUpdate(d *schema.ResourceData, meta interface{}) error {
+func resourceCustomerGatewayUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	conn := meta.(*conns.AWSClient).EC2Conn
 
 	if d.HasChange("tags_all") {
 		o, n := d.GetChange("tags_all")
 
-		if err := UpdateTags(conn, d.Id(), o, n); err != nil {
-			return fmt.Errorf("error updating EC2 Customer Gateway (%s) tags: %w", d.Id(), err)
+		if err := UpdateTagsWithContext(ctx, conn, d.Id(), o, n); err != nil {
+			return diag.Errorf("updating EC2 Customer Gateway (%s) tags: %s", d.Id(), err)
 		}
 	}
 
-	return resourceCustomerGatewayRead(d, meta)
+	return resourceCustomerGatewayRead(ctx, d, meta)
 }
 
-func resourceCustomerGatewayDelete(d *schema.ResourceData, meta interface{}) error {
+func resourceCustomerGatewayDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	conn := meta.(*conns.AWSClient).EC2Conn
 
 	log.Printf("[INFO] Deleting EC2 Customer Gateway: %s", d.Id())
-	_, err := conn.DeleteCustomerGateway(&ec2.DeleteCustomerGatewayInput{
+	_, err := conn.DeleteCustomerGatewayWithContext(ctx, &ec2.DeleteCustomerGatewayInput{
 		CustomerGatewayId: aws.String(d.Id()),
 	})
 
@@ -188,11 +192,11 @@ func resourceCustomerGatewayDelete(d *schema.ResourceData, meta interface{}) err
 	}
 
 	if err != nil {
-		return fmt.Errorf("error deleting EC2 Customer Gateway (%s): %w", d.Id(), err)
+		return diag.Errorf("deleting EC2 Customer Gateway (%s): %s", d.Id(), err)
 	}
 
-	if _, err := WaitCustomerGatewayDeleted(conn, d.Id()); err != nil {
-		return fmt.Errorf("error waiting for EC2 Customer Gateway (%s) delete: %w", d.Id(), err)
+	if _, err := WaitCustomerGatewayDeleted(ctx, conn, d.Id()); err != nil {
+		return diag.Errorf("waiting for EC2 Customer Gateway (%s) delete: %s", d.Id(), err)
 	}
 
 	return nil
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+resource/aws_customer_gateway: Make `ip_address` optional
	`3`	+```
Original file line number	Diff line number	Diff line change
`@@ -1006,9 +1006,9 @@ func StatusVPNGatewayVPCAttachmentState(conn *ec2.EC2, vpnGatewayID, vpcID strin`
`1006`	`1006`	`}`
`1007`	`1007`	`}`
`1008`	`1008`
`1009`		`-func StatusCustomerGatewayState(conn *ec2.EC2, id string) resource.StateRefreshFunc {`
	`1009`	`+func StatusCustomerGatewayState(ctx context.Context, conn *ec2.EC2, id string) resource.StateRefreshFunc {`
`1010`	`1010`	`return func() (interface{}, string, error) {`
`1011`		`- output, err := FindCustomerGatewayByID(conn, id)`
	`1011`	`+ output, err := FindCustomerGatewayByID(ctx, conn, id)`
`1012`	`1012`
`1013`	`1013`	`if tfresource.NotFound(err) {`
`1014`	`1014`	`return nil, "", nil`