chef-provisioning-aws 1.3.1 → 1.4.0

data/lib/chef/provider/aws_route_table.rb

@@ -2,6 +2,9 @@ require 'chef/provisioning/aws_driver/aws_provider'
 require 'retryable'
 
 class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
+  include Chef::Provisioning::AWSDriver::TaggingStrategy::EC2ConvergeTags
+
+  provides :aws_route_table
 
   def action_create
     route_table = super
@@ -17,14 +20,23 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
 
   def create_aws_object
     options = {}
-    options[:vpc] = new_resource.vpc
+    options[:vpc_id] = new_resource.vpc
     options = AWSResource.lookup_options(options, resource: new_resource)
-    self.vpc = Chef::Resource::AwsVpc.get_aws_object(options[:vpc], resource: new_resource)
 
-    converge_by "create new route table #{new_resource.name} in VPC #{new_resource.vpc} (#{vpc.id}) and region #{region}" do
-      route_table = new_resource.driver.ec2.route_tables.create(options)
-      retry_with_backoff(AWS::EC2::Errors::InvalidRouteTableID::NotFound) do
-        route_table.tags['Name'] = new_resource.name
+    ec2_resource = new_resource.driver.ec2_resource
+    self.vpc = ec2_resource.vpc(options[:vpc_id])
+
+    converge_by "create route table #{new_resource.name} in VPC #{new_resource.vpc} (#{vpc.id}) and region #{region}" do
+      route_table = vpc.create_route_table
+      retry_with_backoff(::Aws::EC2::Errors::ServiceError) do
+        route_table.create_tags({
+             :tags => [
+                 {
+                     :key => "Name",
+                     :value => new_resource.name
+                 }
+             ]
+         })
       end
       route_table
     end
@@ -34,9 +46,9 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
     self.vpc = route_table.vpc
 
     if new_resource.vpc
-      desired_vpc = Chef::Resource::AwsVpc.get_aws_object(new_resource.vpc, resource: new_resource)
-      if vpc != desired_vpc
-        raise "VPC of route table #{new_resource.to_s} is #{route_table.vpc.id}, but desired vpc is #{new_resource.vpc}!  The AWS SDK does not support updating the main route table except by creating a new route table."
+      desired_vpc_id = Chef::Resource::AwsVpc.get_aws_object_id(new_resource.vpc, resource: new_resource)
+      if vpc.id != desired_vpc_id
+        raise "VPC of route table #{new_resource.to_s} is #{vpc.id}, but desired VPC is #{desired_vpc_id}!  The AWS SDK does not support updating the main route table except by creating a new route table."
       end
     end
   end
@@ -45,7 +57,7 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
     converge_by "delete #{new_resource.to_s} in #{region}" do
       begin
         route_table.delete
-      rescue AWS::EC2::Errors::DependencyViolation
+      rescue ::Aws::EC2::Errors::DependencyViolation
         raise "#{new_resource.to_s} could not be deleted because it is the main route table for #{route_table.vpc.id} or it is being used by a subnet"
       end
     end
@@ -60,8 +72,9 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
     current_routes = {}
     route_table.routes.each do |route|
       # Ignore the automatic local route
-      next if route.target.id == 'local'
-      next if ignore_route_targets.find { |target| route.target.id.match(/#{target}/) }
+      route_target = route.gateway_id || route.instance_id || route.network_interface_id || route.vpc_peering_connection_id
+      next if route_target == 'local'
+      next if ignore_route_targets.find { |target| route_target.match(/#{target}/) }
       current_routes[route.destination_cidr_block] = route
     end
 
@@ -72,14 +85,15 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
       # If we already have a route to that CIDR block, replace it.
       if current_routes[destination_cidr_block]
         current_route = current_routes.delete(destination_cidr_block)
-        if current_route.target != target
-          action_handler.perform_action "reroute #{destination_cidr_block} to #{route_target} (#{target.id}) instead of #{current_route.target.id}" do
+        current_target = current_route.gateway_id || current_route.instance_id || current_route.network_interface_id || current_route.vpc_peering_connection_id
+        if current_target != target
+          action_handler.perform_action "reroute #{destination_cidr_block} to #{route_target} (#{target}) instead of #{current_route.target}" do
             current_route.replace(options)
           end
         end
       else
-        action_handler.perform_action "route #{destination_cidr_block} to #{route_target} (#{target.id})" do
-          route_table.create_route(destination_cidr_block, options)
+        action_handler.perform_action "route #{destination_cidr_block} to #{route_target} (#{target})" do
+          route_table.create_route({ :destination_cidr_block => destination_cidr_block }.merge(options))
         end
       end
     end
@@ -93,7 +107,7 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
   end
 
   def update_virtual_private_gateways(route_table, gateway_ids)
-    current_propagating_vgw_set = route_table.client.describe_route_tables(route_table_ids: [route_table.id]).route_table_set.first.propagating_vgw_set
+    current_propagating_vgw_set = route_table.propagating_vgws
 
     # Add propagated routes
     if gateway_ids
@@ -119,7 +133,7 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
   def get_route_target(vpc, route_target)
     case route_target
     when :internet_gateway
-      route_target = { internet_gateway: vpc.internet_gateway }
+      route_target = { internet_gateway: vpc.internet_gateways.first.id }
       if !route_target[:internet_gateway]
         raise "VPC #{new_resource.vpc} (#{vpc.id}) does not have an internet gateway to route to!  Use `internet_gateway true` on the VPC itself to create one."
       end
@@ -127,11 +141,13 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
       route_target = { internet_gateway: route_target }
     when /^eni-[A-Fa-f0-9]{8}$/, Chef::Resource::AwsNetworkInterface, AWS::EC2::NetworkInterface
       route_target = { network_interface: route_target }
+    when /^pcx-[A-Fa-f0-9]{8}$/, Chef::Resource::AwsVpcPeeringConnection, ::Aws::EC2::AwsVpcPeeringConnection
+      route_target = { vpc_peering_connection: route_target }
     when String, Chef::Resource::AwsInstance
       route_target = { instance: route_target }
     when Chef::Resource::Machine
       route_target = { instance: route_target.name }
-    when AWS::EC2::Instance
+    when AWS::EC2::Instance, ::Aws::EC2::Instance
       route_target = { instance: route_target.id }
     when Hash
       if route_target.size != 1
@@ -141,16 +157,19 @@ class Chef::Provider::AwsRouteTable < Chef::Provisioning::AWSDriver::AWSProvider
     else
       raise "Unrecognized route destination #{route_target.inspect}"
     end
+    updated_route_target = {}
     route_target.each do |name, value|
       case name
       when :instance
-        route_target[name] = Chef::Resource::AwsInstance.get_aws_object(value, resource: new_resource)
+        updated_route_target[:instance_id] = Chef::Resource::AwsInstance.get_aws_object_id(value, resource: new_resource)
       when :network_interface
-        route_target[name] = Chef::Resource::AwsNetworkInterface.get_aws_object(value, resource: new_resource)
+        updated_route_target[:network_interface_id] = Chef::Resource::AwsNetworkInterface.get_aws_object_id(value, resource: new_resource)
       when :internet_gateway
-        route_target[name] = Chef::Resource::AwsInternetGateway.get_aws_object(value, resource: new_resource)
+        updated_route_target[:gateway_id] = Chef::Resource::AwsInternetGateway.get_aws_object_id(value, resource: new_resource)
+      when :vpc_peering_connection
+        updated_route_target[:vpc_peering_connection_id] = Chef::Resource::AwsVpcPeeringConnection.get_aws_object_id(value, resource: new_resource)
       end
     end
-    route_target
+    updated_route_target
   end
 end

data/lib/chef/provider/aws_s3_bucket.rb

@@ -1,25 +1,45 @@
 require 'chef/provisioning/aws_driver/aws_provider'
+require 'chef/provisioning/aws_driver/tagging_strategy/s3'
 require 'date'
 
 class Chef::Provider::AwsS3Bucket < Chef::Provisioning::AWSDriver::AWSProvider
+
+  def aws_tagger
+    @aws_tagger ||= begin
+      s3_strategy = Chef::Provisioning::AWSDriver::TaggingStrategy::S3.new(
+        # I'm using the V2 client here because it has much better support for tags
+        new_resource.driver.s3_client,
+        new_resource.name,
+        new_resource.aws_tags
+      )
+      Chef::Provisioning::AWSDriver::AWSTagger.new(s3_strategy, action_handler)
+    end
+  end
+
+  def converge_tags
+    aws_tagger.converge_tags
+  end
+
+  provides :aws_s3_bucket
+
   def action_create
     bucket = super
 
     if new_resource.enable_website_hosting
       if !bucket.website?
-        converge_by "Enabling website configuration for bucket #{new_resource.name}" do
+        converge_by "enable website configuration for bucket #{new_resource.name}" do
           bucket.website_configuration = AWS::S3::WebsiteConfiguration.new(
             new_resource.website_options)
         end
       elsif modifies_website_configuration?(bucket)
-        converge_by "Reconfiguring website configuration for bucket #{new_resource.name} to #{new_resource.website_options}" do
+        converge_by "reconfigure website configuration for bucket #{new_resource.name} to #{new_resource.website_options}" do
           bucket.website_configuration = AWS::S3::WebsiteConfiguration.new(
             new_resource.website_options)
         end
       end
     else
       if bucket.website?
-        converge_by "Disabling website configuration for bucket #{new_resource.name}" do
+        converge_by "disable website configuration for bucket #{new_resource.name}" do
           bucket.website_configuration = nil
         end
       end
@@ -29,10 +49,10 @@ class Chef::Provider::AwsS3Bucket < Chef::Provisioning::AWSDriver::AWSProvider
   protected
 
   def create_aws_object
-    converge_by "create new S3 bucket #{new_resource.name}" do
-      bucket = new_resource.driver.s3.buckets.create(new_resource.name)
-      bucket.tags['Name'] = new_resource.name
-      bucket
+    converge_by "create S3 bucket #{new_resource.name}" do
+      new_resource.driver.s3.buckets.create(new_resource.name)
+      # S3 buckets already have a top level name property so they don't need
+      # a 'Name' tag
     end
   end
 
@@ -41,7 +61,11 @@ class Chef::Provider::AwsS3Bucket < Chef::Provisioning::AWSDriver::AWSProvider
 
   def destroy_aws_object(bucket)
     converge_by "delete S3 bucket #{new_resource.name}" do
-      bucket.delete
+      if new_resource.recursive_delete
+        bucket.delete!
+      else
+        bucket.delete
+      end
     end
   end
 

data/lib/chef/provider/aws_security_group.rb

@@ -4,6 +4,9 @@ require 'ipaddr'
 require 'set'
 
 class Chef::Provider::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSProvider
+  include Chef::Provisioning::AWSDriver::TaggingStrategy::EC2ConvergeTags
+
+  provides :aws_security_group
 
   def action_create
     sg = super
@@ -14,31 +17,35 @@ class Chef::Provider::AwsSecurityGroup < Chef::Provisioning::AWSDriver::AWSProvi
   protected
 
   def create_aws_object
-    converge_by "Creating new SG #{new_resource.name} in #{region}" do
+    converge_by "create security group #{new_resource.name} in #{region}" do
       options = { description: new_resource.description }
       options[:vpc] = new_resource.vpc if new_resource.vpc
       options = AWSResource.lookup_options(options, resource: new_resource)
       Chef::Log.debug("VPC: #{options[:vpc]}")
 
       sg = new_resource.driver.ec2.security_groups.create(new_resource.name, options)
+      retry_with_backoff(AWS::EC2::Errors::InvalidSecurityGroupsID::NotFound) do
+        sg.tags['Name'] = new_resource.name
+      end
+      sg
     end
   end
 
   def update_aws_object(sg)
     if !new_resource.description.nil? && new_resource.description != sg.description
-      raise "Security Group descriptions cannot be changed after being created!  Desired description for #{new_resource.name} (#{sg.id}) was \"#{new_resource.description}\" and actual description is \"#{sg.description}\""
+      raise "Security group descriptions cannot be changed after being created!  Desired description for #{new_resource.name} (#{sg.id}) was \"#{new_resource.description}\" and actual description is \"#{sg.description}\""
     end
     if !new_resource.vpc.nil?
       desired_vpc = Chef::Resource::AwsVpc.get_aws_object_id(new_resource.vpc, resource: new_resource)
       if desired_vpc != sg.vpc_id
-        raise "Security Group VPC cannot be changed after being created!  Desired VPC for #{new_resource.name} (#{sg.id}) was #{new_resource.vpc} (#{desired_vpc}) and actual VPC is #{sg.vpc_id}"
+        raise "Security group VPC cannot be changed after being created!  Desired VPC for #{new_resource.name} (#{sg.id}) was #{new_resource.vpc} (#{desired_vpc}) and actual VPC is #{sg.vpc_id}"
       end
     end
     apply_rules(sg)
   end
 
   def destroy_aws_object(sg)
-    converge_by "delete #{new_resource.to_s} in #{region}" do
+    converge_by "delete security group #{new_resource.to_s} in #{region}" do
       sg.delete
     end
   end

data/lib/chef/provider/aws_server_certificate.rb

@@ -0,0 +1,23 @@
+require 'chef/provisioning/aws_driver/aws_provider'
+
+class Chef::Provider::AwsServerCertificate < Chef::Provisioning::AWSDriver::AWSProvider
+  provides :aws_server_certificate
+
+  def update_aws_object(certificate)
+    Chef::Log.warn("aws_server_certificate does not support modifying an existing certificate")
+  end
+
+  def create_aws_object
+    converge_by "create server certificate #{new_resource.name}" do
+      new_resource.driver.iam.server_certificates.upload(:name => new_resource.name,
+                                                         :certificate_body => new_resource.certificate_body,
+                                                         :private_key => new_resource.private_key)
+    end
+  end
+
+  def destroy_aws_object(certificate)
+    converge_by "delete server certificate #{new_resource.name}" do
+      certificate.delete
+    end
+  end
+end

data/lib/chef/provider/aws_sns_topic.rb

@@ -2,11 +2,12 @@ require 'chef/provisioning/aws_driver/aws_provider'
 require 'date'
 
 class Chef::Provider::AwsSnsTopic < Chef::Provisioning::AWSDriver::AWSProvider
-
+  provides :aws_sns_topic
+  
   protected
 
   def create_aws_object
-    converge_by "Creating new SNS topic #{new_resource.name} in #{region}" do
+    converge_by "create SNS topic #{new_resource.name} in #{region}" do
       new_resource.driver.sns.topics.create(new_resource.name)
     end
   end
@@ -15,7 +16,7 @@ class Chef::Provider::AwsSnsTopic < Chef::Provisioning::AWSDriver::AWSProvider
   end
 
   def destroy_aws_object(topic)
-    converge_by "Deleting SNS topic #{topic.name} in #{region}" do
+    converge_by "delete SNS topic #{topic.name} in #{region}" do
       topic.delete
     end
   end

data/lib/chef/provider/aws_sqs_queue.rb

@@ -1,9 +1,10 @@
 require 'chef/provisioning/aws_driver/aws_provider'
 
 class Chef::Provider::AwsSqsQueue < Chef::Provisioning::AWSDriver::AWSProvider
-
+  provides :aws_sqs_queue
+  
   def create_aws_object
-    converge_by "create new SQS queue #{new_resource.name} in #{region}" do
+    converge_by "create SQS queue #{new_resource.name} in #{region}" do
       retry_with_backoff(AWS::SQS::Errors::QueueDeletedRecently) do
         new_resource.driver.sqs.queues.create(new_resource.name, new_resource.options || {})
       end

data/lib/chef/provider/aws_subnet.rb

@@ -4,6 +4,9 @@ require 'date'
 require 'chef/resource/aws_vpc'
 
 class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
+  include Chef::Provisioning::AWSDriver::TaggingStrategy::EC2ConvergeTags
+
+  provides :aws_subnet
 
   def action_create
     subnet = super
@@ -30,7 +33,7 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
     options[:availability_zone] = new_resource.availability_zone if new_resource.availability_zone
     options = Chef::Provisioning::AWSDriver::AWSResource.lookup_options(options, resource: new_resource)
 
-    converge_by "create new subnet #{new_resource.name} with CIDR #{cidr_block} in VPC #{new_resource.vpc} (#{options[:vpc]}) in #{region}" do
+    converge_by "create subnet #{new_resource.name} with CIDR #{cidr_block} in VPC #{new_resource.vpc} (#{options[:vpc]}) in #{region}" do
       subnet = new_resource.driver.ec2.subnets.create(cidr_block, options)
       retry_with_backoff(AWS::EC2::Errors::InvalidSubnetID::NotFound) do
         subnet.tags['Name'] = new_resource.name
@@ -47,7 +50,7 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
     end
     vpc = Chef::Resource::AwsVpc.get_aws_object(new_resource.vpc, resource: new_resource)
     if vpc && subnet.vpc != vpc
-      raise "vpc for subnet #{new_resource.name} is #{new_resource.vpc} (#{vpc.id}), but existing subnet (#{subnet.id})'s vpc is #{subnet.vpc.id}.  Modification of subnet vpc is unsupported!"
+      raise "VPC for subnet #{new_resource.name} is #{new_resource.vpc} (#{vpc.id}), but existing subnet (#{subnet.id})'s vpc is #{subnet.vpc.id}.  Modification of subnet VPC is unsupported!"
     end
     if new_resource.availability_zone && subnet.availability_zone_name != new_resource.availability_zone
       raise "availability_zone for subnet #{new_resource.name} is #{new_resource.availability_zone}, but existing subnet (#{subnet.id})'s availability_zone is #{subnet.availability_zone}.  Modification of subnet availability_zone is unsupported!"
@@ -60,7 +63,7 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
       p = Chef::ChefFS::Parallelizer.new(5)
       p.parallel_do(subnet.instances.to_a) do |instance|
         Cheffish.inline_resource(self, action) do
-          aws_instance instance do
+          aws_instance instance.id do
             action :purge
           end
         end
@@ -118,12 +121,12 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
         # we have work to do here: we need to make the relationship explicit so that
         # it won't be changed when the main route table of the VPC changes.
         converge_by "set route table of subnet #{new_resource.name} to #{new_resource.route_table}" do
-          subnet.route_table = route_table
+          subnet.route_table = route_table.id
         end
-      elsif current_route_table_association.route_table != route_table
+      elsif current_route_table_association.route_table.id != route_table.id
         # The route table is different now.  Change it.
         converge_by "change route table of subnet #{new_resource.name} to #{new_resource.route_table} (was #{current_route_table_association.route_table.id})" do
-          subnet.route_table = route_table
+          subnet.route_table = route_table.id
         end
       end
     end
@@ -134,7 +137,7 @@ class Chef::Provider::AwsSubnet < Chef::Provisioning::AWSDriver::AWSProvider
       network_acl_id =
         AWSResource.lookup_options({ network_acl: new_resource.network_acl }, resource: new_resource)[:network_acl]
       if subnet.network_acl.id != network_acl_id
-        converge_by "update network acl of subnet #{new_resource.name} to #{new_resource.network_acl}" do
+        converge_by "update network ACL of subnet #{new_resource.name} to #{new_resource.network_acl}" do
           subnet.network_acl = network_acl_id
         end
       end

data/lib/chef/provider/aws_vpc.rb

@@ -4,6 +4,9 @@ require 'chef/provisioning'
 require 'retryable'
 
 class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
+  include Chef::Provisioning::AWSDriver::TaggingStrategy::EC2ConvergeTags
+  
+  provides :aws_vpc
 
   class NeverObtainedExistence < RuntimeError; end
 
@@ -42,10 +45,12 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
     options = { }
     options[:instance_tenancy] = new_resource.instance_tenancy if new_resource.instance_tenancy
 
-    converge_by "create new VPC #{new_resource.name} in #{region}" do
+    converge_by "create VPC #{new_resource.name} in #{region}" do
       vpc = new_resource.driver.ec2.vpcs.create(new_resource.cidr_block, options)
       wait_for_state(vpc, [:available])
-      vpc.tags['Name'] = new_resource.name
+      retry_with_backoff(AWS::EC2::Errors::InvalidVpcID::NotFound) do
+        vpc.tags['Name'] = new_resource.name
+      end
       vpc
     end
   end
@@ -78,34 +83,62 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
           end
         end
       end
-      vpc.route_tables.each do |rt|
-        unless rt.main?
+
+      vpc.security_groups.each do |sg|
+        unless sg.name == 'default'
           Cheffish.inline_resource(self, action) do
-            aws_route_table rt do
+            aws_security_group sg do
               action :purge
             end
           end
         end
       end
-      vpc.security_groups.each do |sg|
-        unless sg.name == 'default'
+
+      #SDK V2
+      vpc_new_sdk = new_resource.driver.ec2_resource.vpc(vpc.id)
+      vpc_new_sdk.route_tables.each do |rt|
+        unless rt.associations.any? { |association| association.main }
           Cheffish.inline_resource(self, action) do
-            aws_security_group sg do
+            aws_route_table rt do
               action :purge
             end
           end
         end
       end
+
+      vpc_peering_connections = []
+      %w(
+        requester-vpc-info.vpc-id
+        accepter-vpc-info.vpc-id
+      ).each do |filter|
+        vpc_peering_connections += new_resource.driver.ec2_client.describe_vpc_peering_connections({
+            :filters => [
+                {
+                    :name => filter,
+                    :values => [vpc.id]
+                }
+            ]
+        }).vpc_peering_connections
+      end
+
+      vpc_peering_connections.each do |pc_type|
+        pc_resource = new_resource.driver.ec2_resource.vpc_peering_connection(pc_type.vpc_peering_connection_id)
+        Cheffish.inline_resource(self, action) do
+          aws_vpc_peering_connection pc_resource do
+            action :purge
+          end
+        end
+      end
     end
 
     # Detach or destroy the internet gateway
     ig = vpc.internet_gateway
     if ig
-      converge_by "detach Internet Gateway #{ig.id} in #{region} from #{new_resource.to_s}" do
+      converge_by "detach Internet gateway #{ig.id} in #{region} from #{new_resource.to_s}" do
         ig.detach(vpc.id)
       end
       if ig.tags['OwnedByVPC'] == vpc.id
-        converge_by "destroy Internet Gateway #{ig.id} in #{region} (owned by #{new_resource.to_s})" do
+        converge_by "destroy Internet gateway #{ig.id} in #{region} (owned by #{new_resource.to_s})" do
           ig.delete
         end
       end
@@ -149,40 +182,40 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
     when String, Chef::Resource::AwsInternetGateway, AWS::EC2::InternetGateway
       new_ig = Chef::Resource::AwsInternetGateway.get_aws_object(new_resource.internet_gateway, resource: new_resource)
       if !current_ig
-        converge_by "attach Internet Gateway #{new_resource.internet_gateway} to VPC #{vpc.id}" do
+        converge_by "attach Internet gateway #{new_resource.internet_gateway} to VPC #{vpc.id}" do
           new_ig.attach(vpc.id)
         end
       elsif current_ig != new_ig
-        converge_by "replace Internet Gateway #{current_ig.id} on VPC #{vpc.id} with new Internet Gateway #{new_ig.id}" do
+        converge_by "replace Internet gateway #{current_ig.id} on VPC #{vpc.id} with new Internet gateway #{new_ig.id}" do
           current_ig.detach(vpc.id)
           new_ig.attach(vpc.id)
         end
         if current_ig.tags['OwnedByVPC'] == vpc.id
-          converge_by "destroy Internet Gateway #{current_ig.id} in #{region} (owned by VPC #{vpc.id})" do
+          converge_by "destroy Internet gateway #{current_ig.id} in #{region} (owned by VPC #{vpc.id})" do
             current_ig.delete
           end
         end
       end
     when true
       if !current_ig
-        converge_by "attach new Internet Gateway to VPC #{vpc.id}" do
+        converge_by "attach Internet gateway to VPC #{vpc.id}" do
           current_ig = AWS.ec2(config: vpc.config).internet_gateways.create
           retry_with_backoff(NeverObtainedExistence) do
-            raise NeverObtainedExistence.new("internet gateway for VPC #{vpc.id} never obtained existence") unless current_ig.exists?
+            raise NeverObtainedExistence.new("Internet gateway for VPC #{vpc.id} never obtained existence") unless current_ig.exists?
           end
-          action_handler.report_progress "create Internet Gateway #{current_ig.id}"
+          action_handler.report_progress "create Internet gateway #{current_ig.id}"
           current_ig.tags['OwnedByVPC'] = vpc.id
-          action_handler.report_progress "tag Internet Gateway #{current_ig.id} as OwnedByVpc: #{vpc.id}"
+          action_handler.report_progress "tag Internet gateway #{current_ig.id} as OwnedByVpc: #{vpc.id}"
           vpc.internet_gateway = current_ig
         end
       end
     when false
       if current_ig
-        converge_by "detach Internet Gateway #{current_ig.id} from VPC #{vpc.id}" do
+        converge_by "detach Internet gateway #{current_ig.id} from VPC #{vpc.id}" do
           current_ig.detach(vpc.id)
         end
         if current_ig.tags['OwnedByVPC'] == vpc.id
-          converge_by "destroy Internet Gateway #{current_ig.id} in #{region} (owned by VPC #{vpc.id})" do
+          converge_by "destroy Internet gateway #{current_ig.id} in #{region} (owned by VPC #{vpc.id})" do
             current_ig.delete
           end
         end
@@ -193,7 +226,7 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
   def update_main_route_table(vpc)
     desired_route_table = Chef::Resource::AwsRouteTable.get_aws_object(new_resource.main_route_table, resource: new_resource)
     current_route_table = vpc.route_tables.main_route_table
-    if current_route_table != desired_route_table
+    if current_route_table.id != desired_route_table.id
       main_association = current_route_table.associations.select { |a| a.main? }.first
       if !main_association
         raise "No main route table association found for #{new_resource.to_s} current main route table #{current_route_table.id}: error!  Probably a race condition."
@@ -214,7 +247,7 @@ class Chef::Provider::AwsVpc < Chef::Provisioning::AWSDriver::AWSProvider
     # creating the VPC
     main_route_table ||= vpc.route_tables.main_route_table
     main_routes = new_resource.main_routes
-    aws_route_table main_route_table do
+    aws_route_table main_route_table.id do
       vpc vpc
       routes main_routes
     end