Subnet information is only really needed when the specified `vpc_id` is
not the default VPC for the region where the builder is being executed.
This change uses the AWS API to determine if the VPC provided is a
non-default VPC and only validates the existence of a `subnet_id` if a
user has provided a non-default `vpc_id`.
Tests after change
```
> make test TEST=./builder/amazon/... TESTARGS='-count=1 -v -run=TestStepPreValidate_checkVpc'
...
=== RUN TestStepPreValidate_checkVpc
=== RUN TestStepPreValidate_checkVpc/DefaultVpc
=== RUN TestStepPreValidate_checkVpc/NonDefaultVpcNoSubnet
=== RUN TestStepPreValidate_checkVpc/NonDefaultVpcWithSubnet
=== RUN TestStepPreValidate_checkVpc/SubnetWithNoVpc
=== RUN TestStepPreValidate_checkVpc/NoVpcInformation
--- PASS: TestStepPreValidate_checkVpc (0.00s)
--- PASS: TestStepPreValidate_checkVpc/DefaultVpc (0.00s)
--- PASS: TestStepPreValidate_checkVpc/NonDefaultVpcNoSubnet (0.00s)
--- PASS: TestStepPreValidate_checkVpc/NonDefaultVpcWithSubnet (0.00s)
--- PASS: TestStepPreValidate_checkVpc/SubnetWithNoVpc (0.00s)
--- PASS: TestStepPreValidate_checkVpc/NoVpcInformation (0.00s)
PASS
...
```
We can't tag on instance creation when we're in "restricted" regions,
so let's add the tags after the resources have been created.
Adds methods to AccessConfig to detect if we're in China or US Gov
regions (i.e. "restricted").
Also turns tag:tag maps into a type, and moves methods around validating
and converting them to ec2Tags to methods of the type.
Run now takes a context as well as a statebag. We'll assign the context
to the blank identifier to prevent namespace collisions. We'll let the
step authors opt-in to using the context.
`find . -iname "step_*.go" -exec gsed -i'' 's/func \(.*\)Run(/func \1Run(_ context.Context, /' {} \;`
The EBS builder will now use the tag-on-creation pattern, so
that it's possible to restrict packer to only create volumes that are
properly tagged by using an AWS policy.
If `security_group_id` was specified with a group that didn't exist, packer
would go into an infinite loop waiting for it. We shouldn't make assumptions
about the status of explicitely set security groups, so let's just error out
right away if we can't find it.