aws: Allow defining blacklist/whitelist of account IDs

[radeksimko]

❗ Directly depends on #1594 which should be reviewed & merged separately first.

Closes #1063

This should prevent people (including me) from doing stupid things by simply adding a following line to the provider config:

provider "aws" {
    forbidden_account_ids = ["1234567890"] # live account id
}

or taking the other approach - whitelisting IDs:

provider "aws" {
    allowed_account_ids = ["1234567890"] # dev account id
}

---

btw. When I was looking at the API response structure, I realised the next step/feature could be allow_root_accounts = true/false if Path = / can help identifying root accounts... but it may not be always accurate, so it would require some further investigation.

$ aws iam get-user
{
    "User": {
        "UserName": "username", 
        "PasswordLastUsed": "2015-02-26T18:40:08Z", 
        "CreateDate": "2015-02-01T13:40:42Z", 
        "UserId": "AAAABBBCCC1234567890", 
        "Path": "/", 
        "Arn": "arn:aws:iam::1111111111111:user/username"
    }
}

[radeksimko]

btw. I wanted to add some tests for Config.ValidateAccountId, but I'm struggling to find any nice approach to mock things in Go.

Some libraries have a direct support, the aws-go-sdk allows defining custom mock endpoints, but it's still far away from a state where I'd just mock a single API endpoint/library like iam.IAM and a single method GetUser which would then always return a static ID.

Mocking the whole library & running a local API server just seem like a way too much overhead, but it could be just my misunderstanding of some Go principles.

[mitchellh]

LGTM. Great job. I think we can turn the []interface{} into []string, but its a nit pick and I can do it myself.

For testing, we should be able to test this... I'll take a stab at it!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.