Skip to content

chore(deps): update terraform aws to v6.20.0

renovaterequested to merge
renovate/aws-6.x-lockfile into main

This MR contains the following updates:

Package Type Update Change
aws (source) required_provider minor 6.17.0 -> 6.20.0

View the Renovate pipeline for this MR

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.20.0

Compare Source

FEATURES:

  • New Resource: aws_ec2_allowed_images_settings (#​44800)
  • New Resource: aws_fis_target_account_configuration (#​44875)
  • New Resource: aws_invoicing_invoice_unit (#​44892)

ENHANCEMENTS:

  • data-source/aws_connect_routing_profile: Add media_concurrencies.cross_channel_behavior attribute (#​44934)
  • data-source/aws_elasticache_replication_group: Add node_group_configuration attribute to expose node group details including availability zones, replica counts, and slot ranges (#​44879)
  • data-source/aws_kinesis_stream: Add max_record_size_in_kib attribute (#​44915)
  • data-source/aws_opensearch_domain: Add identity_center_options attribute (#​44626)
  • provider: Support us-isob-west-1 as a valid AWS Region (#​44944)
  • resource/aws_cloudfront_distribution: Add logging_v1_enabled attribute (#​44838)
  • resource/aws_connect_routing_profile: Add media_concurrencies.cross_channel_behavior argument (#​44934)
  • resource/aws_ec2_client_vpn_route: Allow IPv6 address ranges for destination_cidr_block (#​44926)
  • resource/aws_ec2_instance_connect_endpoint: Add ip_address_type argument (#​44616)
  • resource/aws_eks_node_group: Add max_parallel_nodes_repaired_count, max_parallel_nodes_repaired_percentage, max_unhealthy_node_threshold_count, max_unhealthy_node_threshold_percentage, and node_repair_config_overrides to the node_repair_config schema (#​44894)
  • resource/aws_elasticache_replication_group: Add node_group_configuration block to support availability zone specification and snapshot restoration for cluster mode enabled replication groups (#​44879)
  • resource/aws_glue_job: Ensure that timeout is unconfigured for Ray jobs (#​35012)
  • resource/aws_kinesis_stream: Add max_record_size_in_kib argument to support for Kinesis 10MiB payloads. This functionality requires the kinesis:UpdateMaxRecordSize IAM permission (#​44915)
  • resource/aws_opensearch_domain: Add identity_center_options configuration block (#​44626)
  • resource/aws_transfer_server: Add support for TransferSecurityPolicy-AS2Restricted-2025-07 security_policy_name value (#​44865)
  • resource/aws_transfer_server: Support TransferSecurityPolicy-AS2Restricted-2025-07 as a valid value for security_policy_name (#​44652)

BUG FIXES:

  • resource/aws_cloudfront_continuous_deployment_policy: Fix Source type "...cloudfront.stagingDistributionDNSNamesModel" does not implement attr.Value error. This fixes a regression introduced in v6.17.0 (#​44972)
  • resource/aws_cloudfront_distribution: Change logging_config.bucket argument from Required to Optional (#​44838)
  • resource/aws_cloudfront_distribution: Fix inability to configure logging_config.include_cookies argument while keeping V1 logging disabled (#​44838)
  • resource/aws_cloudfront_vpc_origin: Fix Source type "...cloudfront.originSSLProtocolsModel" does not implement attr.Value and missing required field, CreateVpcOriginInput.VpcOriginEndpointConfig errors. This fixes a regression introduced in v6.17.0 (#​44861)
  • resource/aws_glue_job: Allow Ray jobs to be updated (#​35012)
  • resource/aws_glue_job: Allow a zero (0) value for timeout for Apache Spark streaming ETL jobs. This allows the job to be configured with no timeout (#​44920)
  • resource/aws_lakeformation_lf_tags: Remove incorrect validation from catalog_id, database.catalog_id, table.catalog_id, and table_with_columns.catalog_id arguments (#​44890)
  • resource/aws_launch_template: Allow an empty ("") value for block_device_mappings.ebs.kms_key_id. This fixes a regression introduced in v6.16.0 (#​44708)

v6.19.0

Compare Source

FEATURES:

  • New Data Source: aws_ecrpublic_images (#​44795)
  • New Resource: aws_lakeformation_identity_center_configuration (#​44867)

ENHANCEMENTS:

  • action/aws_lambda_invoke: Output logs in a progress message when log_type is Tail (#​44843)
  • data-source/aws_imagebuilder_image_recipe: Add ami_tags attribute (#​44731)
  • data-source/aws_lb_listener_rule: Add regex_values attribute to condition.host_header, condition.http_header and condition.path_pattern blocks (#​44741)
  • data-source/aws_lb_listener_rule: Add transform attribute (#​44702)
  • resource/aws_bedrockagentcore_gateway: Add validator to ensure correct authorizer_configuration and authorizer_type config (#​44826)
  • resource/aws_emrserverless_application: Add monitoring_configuration argument (#​43317)
  • resource/aws_emrserverless_application: Add runtime_configuration argument (#​43302)
  • resource/aws_identitystore_group: Adds arn attribute. (#​44867)
  • resource/aws_imagebuilder_image_recipe: Add ami_tags argument (#​44731)
  • resource/aws_lb_listener_rule: Add regex_values argument to condition.host_header, condition.http_header and condition.path_pattern blocks (#​44741)
  • resource/aws_lb_listener_rule: Add transform configuration block (#​44702)
  • resource/aws_lb_listener_rule: The values argument in condition.host_header, condition.http_header and condition.path_pattern is now optional (#​44741)
  • resource/aws_quicksight_data_set: Increase upper limit of physical_table_map.relational_table.name from 64 to 256 characters (#​44807)
  • resource/aws_sagemaker_notebook_instance: Add notebook-al2023-v1 to valid platform_identifier values (#​44570)
  • resource/aws_sqs_queue: Remove account_id and region from Resource Identity schema (#​44846)
  • resource/aws_sqs_queue_policy: Remove account_id and region from Resource Identity schema (#​44846)
  • resource/aws_sqs_queue_redrive_allow_policy: Remove account_id and region from Resource Identity schema (#​44846)
  • resource/aws_sqs_queue_redrive_policy: Remove account_id and region from Resource Identity schema (#​44846)

BUG FIXES:

  • data-source/aws_lakeformation_permissions: Allows IAM Identity Center Groups as principal. (#​44867)
  • provider: Fix crash when setting override region during provider initialization (#​44860)
  • resource/aws_bedrockagentcore_gateway: Change authorizer_configuration block from Required to Optional (#​44812)
  • resource/aws_bedrockagentcore_gateway: Mark authorizer_type argument as ForceNew (#​44812)
  • resource/aws_lakeformation_permissions: Allows IAM Identity Center Groups as principal. (#​44867)

v6.18.0

Compare Source

NOTES:

  • data-source/aws_organizations_organization: The accounts.status and non_master_accounts.status attributes are deprecated. Use the accounts.state and non_master_accounts.state attributes instead. (#​44327)
  • data-source/aws_organizations_organizational_unit_child_accounts: The accounts.status attribute is deprecated. Use accounts.state instead. (#​44327)
  • data-source/aws_organizations_organizational_unit_descendant_accounts: The accounts.status attribute is deprecated. Use accounts.state instead. (#​44327)
  • resource/aws_organizations_account: The status attribute is deprecated. Use state instead. (#​44327)
  • resource/aws_organizations_organization: The accounts.status and non_master_accounts.status attributes are deprecated. Use the accounts.state and non_master_accounts.state attributes instead. (#​44327)

FEATURES:

  • New Resource: aws_bedrockagentcore_memory (#​44306)
  • New Resource: aws_bedrockagentcore_memory_strategy (#​44306)
  • New Resource: aws_bedrockagentcore_oauth2_credential_provider (#​44307)
  • New Resource: aws_bedrockagentcore_token_vault_cmk (#​44606)
  • New Resource: aws_bedrockagentcore_workload_identity (#​44308)

ENHANCEMENTS:

  • data-source/aws_iam_policy: Adds validation for path_prefix attribute (#​44703)
  • data-source/aws_organizations_organization: Add state, joined_method, and joined_timestamp attributes to the accounts and non_master_accounts blocks (#​44327)
  • data-source/aws_organizations_organizational_unit_child_accounts: Add state, joined_method, and joined_timestamp attributes to the accounts block (#​44327)
  • data-source/aws_organizations_organizational_unit_descendant_accounts: Add state, joined_method, and joined_timestamp attributes to the accounts block (#​44327)
  • resource/aws_appstream_directory_config: Add certificate_based_auth_properties argument (#​44679)
  • resource/aws_iam_policy: Adds List support (#​44703)
  • resource/aws_iam_policy: Adds validation for path attribute (#​44703)
  • resource/aws_iam_role_policy_attachment: Adds List support (#​44739)
  • resource/aws_odb_network: Add delete_associated_resources attribute to enable practitioner to delete associated oci resource. (#​44754)
  • resource/aws_organizations_account: Add state attribute (#​44327)
  • resource/aws_organizations_organization: Add state, joined_method, and joined_timestamp attributes to the accounts and non_master_accounts blocks (#​44327)

BUG FIXES:

  • data-source/aws_vpn_connection: Properly set tags attribute (#​44761)
  • resource/aws_rds_cluster: Fix "When modifying Provisioned IOPS storage, specify a value for both allocated storage and iops" error when updating RDS clusters with Provisioned IOPS storage (#​44706)
  • resource/guardduty_detector_feature: Fix additional_configuration block to ignore ordering (#​44627)

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by renovate

Merge request reports