chore(deps): update terraform aws to v5.32.1
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
aws (source) | required_provider | minor |
5.18.1 -> 5.32.1
|
Release Notes
hashicorp/terraform-provider-aws (aws)
v5.32.1
BUG FIXES:
- data-source/aws_ecr_image: Fix error when
most_recent
is not alsolatest
(#35269) - resource/aws_iot_ca_certificate: Change
registration_config.role_arn
fromTypeBool
toTypeString
, fixingInappropriate value for attribute "role_arn": a bool is required
errors (#35234) - resource/aws_mq_broker: Fix
interface conversion: interface {} is *schema.Set, not []string
panic (#35265)
v5.32.0
FEATURES:
-
New Data Source:
aws_mq_broker_engine_types
(#34232) -
New Data Source:
aws_msk_bootstrap_brokers
(#32484) -
New Data Source:
aws_verifiedpermissions_policy_store
(#32204) -
New Resource:
aws_ebs_fast_snapshot_restore
(#35211) -
New Resource:
aws_elasticache_serverless_cache
(#34951) -
New Resource:
aws_imagebuilder_workflow
(#35097) -
New Resource:
aws_kinesis_resource_policy
(#35167) -
New Resource:
aws_prometheus_scraper
(#34749) -
New Resource:
aws_securitylake_aws_log_source
(#34974) -
New Resource:
aws_ssoadmin_application_access_scope
(#34811) -
New Resource:
aws_verifiedpermissions_policy_store
(#32204) -
New Resource:
aws_verifiedpermissions_policy_template
(#32205) -
New Resource:
aws_verifiedpermissions_schema
(#32204)
ENHANCEMENTS:
- data-source/aws_batch_compute_environment: Add
update_policy
attribute (#34353) - data-source/aws_ecr_image: Add
image_uri
attribute (#24526) - data-source/aws_efs_file_system: Add
lifecycle_policy.transition_to_archive
attribute (#35096) - data-source/aws_efs_file_system: Add
protection
attribute (#35029) - data-source/aws_elastic_beanstalk_hosted_zone: Add hosted zone ID for
il-central-1
AWS Region (#35131) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
ca-west-1
AWS Region (#35131) - data-source/aws_fsx_ontap_file_system: Add
ha_pairs
andthroughput_capacity_per_ha_pair
attributes (#34993) - data-source/aws_glue_catalog_table: Add
region
attribute totarget_table
block. (#34817) - data-source/aws_lambda_function: Add
logging_config
attribute (#35050) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
ca-west-1
AWS Region (#35131) - data-source/aws_lb_target_group: Add
load_balancing_anomaly_mitigation
attribute (#35083) - data-source/aws_msk_configuration: Remove
name
length validation (#34399) - data-source/aws_networkfirewall_firewall_policy: Add
firewall_policy.tls_inspection_configuration_arn
attribute (#35094) - data-source/aws_prometheus_workspace: Add
kms_key_arn
attribute (#35062) - data-source/aws_route53_resolver_endpoint: Add
protocols
attribute (#35098) - data-source/aws_route53_resolver_endpoint: Add
resolver_endpoint_type
attribute (#34798) - data-source/aws_s3_bucket: Add hosted zone ID for
ca-west-1
AWS Region (#35131) - provider: Support
ca-west-1
as a valid AWS Region (#35131) - resource/aws_appflow_flow: Add
destination_connector_properties.s3.s3_output_format_config.target_file_size
argument (#35215) - resource/aws_appstream_fleet: Increase
idle_disconnect_timeout_in_seconds
max value for validation to 360000 (#35173) - resource/aws_autoscaling_group: Add
instance_refresh.preferences.max_healthy_percentage
attribute (#34929) - resource/aws_autoscaling_group: Fix
ValidationError: The instance ... is not part of Auto Scaling group ...
errors on resource Delete when disabling scale-in protection for instances that are already fully terminated (#35071) - resource/aws_batch_compute_environment: Add
update_policy
parameter (#34353) - resource/aws_batch_job_definition: Add
scheduling_priority
argument andarn_prefix
attribute (#34997) - resource/aws_cloud9_environment_ec2: Add
amazonlinux-2023-x86_64
andresolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64
as valid values forimage_id
(#35020) - resource/aws_codepipeline: Add
pipeline_type
argument andvariable
configuration block (#34841) - resource/aws_dms_replication_task: Allow
cdc_start_time
to use RFC3339 formatted dates in addition to UNIX timestamps (#31917) - resource/aws_dms_replication_task: Remove ForceNew from
replication_instance_arn
, allowing in-place migration between DMS instances (#30721) - resource/aws_efs_file_system: Add
lifecycle_policy.transition_to_archive
argument (#35096) - resource/aws_efs_file_system: Add
protection
configuration block (#35029) - resource/aws_efs_replication_configuration: Increase Create timeout to 20 minutes (#34955)
- resource/aws_efs_replication_configuration: Mark
destination.file_system_id
as Optional, enabling EFS replication fallback (#34955) - resource/aws_finspace_kx_dataview: Increase default create, update, and delete timeouts to 4 hours (#35207)
- resource/aws_finspace_kx_scaling_group: Increase default create, delete timeouts to 4 hours (#35206)
- resource/aws_fsx_lustre_file_system: Allow
per_unit_storage_throughput
to be updated in-place (#34932) - resource/aws_fsx_ontap_file_system: Add
ha_pairs
andthroughput_capacity_per_ha_pair
arguments (#34993) - resource/aws_fsx_ontap_file_system: Increase maximum value of
disk_iops_configuration.iops
to2400000
(#34993) - resource/aws_fsx_ontap_file_system:
throughput_capacity
is Optional (#34993) - resource/aws_glue_catalog_table: Add
region
attribute totarget_table
block. (#34817) - resource/aws_glue_classifier: Add
csv_classifier.serde
argument (#34251) - resource/aws_kinesis_firehose_delivery_stream: Add
opensearch_configuration.document_id_options
configuration block (#35137) - resource/aws_kinesis_firehose_delivery_stream: Add
splunk_configuration.buffering_interval
andsplunk_configuration.buffering_size
arguments (#35137) - resource/aws_kinesis_firehose_delivery_stream: Adjust
elasticsearch_configuration.buffering_interval
,http_endpoint_configuration.buffering_interval
,opensearch_configuration.buffering_interval
,opensearchserverless_configuration.buffering_interval
,redshift_configuration.s3_backup_configuration.buffering_interval
,extended_s3_configuration.s3_backup_configuration.buffering_interval
,elasticsearch_configuration.s3_configuration.buffering_interval
,http_endpoint_configuration.s3_configuration.buffering_interval
,opensearch_configuration.s3_configuration.buffering_interval
,opensearchserverless_configuration.s3_configuration.buffering_interval
,redshift_configuration.s3_configuration.buffering_interval
andsplunk_configuration.s3_configuration.buffering_interval
minimum values to0
to support zero buffering (#35137) - resource/aws_kms_key: Add
xks_key_id
attribute (#31216) - resource/aws_lambda_function: Add
logging_config
configuration block in support of advanced logging controls (#35050) - resource/aws_lambda_function: Add support for
python3.12
runtime
value (#35049) - resource/aws_lambda_layer_version: Add support for
python3.12
compatible_runtimes
value (#35049) - resource/aws_lb_target_group: Add
load_balancing_anomaly_mitigation
argument (#35083) - resource/aws_lb_target_group: Add
weighted_random
as a valid value forload_balancing_algorithm_type
(#35083) - resource/aws_neptune_cluster: Add
storage_type
argument (#34985) - resource/aws_neptune_cluster_instance: Add
storage_type
attribute (#34985) - resource/aws_networkfirewall_firewall: Add configurable timeouts (#34918)
- resource/aws_networkfirewall_firewall_policy: Add
firewall_policy.tls_inspection_configuration_arn
argument (#35094) - resource/aws_prometheus_workspace: Add
kms_key_arn
argument, enabling encryption at-rest using AWS KMS Customer Managed Keys (CMK) (#35062) - resource/aws_redshiftserverless_workgroup: Add
port
argument (#34925) - resource/aws_route53_resolver_endpoint: Add
protocols
argument (#35098) - resource/aws_route53_resolver_endpoint: Add
resolver_endpoint_type
argument (#34798) - resource/aws_s3_bucket: Modify resource Read to support third-party S3 API implementations. Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#35035)
- resource/aws_s3_bucket: Modify server-side encryption configuration error handling, enabling support for NetApp StorageGRID (#34890)
- resource/aws_transfer_server: Add
TransferSecurityPolicy-PQ-SSH-Experimental-2023-04
andTransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04
as valid values forsecurity_policy_name
(#35129) - resource/aws_verifiedaccess_endpoint: Add
policy_document
argument (#34264)
BUG FIXES:
- data-source/aws_lb_target_group: Change
deregistration_delay
fromTypeInt
toTypeString
(#31436) - data-source/aws_s3_bucket_object: Remove any leading
./
fromkey
to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#35223) - data-source/aws_s3_object: Remove any leading
./
fromkey
to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#35223) - resource/aws_cloud9_environment_ec2:
image_id
is Required (#35020) - resource/aws_codebuild_project: Prevent erroneous diffs on
build_timeout
andqueued_timeout
for Lambda compute types (#35043) - resource/aws_datasync_agent: Fix import of agents created with
activation_key
by removing requirement for one ofip_address
oractivation_key
to be set (#35150) - resource/aws_dms_replication_config: Prevent erroneous diffs on
replication_settings
(#34356) - resource/aws_dms_replication_task: Prevent erroneous diffs on
replication_task_settings
(#34356) - resource/aws_dynamodb_table: Fix error when waiting for snapshot to be created (#34848)
- resource/aws_finspace_kx_dataview: Properly set
arn
attribute on read, resolving persistent differences whentags
are configured (#34998) - resource/aws_glue_catalog_database: Properly handle out-of-band resource deletion (#35195)
- resource/aws_iot_indexing_configuration: Correct plan-time validation of
thing_indexing_configuration.filter.named_shadow_names
(#35225) - resource/aws_kinesis_firehose_delivery_stream: Fix
InvalidArgumentException: Both BufferSizeInMBs and BufferIntervalInSeconds are required to configure buffering for lambda processor
errors on resource Update (#26964) - resource/aws_kinesis_firehose_delivery_stream: Fix perpetual
extended_s3_configuration.processing_configuration.processors.parameters
diffs when processor type isLambda
(#35137) - resource/aws_lambda_function: Ensure lambda does not get deployed if
source_code_hash
does not change. (#29921) - resource/aws_lb: Fix
ValidationError: Attributes cannot be empty
errors (#35228) - resource/aws_lb_target_group: Fix diff on
stickiness.cookie_name
whenstickiness.type
islb_cookie
(#31436) - resource/aws_memorydb_cluster: Treat
snapshotting
status as pending when creating cluster (#31077) - resource/aws_ram_principal_association: Fix
reading RAM Resource Share (...) Principal Association (...): couldn't find resource (21 retries)
errors when a high number of principals are associated with a resource share (#34738) - resource/aws_s3_bucket_object: Remove any leading
./
fromkey
to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#35223) - resource/aws_s3_object: Remove any leading
./
fromkey
to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#35223) - resource/aws_s3_object_copy: Remove any leading
./
fromkey
to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#35223) - resource/aws_secretsmanager_secret_rotation: No longer ignores changes to
rotation_rules.automatically_after_days
whenrotation_rules.schedule_expression
is set. (#35024) - resource/aws_ses_configuration_set: Fix
tracking_options
being omitted from state and resulting in persistent diff (#35056) - resource/aws_ssoadmin_application: Fix
portal_options.sign_in_options.application_url
triggeringValidationError
when unset (#34967)
v5.31.0
FEATURES:
-
New Data Source:
aws_polly_voices
(#34916) -
New Data Source:
aws_ssoadmin_application_assignments
(#34796) -
New Data Source:
aws_ssoadmin_principal_application_assignments
(#34815) -
New Resource:
aws_finspace_kx_dataview
(#34828) -
New Resource:
aws_finspace_kx_scaling_group
(#34832) -
New Resource:
aws_finspace_kx_volume
(#34833) -
New Resource:
aws_ssoadmin_trusted_token_issuer
(#34839)
ENHANCEMENTS:
- data-source/aws_cloudwatch_log_group: Add
log_group_class
attribute (#34812) - data-source/aws_dms_endpoint: Add
postgres_settings
attribute (#34724) - data-source/aws_lb: Add
connection_logs
attribute (#34864) - data-source/aws_lb: Add
dns_record_client_routing_policy
attribute (#34135) - data-source/aws_opensearchserverless_collection: Add
standby_replicas
attribute (#34677) - resource/aws_db_instance: Add support for IBM Db2 databases (#34834)
- resource/aws_dms_endpoint: Add
elasticsearch_settings.use_new_mapping_type
argument (#29470) - resource/aws_dms_endpoint: Add
postgres_settings
configuration block (#34724) - resource/aws_finspace_kx_cluster: Add
database.dataview_name
,scaling_group_configuration
, andtickerplant_log_configuration
arguments. (#34831) - resource/aws_finspace_kx_cluster: The
capacity_configuration
argument is now optional. (#34831) - resource/aws_lb: Add
connection_logs
configuration block (#34864) - resource/aws_lb: Add plan-time validation that exactly one of either
subnets
orsubnet_mapping
is configured (#33205) - resource/aws_lb: Allow the number of
subnet_mapping
s for Application Load Balancers to be changed without recreating the resource (#33205) - resource/aws_lb: Allow the number of
subnet_mapping
s for Network Load Balancers to be increased without recreating the resource (#33205) - resource/aws_lb: Allow the number of
subnets
for Network Load Balancers to be increased without recreating the resource (#33205) - resource/aws_opensearchserverless_collection: Add
standby_replicas
attribute (#34677)
BUG FIXES:
- data-source/aws_ecr_pull_through_cache_rule: Fix plan time validation for
ecr_repository_prefix
(#34716) - provider: Always use the S3 regional endpoint in
us-east-1
for S3 directory bucket operations. This fixesno such host
errors (#34893) - resource/aws_appmesh_virtual_node: Remove limit of 50
backend
s per virtual node (#34774) - resource/aws_cloudwatch_log_group: Fix
invalid new value for .skip_destroy: was cty.False, but now null
errors (#30354) - resource/aws_cloudwatch_log_group: Remove default value (
STANDARD
) forlog_group_class
argument and mark as Computed. This fixesInvalidParameterException: Only Standard log class is supported
errors in AWS Regions other than AWS Commercial (#34812) - resource/aws_db_instance: Fix error where Terraform loses track of resource if Blue/Green Deployment is applied outside of Terraform (#34728)
- resource/aws_dms_event_subscription:
source_ids
andsource_type
are Required (#33731) - resource/aws_ecr_pull_through_cache_rule: Fix plan time validation for
ecr_repository_prefix
(#34716) - resource/aws_lb: Correct in-place update of
security_groups
for Network Load Balancers when the new value is Computed (#33205) - resource/aws_lb: Fix
InvalidConfigurationRequest: Load balancer attribute key 'dns_record.client_routing_policy' is not supported on load balancers with type 'network'
errors on resource Create in AWS GovCloud (US) (#34135) - resource/aws_medialive_channel: Fixed errors related to setting the
failover_condition
argument (#33410) - resource/aws_securitylake_data_lake: Fix
reflect.Set: value of type basetypes.StringValue is not assignable to type types.ARN
panic when importing resources withnil
ARN fields (#34820) - resource/aws_vpc: Increase IPAM pool allocation deletion timeout from 20 minutes to 35 minutes (#34859)
v5.30.0
FEATURES:
-
New Data Source:
aws_codeguruprofiler_profiling_group
(#34672) -
New Data Source:
aws_ecr_repositories
(#34446) -
New Data Source:
aws_lb_trust_store
(#34584) -
New Data Source:
aws_ssoadmin_application
(#34773) -
New Data Source:
aws_ssoadmin_application_providers
(#34670) -
New Resource:
aws_codeguruprofiler_profiling_group
(#34672) -
New Resource:
aws_customerprofiles_domain
(#34622) -
New Resource:
aws_customerprofiles_profile
(#34622) -
New Resource:
aws_lb_trust_store
(#34584) -
New Resource:
aws_lb_trust_store_revocation
(#34584) -
New Resource:
aws_securitylake_data_lake
(#34521) -
New Resource:
aws_ssoadmin_application
(#34723) -
New Resource:
aws_ssoadmin_application_assignment
(#34741) -
New Resource:
aws_ssoadmin_application_assignment_configuration
(#34752)
ENHANCEMENTS:
- data-source/aws_appconfig_configuration_profile: Add
kms_key_identifier
attribute (#34725) - data-source/aws_lb: Add
enforce_security_group_inbound_rules_on_private_link_traffic
attribute (#33767) - data-source/aws_lb_listener: Add
mutual_authentication
attribute (#34584) - resource/aws_appconfig_configuration_profile: Add
kms_key_identifier
attribute (#34725) - resource/aws_appconfig_deployment: Add
kms_key_identifier
attribute (#34739) - resource/aws_cloudwatch_log_group: Add
log_group_class
argument (#34679) - resource/aws_lb: Add
enforce_security_group_inbound_rules_on_private_link_traffic
argument (#33767) - resource/aws_lb_listener: Add
mutual_authentication
configuration block (#34584) - resource/aws_s3_bucket: Fix
stack overflow
fatal errors on resource Delete whenforce_destroy
istrue
and the bucket contains delete markers (#34712) - resource/aws_sagemaker_app: Add
resource_spec.sagemaker_image_version_alias
argument (#34729) - resource/aws_sagemaker_app_image_config: Add
jupyter_lab_image_config
configuration block (#34696) - resource/aws_sagemaker_domain: Add
default_user_settings.code_editor_app_settings
,default_user_settings.custom_file_system_config
,default_user_settings.custom_posix_user_config
,default_user_settings.default_landing_uri
,default_user_settings.jupyter_lab_app_settings
,default_user_settings.space_storage_settings
,default_user_settings.studio_web_portal
arguments (#34729) - resource/aws_sagemaker_domain: Add
sagemaker_image_version_alias
argument under alldefault_resource_spec
blocks (#34729) - resource/aws_sagemaker_domain: Add
single_sign_on_application_arn
attribute (#34729) - resource/aws_sagemaker_space: Add
sagemaker_image_version_alias
argument under alldefault_resource_spec
blocks (#34729) - resource/aws_sagemaker_space: Add
space_display_name
argument (#34729) - resource/aws_sagemaker_space: Add
url
attribute (#34729) - resource/aws_sagemaker_user_profile: Add
sagemaker_image_version_alias
argument under alldefault_resource_spec
blocks (#34729) - resource/aws_sagemaker_user_profile: Add
user_settings.code_editor_app_settings
,user_settings.custom_file_system_config
,user_settings.custom_posix_user_config
,user_settings.default_landing_uri
,user_settings.jupyter_lab_app_settings
,user_settings.space_storage_settings
,user_settings.studio_web_portal
arguments (#34729) - resource/aws_transfer_server: Add support for
TransferSecurityPolicy-FIPS-2023-05
security_policy_name
value (#34709)
BUG FIXES:
- resource/aws_ami: Correctly sets
deprecation_time
on creation and update due to eventual consistency (#34691) - resource/aws_ami: Correctly sets
description
on update due to eventual consistency (#34691) - resource/aws_ami: Now allows removing
deprecation_time
(#34691) - resource/aws_appflow_flow: Fix perpetual diff on
destination_flow_config
(#34770) - resource/aws_backup_vault_policy: Fix eventual consistency error when waiting for IAM (#34671)
- resource/aws_eks_pod_identity_association: Retry IAM eventual consistency errors on create and update (#34717)
- resource/aws_glue_connection: Fix crash while creating resource with empty
physical_connection_requirements
configuration block (#34737)
v5.29.0
FEATURES:
-
New Resource:
aws_docdbelastic_cluster
(#31033) -
New Resource:
aws_eks_pod_identity_association
(#34566)
ENHANCEMENTS:
- resource/aws_docdb_cluster: Add
storage_type
argument (#34637) - resource/aws_neptune_parameter_group: Add
name_prefix
argument (#34500)
BUG FIXES:
- resource/aws_networkmanager_attachment_accepter: Now revokes attachment on deletion for VPC Attachments (#34547)
- resource/aws_networkmanager_vpc_attachment: Fixes error when modifying
options
fields while waiting for acceptance (#34547) - resource/aws_networkmanager_vpc_attachment: Fixes error where VPC Attachments waiting for acceptance could not be deleted (#34547)
- resource/aws_s3_directory_bucket: Fix
NotImplemented: This bucket does not support Object Versioning
errors on resource Delete whenforce_destroy
istrue
(#34647)
v5.28.0
FEATURES:
ENHANCEMENTS:
- resource/aws_s3control_access_grants_instance: Add
identity_center_arn
argument andidentity_center_application_arn
attribute (#34582)
BUG FIXES:
- resource/aws_elaticache_replication_group: Fix regression caused by the introduction of the
auth_token_update_strategy
argument with a default value (#34600)
v5.27.0
NOTES:
- provider: This release includes an update to the AWS SDK for Go v2 with breaking type changes to several services:
internetmonitor
,ivschat
,pipes
, ands3
. These changes primarily affect how arguments with default values are serialized for outbound requests, changing scalar types to pointers. See this AWS SDK for Go V2 issue for additional context. The corresponding provider changes should make this breakfix transparent to users, but as with any breaking change there is the potential for missed edge cases. If errors are observed in the impacted resources, please link to this dependency update pull request in the bug report (#34476)
FEATURES:
-
New Data Source:
aws_emr_supported_instance_types
(#34481) -
New Resource:
aws_apprunner_default_auto_scaling_configuration_version
(#34292) -
New Resource:
aws_lexv2models_bot_version
(#33858) -
New Resource:
aws_s3control_access_grant
(#34564) -
New Resource:
aws_s3control_access_grants_instance
(#34564) -
New Resource:
aws_s3control_access_grants_instance_resource_policy
(#34564) -
New Resource:
aws_s3control_access_grants_location
(#34564)
ENHANCEMENTS:
- resource/aws_apprunner_auto_scaling_configuration_version: Add
has_associated_service
andis_default
attributes (#34292) - resource/aws_apprunner_service: Add
network_configuration.ip_address_type
argument (#34292) - resource/aws_apprunner_service: Add
source_configuration.code_repository.source_directory
argument to support monorepos (#34292) - resource/aws_apprunner_service: Allow
health_check_configuration
to be updated in-place (#34292) - resource/aws_cloudwatch_event_rule: Add
state
parameter and deprecateis_enabled
parameter (#34510) - resource/aws_elaticache_replication_group: Add
auth_token_update_strategy
argument (#34460) - resource/aws_lambda_function: Add support for
java21
runtime
value (#34476) - resource/aws_lambda_function: Add support for
python3.12
runtime
value (#34533) - resource/aws_lambda_layer_version: Add support for
java21
compatible_runtimes
value (#34476) - resource/aws_lambda_layer_version: Add support for
python3.12
compatible_runtimes
value (#34533) - resource/aws_s3_bucket_logging: Add
target_object_key_format
configuration block to support automatic date-based partitioning (#34504)
BUG FIXES:
- resource/aws_appflow_flow: Fix
InvalidParameter: 2 validation error(s) found
error whendestination_flow_config
ortask
is updated (#34456) - resource/aws_appflow_flow: Fix
interface conversion: interface {} is nil, not map[string]interface {}
panic (#34456) - resource/aws_apprunner_service: Correctly set
service_url
for private services (#34292) - resource/aws_glue_trigger: Fix
ConcurrentModificationException: Workflow <workflowName> was modified while adding trigger <triggerName>
errors (#34530) - resource/aws_lb_target_group: Adds plan- and apply-time validation for invalid parameter combinations (#34488)
- resource/aws_lexv2_bot_locale: Fix
voice_settings.engine
validation, value conversion errors (#34532) - resource/aws_lexv2models_bot: Properly send
type
argument on create and update when configured (#34524) - resource/aws_pipes_pipe: Fix error when zero value is sent to
source_parameters
on update (#34487)
v5.26.0
FEATURES:
-
New Data Source:
aws_iot_registration_code
(#15098) -
New Resource:
aws_bedrock_model_invocation_logging_configuration
(#34303) -
New Resource:
aws_iot_billing_group
(#31237) -
New Resource:
aws_iot_ca_certificate
(#15098) -
New Resource:
aws_iot_event_configurations
(#31237)
ENHANCEMENTS:
- data-source/aws_autoscaling_group: Add
instance_maintenance_policy
attribute (#34430) - provider: Adds
https_proxy
andno_proxy
parameters. (#34243) - resource/aws_autoscaling_group: Add
instance_maintenance_policy
configuration block (#34430) - resource/aws_finspace_kx_cluster: Increase default create and update timeouts to 4 hours to allow for increased startup times with large volumes of cached data (#34398)
- resource/aws_finspace_kx_environment: Increase default delete timeout to 75 minutes (#34398)
- resource/aws_iam_group_policy_attachment: Add plan-time validation of
policy_arn
(#34378) - resource/aws_iam_policy_attachment: Add plan-time validation of
policy_arn
(#34378) - resource/aws_iam_role_policy_attachment: Add plan-time validation of
policy_arn
(#34378) - resource/aws_iam_user_policy_attachment: Add plan-time validation of
policy_arn
(#34378) - resource/aws_iot_ca_certificate: Add
ca_certificate_id
attribute (#15098) - resource/aws_iot_policy: Add configurable timeouts (#34329)
- resource/aws_iot_policy: When updating the resource, delete the oldest non-default version of the policy if creating a new version would exceed the maximum number of versions (5) (#34329)
- resource/aws_lambda_function: Add support for
nodejs20.x
andprovided.al2023
runtime
values (#34401) - resource/aws_lambda_layer_version: Add support for
nodejs20.x
andprovided.al2023
compatible_runtimes
values (#34401) - resource/aws_quicksight_analysis: Add
definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.sparkline
attribute (#33931) - resource/aws_quicksight_analysis: Add
definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.visual_layout_options
attribute (#33931) - resource/aws_quicksight_analysis: Add
number_display_format_configuration
andpercentage_display_format_configuration
to nestednumeric_format_configuration
argument (#33931) - resource/aws_quicksight_dashboard: Add
definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.sparkline
attribute (#33931) - resource/aws_quicksight_dashboard: Add
definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.visual_layout_options
attribute (#33931) - resource/aws_quicksight_dashboard: Add
number_display_format_configuration
andpercentage_display_format_configuration
to nestednumeric_format_configuration
argument (#33931) - resource/aws_quicksight_template: Add
definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.sparkline
attribute (#33931) - resource/aws_quicksight_template: Add
definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.visual_layout_options
attribute (#33931) - resource/aws_quicksight_template: Add
number_display_format_configuration
andpercentage_display_format_configuration
to nestednumeric_format_configuration
argument (#33931) - resource/aws_rds_cluster: Add
delete_automated_backups
argument (#34309)
BUG FIXES:
- resource/aws_chime_voice_connector: Fix
read
error when resource is not created inus-east-1
(#34334) - resource/aws_chime_voice_connector_group: Fix
read
error when resource is not created inus-east-1
(#34334) - resource/aws_chime_voice_connector_logging: Fix
read
error when resource is not created inus-east-1
(#34334) - resource/aws_chime_voice_connector_origination: Fix
read
error when resource is not created inus-east-1
(#34334) - resource/aws_chime_voice_connector_termination: Fix
read
error when resource is not created inus-east-1
(#34334) - resource/aws_chime_voice_connector_termination_credentials: Fix
read
error when resource is not created inus-east-1
(#34334) - resource/aws_chimesdkmediapipelines_media_insights_pipeline_configuration: Fix eventual consistency error when resource is not created in
us-east-1
(#34334) - resource/aws_chimesdkvoice_sip_media_application: Fix eventual consistency errors when not using
us-east-1
(#34426) - resource/aws_chimesdkvoice_sip_rule: Fix eventual consistency errors when not using
us-east-1
(#34426) - resource/aws_elasticache_user: Fix
UserNotFound: ... is not available for tagging
errors on resource Read when there is a concurrent update to the user (#34396) - resource/aws_grafana_workspace_api_key: Change
key
toSensitive
(#34105) - resource/aws_iam_group_policy_attachment: Retry
ConcurrentModificationException
errors on create and delete (#34378) - resource/aws_iam_policy_attachment: Retry
ConcurrentModificationException
errors on create and delete (#34378) - resource/aws_iam_role_policy_attachment: Retry
ConcurrentModificationException
errors on create and delete (#34378) - resource/aws_iam_user_policy_attachment: Retry
ConcurrentModificationException
errors on create and delete (#34378) - resource/aws_inspector2_delegated_admin_account: Fix
errors: *target must be interface or implement error
panic (#34424) - resource/aws_inspector2_enabler: Fix
interface conversion: interface {} is nil, not map[string]inspector2.AccountResourceStatus
panic (#34424) - resource/aws_iot_ca_certificate: Change
ca_pem
andcertificate_pem
to ForceNew (#15098) - resource/aws_iot_policy: Retry
DeleteConflictException
errors on delete (#34329) - resource/aws_quicksight_analysis: Fix handling of the nested
number_scale
,prefix
, andsuffix
integer arguments (#33931) - resource/aws_quicksight_analysis: Fix handling of the nested
rolling_date
argument (#33931) - resource/aws_quicksight_analysis: Fix handling of the nested
select_all_options
argument (#33931) - resource/aws_quicksight_analysis: Fix handling of the nested
visual_ids
argument (#33931) - resource/aws_quicksight_analysis: Fixes to various optional blocks utilizing the shared column schema definition (#33931)
- resource/aws_quicksight_analysis: Nested
column_index
androw_index
arguments now properly handle zero values (#33931) - resource/aws_quicksight_dashboard: Fix handling of the nested
number_scale
,prefix
, andsuffix
integer arguments (#33931) - resource/aws_quicksight_dashboard: Fix handling of the nested
rolling_date
argument (#33931) - resource/aws_quicksight_dashboard: Fix handling of the nested
select_all_options
argument (#33931) - resource/aws_quicksight_dashboard: Fix handling of the nested
visual_ids
argument (#33931) - resource/aws_quicksight_dashboard: Fixes to various optional blocks utilizing the shared column schema definition (#33931)
- resource/aws_quicksight_dashboard: Nested
column_index
androw_index
arguments now properly handle zero values (#33931) - resource/aws_quicksight_data_set: Increase
permissions.actions
maximum item limit to 20, aligning with the AWS API limits (#33931) - resource/aws_quicksight_data_source: Set all parameters to update aws_quicksight_data_source (#33061)
- resource/aws_quicksight_template: Fix handling of the nested
number_scale
,prefix
, andsuffix
integer arguments (#33931) - resource/aws_quicksight_template: Fix handling of the nested
rolling_date
argument (#33931) - resource/aws_quicksight_template: Fix handling of the nested
select_all_options
argument (#33931) - resource/aws_quicksight_template: Fix handling of the nested
visual_ids
argument (#33931) - resource/aws_quicksight_template: Fixes to various optional blocks utilizing the shared column schema definition (#33931)
- resource/aws_quicksight_template: Nested
column_index
androw_index
arguments now properly handle zero values (#33931) - resource/aws_sagemaker_user_profile: Change
default_user_settings.canvas_app_settings.identity_provider_oauth_settings
from TypeSet to TypeList, preventinginterface conversion: interface {} is *schema.Set, not []interface {}
panics (#34418) - resource/aws_synthetics_canary: Fix to properly suppress differences when
expression
israte(0 minutes)
(#34084) - resource/aws_vpn_connection: Fix
UnsupportedOperation: The tunnel inside ip version parameter is not currently supported in this region
error when creating connections in certain partitions and Regions (#34420)
v5.25.0
NOTES:
FEATURES:
-
New Data Source:
aws_apigatewayv2_vpc_link
(#33974) -
New Data Source:
aws_athena_named_query
(#24815) -
New Data Source:
aws_bedrock_foundation_model
(#34148) -
New Data Source:
aws_bedrock_foundation_models
(#34148) -
New Resource:
aws_athena_prepared_statement
(#33417) -
New Resource:
aws_lexv2models_bot_locale
(#33949)
ENHANCEMENTS:
- provider: Adds SSO API endpoint override parameter
endpoints.sso
(#34302) - resource/aws_appflow_connector_profile: Add
jwt_token
andoauth2_grant_type
arguments to theconnector_profile_config.connector_profile_credentials.salesforce
block. (#34248) - resource/aws_autoscaling_group: Add plan-time validation of
initial_lifecycle_hook.default_result
,initial_lifecycle_hook.heartbeat_timeout
,initial_lifecycle_hook.lifecycle_transition
,initial_lifecycle_hook.name
,initial_lifecycle_hook.notification_target_arn
andinitial_lifecycle_hook.role_arn
(#12145) - resource/aws_autoscaling_lifecycle_hook: Add plan-time validation of
default_result
,heartbeat_timeout
,lifecycle_transition
,name
,notification_target_arn
androle_arn
(#12145) - resource/aws_datasync_task: Add
task_report_config
argument (#33861) - resource/aws_db_instance: Add
postgres
as a validengine
value for blue/green deployments (#34216) - resource/aws_dms_endpoint: Add
pause_replication_tasks
, which when set totrue
, pauses associated running replication tasks, regardless if they are managed by Terraform, prior to modifying the endpoint (only tasks paused by the resource will be restarted after the modification completes) (#34316) - resource/aws_eks_cluster: Allow
vpc_config.security_group_ids
andvpc_config.subnet_ids
to be updated in-place (#32409) - resource/aws_inspector2_organization_configuration: Add
lambda_code
argument to theauto_enable
configuration block (#34261) - resource/aws_route53_record: Allow import of records with an empty record name. (#34212)
- resource/aws_sagemaker_domain: Add
default_user_settings.canvas_app_settings.direct_deploy_settings
,default_user_settings.canvas_app_settings.identity_provider_oauth_settings
anddefault_user_settings.canvas_app_settings.kendra_settings
arguments (#34265) - resource/aws_sagemaker_domain: Change
default_space_settings.kernel_gateway_app_settings.custom_image
,default_user_settings.kernel_gateway_app_settings.custom_image
anddefault_user_settings.r_session_app_settings.custom_image
MaxItems
from30
to200
(#34265) - resource/aws_sagemaker_feature_group: Add
offline_store_config.s3_storage_config.resolved_output_s3_uri
,online_store_config.storage_type
andonline_store_config.ttl_duration
arguments (#34283) - resource/aws_sagemaker_feature_group: Allow
online_store_config.ttl_duration
to be updated in-place (#34283) - resource/aws_sagemaker_model: Add
container.model_data_source
andprimary_container.model_data_source
configuration blocks (#34158) - resource/aws_sagemaker_space: Change
space_settings.kernel_gateway_app_settings.custom_image
MaxItems
from30
to200
(#34265) - resource/aws_sagemaker_user_profile: Add
default_user_settings.canvas_app_settings.direct_deploy_settings
,default_user_settings.canvas_app_settings.identity_provider_oauth_settings
anddefault_user_settings.canvas_app_settings.kendra_settings
arguments (#34265) - resource/aws_sns_topic: Add
archive_policy
argument andbeginning_archive_time
attribute to support message archiving (#34252) - resource/aws_sns_topic: Add
replay_policy
argument (#34252)
BUG FIXES:
- provider: Fix
Value Conversion Error
panic for certain resources whennull
tag values are specified (#34319) - provider: Fixes parsing error in AWS shared config files with extra whitespace (#34300)
- provider: Fixes poor performance when parsing AWS shared config files (#34300)
- resource/aws_autoscaling_group: Change all
initial_lifecycle_hook
configuration block attributes to ForceNew (#34260) - resource/aws_cloudtrail: Change the
id
attribute from the trail's name to its ARN to support organization trails (#30758) - resource/aws_cloudwatch_event_rule: Increase
event_pattern
max length for validation to 4096 (#34270) - resource/aws_sagemaker_domain: Fix updating
default_space_settings.r_studio_server_pro_app_settings.access_status
fromENABLED
toDISABLED
(#34265)
v5.24.0
NOTES:
- resource/aws_detective_organization_admin_account: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#25237)
- resource/aws_detective_organization_configuration: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#25237)
FEATURES:
-
New Data Source:
aws_opensearchserverless_lifecycle_policy
(#34144) -
New Resource:
aws_detective_organization_admin_account
(#25237) -
New Resource:
aws_detective_organization_configuration
(#25237) -
New Resource:
aws_opensearchserverless_lifecycle_policy
(#34144) -
New Resource:
aws_redshift_resource_policy
(#34149) -
New Resource:
aws_verifiedaccess_endpoint
(#30763)
ENHANCEMENTS:
- resource/aws_amplify_app: Add
custom_headers
argument (#31561) - resource/aws_batch_job_definition: Add
node_properties
argument (#34153) - resource/aws_finspace_kx_cluster: In-place updates are now supported for the
code
,database
, andinitialization_script
arguments. The update timeout has been increased to 30 minutes. (#34220) - resource/aws_iot_topic_rule: Add
kafka.header
anderror_action.kafka.header
arguments (#34191) - resource/aws_networkmanager_connect_attachment: Add
NO_ENCAP
as a validoptions.protocol
value (#34109) - resource/aws_networkmanager_connect_peer: Add
subnet_arn
argument to support Tunnel-less Connect attachments (#34109) - resource/aws_networkmanager_connect_peer:
inside_cidr_blocks
is Optional (#34109) - resource/aws_rds_cluster: Remove the provider default (previously, "1") and use the AWS default for
backup_retention_period
(also, "1") to allow integration with AWS Backup (#34187) - resource/aws_redshift_cluster: Add
snapshot_arn
argument (#34181) - resource/aws_redshift_cluster: Add the
manage_master_password
andmaster_password_secret_kms_key_id
arguments to support managed admin credentials (#34182) - resource/aws_s3_object: Add
override_provider
configuration block, allowing tags inherited from the providerdefault_tags
configuration block to be ignored (#33262) - resource/aws_secretsmanager_secret_rotation: The
rotation_lambda_arn
argument is now optional to support modifying the rotation schedule of AWS-managed secrets. (#34180)
BUG FIXES:
- data-source/aws_vpc_ipam_pools: Add
id
attribute for individual IPAM pools (#32133) - resource/aws_alb_listener_rule: Fixed the
action.forward.target_group
argument minimum item requirement. Previously this was set to 2, but the AWS API allows specifying a single target group. (#33727) - resource/aws_amplify_branch: Remove ForceNew from
enable_performance_mode
(#34141) - resource/aws_lb_listener_rule: Fixed the
action.forward.target_group
argument minimum item requirement. Previously this was set to 2, but the AWS API allows specifying a single target group. (#33727) - resource/aws_quicksight_analysis: Fix "expected type to be integer" errors in
window_options.bounds.*
argument validatation functions (#34230) - resource/aws_quicksight_dashboard: Fix "expected type to be integer" errors in
window_options.bounds.*
argument validatation functions (#34230) - resource/aws_quicksight_template: Fix "expected type to be integer" errors in
window_options.bounds.*
argument validatation functions (#34230) - resource/aws_rds_cluster: Avoid an error on delete related to
unexpected state 'scaling-compute'
(#34187)
v5.23.1
BUG FIXES:
- data-source/aws_lambda_function: Add
vpc_config.ipv6_allowed_for_dual_stack
attribute, fixingInvalid address to set: []string{"vpc_config", "0", "ipv6_allowed_for_dual_stack"}
errors (#34134)
v5.23.0
NOTES:
- provider: This release includes an update to the AWS SDK for Go v2 with breaking type changes to several services:
finspace
,kafka
,medialive
,rds
,s3control
,timestreamwrite
, andxray
. These changes primarily affect how arguments with default values are serialized for outbound requests, changing scalar types to pointers. See this AWS SDK for Go V2 issue for additional context. The corresponding provider changes should make this breakfix transparent to users, but as with any breaking change there is the potential for missed edge cases. If errors are observed in the impacted resources, please link to this dependency update pull request in the bug report. (#34096)
FEATURES:
-
New Resource:
aws_iot_domain_configuration
(#24765)
ENHANCEMENTS:
- data-source/aws_imagebuilder_image: Add
image_scanning_configuration
attribute (#34049) - resource/aws_config_config_rule: Add
evaluation_mode
attribute (#34033) - resource/aws_elasticache_replication_group: Add
ip_discovery
andnetwork_type
arguments (#34019) - resource/aws_imagebuilder_image: Add
image_scanning_configuration
configuration block (#34049) - resource/aws_kms_key: Add configurable timeouts (#34112)
- resource/aws_lambda_function: Add
vpc_config.ipv6_allowed_for_dual_stack
argument (#34045) - resource/aws_lb: Add
dns_record_client_routing_policy
attribute to configure Availability Zonal DNS affinity on Network Load Balancer (NLB) (#33992) - resource/aws_lb_target_group: Add
target_health_state
configuration block (#34070) - resource/aws_lb_target_group: Remove default value (
false
) forconnection_termination
argument and mark as Computed, to support new default behavior for UDP/TCP_UDP target groups (#34070) - resource/aws_neptune_cluster: Add
slowquery
as a validenable_cloudwatch_logs_exports
value (#34053)
BUG FIXES:
- provider/tags: Prevent crash when
tags_all
is null (#34073) - resource/aws_autoscaling_group: Fix error when
launch_template
name is updated. (#34086) - resource/aws_dms_s3_endpoint: Don't send the default value of
false
foradd_trailing_padding_character
, maintaining compatibility with older (pre-3.4.7) DMS engine versions (#34048) - resource/aws_ecs_task_definition: Add
0
as a valid value forvolume.efs_volume_configuration.transit_encryption_port
, preventing unexpected drift (#34020) - resource/aws_identitystore_group: Fix updating
description
attribute when it is changed (#34037) - resource/aws_iot_indexing_configuration: Add
thing_indexing_configuration.filter
attribute, resolvingInvalidRequestException: NamedShadowNames Filter must not be empty for enabling NamedShadowIndexingMode
errors (#26859) - resource/aws_storagegateway_gateway: Support the value
0
(representing Sunday) formaintenance_start_time.day_of_week
(#34015) - resource/aws_verifiedaccess_group: Fix
InvalidParameterValue: Policy Document cannot be provided when Policy Enabled is false or missing
errors when updatingpolicy_document
(#34054)
v5.22.0
FEATURES:
-
New Data Source:
aws_media_convert_queue
(#27075) -
New Resource:
aws_elasticsearch_vpc_endpoint
(#33925) -
New Resource:
aws_msk_replicator
(#33973)
ENHANCEMENTS:
- data-source/aws_ec2_client_vpn_endpoint: Add
self_service_portal_url
attribute (#34007) - resource/aws_alb: Support import of
name_prefix
argument (#33852) - resource/aws_alb_target_group: Support import of
name_prefix
argument (#33852) - resource/aws_cloudfront_public_key: Support import of
name_prefix
argument (#33852) - resource/aws_db_option_group: Support import of
name_prefix
argument (#33852) - resource/aws_docdb_cluster: Support import of
cluster_identifier_prefix
argument (#33852) - resource/aws_docdb_cluster_instance: Support import of
identifier_prefix
argument (#33852) - resource/aws_docdb_cluster_parameter_group: Support import of
name_prefix
argument (#33852) - resource/aws_docdb_subnet_group: Support import of
name_prefix
argument (#33852) - resource/aws_ec2_client_vpn_endpoint: Add
self_service_portal_url
attribute (#34007) - resource/aws_elb: Support import of
name_prefix
argument (#33852) - resource/aws_emr_security_configuration: Support import of
name_prefix
argument (#33852) - resource/aws_iam_group_policy: Support import of
name_prefix
argument (#33852) - resource/aws_iam_role_policy: Support import of
name_prefix
argument (#33852) - resource/aws_iam_user_policy: Support import of
name_prefix
argument (#33852) - resource/aws_iot_provisioning_template: Add
type
attribute (#33950) - resource/aws_lb: Support import of
name_prefix
argument (#33852) - resource/aws_lb_target_group: Support import of
name_prefix
argument (#33852) - resource/aws_neptune_cluster: Support import of
cluster_identifier_prefix
argument (#33852) - resource/aws_neptune_cluster_instance: Support import of
identifier_prefix
argument (#33852) - resource/aws_neptune_cluster_parameter_group: Support import of
name_prefix
argument (#33852) - resource/aws_neptune_event_subscription: Support import of
name_prefix
argument (#33852) - resource/aws_pinpoint_app: Support import of
name_prefix
argument (#33852) - resource/aws_rds_cluster: Support import of
cluster_identifier_prefix
argument (#33852) - resource/aws_rds_cluster_instance: Support import of
identifier_prefix
argument (#33852) - resource/aws_signer_signing_profile: Support import of
name_prefix
argument (#33852) - resource/aws_signer_signing_profile_permission: Add
signer:SignPayload
as a validaction
value (#33852) - resource/aws_signer_signing_profile_permission: Support import of
statement_id_prefix
argument (#33852) - resource/aws_transfer_server: Change
pre_authentication_login_banner
andpost_authentication_login_banner
length limits to 4096 (#33937) - resource/aws_wafv2_web_acl: Add
ja3_fingerprint
tofield_to_match
configuration blocks (#33933)
BUG FIXES:
- data-source/aws_dms_certificate: Fix crash when certificate not found (#34012)
- resource/aws_cloudformation_stack: Fix error when
computed
values are not set when there is no update (#33969) - resource/aws_codecommit_repository: Doesn't force replacement when renaming (#32207)
- resource/aws_db_instance: Creating resource from snapshot or point-in-time recovery now handles
manage_master_user_password
andmaster_user_secret_kms_key_id
attributes correctly (#33699) - resource/aws_elasticache_replication_group: Fix error when switching
engine_version
from6.x
to a specific6.<digit>
version number (#33954) - resource/aws_iam_role: Fix refreshing
permission_boundary
when deleted outside of Terraform (#33963) - resource/aws_iam_user: Fix refreshing
permission_boundary
when deleted outside of Terraform (#33963) - resource/aws_inspector2_enabler: Fix
Value at 'resourceTypes' failed to satisfy constraint
errors (#33348) - resource/aws_neptune_cluster_instance: Remove ForceNew from
engine_version
(#33487) - resource/aws_neptune_cluster_parameter_group: Fix condition where defined cluster parameters with system default values are seen as updates (#33487)
- resource/aws_s3_bucket_object_lock_configuration: Fix
found resource
errors on Delete (#33966)
v5.21.0
FEATURES:
-
New Data Source:
aws_servicequotas_templates
(#33871) -
New Resource:
aws_ec2_image_block_public_access
(#33810) -
New Resource:
aws_guardduty_organization_configuration_feature
(#33913) -
New Resource:
aws_servicequotas_template_association
(#33725) -
New Resource:
aws_verifiedaccess_group
(#33297) -
New Resource:
aws_verifiedaccess_instance_logging_configuration
(#33864)
ENHANCEMENTS:
- data-source/aws_dms_endpoint: Add
s3_settings.glue_catalog_generation
attribute (#33778) - data-source/aws_msk_cluster: Add
cluster_uuid
attribute (#33805) - resource/aws_codedeploy_deployment_group: Add
outdated_instances_strategy
argument (#33844) - resource/aws_dms_endpoint: Add
s3_settings.glue_catalog_generation
attribute (#33778) - resource/aws_dms_s3_endpoint: Add
glue_catalog_generation
attribute (#33778) - resource/aws_docdb_cluster: Add
allow_major_version_upgrade
argument (#33790) - resource/aws_docdb_cluster_instance: Add
copy_tags_to_snapshot
argument (#31022) - resource/aws_dynamodb_table: Add
import_table
configuration block (#33802) - resource/aws_msk_cluster: Add
cluster_uuid
attribute (#33805) - resource/aws_msk_serverless_cluster: Add
cluster_uuid
attribute (#33805) - resource/aws_networkmanager_core_network: Add
base_policy_document
argument (#33712) - resource/aws_redshiftserverless_workgroup: Allow
require_ssl
anduse_fips_ssl
config_parameters
keys (#33916) - resource/aws_s3_bucket: Use configurable timeout for resource Delete (#33845)
- resource/aws_verifiedaccess_instance: Add
fips_enabled
argument (#33880) - resource/aws_vpclattice_target_group: Add
config.lambda_event_structure_version
argument (#33804) - resource/aws_vpclattice_target_group: Make
config.port
,config.protocol
andconfig.vpc_identifier
optional (#33804) - resource/aws_wafv2_web_acl: Add
aws_managed_rules_acfp_rule_set
tomanaged_rule_group_configs
configuration block (#33915)
BUG FIXES:
- provider: Respect valid values for the
AWS_S3_US_EAST_1_REGIONAL_ENDPOINT
environment variable when configuring the S3 API client (#33874) - resource/aws_appflow_connector_profile: Fix various crashes (#33856)
- resource/aws_db_parameter_group: Group names containing periods (
.
) no longer fail validation (#33704) - resource/aws_opensearchserverless_collection: Fix crash when error is returned (#33918)
- resource/aws_rds_cluster_parameter_group: Group names containing periods (
.
) no longer fail validation (#33704)
v5.20.1
NOTES:
- provider: Build with Terraform Plugin Framework v1.4.1, fixing potential initialization errors when using v1.6 of the Terraform CLI.
v5.20.0
FEATURES:
-
New Resource:
aws_guardduty_detector_feature
(#31463) -
New Resource:
aws_servicequotas_template
(#33688) -
New Resource:
aws_sesv2_account_vdm_attributes
(#33705) -
New Resource:
aws_verifiedaccess_instance_trust_provider_attachment
(#33734)
ENHANCEMENTS:
- data-source/aws_guardduty_detector: Add
features
attribute (#31463) - resource/aws_finspace_kx_cluster: Increase default creation timeout to 45 minutes, default deletion timeout to 60 minutes (#33745)
- resource/aws_finspace_kx_environment: Increase default deletion timeout to 45 minutes (#33745)
- resource/aws_guardduty_filter: Add plan-time validation of
name
(#21030) - resource/aws_kinesis_firehose_delivery_stream: Add
opensearchserverless_configuration
andmsk_source_configuration
configuration blocks (#33101) - resource/aws_kinesis_firehose_delivery_stream: Add
opensearchserverless
as a validdestination
value (#33101)
BUG FIXES:
- data-source/aws_fsx_ontap_storage_virtual_machine: Fix crash when
active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
is not configured (#33800) - resource/aws_ec2_transit_gateway_route : Fix TGW route search filter to avoid routes being missed when more than 1,000 static routes are in a TGW route table (#33765)
- resource/aws_fsx_ontap_storage_virtual_machine: Fix crash when
active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
is not configured (#33800) - resource/aws_medialive_channel: Fix VPC settings flatten/expand/docs. (#33558)
- resource/aws_vpc_endpoint: Set
dns_options.dns_record_ip_type
toComputed
to prevent diffs (#33743)
v5.19.0
BREAKING CHANGES:
- data-source/aws_s3_bucket_object: Following migration to AWS SDK for Go v2, the
metadata
attribute's keys are always returned in lowercase (#33660) - data-source/aws_s3_object: Following migration to AWS SDK for Go v2, the
metadata
attribute's keys are always returned in lowercase (#33660)
NOTES:
- data-source/aws_s3_bucket_object: The
metadata
attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#33660) - data-source/aws_s3_object: The
metadata
attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#33660) - resource/aws_iam_*: This release introduces additional validation of IAM policy JSON arguments to detect duplicate keys. Previously, arguments with duplicated keys resulted in all but one of the key values being overwritten. Since this results in unexpected IAM policies being submitted to AWS, we have updated the validation logic to error in these cases. This may cause existing IAM policy arguments to fail validation, however, those policies are likely not what was originally intended. (#33570)
FEATURES:
-
New Resource:
aws_cleanrooms_configured_table
(#33602) -
New Resource:
aws_dms_replication_config
(#32908) -
New Resource:
aws_lexv2models_bot
(#33475) -
New Resource:
aws_rds_custom_db_engine_version
(#33285)
ENHANCEMENTS:
- resource/aws_cloud9_environment_ec2: Add
ubuntu-22.04-x86_64
andresolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64
as valid values forimage_id
(#33662) - resource/aws_fsx_ontap_volume: Add
bypass_snaplock_enterprise_retention
argument andsnaplock_configuration
configuration block to support SnapLock (#32530) - resource/aws_fsx_ontap_volume: Add
copy_tags_to_backups
andsnapshot_policy
arguments (#32530) - resource/aws_fsx_openzfs_volume: Add
delete_volume_options
argument (#32530) - resource/aws_lightsail_bucket: Add
force_delete
argument (#33586) - resource/aws_opensearch_outbound_connection: Add
connection_properties
,connection_mode
andaccept_connection
arguments (#32990) - resource/aws_wafv2_rule_group: Add
rate_based_statement.custom_key
configuration block (#33594) - resource/aws_wafv2_web_acl: Add
rate_based_statement.custom_key
configuration block (#33594)
BUG FIXES:
- resource/aws_batch_job_queue: Correctly validates elements of
compute_environments
as ARNs (#33577) - resource/aws_cloudfront_continuous_deployment_policy: Fix
IllegalUpdate
errors when updating a stagingaws_cloudfront_distribution
that is part of continuous deployment (#33578) - resource/aws_cloudfront_distribution: Fix
IllegalUpdate
errors when updating a staging distribution associated with anaws_cloudfront_continuous_deployment_policy
(#33578) - resource/aws_cloudfront_distribution: Fix
PreconditionFailed
errors when destroying a distribution associated with anaws_cloudfront_continuous_deployment_policy
(#33578) - resource/aws_cloudfront_distribution: Fix
StagingDistributionInUse
errors when destroying a distribution associated with anaws_cloudfront_continuous_deployment_policy
(#33578) - resource/aws_datasync_location_fsx_ontap_file_system: Correct handling of
protocol.smb.domain
,protocol.smb.user
andprotocol.smb.password
(#33641) - resource/aws_glacier_vault_lock: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_iam_group_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_iam_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_iam_role: Fail validation if duplicated keys are found in
assume_role_policy
(#33570) - resource/aws_iam_role_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_iam_user_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_mediastore_container_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_s3_bucket_policy: Fix intermittent
couldn't find resource
errors on resource Create (#33537) - resource/aws_ssoadmin_permission_set_inline_policy: Fail validation if duplicated keys are found in
inline_policy
(#33570) - resource/aws_transfer_access: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_transfer_user: Fail validation if duplicated keys are found in
policy
(#33570)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.