chore(deps): update terraform aws to v5.52.0
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
aws (source) | required_provider | minor |
5.36.0 -> 5.52.0
|
Release Notes
hashicorp/terraform-provider-aws (aws)
v5.52.0
ENHANCEMENTS:
- resource/aws_kinesisanalyticsv2_application: Add
application_mode
argument (#37714) - resource/aws_lightsail_bucket: Add support to
ListTags
function for proper key-only tag handling (#37711) - resource/aws_lightsail_certificate: Add support to
ListTags
function for proper key-only tag handling (#37711) - resource/aws_lightsail_container_service: Add support to
ListTags
function for proper key-only tag handling (#37711) - resource/aws_lightsail_database: Add support to
ListTags
function for proper key-only tag handling (#37711) - resource/aws_lightsail_distribution: Add support to
ListTags
function for proper key-only tag handling (#37711) - resource/aws_lightsail_key_pair: Add support to
ListTags
function for proper key-only tag handling (#37711) - resource/aws_lightsail_lb: Add support to
ListTags
function for proper key-only tag handling (#37711)
BUG FIXES:
- resource/aws_lightsail_database: Prevent destroy failure when resource is already deleted outside Terraform (#37711)
- resource/aws_lightsail_instance: Fix crash when reading a resource that has a key-only tag (#37587)
- resource/aws_lightsail_key_pair: Prevent destroy failure when resource is already deleted outside Terraform (#37711)
- resource/aws_lightsail_lb: Prevent destroy failure when resource is already deleted outside Terraform (#37711)
v5.51.1
ENHANCEMENTS:
- resource/aws_ecs_service: Add
volume_configuration
argument (#37019) - resource/aws_ecs_task_definition: Add
configure_at_launch
parameter involume
argument (#37019)
BUG FIXES:
- data-source/aws_route53_zone: Fix incorrect
name_servers
values (#37685) - data-source/aws_route53_zone: Permit both
name
andzone_id
arguments when one is an empty string (#37686) - resource/aws_route53_zone: Fix incorrect
name_servers
values (#37685)
v5.51.0
NOTES:
- data-source/aws_lambda_function:
source_code_hash
attribute has been deprecated in favor ofcode_sha256
. Will be removed in a future major version (#37669) - data-source/aws_lambda_layer_version:
source_code_hash
attribute has been deprecated in favor ofcode_sha256
. Will be removed in a future major version (#37646)
FEATURES:
-
New Data Source:
aws_chatbot_slack_workspace
(#37218) -
New Resource:
aws_lambda_runtime_management_config
(#37643) -
New Resource:
aws_vpc_endpoint_private_dns
(#37628) -
New Resource:
aws_vpc_endpoint_service_private_dns_verification
(#37176)
ENHANCEMENTS:
- data-source/aws_lambda_function: Add
code_sha256
attribute (#37669) - data-source/aws_lambda_layer_version: Add
code_sha256
attribute (#37646) - data-source/aws_route53_traffic_policy_document: Add support for
application-load-balancer
,elastic-beanstalk
andnetwork-load-balancer
endpoint.type
values (#37618) - resource/aws_api_gateway_deployment: Add
canary_settings
attribute (#37573) - resource/aws_iam_openid_connect_provider: Allow
client_id_list
to be updated in-place (#37612) - resource/aws_lambda_function: Add
code_sha256
attribute (#37669) - resource/aws_lambda_function: Remove
replace_security_group_on_destroy
andreplacement_security_group_ids
deprecations, re-implement with alternate workflow (#37624) - resource/aws_lambda_layer_version: Add
code_sha256
attribute (#37646) - resource/aws_route53_health_check: Add plan-time validation of
cloudwatch_alarm_region
(#37510) - resource/aws_route53_record: Add plan-time validation of
latency_routing_policy.region
(#37510) - resource/aws_route53_vpc_association_authorization: Add plan-time validation of
vpc_region
(#37510) - resource/aws_route53_zone_association: Add plan-time validation of
vpc_region
(#37510) - resource/aws_wafv2_web_acl: Add
api_gateway
,app_runner_service
,cognito_user_pool
, andverified_access_instance
configuration blocks toassociation_config.request_body
(#37588)
BUG FIXES:
- resource/aws_dynamodb_table_replica: Correctly set
kms_key_arn
on Read (#37570) - resource/aws_kms_grant: Change
grant_token
toSensitive
(#37593) - resource/aws_lambda_function: Fix issue when
source_code_hash
causes drift even if source code has not changed (#37669) - resource/aws_lambda_layer_version: Fix issue when
source_code_hash
forces a replacement even if source code has not changed (#37646) - resource/aws_m2_deployment: Fix
state
error ondeployment_id
during start/stop update (#37581) - resource/aws_storagegateway_smb_file_share: Fix crash when
cache_attributes
is removed on update (#37611)
v5.50.0
ENHANCEMENTS:
- data-source/aws_budgets_budget: Add
tags
attribute (#37361) - data-source/aws_instance: Add
launch_time
attribute (#37002) - resource/aws_budgets_budget: Add
tags
argument (#37361) - resource/aws_budgets_budget_action: Add
tags
argument (#37361) - resource/aws_ecs_account_setting_default: Add support for
fargateTaskRetirementWaitPeriod
value inName
argument (#37018) - resource/aws_ssm_resource_data_sync: Add plan-time validation of
s3_destination.kms_key_arn
,s3_destination.region
ands3_destination.sync_format
(#37481)
BUG FIXES:
- data-source/aws_bedrock_foundation_models: Fix validation regex for the
by_provider
argument (#37306) - resource/aws_dynamodb_table: Fix
UnknownOperationException: Tagging is not currently supported in DynamoDB Local
errors on resource Read (#37472) - resource/aws_glue_job: Fix
interface conversion: interface {} is nil, not map[string]interface {}
panic whennotify_delay_after
is empty (null
) (#37347) - resource/aws_iam_server_certificate: Now correctly reads tags after update and on read. (#37483)
- resource/aws_lakeformation_data_cells_filter: Fix inconsistent
state
error when usingrow_filter.all_rows_wildcard
(#37433) - resource/aws_organizations_account: Allow import of accounts with IAM access to the AWS Billing and Cost Management console (#35662)
- resource/aws_ram_principal_association: Correct plan-time validation of
principal
to fixpanic: unexpected format for ID parts ([...]), the following id parts indexes are blank ([1])
(#37450) - resource/aws_route53_record: Change region default to us-east-1 (#37565)
- resource/aws_vpc_endpoint_service: Fix destroy error when endpoint service is deleted out-of-band (#37534)
v5.49.0
FEATURES:
-
New Data Source:
aws_datazone_environment_blueprint
(#36600) -
New Resource:
aws_bedrockagent_data_source
(#37158) -
New Resource:
aws_datazone_domain
(#36600) -
New Resource:
aws_datazone_environment_blueprint_configuration
(#36600)
ENHANCEMENTS:
- data-source/aws_iam_policy_document: Add
minified_json
attribute (#35677) - resource/aws_dynamodb_table_export: Add plan-time validation of
table_arn
(#37288) - resource/aws_kms_key: Add
rotation_period_in_days
argument (#37140) - resource/aws_securitylake_subscriber_notification: Better handles importing resource (#37332)
- resource/aws_securitylake_subscriber_notification: Deprecates
endpoint_id
in favor ofsubscriber_endpoint
(#37332) - resource/aws_securitylake_subscriber_notification: Handles
configuration.https_notification_configuration.authorization_api_key_value
as sensitive value (#37332)
BUG FIXES:
- data-source/aws_fsx_ontap_storage_virtual_machine: Correctly set
tags
on Read (#37353) - data-source/aws_rds_orderable_db_instance: Fix
InvalidParameterValue: Invalid value 3412 for MaxRecords. Must be between 20 and 1000
errors (#37251) - data-source/aws_resourceexplorer2_search: Fix 401 unauthorized error due to missing
view_arn
in the AWS API request (#36778) - data-source/aws_resourceexplorer2_search: Fix panic caused by bad mappping between Terraform and AWS schemas (#36778)
- data-source/aws_resourceexplorer2_search: Fix state persistence and data types (#36778)
- resource/aws_bedrockagent_agent: Fix to use the configured
prepare_agent
value (or default value oftrue
when omitted) for all create and update operations (#37405) - resource/aws_elasticsearch_domain: Fix handling of unset
auto_tune_options.rollback_on_disable
argument (#37394) - resource/aws_fsx_ontap_storage_virtual_machine: Correctly set
tags
andtags_all
on resource Read (#37353) - resource/aws_fsx_openzfs_file_system: Correctly set
tags
andtags_all
on resource Read (#37353) - resource/aws_kms_custom_key_store: Change
trust_anchor_certificate
to ForceNew (#37092) - resource/aws_opensearch_domain: Fix handling of unset
auto_tune_options.rollback_on_disable
argument (#37394) - resource/aws_opensearch_domain: Wait for
auto_tune_options
to be applied during creation (#37394) - resource/aws_securitylake_aws_log_source: Correctly handles unspecified
source_version
(#36268) - resource/aws_securitylake_aws_log_source: Prevents errors when creating multiple log sources concurrently (#36268)
- resource/aws_securitylake_custom_log_source: Prevents errors when creating multiple log sources concurrently (#36268)
- resource/aws_securitylake_custom_log_source: Validates length of
source_name
parameter (#36268) - resource/aws_securitylake_subscriber: Allow more than one log source (#36268)
- resource/aws_securitylake_subscriber: Correctly handles unspecified
access_type
(#36268) - resource/aws_securitylake_subscriber: Correctly handles unspecified
source_version
parameter foraws_log_source_resource
andcustom_log_source_resource
(#36268) - resource/aws_securitylake_subscriber: Correctly requires
source_name
parameter foraws_log_source_resource
andcustom_log_source_resource
(#36268) - resource/aws_securitylake_subscriber_notification: No longer recreates resource when not needed (#37332)
- resource/aws_securitylake_subscriber_notification: Requires value for
configuration.https_notification_configuration.endpoint
(#37332) - resource/provider: Change the AWS SDK for Go v2 API client
BackoffDelayer
to maintain behavioral compatibility with AWS SDK for Go v1 (#37404)
v5.48.0
FEATURES:
-
New Resource:
aws_bedrockagent_agent_knowledge_base_association
(#37185)
ENHANCEMENTS:
- resource/aws_cloudwatch_event_target: Add
force_destroy
argument (#37130) - resource/aws_elasticache_replication_group: Increase default Delete timeout to 45 minutes (#37182)
- resource/aws_elasticache_replication_group: Use the configured Delete timeout when detaching from any global replication group (#37182)
- resource/aws_fsx_ontap_file_system: Add support for specifying 1 ha_pair with
SINGLE_AZ_1
andMULTI_AZ_1
deployment types (#36511) - resource/aws_fsx_ontap_file_system: Increase
storage_capacity
maximum to 1PiB (#36511) - resource/aws_fsx_ontap_file_system: Support up to 12
ha_pairs
(#36511) - resource/aws_fsx_ontap_file_system: Update
throughput_capacity_per_ha_pair
to support all values fromthroughput_capacity
(#36511) - resource/aws_fsx_ontap_volume: Add
aggregate_configuration
configuration block (#36511) - resource/aws_fsx_ontap_volume: Add
size_in_bytes
andvolume_style
arguments (#36511)
BUG FIXES:
- resource/aws_bcmdataexports_export: Fix
table_configurations
expand/flatten (#37205) - resource/aws_cloudwatch_event_connection: Add plan-time validation preventing empty
auth_parameters.oauth.oauth_http_parameters
orauth_parameters.invocation_http_parameters
body
,header
andquery_string
configuration blocks (#26755) - resource/aws_elasticache_replication_group: Decrease replica count after other updates (#34819)
- resource/aws_elasticache_replication_group: Fix
unexpected state 'snapshotting'
errors when increasing or decreasing replica count (#30493)
v5.47.0
NOTES:
- provider: Updates to Go 1.22. This is the last Go release that will run on macOS 10.15 Catalina (#36996)
- resource/aws_bedrockagent_knowledge_base: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#36783)
FEATURES:
-
New Data Source:
aws_identitystore_groups
(#36993) -
New Resource:
aws_bcmdataexports_export
(#36847) -
New Resource:
aws_bedrockagent_agent
(#36851) -
New Resource:
aws_bedrockagent_agent_action_group
(#36935) -
New Resource:
aws_bedrockagent_agent_alias
(#36905) -
New Resource:
aws_bedrockagent_knowledge_base
(#36783) -
New Resource:
aws_globalaccelerator_cross_account_attachment
(#35991) -
New Resource:
aws_verifiedpermissions_policy
(#35413)
ENHANCEMENTS:
- data-source/aws_eip: Add
arn
attribute (#35991) - resource/aws_api_gateway_rest_api: Correctly set
root_resource_id
on resource Read (#37040) - resource/aws_appmesh_mesh: Add
spec.service_discovery
argument (#37042) - resource/aws_cloudformation_stack_set: Adds guidance on permissions when using delegated administrator account (#37069)
- resource/aws_db_instance: Add
dedicated_log_volume
argument (#36503) - resource/aws_eip: Add
arn
attribute (#35991) - resource/aws_elasticache_replication_group: Add
transit_encryption_mode
argument (#30403) - resource/aws_elasticache_replication_group: Changes to the
transit_encryption_enabled
argument can now be done in-place for engine versions >7.0.5
(#30403) - resource/aws_kinesis_firehose_delivery_stream: Add
snowflake_configuration
argument (#36646) - resource/aws_memorydb_user: Support IAM authentication mode (#32027)
- resource/aws_sagemaker_app_image_config: Add
code_editor_app_image_config
andjupyter_lab_image_config.jupyter_lab_image_config
arguments (#37059) - resource/aws_sagemaker_app_image_config: Change
kernel_gateway_image_config.kernel_spec
MaxItems to 5 (#37059) - resource/aws_transfer_server: Add
sftp_authentication_methods
argument (#37015)
BUG FIXES:
- resource/aws_batch_job_definition: Fix issues where changes causing a new
revision
do not trigger changes in dependent resources and/or cause an error, "Provider produced inconsistent final plan" (#37111) - resource/aws_ce_cost_category: Allow up to 3 levels of
and
,not
andor
operand nesting for therule
argument (#30862) - resource/aws_elasticache_replication_group: Fix excessive delay on read (#30403)
- resource/aws_servicecatalog_portfolio: Fixes error where deletion fails if resource was deleted out of band. (#37066)
- resource/aws_servicecatalog_provisioned_product: Fixes error where tag values are not applied to products when tag values don't change. (#37066)
v5.46.0
NOTES:
- provider: When using YAML or JSON documents, such as in
template_body
ofaws_cloudformation_stack
, CRLF was previously treated as different from LF but these are now treated as equivalent in many situations (#14270)
FEATURES:
-
New Resource:
aws_eip_domain_name
(#36963)
ENHANCEMENTS:
- data-source/aws_alb: Add
client_keep_alive
argument (#36969) - data-source/aws_eip: Add
ptr_record
attribute (#36963) - data-source/aws_iam_policy: Add
attachment_count
attribute (#36759) - data-source/aws_lb: Add
client_keep_alive
argument (#36969) - data-source/aws_organizations_organization: Add
master_account_name
attribute (#36797) - data-source/aws_vpc_dhcp_options: Add
ipv6_address_preferred_lease_time
attribute (#36934) - resource/aws_alb: Add
client_keep_alive
argument (#36969) - resource/aws_autoscaling_group: Add
alarm_specification
to theinstance_refresh.preferences
configuration block (#36954) - resource/aws_cloudformation_stack_set: Add retry when creating to potentially help with eventual consistency problems (#36982)
- resource/aws_cloudfront_origin_access_control: Add
lambda
andmediapackagev2
as valid values fororigin_access_control_origin_type
(#34362) - resource/aws_cloudwatch_event_rule: Add
force_destroy
attribute (#34905) - resource/aws_codebuild_project: Add GitLab and GitLab Self Managed support to the
report_build_status
andbuild_status_config
arguments (#36942) - resource/aws_default_vpc_dhcp_options: Add
ipv6_address_preferred_lease_time
as Computed attribute (#36934) - resource/aws_dms_replication_task: Add
resource_identifier
argument (#36901) - resource/aws_eip: Add
ptr_record
attribute (#36963) - resource/aws_elasticache_serverless_cache: Add
minimum
attribute incache_usage_limits.data_storage
andcache_usage_limits.ecpu_per_second
(#36766) - resource/aws_fsx_openzfs_file_system: Add
endpoint_ip_address
attribute (#36767) - resource/aws_iam_policy: Add
attachment_count
attribute (#36759) - resource/aws_imagebuilder_image: Add
execution_role
andworkflow
arguments (#36953) - resource/aws_lb: Add
client_keep_alive
argument (#36969) - resource/aws_mwaa_environment: Add
database_vpc_endpoint_service
andwebserver_vpc_endpoint_service
attributes (#36903) - resource/aws_organizations_organization: Add
master_account_name
attribute (#36797) - resource/aws_transfer_connector: Add
security_policy_name
argument (#36893) - resource/aws_vpc_dhcp_options: Add
ipv6_address_preferred_lease_time
attribute (#36934) - resource/aws_vpc_ipam_pool: Add
cascade
argument (#36898)
BUG FIXES:
- data-source/aws_iam_policy_document: When using multiple principals, sort them to avoid differences based only on order (#25967)
- resource/aws_appconfig_deployment: Fix
ConflictException
errors on resource Create (#36980) - resource/aws_ce_anomaly_monitor: Change
monitor_dimension
to ForceNew (#36773) - resource/aws_ce_anomaly_subscription: Change
account_id
to ForceNew (#36773) - resource/aws_cloudformation_stack: CRLF line endings in
template_body
no longer cause erroneous diffs (#14270) - resource/aws_db_proxy: Fix
interface conversion: interface {} is nil, not map[string]interface {}
panic whenauth
is empty ({}
) (#36967) - resource/aws_dms_replication_config: Adds validation to
replication_settings
to disallowLogging.CloudWatchLogGroup
andLogging.CloudWatchLogStream
. (#36936) - resource/aws_dms_replication_config: Suppresses differences in partial
replication_settings
JSON documents. (#36936) - resource/aws_dms_replication_task: Adds validation to
replication_task_settings
to disallowLogging.CloudWatchLogGroup
andLogging.CloudWatchLogStream
. (#36936) - resource/aws_dms_replication_task: Allows leaving
replication_task_settings
unset to use default settings. (#36936) - resource/aws_dms_replication_task: Suppresses differences in partial
replication_task_settings
JSON documents. (#36936) - resource/aws_fsx_windows_file_system: Fix error
BadRequest: AuditLogDestination must not be provided when auditing is disabled
when updatingaudit_log_configuration.0.file_access_audit_log_level
andaudit_log_configuration.0.file_share_access_audit_log_level
to"DISABLED"
(#36928) - resource/aws_glue_job: Mark
number_of_workers
andworker_type
as optional/computed, preventing persistent differences whenmax_capacity
is set. (#36770) - resource/aws_iam_user_login_profile: Fix forced re-creation when
password_reset_required
istrue
and initial password reset is completed (#36926) - resource/aws_lightsail_distribution: Fix to properly set
certificate_name
on create and update (#36888) - resource/aws_vpc_dhcp_options: Fix
NotFound
error handling on delete (#36933)
v5.45.0
NOTES:
- resource/aws_redshift_cluster: The
logging
argument is now deprecated. Use theaws_redshift_logging
resource instead. (#36862) - resource/aws_redshift_cluster: The
snapshot_copy
argument is now deprecated. Use theaws_redshift_snapshot_copy
resource instead. (#36810)
FEATURES:
ENHANCEMENTS:
- data-source/aws_sagemaker_prebuilt_ecr_image: Add
registry_id
foraf-south-1
AWS Region (#36803) - resource/aws_api_gateway_documentation_part: Add
documentation_part_id
attribute (#36445) - resource/aws_wafregional_web_acl_association: Add configurable timeouts (#36445)
- resource/aws_wafregional_web_acl_association: Add plan-time validation of
resource_arn
(#36445)
BUG FIXES:
- provider: Change the default AWS SDK for Go v2 API client
MaxBackoff
value to 300 seconds so that services migrated to AWS SDK for Go v2 maintain behavioral compatibility with AWS SDK for Go v1 (#36855) - resource/aws_datasync_location_object_storage: Allow update to
agent_arns
(#36819) - resource/aws_devopsguru_notification_channel: Fix persistent diff when
filters.message_types
orfilters.severities
contains multiple elements (#36804) - resource/aws_securityhub_configuration_policy: Mark
configuration_policy.enabled_standard_arns
as Optional, fixingInvalidInputException: Invalid semantics: Enabled standards and security control configurations must be configured when Security Hub is enabled
errors (#36740)
v5.44.0
FEATURES:
-
New Data Source:
aws_devopsguru_notification_channel
(#36656) -
New Data Source:
aws_devopsguru_resource_collection
(#36657) -
New Data Source:
aws_ecr_lifecycle_policy_document
(#6133) -
New Function:
trim_iam_role_path
(#36723) -
New Resource:
aws_devopsguru_service_integration
(#36694)
ENHANCEMENTS:
- data-source/aws_servicecatalogappregistry_application: Add
application_tag
attribute (#36647) - data/aws_glue_data_catalog_encryption_settings: Add
data_catalog_encryption_settings.encryption_at_rest.catalog_encryption_service_role
attribute (#35978) - resource/aws_appstream_fleet: Add
desired_sessions
argument to thecompute_capacity
block. (#34266) - resource/aws_appstream_fleet: Add
max_sessions_per_instance
argument. (#34266) - resource/aws_batch_job_definition: Add update functions instead of ForceNew. Add
deregister_on_new_revision
to allow keeping prior versions ACTIVE when a new revision is published. (#35149) - resource/aws_db_instance: Adds warning when setting
character_set_name
whenreplicate_source_db
,restore_to_point_in_time
, orsnapshot_identifier
is set (#36518) - resource/aws_emr_cluster: Add
unhealthy_node_replacement
argument (#36523) - resource/aws_glue_data_catalog_encryption_settings: Add
data_catalog_encryption_settings.encryption_at_rest.catalog_encryption_service_role
argument (#35978) - resource/aws_lambda_function: Add support for
ruby3.3
runtime
value (#36751) - resource/aws_lambda_layer_version: Add support for
ruby3.3
compatible_runtimes
value (#36751) - resource/aws_servicecatalogappregistry_application: Add
application_tag
attribute (#36647) - resource/aws_transfer_server: Add
s3_storage_options
configuration block (#36664) - resource/aws_wafv2_web_acl: Add
address_fields
andphone_number_fields
tostatement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_acfp_rule_set.request_inspection
(#36685)
BUG FIXES:
- provider: Correctly handles user agents passed using
TF_APPEND_USER_AGENT
which contain/
,(
,)
, or space. (#36738) - resource/aws_batch_scheduling_policy: Fixes error where tags could not be updated (#36517)
- resource/aws_cloudfront_key_value_store: Serialize CloudFront KeyValueStore access (#36734)
- resource/aws_cloudfrontkeyvaluestore_key: Serialize CloudFront KeyValueStore access (#36734)
- resource/aws_cognito_user_pool: Correct plan-time validation of
email_verification_message
,email_verification_subject
,admin_create_user_config.invite_message_template.email_message
,admin_create_user_config.invite_message_template.email_subject
,admin_create_user_config.invite_message_template.sms_message
,sms_authentication_message
,sms_verification_message
,verification_message_template.email_message
,verification_message_template.email_message_by_link
,verification_message_template.email_subject
,verification_message_template.email_subject_by_link
, andverification_message_template.sms_message
to count UTF-8 characters properly (#36661) - resource/aws_ecr_lifecycle_policy: Add missing
tagPatternList
change detection in policy JSON (#35231) - resource/aws_ecs_service: Correctly set
alarms.rollback
on resource Create and Update (#36691) - resource/aws_iam_user: When
force_destroy
is used and there are inline or attached policies, allow resource to be destroyed (#36640) - resource/aws_imagebuilder_distribution_configuration: Fix validation regex for
ami_distribution_configuration.name
(#36659) - resource/aws_redshift_cluster: Fix error preventing modification of a configured
snapshot_copy
block (#36655) - resource/aws_route53_record: Fix to correctly interpret alias names with wildcards (#36699)
v5.43.0
FEATURES:
-
New Data Source:
aws_resourceexplorer2_search
(#36560) -
New Data Source:
aws_servicecatalogappregistry_application
(#36596) -
New Resource:
aws_cloudfrontkeyvaluestore_key
(#36534) -
New Resource:
aws_devopsguru_notification_channel
(#36557) -
New Resource:
aws_dynamodb_resource_policy
(#36595) -
New Resource:
aws_ec2_instance_metadata_defaults
(#36589) -
New Resource:
aws_lakeformation_resource_lf_tag
(#36537) -
New Resource:
aws_m2_application
(#35399) -
New Resource:
aws_m2_deployment
(#35408) -
New Resource:
aws_m2_environment
(#35311) -
New Resource:
aws_redshiftserverless_custom_domain_association
(#35865) -
New Resource:
aws_servicecatalogappregistry_application
(#36277)
ENHANCEMENTS:
- data-source/aws_cloudfront_function: Add
key_value_store_associations
attribute (#36585) - data-source/aws_db_snapshot: Add
original_snapshot_create_time
attribute (#36544) - resource/aws_cloudfront_function: Add
key_value_store_associations
argument (#36585) - resource/aws_ec2_host: Add user configurable timeouts (#36538)
- resource/aws_glacier_vault_lock: Allow
policy
to have leading whitespace (#36597) - resource/aws_iam_group_policy: Allow
policy
to have leading whitespace (#36597) - resource/aws_iam_policy: Allow
policy
to have leading whitespace (#36597) - resource/aws_iam_role: Allow
assume_role_policy
andinline_policy.*.policy
to have leading whitespace (#36597) - resource/aws_iam_role_policy: Allow
policy
to have leading whitespace (#36597) - resource/aws_iam_user_policy: Allow
policy
to have leading whitespace (#36597) - resource/aws_kinesisanalyticsv2_application: Add support for
FLINK-1_18
runtime_environment
value (#36562) - resource/aws_media_store_container_policy: Allow
policy
to have leading whitespace (#36597) - resource/aws_ssoadmin_permission_set_inline_policy: Allow
inline_policy
to have leading whitespace (#36597) - resource/aws_transfer_access: Allow
policy
to have leading whitespace (#36597) - resource/aws_transfer_user: Allow
policy
to have leading whitespace (#36597) - resource/aws_vpc_ipam: Add
tier
argument (#36504)
BUG FIXES:
- data-source/aws_cur_report_definition: Direct all API calls to the
us-east-1
endpoint as this is the only Region in which AWS Cost and Usage Reports is available (#36540) - resource/aws_applicationinsights_application: Make
ACTIVE
a valid create target status (#36615) - resource/aws_autoscaling_group: Don't attempt to remove scale-in protection from instances that don't have the feature enabled (#36586)
- resource/aws_cur_report_definition: Direct all API calls to the
us-east-1
endpoint as this is the only Region in which AWS Cost and Usage Reports is available (#36540) - resource/aws_elasticsearch_domain_policy: Handle delayed domain status propagation, preventing a
ValidationException
. (#36592) - resource/aws_iam_instance_profile: Detect when the associated
role
no longer exists (#34099) - resource/aws_instance: Replace an instance when an
instance_type
change also requires an architecture change, such as x86_64 to arm64 (#36590) - resource/aws_opensearch_domain_policy: Handle delayed domain status propagation, preventing a
ValidationException
. (#36592) - resource/aws_quicksight_dashboard: Fix failure when updating a dashboard takes a while (#34227)
- resource/aws_quicksight_template: Fix "Invalid address to set" errors (#34227)
- resource/aws_quicksight_template: Fix "a number is required" errors when state contains an empty string (#34227)
- resource/aws_redshift_cluster: Fix
InvalidParameterCombination
errors when updating onlyskip_final_snapshot
(#36635) - resource/aws_route53_zone: Prevent re-creation when
name
casing changes (#36563) - resource/aws_secretsmanager_secret_version: Fix to handle versions deleted out-of-band without raising an
InvalidRequestException
(#36609) - resource/aws_ssm_parameter: force create a new SSM parameter when
data_type
is updated. (#35960)
v5.42.0
FEATURES:
-
New Data Source:
aws_redshift_producer_data_shares
(#36481) -
New Resource:
aws_devopsguru_event_sources_config
(#36485) -
New Resource:
aws_devopsguru_resource_collection
(#36489) -
New Resource:
aws_dynamodb_table_export
(#30399)
ENHANCEMENTS:
- data-source/aws_vpc_peering_connection: Add
ipv6_cidr_block_set
andpeer_ipv6_cidr_block_set
attributes (#36391) - resource/aws_datasync_location_hdfs: Add
kerberos_keytab_base64
andkerberos_krb5_conf_base64
arguments (#36072) - resource/aws_finspace_kx_dataview: Add
read_write
andsegment_configuration.on_demand
arguments (#36486) - resource/aws_rds_cluster: Add
enable_local_write_forwarding
argument to support Aurora MySQL local write forwarding (#34370)
BUG FIXES:
- provider: Change the default AWS SDK for Go v2 API client
RateLimiter
toratelimit.None
so that services migrated to AWS SDK for Go v2 maintain behavioral compatibility with AWS SDK for Go v1 (#36467) - resource/aws_appautoscaling_policy: Fix errors when importing an MSK storage autoscaling policy (#34934)
- resource/aws_appautoscaling_scheduled_action: Always send
start_time
andend_time
values on update when configured (#33713) - resource/aws_appautoscaling_scheduled_action: Read correct resource by using
scalable_dimension
as an additional filter (#34382) - resource/aws_datasync_location_azure_blob: Fix missing
container_url
attribute value and badsubdirectory
attribute value from state read/refresh (#36072) - resource/aws_datasync_location_efs: Fix missing
efs_file_system_arn
attribute value from state read/refresh (#36072) - resource/aws_datasync_location_hdfs: Mark
qop_configuration
as Computed (#36072) - resource/aws_datasync_location_nfs: Fix missing
server_hostname
attribute value from state read/refresh (#36072) - resource/aws_datasync_location_s3: Fix missing
s3_bucket_arn
attribute value from state read/refresh (#36072) - resource/aws_datasync_location_smb: Fix missing
server_hostname
attribute value from state read/refresh (#36072) - resource/aws_dms_replication_config: Fix persistent change in
replication_settings
(#35670) - resource/aws_dms_replication_task: Fix persistent change in
replication_task_settings
(#35670) - resource/aws_eks_access_entry: Always send
kubernetes_groups
anduser_name
values on update when configured (#36484) - resource/aws_glue_job: Adjust
number_of_workers
minimum value to1
(#36458) - resource/aws_lexv2models_slot: Fix custom_payload typo (#36488)
- resource/aws_route: Allow resource creation if a propagated route to the same destination exists (#36512)
- resource/aws_vpn_connection:
local_ipv6_network_cidr
,remote_ipv6_network_cidr
,tunnel1_inside_ipv6_cidr
, andtunnel2_inside_ipv6_cidr
no longer requiretransit_gateway_id
to be specified (#36405)
v5.41.0
FEATURES:
-
New Data Source:
aws_apprunner_hosted_zone_id
(#36288) -
New Data Source:
aws_medialive_input
(#36307) -
New Resource:
aws_lakeformation_data_cells_filter
(#36264) -
New Resource:
aws_securityhub_configuration_policy
(#35752) -
New Resource:
aws_securityhub_configuration_policy_association
(#35752) -
New Resource:
aws_securitylake_subscriber_notification
(#36323)
ENHANCEMENTS:
- data-source/aws_ec2_transit_gateway_peering_attachment: Add
state
attribute (#36304) - data-source/aws_lakeformation_permissions: Add
data_cells_filter
attribute (#36264) - data-source/aws_ram_resource_share:
name
is Optional (#36062) - resource/aws_cognito_user_pool: Add
pre_token_generation_config
configuration block (#35236) - resource/aws_ec2_transit_gateway_peering_attachment: Add
state
attribute (#36304) - resource/aws_ecs_cluster: Add default value (
DEFAULT
) forconfiguration.execute_command_configuration.logging
(#36341) - resource/aws_lakeformation_permissions: Add
data_cells_filter
attribute (#36264) - resource/aws_ram_resource_association: Add plan-time validation of
resource_arn
andresource_share_arn
(#36062) - resource/aws_route53domains_registered_domain: Add
billing_contact
andbilling_privacy
arguments (#36285) - resource/aws_securityhub_organization_configuration: Add
organization_configuration
configuration block to support central configuration (#35752) - resource/aws_securityhub_organization_configuration: Set
auto_enable
tofalse
,auto_enable_standards
toNONE
, andorganization_configuration.configuration_type
toLOCAL
on resource Delete (#35752)
BUG FIXES:
- data-source/aws_iam_policy_document: Fix
Failed to marshal state to json: unsupported attribute "override_json"
andFailed to marshal state to json: unsupported attribute "source_json"
errors when runningterraform show -json
orterraform state rm
(#36383) - data-source/aws_opensearch_domain : Add
auto_tune_options.use_off_peak_window
attribute. This fixes a regression introduced in v5.40.0 causingInvalid address to set
errors (#36298) - resource/aws_cognito_identity_pool: Fix handling of resources deleted out of band (#36100)
- resource/aws_cognito_identity_provider: Fix
InvalidParameterException: ActiveEncryptionCertificate is not a valid key for SAML identity provider details
errors on resource Update (#36311) - resource/aws_ec2_instance: Remove ForceNew from
ipv6_address_count
(#36308) - resource/aws_ecs_cluster: Fix
panic: interface conversion: interface {} is nil, not map[string]interface {}
whenconfiguration
,configuration.execute_command_configuration
, orconfiguration.execute_command_configuration.log_configuration
are empty (#36341) - resource/aws_ecs_service: Fix
panic: interface conversion: interface {} is nil, not map[string]interface {}
whenservice_connect_configuration.service.timeout
is empty (#36309) - resource/aws_ecs_service:
service_connect_configuration.service.tls.issuer_cert_authority.aws_pca_authority_arn
is Required (#36309) - resource/aws_elasticache_replication_group: Fix bugs causing errors like
InvalidReplicationGroupState: Cluster not in available state to perform tagging operations.
(#36310) - resource/aws_finspace_kx_cluster: Prevent
command_line_arguments
andinitialization_script
updates from overwriting one another (#36361) - resource/aws_network_acl_rule: Fix
InvalidNetworkAclID.NotFound
errors on resource Delete (#36326) - resource/aws_network_acl_rule: Prevent creation of duplicate Terraform resources (#36326)
- resource/aws_ram_principal_association: Prevent creation of duplicate Terraform resources (#36062)
- resource/aws_ram_principal_association: Remove from state on resource Read if
principal
is disassociated outside of Terraform (#36062) - resource/aws_ram_resource_association: Prevent creation of duplicate Terraform resources (#36062)
- resource/aws_route: Prevent creation of duplicate Terraform resources (#36326)
- resource/aws_route_table: Fix
couldn't find resource
errors on resource Delete (#36326) - resource/aws_vpn_connection: Correct plan-time validation of
tunnel1_inside_ipv6_cidr
andtunnel2_inside_ipv6_cidr
(#36236)
v5.40.0
FEATURES:
-
New Function:
arn_build
(#34952) -
New Function:
arn_parse
(#34952) -
New Resource:
aws_account_region
(#35739) -
New Resource:
aws_securitylake_subscriber
(#35981)
ENHANCEMENTS:
- data-source/aws_rds_engine_version: Add
has_major_target
andhas_minor_target
optional arguments andvalid_major_targets
andvalid_minor_targets
attributes (#36246) - resource/aws_batch_job_queue: added parameter
compute_environment_order
which conflicts withcompute_environments
but aligns with AWS API.compute_environments
has been deprecated. (#34750) - resource/aws_cloudfront_distribution: Remove the upper limit on
origin.custom_origin_config.origin_read_timeout
(#36088) - resource/aws_db_instance: Add
io2
as a valid value forstorage_type
(#36252) - resource/aws_elasticache_serverless_cache: Add plan-time validation of
cache_usage_limits.ecpu_per_second.maximum
(#35927) - resource/aws_iot_policy: Add tagging support (#36102)
- resource/aws_iot_role_alias: Add tagging support (#36255)
- resource/aws_opensearch_domain: Add
use_off_peak_window
argument to theauto_tune_options
configuration block (#36067) - resource/aws_rds_cluster: Add
io2
as a valid value forstorage_type
(#36252) - resource/aws_s3_bucket_object: Adds attribute
arn
. (#35710) - resource/aws_s3_object: Adds attribute
arn
. (#35710) - resource/aws_s3_object_copy: Adds attribute
arn
. (#35710) - resource/aws_wafv2_rule_group: Add
evaluation_window_sec
argument to therate_based_statement
configuration block (#36045) - resource/aws_wafv2_web_acl: Add
evaluation_window_sec
argument to therate_based_statement
configuration block (#36045)
BUG FIXES:
- data-source/aws_rds_engine_version: Fix bugs that could limit engine version to a default version even when not appropriate (#36246)
- resource/aws_db_instance: Correctly sets
parameter_group_name
whenreplicate_source_db
is in different region. (#36080) - resource/aws_elastic_beanstalk_environment: Fix
InvalidParameterValue: Environment named ... is in an invalid state for this operation. Must be Ready
errors whentags
are updated along with other attributes (#36074) - resource/aws_elasticache_serverless_cache: Change
cache_usage_limits.data_storage.maximum
andcache_usage_limits.ecpu_per_second.maximum
to ForceNew (#35927) - resource/aws_medialive_channel: Fix handling of optional
encoder_settings.audio_descriptions
arguments (#36097) - resource/aws_rds_global_cluster: Fix bugs and delays that could occur when performing major or minor version upgrades (#36246)
- resource/aws_s3_bucket: Tags with empty values no longer remove all tags. (#35710)
- resource/aws_s3_bucket_object: Tags with empty values no longer remove all tags. (#35710)
- resource/aws_s3_object: Tags with empty values no longer remove all tags. (#35710)
- resource/aws_s3_object_copy: Tags with empty values no longer remove all tags. (#35710)
- resource/aws_vpclattice_listener_rule: Remove
action.forward.target_groups
maximum item limit (#36095)
v5.39.1
BUG FIXES:
- data-source/aws_instance: Fix
panic: Invalid address to set
related toroot_block_device.0.tags_all
(#36054)
v5.39.0
FEATURES:
-
New Data Source:
aws_redshift_data_shares
(#35937) -
New Resource:
aws_apprunner_deployment
(#35758) -
New Resource:
aws_config_retention_configuration
(#15136) -
New Resource:
aws_securityhub_automation_rule
(#34781) -
New Resource:
aws_shield_proactive_engagement
(#34667)
ENHANCEMENTS:
- aws_kinesis_firehose_delivery_stream: Add
custom_time_zone
andfile_extension
arguments to theextended_S3_configuration
configuration block (#35969) - resource/aws_appflow_flow: Allow
task.source_fields
to be anull
value (#35993) - resource/aws_codepipeline: Add
trigger
configuration block (#35475) - resource/aws_config_configuration_recorder: Add plan-time validation of
aws_config_organization_custom_rule.lambda_function_arn
(#15136) - resource/aws_instance: Add configurable
read
timeout (#35955) - resource/aws_instance: Apply default tags to volumes/block devices managed through an
aws_instance
, addebs_block_device.*.tags_all
androot_block_device.*.tags_all
attributes which include default tags (#33769) - resource/aws_mq_broker: Add
data_replication_mode
anddata_replication_primary_broker_arn
arguments, enabling support for cross-region data replication (#35990) - resource/aws_mwaa_environment: Add
endpoint_management
attribute (#35961) - resource/aws_redshiftserverless_namespace:
Add attributes
admin_password_secret_kms_key_id
andmanage_admin_password
(#35965) - resource/aws_shield_drt_access_log_bucket_association: Support resource import (#34667)
- resource/aws_shield_drt_access_role_arn_association: Support resource import (#34667)
- resource/aws_spot_instance_request: Add configurable
read
timeout (#35955) - resource/aws_wafv2_web_acl: Add
application_integration_url
attribute (#35974)
BUG FIXES:
- data/aws_redshiftserverless_namespace: Properly set
iam_roles
attribute on read (#35965) - resource/aws_appflow_flow: Fix perpetual diff when
task.task_type
is set toMap_all
(#35993) - resource/aws_config_configuration_recorder: Fix
panic: interface conversion: interface {} is nil, not map[string]interface {}
whenrecording_group.exclusion_by_resource_types
is empty (#15136) - resource/aws_config_rule: Change
name
to ForceNew (#15136) - resource/aws_config_rule: Fix
InvalidParameterValueException: PolicyText is required when Owner is CUSTOM_POLICY
errors on resource Update (#15136) - resource/aws_ecs_task_definition: Fix perpetual
container_definitions
diffs whenName
s are ordered differently (#36029) - resource/aws_msk_replicator: Fix incorrect
detect_and_copy_new_topics
attribute value from state read/refresh (#35966) - resource/aws_redshiftserverless_workgroup: Fix
max_capacity
removal (#36032) - resource/aws_redshiftserverless_workgroup: Fix updating both
base_capacity
andmax_capacity
(#36032) - resource/aws_shield_drt_access_log_bucket_association: Change
log_bucket
androle_arn_association_id
to ForceNew (#34667)
v5.38.0
FEATURES:
-
New Data Source:
aws_batch_job_definition
(#34663) -
New Data Source:
aws_cognito_user_group
(#34046) -
New Data Source:
aws_cognito_user_groups
(#34046)
ENHANCEMENTS:
- data-source/aws_alb_target_group: Add
load_balancer_arns
attribute (#34364) - data-source/aws_ec2_instance_type: Add
maximum_network_cards
attribute (#35840) - data-source/aws_elasticache_subnet_group: Add
vpc_id
attribute (#35887) - data-source/aws_lb_target_group: Add
load_balancer_arns
attribute (#34364) - provider: Add
token_bucket_rate_limiter_capacity
parameter (#35926) - resource/aws_alb_target_group: Add
load_balancer_arns
attribute (#34364) - resource/aws_codedeploy_deployment_config: Add
arn
attribute (#35888) - resource/aws_codepipeline: Add
execution_mode
argument (#35875) - resource/aws_config_configuration_recorder: Add
recording_mode
configuration block (#35527) - resource/aws_db_instance: Add plan-time validation of
performance_insights_retention_period
(#35870) - resource/aws_elasticache_subnet_group: Add
vpc_id
attribute (#35887) - resource/aws_lb_target_group: Add
load_balancer_arns
attribute (#34364) - resource/aws_redshiftserverless_workgroup: Add
max_capacity
argument (#35720) - resource/aws_transfer_server: Add
TransferSecurityPolicy-2024-01
andTransferSecurityPolicy-FIPS-2024-01
as valid values forsecurity_policy_name
(#35879)
BUG FIXES:
- data-source/aws_caller_identity: Fix authentication signature error when alternate
sts_region
is specified (#35860) - data-source/aws_eks_access_entry: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - data-source/aws_eks_addon: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - data-source/aws_eks_cluster: Fix
name
plan-time validation, allowing single-character names (#35874) - resource/aws_cloudsearch_domain: Prevent panic when reading nil
index_field
options response values (#35900) - resource/aws_eks_access_entry: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_access_policy_association: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_addon: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_cluster: Fix
name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_fargate_profile: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_node_group: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_prometheus_scraper: Fixes invalid result after apply error. (#35844)
- resource/aws_sqs_queue_policy: Retry IAM eventual consistency errors (#35861)
v5.37.0
NOTES:
- provider: Updates to Go 1.21 (used by Terraform starting with v1.6.0), which, for Windows, requires at least Windows 10 or Windows Server 2016--support for previous versions has been discontinued--and, for macOS, requires macOS 10.15 Catalina or later--support for previous versions has been discontinued. (#35832)
- resource/aws_bedrock_provisioned_model_throughput: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#35689)
FEATURES:
-
New Data Source:
aws_db_parameter_group
(#35698) -
New Resource:
aws_bedrock_provisioned_model_throughput
(#35689) -
New Resource:
aws_cloudfront_key_value_store
(#35663) -
New Resource:
aws_redshift_data_share_consumer_association
(#35771)
ENHANCEMENTS:
- data-source/aws_ecr_pull_through_cache_rule: Add
credential_arn
attribute (#34475) - data-source/aws_ecs_task_execution: Add
client_token
argument (#34402) - data-source/aws_neptune_cluster_instance: Add
skip_final_snapshot
argument (#35698) - data-source/aws_rds_engine_version: Improve search functionality and options by adding
latest
,preferred_major_targets
, andpreferred_upgrade_targets
. Addversion_actual
attribute (#35698) - data-source/aws_rds_orderable_db_instance: Improve search functionality and options by adding
engine_latest_version
andsupports_clusters
arguments and convertingread_replica_capable
,supported_engine_modes
,supported_network_types
, andsupports_multi_az
to arguments for use as search criteria (#35698) - resource/aws_appsync_graphql_api: Add
introspection_config
,query_depth_limit
, andresolver_count_limit
arguments (#35631) - resource/aws_codeartifact_domain: Add
s3_bucket_arn
attribute (#35760) - resource/aws_ecr_pull_through_cache_rule: Add
credential_arn
argument (#34475) - resource/aws_ecs_service: Add
service_connect_configuration.service.timeout
andservice_connect_configuration.service.tls
configuration blocks (#35684) - resource/aws_ecs_task_definition: Add
track_latest
argument (#30154) - resource/aws_glue_catalog_database: Add
federated_database
argument (#35799) - resource/aws_glue_trigger: Add configurable
timeouts
(#35542) - resource/aws_rds_cluster: Add
domain
anddomain_iam_role_name
arguments to support Kerberos authentication (#35753) - resource/aws_route53_record: Add
geoproximity_routing_policy
configuration block to support geoproximity routing (#35565) - resource/aws_route53_resolver_rule: Add
target_ip.protocol
argument (#35744) - resource/aws_sagemaker_endpoint_configuration: Add
routing_config
argument. Enables the specification of arouting_strategy
. (#34777) - resource/aws_sagemaker_space: Add
ownership_settings
,space_sharing_settings
,space_settings.app_type
,space_settings.code_editor_app_settings
,space_settings.custom_file_system
,space_settings.jupyter_lab_app_settings
, andspace_settings.space_storage_settings
arguments (#35116)
BUG FIXES:
- provider: Fix
failed to get rate limit token, retry quota exceeded
errors (#35817) - resource/aws_apigateway_domain_name: Properly send changes to
ownership_verification_certificate_arn
on update (#35777) - resource/aws_apigatewayv2_route: Fix
BadRequestException: Unable to update route. Authorizer type is invalid or null
errors when updatingauthorizer_id
(#35821) - resource/aws_autoscaling_group: Fix version to computed for inconsistent final plan issue (#35774)
- resource/aws_datasync_task: Fix crash when reading empty
report_override
values (#35778) - resource/aws_datasync_task: Prevent ValidationErrors when empty values are sent with
report_override
arguments (#35778) - resource/aws_db_proxy: Change
auth
fromTypeList
toTypeSet
as order is not significant (#35819) - resource/aws_ecs_account_setting_default: Remove plan-time validation of
value
(#33393) - resource/aws_ecs_task_definition: Fix perpetual
container_definitions
diffs whenSecrets
are ordered differently (#35792) - resource/aws_eks_access_policy_association: Retry IAM eventual consistency errors on create (#35736)
- resource/aws_instance: Fix
ReservationCapacityExceeded
errors when updatinginstance_type
andcapacity_reservation_specification.capacity_reservation_target.capacity_reservation_id
(#33412) - resource/aws_lakeformation_resource: Properly handle configured
false
values foruse_service_linked_role
(#35799) - resource/aws_medialive_channel: Added
client_cache
tohls_group_settings
. (#35738) - resource/aws_ram_resource_share_accepter: Fix handling of out-of-band resource share deletion (#35800)
- resource/aws_redshift_data_share_authorization: Fix read operation to properly handle shares in
ACTIVE
status (#35771) - resource/aws_s3_bucket_acl: Correctly updates
access_control_policy
when switching configuration toacl
. (#35775) - resource/resource_share_acceptor: Wait until RAM resource share available after accepting the invitation (#34753)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.