chore(deps): update terraform aws to v6.22.1

renovate-botrequested to merge
renovate/test-fixture-updates into main

This MR contains the following updates:

Package Type Update Change
aws (source) required_provider minor 6.21.0 -> 6.22.1

⚠️ Warning

Some dependencies could not be looked up. Check the warning logs for more information.

View the Renovate pipeline for this MR

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.22.1

Compare Source

ENHANCEMENTS:

  • resource/aws_fsx_openzfs_file_system: Support INTELLIGENT_TIERING storage type and add read_cache_configuration argument (#​45159)
  • resource/aws_msk_cluster: Add rebalancing configuration block to support intelligent rebalancing for Express broker clusters (#​45073)

BUG FIXES:

  • provider: Fix crash in required tag validation interceptor when tag values are unknown. This addresses a regression introduced in v6.22.0. (#​45201)
  • provider: Fix early return logic in the required tag validation interceptor. This addresses a performance regression introduced in v6.22.0. (#​45201)
  • resource/aws_accessanalyzer_analyzer: Fix interface conversion: interface {} is nil, not map[string]interface {} panics when configuration.unused_access.analysis_rule.exclusion.resource_tags contains null values (#​45202)
  • resource/aws_odb_cloud_vm_cluster: Fix incorrect validation error when arguments are configured using variables. This addresses a regression introduced in v6.22.0 (#​45205)

v6.22.0

Compare Source

NOTES:

  • resource/aws_s3_bucket_server_side_encryption_configuration: Starting in March 2026, Amazon S3 will introduce a new default bucket security setting by automatically disabling server-side encryption with customer-provided keys (SSE-C) for all new buckets. Use the blocked_encryption_types argument to manage this behavior for specific buckets. (#​45105)

FEATURES:

  • New Ephemeral Resource: aws_ecr_authorization_token (#​44949)
  • New Guide: Tag Policy Compliance (#​45143)
  • New Resource: aws_billing_view (#​45097)
  • New Resource: aws_vpclattice_domain_verification (#​45085)

ENHANCEMENTS:

  • data-source/aws_lb_listener: Add default_action.jwt_validation attribute (#​45089)
  • data-source/aws_lb_listener_rule: Add action.jwt_validation attribute (#​45089)
  • data-source/aws_route53_zone: Support filtering by tags only or by vpc_id only (#​39671)
  • provider: Add support for enforcing tag policy compliance. This opt-in feature can be enabled via the new tag_policy_compliance provider argument, or the TF_AWS_TAG_POLICY_COMPLIANCE environment variable. When enabled, the principal executing Terraform must have the tags:ListRequiredTags IAM permission. (#​45143)
  • resource/aws_backup_logically_air_gapped_vault: Add encryption_key_arn argument (#​45020)
  • resource/aws_bedrock_guardrail: Add input_action, input_enabled, input_modalities, output_action, output_enabled, and output_modalities arguments to the content_policy_config.filters_config block (#​45104)
  • resource/aws_bedrockagent_knowledge_base: Add storage_configuration.rds_configuration.field_mapping.custom_metadata_field argument (#​45075)
  • resource/aws_bedrockagentcore_agent_runtime: Add agent_runtime_artifact.code_configuration block (#​45091)
  • resource/aws_bedrockagentcore_agent_runtime: Make agent_runtime_artifact.container_configuration block optional (#​45091)
  • resource/aws_dynamodb_table: Add global_table_witness argument (#​43908)
  • resource/aws_emr_managed_scaling_policy: Add scaling_strategy and utilization_performance_index arguments (#​45132)
  • resource/aws_fis_experiment_template: Add plan-time validation of log_configuration.cloudwatch_logs_configuration.log_group_arn (#​35941)
  • resource/aws_fis_experiment_template: Add support for Functions to action.*.target (#​41209)
  • resource/aws_lambda_invocation: Add import support (#​41240)
  • resource/aws_lb_listener: Support jwt-validation as a valid default_action.type and add default_action.jwt_validation configuration block (#​45089)
  • resource/aws_lb_listener_rule: Support jwt-validation as a valid action.type and add action.jwt_validation configuration block (#​45089)
  • resource/aws_odb_cloud_vm_cluster: vm cluster creation using odb network ARN and exadata infrastructure ARN for resource sharing model. (#​45003)
  • resource/aws_organizations_organization: Add SECURITYHUB_POLICY as a valid value for enabled_policy_types argument (#​45135)
  • resource/aws_prometheus_query_logging_configuration: Add plan-time validation of destination.cloudwatch_logs.log_group_arn (#​35941)
  • resource/aws_prometheus_workspace: Add plan-time validation of logging_configuration.log_group_arn (#​35941)
  • resource/aws_s3_bucket_server_side_encryption_configuration: Add rule.blocked_encryption_types argument (#​45105)
  • resource/aws_sagemaker_model: Add container.additional_model_data_source and primary_container.additional_model_data_source arguments (#​44407)
  • resource/aws_sfn_state_machine: Add plan-time validation of logging_configuration.log_destination (#​35941)
  • resource/aws_timestreaminfluxdb_db_cluster: Add engine_type attribute (#​44899)
  • resource/aws_timestreaminfluxdb_db_cluster: Add validation to ensure InfluxDB V2 clusters have required fields and InfluxDB V3 clusters (when using V3 parameter groups) do not have forbidden V2 fields. This functionality requires the timestream-influxdb:GetDbParameterGroup IAM permission (#​44899)
  • resource/aws_vpclattice_resource_configuration: Add custom_domain_name and domain_verification_id arguments and domain_verification_arn and domain_verification_status attributes to support custom domain names for resource configurations (#​45085)
  • resource/aws_vpn_connection: Add tunnel_bandwidth argument to support higher bandwidth tunnels (#​45070)

BUG FIXES:

  • resource/aws_db_instance: Fix blue/green deployments failing with "not in available state" by improving stability and handling storage-config-upgrade and storage-initialization statuses (#​41275)
  • resource/aws_elastic_beanstalk_configuration_template: Fix updates not applying by including ResourceName for option settings and preventing duplicate add/remove operations (#​45077)
  • resource/aws_odb_cloud_vm_cluster: support for hyphen in odb cloud vm cluster hostname prefix. (#​45003)
  • resource/aws_quicksight_account_settings: Add region argument (#​45083)
  • resource/aws_s3_directory_bucket: Fix plan-time AWS resource not found during refresh warnings causing resource replacement when ReadOnly s3express:SessionMode is enforced (#​45086)
  • resource/aws_ssoadmin_account_assignment: Correct target_type argument to required (#​45092)
  • resource/aws_timestreaminfluxdb_db_cluster: Make allocated_storage, bucket, organization, username, and password optional to support InfluxDB V3 clusters (#​44899)

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻️ Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports