chore(deps): update terraform aws to v5 (!27) · Merge requests · to be continuous... / samples / terraform-ansible-on-aws

This MR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	major	`~> 4.0` -> `~> 5.0`

Release Notes

hashicorp/terraform-provider-aws (aws)

`v5.8.0`

Compare Source

ENHANCEMENTS:

data-source/aws_ssm_parameter: Add insecure_value attribute (#30817)
resource/aws_fms_policy: Add policy_option attribute for security_service_policy_data block (#25362)
resource/aws_iam_virtual_mfa_device: Add enable_date and user_name attributes (#32462)

BUG FIXES:

resource/aws_config_config_rule: Prevent crash on nil describe output (#32439)
resource/aws_mq_broker: default replication_user to false (#32454)
resource/aws_quicksight_analysis: Fix exception thrown when specifying definition.sheets.visuals.bar_chart_visual.chart_configuration.category_axis.scrollbar_options.visible_range (#32464)
resource/aws_quicksight_analysis: Fix exception thrown when specifying definition.sheets.visuals.pivot_table_visual.chart_configuration.field_options.selected_field_options.visibility (#32464)
resource/aws_quicksight_analysis: Fix exception thrown when specifying definition.sheets.visuals.pivot_table_visual.chart_configuration.field_wells.pivot_table_aggregated_field_wells.rows (#32464)
resource/aws_quicksight_dashboard: Fix exception thrown when specifying definition.sheets.visuals.bar_chart_visual.chart_configuration.category_axis.scrollbar_options.visible_range (#32464)
resource/aws_quicksight_dashboard: Fix exception thrown when specifying definition.sheets.visuals.pivot_table_visual.chart_configuration.field_options.selected_field_options.visibility (#32464)
resource/aws_quicksight_dashboard: Fix exception thrown when specifying definition.sheets.visuals.pivot_table_visual.chart_configuration.field_wells.pivot_table_aggregated_field_wells.rows (#32464)
resource/aws_quicksight_template: Fix exception thrown when specifying definition.sheets.visuals.bar_chart_visual.chart_configuration.category_axis.scrollbar_options.visible_range (#32464)
resource/aws_quicksight_template: Fix exception thrown when specifying definition.sheets.visuals.pivot_table_visual.chart_configuration.field_options.selected_field_options.visibility (#32464)
resource/aws_quicksight_template: Fix exception thrown when specifying definition.sheets.visuals.pivot_table_visual.chart_configuration.field_wells.pivot_table_aggregated_field_wells.rows (#32464)

`v5.7.0`

Compare Source

FEATURES:

New Data Source: aws_opensearchserverless_security_config (#32321)
New Data Source: aws_opensearchserverless_security_policy (#32226)
New Data Source: aws_opensearchserverless_vpc_endpoint (#32276)
New Resource: aws_cleanrooms_collaboration (#31680)

ENHANCEMENTS:

resource/aws_aws_keyspaces_table: Add client_side_timestamps configuration block (#32339)
resource/aws_glue_catalog_database: Add target_database.region argument (#32283)
resource/aws_glue_crawler: Add iceberg_target configuration block (#32332)
resource/aws_internetmonitor_monitor: Add health_events_config configuration block (#32343)
resource/aws_lambda_function: Support code_signing_config_arn in the ap-east-1 AWS Region (#32327)
resource/aws_qldb_stream: Add configurable Create and Delete timeouts (#32345)
resource/aws_service_discovery_private_dns_namespace: Allow description to be updated in-place (#32342)
resource/aws_service_discovery_public_dns_namespace: Allow description to be updated in-place (#32342)
resource/aws_timestreamwrite_table: Add schema configuration block (#32354)

BUG FIXES:

provider: Correctly handle forbidden_account_ids (#32352)
resource/aws_kms_external_key: Correctly remove all tags (#32371)
resource/aws_kms_key: Correctly remove all tags (#32371)
resource/aws_kms_replica_external_key: Correctly remove all tags (#32371)
resource/aws_kms_replica_key: Correctly remove all tags (#32371)
resource/aws_secretsmanager_secret_rotation: Fix InvalidParameterException: You cannot specify both rotation frequency and schedule expression together errors on resource Update (#31915)
resource/aws_ssm_parameter: Skip Update if only overwrite parameter changes (#32372)
resource/aws_vpc_endpoint: Fix InvalidParameter: PrivateDnsOnlyForInboundResolverEndpoint not supported for this service errors creating S3 Interface VPC endpoints (#32355)

`v5.6.2`

Compare Source

BUG FIXES:

resource/aws_s3_bucket: Fix InvalidArgument: Invalid attribute name specified errors when listing S3 Bucket objects, caused by an AWS SDK for Go regression (#32317)

`v5.6.1`

Compare Source

BUG FIXES:

provider: Prevent resource recreation if tags or tags_all are updated (#32297)

`v5.6.0`

Compare Source

FEATURES:

New Data Source: aws_opensearchserverless_access_policy (#32231)
New Data Source: aws_opensearchserverless_collection (#32247)
New Data Source: aws_sfn_alias (#32176)
New Data Source: aws_sfn_state_machine_versions (#32176)
New Resource: aws_ec2_instance_connect_endpoint (#31858)
New Resource: aws_sfn_alias (#32176)
New Resource: aws_transfer_agreement (#32203)
New Resource: aws_transfer_certificate (#32203)
New Resource: aws_transfer_connector (#32203)
New Resource: aws_transfer_profile (#32203)

ENHANCEMENTS:

resource/aws_batch_compute_environment: Add placement_group attribute to the compute_resources configuration block (#32200)
resource/aws_emrserverless_application: Do not recreate the resource if release_label changes (#32278)
resource/aws_fis_experiment_template: Add log_configuration configuration block (#32102)
resource/aws_fis_experiment_template: Add parameters attribute to the target configuration block (#32160)
resource/aws_fis_experiment_template: Add support for Pods and Tasks to action.*.target (#32152)
resource/aws_lambda_event_source_mapping: The queues argument has changed from a set to a list with a maximum of one element. (#31931)
resource/aws_pipes_pipe: Add activemq_broker_parameters, dynamodb_stream_parameters, kinesis_stream_parameters, managed_streaming_kafka_parameters, rabbitmq_broker_parameters, self_managed_kafka_parameters and sqs_queue_parameters attributes to the source_parameters configuration block. NOTE: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#31607)
resource/aws_pipes_pipe: Add batch_job_parameters, cloudwatch_logs_parameters, ecs_task_parameters, eventbridge_event_bus_parameters, http_parameters, kinesis_stream_parameters, lambda_function_parameters, redshift_data_parameters, sagemaker_pipeline_parameters, sqs_queue_parameters and step_function_state_machine_parameters attributes to the target_parameters configuration block. NOTE: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#31607)
resource/aws_pipes_pipe: Add enrichment_parameters argument (#31607)
resource/aws_resourcegroups_group: resource_query no longer conflicts with configuration (#30242)
resource/aws_s3_bucket_logging: Retry on empty read of logging config (#30916)
resource/aws_sfn_state_machine: Add description, publish, revision_id, state_machine_version_arn and version_description attributes (#32176)

BUG FIXES:

resource/aws_db_instance: Fix resource Create returning instances not in the available state when identifier_prefix is specified (#32287)
resource/aws_resourcegroups_resource: Fix crash when resource Create fails (#30242)
resource/aws_route: Fix reading Route in Route Table (rtb-1234abcd) with destination (1.2.3.4/5): couldn't find resource errors when reading new resource (#32196)
resource/aws_vpc_security_group_egress_rule: security_group_id is Required (#32148)
resource/aws_vpc_security_group_ingress_rule: security_group_id is Required (#32148)

`v5.5.0`

Compare Source

NOTES:

provider: Updates to Go 1.20, the last release that will run on any release of Windows 7, 8, Server 2008 and Server 2012. A future release will update to Go 1.21, and these platforms will no longer be supported. (#32108)
provider: Updates to Go 1.20, the last release that will run on macOS 10.13 High Sierra or 10.14 Mojave. A future release will update to Go 1.21, and these platforms will no longer be supported. (#32108)
provider: Updates to Go 1.20. The provider will now notice the trust-ad option in /etc/resolv.conf and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver. (#32108)

FEATURES:

New Data Source: aws_sesv2_email_identity (#32026)
New Data Source: aws_sesv2_email_identity_mail_from_attributes (#32026)
New Resource: aws_chimesdkvoice_sip_rule (#32070)
New Resource: aws_organizations_resource_policy (#32056)

ENHANCEMENTS:

data-source/aws_organizations_organization: Return the full set of attributes when running as a delegated administrator for AWS Organizations (#32056)
provider: Mask all sensitive values that appear when TF_LOG level is TRACE (#32174)
resource/aws_config_configuration_recorder: Add exclusion_by_resource_types and recording_strategy attributes to the recording_group configuration block (#32007)
resource/aws_datasync_task: Add object_tags attribute to options configuration block (#27811)
resource/aws_networkmanager_attachment_accepter: Added support for Transit Gateway route table attachments (#32023)
resource/aws_ses_active_receipt_rule_set: Support import (#27604)

BUG FIXES:

resource/aws_api_gateway_rest_api: Fix crash when binary_media_types is null (#32169)
resource/aws_datasync_location_object_storage: Don't ignore server_certificate argument (#27811)
resource/aws_eip: Fix reading EC2 EIP (eipalloc-abcd1234): couldn't find resource errors when reading new resource (#32016)
resource/aws_quicksight_analysis: Fix schema mapping for string set elements (#31903)
resource/aws_redshiftserverless_workgroup: Fix waiting for completion: unexpected state 'AVAILABLE' errors when deleting resource (#32067)
resource/aws_route_table: Fix reading Route Table (rtb-abcd1234): couldn't find resource errors when reading new resource (#30999)
resource/aws_storagegateway_smb_file_share: Fix update error when kms_encrypted is true but kms_key_arn is not sent in the request (#32171)

`v5.4.0`

Compare Source

FEATURES:

New Data Source: aws_organizations_policies (#31545)
New Data Source: aws_organizations_policies_for_target (#31682)
New Resource: aws_chimesdkvoice_sip_media_application (#31937)
New Resource: aws_opensearchserverless_collection (#31091)
New Resource: aws_opensearchserverless_security_config (#28776)
New Resource: aws_opensearchserverless_vpc_endpoint (#28651)

ENHANCEMENTS:

resource/aws_elb: Add configurable Create and Update timeouts (#31976)
resource/aws_glue_data_quality_ruleset: Add catalog_id argument to target_table block (#31926)

BUG FIXES:

provider: Fix index out of range [0] with length 0 panic (#32004)
resource/aws_elb: Recreate the resource if subnets is updated to an empty list (#31976)
resource/aws_lambda_provisioned_concurrency_config: The function_name argument now properly handles ARN values (#31933)
resource/aws_quicksight_data_set: Allow physical table map to be optional (#31863)
resource/aws_ssm_default_patch_baseline: Fix *conns.AWSClient is not ssm.ssmClient: missing method SSMClient panic (#31928)

`v5.3.0`

Compare Source

NOTES:

resource/aws_instance: The metadata_options.http_endpoint argument now correctly defaults to enabled. (#24774)
resource/aws_lambda_function: The replace_security_groups_on_destroy and replacement_security_group_ids attributes are being deprecated as AWS no longer supports this operation. These attributes now have no effect, and will be removed in a future major version. (#31904)

FEATURES:

New Data Source: aws_quicksight_theme (#31900)
New Resource: aws_opensearchserverless_access_policy (#28518)
New Resource: aws_opensearchserverless_security_policy (#28470)
New Resource: aws_quicksight_theme (#31900)

ENHANCEMENTS:

data-source/aws_redshift_cluster: Add cluster_namespace_arn attribute (#31884)
resource/aws_redshift_cluster: Add cluster_namespace_arn attribute (#31884)
resource/aws_vpc_endpoint: Add private_dns_only_for_inbound_resolver_endpoint attribute to the dns_options configuration block (#31873)

BUG FIXES:

resource/aws_ecs_task_definition: Fix to prevent persistent diff when efs_volume_configuration has both root_volume and authorization_config set. (#26880)
resource/aws_instance: Fix default for metadata_options.http_endpoint argument. (#24774)
resource/aws_keyspaces_keyspace: Correct plan time validation for name (#31352)
resource/aws_keyspaces_table: Correct plan time validation for keyspace_name, table_name and column names (#31352)
resource/aws_quicksight_analysis: Fix assignment of KPI visual field well target values (#31901)
resource/aws_redshift_cluster: Allow availability_zone_relocation_enabled to be true when publicly_accessible is true (#31886)
resource/aws_vpc: Fix reading EC2 VPC (vpc-abcd1234) Attribute (enableDnsSupport): couldn't find resource errors when reading new resource (#31877)

`v5.2.0`

Compare Source

NOTES:

resource/aws_mwaa_environment: Upgrading your environment to a new major version of Apache Airflow forces replacement of the resource (#31833)

FEATURES:

New Data Source: aws_budgets_budget (#31691)
New Data Source: aws_ecr_pull_through_cache_rule (#31696)
New Data Source: aws_guardduty_finding_ids (#31711)
New Data Source: aws_iam_principal_policy_simulation (#25569)
New Resource: aws_chimesdkvoice_global_settings (#31365)
New Resource: aws_finspace_kx_cluster (#31806)
New Resource: aws_finspace_kx_database (#31803)
New Resource: aws_finspace_kx_environment (#31802)
New Resource: aws_finspace_kx_user (#31804)

ENHANCEMENTS:

data/aws_ec2_transit_gateway_connect_peer: Add bgp_peer_address and bgp_transit_gateway_addresses attributes (#31752)
provider: Adds retry_mode parameter (#31745)
resource/aws_chime_voice_connector: Add tagging support (#31746)
resource/aws_ec2_transit_gateway_connect_peer: Add bgp_peer_address and bgp_transit_gateway_addresses attributes (#31752)
resource/aws_ec2_transit_gateway_route_table_association: Add replace_existing_association argument (#31452)
resource/aws_fis_experiment_template: Add support for Volumes to actions.*.target (#31499)
resource/aws_instance: Add instance_market_options configuration block and instance_lifecycle and spot_instance_request_id attributes (#31495)
resource/aws_lambda_function: Add support for ruby3.2 runtime value (#31842)
resource/aws_lambda_layer_version: Add support for ruby3.2 compatible_runtimes value (#31842)
resource/aws_mwaa_environment: Consider CREATING_SNAPSHOT a valid pending state for resource update (#31833)
resource/aws_networkfirewall_firewall_policy: Add stream_exception_policy option to firewall_policy.stateful_engine_options (#31541)
resource/aws_redshiftserverless_workgroup: Additional supported values for config_parameter.parameter_key (#31747)
resource/aws_sagemaker_model: Add container.model_package_name and primary_container.model_package_name arguments (#31755)

BUG FIXES:

data-source/aws_redshift_cluster: Fix crash reading clusters in modifying state (#31772)
provider/default_tags: Fix perpetual diff when identical tags are moved from default_tags to resource tags, and vice versa (#31826)
resource/aws_autoscaling_group: Ignore any Failed scaling activities due to IAM eventual consistency (#31282)
resource/aws_dx_connection: Convert vlan_id from TypeString to TypeInt in Terraform state for existing resources. This fixes a regression introduced in v5.1.0 causing a number is required errors (#31735)
resource/aws_globalaccelerator_endpoint_group: Fix bug updating endpoint_configuration.weight to 0 (#31767)
resource/aws_medialive_channel: Fix spelling in hls_cdn_settings expander. (#31844)
resource/aws_redshiftserverless_namespace: Fix perpetual iam_roles diffs when the namespace contains a workgroup (#31749)
resource/aws_redshiftserverless_workgroup: Change config_parameter from TypeList to TypeSet as order is not significant (#31747)
resource/aws_redshiftserverless_workgroup: Fix ValidationException: Can't update multiple configurations at the same time errors (#31747)
resource/aws_vpc_endpoint: Fix tagging error preventing use in ISO partitions (#31801)

`v5.1.0`

Compare Source

BREAKING CHANGES:

resource/aws_iam_role: The role_last_used attribute has been removed. Use the aws_iam_role data source instead. (#31656)

NOTES:

resource/aws_autoscaling_group: The load_balancers and target_group_arns attributes have been changed to Computed. This means that omitting this argument is interpreted as ignoring any existing load balancer or target group attachments. To remove all load balancer or target group attachments an empty list should be specified. (#31527)
resource/aws_iam_role: The role_last_used attribute has been removed. Use the aws_iam_role data source instead. See the community feedback provided in the linked issue for additional justification on this change. As the attribute is read-only, unlikely to be used as an input to another resource, and available in the corresponding data source, a breaking change in a minor version was deemed preferable to a long deprecation/removal cycle in this circumstance. (#31656)
resource/aws_redshift_cluster: Ignores the parameter aqua_configuration_status, since the AWS API ignores it. Now always returns auto. (#31612)

FEATURES:

New Data Source: aws_vpclattice_resource_policy (#31372)
New Resource: aws_autoscaling_traffic_source_attachment (#31527)
New Resource: aws_emrcontainers_job_template (#31399)
New Resource: aws_glue_data_quality_ruleset (#31604)
New Resource: aws_quicksight_analysis (#31542)
New Resource: aws_quicksight_dashboard (#31448)
New Resource: aws_resourcegroups_resource (#31430)

ENHANCEMENTS:

data-source/aws_autoscaling_group: Add traffic_source attribute (#31527)
data-source/aws_opensearch_domain: Add off_peak_window_options attribute (#35970)
provider: Increases size of HTTP request bodies in logs to 1 KB (#31718)
resource/aws_appsync_graphql_api: Add visibility argument (#31369)
resource/aws_appsync_graphql_api: Add plan time validation for log_config.cloudwatch_logs_role_arn (#31369)
resource/aws_autoscaling_group: Add traffic_source configuration block (#31527)
resource/aws_cloudformation_stack_set: Add managed_execution argument (#25210)
resource/aws_fsx_ontap_volume: Add skip_final_backup argument (#31544)
resource/aws_fsx_ontap_volume: Remove default value for security_style argument and mark as Computed (#31544)
resource/aws_fsx_ontap_volume: Update ontap_volume_type attribute to be configurable (#31544)
resource/aws_fsx_ontap_volume: junction_path is Optional (#31544)
resource/aws_fsx_ontap_volume: storage_efficiency_enabled is Optional (#31544)
resource/aws_grafana_workspace: Increase default Create and Update timeouts to 30 minutes (#31422)
resource/aws_lambda_invocation: Add lifecycle_scope CRUD to invoke on each resource state transition (#29367)
resource/aws_lambda_layer_version_permission: Add skip_destroy attribute (#29571)
resource/aws_lambda_provisioned_concurrency_configuration: Add skip_destroy argument (#31646)
resource/aws_opensearch_domain: Add off_peak_window_options configuration block (#35970)
resource/aws_sagemaker_endpoint_configuration: Add and shadow_production_variants.serverless_config.provisioned_concurrency arguments (#31398)
resource/aws_transfer_server: Add support for TransferSecurityPolicy-2023-05 security_policy_name value (#31536)

BUG FIXES:

data-source/aws_dx_connection: Fix the vlan_id being returned as null (#31480)
provider/tags: Fix crash when some tags are null and others are computed (#31687)
provider: Limits size of HTTP response bodies in logs to 4 KB (#31718)
resource/aws_autoscaling_group: Fix The AutoRollback parameter cannot be set to true when the DesiredConfiguration parameter is empty errors when refreshing instances (#31715)
resource/aws_autoscaling_group: Now ignores previous failed scaling activities (#31551)
resource/aws_cloudfront_distribution: Remove the upper limit on origin_keepalive_timeout (#31608)
resource/aws_connect_instance: Fix crash when reading instances with CREATION_FAILED status (#31689)
resource/aws_connect_security_profile: Set correct tags in state (#31716)
resource/aws_dx_connection: Fix the vlan_id being returned as null (#31480)
resource/aws_ecs_service: Fix crash when just alarms is updated (#31683)
resource/aws_fsx_ontap_volume: Change storage_virtual_machine_id to ForceNew (#31544)
resource/aws_fsx_ontap_volume: Change volume_type to ForceNew (#31544)
resource/aws_kendra_index: Persist user_group_resolution_mode value to state after creation (#31669)
resource/aws_medialive_channel: Fix attribute spelling in hls_cdn_settings expand (#31647)
resource/aws_quicksight_data_set: Fix join_instruction not applied when creating dataset (#31424)
resource/aws_quicksight_data_set: Ignore failure to read refresh properties for non-SPICE datasets (#31488)
resource/aws_rbin_rule: Fix crash when multiple resource_tags blocks are configured (#31393)
resource/aws_rds_cluster: Correctly update db_cluster_instance_class (#31709)
resource/aws_redshift_cluster: No longer errors on deletion when status is Maintenance (#31612)
resource/aws_route53_vpc_association_authorization: Fix ConcurrentModification error (#31588)
resource/aws_s3_bucket_replication_configuration: Replication configs sometimes need more than a second or two. This resolves a race condition and adds retry logic when reading them. (#30995)

`v5.0.1`

Compare Source

BUG FIXES:

provider/tags: Fix crash when tags are null (#31587)

`v5.0.0`

Compare Source

BREAKING CHANGES:

data-source/aws_api_gateway_rest_api: minimum_compression_size is now a string type to allow values set via the body attribute to be properly computed. (#30969)
data-source/aws_connect_hours_of_operation: The hours_of_operation_arn attribute has been removed (#31484)
data-source/aws_db_instance: With the retirement of EC2-Classic the db_security_groups attribute has been removed (#30966)
data-source/aws_elasticache_cluster: With the retirement of EC2-Classic the security_group_names attribute has been removed (#30966)
data-source/aws_elasticache_replication_group: Remove number_cache_clusters, replication_group_description arguments -- use num_cache_clusters, and description, respectively, instead (#31008)
data-source/aws_iam_policy_document: Don't add empty statement.sid values to json attribute value (#28539)
data-source/aws_iam_policy_document: source_json and override_json have been removed -- use source_policy_documents and override_policy_documents, respectively, instead (#30829)
data-source/aws_identitystore_group: The filter argument has been removed (#31312)
data-source/aws_identitystore_user: The filter argument has been removed (#31312)
data-source/aws_launch_configuration: With the retirement of EC2-Classic the vpc_classic_link_id and vpc_classic_link_security_groups attributes have been removed (#30966)
data-source/aws_redshift_cluster: With the retirement of EC2-Classic the cluster_security_groups attribute has been removed (#30966)
data-source/aws_secretsmanager_secret: The rotation_enabled, rotation_lambda_arn and rotation_rules attributes have been removed (#31487)
data-source/aws_vpc_peering_connection: With the retirement of EC2-Classic the allow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been removed (#30966)
provider: The assume_role.duration_seconds, assume_role_with_web_identity.duration_seconds, s3_force_path_style, shared_credentials_file and skip_get_ec2_platforms attributes have been removed (#31155)
provider: The aws_subnet_ids data source has been removed (#31140)
provider: With the retirement of EC2-Classic the aws_db_security_group resource has been removed (#30966)
provider: With the retirement of EC2-Classic the aws_elasticache_security_group resource has been removed (#30966)
provider: With the retirement of EC2-Classic the aws_redshift_security_group resource has been removed (#30966)
provider: With the retirement of Macie Classic the aws_macie_member_account_association resource has been removed (#31058)
provider: With the retirement of Macie Classic the aws_macie_s3_bucket_association resource has been removed (#31058)
resource/aws_acmpca_certificate_authority: The status attribute has been removed (#31084)
resource/aws_api_gateway_rest_api: minimum_compression_size is now a string type to allow values set via the body attribute to be properly computed. (#30969)
resource/aws_autoscaling_attachment: alb_target_group_arn has been removed -- use lb_target_group_arn instead (#30828)
resource/aws_autoscaling_group: Remove deprecated tags attribute (#30842)
resource/aws_budgets_budget: The cost_filters attribute has been removed (#31395)
resource/aws_ce_anomaly_subscription: The threshold attribute has been removed (#30374)
resource/aws_cloudwatch_event_target: The ecs_target.propagate_tags attribute now has no default value (#25233)
resource/aws_codebuild_project: The secondary_sources.auth and source.auth attributes have been removed (#31483)
resource/aws_connect_hours_of_operation: The hours_of_operation_arn attribute has been removed (#31484)
resource/aws_connect_queue: The quick_connect_ids_associated attribute has been removed (#31376)
resource/aws_connect_routing_profile: The queue_configs_associated attribute has been removed (#31376)
resource/aws_db_instance: Remove name - use db_name instead (#31232)
resource/aws_db_instance: With the retirement of EC2-Classic the security_group_names attribute has been removed (#30966)
resource/aws_db_instance: id is no longer the AWS database identifier - id is now the dbi-resource-id. Refer to identifier instead of id to use the database's identifier (#31232)
resource/aws_default_vpc: With the retirement of EC2-Classic the enable_classiclink and enable_classiclink_dns_support attributes have been removed (#30966)
resource/aws_dms_endpoint: s3_settings.ignore_headers_row has been removed (#30452)
resource/aws_docdb_cluster: snapshot_identifier change now properly forces replacement (#29409)
resource/aws_ec2_client_vpn_endpoint: The status attribute has been removed (#31223)
resource/aws_ec2_client_vpn_network_association: The security_groups attribute has been removed (#31396)
resource/aws_ec2_client_vpn_network_association: The status attribute has been removed (#31223)
resource/aws_ecs_cluster: The capacity_providers and default_capacity_provider_strategy attributes have been removed (#31346)
resource/aws_eip: With the retirement of EC2-Classic the standard domain is no longer supported (#30966)
resource/aws_eip_association: With the retirement of EC2-Classic the standard domain is no longer supported (#30966)
resource/aws_elasticache_cluster: With the retirement of EC2-Classic the security_group_names attribute has been removed (#30966)
resource/aws_elasticache_replication_group: Remove availability_zones, number_cache_clusters, replication_group_description arguments -- use preferred_cache_cluster_azs, num_cache_clusters, and description, respectively, instead (#31008)
resource/aws_elasticache_replication_group: Remove cluster_mode configuration block -- use top-level num_node_groups and replicas_per_node_group instead (#31008)
resource/aws_kinesis_firehose_delivery_stream: Remove s3_configuration attribute from the root of the resource. s3_configuration is now a part of the following blocks: elasticsearch_configuration, opensearch_configuration, redshift_configuration, splunk_configuration, and http_endpoint_configuration (#31138)
resource/aws_kinesis_firehose_delivery_stream: Remove s3 as an option for destination. Use extended_s3 instead (#31138)
resource/aws_kinesis_firehose_delivery_stream: Rename extended_s3_configuration.0.s3_backup_configuration.0.buffer_size and extended_s3_configuration.0.s3_backup_configuration.0.buffer_interval to extended_s3_configuration.0.s3_backup_configuration.0.buffering_size and extended_s3_configuration.0.s3_backup_configuration.0.buffering_interval, respectively (#31141)
resource/aws_kinesis_firehose_delivery_stream: Rename redshift_configuration.0.s3_backup_configuration.0.buffer_size and redshift_configuration.0.s3_backup_configuration.0.buffer_interval to redshift_configuration.0.s3_backup_configuration.0.buffering_size and redshift_configuration.0.s3_backup_configuration.0.buffering_interval, respectively (#31141)
resource/aws_kinesis_firehose_delivery_stream: Rename s3_configuration.0.buffer_size and s3_configuration.0.buffer_internval to s3_configuration.0.buffering_size and s3_configuration.0.buffering_internval, respectively (#31141)
resource/aws_launch_configuration: With the retirement of EC2-Classic the vpc_classic_link_id and vpc_classic_link_security_groups attributes have been removed (#30966)
resource/aws_lightsail_instance: The ipv6_address attribute has been removed (#31489)
resource/aws_medialive_multiplex_program: The statemux_settings attribute has been removed. Use statmux_settings argument instead (#31034)
resource/aws_msk_cluster: The broker_node_group_info.ebs_volume_size attribute has been removed (#31324)
resource/aws_neptune_cluster: snapshot_identifier change now properly forces replacement (#29409)
resource/aws_networkmanager_core_network: Removed policy_document argument -- use aws_networkmanager_core_network_policy_attachment resource instead (#30875)
resource/aws_rds_cluster: The engine argument is now required and has no default (#31112)
resource/aws_rds_cluster: snapshot_identifier change now properly forces replacement (#29409)
resource/aws_rds_cluster_instance: The engine argument is now required and has no default (#31112)
resource/aws_redshift_cluster: With the retirement of EC2-Classic the cluster_security_groups attribute has been removed (#30966)
resource/aws_route: instance_id can no longer be set in configurations. Use network_interface_id instead, for example, setting network_interface_id to aws_instance.test.primary_network_interface_id. (#30804)
resource/aws_route_table: route.*.instance_id can no longer be set in configurations. Use route.*.network_interface_id instead, for example, setting network_interface_id to aws_instance.test.primary_network_interface_id. (#30804)
resource/aws_secretsmanager_secret: The rotation_enabled, rotation_lambda_arn and rotation_rules attributes have been removed (#31487)
resource/aws_security_group: With the retirement of EC2-Classic non-VPC security groups are no longer supported (#30966)
resource/aws_security_group_rule: With the retirement of EC2-Classic non-VPC security groups are no longer supported (#30966)
resource/aws_servicecatalog_product: Changes to any provisioning_artifact_parameters arguments now properly trigger a replacement. This fixes incorrect behavior, but may technically be breaking for configurations expecting non-functional in-place updates. (#31061)
resource/aws_vpc: With the retirement of EC2-Classic the enable_classiclink and enable_classiclink_dns_support attributes have been removed (#30966)
resource/aws_vpc_peering_connection: With the retirement of EC2-Classic the allow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been removed (#30966)
resource/aws_vpc_peering_connection_accepter: With the retirement of EC2-Classic the allow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been removed (#30966)
resource/aws_vpc_peering_connection_options: With the retirement of EC2-Classic the allow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been removed (#30966)
resource/aws_wafv2_web_acl: The statement.managed_rule_group_statement.excluded_rule and statement.rule_group_reference_statement.excluded_rule attributes have been removed (#31374)
resource/aws_wafv2_web_acl_logging_configuration: The redacted_fields.all_query_arguments, redacted_fields.body and redacted_fields.single_query_argument attributes have been removed (#31486)

NOTES:

data-source/aws_elasticache_replication_group: Update configurations to use description instead of the replication_group_description argument (#31008)
data-source/aws_elasticache_replication_group: Update configurations to use num_cache_clusters instead of the number_cache_clusters argument (#31008)
data-source/aws_opensearch_domain: The kibana_endpoint attribute has been deprecated. All configurations using kibana_endpoint should be updated to use the dashboard_endpoint attribute instead (#31490)
data-source/aws_quicksight_data_set: The tags_all attribute has been deprecated and will be removed in a future version (#31162)
data-source/aws_redshift_service_account: The aws_redshift_service_account data source has been deprecated and will be removed in a future version. AWS documentation states that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#31006)
data-source/aws_service_discovery_service: The tags_all attribute has been deprecated and will be removed in a future version (#31162)
resource/aws_api_gateway_rest_api: Update configurations with minimum_compression_size set to pass the value as a string. Valid values remain the same. (#30969)
resource/aws_autoscaling_attachment: Update configurations to use lb_target_group_arn instead of alb_target_group_arn which has been removed (#30828)
resource/aws_db_event_subscription: Configurations that define source_ids using the id attribute of aws_db_instance must be updated to use identifier instead - for example, source_ids = [aws_db_instance.example.id] must be updated to source_ids = [aws_db_instance.example.identifier] (#31232)
resource/aws_db_instance: Configurations that define replicate_source_db using the id attribute of aws_db_instance must be updated to use identifier instead - for example, replicate_source_db = aws_db_instance.example.id must be updated to replicate_source_db = aws_db_instance.example.identifier (#31232)
resource/aws_db_instance: The change of what id is, namely, a DBI Resource ID now versus DB Identifier previously, has far-reaching consequences. Configurations that refer to, for example, aws_db_instance.example.id will now have errors and must be changed to use identifier instead, for example, aws_db_instance.example.identifier (#31232)
resource/aws_db_instance_role_association: Configurations that define db_instance_identifier using the id attribute of aws_db_instance must be updated to use identifier instead - for example, db_instance_identifier = aws_db_instance.example.id must be updated to db_instance_identifier = aws_db_instance.example.identifier (#31232)
resource/aws_db_proxy_target: Configurations that define db_instance_identifier using the id attribute of aws_db_instance must be updated to use identifier instead - for example, db_instance_identifier = aws_db_instance.example.id must be updated to db_instance_identifier = aws_db_instance.example.identifier (#31232)
resource/aws_db_snapshot: Configurations that define db_instance_identifier using the id attribute of aws_db_instance must be updated to use identifier instead - for example, db_instance_identifier = aws_db_instance.example.id must be updated to db_instance_identifier = aws_db_instance.example.identifier (#31232)
resource/aws_docdb_cluster: Changes to the snapshot_identifier attribute will now trigger a replacement, rather than an in-place update. This corrects the previous behavior which resulted in a successful apply, but did not actually restore the cluster from the designated snapshot. (#29409)
resource/aws_dx_gateway_association: The vpn_gateway_id attribute has been deprecated. All configurations using vpn_gateway_id should be updated to use the associated_gateway_id attribute instead (#31384)
resource/aws_elasticache_replication_group: Update configurations to use description instead of the replication_group_description argument (#31008)
resource/aws_elasticache_replication_group: Update configurations to use num_cache_clusters instead of the number_cache_clusters argument (#31008)
resource/aws_elasticache_replication_group: Update configurations to use preferred_cache_cluster_azs instead of the availability_zones argument (#31008)
resource/aws_elasticache_replication_group: Update configurations to use top-level num_node_groups and replicas_per_node_group instead of cluster_mode.0.num_node_groups and cluster_mode.0.replicas_per_node_group, respectively (#31008)
resource/aws_flow_log: The log_group_name attribute has been deprecated. All configurations using log_group_name should be updated to use the log_destination attribute instead (#31382)
resource/aws_guardduty_organization_configuration: The auto_enable argument has been deprecated. Use the auto_enable_organization_members argument instead. (#30736)
resource/aws_neptune_cluster: Changes to the snapshot_identifier attribute will now trigger a replacement, rather than an in-place update. This corrects the previous behavior which resulted in a successful apply, but did not actually restore the cluster from the designated snapshot. (#29409)
resource/aws_networkmanager_core_network: Update configurations to use the aws_networkmanager_core_network_policy_attachment resource instead of the policy_document argument (#30875)
resource/aws_opensearch_domain: The engine_version attribute no longer has a default value. When omitted, the underlying AWS API will use the latest OpenSearch engine version. (#31568)
resource/aws_opensearch_domain: The kibana_endpoint attribute has been deprecated. All configurations using kibana_endpoint should be updated to use the dashboard_endpoint attribute instead (#31490)
resource/aws_rds_cluster: Changes to the snapshot_identifier attribute will now trigger a replacement, rather than an in-place update. This corrects the previous behavior which resulted in a successful apply, but did not actually restore the cluster from the designated snapshot. (#29409)
resource/aws_rds_cluster: Configurations not including the engine argument must be updated to include engine as it is now required. Previously, not including engine was equivalent to engine = "aurora" and created a MySQL-5.6-compatible cluster (#31112)
resource/aws_rds_cluster_instance: Configurations not including the engine argument must be updated to include engine as it is now required. Previously, not including engine was equivalent to engine = "aurora" and created a MySQL-5.6-compatible cluster instance (#31112)
resource/aws_route: Since instance_id can no longer be set in configurations, use network_interface_id instead. For example, set network_interface_id to aws_instance.test.primary_network_interface_id. (#30804)
resource/aws_route_table: Since route.*.instance_id can no longer be set in configurations, use route.*.network_interface_id instead. For example, set network_interface_id to aws_instance.test.primary_network_interface_id. (#30804)
resource/aws_ssm_association: The instance_id attribute has been deprecated. All configurations using instance_id should be updated to use the targets attribute instead (#31380)

ENHANCEMENTS:

provider: Allow computed tags on resources (#30793)
provider: Allow default_tags and resource tags to include zero values "" (#30793)
provider: Duplicate default_tags can now be included and will be overwritten by resource tags (#30793)
resource/aws_db_instance: Updates to identifier and identifier_prefix will no longer cause the database instance to be destroyed and recreated (#31232)
resource/aws_eip: Deprecate vpc attribute. Use domain instead (#31567)
resource/aws_guardduty_organization_configuration: Add auto_enable_organization_members attribute (#30736)
resource/aws_kinesis_firehose_delivery_stream: Add s3_configuration to elasticsearch_configuration, opensearch_configuration, redshift_configuration, splunk_configuration, and http_endpoint_configuration (#31138)
resource/aws_opensearch_domain: Removed engine_version default value (#31568)
resource/aws_wafv2_web_acl: Support rule_action_override on rule_group_reference_statement (#31374)

BUG FIXES:

resource/aws_ecs_capacity_provider: Allow an instance_warmup_period of 0 in the auto_scaling_group_provider.managed_scaling configuration block (#24005)
resource/aws_launch_template: Remove default values in metadata_options to allow default condition (#30545)
resource/aws_s3_bucket: Fix bucket_regional_domain_name not including region for buckets in us-east-1 (#25724)
resource/aws_s3_object: Remove acl default in order to work with S3 buckets that have ACL disabled (#27197)
resource/aws_s3_object_copy: Remove acl default in order to work with S3 buckets that have ACL disabled (#27197)
resource/aws_servicecatalog_product: Changes to provisioning_artifact_parameters arguments now properly trigger a replacement (#31061)
resource/aws_vpc_peering_connection: Fix crash in vpcPeeringConnectionOptionsEqual (#30966)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Jul 14, 2023 by to be continuous bot

chore(deps): update terraform aws to v5

Release Notes

Configuration

Merge request reports