chore(deps): update terraform aws to ~> 4.67.0
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
aws (source) | required_provider | minor |
~> 4.23.0 -> ~> 4.67.0
|
⚠ WarningSome dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
hashicorp/terraform-provider-aws (aws)
v4.67.0
NOTES:
- resource/aws_lightsail_domain_entry: The
id
attribute is now comma-delimited (#30820)
FEATURES:
-
New Data Source:
aws_connect_user
(#26156) -
New Data Source:
aws_connect_vocabulary
(#26158) -
New Data Source:
aws_organizations_policy
(#30920) -
New Data Source:
aws_redshiftserverless_namespace
(#31250) -
New Resource:
aws_quicksight_template
(#30453) -
New Resource:
aws_quicksight_template_alias
(#31310) -
New Resource:
aws_quicksight_vpc_connection
(#31309)
ENHANCEMENTS:
- aws_quicksight_data_set: Add support for configuring refresh properties (#30744)
- data-source/aws_acmpca_certificate_authority: Add
key_storage_security_standard
attribute (#31280) - data-source/aws_elastic_beanstalk_hosted_zone: Add hosted zone ID for
ap-southeast-3
AWS Region (#31248) - data-source/aws_s3_bucket: Set
hosted_zone_id
forcn-north-1
AWS China Region (#31247) - resource/aws_acmpca_certificate_authority: Add
key_storage_security_standard
argument (#31280) - resource/aws_cloudwatch_metric_stream: Add
metric_names
toinclude_filter
andexclude_filter
configuration blocks (#31288) - resource/aws_dms_endpoint: Add ability to use the
db2-zos
IBM DB2 for z/OS engine (#31291) - resource/aws_fsx_ontap_file_system: Allow in-place update of
route_table_ids
(#31251) - resource/aws_fsx_ontap_file_system: Support setting
throughput_capacity
to4096
(#31251) - resource/aws_rds_cluster: Add ability to specify Aurora IO Optimized
storage_type
(#31336) - resource/aws_s3_bucket: Set
hosted_zone_id
forcn-north-1
AWS China Region (#31247)
BUG FIXES:
- resource/aws_appintegrations_data_integration: Correctly read
tags
into state (#31241) - resource/aws_config_remediation_configuration: Change
parameter
attribute toTypeList
for better diff calculation (#31315) - resource/aws_iam_openid_connect_provider: Change
client_id_list
fromTypeList
toTypeSet
as order is not significant (#31253) - resource/aws_servicecatalog_provisioned_product: Fix to properly send
stack_set_provisioned_preferences.0.accounts
on create and update (#31293) - resource/aws_servicecatalog_provisioned_product: Fix to properly set
stack_set_provisioned_preferences
integer typesfailure_tolerance_count
,failure_tolerance_percentage
,max_concurrency_count
,max_concurrency_percentage
(#31289) - resource/aws_ssm_activation: Fix various
ValidationException
errors on resource Create (#31340)
v4.66.1
BUG FIXES:
- resource/aws_appautoscaling_target: Fix
InvalidParameter: 1 validation error(s) found. minimum field size of 1, ListTagsForResourceInput.ResourceARN.
related to Application Auto Scaling resource tagging introduced in v4.66.0 (#31214)
v4.66.0
NOTES:
- resource/aws_instance: The
cpu_core_count
argument is deprecated in favor of thecpu_options
block. Thecpu_options
block can setcore_count
(#31035) - resource/aws_instance: The
cpu_threads_per_core
argument is deprecated in favor of thecpu_options
block. Thecpu_options
block can setthreads_per_core
(#31035)
FEATURES:
-
New Data Source:
aws_appintegrations_event_integration
(#24965) -
New Data Source:
aws_dms_replication_instance
(#15406) -
New Data Source:
aws_vpclattice_auth_policy
(#30898) -
New Data Source:
aws_vpclattice_service_network
(#30904) -
New Resource:
aws_account_primary_contact
(#26123) -
New Resource:
aws_appintegrations_data_integration
(#24941) -
New Resource:
aws_chimesdkvoice_voice_profile_domain
(#30977) -
New Resource:
aws_directory_service_trust
(#31037) -
New Resource:
aws_vpclattice_access_log_subscription
(#30896) -
New Resource:
aws_vpclattice_auth_policy
(#30891) -
New Resource:
aws_vpclattice_resource_policy
(#30900) -
New Resource:
aws_vpclattice_target_group_attachment
(#31039)
ENHANCEMENTS:
- data-source/aws_autoscaling_group: Add
max_instance_lifetime
attribute (#31067) - data-source/aws_autoscaling_group: Add
mixed_instances_policy
attribute (#31067) - data-source/aws_autoscaling_group: Add
predicted_capacity
attribute (#31067) - data-source/aws_autoscaling_group: Add
suspended_processes
attribute (#31067) - data-source/aws_autoscaling_group: Add
tag
attribute (#31067) - data-source/aws_autoscaling_group: Add
warm_pool_size
attribute (#31067) - data-source/aws_autoscaling_group: Add
warm_pool
attribute (#31067) - datasource/aws_launch_template: Add
amd_sev_snp
attribute (#31035) - resource/aws_appautoscaling_policy: Add
metrics
to thetarget_tracking_scaling_policy_configuration.customized_metric_specification
configuration block in support of metric math (#30172) - resource/aws_appautoscaling_target: Add
arn
attribute (#30172) - resource/aws_appautoscaling_target: Add
tags
argument andtags_all
attribute to support resource tagging (#30172) - resource/aws_autoscaling_group: Add
predicted_capacity
attribute (#31067) - resource/aws_autoscaling_group: Add
warm_pool_size
attribute (#31067) - resource/aws_directory_service_conditional_forwarder: Add plan time validation for
remote_domain_name
(#31037) - resource/aws_directory_service_directory: Correct plan time validation for
remote_domain_name
(#31037) - resource/aws_elasticache_user: Add support for defining custom timeouts (#31076)
- resource/aws_fsx_lustre_file_system: Add
root_squash_configuration
argument (#31073) - resource/aws_glue_catalog_database: Add tagging support (#31071)
- resource/aws_grafana_workspace: Make
grafana_version
optional so that its value can be specified in configuration (#31083) - resource/aws_instance: Add
amd_sev_snp
argument (#31035) - resource/aws_instance: Add
cpu_options
argument (#31035) - resource/aws_lambda_function: Add support for
java17
runtime
value (#31027) - resource/aws_lambda_layer_version: Add support for
java17
compatible_runtimes
value (#31028) - resource/aws_launch_template: Add
amd_sev_snp
argument (#31035) - resource/aws_medialive_channel: Added H265 support. (#30908)
- resource/aws_rds_cluster_role_association: Add configurable Create and Delete timeouts (#31015)
- resource/aws_redshift_scheduled_action: Add plan time validation for
name
argument (#31020) - resource/aws_redshiftserverless_workgroup: Add support for defining custom timeouts (#31054)
- resource/aws_sagemaker_domain: Add
domain_settings.r_studio_server_pro_domain_settings
,default_user_settings.canvas_app_settings.model_register_settings
, anddefault_user_settings.r_studio_server_pro_app_settings
arguments (#31031) - resource/aws_sagemaker_endpoint_configuration: Add
async_inference_config.output_config.notification_config.include_inference_response_in
andasync_inference_config.output_config.s3_failure_path
arguments (#31070) - resource/aws_sagemaker_user_profile: Add
user_settings.canvas_app_settings.model_register_settings
anduser_settings.r_studio_server_pro_app_settings
arguments (#31072) - resource/aws_servicecatalog_provisioning_artifact: Add
provisioning_artifact_id
attribute (#31086) - resource/aws_sfn_state_machine: Add configurable timeouts (#31097)
- resource/aws_spot_fleet_request: Add 'aws_spot_fleet_request.context' argument (#30918)
- resource/aws_vpn_connection: Add
tunnel1_enable_tunnel_lifecycle_control
andtunnel2_enable_tunnel_lifecycle_control
arguments (#31064)
BUG FIXES:
- data-source/aws_nat_gateway: Guarantee that all attributes are set when the NAT Gateway is associated with a single address (#31118)
- data-source/aws_networkfirewall_firewall_policy: Add
firewall_policy.stateful_rule_group_reference.override
attribute, fixingsetting firewall_policy: Invalid address to set
error (#31089) - resource/aws_connect_routing_profile: Remove the limit on the maximum number of queues that can be associated with a routing profile. Batch processing is now done when there are more than 10 queues associated or disassociated at a time. (#30895)
- resource/aws_db_instance: Consider
delete-precheck
a valid pending state for resource deletion (#31047) - resource/aws_inspector2_enabler: Correctly supports
LAMBDA
resource scanning (#31038) - resource/aws_inspector2_enabler: Correctly supports multiple accounts (#31038)
- resource/aws_inspector2_enabler: No longer calls
Disable
API for status checking (#31038) - resource/aws_nat_gateway: Guarantee that all attributes are set when the NAT Gateway is associated with a single address (#31118)
- resource/aws_rds_cluster_instance: Consider
delete-precheck
a valid pending state for resource deletion (#31047) - resource/aws_servicecatalog_provisioned_product: Changes in the provisioning_artifact_name attribute are now reflected correctly in AWS (#26371)
- resource/aws_servicecatalog_provisioned_product: Fix
product_name
update handling (#31094)
v4.65.0
NOTES:
- data-source/aws_db_instance: With the retirement of EC2-Classic the
db_security_groups
attribute has been deprecated and will be removed in a future version (#30919) - data-source/aws_elasticache_cluster: With the retirement of EC2-Classic the
security_group_names
attribute has been deprecated and will be removed in a future version (#30919) - data-source/aws_launch_configuration: With the retirement of EC2-Classic the
vpc_classic_link_id
andvpc_classic_link_security_groups
attributes have been deprecated and will be removed in a future version (#30919) - data-source/aws_redshift_cluster: With the retirement of EC2-Classic the
cluster_security_groups
attribute has been deprecated and will be removed in a future version (#30919) - resource/aws_config_organization_custom_policy_rule: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#21373)
FEATURES:
-
New Data Source:
aws_api_gateway_authorizer
(#28148) -
New Data Source:
aws_api_gateway_authorizers
(#28148) -
New Data Source:
aws_dms_replication_subnet_group
(#30832) -
New Data Source:
aws_dms_replication_task
(#30967) -
New Data Source:
aws_ssmcontacts_contact
(#30667) -
New Data Source:
aws_ssmcontacts_contact_channel
(#30667) -
New Data Source:
aws_ssmcontacts_plan
(#30667) -
New Data Source:
aws_ssmincidents_response_plan
(#30665) -
New Resource:
aws_config_organization_custom_policy_rule
(#21373) -
New Resource:
aws_quicksight_folder_membership
(#30871) -
New Resource:
aws_quicksight_refresh_schedule
(#30788) -
New Resource:
aws_ssmcontacts_contact
(#30667) -
New Resource:
aws_ssmcontacts_contact_channel
(#30667) -
New Resource:
aws_ssmcontacts_plan
(#30667) -
New Resource:
aws_ssmincidents_response_plan
(#30665) -
New Resource:
aws_synthetics_group
(#30678) -
New Resource:
aws_synthetics_group_association
(#30678)
ENHANCEMENTS:
- data-source/aws_ami_ids: Add
include_deprecated
argument (#30294) - data-source/aws_backup_report_plan: Add
accounts
,organization_units
andregions
attributes to thereport_setting
block (#28309) - data-source/aws_imagebuilder_image: Add
containers
attribute to theoutput_resources
block (#30899) - resource/aws_appstream_stack: Add
streaming_experience_settings
attribute (#28512) - resource/aws_backup_report_plan: Add
accounts
,organization_units
andregions
attributes to thereport_setting
block (#28309) - resource/aws_chime_voice_connector_streaming: Add
media_insights_configuration
argument (#30713) - resource/aws_db_subnet_group: Add
vpc_id
attribute (#30775) - resource/aws_fis_experiment_template: Add support for
Cluster
Network Actions toactions.*.target
(#27337) - resource/aws_gamelift_game_session_queue: Add
custom_event_data
argument (#26206) - resource/aws_imagebuilder_image: Add
containers
attribute to theoutput_resources
block (#30899) - resource/aws_networkfirewall_rule_group: Add limit for
reference_sets
(#30759) - resource/aws_networkmanager_core_network: Wait for the network policy to be in the
READY_TO_EXECUTE
state before executing any changes (#30879) - resource/aws_s3outposts_endpoint: Add
access_type
andcustomer_owned_ipv4_pool
arguments (#23839) - resource/aws_wafv2_web_acl: Add
token_domains
argument (#30340) - various IAM resource types: more detailed error messages for invalid policy document JSON (#27502)
BUG FIXES:
- resource/aws_api_gateway_api_key: Fix
value
minimum length verification when specified. (#30894) - resource/aws_apprunner_service: Allow additional
instance_configuration.cpu
andinstance_configuration.memory
values (#30889) - resource/aws_dms_replication_task: Fix perpetual diff on dms replication_task settings (#30885)
- resource/aws_ds_shared_directory: Properly handle paged response objects on read (#30914)
- resource/aws_ecs_service: Fix removal of
service_registries
configuration block (#30852) - resource/aws_redshiftdata_statement: Fix
ValidationException
errors reading expired statements (#26343) - resource/aws_vpc_endpoint_route_table_association: Retry resource Create for EC2 eventual consistency (#30994)
- resource/aws_vpc_endpoint_service_allowed_principal: Fix
too many results
error (#30974)
v4.64.0
FEATURES:
-
New Data Source:
aws_dms_endpoint
(#30717) -
New Data Source:
aws_fsx_windows_file_system
(#28622) -
New Data Source:
aws_networkfirewall_resource_policy
(#25474) -
New Data Source:
aws_prometheus_workspaces
(#28574) -
New Data Source:
aws_redshiftserverless_workgroup
(#29208) -
New Data Source:
aws_route53_resolver_query_log_config
(#29111) -
New Data Source:
aws_sesv2_configuration_set
(#30108) -
New Data Source:
aws_vpclattice_listener
(#30843) -
New Resource:
aws_cloudwatch_event_endpoint
(#25846) -
New Resource:
aws_vpclattice_listener
(#30711) -
New Resource:
aws_vpclattice_listener_rule
(#30784)
ENHANCEMENTS:
- data-source/aws_cloudfront_response_headers_policy: Add
remove_headers_config
attribute (#28940) - data-source/aws_ecs_task_definition: Add
execution_role_arn
attribute (#28662) - data-source/aws_eks_node_group: Add
launch_template
attribute (#30780) - data-source/aws_iam_role: Add
role_last_used
attribute (#30750) - data-source/aws_kms_key: Add
cloud_hsm_cluster_id
,custom_key_store_id
,key_spec
,pending_deletion_window_in_days
, andxks_key_configuration
attributes (#29250) - data-source/aws_lakeformation_data_lake_settings: Add
allow_external_data_filtering
,external_data_filtering_allow_list
andauthorized_session_tag_value_list
attributes (#30207) - data-source/aws_outposts_outpost: Add
lifecycle_status
,site_arn
,supported_hardware_type
andtags
attributes (#30754) - data-source/aws_servicequotas_service_quota: Add
usage_metric
attribute (#29499) - data-source/aws_subnet: Add
enable_lni_at_device_index
attribute (#30798) - resource/aws_appsync_datasource: Add
opensearchservice_config
argument (#29578) - resource/aws_cloudfront_response_headers_policy: Add
remove_headers_config
argument (#28940) - resource/aws_cloudwatch_event_target: Add
ecs_target.ordered_placement_strategy
argument (#28384) - resource/aws_cloudwatch_metric_stream: Add
include_linked_accounts_metrics
argument (#29281) - resource/aws_dms_replication_instance: Increase default timeout for
create
(#29905) - resource/aws_eks_node_group: Add plan time validation to
node_group_name
andnode_group_name_prefix
arguments (#29975) - resource/aws_elastic_beanstalk_application: Add plan time validation to
appversion_lifecycle.service_role
andname
arguments (#17727) - resource/aws_emr_cluster: Add
placement_group_config
argument (#30121) - resource/aws_fis_experiment_template: Add support for
Subnets
Network Actions toactions.*.target
(#30211) - resource/aws_iam_role: Add
role_last_used
attribute (#30750) - resource/aws_iot_topic_rule: Add
error_action.firehose.batch_mode
,error_action.iot_analytics.batch_mode
,error_action.iot_events.batch_mode
,firehose.batch_mode
,iot_analytics.batch_mode
andiot_events.batch_mode
arguments (#28568) - resource/aws_kinesis_firehose_delivery_stream: Add
opensearch_configuration
block (#29112) - resource/aws_kinesis_firehose_delivery_stream: Add
opensearch
as a validdestination
value (#29112) - resource/aws_lakeformation_data_lake_settings: Add
allow_external_data_filtering
,external_data_filtering_allow_list
andauthorized_session_tag_value_list
arguments (#30207) - resource/aws_lambda_event_source_mapping: Add
document_db_event_source_config
configuration block (#28586) - resource/aws_lambda_function: Add support for
python3.10
runtime
value (#30781) - resource/aws_lambda_layer_version: Add support for
python3.10
compatible_runtimes
value (#30781) - resource/aws_main_route_table_association: Add configurable timeouts (#30755)
- resource/aws_route: Allow
gateway_id
value oflocal
when updating a Route (#24507) - resource/aws_route_table_association: Add configurable timeouts (#30755)
- resource/aws_s3_bucket: Correct S3 Object Lock error handling for third-party S3-compatible API implementations (#26317)
- resource/aws_s3_bucket_object_lock_configuration: Correct error handling for third-party S3-compatible API implementations (#26317)
- resource/aws_securityhub_account: Add
control_finding_generator
,auto_enable_controls
andarn
attributes (#30692) - resource/aws_servicequotas_service_quota: Add
usage_metric
attribute (#29499) - resource/aws_ssoadmin_account_assignment: Extend timeout delay and min timeout (#25849)
- resource/aws_ssoadmin_permission_set: Extend timeout delay and min timeout (#25849)
- resource/aws_subnet: Add
enable_lni_at_device_index
attribute (#30798) - resource/aws_vpc_endpoint_service_allowed_principal: Changed id to use ServicePermissionId (#27640)
- resource/aws_wafv2_rule_group: Add
rule.action.challenge
argument (#29690) - resource/aws_wafv2_rule_group: Add
rule.captcha_config
argument (#29608) - resource/aws_wafv2_web_acl: Add
captcha_config
andrule.captcha_config
arguments (#29608)
BUG FIXES:
- data-source/aws_lakeformation_permissions: Change
lf_tag_policy.expression
fromTypeList
toTypeSet
as order is not significant (#26643) - data-source/aws_lakeformation_permissions: Remove limit on number of
lf_tag_policy.expression
blocks (#26643) - resource/aws_cloudwatch_event_rule: Add retry to read step, resolving
couldn't find resource
error (#25846) - resource/aws_default_vpc: Fix adoption of default VPC with generated IPv6 (#29083)
- resource/aws_dx_gateway: Remove plan time validation from
name
argument (#30739) - resource/aws_ecs_service: Fix error importing service with an IAM role with a path (#30170)
- resource/aws_fsx_windows_file_system: Increase
throughput_capacity
first to avoidBadRequest
errors (#28622) - resource/aws_lakeformation_permissions: Change
lf_tag_policy.expression
fromTypeList
toTypeSet
as order is not significant (#26643) - resource/aws_lakeformation_permissions: Change
lf_tag
,lf_tag.values
,lf_tag_policy
,lf_tag_policy.expression.key
,lf_tag_policy.expression.values
andlf_tag_policy.resource_type
to ForceNew (#26643) - resource/aws_lakeformation_permissions: Remove limit on number of
lf_tag_policy.expression
blocks (#26643) - resource/aws_lambda_event_source_mapping: Fix IAM eventual consistency errors on resource Update (#28586)
- resource/aws_medialive_channel: Fix to properly expand
destinations.media_package_settings
field (#30660) - resource/aws_networkfirewall_firewall_policy: Fix unexpected
encryption_configuration.type
updates fromCustomer_KMS
toAWS_KMS
(#30821) - resource/aws_networkfirewall_rule_group: Fix unexpected
encryption_configuration.type
updates fromCustomer_KMS
toAWS_KMS
(#30821) - resource/aws_quicksight_data_set: Correct custom_sql documentation (#30742)
- resource/aws_quicksight_data_set: Correctly persist
create_columns_operation.expression
field (#30708) - resource/aws_quicksight_data_set: Fix to properly expand
project_operation.projected_columns
field (#30699) - resource/aws_quicksight_data_set: Fix to properly flatten
cast_column_type_operation.format
field (#30701) - resource/aws_sagemaker_app: Fix crash when app is not found (#30786)
- resource/aws_sns_topic: Fix IAM eventual consistency error creating SNS topics with ABAC-controlled permissions (#30432)
- resource/aws_vpc: Don't overwrite any configured value for
ipv6_ipam_pool_id
with IPAM Managed (#30795)
v4.63.0
FEATURES:
-
New Data Source:
aws_dms_certificate
(#30498) -
New Data Source:
aws_quicksight_group
(#12311) -
New Data Source:
aws_quicksight_user
(#12310) -
New Resource:
aws_chimesdkmediapipelines_media_insights_pipeline_configuration
(#30603) -
New Resource:
aws_pipes_pipe
(#30538) -
New Resource:
aws_quicksight_iam_policy_assignment
(#30653) -
New Resource:
aws_quicksight_ingestion
(#30487) -
New Resource:
aws_quicksight_namespace
(#30681) -
New Resource:
aws_sagemaker_data_quality_job_definition
(#30301) -
New Resource:
aws_sagemaker_monitoring_schedule
(#30684) -
New Resource:
aws_vpclattice_service_network_service_association
(#30410) -
New Resource:
aws_vpclattice_service_network_vpc_association
(#30411) -
New Resource:
aws_vpclattice_target_group
(#30455)
ENHANCEMENTS:
- data-source/aws_dx_connection: Add
partner_name
attribute (#30385) - data-source/aws_lambda_function_url: Add
invoke_mode
attribute (#30547) - data-source/aws_nat_gateway: Add
association_id
attribute (#30546) - data-source/aws_sagemaker_prebuilt_ecr_image: Added sagemaker-model-monitor-analyzer images (#30301)
- resource/aws_acmpca_certificate: Add
api_passthrough
argument (#28142) - resource/aws_api_gateway_rest_api: Added
fail_on_warnings
attribute (#22300) - resource/aws_dx_connection: Add
partner_name
attribute (#30385) - resource/aws_dx_gateway: Add plan time validation to
name
argument (#30375) - resource/aws_dx_gateway: Allow updates to
name
without forcing resource replacement (#30375) - resource/aws_ec2_client_vpn_route: Increase Create and Delete timeouts to 4 minutes (#30552)
- resource/aws_lambda_function_url: Add
invoke_mode
attribute (#30547) - resource/aws_mwaa_environment: Add
startup_script_s3_path
andstartup_script_s3_object_version
attributes (#30549) - resource/aws_nat_gateway: Add
association_id
attribute (#30546) - resource/aws_servicecatalog_provisioned_product: Surfaces more clear error message when resource fails to apply (#30663)
- resource/aws_wafv2_web_acl: Add
aws_managed_rules_atp_rule_set
tomanaged_rule_group_configs
configuration block (#30518)
BUG FIXES:
- resource/aws_batch_compute_environment: Fix crash when
compute_resources.launch_template
is empty (#30537) - resource/aws_cognito_managed_user_pool_client: Allow removing
token_validity_units
(#30662) - resource/aws_cognito_user_pool_client: Allow removing
token_validity_units
(#30662) - resource/aws_db_instance: Allow
engine
andengine_version
to be set whenreplicate_source_db
is set (#30703) - resource/aws_db_instance: Fixes panic when updating
replica_mode
(#30714) - resource/aws_dynamodb_table_item: Would report spurious diffs when List and Map attributes were changed out-of-band (#30712)
- resource/aws_elasticache_user_group: Change
user_group_id
to ForceNew (#30533) - resource/aws_launch_template: Fix crash when
instance_market_options.spot_options
is empty (#30539) - resource/aws_msk_serverless_cluster: Change
vpc_config.security_group_ids
to Computed (#30535) - resource/aws_quicksight_data_set: Fix to properly send
physical_table_map.*.relational_table.catalog
when set (#30704) - resource/aws_quicksight_data_set: Fix to properly send
physical_table_map.*.relational_table.schema
when set (#30704) - resource/aws_rds_cluster: Prevent
db_instance_parameter_group_name
from causing errors on minor upgrades (#30679) - resource/aws_rds_cluster_parameter_group: Fixes differences being reported on every apply when setting system-source parameters (#30536)
v4.62.0
FEATURES:
-
New Data Source:
aws_ec2_transit_gateway_attachments
(#29644) -
New Data Source:
aws_ec2_transit_gateway_route_table_associations
(#29642) -
New Data Source:
aws_ec2_transit_gateway_route_table_propagations
(#29640) -
New Data Source:
aws_oam_link
(#30401) -
New Data Source:
aws_oam_links
(#30401) -
New Data Source:
aws_quicksight_data_set
(#30422) -
New Data Source:
aws_vpclattice_service
(#30490) -
New Resource:
aws_inspector2_member_association
(#28921) -
New Resource:
aws_lightsail_distribution
(#30124) -
New Resource:
aws_quicksight_account_subscription
(#30359) -
New Resource:
aws_quicksight_data_set
(#30349) -
New Resource:
aws_quicksight_folder
(#30400) -
New Resource:
aws_vpclattice_service
(#30429) -
New Resource:
aws_vpclattice_service_network
(#35969)
ENHANCEMENTS:
- data-source/aws_route_table: Ignore routes managed by VPC Lattice (#30515)
- data-source/aws_secretsmanager_secret: Add
rotation_rules.duration
androtation_rules.schedule_expression
attributes (#30425) - data-source/aws_secretsmanager_secret_rotation: Add
rotation_rules.duration
androtation_rules.schedule_expression
attributes (#30425) - resource/aws_default_route_table: Ignore routes managed by VPC Lattice (#30515)
- resource/aws_emrserverless_application: Add
image_configuration
field (#30398) - resource/aws_imagebuilder_container_recipe: Add
platform_override
field (#30398) - resource/aws_route_table: Ignore routes managed by VPC Lattice (#30515)
- resource/aws_s3_bucket: Enable S3-compatible providers with no support for bucket tagging (#30151)
- resource/aws_sagemaker_endpoint_configuration: Add
name_prefix
argument (#28785) - resource/aws_sagemaker_feature_group: Add
table_format
to theoffline_store_config
configuration block (#30118) - resource/aws_secretsmanager_secret: Add
duration
andschedule_expression
attributes torotation_rules
configuration block (#30425) - resource/aws_secretsmanager_secret_rotation: Add
duration
andschedule_expression
attributes torotation_rules
configuration block (#30425)
BUG FIXES:
- resource/aws_ce_cost_category: Fixed
effective_start
being reset on any changes despiteeffective_start
having the same value (#30369) - resource/aws_db_instance: Fix crash when updating
password
(#30379) - resource/aws_glue_crawler: Fix InvalidInputException error string matching (#30370)
- resource/aws_glue_trigger: Fix InvalidInputException error string matching (#30370)
- resource/aws_medialive_channel: Fix attribute
certificate_mode
spelling inrtmp_output_settings
(#30224) - resource/aws_rds_cluster: Fix crash when updating
master_password
(#30379) - resource/aws_rds_cluster: Fix inconsistent final plan errors when
engine_version
updates are not applied immediately (#30247) - resource/aws_rds_cluster: Send
db_instance_parameter_group_name
on all modify requests when set (#30247) - resource/aws_rds_cluster_instance: Fix inconsistent final plan errors when
engine_version
updates are not applied immediately (#30247) - resource/aws_rds_instance: Fix inconsistent final plan errors when
engine_version
updates are not applied immediately (#30247) - resource/aws_s3_bucket_lifecycle_configuration: Allow
rule.filter.object_size_greater_than
= 0 (#29857) - resource/aws_scheduler_schedule: Mark
arn
property ofdead_letter_config
as a required property (#30360)
v4.61.0
FEATURES:
-
New Data Source:
aws_appmesh_gateway_route
(#29064) -
New Data Source:
aws_appmesh_virtual_node
(#27545) -
New Data Source:
aws_appmesh_virtual_router
(#26908) -
New Data Source:
aws_globalaccelerator_custom_routing_accelerator
(#28922) -
New Data Source:
aws_oam_sink
(#30258) -
New Data Source:
aws_oam_sinks
(#30258) -
New Data Source:
aws_ssmincidents_replication_set
(#29769) -
New Resource:
aws_globalaccelerator_custom_routing_accelerator
(#28922) -
New Resource:
aws_globalaccelerator_custom_routing_endpoint_group
(#28922) -
New Resource:
aws_globalaccelerator_custom_routing_listener
(#28922) -
New Resource:
aws_rbin_rule
(#25926) -
New Resource:
aws_sns_topic_data_protection_policy
(#30008) -
New Resource:
aws_ssmincidents_replication_set
(#29769)
ENHANCEMENTS:
- data-source/aws_db_instance: Add
master_user_secret
attribute (#28848) - data-source/aws_globalaccelerator_accelerator: Add
dual_stack_dns_name
attribute (#28922) - data-source/aws_rds_cluster: Add
master_user_secret
attribute (#28848) - resource/aws_appmesh_gateway_route: Add
header
,path
andquery_parameter
to thespec.http_route.match
andspec.http2_route.match
configuration blocks (#29064) - resource/aws_appmesh_gateway_route: Add
port
to thespec.grpc_route.action.target
,spec.http_route.action.target
andspec.http2_route.action.target
configuration blocks to support Virtual Services with multiple listeners (#29064) - resource/aws_appmesh_gateway_route: Add
priority
to thespec
configuration block (#29064) - resource/aws_appmesh_route: Add
path
andquery_parameter
to thespec.http_route.match
andspec.http2_route.match
configuration blocks (#29064) - resource/aws_appmesh_route:
spec.http_route.match.prefix
andspec.http2_route.match.prefix
are Optional (#29064) - resource/aws_appmesh_virtual_node: Add
ip_preference
andresponse_type
to thespec.service_discovery.dns
configuration block (#29064) - resource/aws_db_instance: Add
manage_master_user_password
,master_user_secret
andmaster_user_secret_kms_key_id
arguments to support RDS managed master password in Secrets Manager (#28848) - resource/aws_globalaccelerator_accelerator: Add
dual_stack_dns_name
attribute (#28922) - resource/aws_lakeformation_lf_tag: Increase values MaxItem up to 1000 to match with AWS real limit (#26546)
- resource/aws_rds_cluster: Add
manage_master_user_password
,master_user_secret
andmaster_user_secret_kms_key_id
arguments to support RDS managed master password in Secrets Manager (#28848) - resource/aws_sagemaker_endpoint_configuration: Add
production_variants.enable_ssm_access
andshadow_production_variants.enable_ssm_access
arguments (#30267)
BUG FIXES:
- datasource/aws_ecs_task_execution: Fix type assertion panic on
overrides.0.container_overrides.*.environment
attribute (#30214) - datasource/aws_ecs_task_execution: Fix type assertion panic on
overrides.0.container_overrides.*.resource_requirements
attribute (#30214) - datasource/aws_ecs_task_execution: Fix type assertion panic on
overrides.0.inference_accelerator_overrides
attribute (#30214) - resource/aws_appmesh_virtual_router:
spec.listener
is Optional (#29064) - resource/aws_fsx_openzfs_file_system: Fix
iops
validation indisk_iops_configuration
to allow values forSINGLE_AZ_1
andSINGLE_AZ_2
(#30299) - resource/aws_lakeformation_lf_tag: Fix support for lf-tag keys with colons in the name (#28258)
- resource/aws_launch_template: Allow
metadata_options
to be applied whenhttp_endpoint
is not configured (#30107) - resource/aws_ssm_activation: Fix IAM eventual consistency errors on resource Create (#30280)
- resource/aws_ssm_document: Correctly set
default_version
,document_version
,hash
,latest_version
andparameter
as Computed whencontent
changes (#28489) - resource/aws_wafv2_ip_set: Fix
DiffSuppress
onaddresses
to detect changes for unknown values (#30352)
v4.60.0
FEATURES:
-
New Data Source:
aws_appmesh_route
(#26695) -
New Data Source:
aws_appmesh_virtual_gateway
(#27057) -
New Resource:
aws_cognito_managed_user_pool_client
(#30140) -
New Resource:
aws_oam_link
(#30125) -
New Resource:
aws_sesv2_contact_list
(#30094)
ENHANCEMENTS:
- data-source/aws_ecs_cluster: Add
tags
attribute (#30073) - resource/aws_appmesh_virtual_gateway: Add
logging.access_log.file.format
configuration block (#29315) - resource/aws_appmesh_virtual_node: Add
logging.access_log.file.format
configuration block (#29315) - resource/aws_rds_cluster: Conflict
snapshot_identifier
andglobal_cluster_identifier
attributes, preventing misleading results on restore (#30158) - resource/aws_securityhub_account: Add
enable_default_standards
argument (#13477) - resource/aws_securityhub_member:
email
is Optional (#19065)
BUG FIXES:
- data-source/aws_appmesh_mesh: Don't attempt to list tags if the current AWS account is not the mesh owner (#26695)
- data-source/aws_appmesh_virtual_service: Don't attempt to list tags if the current AWS account is not the mesh owner (#26695)
- resource/aws_apigateway_domain_name: Add ability to update
mutual_tls_authentication.truststore_uri
in place (#30081) - resource/aws_apigatewayv2_domain_name: Add ability to update
mutual_tls_authentication.truststore_uri
in place (#30081) - resource/aws_appmesh_gateway_route: Use configured
mesh_owner
when deleting shared gateway route (#29362) - resource/aws_appmesh_route: Use configured
mesh_owner
value when deleting shared route (#29362) - resource/aws_appmesh_virtual_gateway: Use configured
mesh_owner
value when deleting shared virtual gateway (#29362) - resource/aws_appmesh_virtual_node: Use configured
mesh_owner
value when deleting shared virtual node (#29362) - resource/aws_appmesh_virtual_router: Use configured
mesh_owner
value when deleting shared virtual router (#29362) - resource/aws_appmesh_virtual_service: Use configured
mesh_owner
value when deleting shared virtual service (#29362) - resource/aws_cognito_risk_configuration: Adds validation to
risk_exception_configuration
and requires at least one ofaccount_takeover_risk_configuration
,compromised_credentials_risk_configuration
, orrisk_exception_configuration
. (#30074) - resource/aws_medialive_channel: Change
TypeSet
toTypeList
onvideo_description
, to get more precise actions from plan output (#30064) - resource/aws_medialive_channel: Fix type casting for
h264_settings
invideo_descriptions
(#30063) - resource/aws_medialive_channel: Fix type casting of
program_num
,segmentation_time
andfragment_time
form2ts_settings
(#30025) - resource/aws_opsworks_application: Don't return an error like
deleting OpsWorks Application (...): %!s()
after successful Delete (#30101) - resource/aws_pinpoint_app: Don't return an error like
deleting Pinpoint Application (...): %!s()
after successful Delete (#30101) - resource/aws_placement_group: Change
spread_level
to Computed (#28596) - resource/aws_security_group: Improve respect for delete timeout set by user and retry of certain errors (#30114)
- resource/aws_transfer_server: Fix error refreshing
protocol_details.as2_transports
value (#30115)
v4.59.0
NOTES:
- resource/aws_connect_queue: The
quick_connect_ids_associated
attribute is being deprecated in favor ofquick_connect_ids
(#26151) - resource/aws_connect_routing_profile: The
queue_configs_associated
attribute is being deprecated in favor ofqueue_configs
(#26151)
FEATURES:
-
New Data Source:
aws_ec2_public_ipv4_pool
(#28245) -
New Data Source:
aws_ec2_public_ipv4_pools
(#28245) -
New Data Source:
aws_servicecatalog_provisioning_artifacts
(#25535) -
New Resource:
aws_codegurureviewer_repository_association
(#29656) -
New Resource:
aws_emr_block_public_access_configuration
(#29968) -
New Resource:
aws_kms_key_policy
(#29923) -
New Resource:
aws_oam_sink
(#29670) -
New Resource:
aws_oam_sink_policy
(#30020)
ENHANCEMENTS:
- aws_cognito_user_pool_domain: Add ability to update
certificate_arn
in place (#25275) - data-source/aws_aws_lb: Add
enable_xff_client_port
,xff_header_processing_mode
andenable_tls_version_and_cipher_suite_headers
attributes (#29792) - data-source/aws_ce_cost_category: Add
default_value
attribute (#29291) - data-source/aws_dynamodb_table: Add
deletion_protection_enabled
attribute (#29924) - data-source/aws_opensearch_domain: Add
dashboard_endpoint
attribute (#29867) - resource/aws_amplify_domain_association: Add
enable_auto_sub_domain
argument (#29814) - resource/aws_appflow_flow: Add attribute
preserve_source_data_typing
tos3_output_format_config
ins3
(#27616) - resource/aws_appsync_datasource: Add
event_bridge_config
argument to support AppSync EventBridge data sources (#30042) - resource/aws_aws_lb: Add
enable_xff_client_port
,xff_header_processing_mode
andenable_tls_version_and_cipher_suite_headers
arguments (#29792) - resource/aws_batch_compute_environment: Allow a maximum of 2
compute_resources.ec2_configuration
s (#27207) - resource/aws_cloudwatch_metric_alarm: Add
period
parameter tometric_query
(#29896) - resource/aws_cloudwatch_metric_alarm: Add validation to
period
parameter ofmetric_query.metric
(#29896) - resource/aws_cognito_user_pool_domain: Add
cloudfront_distribution
andcloudfront_distribution_zone_id
attributes (#27790) - resource/aws_dynamodb_table: Add
deletion_protection_enabled
argument (#29924) - resource/aws_ecs_task_definition: Add
arn_without_revision
attribute (#27351) - resource/aws_elasticache_user: Add
authentication_mode
argument (#28928) - resource/aws_fms_policy: Add
description
argument (#29926) - resource/aws_fsx_openzfs_file_system: Add support for
SINGLE_AZ_2
deployment_type
(#28583) - resource/aws_glue_crawler: Add
create_native_delta_table
attribute to thedelta_target
configuration block (#29566) - resource/aws_inspector2_organization_configuration: Add
lambda
attribute toauto_enable
configuration block (#28961) - resource/aws_instance: Add ability to update
private_dns_name_options
in place (#26305) - resource/aws_lb_target_group: Add
load_balancing_cross_zone_enabled
argument (#29920) - resource/aws_opensearch_domain: Add
dashboard_endpoint
attribute (#29867) - resource/aws_qldb_ledger: Add configurable timeouts (#29635)
- resource/aws_s3_bucket: Add error handling for
XNotImplemented
errors when readingacceleration_status
,request_payer
,lifecycle_rule
,logging
, orreplication_configuration
into terraform state. (#29632) - resource/aws_securityhub_organization_configuration: Add
auto_enable_standards
attribute (#29773) - resource/aws_wafv2_web_acl_association: Add configurable timeout for Create (#30002)
BUG FIXES:
- data-source/aws_opensearch_domain: Add missing
advanced_security_options.anonymous_auth_enabled
attribute (#26746) - resource/aws_api_gateway_integration: Fix bug that cleared unchanged
cache_key_parameters
values on Update (#29991) - resource/aws_apigatewayv2_integration: Retry errors like
ConflictException: Unable to complete operation due to concurrent modification. Please try again later.
(#29735) - resource/aws_budgets_action: Extend and add configurable timeouts for create and update (#29976)
- resource/aws_cognito_user_pool: Remove Computed from
lambda_config.custom_email_sender
andlambda_config.custom_sms_sender
allowing their values to be removed (#29047) - resource/aws_cognito_user_pool:
account_recovery_setting.recovery_mechanism
is Optional+Computed (#22302) - resource/aws_ecr_repository: Fix unhandled errors and nil output on read (#30067)
- resource/aws_elasticache_user: Change
user_id
to ForceNew (#28928) - resource/aws_elasticsearch_domain: Remove upper bound validation for
ebs_options.throughput
as the 1,000 MB/s limit can be raised (#27598) - resource/aws_lambda_function: Fix empty environment variable update (#29839)
- resource/aws_lightsail_domain_entry: Allow for the domain entry to begin with an underscore. (#30056)
- resource/aws_lightsail_domain_entry: Moved the error handling of an improperly formatted ID to be before attempting to access the id_parts. This will cause a proper empty resource message instead of a panic when ID is not properly formed. (#30056)
- resource/aws_lightsail_instance: Added a check to ensure that the availability_zone value is within the current region of the provider. (#30056)
- resource/aws_lightsail_instance: Fix
name
validation to allow instances to start with a numeric character (#29903) - resource/aws_medialive_channel: Fix setting of
bitrate
andsample_rate
foraac_settings
. (#29807) - resource/aws_medialive_channel: Fix setting of
bitrate
foreac3_settings
. (#29809) - resource/aws_medialive_channel: Fix spelling for attribute
audio_only_timecode_control
and correct type forevent_id
inms_smooth_group_settings
(#29917) - resource/aws_medialive_channel: Removed
Compute
flag fromaudio_normalization_settings
andremix_settings
inaudio_descriptions
(#29859) - resource/aws_medialive_channel: Removed
Computed
flag fromaac_settings
, ´ac3_settings,
eac3_atmos_settings,
eac3_settings,
mp2_settings,
pass_through_settingsand
wav_settingsin
codec_settings`. (#29825) - resource/aws_neptune_cluster: Change lower bound validation for
serverless_v2_scaling_configuration.min_capacity
to 1 Neptune Capacity Unit (NCU) (#29999) - resource/aws_network_acl_association: Add retry to read step, resolving
empty result
error (#26838) - resource/aws_opensearch_domain: Remove upper bound validation for
ebs_options.throughput
as the 1,000 MB/s limit can be raised (#27598) - resource/aws_route: Allow
destination_ipv6_cidr_block
to be specified for avpc_endpoint_id
target (#29994) - resource/aws_sagemaker_endpoint_configuration: Fix
variant_name
generation when unset (#29915)
v4.58.0
FEATURES:
-
New Data Source:
aws_ecs_task_execution
(#29783) -
New Data Source:
aws_licensemanager_grants
(#29741) -
New Data Source:
aws_licensemanager_received_license
(#29741) -
New Data Source:
aws_licensemanager_received_licenses
(#29741) -
New Resource:
aws_licensemanager_grant
(#29741) -
New Resource:
aws_licensemanager_grant_accepter
(#29741)
ENHANCEMENTS:
- data-source/aws_ec2_transit_gateway_attachment: Add
association_state
andassociation_transit_gateway_route_table_id
attributes (#29648) - data-source/aws_instances: Add
ipv6_addresses
attribute (#29794) - resource/aws_acm_certificate: Change
options
toComputed
(#29763) - resource/aws_amplify_domain_association: Add
enable_auto_sub_domain
argument (#92814) - resource/aws_cloudhsm_v2_hsm: Enforce
ExactlyOneOf
foravailability_zone
andsubnet_id
arguments (#20891) - resource/aws_db_instance: Add
listener_endpoint
attribute (#28434) - resource/aws_db_instance: Add plan time validations for
backup_retention_period
,monitoring_interval
, andmonitoring_role_arn
(#28434) - resource/aws_flow_log: Add
deliver_cross_account_role
argument (#29254) - resource/aws_grafana_workspace: Add
network_access_control
argument (#29793) - resource/aws_sesv2_configuration_set: Add
vdm_options
argument (#28812) - resource/aws_transfer_server: Add
protocol_details
argument (#28621) - resource/aws_transfer_workflow: Add
decrypt_step_details
to theon_exception_steps
andsteps
configuration blocks (#29692) - resource/db_snapshot: Add
shared_accounts
argument (#28424)
BUG FIXES:
- resource/aws_acm_certificate: Update
options.certificate_transparency_logging_preference
in place rather than replacing the resource (#29763) - resource/aws_batch_job_definition: Prevents perpetual diff when container properties environment variable has empty value. (#29820)
- resource/aws_elastic_beanstalk_configuration_template: Map errors like
InvalidParameterValue: No Platform named '...' found.
toresource.NotFoundError
soterraform refesh
correctly removes the resource from state (#29863) - resource/aws_flow_log: Fix IAM eventual consistency errors on resource Create (#29254)
- resource/aws_grafana_workspace: Allow removing
vpc_configuration
(#29793) - resource/aws_medialive_channel: Fix setting of the
include_fec
attribute infec_output_settings
(#29808) - resource/aws_medialive_channel: Fix setting of the
video_pid
attribute inm2ts_settings
(#29824)
v4.57.1
BUG FIXES:
- resource/aws_lambda_function: Prevent
Provider produced inconsistent final plan
errors produced by nullskip_destroy
attribute value. NOTE: Because the maintainers have been unable to reproduce the reported problem, the fix is best effort and we ask for community support in verifying the fix. (#29812)
v4.57.0
NOTES:
- resource/aws_dms_endpoint: The
s3_settings
argument has been deprecated. All configurations usingaws_dms_endpoint.*.s3_settings
should be updated to use theaws_dms_s3_endpoint
resource instead (#29728) - resource/aws_networkmanager_core_network: The
base_policy_region
argument is being deprecated in favor of the newbase_policy_regions
argument. (#29623)
FEATURES:
-
New Resource:
aws_lightsail_bucket_resource_access
(#29460)
ENHANCEMENTS:
- data-source/aws_launch_template: Add
instance_requirements.allowed_instance_types
andinstance_requirements.network_bandwidth_gbps
attributes (#29140) - resource/aws_autoscaling_group: Add
auto_rollback
to theinstance_refresh.preferences
configuration block (#29513) - resource/aws_autoscaling_group: Add
mixed_instances_policy.launch_template.override.instance_requirements.allowed_instance_types
andmixed_instances_policy.launch_template.override.instance_requirements.network_bandwidth_gbps
arguments (#29140) - resource/aws_autoscaling_policy: Add
metrics
to thetarget_tracking_configuration.customized_metric_specification
configuration block in support of metric math (#28560) - resource/aws_cloudtrail_event_data_store: Add
kms_key_id
argument (#29224) - resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the
db2
engine (#29380) - resource/aws_dms_endpoint: Add support for
azure-sql-managed-instance
engine_name
value (#28960) - resource/aws_dms_s3_endpoint: Add
detach_target_on_lob_lookup_failure_parquet
argument (#29772) - resource/aws_ec2_fleet: Add
fleet_instance_set
,fleet_state
,fulfilled_capacity
, andfulfilled_on_demand_capacity
attributes (#29181) - resource/aws_ec2_fleet: Add
launch_template_config.override.instance_requirements.allowed_instance_types
andlaunch_template_config.override.instance_requirements.network_bandwidth_gbps
arguments (#29140) - resource/aws_ec2_fleet: Add
on_demand_options.capacity_reservation_options
,on_demand_options.max_total_price
,on_demand_options.min_target_capacity
,on_demand_options.single_availability_zone
andon_demand_options.single_instance_type
arguments (#29181) - resource/aws_ec2_fleet: Add
spot_options.maintenance_strategies.capacity_rebalance.termination_delay
argument (#29181) - resource/aws_ec2_fleet: Add
valid_from
andvalid_until
arguments (#29181) - resource/aws_lambda_function: Add
skip_destroy
argument (#29646) - resource/aws_lambda_function: Add configurable timeout for Delete (#29646)
- resource/aws_lambda_function: Add plan time validators for
memory_size
,role
, andtimeout
(#29721) - resource/aws_lambda_function: Retry (up to the configurable timeout) deletion of replicated Lambda@Edge functions (#29646)
- resource/aws_launch_template: Add
instance_requirements.allowed_instance_types
andinstance_requirements.network_bandwidth_gbps
arguments (#29140) - resource/aws_networkmanager_core_network: Add
base_policy_regions
argument (#29623) - resource/aws_spot_fleet_request: Add
launch_template_config.overrides.instance_requirements.allowed_instance_types
andlaunch_template_config.overrides.instance_requirements.network_bandwidth_gbps
arguments (#29140) - resource/aws_transfer_server: Add support for
on_partial_upload
block on theworkflow_details
attribute. (#27730) - resource/aws_transfer_user: Add configurable timeout for Delete (#27563)
BUG FIXES:
- resource/aws_dms_endpoint: Trigger updates based on adding new
extra_connection_attributes
(#29772) - resource/aws_instance: When encountering
InsufficientInstanceCapacity
errors, do not retry in order to fail faster, as this error is typically not resolvable in the near future (#21293) - resource/aws_transfer_server: Allow the removal of
workflow_details
attribute. (#27730) - resource/aws_transfer_user: Fix bug preventing removal of all
home_directory_mappings
due to empty list validation error (#27563)
v4.56.0
NOTES:
- resource/aws_lambda_function: Updated to AWS SDK V2 (#29615)
FEATURES:
-
New Data Source:
aws_vpc_security_group_rule
(#29484) -
New Data Source:
aws_vpc_security_group_rules
(#29484) -
New Resource:
aws_networkmanager_connect_peer
(#29296) -
New Resource:
aws_vpc_security_group_egress_rule
(#29484) -
New Resource:
aws_vpc_security_group_ingress_rule
(#29484)
ENHANCEMENTS:
- data-source/aws_ecr_image: Add
most_recent
argument to return the most recently pushed image (#26857) - data-source/aws_ecr_repository: Add
most_recent_image_tags
attribute containing the most recently pushed image tag(s) in an ECR repository (#26857) - resource/aws_lb_ssl_negotiation_policy: Add
triggers
attribute to force resource updates (#29482) - resource/aws_load_balancer_listener_policy: Add
triggers
attribute to force resource updates (#29482) - resource/aws_organizations_policy: Add
skip_destroy
attribute (#29382) - resource/aws_organizations_policy_attachment: Add
skip_destroy
attribute (#29382) - resource/aws_sns_topic: Add
signature_version
andtracing_config
arguments (#29462)
BUG FIXES:
- resource/aws_acmpca_certificate_authority:
revocation_configuration.crl_configuration.expiration_in_days
is Optional (#29613) - resource/aws_default_vpc: Change
enable_network_address_usage_metrics
to Optional+Computed, matching theaws_vpc
resource (#29607) - resource/aws_lambda_function: Fix missing
ValidationException
message body (#29615) - resource/aws_medialive_channel: Fix setting of
m2ts_settings
arib_captions_pid
andarib_captions_pid_control
attributes (#29467) - resource/aws_resourceexplorer2_view: Fix
Unexpected Planned Resource State on Destroy
errors when using Terraform CLI v1.3 and above (#29550) - resource/aws_servicecatalog_provisioned_product: Fix to allow
outputs
to beComputed
when the resource changes (#29559) - resource/aws_sns_topic_subscription: Fix
filter_policy_scope
update fromMessageAttributes
toMessageBody
with nested objects infilter_policy
(#28572) - resource/aws_wafv2_web_acl: Prevent erroneous diffs and attempts to remove AWS-added rule when applying to CF distribution using AWS Shield to automatically mitigate DDoS (#29575)
v4.55.0
FEATURES:
-
New Data Source:
aws_organizations_organizational_unit_child_accounts
(#24350) -
New Data Source:
aws_organizations_organizational_unit_descendant_accounts
(#24350) -
New Resource:
aws_route53_cidr_collection
(#29407) -
New Resource:
aws_route53_cidr_location
(#29407) -
New Resource:
aws_vpc_ipam_resource_discovery
(#29216) -
New Resource:
aws_vpc_ipam_resource_discovery_association
(#29216)
ENHANCEMENTS:
- data-source/aws_s3_bucket_object: Expand content types that can be read from S3 to include some human-readable application types (e.g.,
application/xml
,application/atom+xml
) (#27704) - data-source/aws_s3_object: Expand content types that can be read from S3 to include some human-readable application types (e.g.,
application/xml
,application/atom+xml
) (#27704) - resource/aws_autoscaling_policy: Make
resource_label
optional inpredefined_load_metric_specification
,predefined_metric_pair_specification
, andpredefined_scaling_metric_specification
(#29277) - resource/aws_cloudwatch_log_group: Allow
retention_in_days
attribute to accept a three year retention period (1096 days) (#29426) - resource/aws_db_proxy: Add
auth.client_password_auth_type
attribute (#28432) - resource/aws_firehose_delivery_stream: Add
ForceNew
todynamic_partitioning_configuration
attribute (#29093) - resource/aws_firehose_delivery_stream: Add configurable timeouts for create, update, and delete (#28469)
- resource/aws_neptune_cluster: Add
neptune_instance_parameter_group_name
argument, used only when upgrading major version (#28051) - resource/aws_neptune_global_cluster: Increase Update timeout to 120 minutes (per global cluster member) (#28051)
- resource/aws_route53_cidr_location: Add
cidr_routing_policy
argument (#29407) - resource/aws_s3_bucket: Accept 'NoSuchTagSetError' responses from S3-compatible services (#28530)
- resource/aws_s3_bucket: Add error handling for
NotImplemented
errors when readinglifecycle_rule
orreplication_configuration
into terraform state. (#28790) - resource/aws_s3_object: Accept 'NoSuchTagSetError' responses from S3-compatible services (#28530)
BUG FIXES:
- data-source/aws_elb: Fix errors caused by multiple security groups with the same name but different owners (#29202)
- resource/aws_appflow_connector_profile: Fix bug in connector_profile_config.0.connector_profile_properties.0.sapo_data.0.logon_language validation regex (#28550)
- resource/aws_appflow_flow: Fix misspelled
source_connector_properties.0.sapo_data.0.object
, which never worked, to beobject_path
(#28600) - resource/aws_appmesh_route: Fix RequiredWith setting for
spec.0.grpc_route.0.match.0.method_name
attribute (#29217) - resource/aws_autoscaling_policy: Fix type of target_value for predictive scaling (#28444)
- resource/aws_cloudfront_response_headers_policy: Allow
server_timing_headers_config.0.sampling_rate
to be0
(#27778) - resource/aws_codebuild_project: Fix err check on delete (#29042)
- resource/aws_ecs_service: Allow multiple
service
blocks withinservice_connect_configuration
(#28813) - resource/aws_ecs_service: Mark
service_connect_configuration.service.client_alias
as optional and ensure that only 1 such block can be provided (#28813) - resource/aws_ecs_service: Require
service_connect_configuration.log_configuration.log_driver
to be provided (#28813) - resource/aws_elb: Fix errors caused by multiple security groups with the same name but different owners (#29202)
- resource/aws_emr_cluster: Fix errors caused by multiple security groups with the same name but different owners (#29202)
- resource/aws_globalaccelerator_endpoint_group: Fix errors caused by multiple security groups with the same name but different owners (#29202)
- resource/aws_kms_key: Increase
policy propagation
eventual consistency timeouts from 5 minutes to 10 minutes (#28636) - resource/aws_medialive_channel: Fix issue causing
dbv_sub_pids
attribute to be configured incorrectly inm2ts_settings
(#29371) - resource/aws_medialive_channel: Fix issue preventing
audio_pids
attribute from being configured inm2ts_settings
(#29371) - resource/aws_neptune_cluster: Fix restore-from-snapshot functionality using the
snapshot_identifier
argument on resource Create (#28051) - resource/aws_neptune_cluster: Fix major version upgrade (#28051)
- resource/aws_sagemaker_user_profile: Change
user_settings.0.jupyter_server_app_settings.0.default_resource_spec
to be optional (#28581)
v4.54.0
NOTES:
- provider: Resolves provider crashes reporting
Error: Plugin did not respond
andfatal error: concurrent map writes
with updated upstream package (terraform-plugin-log
) (#29269) - resource/aws_networkmanager_core_network: The
policy_document
attribute is being deprecated in favor of the newaws_networkmanager_core_network_policy_attachment
resource. (#29097)
FEATURES:
-
New Resource:
aws_evidently_launch
(#28752) -
New Resource:
aws_lightsail_bucket_access_key
(#28699) -
New Resource:
aws_networkmanager_core_network_policy_attachment
(#29097)
ENHANCEMENTS:
- data-source/aws_cloudtrail_service_account: Add service account ID for
ap-southeast-4
AWS Region (#29103) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
ap-southeast-4
AWS Region (#29103) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
ap-southeast-4
AWS Region (#29103) - data-source/aws_s3_bucket: Add hosted zone ID for
ap-south-2
AWS Region (#29103) - data-source/aws_s3_bucket: Add hosted zone ID for
ap-southeast-4
AWS Region (#29103) - provider: Support
ap-southeast-4
as a valid AWS region (#29329) - resource/aws_dynamodb_table: Add
arn
,stream_arn
, andstream_label
attributes toreplica
to obtain this information for replicas (#29269) - resource/aws_efs_mount_target: Add configurable timeouts for Create and Delete (#27991)
- resource/aws_lambda_function: Add
replace_security_groups_on_destroy
andreplacement_security_group_ids
attributes (#29289) - resource/aws_networkfirewall_firewall: Add
ip_address_type
attribute to thesubnet_mapping
configuration block (#29010) - resource/aws_networkmanager_core_network: Add
base_policy_region
andcreate_base_policy
arguments (#29097)
BUG FIXES:
- data-source/aws_kms_key: Reinstate support for KMS multi-Region key ID or ARN values for the
key_id
argument (#29266) - resource/aws_cloudwatch_log_group: Fix IAM eventual consistency error when setting a retention policy (#29325)
- resource/aws_dynamodb_table: Avoid recreating table replicas when enabling PITR on them (#29269)
- resource/aws_ec2_client_vpn_endpoint: Change
authentication_options
fromTypeList
toTypeSet
as order is not significant (#29294) - resource/aws_kms_grant: Retries until valid principal ARNs are returned instead of not updating state (#29245)
- resource/aws_opsworks_permission:
stack_id
anduser_arn
are both Required and ForceNew (#27991) - resource/aws_prometheus_workspace: Create a logging configuration on resource update if none existed previously (#27472)
- resource/aws_s3_bucket: Fix crash when
logging
is empty (#29243) - resource/aws_sns_topic: Fixes potential race condition when reading policy document. (#29226)
- resource/aws_sns_topic_policy: Fixes potential race condition when reading policy document. (#29226)
v4.53.0
ENHANCEMENTS:
- provider: Adds structured fields in logging (#29223)
- provider: Masks authentication fields in HTTP header logging (#29223)
v4.52.0
NOTES:
- resource/aws_dynamodb_table: In the past, in certain situations,
kms_key_arn
could be populated with the default DynamoDB keyalias/aws/dynamodb
. This was an error because it would then be sent back to AWS and should not be. (#29102) - resource/aws_dynamodb_table: In the past, in certain situations,
server_side_encryption.0.kms_key_arn
orreplica.*.kms_key_arn
could be populated with the default DynamoDB keyalias/aws/dynamodb
. This was an error because it would then be sent back to AWS and should not be. (#29102) - resource/aws_dynamodb_table: Updating
replica.*.kms_key_arn
orreplica.*.point_in_time_recovery
, when thereplica
'skms_key_arn
is set, requires recreating the replica. (#29102) - resource/aws_dynamodb_table_replica: Updating
kms_key_arn
forces replacement of the replica now as required to re-encrypt the replica (#29102)
FEATURES:
-
New Data Source:
aws_auditmanager_framework
(#28989) -
New Resource:
aws_auditmanager_assessment_delegation
(#29099) -
New Resource:
aws_auditmanager_framework_share
(#29049) -
New Resource:
aws_auditmanager_organization_admin_account_registration
(#29018)
ENHANCEMENTS:
- resource/aws_wafv2_rule_group: Add
oversize_handling
argument tobody
block of thefield_to_match
block (#29082)
BUG FIXES:
- resource/aws_api_gateway_integration: Prevent drift of
connection_type
attribute whenaws_api_gateway_deployment
triggers
are used (#29016) - resource/aws_dynamodb_table: Fix perpetual diffs when using default AWS-managed keys (#29102)
- resource/aws_dynamodb_table: Fix to allow updating of
replica.*.kms_key_arn
(#29102) - resource/aws_dynamodb_table: Fix to allow updating of
replica.*.point_in_time_recovery
when areplica
haskms_key_arn
set (#29102) - resource/aws_dynamodb_table: Fix unexpected state 'DISABLED' error when waiting for PITR to update (#29086)
- resource/aws_dynamodb_table_replica: Fix to allow creation of the replica without errors when
kms_key_arn
is set (#29102) - resource/aws_dynamodb_table_replica: Fix to allow updating of
kms_key_arn
(#29102) - resource/aws_medialive_channel: Add missing
rate_control_mode
inacc_settings
foraudio_descriptions
(#29051) - resource/aws_medialive_input: Fix eventual consistency error when updating (#29051)
- resource/aws_vpc_ipam_pool_cidr_allocation: Added support for eventual consistency on read operations after create. (#29022)
- resource/aws_wafv2_web_acl: Fix error when setting
aws_managed_rules_bot_control_rule_set
inmanage_rule_group_config
(#28810)
v4.51.0
NOTES:
- resource/aws_ce_anomaly_subscription: Deprecate
threshold
argument in favour ofthreshold_expression
(#28573)
FEATURES:
-
New Data Source:
aws_auditmanager_control
(#28967) -
New Resource:
aws_datasync_location_object_storage
(#23154) -
New Resource:
aws_rds_export_task
(#28831) -
New Resource:
aws_resourceexplorer2_view
(#28841)
ENHANCEMENTS:
- resource/aws_appmesh_gateway_route: Add
port
on thematch
attribute for routes (#27799) - resource/aws_appmesh_route: Add
port
on theweighted_target
attribute (#27799) - resource/aws_appmesh_virtual_gateway: Add the functionality to be able specify multi listeners (#27799)
- resource/aws_appmesh_virtual_node: Add the functionality to be able specify multi listeners (#27799)
- resource/aws_appmesh_virtual_router: Add the functionality to be able specify multi listeners (#27799)
- resource/aws_apprunner_service: Add
source_configuration.code_repository.code_configuration.runtime_environment_secrets
andsource_configuration.image_repository.image_configuration.runtime_environment_secrets
argument (#28871) - resource/aws_ce_anomaly_subscription: Add
threshold_expression
argument (#28573) - resource/aws_grafana_workspace: Add
configuration
argument (#28569) - resource/aws_imagbuilder_component: Add
skip_destroy
argument (#28905) - resource/aws_lambda_event_source_mapping: Add
scaling_config
argument (#28876) - resource/aws_lambda_function: Add configurable timeout for Update (#28963)
- resource/aws_rum_app_monitor: Add
custom_events
argument (#28431) - resource/aws_servicecatalog_portfolio_share: Add
share_principals
argument (#28619)
BUG FIXES:
- data-source/aws_eks_cluster: Add
outpost_config.control_plane_placement
attribute (#28924) - data-source/aws_identitystore_group: Restore use of
ListGroups
API whenfilter
is specified (#28937) - data-source/aws_identitystore_user: Restore use of
ListUsers
API whenfilter
is specified (#28937) - data-source/aws_lambda_function: Fix
AccessDeniedException
errors in AWS Regions where AWS Signer is not supported (#28963) - data-source/aws_lambda_function: Remove any qualifier from
invoke_arn
(#28963) - resource/aws_appstream_image_builder: Fix IAM eventual consistency error for optional role (#26677)
- resource/aws_appstream_image_builder: Fix refresh error when
domain_join_info
andvpc_config
are not empty (#26677) - resource/aws_elasticsearch_domain: Prevent persistent
iops
diff (#28901) - resource/aws_grafana_workspace: Fix updating
vpc_configuration
(#28569) - resource/aws_iam_server_certificate: Avoid errors on delete when no error occurred (#28968)
- resource/aws_lambda_function: Don't persist invalid
filename
,s3_bucket
,s3_key
ors3_object_version
values on resource Update (#28963) - resource/aws_lambda_function: Retry
ResourceNotFoundException
errors on resource Create (#28963) - resource/aws_lb_listener_certificate: Show errors in certain cases where they were previously only logged and resource was removed from state (#28968)
- resource/aws_opensearch_domain: Omit
throughput
andiops
for unsupported volume types (#28862) - resource/aws_sagemaker_app: Correctly list all apps so as not to lose track in an environment where there are many apps (#28561)
v4.50.0
FEATURES:
-
New Data Source:
aws_lbs
(#27161) -
New Resource:
aws_sesv2_configuration_set_event_destination
(#27565)
ENHANCEMENTS:
- data-source/aws_lb_target_group: Support querying by
tags
(#27261) - resource/aws_redshiftdata_statement: Add
workgroup_name
argument (#28751) - resource/aws_service_discovery_service: Add
type
argument (#28778)
BUG FIXES:
- resource/aws_acmpca_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28788) - resource/aws_api_gateway_rest_api: Improve refresh to avoid unnecessary diffs in
policy
(#28789) - resource/aws_api_gateway_rest_api_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28789) - resource/aws_apprunner_service:
observability_configuration_arn
is optional (#28620) - resource/aws_apprunner_vpc_connector: Fix
default_tags
not handled correctly (#28736) - resource/aws_appstream_stack: Fix panic on user_settings update (#28766)
- resource/aws_appstream_stack: Prevent unnecessary replacements on update (#28766)
- resource/aws_backup_vault_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28791) - resource/aws_cloudsearch_domain_service_access_policy: Improve refresh to avoid unnecessary diffs in
access_policy
(#28792) - resource/aws_cloudwatch_event_bus_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28802) - resource/aws_codeartifact_domain_permissions_policy: Improve refresh to avoid unnecessary diffs in
policy_document
(#28794) - resource/aws_codeartifact_repository_permissions_policy: Improve refresh to avoid unnecessary diffs in
policy_document
(#28794) - resource/aws_codebuild_resource_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28796) - resource/aws_dms_replication_subnet_group: Fix error ("Provider produced inconsistent result") when an error is encountered during creation (#28748)
- resource/aws_dms_replication_task: Allow updates to
aws_dms_replication_task
even whenmigration_type
andtable_mappings
have not changed (#28047) - resource/aws_dms_replication_task: Fix error with
cdc_path
when used withaws_dms_s3_endpoint
(#28704) - resource/aws_dms_s3_endpoint: Fix error with
cdc_path
when used withaws_dms_replication_task
(#28704) - resource/aws_ecr_registry_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28799) - resource/aws_ecr_repository_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28799) - resource/aws_ecrpublic_repository_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28799) - resource/aws_efs_file_system_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28800) - resource/aws_elasticsearch_domain: Improve refresh to avoid unnecessary diffs in
access_policies
(#28801) - resource/aws_elasticsearch_domain_policy: Improve refresh to avoid unnecessary diffs in
access_policies
(#28801) - resource/aws_glacier_vault: Improve refresh to avoid unnecessary diffs in
access_policy
(#28804) - resource/aws_glacier_vault_lock: Improve refresh to avoid unnecessary diffs in
policy
(#28804) - resource/aws_glue_resource_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28807) - resource/aws_iam_group_policy: Fixed issue that could result in "inconsistent final plan" errors (#28868)
- resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28777) - resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28836) - resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28777) - resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in
policy
,tags
(#28836) - resource/aws_iam_role: Fixed issue that could result in "inconsistent final plan" errors (#28868)
- resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in
assume_role_policy
andinline_policy
policy
(#28777) - resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in
inline_policy.*.policy
,tags
(#28836) - resource/aws_iam_role_policy: Fixed issue that could result in "inconsistent final plan" errors (#28868)
- resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28777) - resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28836) - resource/aws_iam_user_policy: Fixed issue that could result in "inconsistent final plan" errors (#28868)
- resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28777) - resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28836) - resource/aws_iot_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28838) - resource/aws_kms_external_key: Improve refresh to avoid unnecessary diffs in
policy
(#28853) - resource/aws_kms_key: Improve refresh to avoid unnecessary diffs in
policy
(#28853) - resource/aws_lb_target_group: Change
protocol_version
to ForceNew (#17845) - resource/aws_lb_target_group: When creating a new target group, return an error if there is an existing target group with the same name. Use
terraform import
for existing target groups (#26977) - resource/aws_mq_configuration: Improve refresh to avoid unnecessary diffs in
data
(#28837) - resource/aws_s3_access_point: Improve refresh to avoid unnecessary diffs in
policy
(#28866) - resource/aws_s3_bucket: Improve refresh to avoid unnecessary diffs in
policy
(#28855) - resource/aws_s3_bucket_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28855) - resource/aws_s3control_access_point_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28866) - resource/aws_s3control_bucket_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28866) - resource/aws_s3control_multi_region_access_point_policy: Improve refresh to avoid unnecessary diffs in
details
policy
(#28866) - resource/aws_s3control_object_lambda_access_point_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28866) - resource/aws_sagemaker_model_package_group_policy: Improve refresh to avoid unnecessary diffs in
resource_policy
(#28865) - resource/aws_schemas_registry_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28864) - resource/aws_secretsmanager_secret: Improve refresh to avoid unnecessary diffs in
policy
(#28863) - resource/aws_secretsmanager_secret_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28863) - resource/aws_ses_identity_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28861) - resource/aws_sns_topic: Improve refresh to avoid unnecessary diffs in
policy
(#28860) - resource/aws_sns_topic_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28860) - resource/aws_sqs_queue: Improve refresh to avoid unnecessary diffs in
policy
(#28840) - resource/aws_sqs_queue_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28840) - resource/aws_transfer_access: Improve refresh to avoid unnecessary diffs in
policy
(#28859) - resource/aws_transfer_user: Improve refresh to avoid unnecessary diffs in
policy
(#28859) - resource/aws_vpc_endpoint: Improve refresh to avoid unnecessary diffs in
policy
(#28798) - resource/aws_vpc_endpoint_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28798)
v4.49.0
NOTES:
- resource/aws_dms_endpoint: For
s3_settings
cdc_min_file_size
, AWS changed the multiplier to kilobytes instead of megabytes. In other words, prior to the change, a value of32
represented 32 MiB. After the change, a value of32
represents 32 KB. Change your configuration accordingly. (#28578) - resource/aws_fsx_ontap_storage_virtual_machine: The
subtype
attribute is no longer deprecated (#28567)
FEATURES:
-
New Data Source:
aws_s3control_multi_region_access_point
(#28373) -
New Resource:
aws_appsync_type
(#28437) -
New Resource:
aws_auditmanager_assessment
(#28643) -
New Resource:
aws_auditmanager_assessment_report
(#28663) -
New Resource:
aws_ec2_instance_state
(#28639) -
New Resource:
aws_lightsail_bucket
(#28585) -
New Resource:
aws_ssoadmin_instance_access_control_attributes
(#23317)
ENHANCEMENTS:
- data-source/aws_autoscaling_group: Add
desired_capacity_type
attribute (#28658) - data-source/aws_kms_secrets: Add
encryption_algorithm
andkey_id
arguments in support of asymmetric keys (#21054) - resource/aws_appflow_connector_profile: Add support for
connector_type
CustomConnector. Addcluster_identifier
,database_name
, anddata_api_role_arn
attributes forredshift
connection_profile_properties
(#26766) - resource/aws_appsync_resolver: Add
runtime
andcode
arguments (#28436) - resource/aws_appsync_resolver: Add plan time validation for
caching_config.ttl
(#28436) - resource/aws_athena_workgroup: Add
configuration.execution_role
argument (#28420) - resource/aws_autoscaling_group: Add
desired_capacity_type
argument (#28658) - resource/aws_dms_endpoint: Change
s3_settings
cdc_min_file_size
default to 32000 in order to align with AWS's change from megabytes to kilobytes for this setting (#28578) - resource/aws_ecs_service: Add
alarms
argument (#28521) - resource/aws_lightsail_instance: Add
add_on
configuration block. (#28602) - resource/aws_lightsail_instance_public_ports: Add
cidr_list_aliases
argument (#28376) - resource/aws_s3_access_point: Add
bucket_account_id
argument (#28564) - resource/aws_s3control_storage_lens_configuration: Add
advanced_cost_optimization_metrics
,advanced_data_protection_metrics
, anddetailed_status_code_metrics
arguments to thestorage_lens_configuration.account_level
andstorage_lens_configuration.account_level.bucket_level
configuration blocks (#28564) - resource/aws_wafv2_rule_group: Add
rule.action.captcha
argument (#28435) - resource/aws_wafv2_web_acl: Add
rule.action.challenge
argument (#28305) - resource/aws_wafv2_web_acl: Add support for ManagedRuleGroupConfig (#28594)
BUG FIXES:
- data-source/aws_cloudwatch_log_group: Restore use of
ListTagsLogGroup
API (#28492) - resource/aws_cloudwatch_log_group: Restore use of
ListTagsLogGroup
,TagLogGroup
andUntagLogGroup
APIs (#28492) - resource/aws_dms_endpoint: Add s3 setting
ignore_header_rows
and deprecate misspelledignore_headers_row
. (#28579) - resource/aws_elasticache_user_group_association: Retry on
InvalidUserGroupState
errors to handle concurrent updates (#28689) - resource/aws_lambda_function_url: Fix removal of
cors
configuration block (#28439) - resource/aws_lightsail_database: The
availability_zone
attribute is now optional/computed to support HAbundle_id
s (#28590) - resource/aws_lightsail_disk_attachment: Resolves a panic when an attachment fails and attempts to display the error returned by AWS. (#28593)
v4.48.0
FEATURES:
-
New Resource:
aws_dx_macsec_key_association
(#26274)
ENHANCEMENTS:
- resource/aws_dx_connection: Add
encryption_mode
andrequest_macsec
arguments andmacsec_capable
andport_encryption_status
attributes in support of MACsec (#26274) - resource/aws_dx_connection: Add
skip_destroy
argument (#26274) - resource/aws_eks_node_group: Add support for
WINDOWS_CORE_2019_x86_64
,WINDOWS_FULL_2019_x86_64
,WINDOWS_CORE_2022_x86_64
, andWINDOWS_FULL_2022_x86_64
ami_type
values (#28445) - resource/aws_networkfirewall_rule_group: Add
reference_sets
configuration block (#28335) - resource/aws_networkmanager_vpc_attachment: Add
options.appliance_mode_support
argument (#28450)
BUG FIXES:
- resource/aws_networkfirewall_rule_group: Change
rule_group.rules_source.stateful_rule
fromTypeSet
toTypeList
to preserve rule order (#27102)
v4.47.0
FEATURES:
-
New Data Source:
aws_cloudwatch_log_data_protection_policy_document
(#28272) -
New Data Source:
aws_db_instances
(#28303) -
New Resource:
aws_auditmanager_account_registration
(#28314) -
New Resource:
aws_auditmanager_framework
(#28257) -
New Resource:
aws_lambda_functions
(#28254) -
New Resource:
aws_sagemaker_space
(#28154) -
New Resource:
aws_ssoadmin_permissions_boundary_attachment
(#28241)
ENHANCEMENTS:
- data-source/aws_cloudwatch_log_group: Use resource tagging APIs that are not on a path to deprecation (#28359)
- data-source/aws_eks_addon: Add
configuration_values
attribute (#28295) - resource/aws_appsync_function: Add
runtime
andcode
arguments (#28057) - resource/aws_appsync_function: Make
request_mapping_template
andresponse_mapping_template
Optional (#28057) - resource/aws_cloudwatch_log_destination: Add
tags
argument andtags_all
attribute to support resource tagging (#28359) - resource/aws_cloudwatch_log_group: Use resource tagging APIs that are not on a path to deprecation (#28359)
- resource/aws_eks_addon: Add
configuration_values
argument (#28295) - resource/aws_grafana_workspace: Add
vpc_configuration
argument. (#28308) - resource/aws_networkmanager_core_network: Increase Create, Update, and Delete timeouts to 30 minutes (#28363)
- resource/aws_sagemaker_app: Add
space_name
argument (#28154) - resource/aws_sagemaker_app: Make
user_profile_name
optional (#28154) - resource/aws_sagemaker_domain: Add
default_space_settings
anddefault_user_settings.jupyter_server_app_settings.code_repository
arguments (#28154) - resource/aws_sagemaker_endpoint_configuration: Add
shadow_production_variants
,production_variants.container_startup_health_check_timeout_in_seconds
,production_variants.core_dump_config
,production_variants.model_data_download_timeout_in_seconds
, andproduction_variants.volume_size_in_gb
arguments (#28159) - resource/aws_sagemaker_user_profile: Add
user_settings.jupyter_server_app_settings.code_repository
argument (#28154)
BUG FIXES:
- resource/aws_cloudwatch_metric_stream: Correctly update
tags
(#28310) - resource/aws_db_instance: Ensure that
apply_immediately
default value is applied (#25768) - resource/aws_ecs_service: Fix
missing required field, UpdateServiceInput.ServiceConnectConfiguration.Enabled
error when removingservice_connect_configuration
configuration block (#28338) - resource/aws_ecs_service: Fix
service_connect_configuration.service.ingress_port_override
being set to 0 (InvalidParameterException: IngressPortOverride cannot use ports <= 1024
error) when not configured (#28338)
v4.46.0
FEATURES:
-
New Data Source:
aws_glue_catalog_table
(#23256) -
New Resource:
aws_auditmanager_control
(#27857) -
New Resource:
aws_networkmanager_core_network
(#28155) -
New Resource:
aws_resourceexplorer2_index
(#28144) -
New Resource:
aws_rum_metrics_destination
(#28143) -
New Resource:
aws_vpc_network_performance_metric_subscription
(#28150)
ENHANCEMENTS:
- resource/aws_glue_crawler: Add
catalog_target.dlq_event_queue_arn
,catalog_target.event_queue_arn
,catalog_target.connection_name
,lake_formation_configuration
, andjdbc_target.enable_additional_metadata
arguments (#28156) - resource/aws_glue_crawler: Make
delta_target.connection_name
optional (#28156) - resource/aws_networkfirewall_firewall: Add
encryption_configuration
attribute (#28242) - resource/aws_networkfirewall_firewall_policy: Add
encryption_configuration
attribute (#28242) - resource/aws_networkfirewall_rule_group: Add
encryption_configuration
attribute (#28242)
BUG FIXES:
- resource/aws_db_instance: Fix error modifying
allocated_storage
whenstorage_type
is"gp3"
(#28243) - resource/aws_dms_s3_endpoint: Fix disparate handling of endpoint attributes in different regions (#28220)
- resource/aws_evidently_feature: Fix
description
attribute to accept strings between0
and160
in length (#27948) - resource/aws_lb_target_group: Allow
healthy_threshold
andunhealthy_threshold
to be set to different values for TCP health checks. (#28018) - resource/aws_lb_target_group: Allow
interval
to be updated for TCP health checks (#28018) - resource/aws_lb_target_group: Allow
timeout
to be set for TCP health checks (#28018) - resource/aws_lb_target_group: Don't force recreation on
health_check
attribute changes (#28018) - resource/aws_sns_topic_subscription: Fix unsupported
FilterPolicyScope
attribute error in the aws-cn partition (#28253)
v4.45.0
NOTES:
- provider: With AWS's retirement of EC2-Classic the
skip_get_ec2_platforms
attribute has been deprecated and will be removed in a future version (#28084) - resource/aws_fsx_ontap_storage_virtual_machine: The
subtype
attribute has been deprecated and will be removed in a future version (#28127)
FEATURES:
-
New Resource:
aws_dms_s3_endpoint
(#28130)
ENHANCEMENTS:
- data-source/aws_db_instance: Add
storage_throughput
attribute (#27670) - data-source/aws_eks_cluster: Add
cluster_id
attribute (#28112) - resource/aws_db_instance: Add
storage_throughput
argument (#27670) - resource/aws_db_instance: Add support for
gp3
storage_type
value (#27670) - resource/aws_db_instance: Change
iops
toComputed
(#27670) - resource/aws_eks_cluster: Add
cluster_id
attribute andoutpost_config.control_plane_placement
argument (#28112) - resource/aws_redshiftserverless_workgroup: Wait on
MODIFYING
status on resource Delete (#28114)
BUG FIXES:
- resource/aws_redshiftserverless_namespace: Fix updating
admin_username
andadmin_user_password
(#28125)
v4.44.0
NOTES:
- resource/aws_fsx_ontap_storage_virtual_machine: The
subtype
attribute will always have the value"DEFAULT"
(#28085) - resource/aws_wafv2_web_acl:
excluded_rule
onmanaged_rule_group_statement
has been deprecated. All configurations usingexcluded_rule
should be updated to use the newrule_action_override
attribute instead (#27954)
ENHANCEMENTS:
- resource/aws_api_gateway_deployment: Add import support (#28030)
- resource/aws_kinesisanalyticsv2_application: Add support for
FLINK-1_15
runtime_environment
value (#28099) - resource/aws_lambda_function: Add
snap_start
attribute (#28097) - resource/aws_wafv2_web_acl: Support
rule_action_override
onmanaged_rule_group_statement
(#27954)
BUG FIXES:
- resource/aws_instance: Change
iam_instance_profile
toComputed
as the value may be configured via a launch template (#27972)
v4.43.0
FEATURES:
-
New Resource:
aws_neptune_global_cluster
(#26133)
ENHANCEMENTS:
- data-source/aws_ecs_cluster: Add
service_connect_defaults
attribute (#28052) - resource/aws_ce_cost_category: Allow configuration of
effective_start
value (#28055) - resource/aws_ecs_cluster: Add
service_connect_defaults
argument (#28052) - resource/aws_ecs_service: Add
service_connect_configuration
argument in support of ECS Service Connect (#28052) - resource/aws_glue_classifier: Add
custom_datatypes
andcustom_datatype_configured
arguments (#28048) - resource/aws_neptune_cluster: Add
global_cluster_identifier
argument (#26133)
v4.42.0
FEATURES:
-
New Data Source:
aws_redshiftserverless_credentials
(#28026) -
New Resource:
aws_cloudwatch_log_data_protection_policy
(#28049)
ENHANCEMENTS:
- data-source/aws_memorydb_cluster: Add
data_tiering
attribute (#28022) - resource/aws_db_instance: Add
blue_green_update
argument in support of RDS Blue/Green Deployments (#28046) - resource/aws_efs_file_system: Add support for
AFTER_1_DAY
lifecycle_policy.transition_to_ia
argument (#28054) - resource/aws_efs_file_system: Add support for
elastic
throughput_mode
argument (#28054) - resource/aws_emrserverless_application: Add
architecture
argument (#28027) - resource/aws_emrserverless_application: Mark
maximum_capacity
andmaximum_capacity.disk
as Computed, preventing spurious resource diffs (#28027) - resource/aws_memorydb_cluster: Add
data_tiering
attribute (#28022) - resource/aws_sns_topic_subscription: Add
filter_policy_scope
argument in support of SNS message filtering (#28004)
BUG FIXES:
- resource/aws_lambda_function: Don't fail resource Create if AWS Signer service is not available in the configured Region (#28008)
- resource/aws_memorydb_cluster: Allow more than one element in
snapshot_arns
(#28022) - resource/aws_sagemaker_user_profile:
user_settings.jupyter_server_app_settings
,user_settings.kernel_gateway_app_settings
, anduser_settings.tensor_board_app_settings
are updateable (#28025)
v4.41.0
FEATURES:
-
New Data Source:
aws_sqs_queues
(#27890) -
New Resource:
aws_ivschat_logging_configuration
(#27924) -
New Resource:
aws_ivschat_room
(#27974) -
New Resource:
aws_rds_clusters
(#27891) -
New Resource:
aws_redshiftserverless_resource_policy
(#27920) -
New Resource:
aws_scheduler_schedule
(#27975)
ENHANCEMENTS:
- data-source/aws_cloudtrail_service_account: Add service account ID for
ap-south-2
AWS Region (#27983) - data-source/aws_elasticache_cluster: Add
cache_nodes.outpost_arn
andpreferred_outpost_arn
attributes (#27934) - data-source/aws_elasticache_cluster: Add
ip_discovery
andnetwork_type
attributes (#27856) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
ap-south-2
AWS Region (#27983) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
ap-south-2
AWS Region (#27983) - data-source/aws_rds_cluster: Add
engine_mode
attribute (#27892) - provider: Support
ap-south-2
as a valid AWS Region (#27950) - resource/aws_amplify_app: Add support for
WEB_COMPUTE
platform
value in support of Next.js web apps (#27925) - resource/aws_elasticache_cluster: Add
ip_discovery
andnetwork_type
arguments in support of IPv6 clusters (#27856) - resource/aws_elasticache_cluster: Add
outpost_mode
andpreferred_outpost_arn
arguments andcache_nodes.outpost_arn
attribute. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#27934) - resource/aws_lambda_function: Add support for
nodejs18.x
runtime
value (#27923) - resource/aws_lambda_layer_version: Add support for
nodejs18.x
compatible_runtimes
value (#27923) - resource/aws_medialive_channel: Add
start_channel
attribute (#27882) - resource/aws_nat_gateway: Update
private_ip
attribute to be configurable (#27953)
BUG FIXES:
- resource/aws_cloudcontrolapi_resource: Remove invalid regular expressions from CloudFormation resource schema (#27935)
- resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the
sybase
engine (#27949) - resource/aws_resourcegroups_group: Properly set
configuration.parameters
as optional (#27985)
v4.40.0
NOTES:
- data-source/aws_identitystore_group: The
filter
argument has been deprecated. Use thealternate_identifier
argument instead (#27762)
FEATURES:
-
New Data Source:
aws_controltower_controls
(#26978) -
New Data Source:
aws_ivs_stream_key
(#27789) -
New Resource:
aws_appconfig_extension
(#27860) -
New Resource:
aws_appconfig_extension_association
(#27860) -
New Resource:
aws_controltower_control
(#26990) -
New Resource:
aws_evidently_feature
(#27395) -
New Resource:
aws_ivs_channel
(#27726) -
New Resource:
aws_networkmanager_connect_attachment
(#27787) -
New Resource:
aws_opensearch_inbound_connection_accepter
(#22988) -
New Resource:
aws_opensearch_outbound_connection
(#22988) -
New Resource:
aws_scheduler_schedule_group
(#27800) -
New Resource:
aws_schemas_registry_policy
(#27705) -
New Resource:
aws_sesv2_email_identity_mail_from_attributes
(#27672)
ENHANCEMENTS:
- data-source/aws_cloudtrail_service_account: Add service account ID for
eu-central-2
AWS Region (#27814) - data-source/aws_cloudtrail_service_account: Add service account ID for
eu-south-2
AWS Region (#27855) - data-source/aws_connect_instance: Add
multi_party_conference_enabled
attribute (#27734) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
eu-central-2
AWS Region (#27814) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
eu-south-2
AWS Region (#27855) - data-source/aws_identitystore_group: Add
alternate_identifier
argument anddescription
attribute (#27762) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
eu-central-2
AWS Region (#27814) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
eu-south-2
AWS Region (#27855) - data-source/aws_s3_bucket: Add hosted zone ID for
eu-central-2
AWS Region (#27814) - data-source/aws_s3_bucket: Add hosted zone ID for
eu-south-2
AWS Region (#27855) - provider: Support
eu-central-2
as a valid AWS Region (#27812) - resource/aws_acm_certificate: Add
key_algorithm
argument in support of ECDSA TLS certificates (#27781) - resource/aws_autoscaling_group: Add support for
price-capacity-optimized
spot_allocation_strategy
value (#27795) - resource/aws_cloudwatch_logs_group: Add
skip_destroy
argument (#26775) - resource/aws_cognito_user_pool: Add
sns_region
attribute tosms_configuration
block (#26684) - resource/aws_connect_instance: Add
multi_party_conference_enabled
argument (#27734) - resource/aws_customer_gateway: Make
ip_address
optional (#26673) - resource/aws_docdb_cluster_instance: Add
enable_performance_insights
andperformance_insights_kms_key_id
arguments (#27769) - resource/aws_dynamodb_table_item: Allow the creation of items with the same hash key but different range keys (#27517)
- resource/aws_ec2_fleet: Add support for
price-capacity-optimized
spot_options.allocation_strategy
value (#27795) - resource/aws_ecs_service: Add
triggers
argument to enable in-place updates (redeployments) on each apply, when used withforce_new_deployment = true
(#25840) - resource/aws_medialive_channel: Add support for more
output
,output_groups
,audio_descriptions
andvideo_descriptions
inencoder_settings
. Add support forinput_settings
ininput_attachments
(#27823) - resource/aws_msk_cluster: Add
storage_mode
argument (#27546) - resource/aws_neptune_cluster: Add
serverless_v2_scaling_configuration
block in support of Neptune Serverless (#27763) - resource/aws_network_interface_sg_attachment: Add import support (#27785)
- resource/aws_security_group_rule: Add
security_group_rule_id
attribute (#27828) - resource/aws_spot_fleet_request: Add support for
priceCapacityOptimized
allocation_strategy
value (#27795)
BUG FIXES:
- resource/aws_appstream_stack: Fix
redirect_url
max character length (#27744) - resource/aws_dynamodb_table: Allow changing KMS keys on tables with replicas. (#23156)
- resource/aws_route53_resolver_endpoint: Fix deduplication with multiple IPs on the same subnet (#25708)
- resource/aws_sesv2_email_identity_feedback_attributes: Fix invalid resource ID in error messages when creating the resource (#27784)
v4.39.0
BREAKING CHANGES:
- resource/aws_secretsmanager_secret_rotation: Remove unused
tags
attribute (#27656)
NOTES:
- provider: Add OpenBSD to list of OSes which the provider is built on (#27663)
FEATURES:
-
New Data Source:
aws_dynamodb_table_item
(#27504) -
New Data Source:
aws_route53_resolver_firewall_config
(#25496) -
New Data Source:
aws_route53_resolver_firewall_domain_list
(#25509) -
New Data Source:
aws_route53_resolver_firewall_rule_group
(#25511) -
New Data Source:
aws_route53_resolver_firewall_rule_group_association
(#25512) -
New Data Source:
aws_route53_resolver_firewall_rules
(#25536) -
New Resource:
aws_ivs_playback_key_pair
(#27678) -
New Resource:
aws_ivs_recording_configuration
(#27718) -
New Resource:
aws_lightsail_lb_https_redirection_policy
(#27679) -
New Resource:
aws_medialive_channel
(#26810) -
New Resource:
aws_networkmanager_site_to_site_vpn_attachment
(#27387) -
New Resource:
aws_redshift_endpoint_authorization
(#27654) -
New Resource:
aws_redshift_partner
(#27665) -
New Resource:
aws_redshiftserverless_snapshot
(#27741)
ENHANCEMENTS:
- data-source/aws_rds_engine_version: Support
default_only
,include_all
, andfilter
(#26923) - resource/aws_lightsail_instance: Add
ip_address_type
argument (#27699) - resource/aws_security_group: Do not pass
from_port
orto_port
values to the AWS API if arule
'sprotocol
value is-1
orall
(#27642) - resource/aws_wafv2_rule_group: Correct maximum nesting level for
and_statement
,not_statement
,or_statement
andrate_based_statement
(#27682)
BUG FIXES:
- resource/aws_cognito_identity_pool: Fix deletion of identity pool on tags-only update (#27669)
- resource/aws_dynamodb_table: Correctly set
stream_arn
as Computed whenstream_enabled
changes (#27664) - resource/aws_lightsail_instance_public_ports: Resource will now be removed from state properly when parent instance is removed (#27699)
- resource/aws_s3_bucket: Attributes
arn
andhosted_zone_id
were incorrectly settable but ignored (#27597) - resource/aws_security_group: Return an error if a
rule
'sprotocol
value isall
andfrom_port
orto_port
are not0
(#27642) - resource/aws_vpn_connection: Configuring exactly one of
transit_gateway_id
orvpn_gateway_id
is not required (#27693)
v4.38.0
FEATURES:
-
New Data Source:
aws_connect_instance_storage_config
(#27308) -
New Resource:
aws_apprunner_vpc_ingress_connection
(#27600) -
New Resource:
aws_connect_phone_number
(#26364) -
New Resource:
aws_evidently_segment
(#27159) -
New Resource:
aws_fsx_file_cache
(#27384) -
New Resource:
aws_lightsail_disk
(#27537) -
New Resource:
aws_lightsail_disk_attachment
(#27537) -
New Resource:
aws_lightsail_lb_stickiness_policy
(#27514) -
New Resource:
aws_sagemaker_servicecatalog_portfolio_status
(#27548) -
New Resource:
aws_sesv2_email_identity_feedback_attributes
(#27433) -
New Resource:
aws_ssm_default_patch_baseline
(#27610)
ENHANCEMENTS:
- data-source/aws_networkmanager_core_network_policy_document: Add plan-time validation for
core_network_configuration.edge_locations.asn
(#27305) - resource/aws_ami_copy: Add
imds_support
attribute (#27561) - resource/aws_ami_from_instance: Add
imds_support
attribute (#27561) - resource/aws_apprunner_service: Add
ingress_configuration
argument block. (#27600) - resource/aws_batch_compute_environment: Add
eks_configuration
configuration block (#27499) - resource/aws_batch_compute_environment: Allow deletion of AWS Batch compute environments in
INVALID
state (#26931) - resource/aws_budgets_budget: Add
auto_adjust_data
configuration block (#27474) - resource/aws_budgets_budget: Add
planned_limit
configuration block (#25766) - resource/aws_cognito_user_pool: Add
deletion_protection
argument (#27612) - resource/aws_cognito_user_pool_client: Add
auth_session_validity
argument (#27620) - resource/aws_lb_target_group: Add support for
target_failover
andstickiness
attributes for GENEVE protocol target groups (#27334) - resource/aws_sagemaker_domain: Add
domain_settings
,app_security_group_management
,default_user_settings.r_session_app_settings
, anddefault_user_settings.canvas_app_settings
arguments. (#27542) - resource/aws_sagemaker_user_profile: Add
user_settings.r_session_app_settings
anduser_settings.canvas_app_settings
arguments. (#27542) - resource/aws_sagemaker_workforce: Add
workforce_vpc_config
argument (#27538) - resource/aws_sfn_state_machine: Add
name_prefix
argument (#27574)
BUG FIXES:
- data-source/aws_ip_ranges: Fix regression causing filtering on
regions
andservices
to become case-sensitive (#27558) - resource/aws_batch_compute_environment: Update
compute_resources.security_group_ids
to be optional (#26172) - resource/aws_dynamodb_table: Fix bug causing spurious diffs with and preventing proper updating of
stream_enabled
andstream_view_type
(#27566) - resource/aws_instance: Use EC2 API idempotency to ensure that only a single Instance is created (#27561)
v4.37.0
NOTES:
- resource/aws_medialive_multiplex_program: The
statemux_settings
argument has been deprecated. Use thestatmux_settings
argument instead (#27223)
FEATURES:
-
New Data Source:
aws_dx_router_configuration
(#27341) -
New Resource:
aws_inspector2_enabler
(#27505) -
New Resource:
aws_lightsail_lb_certificate
(#27462) -
New Resource:
aws_lightsail_lb_certificate_attachment
(#27462) -
New Resource:
aws_route53_resolver_config
(#27487) -
New Resource:
aws_sesv2_dedicated_ip_assignment
(#27361) -
New Resource:
aws_sesv2_email_identity
(#27260)
ENHANCEMENTS:
- data-source/aws_acmpca_certificate_authority: Add
usage_mode
attribute (#27496) - data-source/aws_outposts_assets: Add
host_id_filter
andstatus_id_filter
arguments (#27303) - resource/aws_acmpca_certificate_authority: Add
usage_mode
argument to support short-lived certificates (#27496) - resource/aws_apprunner_vpc_connector: Add ability to update
tags
(#27345) - resource/aws_datasync_task: Add
security_descriptor_copy_flags
tooptions
configuration block (#26992) - resource/aws_ec2_capacity_reservation: Add
placement_group_arn
argument (#27458) - resource/aws_ec2_transit_gateway: Add support to modify
amazon_side_asn
argument (#27306) - resource/aws_elasticache_global_replication_group: Add
global_node_groups
andnum_node_groups
arguments (#27500) - resource/aws_elasticache_global_replication_group: Add timeouts. (#27500)
- resource/aws_evidently_project: Support configurable timeouts for create, update, and delete (#27336)
- resource/aws_flow_log: Amazon VPC Flow Logs supports Kinesis Data Firehose as destination (#27340)
- resource/aws_medialive_multiplex_program: Add ability to update
multiplex_program_settings
in place (#27223) - resource/aws_network_interface_attachment: Added import capabilities for the resource (#27364)
- resource/aws_sesv2_dedicated_ip_pool: Add
scaling_mode
attribute (#27388) - resource/aws_ssm_parameter: Support
aws:ssm:integration
as a valid value fordata_type
(#27329)
BUG FIXES:
- data-source/aws_route53_traffic_policy_document: Fixed incorrect capitalization for
GeoproximityLocations
(#27473) - resource/aws_connect_contact_flow: Change
type
to ForceNew (#27347) - resource/aws_ecs_service: Correctly handle unconfigured
task_definition
, makingEXTERNAL
deployments possible (#27390) - resource/aws_lb_target_group: Fix import issues on
aws_lb_target_group
when specifyingip_address_type
ofipv4
(#27464) - resource/aws_rds_proxy_endpoint: Respect configured provider
default_tags
value on resource Update (#27367) - resource/aws_vpc_ipam_pool_cidr: Fix crash when IPAM Pool CIDR not found (#27512)
v4.36.1
BUG FIXES:
- data-source/aws_default_tags: Fix regression setting
tags
tonull
instead of an empty map ({}
) when nodefault_tags
are defined (#27377)
v4.36.0
FEATURES:
-
New Data Source:
aws_elasticache_subnet_group
(#27233) -
New Data Source:
aws_sesv2_dedicated_ip_pool
(#27278) -
New Resource:
aws_lightsail_certificate
(#25283) -
New Resource:
aws_lightsail_domain_entry
(#27309) -
New Resource:
aws_lightsail_lb
(#27339) -
New Resource:
aws_lightsail_lb_attachment
(#27339) -
New Resource:
aws_sesv2_dedicated_ip_pool
(#27278)
ENHANCEMENTS:
- data-source/aws_route53_zone: Add
primary_name_server
attribute (#27293) - resource/aws_appstream_stack: Add validation for
application_settings
. (#27257) - resource/aws_lightsail_container_service: Add
private_registry_access
argument (#27236) - resource/aws_mq_broker: Add configurable timeouts (#27035)
- resource/aws_resourcegroups_group: Add
configuration
argument (#26934) - resource/aws_route53_zone: Add
primary_name_server
attribute (#27293) - resource/aws_rum_app_monitor: Add
app_monitor_id
attribute (#26994) - resource/aws_sns_platform_application: Add
apple_platform_bundle_id
andapple_platform_team_id
arguments. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#23147)
BUG FIXES:
- resource/aws_appstream_stack: Fix panic with
application_settings
. (#27257) - resource/aws_sqs_queue: Change
sqs_managed_sse_enabled
toComputed
as newly created SQS queues use SSE-SQS encryption by default. This means that Terraform will only perform drift detection of the attribute's value when present in a configuration (#26843) - resource/aws_sqs_queue: Respect configured
sqs_managed_sse_enabled
value on resource Create. In particular a configuredfalse
value is sent to the AWS API, which overrides the new service default value oftrue
(#27335)
v4.35.0
FEATURES:
-
New Data Source:
aws_rds_reserved_instance_offering
(#26025) -
New Data Source:
aws_vpc_ipam_pools
(#27101) -
New Resource:
aws_codepipeline_custom_action_type
(#8123) -
New Resource:
aws_comprehend_document_classifier
(#26951) -
New Resource:
aws_inspector2_delegated_admin_account
(#27229) -
New Resource:
aws_rds_reserved_instance
(#26025) -
New Resource:
aws_s3control_storage_lens_configuration
(#27097) -
New Resource:
aws_sesv2_configuration_set
(#27056) -
New Resource:
aws_transfer_tag
(#27131)
ENHANCEMENTS:
- data-source/aws_dx_connection: Add
vlan_id
attribute (#27148) - data-source/aws_vpc: Add
enable_network_address_usage_metrics
attribute (#27165) - resource/aws_cognito_user_pool: Add
user_attribute_update_settings
attribute (#27129) - resource/aws_default_vpc: Add
enable_network_address_usage_metrics
argument (#27165) - resource/aws_dx_connection: Add
vlan_id
attribute (#27148) - resource/aws_elasticache_global_replication_group: Add support for updating
cache_node_type
andautomatic_failover_enabled
. (#27134) - resource/aws_globalaccelerator_accelerator: Add
ip_addresses
argument in support of BYOIP addresses (#27181) - resource/aws_opsworks_custom_layer: Add
load_based_auto_scaling
argument (#10962) - resource/aws_prometheus_workspace: Add
logging_configuration
argument (#27213) - resource/aws_vpc: Add
enable_network_address_usage_metrics
argument (#27165)
BUG FIXES:
- data-source/aws_identitystore_user: Change the type of
external_ids
to a string instead of a bool. (#27184) - resource/aws_ecs_task_definition: Prevent panic when supplying a
null
value incontainer_definitions
(#27263) - resource/aws_identitystore_user: Change the type of
external_ids
to a string instead of a bool. (#27184) - resource/aws_organizations_policy_attachment: Handle missing policy when reading policy attachment (#27238)
- resource/aws_ssm_service_setting: Prevent panic during status read (#27232)
v4.34.0
NOTES:
- data-source/aws_identitystore_user: The
filter
argument has been deprecated. Use thealternate_identifier
argument instead (#27053)
FEATURES:
-
New Data Source:
aws_appconfig_configuration_profile
(#27054) -
New Data Source:
aws_appconfig_configuration_profiles
(#27054) -
New Data Source:
aws_appconfig_environment
(#27054) -
New Data Source:
aws_appconfig_environments
(#27054) -
New Data Source:
aws_vpc_ipam_pool_cidrs
(#27051) -
New Resource:
aws_evidently_project
(#24263)
ENHANCEMENTS:
- data-source/aws_ami: Add
imds_support
attribute (#27084) - data-source/aws_identitystore_user: Add
alternate_identifier
argument andaddresses
,display_name
,emails
,external_ids
,locale
,name
,nickname
,phone_numbers
,preferred_language
,profile_url
,timezone
,title
anduser_type
attributes (#27053) - datasource/aws_eks_cluster: Add
service_ipv6_cidr
attribute tokubernetes_network_config
block (#26980) - resource/aws_ami: Add
imds_support
argument (#27084) - resource/aws_ami_copy: Add
imds_support
argument (#27084) - resource/aws_ami_from_instance: Add
imds_support
argument (#27084) - resource/aws_cloudwatch_event_target: Add
capacity_provider_strategy
configuration block to theecs_target
configuration block (#27068) - resource/aws_eks_addon: Add
PRESERVE
option toresolve_conflicts
argument. (#27038) - resource/aws_eks_cluster: Add
service_ipv6_cidr
attribute tokubernetes_network_config
block (#26980) - resource/aws_mwaa_environment: Add custom timeouts (#27031)
- resource/aws_networkfirewall_firewall_policy: Add
firewall_policy.stateful_rule_group_reference.override
argument (#25135) - resource/aws_wafv2_rule_group: Add
headers
attribute to thefield_to_match
block (#26506) - resource/aws_wafv2_rule_group: Add rate_based_statement (#27113)
- resource/aws_wafv2_rule_group: Add support for
regex_match_statement
(#22452) - resource/aws_wafv2_web_acl: Add
headers
attribute to thefield_to_match
block (#26506) - resource/aws_wafv2_web_acl: Add support for
regex_match_statement
(#22452)
BUG FIXES:
- data-source/aws_iam_policy_document: Better handling when invalid JSON passed to
override_policy_documents
(#27055) - data-source/aws_ses_active_receipt_rule_set: Prevent crash when no receipt rule set is active (#27073)
- resource/aws_keyspaces_table: Change
schema_definition.clustering_key
andschema_definition.partition_key
to lists in order to respect configured orderings (#26812) - resource/aws_rolesanywhere_profile: Correctly handle updates to
enabled
andsession_policy
(#26858) - resource/aws_rolesanywhere_trust_anchor: Correctly handle updates to
enabled
(#26858)
v4.33.0
FEATURES:
-
New Data Source:
aws_kms_custom_key_store
(#24787) -
New Resource:
aws_identitystore_group
(#26674) -
New Resource:
aws_identitystore_group_membership
(#26944) -
New Resource:
aws_identitystore_user
(#26948) -
New Resource:
aws_inspector2_organization_configuration
(#27000) -
New Resource:
aws_kms_custom_key_store
(#26997)
ENHANCEMENTS:
- resource/aws_acm_certificate: Add
early_renewal_duration
,pending_renewal
,renewal_eligibility
,renewal_summary
andtype
attributes (#26784) - resource/aws_appautoscaling_policy: Add
alarm_arns
attribute (#27011) - resource/aws_dms_endpoint: Add
s3_settings.use_task_start_time_for_full_load_timestamp
argument (#27004) - resource/aws_ec2_traffic_mirror_target: Add
gateway_load_balancer_endpoint_id
argument (#26767) - resource/aws_kms_key: Add
custom_key_store_id
attribute (#24787)
BUG FIXES:
- resource/aws_rds_cluster: Support
upgrade
as a valid value inenabled_cloudwatch_logs_exports
(#26792) - resource/aws_ssm_parameter: Allow parameter overwrite on create (#26785)
v4.32.0
ENHANCEMENTS:
- resource/aws_eks_cluster: Add
outpost_config
argument to support EKS local clusers on Outposts (#26866)
BUG FIXES:
- resource/aws_ec2_managed_prefix_list: MaxEntries and Entry(s) can now be changed in the same apply (#26845)
v4.31.0
FEATURES:
-
New Data Source:
aws_ec2_managed_prefix_lists
(#26727) -
New Resource:
aws_sqs_queue_redrive_allow_policy
(#26733) -
New Resource:
aws_sqs_queue_redrive_policy
(#26733)
ENHANCEMENTS:
- data-source/aws_lambda_function: Add
qualified_invoke_arn
attribute (#26439) - resource/aws_db_instance: Add
custom_iam_instance_profile
attribute (#26765) - resource/aws_lambda_function: Add
qualified_invoke_arn
attribute (#26439)
BUG FIXES:
- resource/aws_autoscaling_attachment: Retry errors like
ValidationError: Trying to update too many Load Balancers/Target Groups at once. The limit is 10
when creating or deleting resource (#26654) - resource/aws_dynamodb_table: No longer returns error for an ARCHIVED table (#26744)
- resource/aws_instance: Prevents errors in ISO regions when not using DisableApiStop attribute (#26745)
- resource/aws_replication_subnet_group: Add retry to create step, resolving
AccessDeniedFault
error (#26768)
v4.30.0
FEATURES:
-
New Resource:
aws_medialive_multiplex
(#26608) -
New Resource:
aws_medialive_multiplex_program
(#26694) -
New Resource:
aws_redshiftserverless_usage_limit
(#26636) -
New Resource:
aws_ssoadmin_customer_managed_policy_attachment
(#25915)
ENHANCEMENTS:
- data-source/aws_rds_cluster: Add
network_type
attribute (#26489) - resource/aws_eks_addon: Support configurable timeouts for addon create, update, and delete (#26629)
- resource/aws_rds_cluster: Add
network_type
argument (#26489) - resource/aws_rds_cluster_instance: Add
network_type
attribute (#26489) - resource/aws_s3_bucket_object_lock_configuration: Update
rule
argument to be Optional (#26520) - resource/aws_vpn_connection: Add
tunnel1_log_options
andtunnel2_log_options
arguments (#26637)
BUG FIXES:
- data-source/aws_ec2_managed_prefix_list: Fixes bug where an error is returned for regions with more than 100 managed prefix lists (#26683)
- data-source/aws_iam_policy_document: Correctly handle unquoted Boolean values in
Condition
(#26657) - data-source/aws_iam_policy_document: Prevent crash when
source_policy_documents
contains empty or invalid JSON documents (#26640) - resource/aws_eip: Defaults to default regional
domain
whenvpc
not set (#26716) - resource/aws_instance: No longer fails when setting
metadata_options.instance_metadata_tags
(#26631) - resource/aws_lambda_function: Update the environment variables if the
kms_key_arn
has changed (#26696) - resource/aws_opsworks_stack: Defaults to default VPC when not supplied (#26711)
- resource/aws_security_group: Defaults to default VPC when not supplied (#26697)
v4.29.0
NOTES:
- resource/aws_db_instance: With AWS's retirement of EC2-Classic no new RDS DB Instances can be created referencing RDS DB Security Groups (#26525)
- resource/aws_db_security_group: With AWS's retirement of EC2-Classic no new RDS DB Security Groups can be created (#26525)
- resource/aws_default_vpc: With AWS's retirement of EC2-Classic the
enable_classiclink
andenable_classiclink_dns_support
attributes have been deprecated and will be removed in a future version (#26525) - resource/aws_eip: With AWS's retirement of EC2-Classic no new non-VPC EC2 EIPs can be created (#26525)
- resource/aws_elasticache_cluster: With AWS's retirement of EC2-Classic no new ElastiCache Clusters can be created referencing ElastiCache Security Groups (#26525)
- resource/aws_elasticache_security_group: With AWS's retirement of EC2-Classic no new ElastiCache Security Groups can be created (#26525)
- resource/aws_instance: With the retirement of EC2-Classic,
aws_instance
has been updated to remove support for EC2-Classic (#26532) - resource/aws_launch_configuration: With AWS's retirement of EC2-Classic no new Auto Scaling Launch Configurations can be created referencing ClassicLink (#26525)
- resource/aws_opsworks_stack: With AWS's retirement of EC2-Classic no new OpsWorks Stacks can be created without referencing a VPC (#26525)
- resource/aws_redshift_cluster: With AWS's retirement of EC2-Classic no new Redshift Clusters can be created referencing Redshift Security Groups (#26525)
- resource/aws_redshift_security_group: With AWS's retirement of EC2-Classic no new Redshift Security Groups can be created (#26525)
- resource/aws_security_group: With AWS's retirement of EC2-Classic no new Security Groups can be created without referencing a VPC (#26525)
- resource/aws_vpc: With AWS's retirement of EC2-Classic no new VPCs can be created with ClassicLink enabled (#26525)
- resource/aws_vpc_peering_connection: With AWS's retirement of EC2-Classic no new VPC Peering Connections can be created with ClassicLink options enabled (#26525)
- resource/aws_vpc_peering_connection_accepter: With AWS's retirement of EC2-Classic no VPC Peering Connections can be accepted with ClassicLink options enabled (#26525)
- resource/aws_vpc_peering_connection_options: With AWS's retirement of EC2-Classic no new VPC Peering Connection Options can be created with ClassicLink options enabled (#26525)
FEATURES:
-
New Data Source:
aws_location_tracker_associations
(#26472) -
New Resource:
aws_cloudfront_origin_access_control
(#26508) -
New Resource:
aws_medialive_input
(#26550) -
New Resource:
aws_medialive_input_security_group
(#26550) -
New Resource:
aws_redshiftserverless_endpoint_access
(#26555)
ENHANCEMENTS:
- data-source/aws_cloudtrail_service_account: Add service account ID for
me-central-1
AWS Region (#26572) - data-source/aws_eks_node_group: Add
capacity_type
attribute (#26521) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
me-central-1
AWS Region (#26572) - data-source/aws_instance: Add
host_resource_group_arn
attribute (#26532) - data-source/aws_lambda_function: Return most recent published version when
qualifier
is not set (#11195) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
me-central-1
AWS Region (#26572) - data-source/aws_s3_bucket: Add hosted zone ID for
me-central-1
AWS Region (#26572) - provider: Support
me-central-1
as a valid AWS Region (#26590) - provider: Add
source_identity
argument toassume_role
block (#25368) - resource/aws_cloudfront_distribution: Add
origin_access_control_id
to theorigin
configuration block (#26510) - resource/aws_dms_endpoint: Add
redis_settings
configuration block (#26411) - resource/aws_ec2_fleet: Add
target_capacity_unit_type
attribute to thetarget_capacity_specification
configuration block (#26493) - resource/aws_instance: Add
host_resource_group_arn
attribute; improve compatibility with launching instances in a host resource group using an AMI registered with License Manager. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing. (#26532) - resource/aws_lambda_event_source_mapping: Add
amazon_managed_kafka_event_source_config
andself_managed_kafka_event_source_config
configuration blocks (#26560) - resource/aws_lambda_function: Add validation for
function_name
attribute (#25259) - resource/aws_opensearch_domain: Add support for enabling fine-grained access control on existing domains with
advanced_security_options
anonymous_auth_enabled
(#26503) - resource/aws_redshiftserverless_endpoint_workgroup: Add
endpoint
attribute (#26555) - resource/aws_spot_fleet_request: Add
target_capacity_unit_type
argument (#26493) - resource/aws_wafv2_rule_group: Add
cookies
attribute to thefield_to_match
block (#25845) - resource/aws_wafv2_rule_group: Add
json_body
attribute to thefield_to_match
block (#24772) - resource/aws_wafv2_web_acl: Add
cookies
attribute to thefield_to_match
block (#25845) - resource/aws_wafv2_web_acl: Add
json_body
attribute to thefield_to_match
block (#24772)
BUG FIXES:
- provider: No longer silently ignores
assume_role
block whenrole_arn
has unknown value. (#26590) - resource/aws_security_group: Fix complex dependency violations such as using a security group with an EMR cluster (#26553)
v4.28.0
NOTES:
- resource/aws_db_instance: With the retirement of EC2-Classic the
security_group_names
attribute has been deprecated and will be removed in a future version (#26427) - resource/aws_db_security_group: With the retirement of EC2-Classic the
aws_db_security_group
resource has been deprecated and will be removed in a future version (#26427) - resource/aws_elasticache_cluster: With the retirement of EC2-Classic the
security_group_names
attribute has been deprecated and will be removed in a future version (#26427) - resource/aws_elasticache_security_group: With the retirement of EC2-Classic the
aws_elasticache_security_group
resource has been deprecated and will be removed in a future version (#26427) - resource/aws_launch_configuration: With the retirement of EC2-Classic the
vpc_classic_link_id
andvpc_classic_link_security_groups
attributes have been deprecated and will be removed in a future version (#26427) - resource/aws_redshift_cluster: With the retirement of EC2-Classic the
cluster_security_groups
attribute has been deprecated and will be removed in a future version (#26427) - resource/aws_redshift_security_group: With the retirement of EC2-Classic the
aws_redshift_security_group
resource has been deprecated and will be removed in a future version (#26427) - resource/aws_vpc: With the retirement of EC2-Classic the
enable_classiclink
andenable_classiclink_dns_support
attributes have been deprecated and will be removed in a future version (#26427) - resource/aws_vpc_peering_connection: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been deprecated and will be removed in a future version (#26427) - resource/aws_vpc_peering_connection_accepter: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been deprecated and will be removed in a future version (#26427) - resource/aws_vpc_peering_connection_options: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been deprecated and will be removed in a future version (#26427)
FEATURES:
-
New Data Source:
aws_ec2_network_insights_analysis
(#23532) -
New Data Source:
aws_ec2_network_insights_path
(#23532) -
New Data Source:
aws_ec2_transit_gateway_attachment
(#26264) -
New Data Source:
aws_location_tracker_association
(#26404) -
New Resource:
aws_ec2_network_insights_analysis
(#23532) -
New Resource:
aws_ec2_transit_gateway_policy_table
(#26264) -
New Resource:
aws_ec2_transit_gateway_policy_table_association
(#26264) -
New Resource:
aws_grafana_workspace_api_key
(#25286) -
New Resource:
aws_networkmanager_transit_gateway_peering
(#26264) -
New Resource:
aws_networkmanager_transit_gateway_route_table_attachment
(#26264) -
New Resource:
aws_redshiftserverless_workgroup
(#26467)
ENHANCEMENTS:
- data-source/aws_db_instance: Add
network_type
attribute (#26185) - data-source/aws_db_subnet_group: Add
supported_network_types
attribute (#26185) - data-source/aws_rds_orderable_db_instance: Add
supported_network_types
attribute (#26185) - resource/aws_db_instance: Add
network_type
argument (#26185) - resource/aws_db_subnet_group: Add
supported_network_types
argument (#26185) - resource/aws_glue_job: Add support for
3.9
as validpython_version
value (#26407) - resource/aws_kendra_index: The
document_metadata_configuration_updates
argument can now be updated. Refer to the documentation for more details. (#20294)
BUG FIXES:
- resource/aws_appstream_fleet: Fix crash when providing empty
domain_join_info
(e.g.,directory_name = ""
) (#26454) - resource/aws_eip: Include any provider-level configured
default_tags
on resource Create (#26308) - resource/aws_kinesis_firehose_delivery_stream: Updating
tags
no longer causes an unnecessary update (#26451) - resource/aws_organizations_policy: Prevent
InvalidParameter
errors by handlingcontent
as generic JSON, not an IAM policy (#26279)
v4.27.0
FEATURES:
-
New Resource:
aws_msk_serverless_cluster
(#25684) -
New Resource:
aws_networkmanager_attachment_accepter
(#26227) -
New Resource:
aws_networkmanager_vpc_attachment
(#26227)
ENHANCEMENTS:
- data-source/aws_networkfirewall_firewall: Add
capacity_usage_summary
,configuration_sync_state_summary
, andstatus
attributes to thefirewall_status
block (#26284) - resource/aws_acm_certificate: Add
not_after
argument (#26281) - resource/aws_acm_certificate: Add
not_before
argument (#26281) - resource/aws_chime_voice_connector_logging: Add
enable_media_metric_logs
argument (#26283) - resource/aws_cloudfront_distribution: Support
http3
andhttp2and3
as valid values for thehttp_version
argument (#26313) - resource/aws_inspector_assessment_template: Add
event_subscription
configuration block (#26334) - resource/aws_lb_target_group: Add
ip_address_type
argument (#26320) - resource/aws_opsworks_stack: Add plan-time validation for
custom_cookbooks_source.type
(#26278)
BUG FIXES:
- resource/aws_appflow_flow: Correctly specify
trigger_config.trigger_properties.scheduled.schedule_start_time
during create and update (#26289) - resource/aws_db_instance: Prevent
InvalidParameterCombination: No modifications were requested
errors when onlydelete_automated_backups
,final_snapshot_identifier
and/orskip_final_snapshot
change (#26286) - resource/aws_opsworks_custom_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_ecs_cluster_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_ganglia_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_haproxy_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_java_app_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_memcached_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_mysql_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_nodejs_app_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_php_app_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_rails_app_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_stack: Correctly apply
tags
during create ifregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_static_web_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278)
v4.26.0
FEATURES:
-
New Data Source:
aws_fsx_openzfs_snapshot
(#26184) -
New Data Source:
aws_networkfirewall_firewall
(#25495) -
New Data Source:
aws_prometheus_workspace
(#26120) -
New Resource:
aws_comprehend_entity_recognizer
(#26244) -
New Resource:
aws_connect_instance_storage_config
(#26152) -
New Resource:
aws_directory_service_radius_settings
(#14045) -
New Resource:
aws_directory_service_region
(#25755) -
New Resource:
aws_dynamodb_table_replica
(#26250) -
New Resource:
aws_location_tracker_association
(#26061)
ENHANCEMENTS:
- data-source/aws_directory_service_directory: Add
radius_settings
attribute (#14045) - data-source/aws_directory_service_directory: Set
dns_ip_addresses
to the owner directory's DNS IP addresses for SharedMicrosoftAD directories (#20819) - data-source/aws_elasticsearch_domain: Add
throughput
attribute to theebs_options
configuration block (#26045) - data-source/aws_opensearch_domain: Add
throughput
attribute to theebs_options
configuration block (#26045) - resource/aws_autoscaling_group: Better error handling when attempting to create Auto Scaling groups with incompatible options (#25987)
- resource/aws_backup_vault: Add
force_destroy
argument (#26199) - resource/aws_directory_service_directory: Add
desired_number_of_domain_controllers
argument (#25755) - resource/aws_directory_service_directory: Add configurable timeouts for Create, Update and Delete (#25755)
- resource/aws_directory_service_shared_directory: Add configurable timeouts for Delete (#25755)
- resource/aws_directory_service_shared_directory_accepter: Add configurable timeouts for Create and Delete (#25755)
- resource/aws_elasticsearch_domain: Add
throughput
attribute to theebs_options
configuration block (#26045) - resource/aws_glue_job: Add
execution_class
argument (#26188) - resource/aws_macie2_classification_job: Add
bucket_criteria
attribute to thes3_job_definition
configuration block (#19837) - resource/aws_opensearch_domain: Add
throughput
attribute to theebs_options
configuration block (#26045)
BUG FIXES:
- resource/aws_appflow_flow: Fix
trigger_properties.schedule
being set totrigger_properties.trigger_properties
during resource read (#26240) - resource/aws_db_instance: Add retries (for handling IAM eventual consistency) when creating database replicas that use enhanced monitoring (#20926)
- resource/aws_db_instance: Apply
monitoring_interval
andmonitoring_role_arn
when creating viarestore_to_point_in_time
(#20926) - resource/aws_dynamodb_table: Fix
replica.*.propagate_tags
not propagating tags to newly added replicas (#26257) - resource/aws_emr_instance_group: Handle deleted instance groups during resource read (#26154)
- resource/aws_emr_instance_group: Mark
instance_count
as Computed to prevent diff when autoscaling is active (#26154) - resource/aws_lb_listener: Fix
ValidationError
when tags are added oncreate
(#26194) - resource/aws_lb_target_group: Fix
ValidationError
when tags are added oncreate
(#26194) - resource/aws_macie2_classification_job: Fix incorrect plan diff for
TagScopeTerm()
when updating resources (#19837) - resource/aws_security_group_rule: Disallow empty strings in
prefix_list_ids
(#26220)
v4.25.0
FEATURES:
-
New Data Source:
aws_waf_subscribed_rule_group
(#10563) -
New Data Source:
aws_wafregional_subscribed_rule_group
(#10563) -
New Resource:
aws_kendra_data_source
(#25686) -
New Resource:
aws_macie2_classification_export_configuration
(#19856) -
New Resource:
aws_transcribe_language_model
(#25698)
ENHANCEMENTS:
- data-source/aws_alb: Allow customizable read timeout (#26121)
- data-source/aws_ami: Allow customizable read timeout (#26121)
- data-source/aws_ami_ids: Allow customizable read timeout (#26121)
- data-source/aws_availability_zone: Allow customizable read timeout (#26121)
- data-source/aws_availability_zones: Allow customizable read timeout (#26121)
- data-source/aws_customer_gateway: Allow customizable read timeout (#26121)
- data-source/aws_dx_location: Add
available_macsec_port_speeds
attribute (#26110) - data-source/aws_ebs_default_kms_key: Allow customizable read timeout (#26121)
- data-source/aws_ebs_encryption_by_default: Allow customizable read timeout (#26121)
- data-source/aws_ebs_snapshot: Allow customizable read timeout (#26121)
- data-source/aws_ebs_snapshot_ids: Allow customizable read timeout (#26121)
- data-source/aws_ebs_volume: Allow customizable read timeout (#26121)
- data-source/aws_ebs_volumes: Allow customizable read timeout (#26121)
- data-source/aws_ec2_client_vpn_endpoint: Allow customizable read timeout (#26121)
- data-source/aws_ec2_coip_pool: Allow customizable read timeout (#26121)
- data-source/aws_ec2_coip_pools: Allow customizable read timeout (#26121)
- data-source/aws_ec2_host: Allow customizable read timeout (#26121)
- data-source/aws_ec2_instance_type: Allow customizable read timeout (#26121)
- data-source/aws_ec2_instance_type_offering: Allow customizable read timeout (#26121)
- data-source/aws_ec2_instance_type_offerings: Allow customizable read timeout (#26121)
- data-source/aws_ec2_instance_types: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_route_table: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_route_tables: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_virtual_interface: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_virtual_interface_group: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_virtual_interface_groups: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateways: Allow customizable read timeout (#26121)
- data-source/aws_ec2_managed_prefix_list: Allow customizable read timeout (#26121)
- data-source/aws_ec2_serial_console_access: Allow customizable read timeout (#26121)
- data-source/aws_ec2_spot_price: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_connect: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_connect_peer: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_dx_gateway_attachment: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_multicast_domain: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_peering_attachment: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_route_table: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_route_tables: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_vpc_attachment: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_vpc_attachments: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_vpn_attachment: Allow customizable read timeout (#26121)
- data-source/aws_eip: Allow customizable read timeout (#26121)
- data-source/aws_eips: Allow customizable read timeout (#26121)
- data-source/aws_instance: Allow customizable read timeout (#26121)
- data-source/aws_instances: Allow customizable read timeout (#26121)
- data-source/aws_internet_gateway: Allow customizable read timeout (#26121)
- data-source/aws_key_pair: Allow customizable read timeout (#26121)
- data-source/aws_launch_template: Allow customizable read timeout (#26121)
- data-source/aws_lb: Add
preserve_host_header
attribute (#26056) - data-source/aws_lb: Allow customizable read timeout (#26121)
- data-source/aws_lb_listener: Allow customizable read timeout (#26121)
- data-source/aws_lb_target_group: Allow customizable read timeout (#26121)
- data-source/aws_nat_gateway: Allow customizable read timeout (#26121)
- data-source/aws_nat_gateways: Allow customizable read timeout (#26121)
- data-source/aws_network_acls: Allow customizable read timeout (#26121)
- data-source/aws_network_interface: Allow customizable read timeout (#26121)
- data-source/aws_network_interfaces: Allow customizable read timeout (#26121)
- data-source/aws_prefix_list: Allow customizable read timeout (#26121)
- data-source/aws_route: Allow customizable read timeout (#26121)
- data-source/aws_route_table: Allow customizable read timeout (#26121)
- data-source/aws_route_tables: Allow customizable read timeout (#26121)
- data-source/aws_security_group: Allow customizable read timeout (#26121)
- data-source/aws_security_groups: Allow customizable read timeout (#26121)
- data-source/aws_subnet: Allow customizable read timeout (#26121)
- data-source/aws_subnet_ids: Allow customizable read timeout (#26121)
- data-source/aws_subnets: Allow customizable read timeout (#26121)
- data-source/aws_vpc: Allow customizable read timeout (#26121)
- data-source/aws_vpc_dhcp_options: Allow customizable read timeout (#26121)
- data-source/aws_vpc_endpoint: Allow customizable read timeout (#26121)
- data-source/aws_vpc_endpoint_service: Allow customizable read timeout (#26121)
- data-source/aws_vpc_ipam_pool: Allow customizable read timeout (#26121)
- data-source/aws_vpc_ipam_preview_next_cidr: Allow customizable read timeout (#26121)
- data-source/aws_vpc_peering_connection: Allow customizable read timeout (#26121)
- data-source/aws_vpc_peering_connections: Allow customizable read timeout (#26121)
- data-source/aws_vpcs: Allow customizable read timeout (#26121)
- data-source/aws_vpn_gateway: Allow customizable read timeout (#26121)
- resource/aws_ecrpublic_repository: Add
tags
argument andtags_all
attribute to support resource tagging (#26057) - resource/aws_fsx_openzfs_file_system: Add
root_volume_configuration.record_size_kib
argument (#26049) - resource/aws_fsx_openzfs_volume: Add
record_size_kib
argument (#26049) - resource/aws_globalaccelerator_accelerator: Support
DUAL_STACK
value forip_address_type
(#26055) - resource/aws_iam_role_policy: Add plan time validation to
role
argument (#26082) - resource/aws_internet_gateway: Allow customizable timeouts (#26121)
- resource/aws_internet_gateway_attachment: Allow customizable timeouts (#26121)
- resource/aws_lb: Add
preserve_host_header
argument (#26056) - resource/aws_s3_bucket: Allow customizable timeouts (#26121)
BUG FIXES:
- resource/aws_api_gateway_rest_api: Add
put_rest_api_mode
argument to address race conditions when importing OpenAPI Specifications (#26051) - resource/aws_appstream_fleet: Fix IAM
InvalidRoleException
error on creation (#26060)
v4.24.0
FEATURES:
ENHANCEMENTS:
- data-source/aws_ecs_service: Add
tags
attribute (#25961) - resource/aws_datasync_task: Add
includes
argument (#25929) - resource/aws_guardduty_detector: Add
malware_protection
attribute to thedatasources
configuration block (#25994) - resource/aws_guardduty_organization_configuration: Add
malware_protection
attribute to thedatasources
configuration block (#25992) - resource/aws_security_group: Additional plan-time validation for
name
andname_prefix
(#15011) - resource/aws_security_group_rule: Add configurable Create timeout (#24340)
- resource/aws_ses_configuration_set: Add
tracking_options.0.custom_redirect_domain
argument (NOTE: This enhancement is provided as best effort due to testing limitations, i.e., the requirement of a verified domain) (#26032)
BUG FIXES:
- data-source/aws_networkmanager_core_network_policy_document: Fix bug where bool values for
attachment-policy.action.require-acceptance
can only betrue
or omitted (#26010) - resource/aws_appmesh_gateway_route: Fix crash when only one of hostname rewrite or path rewrite is configured (#26012)
- resource/aws_ce_anomaly_subscription:Fix crash upon adding or removing monitor ARNs to
monitor_arn_list
. (#25941) - resource/aws_cognito_identity_pool_provider_principal_tag: Fix read operation when using an OIDC provider (#25964)
- resource/aws_route53_record: Don't ignore
dualstack
prefix in Route 53 Record alias names (#10672) - resource/aws_s3_bucket: Prevents unexpected import of existing bucket in
us-east-1
. (#26011) - resource/aws_s3_bucket: Refactored
object_lock_enabled
parameter's default assignment behavior to protect partitions without Object Lock available. (#25098)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.