chore(deps): update terraform aws to ~> 4.67.0 (!1370) · Merge requests · Forge / infra / infrastructure

Renovate Bot requested to merge renovate/aws-4.x into main Apr 20, 2023

This MR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	`~> 4.23.0` -> `~> 4.67.0`

⚠ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

hashicorp/terraform-provider-aws (aws)

`v4.67.0`

Compare Source

NOTES:

resource/aws_lightsail_domain_entry: The id attribute is now comma-delimited (#30820)

FEATURES:

New Data Source: aws_connect_user (#26156)
New Data Source: aws_connect_vocabulary (#26158)
New Data Source: aws_organizations_policy (#30920)
New Data Source: aws_redshiftserverless_namespace (#31250)
New Resource: aws_quicksight_template (#30453)
New Resource: aws_quicksight_template_alias (#31310)
New Resource: aws_quicksight_vpc_connection (#31309)

ENHANCEMENTS:

aws_quicksight_data_set: Add support for configuring refresh properties (#30744)
data-source/aws_acmpca_certificate_authority: Add key_storage_security_standard attribute (#31280)
data-source/aws_elastic_beanstalk_hosted_zone: Add hosted zone ID for ap-southeast-3 AWS Region (#31248)
data-source/aws_s3_bucket: Set hosted_zone_id for cn-north-1 AWS China Region (#31247)
resource/aws_acmpca_certificate_authority: Add key_storage_security_standard argument (#31280)
resource/aws_cloudwatch_metric_stream: Add metric_names to include_filter and exclude_filter configuration blocks (#31288)
resource/aws_dms_endpoint: Add ability to use the db2-zos IBM DB2 for z/OS engine (#31291)
resource/aws_fsx_ontap_file_system: Allow in-place update of route_table_ids (#31251)
resource/aws_fsx_ontap_file_system: Support setting throughput_capacity to 4096 (#31251)
resource/aws_rds_cluster: Add ability to specify Aurora IO Optimized storage_type (#31336)
resource/aws_s3_bucket: Set hosted_zone_id for cn-north-1 AWS China Region (#31247)

BUG FIXES:

resource/aws_appintegrations_data_integration: Correctly read tags into state (#31241)
resource/aws_config_remediation_configuration: Change parameter attribute to TypeList for better diff calculation (#31315)
resource/aws_iam_openid_connect_provider: Change client_id_list from TypeList to TypeSet as order is not significant (#31253)
resource/aws_servicecatalog_provisioned_product: Fix to properly send stack_set_provisioned_preferences.0.accounts on create and update (#31293)
resource/aws_servicecatalog_provisioned_product: Fix to properly set stack_set_provisioned_preferences integer types failure_tolerance_count, failure_tolerance_percentage, max_concurrency_count, max_concurrency_percentage (#31289)
resource/aws_ssm_activation: Fix various ValidationException errors on resource Create (#31340)

`v4.66.1`

Compare Source

BUG FIXES:

resource/aws_appautoscaling_target: Fix InvalidParameter: 1 validation error(s) found. minimum field size of 1, ListTagsForResourceInput.ResourceARN. related to Application Auto Scaling resource tagging introduced in v4.66.0 (#31214)

`v4.66.0`

Compare Source

NOTES:

resource/aws_instance: The cpu_core_count argument is deprecated in favor of the cpu_options block. The cpu_options block can set core_count (#31035)
resource/aws_instance: The cpu_threads_per_core argument is deprecated in favor of the cpu_options block. The cpu_options block can set threads_per_core (#31035)

FEATURES:

New Data Source: aws_appintegrations_event_integration (#24965)
New Data Source: aws_dms_replication_instance (#15406)
New Data Source: aws_vpclattice_auth_policy (#30898)
New Data Source: aws_vpclattice_service_network (#30904)
New Resource: aws_account_primary_contact (#26123)
New Resource: aws_appintegrations_data_integration (#24941)
New Resource: aws_chimesdkvoice_voice_profile_domain (#30977)
New Resource: aws_directory_service_trust (#31037)
New Resource: aws_vpclattice_access_log_subscription (#30896)
New Resource: aws_vpclattice_auth_policy (#30891)
New Resource: aws_vpclattice_resource_policy (#30900)
New Resource: aws_vpclattice_target_group_attachment (#31039)

ENHANCEMENTS:

data-source/aws_autoscaling_group: Add max_instance_lifetime attribute (#31067)
data-source/aws_autoscaling_group: Add mixed_instances_policy attribute (#31067)
data-source/aws_autoscaling_group: Add predicted_capacity attribute (#31067)
data-source/aws_autoscaling_group: Add suspended_processes attribute (#31067)
data-source/aws_autoscaling_group: Add tag attribute (#31067)
data-source/aws_autoscaling_group: Add warm_pool_size attribute (#31067)
data-source/aws_autoscaling_group: Add warm_pool attribute (#31067)
datasource/aws_launch_template: Add amd_sev_snp attribute (#31035)
resource/aws_appautoscaling_policy: Add metrics to the target_tracking_scaling_policy_configuration.customized_metric_specification configuration block in support of metric math (#30172)
resource/aws_appautoscaling_target: Add arn attribute (#30172)
resource/aws_appautoscaling_target: Add tags argument and tags_all attribute to support resource tagging (#30172)
resource/aws_autoscaling_group: Add predicted_capacity attribute (#31067)
resource/aws_autoscaling_group: Add warm_pool_size attribute (#31067)
resource/aws_directory_service_conditional_forwarder: Add plan time validation for remote_domain_name (#31037)
resource/aws_directory_service_directory: Correct plan time validation for remote_domain_name (#31037)
resource/aws_elasticache_user: Add support for defining custom timeouts (#31076)
resource/aws_fsx_lustre_file_system: Add root_squash_configuration argument (#31073)
resource/aws_glue_catalog_database: Add tagging support (#31071)
resource/aws_grafana_workspace: Make grafana_version optional so that its value can be specified in configuration (#31083)
resource/aws_instance: Add amd_sev_snp argument (#31035)
resource/aws_instance: Add cpu_options argument (#31035)
resource/aws_lambda_function: Add support for java17 runtime value (#31027)
resource/aws_lambda_layer_version: Add support for java17 compatible_runtimes value (#31028)
resource/aws_launch_template: Add amd_sev_snp argument (#31035)
resource/aws_medialive_channel: Added H265 support. (#30908)
resource/aws_rds_cluster_role_association: Add configurable Create and Delete timeouts (#31015)
resource/aws_redshift_scheduled_action: Add plan time validation for name argument (#31020)
resource/aws_redshiftserverless_workgroup: Add support for defining custom timeouts (#31054)
resource/aws_sagemaker_domain: Add domain_settings.r_studio_server_pro_domain_settings, default_user_settings.canvas_app_settings.model_register_settings, and default_user_settings.r_studio_server_pro_app_settings arguments (#31031)
resource/aws_sagemaker_endpoint_configuration: Add async_inference_config.output_config.notification_config.include_inference_response_in and async_inference_config.output_config.s3_failure_path arguments (#31070)
resource/aws_sagemaker_user_profile: Add user_settings.canvas_app_settings.model_register_settings and user_settings.r_studio_server_pro_app_settings arguments (#31072)
resource/aws_servicecatalog_provisioning_artifact: Add provisioning_artifact_id attribute (#31086)
resource/aws_sfn_state_machine: Add configurable timeouts (#31097)
resource/aws_spot_fleet_request: Add 'aws_spot_fleet_request.context' argument (#30918)
resource/aws_vpn_connection: Add tunnel1_enable_tunnel_lifecycle_control and tunnel2_enable_tunnel_lifecycle_control arguments (#31064)

BUG FIXES:

data-source/aws_nat_gateway: Guarantee that all attributes are set when the NAT Gateway is associated with a single address (#31118)
data-source/aws_networkfirewall_firewall_policy: Add firewall_policy.stateful_rule_group_reference.override attribute, fixing setting firewall_policy: Invalid address to set error (#31089)
resource/aws_connect_routing_profile: Remove the limit on the maximum number of queues that can be associated with a routing profile. Batch processing is now done when there are more than 10 queues associated or disassociated at a time. (#30895)
resource/aws_db_instance: Consider delete-precheck a valid pending state for resource deletion (#31047)
resource/aws_inspector2_enabler: Correctly supports LAMBDA resource scanning (#31038)
resource/aws_inspector2_enabler: Correctly supports multiple accounts (#31038)
resource/aws_inspector2_enabler: No longer calls Disable API for status checking (#31038)
resource/aws_nat_gateway: Guarantee that all attributes are set when the NAT Gateway is associated with a single address (#31118)
resource/aws_rds_cluster_instance: Consider delete-precheck a valid pending state for resource deletion (#31047)
resource/aws_servicecatalog_provisioned_product: Changes in the provisioning_artifact_name attribute are now reflected correctly in AWS (#26371)
resource/aws_servicecatalog_provisioned_product: Fix product_name update handling (#31094)

`v4.65.0`

Compare Source

NOTES:

data-source/aws_db_instance: With the retirement of EC2-Classic thedb_security_groups attribute has been deprecated and will be removed in a future version (#30919)
data-source/aws_elasticache_cluster: With the retirement of EC2-Classic thesecurity_group_names attribute has been deprecated and will be removed in a future version (#30919)
data-source/aws_launch_configuration: With the retirement of EC2-Classic thevpc_classic_link_id and vpc_classic_link_security_groups attributes have been deprecated and will be removed in a future version (#30919)
data-source/aws_redshift_cluster: With the retirement of EC2-Classic the cluster_security_groups attribute has been deprecated and will be removed in a future version (#30919)
resource/aws_config_organization_custom_policy_rule: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#21373)

FEATURES:

New Data Source: aws_api_gateway_authorizer (#28148)
New Data Source: aws_api_gateway_authorizers (#28148)
New Data Source: aws_dms_replication_subnet_group (#30832)
New Data Source: aws_dms_replication_task (#30967)
New Data Source: aws_ssmcontacts_contact (#30667)
New Data Source: aws_ssmcontacts_contact_channel (#30667)
New Data Source: aws_ssmcontacts_plan (#30667)
New Data Source: aws_ssmincidents_response_plan (#30665)
New Resource: aws_config_organization_custom_policy_rule (#21373)
New Resource: aws_quicksight_folder_membership (#30871)
New Resource: aws_quicksight_refresh_schedule (#30788)
New Resource: aws_ssmcontacts_contact (#30667)
New Resource: aws_ssmcontacts_contact_channel (#30667)
New Resource: aws_ssmcontacts_plan (#30667)
New Resource: aws_ssmincidents_response_plan (#30665)
New Resource: aws_synthetics_group (#30678)
New Resource: aws_synthetics_group_association (#30678)

ENHANCEMENTS:

data-source/aws_ami_ids: Add include_deprecated argument (#30294)
data-source/aws_backup_report_plan: Add accounts, organization_units and regions attributes to the report_setting block (#28309)
data-source/aws_imagebuilder_image: Add containers attribute to the output_resources block (#30899)
resource/aws_appstream_stack: Add streaming_experience_settings attribute (#28512)
resource/aws_backup_report_plan: Add accounts, organization_units and regions attributes to the report_setting block (#28309)
resource/aws_chime_voice_connector_streaming: Add media_insights_configuration argument (#30713)
resource/aws_db_subnet_group: Add vpc_id attribute (#30775)
resource/aws_fis_experiment_template: Add support for Cluster Network Actions to actions.*.target (#27337)
resource/aws_gamelift_game_session_queue: Add custom_event_data argument (#26206)
resource/aws_imagebuilder_image: Add containers attribute to the output_resources block (#30899)
resource/aws_networkfirewall_rule_group: Add limit for reference_sets (#30759)
resource/aws_networkmanager_core_network: Wait for the network policy to be in the READY_TO_EXECUTE state before executing any changes (#30879)
resource/aws_s3outposts_endpoint: Add access_type and customer_owned_ipv4_pool arguments (#23839)
resource/aws_wafv2_web_acl: Add token_domains argument (#30340)
various IAM resource types: more detailed error messages for invalid policy document JSON (#27502)

BUG FIXES:

resource/aws_api_gateway_api_key: Fix value minimum length verification when specified. (#30894)
resource/aws_apprunner_service: Allow additional instance_configuration.cpu and instance_configuration.memory values (#30889)
resource/aws_dms_replication_task: Fix perpetual diff on dms replication_task settings (#30885)
resource/aws_ds_shared_directory: Properly handle paged response objects on read (#30914)
resource/aws_ecs_service: Fix removal of service_registries configuration block (#30852)
resource/aws_redshiftdata_statement: Fix ValidationException errors reading expired statements (#26343)
resource/aws_vpc_endpoint_route_table_association: Retry resource Create for EC2 eventual consistency (#30994)
resource/aws_vpc_endpoint_service_allowed_principal: Fix too many results error (#30974)

`v4.64.0`

Compare Source

FEATURES:

New Data Source: aws_dms_endpoint (#30717)
New Data Source: aws_fsx_windows_file_system (#28622)
New Data Source: aws_networkfirewall_resource_policy (#25474)
New Data Source: aws_prometheus_workspaces (#28574)
New Data Source: aws_redshiftserverless_workgroup (#29208)
New Data Source: aws_route53_resolver_query_log_config (#29111)
New Data Source: aws_sesv2_configuration_set (#30108)
New Data Source: aws_vpclattice_listener (#30843)
New Resource: aws_cloudwatch_event_endpoint (#25846)
New Resource: aws_vpclattice_listener (#30711)
New Resource: aws_vpclattice_listener_rule (#30784)

ENHANCEMENTS:

data-source/aws_cloudfront_response_headers_policy: Add remove_headers_config attribute (#28940)
data-source/aws_ecs_task_definition: Add execution_role_arn attribute (#28662)
data-source/aws_eks_node_group: Add launch_template attribute (#30780)
data-source/aws_iam_role: Add role_last_used attribute (#30750)
data-source/aws_kms_key: Add cloud_hsm_cluster_id, custom_key_store_id, key_spec, pending_deletion_window_in_days, and xks_key_configuration attributes (#29250)
data-source/aws_lakeformation_data_lake_settings: Add allow_external_data_filtering, external_data_filtering_allow_list and authorized_session_tag_value_list attributes (#30207)
data-source/aws_outposts_outpost: Add lifecycle_status, site_arn, supported_hardware_type and tags attributes (#30754)
data-source/aws_servicequotas_service_quota: Add usage_metric attribute (#29499)
data-source/aws_subnet: Add enable_lni_at_device_index attribute (#30798)
resource/aws_appsync_datasource: Add opensearchservice_config argument (#29578)
resource/aws_cloudfront_response_headers_policy: Add remove_headers_config argument (#28940)
resource/aws_cloudwatch_event_target: Add ecs_target.ordered_placement_strategy argument (#28384)
resource/aws_cloudwatch_metric_stream: Add include_linked_accounts_metrics argument (#29281)
resource/aws_dms_replication_instance: Increase default timeout for create (#29905)
resource/aws_eks_node_group: Add plan time validation to node_group_name and node_group_name_prefix arguments (#29975)
resource/aws_elastic_beanstalk_application: Add plan time validation to appversion_lifecycle.service_role and name arguments (#17727)
resource/aws_emr_cluster: Add placement_group_config argument (#30121)
resource/aws_fis_experiment_template: Add support for Subnets Network Actions to actions.*.target (#30211)
resource/aws_iam_role: Add role_last_used attribute (#30750)
resource/aws_iot_topic_rule: Add error_action.firehose.batch_mode, error_action.iot_analytics.batch_mode, error_action.iot_events.batch_mode, firehose.batch_mode, iot_analytics.batch_mode and iot_events.batch_mode arguments (#28568)
resource/aws_kinesis_firehose_delivery_stream: Add opensearch_configuration block (#29112)
resource/aws_kinesis_firehose_delivery_stream: Add opensearch as a valid destination value (#29112)
resource/aws_lakeformation_data_lake_settings: Add allow_external_data_filtering, external_data_filtering_allow_list and authorized_session_tag_value_list arguments (#30207)
resource/aws_lambda_event_source_mapping: Add document_db_event_source_config configuration block (#28586)
resource/aws_lambda_function: Add support for python3.10 runtime value (#30781)
resource/aws_lambda_layer_version: Add support for python3.10 compatible_runtimes value (#30781)
resource/aws_main_route_table_association: Add configurable timeouts (#30755)
resource/aws_route: Allow gateway_id value of local when updating a Route (#24507)
resource/aws_route_table_association: Add configurable timeouts (#30755)
resource/aws_s3_bucket: Correct S3 Object Lock error handling for third-party S3-compatible API implementations (#26317)
resource/aws_s3_bucket_object_lock_configuration: Correct error handling for third-party S3-compatible API implementations (#26317)
resource/aws_securityhub_account: Add control_finding_generator, auto_enable_controls and arn attributes (#30692)
resource/aws_servicequotas_service_quota: Add usage_metric attribute (#29499)
resource/aws_ssoadmin_account_assignment: Extend timeout delay and min timeout (#25849)
resource/aws_ssoadmin_permission_set: Extend timeout delay and min timeout (#25849)
resource/aws_subnet: Add enable_lni_at_device_index attribute (#30798)
resource/aws_vpc_endpoint_service_allowed_principal: Changed id to use ServicePermissionId (#27640)
resource/aws_wafv2_rule_group: Add rule.action.challenge argument (#29690)
resource/aws_wafv2_rule_group: Add rule.captcha_config argument (#29608)
resource/aws_wafv2_web_acl: Add captcha_config and rule.captcha_config arguments (#29608)

BUG FIXES:

data-source/aws_lakeformation_permissions: Change lf_tag_policy.expression from TypeList to TypeSet as order is not significant (#26643)
data-source/aws_lakeformation_permissions: Remove limit on number of lf_tag_policy.expression blocks (#26643)
resource/aws_cloudwatch_event_rule: Add retry to read step, resolving couldn't find resource error (#25846)
resource/aws_default_vpc: Fix adoption of default VPC with generated IPv6 (#29083)
resource/aws_dx_gateway: Remove plan time validation from name argument (#30739)
resource/aws_ecs_service: Fix error importing service with an IAM role with a path (#30170)
resource/aws_fsx_windows_file_system: Increase throughput_capacity first to avoid BadRequest errors (#28622)
resource/aws_lakeformation_permissions: Change lf_tag_policy.expression from TypeList to TypeSet as order is not significant (#26643)
resource/aws_lakeformation_permissions: Change lf_tag, lf_tag.values, lf_tag_policy, lf_tag_policy.expression.key, lf_tag_policy.expression.values and lf_tag_policy.resource_type to ForceNew (#26643)
resource/aws_lakeformation_permissions: Remove limit on number of lf_tag_policy.expression blocks (#26643)
resource/aws_lambda_event_source_mapping: Fix IAM eventual consistency errors on resource Update (#28586)
resource/aws_medialive_channel: Fix to properly expand destinations.media_package_settings field (#30660)
resource/aws_networkfirewall_firewall_policy: Fix unexpected encryption_configuration.type updates from Customer_KMS to AWS_KMS (#30821)
resource/aws_networkfirewall_rule_group: Fix unexpected encryption_configuration.type updates from Customer_KMS to AWS_KMS (#30821)
resource/aws_quicksight_data_set: Correct custom_sql documentation (#30742)
resource/aws_quicksight_data_set: Correctly persist create_columns_operation.expression field (#30708)
resource/aws_quicksight_data_set: Fix to properly expand project_operation.projected_columns field (#30699)
resource/aws_quicksight_data_set: Fix to properly flatten cast_column_type_operation.format field (#30701)
resource/aws_sagemaker_app: Fix crash when app is not found (#30786)
resource/aws_sns_topic: Fix IAM eventual consistency error creating SNS topics with ABAC-controlled permissions (#30432)
resource/aws_vpc: Don't overwrite any configured value for ipv6_ipam_pool_id with IPAM Managed (#30795)

`v4.63.0`

Compare Source

FEATURES:

New Data Source: aws_dms_certificate (#30498)
New Data Source: aws_quicksight_group (#12311)
New Data Source: aws_quicksight_user (#12310)
New Resource: aws_chimesdkmediapipelines_media_insights_pipeline_configuration (#30603)
New Resource: aws_pipes_pipe (#30538)
New Resource: aws_quicksight_iam_policy_assignment (#30653)
New Resource: aws_quicksight_ingestion (#30487)
New Resource: aws_quicksight_namespace (#30681)
New Resource: aws_sagemaker_data_quality_job_definition (#30301)
New Resource: aws_sagemaker_monitoring_schedule (#30684)
New Resource: aws_vpclattice_service_network_service_association (#30410)
New Resource: aws_vpclattice_service_network_vpc_association (#30411)
New Resource: aws_vpclattice_target_group (#30455)

ENHANCEMENTS:

data-source/aws_dx_connection: Add partner_name attribute (#30385)
data-source/aws_lambda_function_url: Add invoke_mode attribute (#30547)
data-source/aws_nat_gateway: Add association_id attribute (#30546)
data-source/aws_sagemaker_prebuilt_ecr_image: Added sagemaker-model-monitor-analyzer images (#30301)
resource/aws_acmpca_certificate: Add api_passthrough argument (#28142)
resource/aws_api_gateway_rest_api: Added fail_on_warnings attribute (#22300)
resource/aws_dx_connection: Add partner_name attribute (#30385)
resource/aws_dx_gateway: Add plan time validation to name argument (#30375)
resource/aws_dx_gateway: Allow updates to name without forcing resource replacement (#30375)
resource/aws_ec2_client_vpn_route: Increase Create and Delete timeouts to 4 minutes (#30552)
resource/aws_lambda_function_url: Add invoke_mode attribute (#30547)
resource/aws_mwaa_environment: Add startup_script_s3_path and startup_script_s3_object_version attributes (#30549)
resource/aws_nat_gateway: Add association_id attribute (#30546)
resource/aws_servicecatalog_provisioned_product: Surfaces more clear error message when resource fails to apply (#30663)
resource/aws_wafv2_web_acl: Add aws_managed_rules_atp_rule_set to managed_rule_group_configs configuration block (#30518)

BUG FIXES:

resource/aws_batch_compute_environment: Fix crash when compute_resources.launch_template is empty (#30537)
resource/aws_cognito_managed_user_pool_client: Allow removing token_validity_units (#30662)
resource/aws_cognito_user_pool_client: Allow removing token_validity_units (#30662)
resource/aws_db_instance: Allow engine and engine_version to be set when replicate_source_db is set (#30703)
resource/aws_db_instance: Fixes panic when updating replica_mode (#30714)
resource/aws_dynamodb_table_item: Would report spurious diffs when List and Map attributes were changed out-of-band (#30712)
resource/aws_elasticache_user_group: Change user_group_id to ForceNew (#30533)
resource/aws_launch_template: Fix crash when instance_market_options.spot_options is empty (#30539)
resource/aws_msk_serverless_cluster: Change vpc_config.security_group_ids to Computed (#30535)
resource/aws_quicksight_data_set: Fix to properly send physical_table_map.*.relational_table.catalog when set (#30704)
resource/aws_quicksight_data_set: Fix to properly send physical_table_map.*.relational_table.schema when set (#30704)
resource/aws_rds_cluster: Prevent db_instance_parameter_group_name from causing errors on minor upgrades (#30679)
resource/aws_rds_cluster_parameter_group: Fixes differences being reported on every apply when setting system-source parameters (#30536)

`v4.62.0`

Compare Source

FEATURES:

New Data Source: aws_ec2_transit_gateway_attachments (#29644)
New Data Source: aws_ec2_transit_gateway_route_table_associations (#29642)
New Data Source: aws_ec2_transit_gateway_route_table_propagations (#29640)
New Data Source: aws_oam_link (#30401)
New Data Source: aws_oam_links (#30401)
New Data Source: aws_quicksight_data_set (#30422)
New Data Source: aws_vpclattice_service (#30490)
New Resource: aws_inspector2_member_association (#28921)
New Resource: aws_lightsail_distribution (#30124)
New Resource: aws_quicksight_account_subscription (#30359)
New Resource: aws_quicksight_data_set (#30349)
New Resource: aws_quicksight_folder (#30400)
New Resource: aws_vpclattice_service (#30429)
New Resource: aws_vpclattice_service_network (#35969)

ENHANCEMENTS:

data-source/aws_route_table: Ignore routes managed by VPC Lattice (#30515)
data-source/aws_secretsmanager_secret: Add rotation_rules.duration and rotation_rules.schedule_expression attributes (#30425)
data-source/aws_secretsmanager_secret_rotation: Add rotation_rules.duration and rotation_rules.schedule_expression attributes (#30425)
resource/aws_default_route_table: Ignore routes managed by VPC Lattice (#30515)
resource/aws_emrserverless_application: Add image_configuration field (#30398)
resource/aws_imagebuilder_container_recipe: Add platform_override field (#30398)
resource/aws_route_table: Ignore routes managed by VPC Lattice (#30515)
resource/aws_s3_bucket: Enable S3-compatible providers with no support for bucket tagging (#30151)
resource/aws_sagemaker_endpoint_configuration: Add name_prefix argument (#28785)
resource/aws_sagemaker_feature_group: Add table_format to the offline_store_config configuration block (#30118)
resource/aws_secretsmanager_secret: Add duration and schedule_expression attributes to rotation_rules configuration block (#30425)
resource/aws_secretsmanager_secret_rotation: Add duration and schedule_expression attributes to rotation_rules configuration block (#30425)

BUG FIXES:

resource/aws_ce_cost_category: Fixed effective_start being reset on any changes despite effective_start having the same value (#30369)
resource/aws_db_instance: Fix crash when updating password (#30379)
resource/aws_glue_crawler: Fix InvalidInputException error string matching (#30370)
resource/aws_glue_trigger: Fix InvalidInputException error string matching (#30370)
resource/aws_medialive_channel: Fix attribute certificate_mode spelling in rtmp_output_settings (#30224)
resource/aws_rds_cluster: Fix crash when updating master_password (#30379)
resource/aws_rds_cluster: Fix inconsistent final plan errors when engine_version updates are not applied immediately (#30247)
resource/aws_rds_cluster: Send db_instance_parameter_group_name on all modify requests when set (#30247)
resource/aws_rds_cluster_instance: Fix inconsistent final plan errors when engine_version updates are not applied immediately (#30247)
resource/aws_rds_instance: Fix inconsistent final plan errors when engine_version updates are not applied immediately (#30247)
resource/aws_s3_bucket_lifecycle_configuration: Allow rule.filter.object_size_greater_than = 0 (#29857)
resource/aws_scheduler_schedule: Mark arn property of dead_letter_config as a required property (#30360)

`v4.61.0`

Compare Source

FEATURES:

New Data Source: aws_appmesh_gateway_route (#29064)
New Data Source: aws_appmesh_virtual_node (#27545)
New Data Source: aws_appmesh_virtual_router (#26908)
New Data Source: aws_globalaccelerator_custom_routing_accelerator (#28922)
New Data Source: aws_oam_sink (#30258)
New Data Source: aws_oam_sinks (#30258)
New Data Source: aws_ssmincidents_replication_set (#29769)
New Resource: aws_globalaccelerator_custom_routing_accelerator (#28922)
New Resource: aws_globalaccelerator_custom_routing_endpoint_group (#28922)
New Resource: aws_globalaccelerator_custom_routing_listener (#28922)
New Resource: aws_rbin_rule (#25926)
New Resource: aws_sns_topic_data_protection_policy (#30008)
New Resource: aws_ssmincidents_replication_set (#29769)

ENHANCEMENTS:

data-source/aws_db_instance: Add master_user_secret attribute (#28848)
data-source/aws_globalaccelerator_accelerator: Add dual_stack_dns_name attribute (#28922)
data-source/aws_rds_cluster: Add master_user_secret attribute (#28848)
resource/aws_appmesh_gateway_route: Add header, path and query_parameter to the spec.http_route.match and spec.http2_route.match configuration blocks (#29064)
resource/aws_appmesh_gateway_route: Add port to the spec.grpc_route.action.target, spec.http_route.action.target and spec.http2_route.action.target configuration blocks to support Virtual Services with multiple listeners (#29064)
resource/aws_appmesh_gateway_route: Add priority to the spec configuration block (#29064)
resource/aws_appmesh_route: Add path and query_parameter to the spec.http_route.match and spec.http2_route.match configuration blocks (#29064)
resource/aws_appmesh_route: spec.http_route.match.prefix and spec.http2_route.match.prefix are Optional (#29064)
resource/aws_appmesh_virtual_node: Add ip_preference and response_type to the spec.service_discovery.dns configuration block (#29064)
resource/aws_db_instance: Add manage_master_user_password, master_user_secret and master_user_secret_kms_key_id arguments to support RDS managed master password in Secrets Manager (#28848)
resource/aws_globalaccelerator_accelerator: Add dual_stack_dns_name attribute (#28922)
resource/aws_lakeformation_lf_tag: Increase values MaxItem up to 1000 to match with AWS real limit (#26546)
resource/aws_rds_cluster: Add manage_master_user_password, master_user_secret and master_user_secret_kms_key_id arguments to support RDS managed master password in Secrets Manager (#28848)
resource/aws_sagemaker_endpoint_configuration: Add production_variants.enable_ssm_access and shadow_production_variants.enable_ssm_access arguments (#30267)

BUG FIXES:

datasource/aws_ecs_task_execution: Fix type assertion panic on overrides.0.container_overrides.*.environment attribute (#30214)
datasource/aws_ecs_task_execution: Fix type assertion panic on overrides.0.container_overrides.*.resource_requirements attribute (#30214)
datasource/aws_ecs_task_execution: Fix type assertion panic on overrides.0.inference_accelerator_overrides attribute (#30214)
resource/aws_appmesh_virtual_router: spec.listener is Optional (#29064)
resource/aws_fsx_openzfs_file_system: Fix iops validation in disk_iops_configuration to allow values for SINGLE_AZ_1 and SINGLE_AZ_2 (#30299)
resource/aws_lakeformation_lf_tag: Fix support for lf-tag keys with colons in the name (#28258)
resource/aws_launch_template: Allow metadata_options to be applied when http_endpoint is not configured (#30107)
resource/aws_ssm_activation: Fix IAM eventual consistency errors on resource Create (#30280)
resource/aws_ssm_document: Correctly set default_version, document_version, hash, latest_version and parameter as Computed when content changes (#28489)
resource/aws_wafv2_ip_set: Fix DiffSuppress on addresses to detect changes for unknown values (#30352)

`v4.60.0`

Compare Source

FEATURES:

New Data Source: aws_appmesh_route (#26695)
New Data Source: aws_appmesh_virtual_gateway (#27057)
New Resource: aws_cognito_managed_user_pool_client (#30140)
New Resource: aws_oam_link (#30125)
New Resource: aws_sesv2_contact_list (#30094)

ENHANCEMENTS:

data-source/aws_ecs_cluster: Add tags attribute (#30073)
resource/aws_appmesh_virtual_gateway: Add logging.access_log.file.format configuration block (#29315)
resource/aws_appmesh_virtual_node: Add logging.access_log.file.format configuration block (#29315)
resource/aws_rds_cluster: Conflict snapshot_identifier and global_cluster_identifier attributes, preventing misleading results on restore (#30158)
resource/aws_securityhub_account: Add enable_default_standards argument (#13477)
resource/aws_securityhub_member: email is Optional (#19065)

BUG FIXES:

data-source/aws_appmesh_mesh: Don't attempt to list tags if the current AWS account is not the mesh owner (#26695)
data-source/aws_appmesh_virtual_service: Don't attempt to list tags if the current AWS account is not the mesh owner (#26695)
resource/aws_apigateway_domain_name: Add ability to update mutual_tls_authentication.truststore_uri in place (#30081)
resource/aws_apigatewayv2_domain_name: Add ability to update mutual_tls_authentication.truststore_uri in place (#30081)
resource/aws_appmesh_gateway_route: Use configured mesh_owner when deleting shared gateway route (#29362)
resource/aws_appmesh_route: Use configured mesh_owner value when deleting shared route (#29362)
resource/aws_appmesh_virtual_gateway: Use configured mesh_owner value when deleting shared virtual gateway (#29362)
resource/aws_appmesh_virtual_node: Use configured mesh_owner value when deleting shared virtual node (#29362)
resource/aws_appmesh_virtual_router: Use configured mesh_owner value when deleting shared virtual router (#29362)
resource/aws_appmesh_virtual_service: Use configured mesh_owner value when deleting shared virtual service (#29362)
resource/aws_cognito_risk_configuration: Adds validation to risk_exception_configuration and requires at least one of account_takeover_risk_configuration, compromised_credentials_risk_configuration, or risk_exception_configuration. (#30074)
resource/aws_medialive_channel: Change TypeSet to TypeList on video_description, to get more precise actions from plan output (#30064)
resource/aws_medialive_channel: Fix type casting for h264_settings in video_descriptions (#30063)
resource/aws_medialive_channel: Fix type casting of program_num, segmentation_time and fragment_time for m2ts_settings (#30025)
resource/aws_opsworks_application: Don't return an error like deleting OpsWorks Application (...): %!s() after successful Delete (#30101)
resource/aws_pinpoint_app: Don't return an error like deleting Pinpoint Application (...): %!s() after successful Delete (#30101)
resource/aws_placement_group: Change spread_level to Computed (#28596)
resource/aws_security_group: Improve respect for delete timeout set by user and retry of certain errors (#30114)
resource/aws_transfer_server: Fix error refreshing protocol_details.as2_transports value (#30115)

`v4.59.0`

Compare Source

NOTES:

resource/aws_connect_queue: The quick_connect_ids_associated attribute is being deprecated in favor of quick_connect_ids (#26151)
resource/aws_connect_routing_profile: The queue_configs_associated attribute is being deprecated in favor of queue_configs (#26151)

FEATURES:

New Data Source: aws_ec2_public_ipv4_pool (#28245)
New Data Source: aws_ec2_public_ipv4_pools (#28245)
New Data Source: aws_servicecatalog_provisioning_artifacts (#25535)
New Resource: aws_codegurureviewer_repository_association (#29656)
New Resource: aws_emr_block_public_access_configuration (#29968)
New Resource: aws_kms_key_policy (#29923)
New Resource: aws_oam_sink (#29670)
New Resource: aws_oam_sink_policy (#30020)

ENHANCEMENTS:

aws_cognito_user_pool_domain: Add ability to update certificate_arn in place (#25275)
data-source/aws_aws_lb: Add enable_xff_client_port, xff_header_processing_mode and enable_tls_version_and_cipher_suite_headers attributes (#29792)
data-source/aws_ce_cost_category: Add default_value attribute (#29291)
data-source/aws_dynamodb_table: Add deletion_protection_enabled attribute (#29924)
data-source/aws_opensearch_domain: Add dashboard_endpoint attribute (#29867)
resource/aws_amplify_domain_association: Add enable_auto_sub_domain argument (#29814)
resource/aws_appflow_flow: Add attribute preserve_source_data_typing to s3_output_format_config in s3 (#27616)
resource/aws_appsync_datasource: Add event_bridge_config argument to support AppSync EventBridge data sources (#30042)
resource/aws_aws_lb: Add enable_xff_client_port, xff_header_processing_mode and enable_tls_version_and_cipher_suite_headers arguments (#29792)
resource/aws_batch_compute_environment: Allow a maximum of 2 compute_resources.ec2_configurations (#27207)
resource/aws_cloudwatch_metric_alarm: Add period parameter to metric_query (#29896)
resource/aws_cloudwatch_metric_alarm: Add validation to period parameter of metric_query.metric (#29896)
resource/aws_cognito_user_pool_domain: Add cloudfront_distribution and cloudfront_distribution_zone_id attributes (#27790)
resource/aws_dynamodb_table: Add deletion_protection_enabled argument (#29924)
resource/aws_ecs_task_definition: Add arn_without_revision attribute (#27351)
resource/aws_elasticache_user: Add authentication_mode argument (#28928)
resource/aws_fms_policy: Add description argument (#29926)
resource/aws_fsx_openzfs_file_system: Add support for SINGLE_AZ_2 deployment_type (#28583)
resource/aws_glue_crawler: Add create_native_delta_table attribute to the delta_target configuration block (#29566)
resource/aws_inspector2_organization_configuration: Add lambda attribute to auto_enable configuration block (#28961)
resource/aws_instance: Add ability to update private_dns_name_options in place (#26305)
resource/aws_lb_target_group: Add load_balancing_cross_zone_enabled argument (#29920)
resource/aws_opensearch_domain: Add dashboard_endpoint attribute (#29867)
resource/aws_qldb_ledger: Add configurable timeouts (#29635)
resource/aws_s3_bucket: Add error handling for XNotImplemented errors when reading acceleration_status, request_payer, lifecycle_rule, logging, or replication_configuration into terraform state. (#29632)
resource/aws_securityhub_organization_configuration: Add auto_enable_standards attribute (#29773)
resource/aws_wafv2_web_acl_association: Add configurable timeout for Create (#30002)

BUG FIXES:

data-source/aws_opensearch_domain: Add missing advanced_security_options.anonymous_auth_enabled attribute (#26746)
resource/aws_api_gateway_integration: Fix bug that cleared unchanged cache_key_parameters values on Update (#29991)
resource/aws_apigatewayv2_integration: Retry errors like ConflictException: Unable to complete operation due to concurrent modification. Please try again later. (#29735)
resource/aws_budgets_action: Extend and add configurable timeouts for create and update (#29976)
resource/aws_cognito_user_pool: Remove Computed from lambda_config.custom_email_sender and lambda_config.custom_sms_sender allowing their values to be removed (#29047)
resource/aws_cognito_user_pool: account_recovery_setting.recovery_mechanism is Optional+Computed (#22302)
resource/aws_ecr_repository: Fix unhandled errors and nil output on read (#30067)
resource/aws_elasticache_user: Change user_id to ForceNew (#28928)
resource/aws_elasticsearch_domain: Remove upper bound validation for ebs_options.throughput as the 1,000 MB/s limit can be raised (#27598)
resource/aws_lambda_function: Fix empty environment variable update (#29839)
resource/aws_lightsail_domain_entry: Allow for the domain entry to begin with an underscore. (#30056)
resource/aws_lightsail_domain_entry: Moved the error handling of an improperly formatted ID to be before attempting to access the id_parts. This will cause a proper empty resource message instead of a panic when ID is not properly formed. (#30056)
resource/aws_lightsail_instance: Added a check to ensure that the availability_zone value is within the current region of the provider. (#30056)
resource/aws_lightsail_instance: Fix name validation to allow instances to start with a numeric character (#29903)
resource/aws_medialive_channel: Fix setting of bitrate and sample_rate for aac_settings. (#29807)
resource/aws_medialive_channel: Fix setting of bitrate for eac3_settings. (#29809)
resource/aws_medialive_channel: Fix spelling for attribute audio_only_timecode_control and correct type for event_id in ms_smooth_group_settings (#29917)
resource/aws_medialive_channel: Removed Compute flag from audio_normalization_settings and remix_settings in audio_descriptions (#29859)
resource/aws_medialive_channel: Removed Computed flag from aac_settings, ´ac3_settings, eac3_atmos_settings, eac3_settings, mp2_settings, pass_through_settingsandwav_settingsincodec_settings`. (#29825)
resource/aws_neptune_cluster: Change lower bound validation for serverless_v2_scaling_configuration.min_capacity to 1 Neptune Capacity Unit (NCU) (#29999)
resource/aws_network_acl_association: Add retry to read step, resolving empty result error (#26838)
resource/aws_opensearch_domain: Remove upper bound validation for ebs_options.throughput as the 1,000 MB/s limit can be raised (#27598)
resource/aws_route: Allow destination_ipv6_cidr_block to be specified for a vpc_endpoint_id target (#29994)
resource/aws_sagemaker_endpoint_configuration: Fix variant_name generation when unset (#29915)

`v4.58.0`

Compare Source

FEATURES:

New Data Source: aws_ecs_task_execution (#29783)
New Data Source: aws_licensemanager_grants (#29741)
New Data Source: aws_licensemanager_received_license (#29741)
New Data Source: aws_licensemanager_received_licenses (#29741)
New Resource: aws_licensemanager_grant (#29741)
New Resource: aws_licensemanager_grant_accepter (#29741)

ENHANCEMENTS:

data-source/aws_ec2_transit_gateway_attachment: Add association_state and association_transit_gateway_route_table_id attributes (#29648)
data-source/aws_instances: Add ipv6_addresses attribute (#29794)
resource/aws_acm_certificate: Change options to Computed (#29763)
resource/aws_amplify_domain_association: Add enable_auto_sub_domain argument (#92814)
resource/aws_cloudhsm_v2_hsm: Enforce ExactlyOneOf for availability_zone and subnet_id arguments (#20891)
resource/aws_db_instance: Add listener_endpoint attribute (#28434)
resource/aws_db_instance: Add plan time validations for backup_retention_period, monitoring_interval, and monitoring_role_arn (#28434)
resource/aws_flow_log: Add deliver_cross_account_role argument (#29254)
resource/aws_grafana_workspace: Add network_access_control argument (#29793)
resource/aws_sesv2_configuration_set: Add vdm_options argument (#28812)
resource/aws_transfer_server: Add protocol_details argument (#28621)
resource/aws_transfer_workflow: Add decrypt_step_details to the on_exception_steps and steps configuration blocks (#29692)
resource/db_snapshot: Add shared_accounts argument (#28424)

BUG FIXES:

resource/aws_acm_certificate: Update options.certificate_transparency_logging_preference in place rather than replacing the resource (#29763)
resource/aws_batch_job_definition: Prevents perpetual diff when container properties environment variable has empty value. (#29820)
resource/aws_elastic_beanstalk_configuration_template: Map errors like InvalidParameterValue: No Platform named '...' found. to resource.NotFoundError so terraform refesh correctly removes the resource from state (#29863)
resource/aws_flow_log: Fix IAM eventual consistency errors on resource Create (#29254)
resource/aws_grafana_workspace: Allow removing vpc_configuration (#29793)
resource/aws_medialive_channel: Fix setting of the include_fec attribute in fec_output_settings (#29808)
resource/aws_medialive_channel: Fix setting of the video_pid attribute in m2ts_settings (#29824)

`v4.57.1`

Compare Source

BUG FIXES:

resource/aws_lambda_function: Prevent Provider produced inconsistent final plan errors produced by null skip_destroy attribute value. NOTE: Because the maintainers have been unable to reproduce the reported problem, the fix is best effort and we ask for community support in verifying the fix. (#29812)

`v4.57.0`

Compare Source

NOTES:

resource/aws_dms_endpoint: The s3_settings argument has been deprecated. All configurations using aws_dms_endpoint.*.s3_settings should be updated to use the aws_dms_s3_endpoint resource instead (#29728)
resource/aws_networkmanager_core_network: The base_policy_region argument is being deprecated in favor of the new base_policy_regions argument. (#29623)

FEATURES:

New Resource: aws_lightsail_bucket_resource_access (#29460)

ENHANCEMENTS:

data-source/aws_launch_template: Add instance_requirements.allowed_instance_types and instance_requirements.network_bandwidth_gbps attributes (#29140)
resource/aws_autoscaling_group: Add auto_rollback to the instance_refresh.preferences configuration block (#29513)
resource/aws_autoscaling_group: Add mixed_instances_policy.launch_template.override.instance_requirements.allowed_instance_types and mixed_instances_policy.launch_template.override.instance_requirements.network_bandwidth_gbps arguments (#29140)
resource/aws_autoscaling_policy: Add metrics to the target_tracking_configuration.customized_metric_specification configuration block in support of metric math (#28560)
resource/aws_cloudtrail_event_data_store: Add kms_key_id argument (#29224)
resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the db2 engine (#29380)
resource/aws_dms_endpoint: Add support for azure-sql-managed-instance engine_name value (#28960)
resource/aws_dms_s3_endpoint: Add detach_target_on_lob_lookup_failure_parquet argument (#29772)
resource/aws_ec2_fleet: Add fleet_instance_set, fleet_state, fulfilled_capacity, and fulfilled_on_demand_capacity attributes (#29181)
resource/aws_ec2_fleet: Add launch_template_config.override.instance_requirements.allowed_instance_types and launch_template_config.override.instance_requirements.network_bandwidth_gbps arguments (#29140)
resource/aws_ec2_fleet: Add on_demand_options.capacity_reservation_options,on_demand_options.max_total_price, on_demand_options.min_target_capacity, on_demand_options.single_availability_zone and on_demand_options.single_instance_type arguments (#29181)
resource/aws_ec2_fleet: Add spot_options.maintenance_strategies.capacity_rebalance.termination_delay argument (#29181)
resource/aws_ec2_fleet: Add valid_from and valid_until arguments (#29181)
resource/aws_lambda_function: Add skip_destroy argument (#29646)
resource/aws_lambda_function: Add configurable timeout for Delete (#29646)
resource/aws_lambda_function: Add plan time validators for memory_size, role, and timeout (#29721)
resource/aws_lambda_function: Retry (up to the configurable timeout) deletion of replicated Lambda@Edge functions (#29646)
resource/aws_launch_template: Add instance_requirements.allowed_instance_types and instance_requirements.network_bandwidth_gbps arguments (#29140)
resource/aws_networkmanager_core_network: Add base_policy_regions argument (#29623)
resource/aws_spot_fleet_request: Add launch_template_config.overrides.instance_requirements.allowed_instance_types and launch_template_config.overrides.instance_requirements.network_bandwidth_gbps arguments (#29140)
resource/aws_transfer_server: Add support for on_partial_upload block on the workflow_details attribute. (#27730)
resource/aws_transfer_user: Add configurable timeout for Delete (#27563)

BUG FIXES:

resource/aws_dms_endpoint: Trigger updates based on adding new extra_connection_attributes (#29772)
resource/aws_instance: When encountering InsufficientInstanceCapacity errors, do not retry in order to fail faster, as this error is typically not resolvable in the near future (#21293)
resource/aws_transfer_server: Allow the removal of workflow_details attribute. (#27730)
resource/aws_transfer_user: Fix bug preventing removal of all home_directory_mappings due to empty list validation error (#27563)

`v4.56.0`

Compare Source

NOTES:

resource/aws_lambda_function: Updated to AWS SDK V2 (#29615)

FEATURES:

New Data Source: aws_vpc_security_group_rule (#29484)
New Data Source: aws_vpc_security_group_rules (#29484)
New Resource: aws_networkmanager_connect_peer (#29296)
New Resource: aws_vpc_security_group_egress_rule (#29484)
New Resource: aws_vpc_security_group_ingress_rule (#29484)

ENHANCEMENTS:

data-source/aws_ecr_image: Add most_recent argument to return the most recently pushed image (#26857)
data-source/aws_ecr_repository: Add most_recent_image_tags attribute containing the most recently pushed image tag(s) in an ECR repository (#26857)
resource/aws_lb_ssl_negotiation_policy: Add triggers attribute to force resource updates (#29482)
resource/aws_load_balancer_listener_policy: Add triggers attribute to force resource updates (#29482)
resource/aws_organizations_policy: Add skip_destroy attribute (#29382)
resource/aws_organizations_policy_attachment: Add skip_destroy attribute (#29382)
resource/aws_sns_topic: Add signature_version and tracing_config arguments (#29462)

BUG FIXES:

resource/aws_acmpca_certificate_authority: revocation_configuration.crl_configuration.expiration_in_days is Optional (#29613)
resource/aws_default_vpc: Change enable_network_address_usage_metrics to Optional+Computed, matching the aws_vpc resource (#29607)
resource/aws_lambda_function: Fix missing ValidationException message body (#29615)
resource/aws_medialive_channel: Fix setting of m2ts_settings arib_captions_pid and arib_captions_pid_control attributes (#29467)
resource/aws_resourceexplorer2_view: Fix Unexpected Planned Resource State on Destroy errors when using Terraform CLI v1.3 and above (#29550)
resource/aws_servicecatalog_provisioned_product: Fix to allow outputs to be Computed when the resource changes (#29559)
resource/aws_sns_topic_subscription: Fix filter_policy_scope update from MessageAttributes to MessageBody with nested objects in filter_policy (#28572)
resource/aws_wafv2_web_acl: Prevent erroneous diffs and attempts to remove AWS-added rule when applying to CF distribution using AWS Shield to automatically mitigate DDoS (#29575)

`v4.55.0`

Compare Source

FEATURES:

New Data Source: aws_organizations_organizational_unit_child_accounts (#24350)
New Data Source: aws_organizations_organizational_unit_descendant_accounts (#24350)
New Resource: aws_route53_cidr_collection (#29407)
New Resource: aws_route53_cidr_location (#29407)
New Resource: aws_vpc_ipam_resource_discovery (#29216)
New Resource: aws_vpc_ipam_resource_discovery_association (#29216)

ENHANCEMENTS:

data-source/aws_s3_bucket_object: Expand content types that can be read from S3 to include some human-readable application types (e.g., application/xml, application/atom+xml) (#27704)
data-source/aws_s3_object: Expand content types that can be read from S3 to include some human-readable application types (e.g., application/xml, application/atom+xml) (#27704)
resource/aws_autoscaling_policy: Make resource_label optional in predefined_load_metric_specification, predefined_metric_pair_specification, and predefined_scaling_metric_specification (#29277)
resource/aws_cloudwatch_log_group: Allow retention_in_days attribute to accept a three year retention period (1096 days) (#29426)
resource/aws_db_proxy: Add auth.client_password_auth_type attribute (#28432)
resource/aws_firehose_delivery_stream: Add ForceNew to dynamic_partitioning_configuration attribute (#29093)
resource/aws_firehose_delivery_stream: Add configurable timeouts for create, update, and delete (#28469)
resource/aws_neptune_cluster: Add neptune_instance_parameter_group_name argument, used only when upgrading major version (#28051)
resource/aws_neptune_global_cluster: Increase Update timeout to 120 minutes (per global cluster member) (#28051)
resource/aws_route53_cidr_location: Add cidr_routing_policy argument (#29407)
resource/aws_s3_bucket: Accept 'NoSuchTagSetError' responses from S3-compatible services (#28530)
resource/aws_s3_bucket: Add error handling for NotImplemented errors when reading lifecycle_rule or replication_configuration into terraform state. (#28790)
resource/aws_s3_object: Accept 'NoSuchTagSetError' responses from S3-compatible services (#28530)

BUG FIXES:

data-source/aws_elb: Fix errors caused by multiple security groups with the same name but different owners (#29202)
resource/aws_appflow_connector_profile: Fix bug in connector_profile_config.0.connector_profile_properties.0.sapo_data.0.logon_language validation regex (#28550)
resource/aws_appflow_flow: Fix misspelled source_connector_properties.0.sapo_data.0.object, which never worked, to be object_path (#28600)
resource/aws_appmesh_route: Fix RequiredWith setting for spec.0.grpc_route.0.match.0.method_name attribute (#29217)
resource/aws_autoscaling_policy: Fix type of target_value for predictive scaling (#28444)
resource/aws_cloudfront_response_headers_policy: Allow server_timing_headers_config.0.sampling_rate to be 0 (#27778)
resource/aws_codebuild_project: Fix err check on delete (#29042)
resource/aws_ecs_service: Allow multiple service blocks within service_connect_configuration (#28813)
resource/aws_ecs_service: Mark service_connect_configuration.service.client_alias as optional and ensure that only 1 such block can be provided (#28813)
resource/aws_ecs_service: Require service_connect_configuration.log_configuration.log_driver to be provided (#28813)
resource/aws_elb: Fix errors caused by multiple security groups with the same name but different owners (#29202)
resource/aws_emr_cluster: Fix errors caused by multiple security groups with the same name but different owners (#29202)
resource/aws_globalaccelerator_endpoint_group: Fix errors caused by multiple security groups with the same name but different owners (#29202)
resource/aws_kms_key: Increase policy propagation eventual consistency timeouts from 5 minutes to 10 minutes (#28636)
resource/aws_medialive_channel: Fix issue causing dbv_sub_pids attribute to be configured incorrectly in m2ts_settings (#29371)
resource/aws_medialive_channel: Fix issue preventing audio_pids attribute from being configured in m2ts_settings (#29371)
resource/aws_neptune_cluster: Fix restore-from-snapshot functionality using the snapshot_identifier argument on resource Create (#28051)
resource/aws_neptune_cluster: Fix major version upgrade (#28051)
resource/aws_sagemaker_user_profile: Change user_settings.0.jupyter_server_app_settings.0.default_resource_spec to be optional (#28581)

`v4.54.0`

Compare Source

NOTES:

provider: Resolves provider crashes reporting Error: Plugin did not respond and fatal error: concurrent map writes with updated upstream package (terraform-plugin-log) (#29269)
resource/aws_networkmanager_core_network: The policy_document attribute is being deprecated in favor of the new aws_networkmanager_core_network_policy_attachment resource. (#29097)

FEATURES:

New Resource: aws_evidently_launch (#28752)
New Resource: aws_lightsail_bucket_access_key (#28699)
New Resource: aws_networkmanager_core_network_policy_attachment (#29097)

ENHANCEMENTS:

data-source/aws_cloudtrail_service_account: Add service account ID for ap-southeast-4 AWS Region (#29103)
data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-southeast-4 AWS Region (#29103)
data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-southeast-4 AWS Region (#29103)
data-source/aws_s3_bucket: Add hosted zone ID for ap-south-2 AWS Region (#29103)
data-source/aws_s3_bucket: Add hosted zone ID for ap-southeast-4 AWS Region (#29103)
provider: Support ap-southeast-4 as a valid AWS region (#29329)
resource/aws_dynamodb_table: Add arn, stream_arn, and stream_label attributes to replica to obtain this information for replicas (#29269)
resource/aws_efs_mount_target: Add configurable timeouts for Create and Delete (#27991)
resource/aws_lambda_function: Add replace_security_groups_on_destroy and replacement_security_group_ids attributes (#29289)
resource/aws_networkfirewall_firewall: Add ip_address_type attribute to the subnet_mapping configuration block (#29010)
resource/aws_networkmanager_core_network: Add base_policy_region and create_base_policy arguments (#29097)

BUG FIXES:

data-source/aws_kms_key: Reinstate support for KMS multi-Region key ID or ARN values for the key_id argument (#29266)
resource/aws_cloudwatch_log_group: Fix IAM eventual consistency error when setting a retention policy (#29325)
resource/aws_dynamodb_table: Avoid recreating table replicas when enabling PITR on them (#29269)
resource/aws_ec2_client_vpn_endpoint: Change authentication_options from TypeList to TypeSet as order is not significant (#29294)
resource/aws_kms_grant: Retries until valid principal ARNs are returned instead of not updating state (#29245)
resource/aws_opsworks_permission: stack_id and user_arn are both Required and ForceNew (#27991)
resource/aws_prometheus_workspace: Create a logging configuration on resource update if none existed previously (#27472)
resource/aws_s3_bucket: Fix crash when logging is empty (#29243)
resource/aws_sns_topic: Fixes potential race condition when reading policy document. (#29226)
resource/aws_sns_topic_policy: Fixes potential race condition when reading policy document. (#29226)

`v4.53.0`

Compare Source

ENHANCEMENTS:

provider: Adds structured fields in logging (#29223)
provider: Masks authentication fields in HTTP header logging (#29223)

`v4.52.0`

Compare Source

NOTES:

resource/aws_dynamodb_table: In the past, in certain situations, kms_key_arn could be populated with the default DynamoDB key alias/aws/dynamodb. This was an error because it would then be sent back to AWS and should not be. (#29102)
resource/aws_dynamodb_table: In the past, in certain situations, server_side_encryption.0.kms_key_arn or replica.*.kms_key_arn could be populated with the default DynamoDB key alias/aws/dynamodb. This was an error because it would then be sent back to AWS and should not be. (#29102)
resource/aws_dynamodb_table: Updating replica.*.kms_key_arn or replica.*.point_in_time_recovery, when the replica's kms_key_arn is set, requires recreating the replica. (#29102)
resource/aws_dynamodb_table_replica: Updating kms_key_arn forces replacement of the replica now as required to re-encrypt the replica (#29102)

FEATURES:

New Data Source: aws_auditmanager_framework (#28989)
New Resource: aws_auditmanager_assessment_delegation (#29099)
New Resource: aws_auditmanager_framework_share (#29049)
New Resource: aws_auditmanager_organization_admin_account_registration (#29018)

ENHANCEMENTS:

resource/aws_wafv2_rule_group: Add oversize_handling argument to body block of the field_to_match block (#29082)

BUG FIXES:

resource/aws_api_gateway_integration: Prevent drift of connection_type attribute when aws_api_gateway_deployment triggers are used (#29016)
resource/aws_dynamodb_table: Fix perpetual diffs when using default AWS-managed keys (#29102)
resource/aws_dynamodb_table: Fix to allow updating of replica.*.kms_key_arn (#29102)
resource/aws_dynamodb_table: Fix to allow updating of replica.*.point_in_time_recovery when a replica has kms_key_arn set (#29102)
resource/aws_dynamodb_table: Fix unexpected state 'DISABLED' error when waiting for PITR to update (#29086)
resource/aws_dynamodb_table_replica: Fix to allow creation of the replica without errors when kms_key_arn is set (#29102)
resource/aws_dynamodb_table_replica: Fix to allow updating of kms_key_arn (#29102)
resource/aws_medialive_channel: Add missing rate_control_mode in acc_settings for audio_descriptions (#29051)
resource/aws_medialive_input: Fix eventual consistency error when updating (#29051)
resource/aws_vpc_ipam_pool_cidr_allocation: Added support for eventual consistency on read operations after create. (#29022)
resource/aws_wafv2_web_acl: Fix error when setting aws_managed_rules_bot_control_rule_set in manage_rule_group_config (#28810)

`v4.51.0`

Compare Source

NOTES:

resource/aws_ce_anomaly_subscription: Deprecate threshold argument in favour of threshold_expression (#28573)

FEATURES:

New Data Source: aws_auditmanager_control (#28967)
New Resource: aws_datasync_location_object_storage (#23154)
New Resource: aws_rds_export_task (#28831)
New Resource: aws_resourceexplorer2_view (#28841)

ENHANCEMENTS:

resource/aws_appmesh_gateway_route: Add port on the match attribute for routes (#27799)
resource/aws_appmesh_route: Add port on the weighted_target attribute (#27799)
resource/aws_appmesh_virtual_gateway: Add the functionality to be able specify multi listeners (#27799)
resource/aws_appmesh_virtual_node: Add the functionality to be able specify multi listeners (#27799)
resource/aws_appmesh_virtual_router: Add the functionality to be able specify multi listeners (#27799)
resource/aws_apprunner_service: Add source_configuration.code_repository.code_configuration.runtime_environment_secrets and source_configuration.image_repository.image_configuration.runtime_environment_secrets argument (#28871)
resource/aws_ce_anomaly_subscription: Add threshold_expression argument (#28573)
resource/aws_grafana_workspace: Add configuration argument (#28569)
resource/aws_imagbuilder_component: Add skip_destroy argument (#28905)
resource/aws_lambda_event_source_mapping: Add scaling_config argument (#28876)
resource/aws_lambda_function: Add configurable timeout for Update (#28963)
resource/aws_rum_app_monitor: Add custom_events argument (#28431)
resource/aws_servicecatalog_portfolio_share: Add share_principals argument (#28619)

BUG FIXES:

data-source/aws_eks_cluster: Add outpost_config.control_plane_placement attribute (#28924)
data-source/aws_identitystore_group: Restore use of ListGroups API when filter is specified (#28937)
data-source/aws_identitystore_user: Restore use of ListUsers API when filter is specified (#28937)
data-source/aws_lambda_function: Fix AccessDeniedException errors in AWS Regions where AWS Signer is not supported (#28963)
data-source/aws_lambda_function: Remove any qualifier from invoke_arn (#28963)
resource/aws_appstream_image_builder: Fix IAM eventual consistency error for optional role (#26677)
resource/aws_appstream_image_builder: Fix refresh error when domain_join_info and vpc_config are not empty (#26677)
resource/aws_elasticsearch_domain: Prevent persistent iops diff (#28901)
resource/aws_grafana_workspace: Fix updating vpc_configuration (#28569)
resource/aws_iam_server_certificate: Avoid errors on delete when no error occurred (#28968)
resource/aws_lambda_function: Don't persist invalid filename, s3_bucket, s3_key or s3_object_version values on resource Update (#28963)
resource/aws_lambda_function: Retry ResourceNotFoundException errors on resource Create (#28963)
resource/aws_lb_listener_certificate: Show errors in certain cases where they were previously only logged and resource was removed from state (#28968)
resource/aws_opensearch_domain: Omit throughput and iops for unsupported volume types (#28862)
resource/aws_sagemaker_app: Correctly list all apps so as not to lose track in an environment where there are many apps (#28561)

`v4.50.0`

Compare Source

FEATURES:

New Data Source: aws_lbs (#27161)
New Resource: aws_sesv2_configuration_set_event_destination (#27565)

ENHANCEMENTS:

data-source/aws_lb_target_group: Support querying by tags (#27261)
resource/aws_redshiftdata_statement: Add workgroup_name argument (#28751)
resource/aws_service_discovery_service: Add type argument (#28778)

BUG FIXES:

resource/aws_acmpca_policy: Improve refresh to avoid unnecessary diffs in policy (#28788)
resource/aws_api_gateway_rest_api: Improve refresh to avoid unnecessary diffs in policy (#28789)
resource/aws_api_gateway_rest_api_policy: Improve refresh to avoid unnecessary diffs in policy (#28789)
resource/aws_apprunner_service: observability_configuration_arn is optional (#28620)
resource/aws_apprunner_vpc_connector: Fix default_tags not handled correctly (#28736)
resource/aws_appstream_stack: Fix panic on user_settings update (#28766)
resource/aws_appstream_stack: Prevent unnecessary replacements on update (#28766)
resource/aws_backup_vault_policy: Improve refresh to avoid unnecessary diffs in policy (#28791)
resource/aws_cloudsearch_domain_service_access_policy: Improve refresh to avoid unnecessary diffs in access_policy (#28792)
resource/aws_cloudwatch_event_bus_policy: Improve refresh to avoid unnecessary diffs in policy (#28802)
resource/aws_codeartifact_domain_permissions_policy: Improve refresh to avoid unnecessary diffs in policy_document (#28794)
resource/aws_codeartifact_repository_permissions_policy: Improve refresh to avoid unnecessary diffs in policy_document (#28794)
resource/aws_codebuild_resource_policy: Improve refresh to avoid unnecessary diffs in policy (#28796)
resource/aws_dms_replication_subnet_group: Fix error ("Provider produced inconsistent result") when an error is encountered during creation (#28748)
resource/aws_dms_replication_task: Allow updates to aws_dms_replication_task even when migration_type and table_mappings have not changed (#28047)
resource/aws_dms_replication_task: Fix error with cdc_path when used with aws_dms_s3_endpoint (#28704)
resource/aws_dms_s3_endpoint: Fix error with cdc_path when used with aws_dms_replication_task (#28704)
resource/aws_ecr_registry_policy: Improve refresh to avoid unnecessary diffs in policy (#28799)
resource/aws_ecr_repository_policy: Improve refresh to avoid unnecessary diffs in policy (#28799)
resource/aws_ecrpublic_repository_policy: Improve refresh to avoid unnecessary diffs in policy (#28799)
resource/aws_efs_file_system_policy: Improve refresh to avoid unnecessary diffs in policy (#28800)
resource/aws_elasticsearch_domain: Improve refresh to avoid unnecessary diffs in access_policies (#28801)
resource/aws_elasticsearch_domain_policy: Improve refresh to avoid unnecessary diffs in access_policies (#28801)
resource/aws_glacier_vault: Improve refresh to avoid unnecessary diffs in access_policy (#28804)
resource/aws_glacier_vault_lock: Improve refresh to avoid unnecessary diffs in policy (#28804)
resource/aws_glue_resource_policy: Improve refresh to avoid unnecessary diffs in policy (#28807)
resource/aws_iam_group_policy: Fixed issue that could result in "inconsistent final plan" errors (#28868)
resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in policy (#28777)
resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in policy (#28836)
resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in policy (#28777)
resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in policy, tags (#28836)
resource/aws_iam_role: Fixed issue that could result in "inconsistent final plan" errors (#28868)
resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in assume_role_policy and inline_policy policy (#28777)
resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in inline_policy.*.policy, tags (#28836)
resource/aws_iam_role_policy: Fixed issue that could result in "inconsistent final plan" errors (#28868)
resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in policy (#28777)
resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in policy (#28836)
resource/aws_iam_user_policy: Fixed issue that could result in "inconsistent final plan" errors (#28868)
resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in policy (#28777)
resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in policy (#28836)
resource/aws_iot_policy: Improve refresh to avoid unnecessary diffs in policy (#28838)
resource/aws_kms_external_key: Improve refresh to avoid unnecessary diffs in policy (#28853)
resource/aws_kms_key: Improve refresh to avoid unnecessary diffs in policy (#28853)
resource/aws_lb_target_group: Change protocol_version to ForceNew (#17845)
resource/aws_lb_target_group: When creating a new target group, return an error if there is an existing target group with the same name. Use terraform import for existing target groups (#26977)
resource/aws_mq_configuration: Improve refresh to avoid unnecessary diffs in data (#28837)
resource/aws_s3_access_point: Improve refresh to avoid unnecessary diffs in policy (#28866)
resource/aws_s3_bucket: Improve refresh to avoid unnecessary diffs in policy (#28855)
resource/aws_s3_bucket_policy: Improve refresh to avoid unnecessary diffs in policy (#28855)
resource/aws_s3control_access_point_policy: Improve refresh to avoid unnecessary diffs in policy (#28866)
resource/aws_s3control_bucket_policy: Improve refresh to avoid unnecessary diffs in policy (#28866)
resource/aws_s3control_multi_region_access_point_policy: Improve refresh to avoid unnecessary diffs in details policy (#28866)
resource/aws_s3control_object_lambda_access_point_policy: Improve refresh to avoid unnecessary diffs in policy (#28866)
resource/aws_sagemaker_model_package_group_policy: Improve refresh to avoid unnecessary diffs in resource_policy (#28865)
resource/aws_schemas_registry_policy: Improve refresh to avoid unnecessary diffs in policy (#28864)
resource/aws_secretsmanager_secret: Improve refresh to avoid unnecessary diffs in policy (#28863)
resource/aws_secretsmanager_secret_policy: Improve refresh to avoid unnecessary diffs in policy (#28863)
resource/aws_ses_identity_policy: Improve refresh to avoid unnecessary diffs in policy (#28861)
resource/aws_sns_topic: Improve refresh to avoid unnecessary diffs in policy (#28860)
resource/aws_sns_topic_policy: Improve refresh to avoid unnecessary diffs in policy (#28860)
resource/aws_sqs_queue: Improve refresh to avoid unnecessary diffs in policy (#28840)
resource/aws_sqs_queue_policy: Improve refresh to avoid unnecessary diffs in policy (#28840)
resource/aws_transfer_access: Improve refresh to avoid unnecessary diffs in policy (#28859)
resource/aws_transfer_user: Improve refresh to avoid unnecessary diffs in policy (#28859)
resource/aws_vpc_endpoint: Improve refresh to avoid unnecessary diffs in policy (#28798)
resource/aws_vpc_endpoint_policy: Improve refresh to avoid unnecessary diffs in policy (#28798)

`v4.49.0`

Compare Source

NOTES:

resource/aws_dms_endpoint: For s3_settings cdc_min_file_size, AWS changed the multiplier to kilobytes instead of megabytes. In other words, prior to the change, a value of 32 represented 32 MiB. After the change, a value of 32 represents 32 KB. Change your configuration accordingly. (#28578)
resource/aws_fsx_ontap_storage_virtual_machine: The subtype attribute is no longer deprecated (#28567)

FEATURES:

New Data Source: aws_s3control_multi_region_access_point (#28373)
New Resource: aws_appsync_type (#28437)
New Resource: aws_auditmanager_assessment (#28643)
New Resource: aws_auditmanager_assessment_report (#28663)
New Resource: aws_ec2_instance_state (#28639)
New Resource: aws_lightsail_bucket (#28585)
New Resource: aws_ssoadmin_instance_access_control_attributes (#23317)

ENHANCEMENTS:

data-source/aws_autoscaling_group: Add desired_capacity_type attribute (#28658)
data-source/aws_kms_secrets: Add encryption_algorithm and key_id arguments in support of asymmetric keys (#21054)
resource/aws_appflow_connector_profile: Add support for connector_type CustomConnector. Add cluster_identifier, database_name, and data_api_role_arn attributes for redshift connection_profile_properties (#26766)
resource/aws_appsync_resolver: Add runtime and code arguments (#28436)
resource/aws_appsync_resolver: Add plan time validation for caching_config.ttl (#28436)
resource/aws_athena_workgroup: Add configuration.execution_role argument (#28420)
resource/aws_autoscaling_group: Add desired_capacity_type argument (#28658)
resource/aws_dms_endpoint: Change s3_settings cdc_min_file_size default to 32000 in order to align with AWS's change from megabytes to kilobytes for this setting (#28578)
resource/aws_ecs_service: Add alarms argument (#28521)
resource/aws_lightsail_instance: Add add_on configuration block. (#28602)
resource/aws_lightsail_instance_public_ports: Add cidr_list_aliases argument (#28376)
resource/aws_s3_access_point: Add bucket_account_id argument (#28564)
resource/aws_s3control_storage_lens_configuration: Add advanced_cost_optimization_metrics, advanced_data_protection_metrics, and detailed_status_code_metrics arguments to the storage_lens_configuration.account_level and storage_lens_configuration.account_level.bucket_level configuration blocks (#28564)
resource/aws_wafv2_rule_group: Add rule.action.captcha argument (#28435)
resource/aws_wafv2_web_acl: Add rule.action.challenge argument (#28305)
resource/aws_wafv2_web_acl: Add support for ManagedRuleGroupConfig (#28594)

BUG FIXES:

data-source/aws_cloudwatch_log_group: Restore use of ListTagsLogGroup API (#28492)
resource/aws_cloudwatch_log_group: Restore use of ListTagsLogGroup, TagLogGroup and UntagLogGroup APIs (#28492)
resource/aws_dms_endpoint: Add s3 setting ignore_header_rows and deprecate misspelled ignore_headers_row. (#28579)
resource/aws_elasticache_user_group_association: Retry on InvalidUserGroupState errors to handle concurrent updates (#28689)
resource/aws_lambda_function_url: Fix removal of cors configuration block (#28439)
resource/aws_lightsail_database: The availability_zone attribute is now optional/computed to support HA bundle_ids (#28590)
resource/aws_lightsail_disk_attachment: Resolves a panic when an attachment fails and attempts to display the error returned by AWS. (#28593)

`v4.48.0`

Compare Source

FEATURES:

New Resource: aws_dx_macsec_key_association (#26274)

ENHANCEMENTS:

resource/aws_dx_connection: Add encryption_mode and request_macsec arguments and macsec_capable and port_encryption_status attributes in support of MACsec (#26274)
resource/aws_dx_connection: Add skip_destroy argument (#26274)
resource/aws_eks_node_group: Add support for WINDOWS_CORE_2019_x86_64, WINDOWS_FULL_2019_x86_64, WINDOWS_CORE_2022_x86_64, and WINDOWS_FULL_2022_x86_64 ami_type values (#28445)
resource/aws_networkfirewall_rule_group: Add reference_sets configuration block (#28335)
resource/aws_networkmanager_vpc_attachment: Add options.appliance_mode_support argument (#28450)

BUG FIXES:

resource/aws_networkfirewall_rule_group: Change rule_group.rules_source.stateful_rule from TypeSet to TypeList to preserve rule order (#27102)

`v4.47.0`

Compare Source

FEATURES:

New Data Source: aws_cloudwatch_log_data_protection_policy_document (#28272)
New Data Source: aws_db_instances (#28303)
New Resource: aws_auditmanager_account_registration (#28314)
New Resource: aws_auditmanager_framework (#28257)
New Resource: aws_lambda_functions (#28254)
New Resource: aws_sagemaker_space (#28154)
New Resource: aws_ssoadmin_permissions_boundary_attachment (#28241)

ENHANCEMENTS:

data-source/aws_cloudwatch_log_group: Use resource tagging APIs that are not on a path to deprecation (#28359)
data-source/aws_eks_addon: Add configuration_values attribute (#28295)
resource/aws_appsync_function: Add runtime and code arguments (#28057)
resource/aws_appsync_function: Make request_mapping_template and response_mapping_template Optional (#28057)
resource/aws_cloudwatch_log_destination: Add tags argument and tags_all attribute to support resource tagging (#28359)
resource/aws_cloudwatch_log_group: Use resource tagging APIs that are not on a path to deprecation (#28359)
resource/aws_eks_addon: Add configuration_values argument (#28295)
resource/aws_grafana_workspace: Add vpc_configuration argument. (#28308)
resource/aws_networkmanager_core_network: Increase Create, Update, and Delete timeouts to 30 minutes (#28363)
resource/aws_sagemaker_app: Add space_name argument (#28154)
resource/aws_sagemaker_app: Make user_profile_name optional (#28154)
resource/aws_sagemaker_domain: Add default_space_settings and default_user_settings.jupyter_server_app_settings.code_repository arguments (#28154)
resource/aws_sagemaker_endpoint_configuration: Add shadow_production_variants, production_variants.container_startup_health_check_timeout_in_seconds, production_variants.core_dump_config, production_variants.model_data_download_timeout_in_seconds, and production_variants.volume_size_in_gb arguments (#28159)
resource/aws_sagemaker_user_profile: Add user_settings.jupyter_server_app_settings.code_repository argument (#28154)

BUG FIXES:

resource/aws_cloudwatch_metric_stream: Correctly update tags (#28310)
resource/aws_db_instance: Ensure that apply_immediately default value is applied (#25768)
resource/aws_ecs_service: Fix missing required field, UpdateServiceInput.ServiceConnectConfiguration.Enabled error when removing service_connect_configuration configuration block (#28338)
resource/aws_ecs_service: Fix service_connect_configuration.service.ingress_port_override being set to 0 (InvalidParameterException: IngressPortOverride cannot use ports <= 1024 error) when not configured (#28338)

`v4.46.0`

Compare Source

FEATURES:

New Data Source: aws_glue_catalog_table (#23256)
New Resource: aws_auditmanager_control (#27857)
New Resource: aws_networkmanager_core_network (#28155)
New Resource: aws_resourceexplorer2_index (#28144)
New Resource: aws_rum_metrics_destination (#28143)
New Resource: aws_vpc_network_performance_metric_subscription (#28150)

ENHANCEMENTS:

resource/aws_glue_crawler: Add catalog_target.dlq_event_queue_arn, catalog_target.event_queue_arn, catalog_target.connection_name, lake_formation_configuration, and jdbc_target.enable_additional_metadata arguments (#28156)
resource/aws_glue_crawler: Make delta_target.connection_name optional (#28156)
resource/aws_networkfirewall_firewall: Add encryption_configuration attribute (#28242)
resource/aws_networkfirewall_firewall_policy: Add encryption_configuration attribute (#28242)
resource/aws_networkfirewall_rule_group: Add encryption_configuration attribute (#28242)

BUG FIXES:

resource/aws_db_instance: Fix error modifying allocated_storage when storage_type is "gp3" (#28243)
resource/aws_dms_s3_endpoint: Fix disparate handling of endpoint attributes in different regions (#28220)
resource/aws_evidently_feature: Fix description attribute to accept strings between 0 and 160 in length (#27948)
resource/aws_lb_target_group: Allow healthy_threshold and unhealthy_threshold to be set to different values for TCP health checks. (#28018)
resource/aws_lb_target_group: Allow interval to be updated for TCP health checks (#28018)
resource/aws_lb_target_group: Allow timeout to be set for TCP health checks (#28018)
resource/aws_lb_target_group: Don't force recreation on health_check attribute changes (#28018)
resource/aws_sns_topic_subscription: Fix unsupported FilterPolicyScope attribute error in the aws-cn partition (#28253)

`v4.45.0`

Compare Source

NOTES:

provider: With AWS's retirement of EC2-Classic the skip_get_ec2_platforms attribute has been deprecated and will be removed in a future version (#28084)
resource/aws_fsx_ontap_storage_virtual_machine: The subtype attribute has been deprecated and will be removed in a future version (#28127)

FEATURES:

New Resource: aws_dms_s3_endpoint (#28130)

ENHANCEMENTS:

data-source/aws_db_instance: Add storage_throughput attribute (#27670)
data-source/aws_eks_cluster: Add cluster_id attribute (#28112)
resource/aws_db_instance: Add storage_throughput argument (#27670)
resource/aws_db_instance: Add support for gp3 storage_type value (#27670)
resource/aws_db_instance: Change iops to Computed (#27670)
resource/aws_eks_cluster: Add cluster_id attribute and outpost_config.control_plane_placement argument (#28112)
resource/aws_redshiftserverless_workgroup: Wait on MODIFYING status on resource Delete (#28114)

BUG FIXES:

resource/aws_redshiftserverless_namespace: Fix updating admin_username and admin_user_password (#28125)

`v4.44.0`

Compare Source

NOTES:

resource/aws_fsx_ontap_storage_virtual_machine: The subtype attribute will always have the value "DEFAULT" (#28085)
resource/aws_wafv2_web_acl: excluded_rule on managed_rule_group_statement has been deprecated. All configurations using excluded_rule should be updated to use the new rule_action_override attribute instead (#27954)

ENHANCEMENTS:

resource/aws_api_gateway_deployment: Add import support (#28030)
resource/aws_kinesisanalyticsv2_application: Add support for FLINK-1_15 runtime_environment value (#28099)
resource/aws_lambda_function: Add snap_start attribute (#28097)
resource/aws_wafv2_web_acl: Support rule_action_override on managed_rule_group_statement (#27954)

BUG FIXES:

resource/aws_instance: Change iam_instance_profile to Computed as the value may be configured via a launch template (#27972)

`v4.43.0`

Compare Source

FEATURES:

New Resource: aws_neptune_global_cluster (#26133)

ENHANCEMENTS:

data-source/aws_ecs_cluster: Add service_connect_defaults attribute (#28052)
resource/aws_ce_cost_category: Allow configuration of effective_start value (#28055)
resource/aws_ecs_cluster: Add service_connect_defaults argument (#28052)
resource/aws_ecs_service: Add service_connect_configuration argument in support of ECS Service Connect (#28052)
resource/aws_glue_classifier: Add custom_datatypes and custom_datatype_configured arguments (#28048)
resource/aws_neptune_cluster: Add global_cluster_identifier argument (#26133)

`v4.42.0`

Compare Source

FEATURES:

New Data Source: aws_redshiftserverless_credentials (#28026)
New Resource: aws_cloudwatch_log_data_protection_policy (#28049)

ENHANCEMENTS:

data-source/aws_memorydb_cluster: Add data_tiering attribute (#28022)
resource/aws_db_instance: Add blue_green_update argument in support of RDS Blue/Green Deployments (#28046)
resource/aws_efs_file_system: Add support for AFTER_1_DAY lifecycle_policy.transition_to_ia argument (#28054)
resource/aws_efs_file_system: Add support for elastic throughput_mode argument (#28054)
resource/aws_emrserverless_application: Add architecture argument (#28027)
resource/aws_emrserverless_application: Mark maximum_capacity and maximum_capacity.disk as Computed, preventing spurious resource diffs (#28027)
resource/aws_memorydb_cluster: Add data_tiering attribute (#28022)
resource/aws_sns_topic_subscription: Add filter_policy_scope argument in support of SNS message filtering (#28004)

BUG FIXES:

resource/aws_lambda_function: Don't fail resource Create if AWS Signer service is not available in the configured Region (#28008)
resource/aws_memorydb_cluster: Allow more than one element in snapshot_arns (#28022)
resource/aws_sagemaker_user_profile: user_settings.jupyter_server_app_settings, user_settings.kernel_gateway_app_settings, and user_settings.tensor_board_app_settings are updateable (#28025)

`v4.41.0`

Compare Source

FEATURES:

New Data Source: aws_sqs_queues (#27890)
New Resource: aws_ivschat_logging_configuration (#27924)
New Resource: aws_ivschat_room (#27974)
New Resource: aws_rds_clusters (#27891)
New Resource: aws_redshiftserverless_resource_policy (#27920)
New Resource: aws_scheduler_schedule (#27975)

ENHANCEMENTS:

data-source/aws_cloudtrail_service_account: Add service account ID for ap-south-2 AWS Region (#27983)
data-source/aws_elasticache_cluster: Add cache_nodes.outpost_arn and preferred_outpost_arn attributes (#27934)
data-source/aws_elasticache_cluster: Add ip_discovery and network_type attributes (#27856)
data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-south-2 AWS Region (#27983)
data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-south-2 AWS Region (#27983)
data-source/aws_rds_cluster: Add engine_mode attribute (#27892)
provider: Support ap-south-2 as a valid AWS Region (#27950)
resource/aws_amplify_app: Add support for WEB_COMPUTE platform value in support of Next.js web apps (#27925)
resource/aws_elasticache_cluster: Add ip_discovery and network_type arguments in support of IPv6 clusters (#27856)
resource/aws_elasticache_cluster: Add outpost_mode and preferred_outpost_arn arguments and cache_nodes.outpost_arn attribute. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#27934)
resource/aws_lambda_function: Add support for nodejs18.x runtime value (#27923)
resource/aws_lambda_layer_version: Add support for nodejs18.x compatible_runtimes value (#27923)
resource/aws_medialive_channel: Add start_channel attribute (#27882)
resource/aws_nat_gateway: Update private_ip attribute to be configurable (#27953)

BUG FIXES:

resource/aws_cloudcontrolapi_resource: Remove invalid regular expressions from CloudFormation resource schema (#27935)
resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the sybase engine (#27949)
resource/aws_resourcegroups_group: Properly set configuration.parameters as optional (#27985)

`v4.40.0`

Compare Source

NOTES:

data-source/aws_identitystore_group: The filter argument has been deprecated. Use the alternate_identifier argument instead (#27762)

FEATURES:

New Data Source: aws_controltower_controls (#26978)
New Data Source: aws_ivs_stream_key (#27789)
New Resource: aws_appconfig_extension (#27860)
New Resource: aws_appconfig_extension_association (#27860)
New Resource: aws_controltower_control (#26990)
New Resource: aws_evidently_feature (#27395)
New Resource: aws_ivs_channel (#27726)
New Resource: aws_networkmanager_connect_attachment (#27787)
New Resource: aws_opensearch_inbound_connection_accepter (#22988)
New Resource: aws_opensearch_outbound_connection (#22988)
New Resource: aws_scheduler_schedule_group (#27800)
New Resource: aws_schemas_registry_policy (#27705)
New Resource: aws_sesv2_email_identity_mail_from_attributes (#27672)

ENHANCEMENTS:

data-source/aws_cloudtrail_service_account: Add service account ID for eu-central-2 AWS Region (#27814)
data-source/aws_cloudtrail_service_account: Add service account ID for eu-south-2 AWS Region (#27855)
data-source/aws_connect_instance: Add multi_party_conference_enabled attribute (#27734)
data-source/aws_elb_hosted_zone_id: Add hosted zone ID for eu-central-2 AWS Region (#27814)
data-source/aws_elb_hosted_zone_id: Add hosted zone ID for eu-south-2 AWS Region (#27855)
data-source/aws_identitystore_group: Add alternate_identifier argument and description attribute (#27762)
data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for eu-central-2 AWS Region (#27814)
data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for eu-south-2 AWS Region (#27855)
data-source/aws_s3_bucket: Add hosted zone ID for eu-central-2 AWS Region (#27814)
data-source/aws_s3_bucket: Add hosted zone ID for eu-south-2 AWS Region (#27855)
provider: Support eu-central-2 as a valid AWS Region (#27812)
resource/aws_acm_certificate: Add key_algorithm argument in support of ECDSA TLS certificates (#27781)
resource/aws_autoscaling_group: Add support for price-capacity-optimized spot_allocation_strategy value (#27795)
resource/aws_cloudwatch_logs_group: Add skip_destroy argument (#26775)
resource/aws_cognito_user_pool: Add sns_region attribute to sms_configuration block (#26684)
resource/aws_connect_instance: Add multi_party_conference_enabled argument (#27734)
resource/aws_customer_gateway: Make ip_address optional (#26673)
resource/aws_docdb_cluster_instance: Add enable_performance_insights and performance_insights_kms_key_id arguments (#27769)
resource/aws_dynamodb_table_item: Allow the creation of items with the same hash key but different range keys (#27517)
resource/aws_ec2_fleet: Add support for price-capacity-optimized spot_options.allocation_strategy value (#27795)
resource/aws_ecs_service: Add triggers argument to enable in-place updates (redeployments) on each apply, when used with force_new_deployment = true (#25840)
resource/aws_medialive_channel: Add support for more output, output_groups, audio_descriptions and video_descriptions in encoder_settings. Add support for input_settings in input_attachments (#27823)
resource/aws_msk_cluster: Add storage_mode argument (#27546)
resource/aws_neptune_cluster: Add serverless_v2_scaling_configuration block in support of Neptune Serverless (#27763)
resource/aws_network_interface_sg_attachment: Add import support (#27785)
resource/aws_security_group_rule: Add security_group_rule_id attribute (#27828)
resource/aws_spot_fleet_request: Add support for priceCapacityOptimized allocation_strategy value (#27795)

BUG FIXES:

resource/aws_appstream_stack: Fix redirect_url max character length (#27744)
resource/aws_dynamodb_table: Allow changing KMS keys on tables with replicas. (#23156)
resource/aws_route53_resolver_endpoint: Fix deduplication with multiple IPs on the same subnet (#25708)
resource/aws_sesv2_email_identity_feedback_attributes: Fix invalid resource ID in error messages when creating the resource (#27784)

`v4.39.0`

Compare Source

BREAKING CHANGES:

resource/aws_secretsmanager_secret_rotation: Remove unused tags attribute (#27656)

NOTES:

provider: Add OpenBSD to list of OSes which the provider is built on (#27663)

FEATURES:

New Data Source: aws_dynamodb_table_item (#27504)
New Data Source: aws_route53_resolver_firewall_config (#25496)
New Data Source: aws_route53_resolver_firewall_domain_list (#25509)
New Data Source: aws_route53_resolver_firewall_rule_group (#25511)
New Data Source: aws_route53_resolver_firewall_rule_group_association (#25512)
New Data Source: aws_route53_resolver_firewall_rules (#25536)
New Resource: aws_ivs_playback_key_pair (#27678)
New Resource: aws_ivs_recording_configuration (#27718)
New Resource: aws_lightsail_lb_https_redirection_policy (#27679)
New Resource: aws_medialive_channel (#26810)
New Resource: aws_networkmanager_site_to_site_vpn_attachment (#27387)
New Resource: aws_redshift_endpoint_authorization (#27654)
New Resource: aws_redshift_partner (#27665)
New Resource: aws_redshiftserverless_snapshot (#27741)

ENHANCEMENTS:

data-source/aws_rds_engine_version: Support default_only, include_all, and filter (#26923)
resource/aws_lightsail_instance: Add ip_address_type argument (#27699)
resource/aws_security_group: Do not pass from_port or to_port values to the AWS API if a rule's protocol value is -1 or all (#27642)
resource/aws_wafv2_rule_group: Correct maximum nesting level for and_statement, not_statement, or_statement and rate_based_statement (#27682)

BUG FIXES:

resource/aws_cognito_identity_pool: Fix deletion of identity pool on tags-only update (#27669)
resource/aws_dynamodb_table: Correctly set stream_arn as Computed when stream_enabled changes (#27664)
resource/aws_lightsail_instance_public_ports: Resource will now be removed from state properly when parent instance is removed (#27699)
resource/aws_s3_bucket: Attributes arn and hosted_zone_id were incorrectly settable but ignored (#27597)
resource/aws_security_group: Return an error if a rule's protocol value is all and from_port or to_port are not 0 (#27642)
resource/aws_vpn_connection: Configuring exactly one of transit_gateway_id or vpn_gateway_id is not required (#27693)

`v4.38.0`

Compare Source

FEATURES:

New Data Source: aws_connect_instance_storage_config (#27308)
New Resource: aws_apprunner_vpc_ingress_connection (#27600)
New Resource: aws_connect_phone_number (#26364)
New Resource: aws_evidently_segment (#27159)
New Resource: aws_fsx_file_cache (#27384)
New Resource: aws_lightsail_disk (#27537)
New Resource: aws_lightsail_disk_attachment (#27537)
New Resource: aws_lightsail_lb_stickiness_policy (#27514)
New Resource: aws_sagemaker_servicecatalog_portfolio_status (#27548)
New Resource: aws_sesv2_email_identity_feedback_attributes (#27433)
New Resource: aws_ssm_default_patch_baseline (#27610)

ENHANCEMENTS:

data-source/aws_networkmanager_core_network_policy_document: Add plan-time validation for core_network_configuration.edge_locations.asn (#27305)
resource/aws_ami_copy: Add imds_support attribute (#27561)
resource/aws_ami_from_instance: Add imds_support attribute (#27561)
resource/aws_apprunner_service: Add ingress_configuration argument block. (#27600)
resource/aws_batch_compute_environment: Add eks_configuration configuration block (#27499)
resource/aws_batch_compute_environment: Allow deletion of AWS Batch compute environments in INVALID state (#26931)
resource/aws_budgets_budget: Add auto_adjust_data configuration block (#27474)
resource/aws_budgets_budget: Add planned_limit configuration block (#25766)
resource/aws_cognito_user_pool: Add deletion_protection argument (#27612)
resource/aws_cognito_user_pool_client: Add auth_session_validity argument (#27620)
resource/aws_lb_target_group: Add support for target_failover and stickiness attributes for GENEVE protocol target groups (#27334)
resource/aws_sagemaker_domain: Add domain_settings, app_security_group_management, default_user_settings.r_session_app_settings, and default_user_settings.canvas_app_settings arguments. (#27542)
resource/aws_sagemaker_user_profile: Add user_settings.r_session_app_settings and user_settings.canvas_app_settings arguments. (#27542)
resource/aws_sagemaker_workforce: Add workforce_vpc_config argument (#27538)
resource/aws_sfn_state_machine: Add name_prefix argument (#27574)

BUG FIXES:

data-source/aws_ip_ranges: Fix regression causing filtering on regions and services to become case-sensitive (#27558)
resource/aws_batch_compute_environment: Update compute_resources.security_group_ids to be optional (#26172)
resource/aws_dynamodb_table: Fix bug causing spurious diffs with and preventing proper updating of stream_enabled and stream_view_type (#27566)
resource/aws_instance: Use EC2 API idempotency to ensure that only a single Instance is created (#27561)

`v4.37.0`

Compare Source

NOTES:

resource/aws_medialive_multiplex_program: The statemux_settings argument has been deprecated. Use the statmux_settings argument instead (#27223)

FEATURES:

New Data Source: aws_dx_router_configuration (#27341)
New Resource: aws_inspector2_enabler (#27505)
New Resource: aws_lightsail_lb_certificate (#27462)
New Resource: aws_lightsail_lb_certificate_attachment (#27462)
New Resource: aws_route53_resolver_config (#27487)
New Resource: aws_sesv2_dedicated_ip_assignment (#27361)
New Resource: aws_sesv2_email_identity (#27260)

ENHANCEMENTS:

data-source/aws_acmpca_certificate_authority: Add usage_mode attribute (#27496)
data-source/aws_outposts_assets: Add host_id_filter and status_id_filter arguments (#27303)
resource/aws_acmpca_certificate_authority: Add usage_mode argument to support short-lived certificates (#27496)
resource/aws_apprunner_vpc_connector: Add ability to update tags (#27345)
resource/aws_datasync_task: Add security_descriptor_copy_flags to options configuration block (#26992)
resource/aws_ec2_capacity_reservation: Add placement_group_arn argument (#27458)
resource/aws_ec2_transit_gateway: Add support to modify amazon_side_asn argument (#27306)
resource/aws_elasticache_global_replication_group: Add global_node_groups and num_node_groups arguments (#27500)
resource/aws_elasticache_global_replication_group: Add timeouts. (#27500)
resource/aws_evidently_project: Support configurable timeouts for create, update, and delete (#27336)
resource/aws_flow_log: Amazon VPC Flow Logs supports Kinesis Data Firehose as destination (#27340)
resource/aws_medialive_multiplex_program: Add ability to update multiplex_program_settings in place (#27223)
resource/aws_network_interface_attachment: Added import capabilities for the resource (#27364)
resource/aws_sesv2_dedicated_ip_pool: Add scaling_mode attribute (#27388)
resource/aws_ssm_parameter: Support aws:ssm:integration as a valid value for data_type (#27329)

BUG FIXES:

data-source/aws_route53_traffic_policy_document: Fixed incorrect capitalization for GeoproximityLocations (#27473)
resource/aws_connect_contact_flow: Change type to ForceNew (#27347)
resource/aws_ecs_service: Correctly handle unconfigured task_definition, making EXTERNAL deployments possible (#27390)
resource/aws_lb_target_group: Fix import issues on aws_lb_target_group when specifying ip_address_type of ipv4 (#27464)
resource/aws_rds_proxy_endpoint: Respect configured provider default_tags value on resource Update (#27367)
resource/aws_vpc_ipam_pool_cidr: Fix crash when IPAM Pool CIDR not found (#27512)

`v4.36.1`

Compare Source

BUG FIXES:

data-source/aws_default_tags: Fix regression setting tags to null instead of an empty map ({}) when no default_tags are defined (#27377)

`v4.36.0`

Compare Source

FEATURES:

New Data Source: aws_elasticache_subnet_group (#27233)
New Data Source: aws_sesv2_dedicated_ip_pool (#27278)
New Resource: aws_lightsail_certificate (#25283)
New Resource: aws_lightsail_domain_entry (#27309)
New Resource: aws_lightsail_lb (#27339)
New Resource: aws_lightsail_lb_attachment (#27339)
New Resource: aws_sesv2_dedicated_ip_pool (#27278)

ENHANCEMENTS:

data-source/aws_route53_zone: Add primary_name_server attribute (#27293)
resource/aws_appstream_stack: Add validation for application_settings. (#27257)
resource/aws_lightsail_container_service: Add private_registry_access argument (#27236)
resource/aws_mq_broker: Add configurable timeouts (#27035)
resource/aws_resourcegroups_group: Add configuration argument (#26934)
resource/aws_route53_zone: Add primary_name_server attribute (#27293)
resource/aws_rum_app_monitor: Add app_monitor_id attribute (#26994)
resource/aws_sns_platform_application: Add apple_platform_bundle_id and apple_platform_team_id arguments. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#23147)

BUG FIXES:

resource/aws_appstream_stack: Fix panic with application_settings. (#27257)
resource/aws_sqs_queue: Change sqs_managed_sse_enabled to Computed as newly created SQS queues use SSE-SQS encryption by default. This means that Terraform will only perform drift detection of the attribute's value when present in a configuration (#26843)
resource/aws_sqs_queue: Respect configured sqs_managed_sse_enabled value on resource Create. In particular a configured false value is sent to the AWS API, which overrides the new service default value of true (#27335)

`v4.35.0`

Compare Source

FEATURES:

New Data Source: aws_rds_reserved_instance_offering (#26025)
New Data Source: aws_vpc_ipam_pools (#27101)
New Resource: aws_codepipeline_custom_action_type (#8123)
New Resource: aws_comprehend_document_classifier (#26951)
New Resource: aws_inspector2_delegated_admin_account (#27229)
New Resource: aws_rds_reserved_instance (#26025)
New Resource: aws_s3control_storage_lens_configuration (#27097)
New Resource: aws_sesv2_configuration_set (#27056)
New Resource: aws_transfer_tag (#27131)

ENHANCEMENTS:

data-source/aws_dx_connection: Add vlan_id attribute (#27148)
data-source/aws_vpc: Add enable_network_address_usage_metrics attribute (#27165)
resource/aws_cognito_user_pool: Add user_attribute_update_settings attribute (#27129)
resource/aws_default_vpc: Add enable_network_address_usage_metrics argument (#27165)
resource/aws_dx_connection: Add vlan_id attribute (#27148)
resource/aws_elasticache_global_replication_group: Add support for updating cache_node_type and automatic_failover_enabled. (#27134)
resource/aws_globalaccelerator_accelerator: Add ip_addresses argument in support of BYOIP addresses (#27181)
resource/aws_opsworks_custom_layer: Add load_based_auto_scaling argument (#10962)
resource/aws_prometheus_workspace: Add logging_configuration argument (#27213)
resource/aws_vpc: Add enable_network_address_usage_metrics argument (#27165)

BUG FIXES:

data-source/aws_identitystore_user: Change the type of external_ids to a string instead of a bool. (#27184)
resource/aws_ecs_task_definition: Prevent panic when supplying a null value in container_definitions (#27263)
resource/aws_identitystore_user: Change the type of external_ids to a string instead of a bool. (#27184)
resource/aws_organizations_policy_attachment: Handle missing policy when reading policy attachment (#27238)
resource/aws_ssm_service_setting: Prevent panic during status read (#27232)

`v4.34.0`

Compare Source

NOTES:

data-source/aws_identitystore_user: The filter argument has been deprecated. Use the alternate_identifier argument instead (#27053)

FEATURES:

New Data Source: aws_appconfig_configuration_profile (#27054)
New Data Source: aws_appconfig_configuration_profiles (#27054)
New Data Source: aws_appconfig_environment (#27054)
New Data Source: aws_appconfig_environments (#27054)
New Data Source: aws_vpc_ipam_pool_cidrs (#27051)
New Resource: aws_evidently_project (#24263)

ENHANCEMENTS:

data-source/aws_ami: Add imds_support attribute (#27084)
data-source/aws_identitystore_user: Add alternate_identifier argument and addresses, display_name, emails, external_ids, locale, name, nickname, phone_numbers, preferred_language, profile_url, timezone, title and user_type attributes (#27053)
datasource/aws_eks_cluster: Add service_ipv6_cidr attribute to kubernetes_network_config block (#26980)
resource/aws_ami: Add imds_support argument (#27084)
resource/aws_ami_copy: Add imds_support argument (#27084)
resource/aws_ami_from_instance: Add imds_support argument (#27084)
resource/aws_cloudwatch_event_target: Add capacity_provider_strategy configuration block to the ecs_target configuration block (#27068)
resource/aws_eks_addon: Add PRESERVE option to resolve_conflicts argument. (#27038)
resource/aws_eks_cluster: Add service_ipv6_cidr attribute to kubernetes_network_config block (#26980)
resource/aws_mwaa_environment: Add custom timeouts (#27031)
resource/aws_networkfirewall_firewall_policy: Add firewall_policy.stateful_rule_group_reference.override argument (#25135)
resource/aws_wafv2_rule_group: Add headers attribute to the field_to_match block (#26506)
resource/aws_wafv2_rule_group: Add rate_based_statement (#27113)
resource/aws_wafv2_rule_group: Add support for regex_match_statement (#22452)
resource/aws_wafv2_web_acl: Add headers attribute to the field_to_match block (#26506)
resource/aws_wafv2_web_acl: Add support for regex_match_statement (#22452)

BUG FIXES:

data-source/aws_iam_policy_document: Better handling when invalid JSON passed to override_policy_documents (#27055)
data-source/aws_ses_active_receipt_rule_set: Prevent crash when no receipt rule set is active (#27073)
resource/aws_keyspaces_table: Change schema_definition.clustering_key and schema_definition.partition_key to lists in order to respect configured orderings (#26812)
resource/aws_rolesanywhere_profile: Correctly handle updates to enabled and session_policy (#26858)
resource/aws_rolesanywhere_trust_anchor: Correctly handle updates to enabled (#26858)

`v4.33.0`

Compare Source

FEATURES:

New Data Source: aws_kms_custom_key_store (#24787)
New Resource: aws_identitystore_group (#26674)
New Resource: aws_identitystore_group_membership (#26944)
New Resource: aws_identitystore_user (#26948)
New Resource: aws_inspector2_organization_configuration (#27000)
New Resource: aws_kms_custom_key_store (#26997)

ENHANCEMENTS:

resource/aws_acm_certificate: Add early_renewal_duration, pending_renewal, renewal_eligibility, renewal_summary and type attributes (#26784)
resource/aws_appautoscaling_policy: Add alarm_arns attribute (#27011)
resource/aws_dms_endpoint: Add s3_settings.use_task_start_time_for_full_load_timestamp argument (#27004)
resource/aws_ec2_traffic_mirror_target: Add gateway_load_balancer_endpoint_id argument (#26767)
resource/aws_kms_key: Add custom_key_store_id attribute (#24787)

BUG FIXES:

resource/aws_rds_cluster: Support upgrade as a valid value in enabled_cloudwatch_logs_exports (#26792)
resource/aws_ssm_parameter: Allow parameter overwrite on create (#26785)

`v4.32.0`

Compare Source

ENHANCEMENTS:

resource/aws_eks_cluster: Add outpost_config argument to support EKS local clusers on Outposts (#26866)

BUG FIXES:

resource/aws_ec2_managed_prefix_list: MaxEntries and Entry(s) can now be changed in the same apply (#26845)

`v4.31.0`

Compare Source

FEATURES:

New Data Source: aws_ec2_managed_prefix_lists (#26727)
New Resource: aws_sqs_queue_redrive_allow_policy (#26733)
New Resource: aws_sqs_queue_redrive_policy (#26733)

ENHANCEMENTS:

data-source/aws_lambda_function: Add qualified_invoke_arn attribute (#26439)
resource/aws_db_instance: Add custom_iam_instance_profile attribute (#26765)
resource/aws_lambda_function: Add qualified_invoke_arn attribute (#26439)

BUG FIXES:

resource/aws_autoscaling_attachment: Retry errors like ValidationError: Trying to update too many Load Balancers/Target Groups at once. The limit is 10 when creating or deleting resource (#26654)
resource/aws_dynamodb_table: No longer returns error for an ARCHIVED table (#26744)
resource/aws_instance: Prevents errors in ISO regions when not using DisableApiStop attribute (#26745)
resource/aws_replication_subnet_group: Add retry to create step, resolving AccessDeniedFault error (#26768)

`v4.30.0`

Compare Source

FEATURES:

New Resource: aws_medialive_multiplex (#26608)
New Resource: aws_medialive_multiplex_program (#26694)
New Resource: aws_redshiftserverless_usage_limit (#26636)
New Resource: aws_ssoadmin_customer_managed_policy_attachment (#25915)

ENHANCEMENTS:

data-source/aws_rds_cluster: Add network_type attribute (#26489)
resource/aws_eks_addon: Support configurable timeouts for addon create, update, and delete (#26629)
resource/aws_rds_cluster: Add network_type argument (#26489)
resource/aws_rds_cluster_instance: Add network_type attribute (#26489)
resource/aws_s3_bucket_object_lock_configuration: Update rule argument to be Optional (#26520)
resource/aws_vpn_connection: Add tunnel1_log_options and tunnel2_log_options arguments (#26637)

BUG FIXES:

data-source/aws_ec2_managed_prefix_list: Fixes bug where an error is returned for regions with more than 100 managed prefix lists (#26683)
data-source/aws_iam_policy_document: Correctly handle unquoted Boolean values in Condition (#26657)
data-source/aws_iam_policy_document: Prevent crash when source_policy_documents contains empty or invalid JSON documents (#26640)
resource/aws_eip: Defaults to default regional domain when vpc not set (#26716)
resource/aws_instance: No longer fails when setting metadata_options.instance_metadata_tags (#26631)
resource/aws_lambda_function: Update the environment variables if the kms_key_arn has changed (#26696)
resource/aws_opsworks_stack: Defaults to default VPC when not supplied (#26711)
resource/aws_security_group: Defaults to default VPC when not supplied (#26697)

`v4.29.0`

Compare Source

NOTES:

resource/aws_db_instance: With AWS's retirement of EC2-Classic no new RDS DB Instances can be created referencing RDS DB Security Groups (#26525)
resource/aws_db_security_group: With AWS's retirement of EC2-Classic no new RDS DB Security Groups can be created (#26525)
resource/aws_default_vpc: With AWS's retirement of EC2-Classic theenable_classiclink and enable_classiclink_dns_support attributes have been deprecated and will be removed in a future version (#26525)
resource/aws_eip: With AWS's retirement of EC2-Classic no new non-VPC EC2 EIPs can be created (#26525)
resource/aws_elasticache_cluster: With AWS's retirement of EC2-Classic no new ElastiCache Clusters can be created referencing ElastiCache Security Groups (#26525)
resource/aws_elasticache_security_group: With AWS's retirement of EC2-Classic no new ElastiCache Security Groups can be created (#26525)
resource/aws_instance: With the retirement of EC2-Classic, aws_instance has been updated to remove support for EC2-Classic (#26532)
resource/aws_launch_configuration: With AWS's retirement of EC2-Classic no new Auto Scaling Launch Configurations can be created referencing ClassicLink (#26525)
resource/aws_opsworks_stack: With AWS's retirement of EC2-Classic no new OpsWorks Stacks can be created without referencing a VPC (#26525)
resource/aws_redshift_cluster: With AWS's retirement of EC2-Classic no new Redshift Clusters can be created referencing Redshift Security Groups (#26525)
resource/aws_redshift_security_group: With AWS's retirement of EC2-Classic no new Redshift Security Groups can be created (#26525)
resource/aws_security_group: With AWS's retirement of EC2-Classic no new Security Groups can be created without referencing a VPC (#26525)
resource/aws_vpc: With AWS's retirement of EC2-Classic no new VPCs can be created with ClassicLink enabled (#26525)
resource/aws_vpc_peering_connection: With AWS's retirement of EC2-Classic no new VPC Peering Connections can be created with ClassicLink options enabled (#26525)
resource/aws_vpc_peering_connection_accepter: With AWS's retirement of EC2-Classic no VPC Peering Connections can be accepted with ClassicLink options enabled (#26525)
resource/aws_vpc_peering_connection_options: With AWS's retirement of EC2-Classic no new VPC Peering Connection Options can be created with ClassicLink options enabled (#26525)

FEATURES:

New Data Source: aws_location_tracker_associations (#26472)
New Resource: aws_cloudfront_origin_access_control (#26508)
New Resource: aws_medialive_input (#26550)
New Resource: aws_medialive_input_security_group (#26550)
New Resource: aws_redshiftserverless_endpoint_access (#26555)

ENHANCEMENTS:

data-source/aws_cloudtrail_service_account: Add service account ID for me-central-1 AWS Region (#26572)
data-source/aws_eks_node_group: Add capacity_type attribute (#26521)
data-source/aws_elb_hosted_zone_id: Add hosted zone ID for me-central-1 AWS Region (#26572)
data-source/aws_instance: Add host_resource_group_arn attribute (#26532)
data-source/aws_lambda_function: Return most recent published version when qualifier is not set (#11195)
data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for me-central-1 AWS Region (#26572)
data-source/aws_s3_bucket: Add hosted zone ID for me-central-1 AWS Region (#26572)
provider: Support me-central-1 as a valid AWS Region (#26590)
provider: Add source_identity argument to assume_role block (#25368)
resource/aws_cloudfront_distribution: Add origin_access_control_id to the origin configuration block (#26510)
resource/aws_dms_endpoint: Add redis_settings configuration block (#26411)
resource/aws_ec2_fleet: Add target_capacity_unit_type attribute to the target_capacity_specification configuration block (#26493)
resource/aws_instance: Add host_resource_group_arn attribute; improve compatibility with launching instances in a host resource group using an AMI registered with License Manager. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing. (#26532)
resource/aws_lambda_event_source_mapping: Add amazon_managed_kafka_event_source_config and self_managed_kafka_event_source_config configuration blocks (#26560)
resource/aws_lambda_function: Add validation for function_name attribute (#25259)
resource/aws_opensearch_domain: Add support for enabling fine-grained access control on existing domains with advanced_security_options anonymous_auth_enabled (#26503)
resource/aws_redshiftserverless_endpoint_workgroup: Add endpoint attribute (#26555)
resource/aws_spot_fleet_request: Add target_capacity_unit_type argument (#26493)
resource/aws_wafv2_rule_group: Add cookies attribute to the field_to_match block (#25845)
resource/aws_wafv2_rule_group: Add json_body attribute to the field_to_match block (#24772)
resource/aws_wafv2_web_acl: Add cookies attribute to the field_to_match block (#25845)
resource/aws_wafv2_web_acl: Add json_body attribute to the field_to_match block (#24772)

BUG FIXES:

provider: No longer silently ignores assume_role block when role_arn has unknown value. (#26590)
resource/aws_security_group: Fix complex dependency violations such as using a security group with an EMR cluster (#26553)

`v4.28.0`

Compare Source

NOTES:

resource/aws_db_instance: With the retirement of EC2-Classic thesecurity_group_names attribute has been deprecated and will be removed in a future version (#26427)
resource/aws_db_security_group: With the retirement of EC2-Classic theaws_db_security_group resource has been deprecated and will be removed in a future version (#26427)
resource/aws_elasticache_cluster: With the retirement of EC2-Classic thesecurity_group_names attribute has been deprecated and will be removed in a future version (#26427)
resource/aws_elasticache_security_group: With the retirement of EC2-Classic theaws_elasticache_security_group resource has been deprecated and will be removed in a future version (#26427)
resource/aws_launch_configuration: With the retirement of EC2-Classic thevpc_classic_link_id and vpc_classic_link_security_groups attributes have been deprecated and will be removed in a future version (#26427)
resource/aws_redshift_cluster: With the retirement of EC2-Classic thecluster_security_groups attribute has been deprecated and will be removed in a future version (#26427)
resource/aws_redshift_security_group: With the retirement of EC2-Classic theaws_redshift_security_group resource has been deprecated and will be removed in a future version (#26427)
resource/aws_vpc: With the retirement of EC2-Classic theenable_classiclink and enable_classiclink_dns_support attributes have been deprecated and will be removed in a future version (#26427)
resource/aws_vpc_peering_connection: With the retirement of EC2-Classic theallow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been deprecated and will be removed in a future version (#26427)
resource/aws_vpc_peering_connection_accepter: With the retirement of EC2-Classic theallow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been deprecated and will be removed in a future version (#26427)
resource/aws_vpc_peering_connection_options: With the retirement of EC2-Classic theallow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been deprecated and will be removed in a future version (#26427)

FEATURES:

New Data Source: aws_ec2_network_insights_analysis (#23532)
New Data Source: aws_ec2_network_insights_path (#23532)
New Data Source: aws_ec2_transit_gateway_attachment (#26264)
New Data Source: aws_location_tracker_association (#26404)
New Resource: aws_ec2_network_insights_analysis (#23532)
New Resource: aws_ec2_transit_gateway_policy_table (#26264)
New Resource: aws_ec2_transit_gateway_policy_table_association (#26264)
New Resource: aws_grafana_workspace_api_key (#25286)
New Resource: aws_networkmanager_transit_gateway_peering (#26264)
New Resource: aws_networkmanager_transit_gateway_route_table_attachment (#26264)
New Resource: aws_redshiftserverless_workgroup (#26467)

ENHANCEMENTS:

data-source/aws_db_instance: Add network_type attribute (#26185)
data-source/aws_db_subnet_group: Add supported_network_types attribute (#26185)
data-source/aws_rds_orderable_db_instance: Add supported_network_types attribute (#26185)
resource/aws_db_instance: Add network_type argument (#26185)
resource/aws_db_subnet_group: Add supported_network_types argument (#26185)
resource/aws_glue_job: Add support for 3.9 as valid python_version value (#26407)
resource/aws_kendra_index: The document_metadata_configuration_updates argument can now be updated. Refer to the documentation for more details. (#20294)

BUG FIXES:

resource/aws_appstream_fleet: Fix crash when providing empty domain_join_info (e.g., directory_name = "") (#26454)
resource/aws_eip: Include any provider-level configured default_tags on resource Create (#26308)
resource/aws_kinesis_firehose_delivery_stream: Updating tags no longer causes an unnecessary update (#26451)
resource/aws_organizations_policy: Prevent InvalidParameter errors by handling content as generic JSON, not an IAM policy (#26279)

`v4.27.0`

Compare Source

FEATURES:

New Resource: aws_msk_serverless_cluster (#25684)
New Resource: aws_networkmanager_attachment_accepter (#26227)
New Resource: aws_networkmanager_vpc_attachment (#26227)

ENHANCEMENTS:

data-source/aws_networkfirewall_firewall: Add capacity_usage_summary, configuration_sync_state_summary, and status attributes to the firewall_status block (#26284)
resource/aws_acm_certificate: Add not_after argument (#26281)
resource/aws_acm_certificate: Add not_before argument (#26281)
resource/aws_chime_voice_connector_logging: Add enable_media_metric_logs argument (#26283)
resource/aws_cloudfront_distribution: Support http3 and http2and3 as valid values for the http_version argument (#26313)
resource/aws_inspector_assessment_template: Add event_subscription configuration block (#26334)
resource/aws_lb_target_group: Add ip_address_type argument (#26320)
resource/aws_opsworks_stack: Add plan-time validation for custom_cookbooks_source.type (#26278)

BUG FIXES:

resource/aws_appflow_flow: Correctly specify trigger_config.trigger_properties.scheduled.schedule_start_time during create and update (#26289)
resource/aws_db_instance: Prevent InvalidParameterCombination: No modifications were requested errors when only delete_automated_backups, final_snapshot_identifier and/or skip_final_snapshot change (#26286)
resource/aws_opsworks_custom_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_ecs_cluster_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_ganglia_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_haproxy_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_java_app_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_memcached_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_mysql_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_nodejs_app_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_php_app_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_rails_app_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_stack: Correctly apply tags during create if region is not equal to the configured AWS Region (#26278)
resource/aws_opsworks_static_web_layer: Correctly apply tags during create if the stack's region is not equal to the configured AWS Region (#26278)

`v4.26.0`

Compare Source

FEATURES:

New Data Source: aws_fsx_openzfs_snapshot (#26184)
New Data Source: aws_networkfirewall_firewall (#25495)
New Data Source: aws_prometheus_workspace (#26120)
New Resource: aws_comprehend_entity_recognizer (#26244)
New Resource: aws_connect_instance_storage_config (#26152)
New Resource: aws_directory_service_radius_settings (#14045)
New Resource: aws_directory_service_region (#25755)
New Resource: aws_dynamodb_table_replica (#26250)
New Resource: aws_location_tracker_association (#26061)

ENHANCEMENTS:

data-source/aws_directory_service_directory: Add radius_settings attribute (#14045)
data-source/aws_directory_service_directory: Set dns_ip_addresses to the owner directory's DNS IP addresses for SharedMicrosoftAD directories (#20819)
data-source/aws_elasticsearch_domain: Add throughput attribute to the ebs_options configuration block (#26045)
data-source/aws_opensearch_domain: Add throughput attribute to the ebs_options configuration block (#26045)
resource/aws_autoscaling_group: Better error handling when attempting to create Auto Scaling groups with incompatible options (#25987)
resource/aws_backup_vault: Add force_destroy argument (#26199)
resource/aws_directory_service_directory: Add desired_number_of_domain_controllers argument (#25755)
resource/aws_directory_service_directory: Add configurable timeouts for Create, Update and Delete (#25755)
resource/aws_directory_service_shared_directory: Add configurable timeouts for Delete (#25755)
resource/aws_directory_service_shared_directory_accepter: Add configurable timeouts for Create and Delete (#25755)
resource/aws_elasticsearch_domain: Add throughput attribute to the ebs_options configuration block (#26045)
resource/aws_glue_job: Add execution_class argument (#26188)
resource/aws_macie2_classification_job: Add bucket_criteria attribute to the s3_job_definition configuration block (#19837)
resource/aws_opensearch_domain: Add throughput attribute to the ebs_options configuration block (#26045)

BUG FIXES:

resource/aws_appflow_flow: Fix trigger_properties.schedule being set to trigger_properties.trigger_properties during resource read (#26240)
resource/aws_db_instance: Add retries (for handling IAM eventual consistency) when creating database replicas that use enhanced monitoring (#20926)
resource/aws_db_instance: Apply monitoring_interval and monitoring_role_arn when creating via restore_to_point_in_time (#20926)
resource/aws_dynamodb_table: Fix replica.*.propagate_tags not propagating tags to newly added replicas (#26257)
resource/aws_emr_instance_group: Handle deleted instance groups during resource read (#26154)
resource/aws_emr_instance_group: Mark instance_count as Computed to prevent diff when autoscaling is active (#26154)
resource/aws_lb_listener: Fix ValidationError when tags are added on create (#26194)
resource/aws_lb_target_group: Fix ValidationError when tags are added on create (#26194)
resource/aws_macie2_classification_job: Fix incorrect plan diff for TagScopeTerm() when updating resources (#19837)
resource/aws_security_group_rule: Disallow empty strings in prefix_list_ids (#26220)

`v4.25.0`

Compare Source

FEATURES:

New Data Source: aws_waf_subscribed_rule_group (#10563)
New Data Source: aws_wafregional_subscribed_rule_group (#10563)
New Resource: aws_kendra_data_source (#25686)
New Resource: aws_macie2_classification_export_configuration (#19856)
New Resource: aws_transcribe_language_model (#25698)

ENHANCEMENTS:

data-source/aws_alb: Allow customizable read timeout (#26121)
data-source/aws_ami: Allow customizable read timeout (#26121)
data-source/aws_ami_ids: Allow customizable read timeout (#26121)
data-source/aws_availability_zone: Allow customizable read timeout (#26121)
data-source/aws_availability_zones: Allow customizable read timeout (#26121)
data-source/aws_customer_gateway: Allow customizable read timeout (#26121)
data-source/aws_dx_location: Add available_macsec_port_speeds attribute (#26110)
data-source/aws_ebs_default_kms_key: Allow customizable read timeout (#26121)
data-source/aws_ebs_encryption_by_default: Allow customizable read timeout (#26121)
data-source/aws_ebs_snapshot: Allow customizable read timeout (#26121)
data-source/aws_ebs_snapshot_ids: Allow customizable read timeout (#26121)
data-source/aws_ebs_volume: Allow customizable read timeout (#26121)
data-source/aws_ebs_volumes: Allow customizable read timeout (#26121)
data-source/aws_ec2_client_vpn_endpoint: Allow customizable read timeout (#26121)
data-source/aws_ec2_coip_pool: Allow customizable read timeout (#26121)
data-source/aws_ec2_coip_pools: Allow customizable read timeout (#26121)
data-source/aws_ec2_host: Allow customizable read timeout (#26121)
data-source/aws_ec2_instance_type: Allow customizable read timeout (#26121)
data-source/aws_ec2_instance_type_offering: Allow customizable read timeout (#26121)
data-source/aws_ec2_instance_type_offerings: Allow customizable read timeout (#26121)
data-source/aws_ec2_instance_types: Allow customizable read timeout (#26121)
data-source/aws_ec2_local_gateway: Allow customizable read timeout (#26121)
data-source/aws_ec2_local_gateway_route_table: Allow customizable read timeout (#26121)
data-source/aws_ec2_local_gateway_route_tables: Allow customizable read timeout (#26121)
data-source/aws_ec2_local_gateway_virtual_interface: Allow customizable read timeout (#26121)
data-source/aws_ec2_local_gateway_virtual_interface_group: Allow customizable read timeout (#26121)
data-source/aws_ec2_local_gateway_virtual_interface_groups: Allow customizable read timeout (#26121)
data-source/aws_ec2_local_gateways: Allow customizable read timeout (#26121)
data-source/aws_ec2_managed_prefix_list: Allow customizable read timeout (#26121)
data-source/aws_ec2_serial_console_access: Allow customizable read timeout (#26121)
data-source/aws_ec2_spot_price: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_connect: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_connect_peer: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_dx_gateway_attachment: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_multicast_domain: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_peering_attachment: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_route_table: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_route_tables: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_vpc_attachment: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_vpc_attachments: Allow customizable read timeout (#26121)
data-source/aws_ec2_transit_gateway_vpn_attachment: Allow customizable read timeout (#26121)
data-source/aws_eip: Allow customizable read timeout (#26121)
data-source/aws_eips: Allow customizable read timeout (#26121)
data-source/aws_instance: Allow customizable read timeout (#26121)
data-source/aws_instances: Allow customizable read timeout (#26121)
data-source/aws_internet_gateway: Allow customizable read timeout (#26121)
data-source/aws_key_pair: Allow customizable read timeout (#26121)
data-source/aws_launch_template: Allow customizable read timeout (#26121)
data-source/aws_lb: Add preserve_host_header attribute (#26056)
data-source/aws_lb: Allow customizable read timeout (#26121)
data-source/aws_lb_listener: Allow customizable read timeout (#26121)
data-source/aws_lb_target_group: Allow customizable read timeout (#26121)
data-source/aws_nat_gateway: Allow customizable read timeout (#26121)
data-source/aws_nat_gateways: Allow customizable read timeout (#26121)
data-source/aws_network_acls: Allow customizable read timeout (#26121)
data-source/aws_network_interface: Allow customizable read timeout (#26121)
data-source/aws_network_interfaces: Allow customizable read timeout (#26121)
data-source/aws_prefix_list: Allow customizable read timeout (#26121)
data-source/aws_route: Allow customizable read timeout (#26121)
data-source/aws_route_table: Allow customizable read timeout (#26121)
data-source/aws_route_tables: Allow customizable read timeout (#26121)
data-source/aws_security_group: Allow customizable read timeout (#26121)
data-source/aws_security_groups: Allow customizable read timeout (#26121)
data-source/aws_subnet: Allow customizable read timeout (#26121)
data-source/aws_subnet_ids: Allow customizable read timeout (#26121)
data-source/aws_subnets: Allow customizable read timeout (#26121)
data-source/aws_vpc: Allow customizable read timeout (#26121)
data-source/aws_vpc_dhcp_options: Allow customizable read timeout (#26121)
data-source/aws_vpc_endpoint: Allow customizable read timeout (#26121)
data-source/aws_vpc_endpoint_service: Allow customizable read timeout (#26121)
data-source/aws_vpc_ipam_pool: Allow customizable read timeout (#26121)
data-source/aws_vpc_ipam_preview_next_cidr: Allow customizable read timeout (#26121)
data-source/aws_vpc_peering_connection: Allow customizable read timeout (#26121)
data-source/aws_vpc_peering_connections: Allow customizable read timeout (#26121)
data-source/aws_vpcs: Allow customizable read timeout (#26121)
data-source/aws_vpn_gateway: Allow customizable read timeout (#26121)
resource/aws_ecrpublic_repository: Add tags argument and tags_all attribute to support resource tagging (#26057)
resource/aws_fsx_openzfs_file_system: Add root_volume_configuration.record_size_kib argument (#26049)
resource/aws_fsx_openzfs_volume: Add record_size_kib argument (#26049)
resource/aws_globalaccelerator_accelerator: Support DUAL_STACK value for ip_address_type (#26055)
resource/aws_iam_role_policy: Add plan time validation to role argument (#26082)
resource/aws_internet_gateway: Allow customizable timeouts (#26121)
resource/aws_internet_gateway_attachment: Allow customizable timeouts (#26121)
resource/aws_lb: Add preserve_host_header argument (#26056)
resource/aws_s3_bucket: Allow customizable timeouts (#26121)

BUG FIXES:

resource/aws_api_gateway_rest_api: Add put_rest_api_mode argument to address race conditions when importing OpenAPI Specifications (#26051)
resource/aws_appstream_fleet: Fix IAM InvalidRoleException error on creation (#26060)

`v4.24.0`

Compare Source

FEATURES:

New Resource: aws_acmpca_permission (#12485)
New Resource: aws_ssm_service_setting (#13018)

ENHANCEMENTS:

data-source/aws_ecs_service: Add tags attribute (#25961)
resource/aws_datasync_task: Add includes argument (#25929)
resource/aws_guardduty_detector: Add malware_protection attribute to the datasources configuration block (#25994)
resource/aws_guardduty_organization_configuration: Add malware_protection attribute to the datasources configuration block (#25992)
resource/aws_security_group: Additional plan-time validation for name and name_prefix (#15011)
resource/aws_security_group_rule: Add configurable Create timeout (#24340)
resource/aws_ses_configuration_set: Add tracking_options.0.custom_redirect_domain argument (NOTE: This enhancement is provided as best effort due to testing limitations, i.e., the requirement of a verified domain) (#26032)

BUG FIXES:

data-source/aws_networkmanager_core_network_policy_document: Fix bug where bool values for attachment-policy.action.require-acceptance can only be true or omitted (#26010)
resource/aws_appmesh_gateway_route: Fix crash when only one of hostname rewrite or path rewrite is configured (#26012)
resource/aws_ce_anomaly_subscription:Fix crash upon adding or removing monitor ARNs to monitor_arn_list. (#25941)
resource/aws_cognito_identity_pool_provider_principal_tag: Fix read operation when using an OIDC provider (#25964)
resource/aws_route53_record: Don't ignore dualstack prefix in Route 53 Record alias names (#10672)
resource/aws_s3_bucket: Prevents unexpected import of existing bucket in us-east-1. (#26011)
resource/aws_s3_bucket: Refactored object_lock_enabled parameter's default assignment behavior to protect partitions without Object Lock available. (#25098)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Feb 26, 2024 by Renovate Bot

chore(deps): update terraform aws to ~> 4.67.0

Release Notes

Configuration

Merge request reports