FEATURES:
- New Data Source:
aws_dms_certificate
(#30498) - New Data Source:
aws_quicksight_group
(#12311) - New Data Source:
aws_quicksight_user
(#12310) - New Resource:
aws_chimesdkmediapipelines_media_insights_pipeline_configuration
(#30603) - New Resource:
aws_pipes_pipe
(#30538) - New Resource:
aws_quicksight_iam_policy_assignment
(#30653) - New Resource:
aws_quicksight_ingestion
(#30487) - New Resource:
aws_quicksight_namespace
(#30681) - New Resource:
aws_sagemaker_data_quality_job_definition
(#30301) - New Resource:
aws_sagemaker_monitoring_schedule
(#30684) - New Resource:
aws_vpclattice_service_network_service_association
(#30410) - New Resource:
aws_vpclattice_service_network_vpc_association
(#30411) - New Resource:
aws_vpclattice_target_group
(#30455)
ENHANCEMENTS:
- data-source/aws_dx_connection: Add
partner_name
attribute (#30385) - data-source/aws_lambda_function_url: Add
invoke_mode
attribute (#30547) - data-source/aws_nat_gateway: Add
association_id
attribute (#30546) - data-source/aws_sagemaker_prebuilt_ecr_image: Added sagemaker-model-monitor-analyzer images (#30301)
- resource/aws_acmpca_certificate: Add
api_passthrough
argument (#28142) - resource/aws_api_gateway_rest_api: Added
fail_on_warnings
attribute (#22300) - resource/aws_dx_connection: Add
partner_name
attribute (#30385) - resource/aws_dx_gateway: Add plan time validation to
name
argument (#30375) - resource/aws_dx_gateway: Allow updates to
name
without forcing resource replacement (#30375) - resource/aws_ec2_client_vpn_route: Increase Create and Delete timeouts to 4 minutes (#30552)
- resource/aws_lambda_function_url: Add
invoke_mode
attribute (#30547) - resource/aws_mwaa_environment: Add
startup_script_s3_path
andstartup_script_s3_object_version
attributes (#30549) - resource/aws_nat_gateway: Add
association_id
attribute (#30546) - resource/aws_servicecatalog_provisioned_product: Surfaces more clear error message when resource fails to apply (#30663)
- resource/aws_wafv2_web_acl: Add
aws_managed_rules_atp_rule_set
tomanaged_rule_group_configs
configuration block (#30518)
BUG FIXES:
- resource/aws_batch_compute_environment: Fix crash when
compute_resources.launch_template
is empty (#30537) - resource/aws_cognito_managed_user_pool_client: Allow removing
token_validity_units
(#30662) - resource/aws_cognito_user_pool_client: Allow removing
token_validity_units
(#30662) - resource/aws_db_instance: Allow
engine
andengine_version
to be set whenreplicate_source_db
is set (#30703) - resource/aws_db_instance: Fixes panic when updating
replica_mode
(#30714) - resource/aws_dynamodb_table_item: Would report spurious diffs when List and Map attributes were changed out-of-band (#30712)
- resource/aws_elasticache_user_group: Change
user_group_id
to ForceNew (#30533) - resource/aws_launch_template: Fix crash when
instance_market_options.spot_options
is empty (#30539) - resource/aws_msk_serverless_cluster: Change
vpc_config.security_group_ids
to Computed (#30535) - resource/aws_quicksight_data_set: Fix to properly send
physical_table_map.*.relational_table.catalog
when set (#30704) - resource/aws_quicksight_data_set: Fix to properly send
physical_table_map.*.relational_table.schema
when set (#30704) - resource/aws_rds_cluster: Prevent
db_instance_parameter_group_name
from causing errors on minor upgrades (#30679) - resource/aws_rds_cluster_parameter_group: Fixes differences being reported on every apply when setting system-source parameters (#30536)
FEATURES:
- New Data Source:
aws_ec2_transit_gateway_attachments
(#29644) - New Data Source:
aws_ec2_transit_gateway_route_table_associations
(#29642) - New Data Source:
aws_ec2_transit_gateway_route_table_propagations
(#29640) - New Data Source:
aws_oam_link
(#30401) - New Data Source:
aws_oam_links
(#30401) - New Data Source:
aws_quicksight_data_set
(#30422) - New Data Source:
aws_vpclattice_service
(#30490) - New Resource:
aws_inspector2_member_association
(#28921) - New Resource:
aws_lightsail_distribution
(#30124) - New Resource:
aws_quicksight_account_subscription
(#30359) - New Resource:
aws_quicksight_data_set
(#30349) - New Resource:
aws_quicksight_folder
(#30400) - New Resource:
aws_vpclattice_service
(#30429) - New Resource:
aws_vpclattice_service_network
(#35969)
ENHANCEMENTS:
- data-source/aws_route_table: Ignore routes managed by VPC Lattice (#30515)
- data-source/aws_secretsmanager_secret: Add
rotation_rules.duration
androtation_rules.schedule_expression
attributes (#30425) - data-source/aws_secretsmanager_secret_rotation: Add
rotation_rules.duration
androtation_rules.schedule_expression
attributes (#30425) - resource/aws_default_route_table: Ignore routes managed by VPC Lattice (#30515)
- resource/aws_emrserverless_application: Add
image_configuration
field (#30398) - resource/aws_imagebuilder_container_recipe: Add
platform_override
field (#30398) - resource/aws_route_table: Ignore routes managed by VPC Lattice (#30515)
- resource/aws_s3_bucket: Enable S3-compatible providers with no support for bucket tagging (#30151)
- resource/aws_sagemaker_endpoint_configuration: Add
name_prefix
argument (#28785) - resource/aws_sagemaker_feature_group: Add
table_format
to theoffline_store_config
configuration block (#30118) - resource/aws_secretsmanager_secret: Add
duration
andschedule_expression
attributes torotation_rules
configuration block (#30425) - resource/aws_secretsmanager_secret_rotation: Add
duration
andschedule_expression
attributes torotation_rules
configuration block (#30425)
BUG FIXES:
- resource/aws_ce_cost_category: Fixed
effective_start
being reset on any changes despiteeffective_start
having the same value (#30369) - resource/aws_db_instance: Fix crash when updating
password
(#30379) - resource/aws_glue_crawler: Fix InvalidInputException error string matching (#30370)
- resource/aws_glue_trigger: Fix InvalidInputException error string matching (#30370)
- resource/aws_medialive_channel: Fix attribute
certificate_mode
spelling inrtmp_output_settings
(#30224) - resource/aws_rds_cluster: Fix crash when updating
master_password
(#30379) - resource/aws_rds_cluster: Fix inconsistent final plan errors when
engine_version
updates are not applied immediately (#30247) - resource/aws_rds_cluster: Send
db_instance_parameter_group_name
on all modify requests when set (#30247) - resource/aws_rds_cluster_instance: Fix inconsistent final plan errors when
engine_version
updates are not applied immediately (#30247) - resource/aws_rds_instance: Fix inconsistent final plan errors when
engine_version
updates are not applied immediately (#30247) - resource/aws_s3_bucket_lifecycle_configuration: Allow
rule.filter.object_size_greater_than
= 0 (#29857) - resource/aws_scheduler_schedule: Mark
arn
property ofdead_letter_config
as a required property (#30360)
FEATURES:
- New Data Source:
aws_appmesh_gateway_route
(#29064) - New Data Source:
aws_appmesh_virtual_node
(#27545) - New Data Source:
aws_appmesh_virtual_router
(#26908) - New Data Source:
aws_globalaccelerator_custom_routing_accelerator
(#28922) - New Data Source:
aws_oam_sink
(#30258) - New Data Source:
aws_oam_sinks
(#30258) - New Data Source:
aws_ssmincidents_replication_set
(#29769) - New Resource:
aws_globalaccelerator_custom_routing_accelerator
(#28922) - New Resource:
aws_globalaccelerator_custom_routing_endpoint_group
(#28922) - New Resource:
aws_globalaccelerator_custom_routing_listener
(#28922) - New Resource:
aws_rbin_rule
(#25926) - New Resource:
aws_sns_topic_data_protection_policy
(#30008) - New Resource:
aws_ssmincidents_replication_set
(#29769)
ENHANCEMENTS:
- data-source/aws_db_instance: Add
master_user_secret
attribute (#28848) - data-source/aws_globalaccelerator_accelerator: Add
dual_stack_dns_name
attribute (#28922) - data-source/aws_rds_cluster: Add
master_user_secret
attribute (#28848) - resource/aws_appmesh_gateway_route: Add
header
,path
andquery_parameter
to thespec.http_route.match
andspec.http2_route.match
configuration blocks (#29064) - resource/aws_appmesh_gateway_route: Add
port
to thespec.grpc_route.action.target
,spec.http_route.action.target
andspec.http2_route.action.target
configuration blocks to support Virtual Services with multiple listeners (#29064) - resource/aws_appmesh_gateway_route: Add
priority
to thespec
configuration block (#29064) - resource/aws_appmesh_route: Add
path
andquery_parameter
to thespec.http_route.match
andspec.http2_route.match
configuration blocks (#29064) - resource/aws_appmesh_route:
spec.http_route.match.prefix
andspec.http2_route.match.prefix
are Optional (#29064) - resource/aws_appmesh_virtual_node: Add
ip_preference
andresponse_type
to thespec.service_discovery.dns
configuration block (#29064) - resource/aws_db_instance: Add
manage_master_user_password
,master_user_secret
andmaster_user_secret_kms_key_id
arguments to support RDS managed master password in Secrets Manager (#28848) - resource/aws_globalaccelerator_accelerator: Add
dual_stack_dns_name
attribute (#28922) - resource/aws_lakeformation_lf_tag: Increase values MaxItem up to 1000 to match with AWS real limit (#26546)
- resource/aws_rds_cluster: Add
manage_master_user_password
,master_user_secret
andmaster_user_secret_kms_key_id
arguments to support RDS managed master password in Secrets Manager (#28848) - resource/aws_sagemaker_endpoint_configuration: Add
production_variants.enable_ssm_access
andshadow_production_variants.enable_ssm_access
arguments (#30267)
BUG FIXES:
- datasource/aws_ecs_task_execution: Fix type assertion panic on
overrides.0.container_overrides.*.environment
attribute (#30214) - datasource/aws_ecs_task_execution: Fix type assertion panic on
overrides.0.container_overrides.*.resource_requirements
attribute (#30214) - datasource/aws_ecs_task_execution: Fix type assertion panic on
overrides.0.inference_accelerator_overrides
attribute (#30214) - resource/aws_appmesh_virtual_router:
spec.listener
is Optional (#29064) - resource/aws_fsx_openzfs_file_system: Fix
iops
validation indisk_iops_configuration
to allow values forSINGLE_AZ_1
andSINGLE_AZ_2
(#30299) - resource/aws_lakeformation_lf_tag: Fix support for lf-tag keys with colons in the name (#28258)
- resource/aws_launch_template: Allow
metadata_options
to be applied whenhttp_endpoint
is not configured (#30107) - resource/aws_ssm_activation: Fix IAM eventual consistency errors on resource Create (#30280)
- resource/aws_ssm_document: Correctly set
default_version
,document_version
,hash
,latest_version
andparameter
as Computed whencontent
changes (#28489) - resource/aws_wafv2_ip_set: Fix
DiffSuppress
onaddresses
to detect changes for unknown values (#30352)
FEATURES:
- New Data Source:
aws_appmesh_route
(#26695) - New Data Source:
aws_appmesh_virtual_gateway
(#27057) - New Resource:
aws_cognito_managed_user_pool_client
(#30140) - New Resource:
aws_oam_link
(#30125) - New Resource:
aws_sesv2_contact_list
(#30094)
ENHANCEMENTS:
- data-source/aws_ecs_cluster: Add
tags
attribute (#30073) - resource/aws_appmesh_virtual_gateway: Add
logging.access_log.file.format
configuration block (#29315) - resource/aws_appmesh_virtual_node: Add
logging.access_log.file.format
configuration block (#29315) - resource/aws_rds_cluster: Conflict
snapshot_identifier
andglobal_cluster_identifier
attributes, preventing misleading results on restore (#30158) - resource/aws_securityhub_account: Add
enable_default_standards
argument (#13477) - resource/aws_securityhub_member:
email
is Optional (#19065)
BUG FIXES:
- data-source/aws_appmesh_mesh: Don't attempt to list tags if the current AWS account is not the mesh owner (#26695)
- data-source/aws_appmesh_virtual_service: Don't attempt to list tags if the current AWS account is not the mesh owner (#26695)
- resource/aws_apigateway_domain_name: Add ability to update
mutual_tls_authentication.truststore_uri
in place (#30081) - resource/aws_apigatewayv2_domain_name: Add ability to update
mutual_tls_authentication.truststore_uri
in place (#30081) - resource/aws_appmesh_gateway_route: Use configured
mesh_owner
when deleting shared gateway route (#29362) - resource/aws_appmesh_route: Use configured
mesh_owner
value when deleting shared route (#29362) - resource/aws_appmesh_virtual_gateway: Use configured
mesh_owner
value when deleting shared virtual gateway (#29362) - resource/aws_appmesh_virtual_node: Use configured
mesh_owner
value when deleting shared virtual node (#29362) - resource/aws_appmesh_virtual_router: Use configured
mesh_owner
value when deleting shared virtual router (#29362) - resource/aws_appmesh_virtual_service: Use configured
mesh_owner
value when deleting shared virtual service (#29362) - resource/aws_cognito_risk_configuration: Adds validation to
risk_exception_configuration
and requires at least one ofaccount_takeover_risk_configuration
,compromised_credentials_risk_configuration
, orrisk_exception_configuration
. (#30074) - resource/aws_medialive_channel: Change
TypeSet
toTypeList
onvideo_description
, to get more precise actions from plan output (#30064) - resource/aws_medialive_channel: Fix type casting for
h264_settings
invideo_descriptions
(#30063) - resource/aws_medialive_channel: Fix type casting of
program_num
,segmentation_time
andfragment_time
form2ts_settings
(#30025) - resource/aws_opsworks_application: Don't return an error like
deleting OpsWorks Application (...): %!s()
after successful Delete (#30101) - resource/aws_pinpoint_app: Don't return an error like
deleting Pinpoint Application (...): %!s()
after successful Delete (#30101) - resource/aws_placement_group: Change
spread_level
to Computed (#28596) - resource/aws_security_group: Improve respect for delete timeout set by user and retry of certain errors (#30114)
- resource/aws_transfer_server: Fix error refreshing
protocol_details.as2_transports
value (#30115)
NOTES:
- resource/aws_connect_queue: The
quick_connect_ids_associated
attribute is being deprecated in favor ofquick_connect_ids
(#26151) - resource/aws_connect_routing_profile: The
queue_configs_associated
attribute is being deprecated in favor ofqueue_configs
(#26151)
FEATURES:
- New Data Source:
aws_ec2_public_ipv4_pool
(#28245) - New Data Source:
aws_ec2_public_ipv4_pools
(#28245) - New Data Source:
aws_servicecatalog_provisioning_artifacts
(#25535) - New Resource:
aws_codegurureviewer_repository_association
(#29656) - New Resource:
aws_emr_block_public_access_configuration
(#29968) - New Resource:
aws_kms_key_policy
(#29923) - New Resource:
aws_oam_sink
(#29670) - New Resource:
aws_oam_sink_policy
(#30020)
ENHANCEMENTS:
- aws_cognito_user_pool_domain: Add ability to update
certificate_arn
in place (#25275) - data-source/aws_aws_lb: Add
enable_xff_client_port
,xff_header_processing_mode
andenable_tls_version_and_cipher_suite_headers
attributes (#29792) - data-source/aws_ce_cost_category: Add
default_value
attribute (#29291) - data-source/aws_dynamodb_table: Add
deletion_protection_enabled
attribute (#29924) - data-source/aws_opensearch_domain: Add
dashboard_endpoint
attribute (#29867) - resource/aws_amplify_domain_association: Add
enable_auto_sub_domain
argument (#29814) - resource/aws_appflow_flow: Add attribute
preserve_source_data_typing
tos3_output_format_config
ins3
(#27616) - resource/aws_appsync_datasource: Add
event_bridge_config
argument to support AppSync EventBridge data sources (#30042) - resource/aws_aws_lb: Add
enable_xff_client_port
,xff_header_processing_mode
andenable_tls_version_and_cipher_suite_headers
arguments (#29792) - resource/aws_batch_compute_environment: Allow a maximum of 2
compute_resources.ec2_configuration
s (#27207) - resource/aws_cloudwatch_metric_alarm: Add
period
parameter tometric_query
(#29896) - resource/aws_cloudwatch_metric_alarm: Add validation to
period
parameter ofmetric_query.metric
(#29896) - resource/aws_cognito_user_pool_domain: Add
cloudfront_distribution
andcloudfront_distribution_zone_id
attributes (#27790) - resource/aws_dynamodb_table: Add
deletion_protection_enabled
argument (#29924) - resource/aws_ecs_task_definition: Add
arn_without_revision
attribute (#27351) - resource/aws_elasticache_user: Add
authentication_mode
argument (#28928) - resource/aws_fms_policy: Add
description
argument (#29926) - resource/aws_fsx_openzfs_file_system: Add support for
SINGLE_AZ_2
deployment_type
(#28583) - resource/aws_glue_crawler: Add
create_native_delta_table
attribute to thedelta_target
configuration block (#29566) - resource/aws_inspector2_organization_configuration: Add
lambda
attribute toauto_enable
configuration block (#28961) - resource/aws_instance: Add ability to update
private_dns_name_options
in place (#26305) - resource/aws_lb_target_group: Add
load_balancing_cross_zone_enabled
argument (#29920) - resource/aws_opensearch_domain: Add
dashboard_endpoint
attribute (#29867) - resource/aws_qldb_ledger: Add configurable timeouts (#29635)
- resource/aws_s3_bucket: Add error handling for
XNotImplemented
errors when readingacceleration_status
,request_payer
,lifecycle_rule
,logging
, orreplication_configuration
into terraform state. (#29632) - resource/aws_securityhub_organization_configuration: Add
auto_enable_standards
attribute (#29773) - resource/aws_wafv2_web_acl_association: Add configurable timeout for Create (#30002)
BUG FIXES:
- data-source/aws_opensearch_domain: Add missing
advanced_security_options.anonymous_auth_enabled
attribute (#26746) - resource/aws_api_gateway_integration: Fix bug that cleared unchanged
cache_key_parameters
values on Update (#29991) - resource/aws_apigatewayv2_integration: Retry errors like
ConflictException: Unable to complete operation due to concurrent modification. Please try again later.
(#29735) - resource/aws_budgets_action: Extend and add configurable timeouts for create and update (#29976)
- resource/aws_cognito_user_pool: Remove Computed from
lambda_config.custom_email_sender
andlambda_config.custom_sms_sender
allowing their values to be removed (#29047) - resource/aws_cognito_user_pool:
account_recovery_setting.recovery_mechanism
is Optional+Computed (#22302) - resource/aws_ecr_repository: Fix unhandled errors and nil output on read (#30067)
- resource/aws_elasticache_user: Change
user_id
to ForceNew (#28928) - resource/aws_elasticsearch_domain: Remove upper bound validation for
ebs_options.throughput
as the 1,000 MB/s limit can be raised (#27598) - resource/aws_lambda_function: Fix empty environment variable update (#29839)
- resource/aws_lightsail_domain_entry: Allow for the domain entry to begin with an underscore. (#30056)
- resource/aws_lightsail_domain_entry: Moved the error handling of an improperly formatted ID to be before attempting to access the id_parts. This will cause a proper empty resource message instead of a panic when ID is not properly formed. (#30056)
- resource/aws_lightsail_instance: Added a check to ensure that the availability_zone value is within the current region of the provider. (#30056)
- resource/aws_lightsail_instance: Fix
name
validation to allow instances to start with a numeric character (#29903) - resource/aws_medialive_channel: Fix setting of
bitrate
andsample_rate
foraac_settings
. (#29807) - resource/aws_medialive_channel: Fix setting of
bitrate
foreac3_settings
. (#29809) - resource/aws_medialive_channel: Fix spelling for attribute
audio_only_timecode_control
and correct type forevent_id
inms_smooth_group_settings
(#29917) - resource/aws_medialive_channel: Removed
Compute
flag fromaudio_normalization_settings
andremix_settings
inaudio_descriptions
(#29859) - resource/aws_medialive_channel: Removed
Computed
flag fromaac_settings
, ´ac3_settings,
eac3_atmos_settings,
eac3_settings,
mp2_settings,
pass_through_settingsand
wav_settingsin
codec_settings`. (#29825) - resource/aws_neptune_cluster: Change lower bound validation for
serverless_v2_scaling_configuration.min_capacity
to 1 Neptune Capacity Unit (NCU) (#29999) - resource/aws_network_acl_association: Add retry to read step, resolving
empty result
error (#26838) - resource/aws_opensearch_domain: Remove upper bound validation for
ebs_options.throughput
as the 1,000 MB/s limit can be raised (#27598) - resource/aws_route: Allow
destination_ipv6_cidr_block
to be specified for avpc_endpoint_id
target (#29994) - resource/aws_sagemaker_endpoint_configuration: Fix
variant_name
generation when unset (#29915)
FEATURES:
- New Data Source:
aws_ecs_task_execution
(#29783) - New Data Source:
aws_licensemanager_grants
(#29741) - New Data Source:
aws_licensemanager_received_license
(#29741) - New Data Source:
aws_licensemanager_received_licenses
(#29741) - New Resource:
aws_licensemanager_grant
(#29741) - New Resource:
aws_licensemanager_grant_accepter
(#29741)
ENHANCEMENTS:
- data-source/aws_ec2_transit_gateway_attachment: Add
association_state
andassociation_transit_gateway_route_table_id
attributes (#29648) - data-source/aws_instances: Add
ipv6_addresses
attribute (#29794) - resource/aws_acm_certificate: Change
options
toComputed
(#29763) - resource/aws_amplify_domain_association: Add
enable_auto_sub_domain
argument (#29814) - resource/aws_cloudhsm_v2_hsm: Enforce
ExactlyOneOf
foravailability_zone
andsubnet_id
arguments (#20891) - resource/aws_db_instance: Add
listener_endpoint
attribute (#28434) - resource/aws_db_instance: Add plan time validations for
backup_retention_period
,monitoring_interval
, andmonitoring_role_arn
(#28434) - resource/aws_flow_log: Add
deliver_cross_account_role
argument (#29254) - resource/aws_grafana_workspace: Add
network_access_control
argument (#29793) - resource/aws_sesv2_configuration_set: Add
vdm_options
argument (#28812) - resource/aws_transfer_server: Add
protocol_details
argument (#28621) - resource/aws_transfer_workflow: Add
decrypt_step_details
to theon_exception_steps
andsteps
configuration blocks (#29692) - resource/db_snapshot: Add
shared_accounts
argument (#28424)
BUG FIXES:
- resource/aws_acm_certificate: Update
options.certificate_transparency_logging_preference
in place rather than replacing the resource (#29763) - resource/aws_batch_job_definition: Prevents perpetual diff when container properties environment variable has empty value. (#29820)
- resource/aws_elastic_beanstalk_configuration_template: Map errors like
InvalidParameterValue: No Platform named '...' found.
toresource.NotFoundError
soterraform refesh
correctly removes the resource from state (#29863) - resource/aws_flow_log: Fix IAM eventual consistency errors on resource Create (#29254)
- resource/aws_grafana_workspace: Allow removing
vpc_configuration
(#29793) - resource/aws_medialive_channel: Fix setting of the
include_fec
attribute infec_output_settings
(#29808) - resource/aws_medialive_channel: Fix setting of the
video_pid
attribute inm2ts_settings
(#29824)
BUG FIXES:
- resource/aws_lambda_function: Prevent
Provider produced inconsistent final plan
errors produced by nullskip_destroy
attribute value. NOTE: Because the maintainers have been unable to reproduce the reported problem, the fix is best effort and we ask for community support in verifying the fix. (#29812)
NOTES:
- resource/aws_dms_endpoint: The
s3_settings
argument has been deprecated. All configurations usingaws_dms_endpoint.*.s3_settings
should be updated to use theaws_dms_s3_endpoint
resource instead (#29728) - resource/aws_networkmanager_core_network: The
base_policy_region
argument is being deprecated in favor of the newbase_policy_regions
argument. (#29623)
FEATURES:
- New Resource:
aws_lightsail_bucket_resource_access
(#29460)
ENHANCEMENTS:
- data-source/aws_launch_template: Add
instance_requirements.allowed_instance_types
andinstance_requirements.network_bandwidth_gbps
attributes (#29140) - resource/aws_autoscaling_group: Add
auto_rollback
to theinstance_refresh.preferences
configuration block (#29513) - resource/aws_autoscaling_group: Add
mixed_instances_policy.launch_template.override.instance_requirements.allowed_instance_types
andmixed_instances_policy.launch_template.override.instance_requirements.network_bandwidth_gbps
arguments (#29140) - resource/aws_autoscaling_policy: Add
metrics
to thetarget_tracking_configuration.customized_metric_specification
configuration block in support of metric math (#28560) - resource/aws_cloudtrail_event_data_store: Add
kms_key_id
argument (#29224) - resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the
db2
engine (#29380) - resource/aws_dms_endpoint: Add support for
azure-sql-managed-instance
engine_name
value (#28960) - resource/aws_dms_s3_endpoint: Add
detach_target_on_lob_lookup_failure_parquet
argument (#29772) - resource/aws_ec2_fleet: Add
fleet_instance_set
,fleet_state
,fulfilled_capacity
, andfulfilled_on_demand_capacity
attributes (#29181) - resource/aws_ec2_fleet: Add
launch_template_config.override.instance_requirements.allowed_instance_types
andlaunch_template_config.override.instance_requirements.network_bandwidth_gbps
arguments (#29140) - resource/aws_ec2_fleet: Add
on_demand_options.capacity_reservation_options
,on_demand_options.max_total_price
,on_demand_options.min_target_capacity
,on_demand_options.single_availability_zone
andon_demand_options.single_instance_type
arguments (#29181) - resource/aws_ec2_fleet: Add
spot_options.maintenance_strategies.capacity_rebalance.termination_delay
argument (#29181) - resource/aws_ec2_fleet: Add
valid_from
andvalid_until
arguments (#29181) - resource/aws_lambda_function: Add
skip_destroy
argument (#29646) - resource/aws_lambda_function: Add configurable timeout for Delete (#29646)
- resource/aws_lambda_function: Add plan time validators for
memory_size
,role
, andtimeout
(#29721) - resource/aws_lambda_function: Retry (up to the configurable timeout) deletion of replicated Lambda@Edge functions (#29646)
- resource/aws_launch_template: Add
instance_requirements.allowed_instance_types
andinstance_requirements.network_bandwidth_gbps
arguments (#29140) - resource/aws_networkmanager_core_network: Add
base_policy_regions
argument (#29623) - resource/aws_spot_fleet_request: Add
launch_template_config.overrides.instance_requirements.allowed_instance_types
andlaunch_template_config.overrides.instance_requirements.network_bandwidth_gbps
arguments (#29140) - resource/aws_transfer_server: Add support for
on_partial_upload
block on theworkflow_details
attribute. (#27730) - resource/aws_transfer_user: Add configurable timeout for Delete (#27563)
BUG FIXES:
- resource/aws_dms_endpoint: Trigger updates based on adding new
extra_connection_attributes
(#29772) - resource/aws_instance: When encountering
InsufficientInstanceCapacity
errors, do not retry in order to fail faster, as this error is typically not resolvable in the near future (#21293) - resource/aws_transfer_server: Allow the removal of
workflow_details
attribute. (#27730) - resource/aws_transfer_user: Fix bug preventing removal of all
home_directory_mappings
due to empty list validation error (#27563)
NOTES:
- resource/aws_lambda_function: Updated to AWS SDK V2 (#29615)
FEATURES:
- New Data Source:
aws_vpc_security_group_rule
(#29484) - New Data Source:
aws_vpc_security_group_rules
(#29484) - New Resource:
aws_networkmanager_connect_peer
(#29296) - New Resource:
aws_vpc_security_group_egress_rule
(#29484) - New Resource:
aws_vpc_security_group_ingress_rule
(#29484)
ENHANCEMENTS:
- data-source/aws_ecr_image: Add
most_recent
argument to return the most recently pushed image (#26857) - data-source/aws_ecr_repository: Add
most_recent_image_tags
attribute containing the most recently pushed image tag(s) in an ECR repository (#26857) - resource/aws_lb_ssl_negotiation_policy: Add
triggers
attribute to force resource updates (#29482) - resource/aws_load_balancer_listener_policy: Add
triggers
attribute to force resource updates (#29482) - resource/aws_organizations_policy: Add
skip_destroy
attribute (#29382) - resource/aws_organizations_policy_attachment: Add
skip_destroy
attribute (#29382) - resource/aws_sns_topic: Add
signature_version
andtracing_config
arguments (#29462)
BUG FIXES:
- resource/aws_acmpca_certificate_authority:
revocation_configuration.crl_configuration.expiration_in_days
is Optional (#29613) - resource/aws_default_vpc: Change
enable_network_address_usage_metrics
to Optional+Computed, matching theaws_vpc
resource (#29607) - resource/aws_lambda_function: Fix missing
ValidationException
message body (#29615) - resource/aws_medialive_channel: Fix setting of
m2ts_settings
arib_captions_pid
andarib_captions_pid_control
attributes (#29467) - resource/aws_resourceexplorer2_view: Fix
Unexpected Planned Resource State on Destroy
errors when using Terraform CLI v1.3 and above (#29550) - resource/aws_servicecatalog_provisioned_product: Fix to allow
outputs
to beComputed
when the resource changes (#29559) - resource/aws_sns_topic_subscription: Fix
filter_policy_scope
update fromMessageAttributes
toMessageBody
with nested objects infilter_policy
(#28572) - resource/aws_wafv2_web_acl: Prevent erroneous diffs and attempts to remove AWS-added rule when applying to CF distribution using AWS Shield to automatically mitigate DDoS (#29575)
FEATURES:
- New Data Source:
aws_organizations_organizational_unit_child_accounts
(#24350) - New Data Source:
aws_organizations_organizational_unit_descendant_accounts
(#24350) - New Resource:
aws_route53_cidr_collection
(#29407) - New Resource:
aws_route53_cidr_location
(#29407) - New Resource:
aws_vpc_ipam_resource_discovery
(#29216) - New Resource:
aws_vpc_ipam_resource_discovery_association
(#29216)
ENHANCEMENTS:
- data-source/aws_s3_bucket_object: Expand content types that can be read from S3 to include some human-readable application types (e.g.,
application/xml
,application/atom+xml
) (#27704) - data-source/aws_s3_object: Expand content types that can be read from S3 to include some human-readable application types (e.g.,
application/xml
,application/atom+xml
) (#27704) - resource/aws_autoscaling_policy: Make
resource_label
optional inpredefined_load_metric_specification
,predefined_metric_pair_specification
, andpredefined_scaling_metric_specification
(#29277) - resource/aws_cloudwatch_log_group: Allow
retention_in_days
attribute to accept a three year retention period (1096 days) (#29426) - resource/aws_db_proxy: Add
auth.client_password_auth_type
attribute (#28432) - resource/aws_firehose_delivery_stream: Add
ForceNew
todynamic_partitioning_configuration
attribute (#29093) - resource/aws_firehose_delivery_stream: Add configurable timeouts for create, update, and delete (#28469)
- resource/aws_neptune_cluster: Add
neptune_instance_parameter_group_name
argument, used only when upgrading major version (#28051) - resource/aws_neptune_global_cluster: Increase Update timeout to 120 minutes (per global cluster member) (#28051)
- resource/aws_route53_cidr_location: Add
cidr_routing_policy
argument (#29407) - resource/aws_s3_bucket: Accept 'NoSuchTagSetError' responses from S3-compatible services (#28530)
- resource/aws_s3_bucket: Add error handling for
NotImplemented
errors when readinglifecycle_rule
orreplication_configuration
into terraform state. (#28790) - resource/aws_s3_object: Accept 'NoSuchTagSetError' responses from S3-compatible services (#28530)
BUG FIXES:
- data-source/aws_elb: Fix errors caused by multiple security groups with the same name but different owners (#29202)
- resource/aws_appflow_connector_profile: Fix bug in connector_profile_config.0.connector_profile_properties.0.sapo_data.0.logon_language validation regex (#28550)
- resource/aws_appflow_flow: Fix misspelled
source_connector_properties.0.sapo_data.0.object
, which never worked, to beobject_path
(#28600) - resource/aws_appmesh_route: Fix RequiredWith setting for
spec.0.grpc_route.0.match.0.method_name
attribute (#29217) - resource/aws_autoscaling_policy: Fix type of target_value for predictive scaling (#28444)
- resource/aws_cloudfront_response_headers_policy: Allow
server_timing_headers_config.0.sampling_rate
to be0
(#27778) - resource/aws_codebuild_project: Fix err check on delete (#29042)
- resource/aws_ecs_service: Allow multiple
service
blocks withinservice_connect_configuration
(#28813) - resource/aws_ecs_service: Mark
service_connect_configuration.service.client_alias
as optional and ensure that only 1 such block can be provided (#28813) - resource/aws_ecs_service: Require
service_connect_configuration.log_configuration.log_driver
to be provided (#28813) - resource/aws_elb: Fix errors caused by multiple security groups with the same name but different owners (#29202)
- resource/aws_emr_cluster: Fix errors caused by multiple security groups with the same name but different owners (#29202)
- resource/aws_globalaccelerator_endpoint_group: Fix errors caused by multiple security groups with the same name but different owners (#29202)
- resource/aws_kms_key: Increase
policy propagation
eventual consistency timeouts from 5 minutes to 10 minutes (#28636) - resource/aws_medialive_channel: Fix issue causing
dbv_sub_pids
attribute to be configured incorrectly inm2ts_settings
(#29371) - resource/aws_medialive_channel: Fix issue preventing
audio_pids
attribute from being configured inm2ts_settings
(#29371) - resource/aws_neptune_cluster: Fix restore-from-snapshot functionality using the
snapshot_identifier
argument on resource Create (#28051) - resource/aws_neptune_cluster: Fix major version upgrade (#28051)
- resource/aws_sagemaker_user_profile: Change
user_settings.0.jupyter_server_app_settings.0.default_resource_spec
to be optional (#28581)
NOTES:
- provider: Resolves provider crashes reporting
Error: Plugin did not respond
andfatal error: concurrent map writes
with updated upstream package (terraform-plugin-log
) (#29269) - resource/aws_networkmanager_core_network: The
policy_document
attribute is being deprecated in favor of the newaws_networkmanager_core_network_policy_attachment
resource. (#29097)
FEATURES:
- New Resource:
aws_evidently_launch
(#28752) - New Resource:
aws_lightsail_bucket_access_key
(#28699) - New Resource:
aws_networkmanager_core_network_policy_attachment
(#29097)
ENHANCEMENTS:
- data-source/aws_cloudtrail_service_account: Add service account ID for
ap-southeast-4
AWS Region (#29103) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
ap-southeast-4
AWS Region (#29103) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
ap-southeast-4
AWS Region (#29103) - data-source/aws_s3_bucket: Add hosted zone ID for
ap-south-2
AWS Region (#29103) - data-source/aws_s3_bucket: Add hosted zone ID for
ap-southeast-4
AWS Region (#29103) - provider: Support
ap-southeast-4
as a valid AWS region (#29329) - resource/aws_dynamodb_table: Add
arn
,stream_arn
, andstream_label
attributes toreplica
to obtain this information for replicas (#29269) - resource/aws_efs_mount_target: Add configurable timeouts for Create and Delete (#27991)
- resource/aws_lambda_function: Add
replace_security_groups_on_destroy
andreplacement_security_group_ids
attributes (#29289) - resource/aws_networkfirewall_firewall: Add
ip_address_type
attribute to thesubnet_mapping
configuration block (#29010) - resource/aws_networkmanager_core_network: Add
base_policy_region
andcreate_base_policy
arguments (#29097)
BUG FIXES:
- data-source/aws_kms_key: Reinstate support for KMS multi-Region key ID or ARN values for the
key_id
argument (#29266) - resource/aws_cloudwatch_log_group: Fix IAM eventual consistency error when setting a retention policy (#29325)
- resource/aws_dynamodb_table: Avoid recreating table replicas when enabling PITR on them (#29269)
- resource/aws_ec2_client_vpn_endpoint: Change
authentication_options
fromTypeList
toTypeSet
as order is not significant (#29294) - resource/aws_kms_grant: Retries until valid principal ARNs are returned instead of not updating state (#29245)
- resource/aws_opsworks_permission:
stack_id
anduser_arn
are both Required and ForceNew (#27991) - resource/aws_prometheus_workspace: Create a logging configuration on resource update if none existed previously (#27472)
- resource/aws_s3_bucket: Fix crash when
logging
is empty (#29243) - resource/aws_sns_topic: Fixes potential race condition when reading policy document. (#29226)
- resource/aws_sns_topic_policy: Fixes potential race condition when reading policy document. (#29226)
ENHANCEMENTS:
- provider: Adds structured fields in logging (#29223)
- provider: Masks authentication fields in HTTP header logging (#29223)
NOTES:
- resource/aws_dynamodb_table: In the past, in certain situations,
kms_key_arn
could be populated with the default DynamoDB keyalias/aws/dynamodb
. This was an error because it would then be sent back to AWS and should not be. (#29102) - resource/aws_dynamodb_table: In the past, in certain situations,
server_side_encryption.0.kms_key_arn
orreplica.*.kms_key_arn
could be populated with the default DynamoDB keyalias/aws/dynamodb
. This was an error because it would then be sent back to AWS and should not be. (#29102) - resource/aws_dynamodb_table: Updating
replica.*.kms_key_arn
orreplica.*.point_in_time_recovery
, when thereplica
'skms_key_arn
is set, requires recreating the replica. (#29102) - resource/aws_dynamodb_table_replica: Updating
kms_key_arn
forces replacement of the replica now as required to re-encrypt the replica (#29102)
FEATURES:
- New Data Source:
aws_auditmanager_framework
(#28989) - New Resource:
aws_auditmanager_assessment_delegation
(#29099) - New Resource:
aws_auditmanager_framework_share
(#29049) - New Resource:
aws_auditmanager_organization_admin_account_registration
(#29018)
ENHANCEMENTS:
- resource/aws_wafv2_rule_group: Add
oversize_handling
argument tobody
block of thefield_to_match
block (#29082)
BUG FIXES:
- resource/aws_api_gateway_integration: Prevent drift of
connection_type
attribute whenaws_api_gateway_deployment
triggers
are used (#29016) - resource/aws_dynamodb_table: Fix perpetual diffs when using default AWS-managed keys (#29102)
- resource/aws_dynamodb_table: Fix to allow updating of
replica.*.kms_key_arn
(#29102) - resource/aws_dynamodb_table: Fix to allow updating of
replica.*.point_in_time_recovery
when areplica
haskms_key_arn
set (#29102) - resource/aws_dynamodb_table: Fix unexpected state 'DISABLED' error when waiting for PITR to update (#29086)
- resource/aws_dynamodb_table_replica: Fix to allow creation of the replica without errors when
kms_key_arn
is set (#29102) - resource/aws_dynamodb_table_replica: Fix to allow updating of
kms_key_arn
(#29102) - resource/aws_medialive_channel: Add missing
rate_control_mode
inacc_settings
foraudio_descriptions
(#29051) - resource/aws_medialive_input: Fix eventual consistency error when updating (#29051)
- resource/aws_vpc_ipam_pool_cidr_allocation: Added support for eventual consistency on read operations after create. (#29022)
- resource/aws_wafv2_web_acl: Fix error when setting
aws_managed_rules_bot_control_rule_set
inmanaged_rule_group_configs
(#28810)
NOTES:
- resource/aws_ce_anomaly_subscription: Deprecate
threshold
argument in favour ofthreshold_expression
(#28573)
FEATURES:
- New Data Source:
aws_auditmanager_control
(#28967) - New Resource:
aws_datasync_location_object_storage
(#23154) - New Resource:
aws_rds_export_task
(#28831) - New Resource:
aws_resourceexplorer2_view
(#28841)
ENHANCEMENTS:
- resource/aws_appmesh_gateway_route: Add
port
on thematch
attribute for routes (#27799) - resource/aws_appmesh_route: Add
port
on theweighted_target
attribute (#27799) - resource/aws_appmesh_virtual_gateway: Add the functionality to be able specify multi listeners (#27799)
- resource/aws_appmesh_virtual_node: Add the functionality to be able specify multi listeners (#27799)
- resource/aws_appmesh_virtual_router: Add the functionality to be able specify multi listeners (#27799)
- resource/aws_apprunner_service: Add
source_configuration.code_repository.code_configuration.runtime_environment_secrets
andsource_configuration.image_repository.image_configuration.runtime_environment_secrets
argument (#28871) - resource/aws_ce_anomaly_subscription: Add
threshold_expression
argument (#28573) - resource/aws_grafana_workspace: Add
configuration
argument (#28569) - resource/aws_imagbuilder_component: Add
skip_destroy
argument (#28905) - resource/aws_lambda_event_source_mapping: Add
scaling_config
argument (#28876) - resource/aws_lambda_function: Add configurable timeout for Update (#28963)
- resource/aws_rum_app_monitor: Add
custom_events
argument (#28431) - resource/aws_servicecatalog_portfolio_share: Add
share_principals
argument (#28619)
BUG FIXES:
- data-source/aws_eks_cluster: Add
outpost_config.control_plane_placement
attribute (#28924) - data-source/aws_identitystore_group: Restore use of
ListGroups
API whenfilter
is specified (#28937) - data-source/aws_identitystore_user: Restore use of
ListUsers
API whenfilter
is specified (#28937) - data-source/aws_lambda_function: Fix
AccessDeniedException
errors in AWS Regions where AWS Signer is not supported (#28963) - data-source/aws_lambda_function: Remove any qualifier from
invoke_arn
(#28963) - resource/aws_appstream_image_builder: Fix IAM eventual consistency error for optional role (#26677)
- resource/aws_appstream_image_builder: Fix refresh error when
domain_join_info
andvpc_config
are not empty (#26677) - resource/aws_elasticsearch_domain: Prevent persistent
iops
diff (#28901) - resource/aws_grafana_workspace: Fix updating
vpc_configuration
(#28569) - resource/aws_iam_server_certificate: Avoid errors on delete when no error occurred (#28968)
- resource/aws_lambda_function: Don't persist invalid
filename
,s3_bucket
,s3_key
ors3_object_version
values on resource Update (#28963) - resource/aws_lambda_function: Retry
ResourceNotFoundException
errors on resource Create (#28963) - resource/aws_lb_listener_certificate: Show errors in certain cases where they were previously only logged and resource was removed from state (#28968)
- resource/aws_opensearch_domain: Omit
throughput
andiops
for unsupported volume types (#28862) - resource/aws_sagemaker_app: Correctly list all apps so as not to lose track in an environment where there are many apps (#28561)
FEATURES:
- New Data Source:
aws_lbs
(#27161) - New Resource:
aws_sesv2_configuration_set_event_destination
(#27565)
ENHANCEMENTS:
- data-source/aws_lb_target_group: Support querying by
tags
(#27261) - resource/aws_redshiftdata_statement: Add
workgroup_name
argument (#28751) - resource/aws_service_discovery_service: Add
type
argument (#28778)
BUG FIXES:
- resource/aws_acmpca_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28788) - resource/aws_api_gateway_rest_api: Improve refresh to avoid unnecessary diffs in
policy
(#28789) - resource/aws_api_gateway_rest_api_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28789) - resource/aws_apprunner_service:
observability_configuration_arn
is optional (#28620) - resource/aws_apprunner_vpc_connector: Fix
default_tags
not handled correctly (#28736) - resource/aws_appstream_stack: Fix panic on user_settings update (#28766)
- resource/aws_appstream_stack: Prevent unnecessary replacements on update (#28766)
- resource/aws_backup_vault_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28791) - resource/aws_cloudsearch_domain_service_access_policy: Improve refresh to avoid unnecessary diffs in
access_policy
(#28792) - resource/aws_cloudwatch_event_bus_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28802) - resource/aws_codeartifact_domain_permissions_policy: Improve refresh to avoid unnecessary diffs in
policy_document
(#28794) - resource/aws_codeartifact_repository_permissions_policy: Improve refresh to avoid unnecessary diffs in
policy_document
(#28794) - resource/aws_codebuild_resource_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28796) - resource/aws_dms_replication_subnet_group: Fix error ("Provider produced inconsistent result") when an error is encountered during creation (#28748)
- resource/aws_dms_replication_task: Allow updates to
aws_dms_replication_task
even whenmigration_type
andtable_mappings
have not changed (#28047) - resource/aws_dms_replication_task: Fix error with
cdc_path
when used withaws_dms_s3_endpoint
(#28704) - resource/aws_dms_s3_endpoint: Fix error with
cdc_path
when used withaws_dms_replication_task
(#28704) - resource/aws_ecr_registry_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28799) - resource/aws_ecr_repository_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28799) - resource/aws_ecrpublic_repository_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28799) - resource/aws_efs_file_system_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28800) - resource/aws_elasticsearch_domain: Improve refresh to avoid unnecessary diffs in
access_policies
(#28801) - resource/aws_elasticsearch_domain_policy: Improve refresh to avoid unnecessary diffs in
access_policies
(#28801) - resource/aws_glacier_vault: Improve refresh to avoid unnecessary diffs in
access_policy
(#28804) - resource/aws_glacier_vault_lock: Improve refresh to avoid unnecessary diffs in
policy
(#28804) - resource/aws_glue_resource_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28807) - resource/aws_iam_group_policy: Fixed issue that could result in "inconsistent final plan" errors (#28868)
- resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28777) - resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28836) - resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28777) - resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in
policy
,tags
(#28836) - resource/aws_iam_role: Fixed issue that could result in "inconsistent final plan" errors (#28868)
- resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in
assume_role_policy
andinline_policy
policy
(#28777) - resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in
inline_policy.*.policy
,tags
(#28836) - resource/aws_iam_role_policy: Fixed issue that could result in "inconsistent final plan" errors (#28868)
- resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28777) - resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28836) - resource/aws_iam_user_policy: Fixed issue that could result in "inconsistent final plan" errors (#28868)
- resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28777) - resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28836) - resource/aws_iot_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28838) - resource/aws_kms_external_key: Improve refresh to avoid unnecessary diffs in
policy
(#28853) - resource/aws_kms_key: Improve refresh to avoid unnecessary diffs in
policy
(#28853) - resource/aws_lb_target_group: Change
protocol_version
to ForceNew (#17845) - resource/aws_lb_target_group: When creating a new target group, return an error if there is an existing target group with the same name. Use
terraform import
for existing target groups (#26977) - resource/aws_mq_configuration: Improve refresh to avoid unnecessary diffs in
data
(#28837) - resource/aws_s3_access_point: Improve refresh to avoid unnecessary diffs in
policy
(#28866) - resource/aws_s3_bucket: Improve refresh to avoid unnecessary diffs in
policy
(#28855) - resource/aws_s3_bucket_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28855) - resource/aws_s3control_access_point_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28866) - resource/aws_s3control_bucket_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28866) - resource/aws_s3control_multi_region_access_point_policy: Improve refresh to avoid unnecessary diffs in
details
policy
(#28866) - resource/aws_s3control_object_lambda_access_point_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28866) - resource/aws_sagemaker_model_package_group_policy: Improve refresh to avoid unnecessary diffs in
resource_policy
(#28865) - resource/aws_schemas_registry_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28864) - resource/aws_secretsmanager_secret: Improve refresh to avoid unnecessary diffs in
policy
(#28863) - resource/aws_secretsmanager_secret_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28863) - resource/aws_ses_identity_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28861) - resource/aws_sns_topic: Improve refresh to avoid unnecessary diffs in
policy
(#28860) - resource/aws_sns_topic_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28860) - resource/aws_sqs_queue: Improve refresh to avoid unnecessary diffs in
policy
(#28840) - resource/aws_sqs_queue_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28840) - resource/aws_transfer_access: Improve refresh to avoid unnecessary diffs in
policy
(#28859) - resource/aws_transfer_user: Improve refresh to avoid unnecessary diffs in
policy
(#28859) - resource/aws_vpc_endpoint: Improve refresh to avoid unnecessary diffs in
policy
(#28798) - resource/aws_vpc_endpoint_policy: Improve refresh to avoid unnecessary diffs in
policy
(#28798)
NOTES:
- resource/aws_dms_endpoint: For
s3_settings
cdc_min_file_size
, AWS changed the multiplier to kilobytes instead of megabytes. In other words, prior to the change, a value of32
represented 32 MiB. After the change, a value of32
represents 32 KB. Change your configuration accordingly. (#28578) - resource/aws_fsx_ontap_storage_virtual_machine: The
subtype
attribute is no longer deprecated (#28567)
FEATURES:
- New Data Source:
aws_s3control_multi_region_access_point
(#28373) - New Resource:
aws_appsync_type
(#28437) - New Resource:
aws_auditmanager_assessment
(#28643) - New Resource:
aws_auditmanager_assessment_report
(#28663) - New Resource:
aws_ec2_instance_state
(#28639) - New Resource:
aws_lightsail_bucket
(#28585) - New Resource:
aws_ssoadmin_instance_access_control_attributes
(#23317)
ENHANCEMENTS:
- data-source/aws_autoscaling_group: Add
desired_capacity_type
attribute (#28658) - data-source/aws_kms_secrets: Add
encryption_algorithm
andkey_id
arguments in support of asymmetric keys (#21054) - resource/aws_appflow_connector_profile: Add support for
connector_type
CustomConnector. Addcluster_identifier
,database_name
, anddata_api_role_arn
attributes forredshift
connection_profile_properties
(#26766) - resource/aws_appsync_resolver: Add
runtime
andcode
arguments (#28436) - resource/aws_appsync_resolver: Add plan time validation for
caching_config.ttl
(#28436) - resource/aws_athena_workgroup: Add
configuration.execution_role
argument (#28420) - resource/aws_autoscaling_group: Add
desired_capacity_type
argument (#28658) - resource/aws_dms_endpoint: Change
s3_settings
cdc_min_file_size
default to 32000 in order to align with AWS's change from megabytes to kilobytes for this setting (#28578) - resource/aws_ecs_service: Add
alarms
argument (#28521) - resource/aws_lightsail_instance: Add
add_on
configuration block. (#28602) - resource/aws_lightsail_instance_public_ports: Add
cidr_list_aliases
argument (#28376) - resource/aws_s3_access_point: Add
bucket_account_id
argument (#28564) - resource/aws_s3control_storage_lens_configuration: Add
advanced_cost_optimization_metrics
,advanced_data_protection_metrics
, anddetailed_status_code_metrics
arguments to thestorage_lens_configuration.account_level
andstorage_lens_configuration.account_level.bucket_level
configuration blocks (#28564) - resource/aws_wafv2_rule_group: Add
rule.action.captcha
argument (#28435) - resource/aws_wafv2_web_acl: Add
rule.action.challenge
argument (#28305) - resource/aws_wafv2_web_acl: Add support for ManagedRuleGroupConfig (#28594)
BUG FIXES:
- data-source/aws_cloudwatch_log_group: Restore use of
ListTagsLogGroup
API (#28492) - resource/aws_cloudwatch_log_group: Restore use of
ListTagsLogGroup
,TagLogGroup
andUntagLogGroup
APIs (#28492) - resource/aws_dms_endpoint: Add s3 setting
ignore_header_rows
and deprecate misspelledignore_headers_row
. (#28579) - resource/aws_elasticache_user_group_association: Retry on
InvalidUserGroupState
errors to handle concurrent updates (#28689) - resource/aws_lambda_function_url: Fix removal of
cors
configuration block (#28439) - resource/aws_lightsail_database: The
availability_zone
attribute is now optional/computed to support HAbundle_id
s (#28590) - resource/aws_lightsail_disk_attachment: Resolves a panic when an attachment fails and attempts to display the error returned by AWS. (#28593)
FEATURES:
- New Resource:
aws_dx_macsec_key_association
(#26274)
ENHANCEMENTS:
- resource/aws_dx_connection: Add
encryption_mode
andrequest_macsec
arguments andmacsec_capable
andport_encryption_status
attributes in support of MACsec (#26274) - resource/aws_dx_connection: Add
skip_destroy
argument (#26274) - resource/aws_eks_node_group: Add support for
WINDOWS_CORE_2019_x86_64
,WINDOWS_FULL_2019_x86_64
,WINDOWS_CORE_2022_x86_64
, andWINDOWS_FULL_2022_x86_64
ami_type
values (#28445) - resource/aws_networkfirewall_rule_group: Add
reference_sets
configuration block (#28335) - resource/aws_networkmanager_vpc_attachment: Add
options.appliance_mode_support
argument (#28450)
BUG FIXES:
- resource/aws_networkfirewall_rule_group: Change
rule_group.rules_source.stateful_rule
fromTypeSet
toTypeList
to preserve rule order (#27102)
FEATURES:
- New Data Source:
aws_cloudwatch_log_data_protection_policy_document
(#28272) - New Data Source:
aws_db_instances
(#28303) - New Resource:
aws_auditmanager_account_registration
(#28314) - New Resource:
aws_auditmanager_framework
(#28257) - New Resource:
aws_lambda_functions
(#28254) - New Resource:
aws_sagemaker_space
(#28154) - New Resource:
aws_ssoadmin_permissions_boundary_attachment
(#28241)
ENHANCEMENTS:
- data-source/aws_cloudwatch_log_group: Use resource tagging APIs that are not on a path to deprecation (#28359)
- data-source/aws_eks_addon: Add
configuration_values
attribute (#28295) - resource/aws_appsync_function: Add
runtime
andcode
arguments (#28057) - resource/aws_appsync_function: Make
request_mapping_template
andresponse_mapping_template
Optional (#28057) - resource/aws_cloudwatch_log_destination: Add
tags
argument andtags_all
attribute to support resource tagging (#28359) - resource/aws_cloudwatch_log_group: Use resource tagging APIs that are not on a path to deprecation (#28359)
- resource/aws_eks_addon: Add
configuration_values
argument (#28295) - resource/aws_grafana_workspace: Add
vpc_configuration
argument. (#28308) - resource/aws_networkmanager_core_network: Increase Create, Update, and Delete timeouts to 30 minutes (#28363)
- resource/aws_sagemaker_app: Add
space_name
argument (#28154) - resource/aws_sagemaker_app: Make
user_profile_name
optional (#28154) - resource/aws_sagemaker_domain: Add
default_space_settings
anddefault_user_settings.jupyter_server_app_settings.code_repository
arguments (#28154) - resource/aws_sagemaker_endpoint_configuration: Add
shadow_production_variants
,production_variants.container_startup_health_check_timeout_in_seconds
,production_variants.core_dump_config
,production_variants.model_data_download_timeout_in_seconds
, andproduction_variants.volume_size_in_gb
arguments (#28159) - resource/aws_sagemaker_user_profile: Add
user_settings.jupyter_server_app_settings.code_repository
argument (#28154)
BUG FIXES:
- resource/aws_cloudwatch_metric_stream: Correctly update
tags
(#28310) - resource/aws_db_instance: Ensure that
apply_immediately
default value is applied (#25768) - resource/aws_ecs_service: Fix
missing required field, UpdateServiceInput.ServiceConnectConfiguration.Enabled
error when removingservice_connect_configuration
configuration block (#28338) - resource/aws_ecs_service: Fix
service_connect_configuration.service.ingress_port_override
being set to 0 (InvalidParameterException: IngressPortOverride cannot use ports <= 1024
error) when not configured (#28338)
FEATURES:
- New Data Source:
aws_glue_catalog_table
(#23256) - New Resource:
aws_auditmanager_control
(#27857) - New Resource:
aws_networkmanager_core_network
(#28155) - New Resource:
aws_resourceexplorer2_index
(#28144) - New Resource:
aws_rum_metrics_destination
(#28143) - New Resource:
aws_vpc_network_performance_metric_subscription
(#28150)
ENHANCEMENTS:
- resource/aws_glue_crawler: Add
catalog_target.dlq_event_queue_arn
,catalog_target.event_queue_arn
,catalog_target.connection_name
,lake_formation_configuration
, andjdbc_target.enable_additional_metadata
arguments (#28156) - resource/aws_glue_crawler: Make
delta_target.connection_name
optional (#28156) - resource/aws_networkfirewall_firewall: Add
encryption_configuration
attribute (#28242) - resource/aws_networkfirewall_firewall_policy: Add
encryption_configuration
attribute (#28242) - resource/aws_networkfirewall_rule_group: Add
encryption_configuration
attribute (#28242)
BUG FIXES:
- resource/aws_db_instance: Fix error modifying
allocated_storage
whenstorage_type
is"gp3"
(#28243) - resource/aws_dms_s3_endpoint: Fix disparate handling of endpoint attributes in different regions (#28220)
- resource/aws_evidently_feature: Fix
description
attribute to accept strings between0
and160
in length (#27948) - resource/aws_lb_target_group: Allow
healthy_threshold
andunhealthy_threshold
to be set to different values for TCP health checks. (#28018) - resource/aws_lb_target_group: Allow
interval
to be updated for TCP health checks (#28018) - resource/aws_lb_target_group: Allow
timeout
to be set for TCP health checks (#28018) - resource/aws_lb_target_group: Don't force recreation on
health_check
attribute changes (#28018) - resource/aws_sns_topic_subscription: Fix unsupported
FilterPolicyScope
attribute error in the aws-cn partition (#28253)
NOTES:
- provider: With AWS's retirement of EC2-Classic the
skip_get_ec2_platforms
attribute has been deprecated and will be removed in a future version (#28084) - resource/aws_fsx_ontap_storage_virtual_machine: The
subtype
attribute has been deprecated and will be removed in a future version (#28127)
FEATURES:
- New Resource:
aws_dms_s3_endpoint
(#28130)
ENHANCEMENTS:
- data-source/aws_db_instance: Add
storage_throughput
attribute (#27670) - data-source/aws_eks_cluster: Add
cluster_id
attribute (#28112) - resource/aws_db_instance: Add
storage_throughput
argument (#27670) - resource/aws_db_instance: Add support for
gp3
storage_type
value (#27670) - resource/aws_db_instance: Change
iops
toComputed
(#27670) - resource/aws_eks_cluster: Add
cluster_id
attribute andoutpost_config.control_plane_placement
argument (#28112) - resource/aws_redshiftserverless_workgroup: Wait on
MODIFYING
status on resource Delete (#28114)
BUG FIXES:
- resource/aws_redshiftserverless_namespace: Fix updating
admin_username
andadmin_user_password
(#28125)
NOTES:
- resource/aws_fsx_ontap_storage_virtual_machine: The
subtype
attribute will always have the value"DEFAULT"
(#28085) - resource/aws_wafv2_web_acl:
excluded_rule
onmanaged_rule_group_statement
has been deprecated. All configurations usingexcluded_rule
should be updated to use the newrule_action_override
attribute instead (#27954)
ENHANCEMENTS:
- resource/aws_api_gateway_deployment: Add import support (#28030)
- resource/aws_kinesisanalyticsv2_application: Add support for
FLINK-1_15
runtime_environment
value (#28099) - resource/aws_lambda_function: Add
snap_start
attribute (#28097) - resource/aws_wafv2_web_acl: Support
rule_action_override
onmanaged_rule_group_statement
(#27954)
BUG FIXES:
- resource/aws_instance: Change
iam_instance_profile
toComputed
as the value may be configured via a launch template (#27972)
FEATURES:
- New Resource:
aws_neptune_global_cluster
(#26133)
ENHANCEMENTS:
- data-source/aws_ecs_cluster: Add
service_connect_defaults
attribute (#28052) - resource/aws_ce_cost_category: Allow configuration of
effective_start
value (#28055) - resource/aws_ecs_cluster: Add
service_connect_defaults
argument (#28052) - resource/aws_ecs_service: Add
service_connect_configuration
argument in support of ECS Service Connect (#28052) - resource/aws_glue_classifier: Add
custom_datatypes
andcustom_datatype_configured
arguments (#28048) - resource/aws_neptune_cluster: Add
global_cluster_identifier
argument (#26133)
FEATURES:
- New Data Source:
aws_redshiftserverless_credentials
(#28026) - New Resource:
aws_cloudwatch_log_data_protection_policy
(#28049)
ENHANCEMENTS:
- data-source/aws_memorydb_cluster: Add
data_tiering
attribute (#28022) - resource/aws_db_instance: Add
blue_green_update
argument in support of RDS Blue/Green Deployments (#28046) - resource/aws_efs_file_system: Add support for
AFTER_1_DAY
lifecycle_policy.transition_to_ia
argument (#28054) - resource/aws_efs_file_system: Add support for
elastic
throughput_mode
argument (#28054) - resource/aws_emrserverless_application: Add
architecture
argument (#28027) - resource/aws_emrserverless_application: Mark
maximum_capacity
andmaximum_capacity.disk
as Computed, preventing spurious resource diffs (#28027) - resource/aws_memorydb_cluster: Add
data_tiering
attribute (#28022) - resource/aws_sns_topic_subscription: Add
filter_policy_scope
argument in support of SNS message filtering (#28004)
BUG FIXES:
- resource/aws_lambda_function: Don't fail resource Create if AWS Signer service is not available in the configured Region (#28008)
- resource/aws_memorydb_cluster: Allow more than one element in
snapshot_arns
(#28022) - resource/aws_sagemaker_user_profile:
user_settings.jupyter_server_app_settings
,user_settings.kernel_gateway_app_settings
, anduser_settings.tensor_board_app_settings
are updateable (#28025)
FEATURES:
- New Data Source:
aws_sqs_queues
(#27890) - New Resource:
aws_ivschat_logging_configuration
(#27924) - New Resource:
aws_ivschat_room
(#27974) - New Resource:
aws_rds_clusters
(#27891) - New Resource:
aws_redshiftserverless_resource_policy
(#27920) - New Resource:
aws_scheduler_schedule
(#27975)
ENHANCEMENTS:
- data-source/aws_cloudtrail_service_account: Add service account ID for
ap-south-2
AWS Region (#27983) - data-source/aws_elasticache_cluster: Add
cache_nodes.outpost_arn
andpreferred_outpost_arn
attributes (#27934) - data-source/aws_elasticache_cluster: Add
ip_discovery
andnetwork_type
attributes (#27856) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
ap-south-2
AWS Region (#27983) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
ap-south-2
AWS Region (#27983) - data-source/aws_rds_cluster: Add
engine_mode
attribute (#27892) - provider: Support
ap-south-2
as a valid AWS Region (#27950) - resource/aws_amplify_app: Add support for
WEB_COMPUTE
platform
value in support of Next.js web apps (#27925) - resource/aws_elasticache_cluster: Add
ip_discovery
andnetwork_type
arguments in support of IPv6 clusters (#27856) - resource/aws_elasticache_cluster: Add
outpost_mode
andpreferred_outpost_arn
arguments andcache_nodes.outpost_arn
attribute. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#27934) - resource/aws_lambda_function: Add support for
nodejs18.x
runtime
value (#27923) - resource/aws_lambda_layer_version: Add support for
nodejs18.x
compatible_runtimes
value (#27923) - resource/aws_medialive_channel: Add
start_channel
attribute (#27882) - resource/aws_nat_gateway: Update
private_ip
attribute to be configurable (#27953)
BUG FIXES:
- resource/aws_cloudcontrolapi_resource: Remove invalid regular expressions from CloudFormation resource schema (#27935)
- resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the
sybase
engine (#27949) - resource/aws_resourcegroups_group: Properly set
configuration.parameters
as optional (#27985)
NOTES:
- data-source/aws_identitystore_group: The
filter
argument has been deprecated. Use thealternate_identifier
argument instead (#27762)
FEATURES:
- New Data Source:
aws_controltower_controls
(#26978) - New Data Source:
aws_ivs_stream_key
(#27789) - New Resource:
aws_appconfig_extension
(#27860) - New Resource:
aws_appconfig_extension_association
(#27860) - New Resource:
aws_controltower_control
(#26990) - New Resource:
aws_evidently_feature
(#27395) - New Resource:
aws_ivs_channel
(#27726) - New Resource:
aws_networkmanager_connect_attachment
(#27787) - New Resource:
aws_opensearch_inbound_connection_accepter
(#22988) - New Resource:
aws_opensearch_outbound_connection
(#22988) - New Resource:
aws_scheduler_schedule_group
(#27800) - New Resource:
aws_schemas_registry_policy
(#27705) - New Resource:
aws_sesv2_email_identity_mail_from_attributes
(#27672)
ENHANCEMENTS:
- data-source/aws_cloudtrail_service_account: Add service account ID for
eu-central-2
AWS Region (#27814) - data-source/aws_cloudtrail_service_account: Add service account ID for
eu-south-2
AWS Region (#27855) - data-source/aws_connect_instance: Add
multi_party_conference_enabled
attribute (#27734) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
eu-central-2
AWS Region (#27814) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
eu-south-2
AWS Region (#27855) - data-source/aws_identitystore_group: Add
alternate_identifier
argument anddescription
attribute (#27762) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
eu-central-2
AWS Region (#27814) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
eu-south-2
AWS Region (#27855) - data-source/aws_s3_bucket: Add hosted zone ID for
eu-central-2
AWS Region (#27814) - data-source/aws_s3_bucket: Add hosted zone ID for
eu-south-2
AWS Region (#27855) - provider: Support
eu-central-2
as a valid AWS Region (#27812) - provider: Support
eu-south-2
as a valid AWS Region (#27847) - resource/aws_acm_certificate: Add
key_algorithm
argument in support of ECDSA TLS certificates (#27781) - resource/aws_autoscaling_group: Add support for
price-capacity-optimized
spot_allocation_strategy
value (#27795) - resource/aws_cloudwatch_logs_group: Add
skip_destroy
argument (#26775) - resource/aws_cognito_user_pool: Add
sns_region
attribute tosms_configuration
block (#26684) - resource/aws_connect_instance: Add
multi_party_conference_enabled
argument (#27734) - resource/aws_customer_gateway: Make
ip_address
optional (#26673) - resource/aws_docdb_cluster_instance: Add
enable_performance_insights
andperformance_insights_kms_key_id
arguments (#27769) - resource/aws_dynamodb_table_item: Allow the creation of items with the same hash key but different range keys (#27517)
- resource/aws_ec2_fleet: Add support for
price-capacity-optimized
spot_options.allocation_strategy
value (#27795) - resource/aws_ecs_service: Add
triggers
argument to enable in-place updates (redeployments) on each apply, when used withforce_new_deployment = true
(#25840) - resource/aws_medialive_channel: Add support for more
output
,output_groups
,audio_descriptions
andvideo_descriptions
inencoder_settings
. Add support forinput_settings
ininput_attachments
(#27823) - resource/aws_msk_cluster: Add
storage_mode
argument (#27546) - resource/aws_neptune_cluster: Add
serverless_v2_scaling_configuration
block in support of Neptune Serverless (#27763) - resource/aws_network_interface_sg_attachment: Add import support (#27785)
- resource/aws_security_group_rule: Add
security_group_rule_id
attribute (#27828) - resource/aws_spot_fleet_request: Add support for
priceCapacityOptimized
allocation_strategy
value (#27795)
BUG FIXES:
- resource/aws_appstream_stack: Fix
redirect_url
max character length (#27744) - resource/aws_dynamodb_table: Allow changing KMS keys on tables with replicas. (#23156)
- resource/aws_route53_resolver_endpoint: Fix deduplication with multiple IPs on the same subnet (#25708)
- resource/aws_sesv2_email_identity_feedback_attributes: Fix invalid resource ID in error messages when creating the resource (#27784)
BREAKING CHANGES:
- resource/aws_secretsmanager_secret_rotation: Remove unused
tags
attribute (#27656)
NOTES:
- provider: Add OpenBSD to list of OSes which the provider is built on (#27663)
FEATURES:
- New Data Source:
aws_dynamodb_table_item
(#27504) - New Data Source:
aws_route53_resolver_firewall_config
(#25496) - New Data Source:
aws_route53_resolver_firewall_domain_list
(#25509) - New Data Source:
aws_route53_resolver_firewall_rule_group
(#25511) - New Data Source:
aws_route53_resolver_firewall_rule_group_association
(#25512) - New Data Source:
aws_route53_resolver_firewall_rules
(#25536) - New Resource:
aws_ivs_playback_key_pair
(#27678) - New Resource:
aws_ivs_recording_configuration
(#27718) - New Resource:
aws_lightsail_lb_https_redirection_policy
(#27679) - New Resource:
aws_medialive_channel
(#26810) - New Resource:
aws_networkmanager_site_to_site_vpn_attachment
(#27387) - New Resource:
aws_redshift_endpoint_authorization
(#27654) - New Resource:
aws_redshift_partner
(#27665) - New Resource:
aws_redshiftserverless_snapshot
(#27741)
ENHANCEMENTS:
- data-source/aws_rds_engine_version: Support
default_only
,include_all
, andfilter
(#26923) - resource/aws_lightsail_instance: Add
ip_address_type
argument (#27699) - resource/aws_security_group: Do not pass
from_port
orto_port
values to the AWS API if arule
'sprotocol
value is-1
orall
(#27642) - resource/aws_wafv2_rule_group: Correct maximum nesting level for
and_statement
,not_statement
,or_statement
andrate_based_statement
(#27682)
BUG FIXES:
- resource/aws_cognito_identity_pool: Fix deletion of identity pool on tags-only update (#27669)
- resource/aws_dynamodb_table: Correctly set
stream_arn
as Computed whenstream_enabled
changes (#27664) - resource/aws_lightsail_instance_public_ports: Resource will now be removed from state properly when parent instance is removed (#27699)
- resource/aws_s3_bucket: Attributes
arn
andhosted_zone_id
were incorrectly settable but ignored (#27597) - resource/aws_security_group: Return an error if a
rule
'sprotocol
value isall
andfrom_port
orto_port
are not0
(#27642) - resource/aws_vpn_connection: Configuring exactly one of
transit_gateway_id
orvpn_gateway_id
is not required (#27693)
FEATURES:
- New Data Source:
aws_connect_instance_storage_config
(#27308) - New Resource:
aws_apprunner_vpc_ingress_connection
(#27600) - New Resource:
aws_connect_phone_number
(#26364) - New Resource:
aws_evidently_segment
(#27159) - New Resource:
aws_fsx_file_cache
(#27384) - New Resource:
aws_lightsail_disk
(#27537) - New Resource:
aws_lightsail_disk_attachment
(#27537) - New Resource:
aws_lightsail_lb_stickiness_policy
(#27514) - New Resource:
aws_sagemaker_servicecatalog_portfolio_status
(#27548) - New Resource:
aws_sesv2_email_identity_feedback_attributes
(#27433) - New Resource:
aws_ssm_default_patch_baseline
(#27610)
ENHANCEMENTS:
- data-source/aws_networkmanager_core_network_policy_document: Add plan-time validation for
core_network_configuration.edge_locations.asn
(#27305) - resource/aws_ami_copy: Add
imds_support
attribute (#27561) - resource/aws_ami_from_instance: Add
imds_support
attribute (#27561) - resource/aws_apprunner_service: Add
ingress_configuration
argument block. (#27600) - resource/aws_batch_compute_environment: Add
eks_configuration
configuration block (#27499) - resource/aws_batch_compute_environment: Allow deletion of AWS Batch compute environments in
INVALID
state (#26931) - resource/aws_budgets_budget: Add
auto_adjust_data
configuration block (#27474) - resource/aws_budgets_budget: Add
planned_limit
configuration block (#25766) - resource/aws_cognito_user_pool: Add
deletion_protection
argument (#27612) - resource/aws_cognito_user_pool_client: Add
auth_session_validity
argument (#27620) - resource/aws_lb_target_group: Add support for
target_failover
andstickiness
attributes for GENEVE protocol target groups (#27334) - resource/aws_sagemaker_domain: Add
domain_settings
,app_security_group_management
,default_user_settings.r_session_app_settings
, anddefault_user_settings.canvas_app_settings
arguments. (#27542) - resource/aws_sagemaker_user_profile: Add
user_settings.r_session_app_settings
anduser_settings.canvas_app_settings
arguments. (#27542) - resource/aws_sagemaker_workforce: Add
workforce_vpc_config
argument (#27538) - resource/aws_sfn_state_machine: Add
name_prefix
argument (#27574)
BUG FIXES:
- data-source/aws_ip_ranges: Fix regression causing filtering on
regions
andservices
to become case-sensitive (#27558) - resource/aws_batch_compute_environment: Update
compute_resources.security_group_ids
to be optional (#26172) - resource/aws_dynamodb_table: Fix bug causing spurious diffs with and preventing proper updating of
stream_enabled
andstream_view_type
(#27566) - resource/aws_instance: Use EC2 API idempotency to ensure that only a single Instance is created (#27561)
NOTES:
- resource/aws_medialive_multiplex_program: The
statemux_settings
argument has been deprecated. Use thestatmux_settings
argument instead (#27223)
FEATURES:
- New Data Source:
aws_dx_router_configuration
(#27341) - New Resource:
aws_inspector2_enabler
(#27505) - New Resource:
aws_lightsail_lb_certificate
(#27462) - New Resource:
aws_lightsail_lb_certificate_attachment
(#27462) - New Resource:
aws_route53_resolver_config
(#27487) - New Resource:
aws_sesv2_dedicated_ip_assignment
(#27361) - New Resource:
aws_sesv2_email_identity
(#27260)
ENHANCEMENTS:
- data-source/aws_acmpca_certificate_authority: Add
usage_mode
attribute (#27496) - data-source/aws_outposts_assets: Add
host_id_filter
andstatus_id_filter
arguments (#27303) - resource/aws_acmpca_certificate_authority: Add
usage_mode
argument to support short-lived certificates (#27496) - resource/aws_apprunner_vpc_connector: Add ability to update
tags
(#27345) - resource/aws_datasync_task: Add
security_descriptor_copy_flags
tooptions
configuration block (#26992) - resource/aws_ec2_capacity_reservation: Add
placement_group_arn
argument (#27458) - resource/aws_ec2_transit_gateway: Add support to modify
amazon_side_asn
argument (#27306) - resource/aws_elasticache_global_replication_group: Add
global_node_groups
andnum_node_groups
arguments (#27500) - resource/aws_elasticache_global_replication_group: Add timeouts. (#27500)
- resource/aws_evidently_project: Support configurable timeouts for create, update, and delete (#27336)
- resource/aws_flow_log: Amazon VPC Flow Logs supports Kinesis Data Firehose as destination (#27340)
- resource/aws_medialive_multiplex_program: Add ability to update
multiplex_program_settings
in place (#27223) - resource/aws_network_interface_attachment: Added import capabilities for the resource (#27364)
- resource/aws_sesv2_dedicated_ip_pool: Add
scaling_mode
attribute (#27388) - resource/aws_ssm_parameter: Support
aws:ssm:integration
as a valid value fordata_type
(#27329)
BUG FIXES:
- data-source/aws_route53_traffic_policy_document: Fixed incorrect capitalization for
GeoproximityLocations
(#27473) - resource/aws_connect_contact_flow: Change
type
to ForceNew (#27347) - resource/aws_ecs_service: Correctly handle unconfigured
task_definition
, makingEXTERNAL
deployments possible (#27390) - resource/aws_lb_target_group: Fix import issues on
aws_lb_target_group
when specifyingip_address_type
ofipv4
(#27464) - resource/aws_rds_proxy_endpoint: Respect configured provider
default_tags
value on resource Update (#27367) - resource/aws_vpc_ipam_pool_cidr: Fix crash when IPAM Pool CIDR not found (#27512)
BUG FIXES:
- data-source/aws_default_tags: Fix regression setting
tags
tonull
instead of an empty map ({}
) when nodefault_tags
are defined (#27377)
FEATURES:
- New Data Source:
aws_elasticache_subnet_group
(#27233) - New Data Source:
aws_sesv2_dedicated_ip_pool
(#27278) - New Resource:
aws_lightsail_certificate
(#25283) - New Resource:
aws_lightsail_domain_entry
(#27309) - New Resource:
aws_lightsail_lb
(#27339) - New Resource:
aws_lightsail_lb_attachment
(#27339) - New Resource:
aws_sesv2_dedicated_ip_pool
(#27278)
ENHANCEMENTS:
- data-source/aws_route53_zone: Add
primary_name_server
attribute (#27293) - resource/aws_appstream_stack: Add validation for
application_settings
. (#27257) - resource/aws_lightsail_container_service: Add
private_registry_access
argument (#27236) - resource/aws_mq_broker: Add configurable timeouts (#27035)
- resource/aws_resourcegroups_group: Add
configuration
argument (#26934) - resource/aws_route53_zone: Add
primary_name_server
attribute (#27293) - resource/aws_rum_app_monitor: Add
app_monitor_id
attribute (#26994) - resource/aws_sns_platform_application: Add
apple_platform_bundle_id
andapple_platform_team_id
arguments. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#23147)
BUG FIXES:
- resource/aws_appstream_stack: Fix panic with
application_settings
. (#27257) - resource/aws_sqs_queue: Change
sqs_managed_sse_enabled
toComputed
as newly created SQS queues use SSE-SQS encryption by default. This means that Terraform will only perform drift detection of the attribute's value when present in a configuration (#26843) - resource/aws_sqs_queue: Respect configured
sqs_managed_sse_enabled
value on resource Create. In particular a configuredfalse
value is sent to the AWS API, which overrides the new service default value oftrue
(#27335)
FEATURES:
- New Data Source:
aws_rds_reserved_instance_offering
(#26025) - New Data Source:
aws_vpc_ipam_pools
(#27101) - New Resource:
aws_codepipeline_custom_action_type
(#8123) - New Resource:
aws_comprehend_document_classifier
(#26951) - New Resource:
aws_inspector2_delegated_admin_account
(#27229) - New Resource:
aws_rds_reserved_instance
(#26025) - New Resource:
aws_s3control_storage_lens_configuration
(#27097) - New Resource:
aws_sesv2_configuration_set
(#27056) - New Resource:
aws_transfer_tag
(#27131)
ENHANCEMENTS:
- data-source/aws_dx_connection: Add
vlan_id
attribute (#27148) - data-source/aws_vpc: Add
enable_network_address_usage_metrics
attribute (#27165) - resource/aws_cognito_user_pool: Add
user_attribute_update_settings
attribute (#27129) - resource/aws_default_vpc: Add
enable_network_address_usage_metrics
argument (#27165) - resource/aws_dx_connection: Add
vlan_id
attribute (#27148) - resource/aws_elasticache_global_replication_group: Add support for updating
cache_node_type
andautomatic_failover_enabled
. (#27134) - resource/aws_globalaccelerator_accelerator: Add
ip_addresses
argument in support of BYOIP addresses (#27181) - resource/aws_opsworks_custom_layer: Add
load_based_auto_scaling
argument (#10962) - resource/aws_prometheus_workspace: Add
logging_configuration
argument (#27213) - resource/aws_vpc: Add
enable_network_address_usage_metrics
argument (#27165)
BUG FIXES:
- data-source/aws_identitystore_user: Change the type of
external_ids
to a string instead of a bool. (#27184) - resource/aws_ecs_task_definition: Prevent panic when supplying a
null
value incontainer_definitions
(#27263) - resource/aws_identitystore_user: Change the type of
external_ids
to a string instead of a bool. (#27184) - resource/aws_organizations_policy_attachment: Handle missing policy when reading policy attachment (#27238)
- resource/aws_ssm_service_setting: Prevent panic during status read (#27232)
NOTES:
- data-source/aws_identitystore_user: The
filter
argument has been deprecated. Use thealternate_identifier
argument instead (#27053)
FEATURES:
- New Data Source:
aws_appconfig_configuration_profile
(#27054) - New Data Source:
aws_appconfig_configuration_profiles
(#27054) - New Data Source:
aws_appconfig_environment
(#27054) - New Data Source:
aws_appconfig_environments
(#27054) - New Data Source:
aws_vpc_ipam_pool_cidrs
(#27051) - New Resource:
aws_evidently_project
(#24263)
ENHANCEMENTS:
- data-source/aws_ami: Add
imds_support
attribute (#27084) - data-source/aws_identitystore_user: Add
alternate_identifier
argument andaddresses
,display_name
,emails
,external_ids
,locale
,name
,nickname
,phone_numbers
,preferred_language
,profile_url
,timezone
,title
anduser_type
attributes (#27053) - datasource/aws_eks_cluster: Add
service_ipv6_cidr
attribute tokubernetes_network_config
block (#26980) - resource/aws_ami: Add
imds_support
argument (#27084) - resource/aws_ami_copy: Add
imds_support
argument (#27084) - resource/aws_ami_from_instance: Add
imds_support
argument (#27084) - resource/aws_cloudwatch_event_target: Add
capacity_provider_strategy
configuration block to theecs_target
configuration block (#27068) - resource/aws_eks_addon: Add
PRESERVE
option toresolve_conflicts
argument. (#27038) - resource/aws_eks_cluster: Add
service_ipv6_cidr
attribute tokubernetes_network_config
block (#26980) - resource/aws_mwaa_environment: Add custom timeouts (#27031)
- resource/aws_networkfirewall_firewall_policy: Add
firewall_policy.stateful_rule_group_reference.override
argument (#25135) - resource/aws_wafv2_rule_group: Add
headers
attribute to thefield_to_match
block (#26506) - resource/aws_wafv2_rule_group: Add rate_based_statement (#27113)
- resource/aws_wafv2_rule_group: Add support for
regex_match_statement
(#22452) - resource/aws_wafv2_web_acl: Add
headers
attribute to thefield_to_match
block (#26506) - resource/aws_wafv2_web_acl: Add support for
regex_match_statement
(#22452)
BUG FIXES:
- data-source/aws_iam_policy_document: Better handling when invalid JSON passed to
override_policy_documents
(#27055) - data-source/aws_ses_active_receipt_rule_set: Prevent crash when no receipt rule set is active (#27073)
- resource/aws_keyspaces_table: Change
schema_definition.clustering_key
andschema_definition.partition_key
to lists in order to respect configured orderings (#26812) - resource/aws_rolesanywhere_profile: Correctly handle updates to
enabled
andsession_policy
(#26858) - resource/aws_rolesanywhere_trust_anchor: Correctly handle updates to
enabled
(#26858)
FEATURES:
- New Data Source:
aws_kms_custom_key_store
(#24787) - New Resource:
aws_identitystore_group
(#26674) - New Resource:
aws_identitystore_group_membership
(#26944) - New Resource:
aws_identitystore_user
(#26948) - New Resource:
aws_inspector2_organization_configuration
(#27000) - New Resource:
aws_kms_custom_key_store
(#26997)
ENHANCEMENTS:
- resource/aws_acm_certificate: Add
early_renewal_duration
,pending_renewal
,renewal_eligibility
,renewal_summary
andtype
attributes (#26784) - resource/aws_appautoscaling_policy: Add
alarm_arns
attribute (#27011) - resource/aws_dms_endpoint: Add
s3_settings.use_task_start_time_for_full_load_timestamp
argument (#27004) - resource/aws_ec2_traffic_mirror_target: Add
gateway_load_balancer_endpoint_id
argument (#26767) - resource/aws_kms_key: Add
custom_key_store_id
attribute (#24787)
BUG FIXES:
- resource/aws_rds_cluster: Support
upgrade
as a valid value inenabled_cloudwatch_logs_exports
(#26792) - resource/aws_ssm_parameter: Allow parameter overwrite on create (#26785)
ENHANCEMENTS:
- resource/aws_eks_cluster: Add
outpost_config
argument to support EKS local clusers on Outposts (#26866)
BUG FIXES:
- resource/aws_ec2_managed_prefix_list: MaxEntries and Entry(s) can now be changed in the same apply (#26845)
FEATURES:
- New Data Source:
aws_ec2_managed_prefix_lists
(#26727) - New Resource:
aws_sqs_queue_redrive_allow_policy
(#26733) - New Resource:
aws_sqs_queue_redrive_policy
(#26733)
ENHANCEMENTS:
- data-source/aws_lambda_function: Add
qualified_invoke_arn
attribute (#26439) - resource/aws_db_instance: Add
custom_iam_instance_profile
attribute (#26765) - resource/aws_lambda_function: Add
qualified_invoke_arn
attribute (#26439)
BUG FIXES:
- resource/aws_autoscaling_attachment: Retry errors like
ValidationError: Trying to update too many Load Balancers/Target Groups at once. The limit is 10
when creating or deleting resource (#26654) - resource/aws_dynamodb_table: No longer returns error for an ARCHIVED table (#26744)
- resource/aws_instance: Prevents errors in ISO regions when not using DisableApiStop attribute (#26745)
- resource/aws_replication_subnet_group: Add retry to create step, resolving
AccessDeniedFault
error (#26768)
FEATURES:
- New Resource:
aws_medialive_multiplex
(#26608) - New Resource:
aws_medialive_multiplex_program
(#26694) - New Resource:
aws_redshiftserverless_usage_limit
(#26636) - New Resource:
aws_ssoadmin_customer_managed_policy_attachment
(#25915)
ENHANCEMENTS:
- data-source/aws_rds_cluster: Add
network_type
attribute (#26489) - resource/aws_eks_addon: Support configurable timeouts for addon create, update, and delete (#26629)
- resource/aws_rds_cluster: Add
network_type
argument (#26489) - resource/aws_rds_cluster_instance: Add
network_type
attribute (#26489) - resource/aws_s3_bucket_object_lock_configuration: Update
rule
argument to be Optional (#26520) - resource/aws_vpn_connection: Add
tunnel1_log_options
andtunnel2_log_options
arguments (#26637)
BUG FIXES:
- data-source/aws_ec2_managed_prefix_list: Fixes bug where an error is returned for regions with more than 100 managed prefix lists (#26683)
- data-source/aws_iam_policy_document: Correctly handle unquoted Boolean values in
Condition
(#26657) - data-source/aws_iam_policy_document: Prevent crash when
source_policy_documents
contains empty or invalid JSON documents (#26640) - resource/aws_eip: Defaults to default regional
domain
whenvpc
not set (#26716) - resource/aws_instance: No longer fails when setting
metadata_options.instance_metadata_tags
(#26631) - resource/aws_lambda_function: Update the environment variables if the
kms_key_arn
has changed (#26696) - resource/aws_opsworks_stack: Defaults to default VPC when not supplied (#26711)
- resource/aws_security_group: Defaults to default VPC when not supplied (#26697)
NOTES:
- resource/aws_db_instance: With AWS's retirement of EC2-Classic no new RDS DB Instances can be created referencing RDS DB Security Groups (#26525)
- resource/aws_db_security_group: With AWS's retirement of EC2-Classic no new RDS DB Security Groups can be created (#26525)
- resource/aws_default_vpc: With AWS's retirement of EC2-Classic the
enable_classiclink
andenable_classiclink_dns_support
attributes have been deprecated and will be removed in a future version (#26525) - resource/aws_eip: With AWS's retirement of EC2-Classic no new non-VPC EC2 EIPs can be created (#26525)
- resource/aws_elasticache_cluster: With AWS's retirement of EC2-Classic no new ElastiCache Clusters can be created referencing ElastiCache Security Groups (#26525)
- resource/aws_elasticache_security_group: With AWS's retirement of EC2-Classic no new ElastiCache Security Groups can be created (#26525)
- resource/aws_instance: With the retirement of EC2-Classic,
aws_instance
has been updated to remove support for EC2-Classic (#26532) - resource/aws_launch_configuration: With AWS's retirement of EC2-Classic no new Auto Scaling Launch Configurations can be created referencing ClassicLink (#26525)
- resource/aws_opsworks_stack: With AWS's retirement of EC2-Classic no new OpsWorks Stacks can be created without referencing a VPC (#26525)
- resource/aws_redshift_cluster: With AWS's retirement of EC2-Classic no new Redshift Clusters can be created referencing Redshift Security Groups (#26525)
- resource/aws_redshift_security_group: With AWS's retirement of EC2-Classic no new Redshift Security Groups can be created (#26525)
- resource/aws_security_group: With AWS's retirement of EC2-Classic no new Security Groups can be created without referencing a VPC (#26525)
- resource/aws_vpc: With AWS's retirement of EC2-Classic no new VPCs can be created with ClassicLink enabled (#26525)
- resource/aws_vpc_peering_connection: With AWS's retirement of EC2-Classic no new VPC Peering Connections can be created with ClassicLink options enabled (#26525)
- resource/aws_vpc_peering_connection_accepter: With AWS's retirement of EC2-Classic no VPC Peering Connections can be accepted with ClassicLink options enabled (#26525)
- resource/aws_vpc_peering_connection_options: With AWS's retirement of EC2-Classic no new VPC Peering Connection Options can be created with ClassicLink options enabled (#26525)
FEATURES:
- New Data Source:
aws_location_tracker_associations
(#26472) - New Resource:
aws_cloudfront_origin_access_control
(#26508) - New Resource:
aws_medialive_input
(#26550) - New Resource:
aws_medialive_input_security_group
(#26550) - New Resource:
aws_redshiftserverless_endpoint_access
(#26555)
ENHANCEMENTS:
- data-source/aws_cloudtrail_service_account: Add service account ID for
me-central-1
AWS Region (#26572) - data-source/aws_eks_node_group: Add
capacity_type
attribute (#26521) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
me-central-1
AWS Region (#26572) - data-source/aws_instance: Add
host_resource_group_arn
attribute (#26532) - data-source/aws_lambda_function: Return most recent published version when
qualifier
is not set (#11195) - data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for
me-central-1
AWS Region (#26572) - data-source/aws_s3_bucket: Add hosted zone ID for
me-central-1
AWS Region (#26572) - provider: Support
me-central-1
as a valid AWS Region (#26590) - provider: Add
source_identity
argument toassume_role
block (#25368) - resource/aws_cloudfront_distribution: Add
origin_access_control_id
to theorigin
configuration block (#26510) - resource/aws_dms_endpoint: Add
redis_settings
configuration block (#26411) - resource/aws_ec2_fleet: Add
target_capacity_unit_type
attribute to thetarget_capacity_specification
configuration block (#26493) - resource/aws_instance: Add
host_resource_group_arn
attribute; improve compatibility with launching instances in a host resource group using an AMI registered with License Manager. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing. (#26532) - resource/aws_lambda_event_source_mapping: Add
amazon_managed_kafka_event_source_config
andself_managed_kafka_event_source_config
configuration blocks (#26560) - resource/aws_lambda_function: Add validation for
function_name
attribute (#25259) - resource/aws_opensearch_domain: Add support for enabling fine-grained access control on existing domains with
advanced_security_options
anonymous_auth_enabled
(#26503) - resource/aws_redshiftserverless_endpoint_workgroup: Add
endpoint
attribute (#26555) - resource/aws_spot_fleet_request: Add
target_capacity_unit_type
argument (#26493) - resource/aws_wafv2_rule_group: Add
cookies
attribute to thefield_to_match
block (#25845) - resource/aws_wafv2_rule_group: Add
json_body
attribute to thefield_to_match
block (#24772) - resource/aws_wafv2_web_acl: Add
cookies
attribute to thefield_to_match
block (#25845) - resource/aws_wafv2_web_acl: Add
json_body
attribute to thefield_to_match
block (#24772)
BUG FIXES:
- provider: No longer silently ignores
assume_role
block whenrole_arn
has unknown value. (#26590) - resource/aws_security_group: Fix complex dependency violations such as using a security group with an EMR cluster (#26553)
NOTES:
- resource/aws_db_instance: With the retirement of EC2-Classic the
security_group_names
attribute has been deprecated and will be removed in a future version (#26427) - resource/aws_db_security_group: With the retirement of EC2-Classic the
aws_db_security_group
resource has been deprecated and will be removed in a future version (#26427) - resource/aws_elasticache_cluster: With the retirement of EC2-Classic the
security_group_names
attribute has been deprecated and will be removed in a future version (#26427) - resource/aws_elasticache_security_group: With the retirement of EC2-Classic the
aws_elasticache_security_group
resource has been deprecated and will be removed in a future version (#26427) - resource/aws_launch_configuration: With the retirement of EC2-Classic the
vpc_classic_link_id
andvpc_classic_link_security_groups
attributes have been deprecated and will be removed in a future version (#26427) - resource/aws_redshift_cluster: With the retirement of EC2-Classic the
cluster_security_groups
attribute has been deprecated and will be removed in a future version (#26427) - resource/aws_redshift_security_group: With the retirement of EC2-Classic the
aws_redshift_security_group
resource has been deprecated and will be removed in a future version (#26427) - resource/aws_vpc: With the retirement of EC2-Classic the
enable_classiclink
andenable_classiclink_dns_support
attributes have been deprecated and will be removed in a future version (#26427) - resource/aws_vpc_peering_connection: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been deprecated and will be removed in a future version (#26427) - resource/aws_vpc_peering_connection_accepter: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been deprecated and will be removed in a future version (#26427) - resource/aws_vpc_peering_connection_options: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been deprecated and will be removed in a future version (#26427)
FEATURES:
- New Data Source:
aws_ec2_network_insights_analysis
(#23532) - New Data Source:
aws_ec2_network_insights_path
(#23532) - New Data Source:
aws_ec2_transit_gateway_attachment
(#26264) - New Data Source:
aws_location_tracker_association
(#26404) - New Resource:
aws_ec2_network_insights_analysis
(#23532) - New Resource:
aws_ec2_transit_gateway_policy_table
(#26264) - New Resource:
aws_ec2_transit_gateway_policy_table_association
(#26264) - New Resource:
aws_grafana_workspace_api_key
(#25286) - New Resource:
aws_networkmanager_transit_gateway_peering
(#26264) - New Resource:
aws_networkmanager_transit_gateway_route_table_attachment
(#26264) - New Resource:
aws_redshiftserverless_workgroup
(#26467)
ENHANCEMENTS:
- data-source/aws_db_instance: Add
network_type
attribute (#26185) - data-source/aws_db_subnet_group: Add
supported_network_types
attribute (#26185) - data-source/aws_rds_orderable_db_instance: Add
supported_network_types
attribute (#26185) - resource/aws_db_instance: Add
network_type
argument (#26185) - resource/aws_db_subnet_group: Add
supported_network_types
argument (#26185) - resource/aws_glue_job: Add support for
3.9
as validpython_version
value (#26407) - resource/aws_kendra_index: The
document_metadata_configuration_updates
argument can now be updated. Refer to the documentation for more details. (#20294)
BUG FIXES:
- resource/aws_appstream_fleet: Fix crash when providing empty
domain_join_info
(e.g.,directory_name = ""
) (#26454) - resource/aws_eip: Include any provider-level configured
default_tags
on resource Create (#26308) - resource/aws_kinesis_firehose_delivery_stream: Updating
tags
no longer causes an unnecessary update (#26451) - resource/aws_organizations_policy: Prevent
InvalidParameter
errors by handlingcontent
as generic JSON, not an IAM policy (#26279)
FEATURES:
- New Resource:
aws_msk_serverless_cluster
(#25684) - New Resource:
aws_networkmanager_attachment_accepter
(#26227) - New Resource:
aws_networkmanager_vpc_attachment
(#26227)
ENHANCEMENTS:
- data-source/aws_networkfirewall_firewall: Add
capacity_usage_summary
,configuration_sync_state_summary
, andstatus
attributes to thefirewall_status
block (#26284) - resource/aws_acm_certificate: Add
not_after
argument (#26281) - resource/aws_acm_certificate: Add
not_before
argument (#26281) - resource/aws_chime_voice_connector_logging: Add
enable_media_metric_logs
argument (#26283) - resource/aws_cloudfront_distribution: Support
http3
andhttp2and3
as valid values for thehttp_version
argument (#26313) - resource/aws_inspector_assessment_template: Add
event_subscription
configuration block (#26334) - resource/aws_lb_target_group: Add
ip_address_type
argument (#26320) - resource/aws_opsworks_stack: Add plan-time validation for
custom_cookbooks_source.type
(#26278)
BUG FIXES:
- resource/aws_appflow_flow: Correctly specify
trigger_config.trigger_properties.scheduled.schedule_start_time
during create and update (#26289) - resource/aws_db_instance: Prevent
InvalidParameterCombination: No modifications were requested
errors when onlydelete_automated_backups
,final_snapshot_identifier
and/orskip_final_snapshot
change (#26286) - resource/aws_opsworks_custom_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_ecs_cluster_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_ganglia_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_haproxy_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_java_app_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_memcached_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_mysql_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_nodejs_app_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_php_app_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_rails_app_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_stack: Correctly apply
tags
during create ifregion
is not equal to the configured AWS Region (#26278) - resource/aws_opsworks_static_web_layer: Correctly apply
tags
during create if the stack'sregion
is not equal to the configured AWS Region (#26278)
FEATURES:
- New Data Source:
aws_fsx_openzfs_snapshot
(#26184) - New Data Source:
aws_networkfirewall_firewall
(#25495) - New Data Source:
aws_prometheus_workspace
(#26120) - New Resource:
aws_comprehend_entity_recognizer
(#26244) - New Resource:
aws_connect_instance_storage_config
(#26152) - New Resource:
aws_directory_service_radius_settings
(#14045) - New Resource:
aws_directory_service_region
(#25755) - New Resource:
aws_dynamodb_table_replica
(#26250) - New Resource:
aws_location_tracker_association
(#26061)
ENHANCEMENTS:
- data-source/aws_directory_service_directory: Add
radius_settings
attribute (#14045) - data-source/aws_directory_service_directory: Set
dns_ip_addresses
to the owner directory's DNS IP addresses for SharedMicrosoftAD directories (#20819) - data-source/aws_elasticsearch_domain: Add
throughput
attribute to theebs_options
configuration block (#26045) - data-source/aws_opensearch_domain: Add
throughput
attribute to theebs_options
configuration block (#26045) - resource/aws_autoscaling_group: Better error handling when attempting to create Auto Scaling groups with incompatible options (#25987)
- resource/aws_backup_vault: Add
force_destroy
argument (#26199) - resource/aws_directory_service_directory: Add
desired_number_of_domain_controllers
argument (#25755) - resource/aws_directory_service_directory: Add configurable timeouts for Create, Update and Delete (#25755)
- resource/aws_directory_service_shared_directory: Add configurable timeouts for Delete (#25755)
- resource/aws_directory_service_shared_directory_accepter: Add configurable timeouts for Create and Delete (#25755)
- resource/aws_elasticsearch_domain: Add
throughput
attribute to theebs_options
configuration block (#26045) - resource/aws_glue_job: Add
execution_class
argument (#26188) - resource/aws_macie2_classification_job: Add
bucket_criteria
attribute to thes3_job_definition
configuration block (#19837) - resource/aws_opensearch_domain: Add
throughput
attribute to theebs_options
configuration block (#26045)
BUG FIXES:
- resource/aws_appflow_flow: Fix
trigger_properties.scheduled
being set during resource read (#26240) - resource/aws_db_instance: Add retries (for handling IAM eventual consistency) when creating database replicas that use enhanced monitoring (#20926)
- resource/aws_db_instance: Apply
monitoring_interval
andmonitoring_role_arn
when creating viarestore_to_point_in_time
(#20926) - resource/aws_dynamodb_table: Fix
replica.*.propagate_tags
not propagating tags to newly added replicas (#26257) - resource/aws_emr_instance_group: Handle deleted instance groups during resource read (#26154)
- resource/aws_emr_instance_group: Mark
instance_count
as Computed to prevent diff when autoscaling is active (#26154) - resource/aws_lb_listener: Fix
ValidationError
when tags are added oncreate
(#26194) - resource/aws_lb_target_group: Fix
ValidationError
when tags are added oncreate
(#26194) - resource/aws_macie2_classification_job: Fix incorrect plan diff for
TagScopeTerm()
when updating resources (#19837) - resource/aws_security_group_rule: Disallow empty strings in
prefix_list_ids
(#26220)
FEATURES:
- New Data Source:
aws_waf_subscribed_rule_group
(#10563) - New Data Source:
aws_wafregional_subscribed_rule_group
(#10563) - New Resource:
aws_kendra_data_source
(#25686) - New Resource:
aws_macie2_classification_export_configuration
(#19856) - New Resource:
aws_transcribe_language_model
(#25698)
ENHANCEMENTS:
- data-source/aws_alb: Allow customizable read timeout (#26121)
- data-source/aws_ami: Allow customizable read timeout (#26121)
- data-source/aws_ami_ids: Allow customizable read timeout (#26121)
- data-source/aws_availability_zone: Allow customizable read timeout (#26121)
- data-source/aws_availability_zones: Allow customizable read timeout (#26121)
- data-source/aws_customer_gateway: Allow customizable read timeout (#26121)
- data-source/aws_dx_location: Add
available_macsec_port_speeds
attribute (#26110) - data-source/aws_ebs_default_kms_key: Allow customizable read timeout (#26121)
- data-source/aws_ebs_encryption_by_default: Allow customizable read timeout (#26121)
- data-source/aws_ebs_snapshot: Allow customizable read timeout (#26121)
- data-source/aws_ebs_snapshot_ids: Allow customizable read timeout (#26121)
- data-source/aws_ebs_volume: Allow customizable read timeout (#26121)
- data-source/aws_ebs_volumes: Allow customizable read timeout (#26121)
- data-source/aws_ec2_client_vpn_endpoint: Allow customizable read timeout (#26121)
- data-source/aws_ec2_coip_pool: Allow customizable read timeout (#26121)
- data-source/aws_ec2_coip_pools: Allow customizable read timeout (#26121)
- data-source/aws_ec2_host: Allow customizable read timeout (#26121)
- data-source/aws_ec2_instance_type: Allow customizable read timeout (#26121)
- data-source/aws_ec2_instance_type_offering: Allow customizable read timeout (#26121)
- data-source/aws_ec2_instance_type_offerings: Allow customizable read timeout (#26121)
- data-source/aws_ec2_instance_types: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_route_table: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_route_tables: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_virtual_interface: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_virtual_interface_group: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateway_virtual_interface_groups: Allow customizable read timeout (#26121)
- data-source/aws_ec2_local_gateways: Allow customizable read timeout (#26121)
- data-source/aws_ec2_managed_prefix_list: Allow customizable read timeout (#26121)
- data-source/aws_ec2_serial_console_access: Allow customizable read timeout (#26121)
- data-source/aws_ec2_spot_price: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_connect: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_connect_peer: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_dx_gateway_attachment: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_multicast_domain: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_peering_attachment: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_route_table: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_route_tables: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_vpc_attachment: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_vpc_attachments: Allow customizable read timeout (#26121)
- data-source/aws_ec2_transit_gateway_vpn_attachment: Allow customizable read timeout (#26121)
- data-source/aws_eip: Allow customizable read timeout (#26121)
- data-source/aws_eips: Allow customizable read timeout (#26121)
- data-source/aws_instance: Allow customizable read timeout (#26121)
- data-source/aws_instances: Allow customizable read timeout (#26121)
- data-source/aws_internet_gateway: Allow customizable read timeout (#26121)
- data-source/aws_key_pair: Allow customizable read timeout (#26121)
- data-source/aws_launch_template: Allow customizable read timeout (#26121)
- data-source/aws_lb: Add
preserve_host_header
attribute (#26056) - data-source/aws_lb: Allow customizable read timeout (#26121)
- data-source/aws_lb_listener: Allow customizable read timeout (#26121)
- data-source/aws_lb_target_group: Allow customizable read timeout (#26121)
- data-source/aws_nat_gateway: Allow customizable read timeout (#26121)
- data-source/aws_nat_gateways: Allow customizable read timeout (#26121)
- data-source/aws_network_acls: Allow customizable read timeout (#26121)
- data-source/aws_network_interface: Allow customizable read timeout (#26121)
- data-source/aws_network_interfaces: Allow customizable read timeout (#26121)
- data-source/aws_prefix_list: Allow customizable read timeout (#26121)
- data-source/aws_route: Allow customizable read timeout (#26121)
- data-source/aws_route_table: Allow customizable read timeout (#26121)
- data-source/aws_route_tables: Allow customizable read timeout (#26121)
- data-source/aws_security_group: Allow customizable read timeout (#26121)
- data-source/aws_security_groups: Allow customizable read timeout (#26121)
- data-source/aws_subnet: Allow customizable read timeout (#26121)
- data-source/aws_subnet_ids: Allow customizable read timeout (#26121)
- data-source/aws_subnets: Allow customizable read timeout (#26121)
- data-source/aws_vpc: Allow customizable read timeout (#26121)
- data-source/aws_vpc_dhcp_options: Allow customizable read timeout (#26121)
- data-source/aws_vpc_endpoint: Allow customizable read timeout (#26121)
- data-source/aws_vpc_endpoint_service: Allow customizable read timeout (#26121)
- data-source/aws_vpc_ipam_pool: Allow customizable read timeout (#26121)
- data-source/aws_vpc_ipam_preview_next_cidr: Allow customizable read timeout (#26121)
- data-source/aws_vpc_peering_connection: Allow customizable read timeout (#26121)
- data-source/aws_vpc_peering_connections: Allow customizable read timeout (#26121)
- data-source/aws_vpcs: Allow customizable read timeout (#26121)
- data-source/aws_vpn_gateway: Allow customizable read timeout (#26121)
- resource/aws_ecrpublic_repository: Add
tags
argument andtags_all
attribute to support resource tagging (#26057) - resource/aws_fsx_openzfs_file_system: Add
root_volume_configuration.record_size_kib
argument (#26049) - resource/aws_fsx_openzfs_volume: Add
record_size_kib
argument (#26049) - resource/aws_globalaccelerator_accelerator: Support
DUAL_STACK
value forip_address_type
(#26055) - resource/aws_iam_role_policy: Add plan time validation to
role
argument (#26082) - resource/aws_internet_gateway: Allow customizable timeouts (#26121)
- resource/aws_internet_gateway_attachment: Allow customizable timeouts (#26121)
- resource/aws_lb: Add
preserve_host_header
argument (#26056) - resource/aws_s3_bucket: Allow customizable timeouts (#26121)
BUG FIXES:
- resource/aws_api_gateway_rest_api: Add
put_rest_api_mode
argument to address race conditions when importing OpenAPI Specifications (#26051) - resource/aws_appstream_fleet: Fix IAM
InvalidRoleException
error on creation (#26060)
FEATURES:
ENHANCEMENTS:
- data-source/aws_ecs_service: Add
tags
attribute (#25961) - resource/aws_datasync_task: Add
includes
argument (#25929) - resource/aws_guardduty_detector: Add
malware_protection
attribute to thedatasources
configuration block (#25994) - resource/aws_guardduty_organization_configuration: Add
malware_protection
attribute to thedatasources
configuration block (#25992) - resource/aws_security_group: Additional plan-time validation for
name
andname_prefix
(#15011) - resource/aws_security_group_rule: Add configurable Create timeout (#24340)
- resource/aws_ses_configuration_set: Add
tracking_options.0.custom_redirect_domain
argument (NOTE: This enhancement is provided as best effort due to testing limitations, i.e., the requirement of a verified domain) (#26032)
BUG FIXES:
- data-source/aws_networkmanager_core_network_policy_document: Fix bug where bool values for
attachment-policy.action.require-acceptance
can only betrue
or omitted (#26010) - resource/aws_appmesh_gateway_route: Fix crash when only one of hostname rewrite or path rewrite is configured (#26012)
- resource/aws_ce_anomaly_subscription:Fix crash upon adding or removing monitor ARNs to
monitor_arn_list
. (#25941) - resource/aws_cognito_identity_pool_provider_principal_tag: Fix read operation when using an OIDC provider (#25964)
- resource/aws_route53_record: Don't ignore
dualstack
prefix in Route 53 Record alias names (#10672) - resource/aws_s3_bucket: Prevents unexpected import of existing bucket in
us-east-1
. (#26011) - resource/aws_s3_bucket: Refactored
object_lock_enabled
parameter's default assignment behavior to protect partitions without Object Lock available. (#25098)
FEATURES:
- New Data Source:
aws_connect_user_hierarchy_group
(#24777) - New Data Source:
aws_location_geofence_collection
(#25844) - New Data Source:
aws_networkfirewall_firewall_policy
(#24748) - New Data Source:
aws_s3_account_public_access_block
(#25781) - New Resource:
aws_connect_user
(#24832) - New Resource:
aws_connect_vocabulary
(#24849) - New Resource:
aws_location_geofence_collection
(#25762) - New Resource:
aws_redshiftserverless_namespace
(#25889) - New Resource:
aws_rolesanywhere_profile
(#25850) - New Resource:
aws_rolesanywhere_trust_anchor
(#25779) - New Resource:
aws_transcribe_vocabulary
(#25863) - New Resource:
aws_transcribe_vocabulary_filter
(#25918)
ENHANCEMENTS:
- data-source/aws_imagebuilder_container_recipe: Add
throughput
attribute to theblock_device_mapping
configuration block (#25790) - data-source/aws_imagebuilder_image_recipe: Add
throughput
attribute to theblock_device_mapping
configuration block (#25790) - data/aws_outposts_asset: Add
rack_elevation
attribute (#25822) - resource/aws_appmesh_gateway_route: Add
http2_route.action.rewrite
,http2_route.match.hostname
,http_route.action.rewrite
andhttp_route.match.hostname
arguments (#25819) - resource/aws_ce_cost_category: Add
tags
argument andtags_all
attribute to support resource tagging (#25432) - resource/aws_db_instance_automated_backups_replication: Add support for custom timeouts (create and delete) (#25796)
- resource/aws_dynamodb_table: Add
replica.*.propagate_tags
argument to allow propagating tags to replicas (#25866) - resource/aws_flow_log: Add
transit_gateway_id
andtransit_gateway_attachment_id
arguments (#25913) - resource/aws_fsx_openzfs_file_system: Allow in-place update of
storage_capacity
,throughput_capacity
, anddisk_iops_configuration
. (#25841) - resource/aws_guardduty_organization_configuration: Add
kubernetes
attribute to thedatasources
configuration block (#25131) - resource/aws_imagebuilder_container_recipe: Add
throughput
argument to theblock_device_mapping
configuration block (#25790) - resource/aws_imagebuilder_image_recipe: Add
throughput
argument to theblock_device_mapping
configuration block (#25790) - resource/aws_rds_cluster_instance: Allow
performance_insights_retention_period
values that are multiples of31
(#25729)
BUG FIXES:
- data-source/aws_networkmanager_core_network_policy_document: Fix bug where bool values in
segments
blocks weren't being included in json payloads (#25789) - resource/aws_connect_hours_of_operation: Fix tags not being updated (#24864)
- resource/aws_connect_queue: Fix tags not being updated (#24864)
- resource/aws_connect_quick_connect: Fix tags not being updated (#24864)
- resource/aws_connect_routing_profile: Fix tags not being updated (#24864)
- resource/aws_connect_security_profile: Fix tags not being updated (#24864)
- resource/aws_connect_user_hierarchy_group: Fix tags not being updated (#24864)
- resource/aws_iam_role: Fix diffs in
assume_role_policy
when there are no semantic changes (#23060) - resource/aws_iam_role: Fix problem with exclusive management of inline and managed policies when empty (i.e., remove out-of-band policies) (#23060)
- resource/aws_rds_cluster: Prevent failure of AWS RDS Cluster creation when it is in
rebooting
state. (#25718) - resource/aws_route_table: Retry resource Create for EC2 eventual consistency (#25793)
- resource/aws_storagegateway_gateway: Only manage
average_download_rate_limit_in_bits_per_sec
andaverage_upload_rate_limit_in_bits_per_sec
when gateway type supports rate limits (#25922)
FEATURES:
- New Data Source:
aws_location_route_calculator
(#25689) - New Data Source:
aws_location_tracker
(#25639) - New Data Source:
aws_secretsmanager_random_password
(#25704) - New Resource:
aws_directory_service_shared_directory
(#24766) - New Resource:
aws_directory_service_shared_directory_accepter
(#24766) - New Resource:
aws_lightsail_database
(#18663) - New Resource:
aws_location_route_calculator
(#25656) - New Resource:
aws_transcribe_medical_vocabulary
(#25723)
ENHANCEMENTS:
- data-source/aws_imagebuilder_distribution_configuration: Add
fast_launch_configuration
attribute to thedistribution
configuration block (#25671) - resource/aws_acmpca_certificate_authority: Add
revocation_configuration.ocsp_configuration
argument (#25720) - resource/aws_apprunner_service: Add
observability_configuration
argument configuration block (#25697) - resource/aws_autoscaling_group: Add
default_instance_warmup
attribute (#25722) - resource/aws_config_remediation_configuration: Add
parameter.*.static_values
attribute for a list of values (#25738) - resource/aws_dynamodb_table: Add
replica.*.point_in_time_recovery
argument (#25659) - resource/aws_ecr_repository: Add
force_delete
parameter. (#9913) - resource/aws_ecs_service: Add configurable timeouts for Create and Delete. (#25641)
- resource/aws_emr_cluster: Add
core_instance_group.ebs_config.throughput
andmaster_instance_group.ebs_config.throughput
arguments (#25668) - resource/aws_emr_cluster: Add
gp3
EBS volume support (#25668) - resource/aws_emr_cluster: Add
sc1
EBS volume support (#25255) - resource/aws_gamelift_game_session_queue: Add
notification_target
argument (#25544) - resource/aws_imagebuilder_distribution_configuration: Add
fast_launch_configuration
argument to thedistribution
configuration block (#25671) - resource/aws_placement_group: Add
spread_level
argument (#25615) - resource/aws_sagemaker_notebook_instance: Add
accelerator_types
argument (#10210) - resource/aws_sagemaker_project: Increase SageMaker Project create and delete timeout to 15 minutes (#25638)
- resource/aws_ssm_parameter: Add
insecure_value
argument to enable dynamic use of SSM parameter values (#25721) - resource/aws_vpc_ipam_pool_cidr: Better error reporting (#25287)
BUG FIXES:
- provider: Ensure that the configured
assume_role_with_web_identity
value is used (#25681) - resource/aws_acmpca_certificate_authority: Fix crash when
revocation_configuration
block is empty (#25695) - resource/aws_cognito_risk_configuration: Increase maximum allowed length of
account_takeover_risk_configuration.notify_configuration.block_email.html_body
,account_takeover_risk_configuration.notify_configuration.block_email.text_body
,account_takeover_risk_configuration.notify_configuration.mfa_email.html_body
,account_takeover_risk_configuration.notify_configuration.mfa_email.text_body
,account_takeover_risk_configuration.notify_configuration.no_action_email.html_body
andaccount_takeover_risk_configuration.notify_configuration.no_action_email.text_body
arguments from2000
to20000
(#25645) - resource/aws_dynamodb_table: Prevent
restore_source_name
from forcing replacement when removed to enable restoring from a PITR backup (#25659) - resource/aws_dynamodb_table: Respect custom timeouts including when working with replicas (#25659)
- resource/aws_ec2_transit_gateway: Fix MaxItems and subnet size validation in
transit_gateway_cidr_blocks
(#25673) - resource/aws_ecs_service: Fix "unexpected new value" errors on creation. (#25641)
- resource/aws_ecs_service: Fix error where tags are sometimes not retrieved. (#25641)
- resource/aws_emr_managed_scaling_policy: Support
maximum_ondemand_capacity_units
value of0
(#17134)
FEATURES:
- New Data Source:
aws_kendra_experience
(#25601) - New Data Source:
aws_kendra_query_suggestions_block_list
(#25592) - New Data Source:
aws_kendra_thesaurus
(#25555) - New Data Source:
aws_service_discovery_http_namespace
(#25162) - New Data Source:
aws_service_discovery_service
(#25162) - New Resource:
aws_accessanalyzer_archive_rule
(#25514) - New Resource:
aws_apprunner_observability_configuration
(#25591) - New Resource:
aws_lakeformation_resource_lf_tags
(#25565)
ENHANCEMENTS:
- data-source/aws_ami: Add
include_deprecated
argument (#25566) - data-source/aws_ami: Make
owners
optional (#25566) - data-source/aws_service_discovery_dns_namespace: Add
tags
attribute (#25162) - data/aws_key_pair: New attribute
public_key
populated by setting the newinclude_public_key
argument (#25371) - resource/aws_connect_instance: Configurable Create and Delete timeouts (#24861)
- resource/aws_key_pair: Added 2 new attributes -
key_type
andcreate_time
(#25371) - resource/aws_sagemaker_model: Add
repository_auth_config
arguments in support of Private Docker Registry (#25557) - resource/aws_service_discovery_http_namespace: Add
http_name
attribute (#25162) - resource/aws_wafv2_web_acl: Add
rule.action.captcha
argument (#21766)
BUG FIXES:
- resource/aws_api_gateway_model: Remove length validation from
schema
argument (#25623) - resource/aws_appstream_fleet_stack_association: Fix association not being found after creation (#25370)
- resource/aws_appstream_stack: Fix crash when setting
embed_host_domains
(#25372) - resource/aws_route53_record: Successfully allow renaming of
set_identifier
(specified with multiple routing policies) (#25620)
BUG FIXES:
FEATURES:
- New Data Source:
aws_kendra_faq
(#25523) - New Data Source:
aws_kendra_index
(#25473) - New Data Source:
aws_outposts_asset
(#25476) - New Data Source:
aws_outposts_assets
(#25476) - New Resource:
aws_applicationinsights_application
(#25195) - New Resource:
aws_ce_anomaly_monitor
(#25177) - New Resource:
aws_ce_anomaly_subscription
(#25224) - New Resource:
aws_ce_cost_allocation_tag
(#25272) - New Resource:
aws_cloudwatchrum_app_monitor
(#25180) - New Resource:
aws_cognito_risk_configuration
(#25282) - New Resource:
aws_kendra_experience
(#25315) - New Resource:
aws_kendra_faq
(#25515) - New Resource:
aws_kendra_query_suggestions_block_list
(#25198) - New Resource:
aws_kendra_thesaurus
(#25199) - New Resource:
aws_lakeformation_lf_tag
(#19523) - New Resource:
aws_location_tracker
(#25466)
ENHANCEMENTS:
- data-source/aws_instance: Add
disable_api_stop
attribute (#25185) - data-source/aws_instance: Add
private_dns_name_options
attribute (#25161) - data-source/aws_instance: Correctly set
credit_specification
for T4g instances (#25161) - data-source/aws_launch_template: Add
disable_api_stop
attribute (#25185) - data-source/aws_launch_template: Correctly set
credit_specification
for T4g instances (#25161) - data-source/aws_vpc_endpoint: Add
dns_options
andip_address_type
attributes (#25190) - data-source/aws_vpc_endpoint_service: Add
supported_ip_address_types
attribute (#25189) - resource/aws_cloudwatch_event_api_destination: Remove validation of a maximum value for the
invocation_rate_limit_per_second
argument (#25277) - resource/aws_datasync_location_efs: Add
access_point_arn
,file_system_access_role_arn
, andin_transit_encryption
arguments (#25182) - resource/aws_datasync_location_efs: Add plan time validations for
ec2_config.security_group_arns
(#25182) - resource/aws_ec2_host: Add
outpost_arn
argument (#25464) - resource/aws_instance: Add
disable_api_stop
argument (#25185) - resource/aws_instance: Add
private_dns_name_options
argument (#25161) - resource/aws_instance: Correctly handle
credit_specification
for T4g instances (#25161) - resource/aws_launch_template: Add
disable_api_stop
argument (#25185) - resource/aws_launch_template: Correctly handle
credit_specification
for T4g instances (#25161) - resource/aws_s3_bucket_metric: Add validation to ensure name is <= 64 characters. (#25260)
- resource/aws_sagemaker_endpoint_configuration: Add
serverless_config
argument (#25218) - resource/aws_sagemaker_endpoint_configuration: Make
production_variants.initial_instance_count
andproduction_variants.instance_type
arguments optional (#25218) - resource/aws_sagemaker_notebook_instance: Add
instance_metadata_service_configuration
argument (#25236) - resource/aws_sagemaker_notebook_instance: Support
notebook-al2-v2
value forplatform_identifier
(#25236) - resource/aws_synthetics_canary: Add
delete_lambda
argument (#25284) - resource/aws_vpc_endpoint: Add
dns_options
andip_address_type
arguments (#25190) - resource/aws_vpc_endpoint_service: Add
supported_ip_address_types
argument (#25189) - resource/aws_vpn_connection: Add
outside_ip_address_type
andtransport_transit_gateway_attachment_id
arguments in support of Private IP VPNs (#25529)
BUG FIXES:
- data-source/aws_ecr_repository: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- data-source/aws_elasticache_cluster: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- data-source/aws_iam_policy: Add validation to prevent setting incompatible parameters. (#25538)
- data-source/aws_iam_policy: Now loads tags. (#25538)
- data-source/aws_lb: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- data-source/aws_lb_listener: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- data-source/aws_lb_target_group: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- data-source/aws_sqs_queue: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_api_gateway_model: Suppress whitespace differences between model schemas (#25245)
- resource/aws_ce_cost_category: Allow duplicate values in
split_charge_rule.parameter.values
argument (#25488) - resource/aws_ce_cost_category: Fix error passing
split_charge_rule.parameter
to the AWS API (#25488) - resource/aws_cloudwatch_composite_alarm: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_cloudwatch_event_bus: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_cloudwatch_event_rule: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_cloudwatch_metric_alarm: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_cloudwatch_metric_stream: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_cognito_user_pool: Correctly handle missing or empty
account_recovery_setting
attribute (#25184) - resource/aws_ecr_repository: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_ecs_capacity_provider: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_ecs_cluster: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_ecs_service: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_ecs_task_definition: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_ecs_task_set: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_elasticache_cluster: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_elasticache_parameter_group: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_elasticache_replication_group: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_elasticache_subnet_group: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_elasticache_user: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_elasticache_user_group: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_iam_instance_profile: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_iam_openid_connect_provider: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_iam_policy: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_iam_role: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_iam_saml_provider: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_iam_server_certificate: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_iam_service_linked_role: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_iam_user: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_iam_virtual_mfa_device: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_keyspaces_table: Relax validation of the
schema_definition.column.type
argument to allow collection types (#25230) - resource/aws_launch_configuration: Remove default value for
associate_public_ip_address
argument and mark as Computed. This fixes a regression introduced in v4.17.0 via #17695 when no value is configured, whilst honoring any configured value (#25450) - resource/aws_lb: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_lb_listener: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_lb_listener_rule: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_lb_target_group: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_sns_topic: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
- resource/aws_sqs_queue: Prevent ISO-partition tagging precautions from eating legit errors (#25549)
FEATURES:
- New Resource:
aws_kendra_index
(#24920) - New Resource:
aws_lightsail_container_service
(#20625) - New Resource:
aws_lightsail_container_service_deployment_version
(#20625)
BUG FIXES:
- resource/aws_dynamodb_table_item: Fix to remove attribute from table item on update (#25326)
- resource/aws_ec2_managed_prefix_list_entry: Fix error when attempting to create or delete multiple list entries (#25046)
FEATURES:
ENHANCEMENTS:
- data-source/aws_cloudwatch_logs_groups: Make
log_group_name_prefix
optional (#25187) - data-source/aws_cognito_user_pool_client: Add
enable_propagate_additional_user_context_data
argument (#25181) - data-source/aws_ram_resource_share: Add
resource_share_status
argument. (#25159) - resource/aws_cognito_user_pool_client: Add
enable_propagate_additional_user_context_data
argument (#25181) - resource/aws_ebs_snapshot_copy: Add support for
timeouts
configuration block. (#20912) - resource/aws_ebs_volume: Add
final_snapshot
argument (#21916) - resource/aws_s3_bucket: Add error handling for
ErrCodeNotImplemented
andErrCodeXNotImplemented
errors when ready bucket information. (#24764) - resource/aws_vpc_ipam_pool_cidr_allocation: improve internal search mechanism (#25257)
BUG FIXES:
- resource/aws_snapshot_create_volume_permission: Error if
account_id
is the snapshot's owner (#12103) - resource/aws_ssm_parameter: Allow
Intelligent-Tiering
to upgrade toAdvanced
tier as needed. (#25174)
BUG FIXES:
- resource/aws_ram_resource_share: Fix regression in v4.17.0 where
permission_arns
would get clobbered if already set (#25158)
FEATURES:
- New Data Source:
aws_redshift_cluster_credentials
(#25092) - New Resource:
aws_acmpca_policy
(#25109) - New Resource:
aws_redshift_cluster_iam_roles
(#25096) - New Resource:
aws_redshift_hsm_configuration
(#25093) - New Resource:
aws_redshiftdata_statement
(#25104)
ENHANCEMENTS:
- resource/aws_dms_endpoint: Add
redshift_settings
configuration block (#21846) - resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the
aurora-postgresql
andmongodb
engines (#23691) - resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the
aurora
,mariadb
andmysql
engines (#24846) - resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the
redshift
engine (#25080) - resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the
sqlserver
engine (#22646) - resource/aws_guardduty_detector: Add
kubernetes
attribute to thedatasources
configuration block (#22859) - resource/aws_ram_resource_share: Add
permission_arns
argument. (#25113) - resource/aws_redshift_cluster: The
default_iam_role_arn
argument is now Computed (#25096)
BUG FIXES:
- data-source/aws_launch_configuration: Correct data type for
ebs_block_device.throughput
androot_block_device.throughput
attributes (#25097) - resource/aws_db_instance_role_association: Extend timeout to 10 minutes (#25145)
- resource/aws_ebs_volume: Fix to preserve
iops
when changing EBS volume type (io1
,io2
,gp3
) (#23280) - resource/aws_launch_configuration: Honor associate_public_ip_address = false (#17695)
- resource/aws_rds_cluster_role_association: Extend timeout to 10 minutes (#25145)
- resource/aws_servicecatalog_provisioned_product: Correctly handle resources in a
TAINTED
state (#25130)
FEATURES:
- New Data Source:
aws_location_place_index
(#24980) - New Data Source:
aws_redshift_subnet_group
(#25053) - New Resource:
aws_efs_replication_configuration
(#22844) - New Resource:
aws_location_place_index
(#24821) - New Resource:
aws_redshift_authentication_profile
(#24907) - New Resource:
aws_redshift_endpoint_access
(#25073) - New Resource:
aws_redshift_hsm_client_certificate
(#24906) - New Resource:
aws_redshift_usage_limit
(#24916)
ENHANCEMENTS:
- data-source/aws_ami: Add
tpm_support
attribute (#25045) - data-source/aws_redshift_cluster: Add
aqua_configuration_status
attribute. (#24856) - data-source/aws_redshift_cluster: Add
arn
,cluster_nodes
,cluster_nodes
,maintenance_track_name
,manual_snapshot_retention_period
,log_destination_type
, andlog_exports
attributes. (#24982) - data-source/aws_cloudfront_response_headers_policy: Add
server_timing_headers_config
attribute (#24913) - resource/aws_ami: Add
tpm_support
argument (#25045) - resource/aws_ami_copy: Add
tpm_support
argument (#25045) - resource/aws_ami_from_instance: Add
tpm_support
argument (#25045) - resource/aws_autoscaling_group: Add
context
argument (#24951) - resource/aws_autoscaling_group: Add
mixed_instances_policy.launch_template.override.instance_requirements
argument (#24795) - resource/aws_cloudfront_response_headers_policy: Add
server_timing_headers_config
argument (#24913) - resource/aws_cloudsearch_domain: Add
index_field.source_fields
argument (#24915) - resource/aws_cloudwatch_metric_stream: Add
statistics_configuration
argument (#24882) - resource/aws_elasticache_global_replication_group: Add support for upgrading
engine_version
. (#25077) - resource/aws_msk_cluster: Support multiple attribute updates by refreshing
current_version
after each update (#25062) - resource/aws_redshift_cluster: Add
aqua_configuration_status
andapply_immediately
arguments. (#24856) - resource/aws_redshift_cluster: Add
default_iam_role_arn
,maintenance_track_name
, andmanual_snapshot_retention_period
arguments. (#24982) - resource/aws_redshift_cluster: Add
logging.log_destination_type
andlogging.log_exports
arguments. (#24886) - resource/aws_redshift_cluster: Add plan-time validation for
iam_roles
,owner_account
, andport
. (#24856) - resource/aws_redshift_event_subscription: Add plan time validations for
event_categories
,source_type
, andseverity
. (#24909) - resource/aws_transfer_server: Add support for
TransferSecurityPolicy-2022-03
security_policy_name
value (#25060)
BUG FIXES:
- resource/aws_appflow_flow: Amend
task_properties
validation to avoid conflicting type assumption (#24889) - resource/aws_db_proxy_target: Fix
InvalidDBInstanceState: DB Instance is in an unsupported state - CREATING, needs to be in [AVAILABLE, MODIFYING, BACKING_UP]
error on resource Create (#24875) - resource/aws_instance: Correctly delete instance on destroy when
disable_api_termination
istrue
(#19277) - resource/aws_instance: Prevent error
InvalidParameterCombination: The parameter GroupName within placement information cannot be specified when instanceInterruptionBehavior is set to 'STOP'
when using a launch template that setsinstance_interruption_behavior
tostop
(#24695) - resource/aws_msk_cluster: Prevent crash on apply when
client_authentication.tls
is empty (#25072) - resource/aws_servicecatalog_provisioned_product: Add possible
TAINTED
target state for resource update and remove one of the internal waiters during read (#24804)
BUG FIXES:
- resource/aws_organizations_account: Fix reading account state for existing accounts (#24899)
BREAKING CHANGES:
- resource/aws_msk_cluster: The
ebs_volume_size
argument is deprecated in favor of thestorage_info
block. Thestorage_info
block can setvolume_size
andprovisioned_throughput
(#24767)
FEATURES:
- New Data Source:
aws_lb_hosted_zone_id
(#24749) - New Data Source:
aws_networkmanager_core_network_policy_document
(#24368) - New Resource:
aws_db_snapshot_copy
(#9886) - New Resource:
aws_keyspaces_table
(#24351)
ENHANCEMENTS:
- data-source/aws_route53_resolver_rules: add
name_regex
argument (#24582) - resource/aws_autoscaling_group: Add
instance_refresh.preferences.skip_matching
argument (#23059) - resource/aws_autoscaling_policy: Add
enabled
argument (#12625) - resource/aws_ec2_fleet: Add
arn
attribute (#24732) - resource/aws_ec2_fleet: Add
launch_template_config.override.instance_requirements
argument (#24732) - resource/aws_ec2_fleet: Add support for
capacity-optimized
andcapacity-optimized-prioritized
values forspot_options.allocation_strategy
(#24732) - resource/aws_lambda_function: Add support for
nodejs16.x
runtime
value (#24768) - resource/aws_lambda_layer_version: Add support for
nodejs16.x
compatible_runtimes
value (#24768) - resource/aws_organizations_account: Add
create_govcloud
argument andgovcloud_id
attribute (#24447) - resource/aws_s3_bucket_website_configuration: Add
routing_rules
parameter to be used instead ofrouting_rule
to support configurations with empty String values (#24198)
BUG FIXES:
- resource/aws_autoscaling_group: Wait for correct number of ELBs when
wait_for_elb_capacity
is configured (#20806) - resource/aws_elasticache_replication_group: Fix perpetual diff on
auto_minor_version_upgrade
(#24688)
FEATURES:
- New Data Source:
aws_connect_routing_profile
(#23525) - New Data Source:
aws_connect_security_profile
(#23524) - New Data Source:
aws_connect_user_hierarchy_structure
(#23527) - New Data Source:
aws_location_map
(#24693) - New Resource:
aws_appflow_connector_profile
(#23892) - New Resource:
aws_appflow_flow
(#24017) - New Resource:
aws_appintegrations_event_integration
(#23904) - New Resource:
aws_connect_user_hierarchy_group
(#23531) - New Resource:
aws_location_map
(#24682)
ENHANCEMENTS:
- data-source/aws_acm_certificate: Add
certificate
andcertificate_chain
attributes (#24593) - data-source/aws_autoscaling_group: Add
enabled_metrics
attribute (#24691) - data-source/aws_codestarconnections_connection: Support lookup by
name
(#19262) - data-source/aws_launch_template: Add
instance_requirements
attribute (#24543) - resource/aws_ebs_volume: Add support for
multi_attach_enabled
withio2
volumes (#19060) - resource/aws_launch_template: Add
instance_requirements
argument (#24543) - resource/aws_servicecatalog_provisioned_product: Wait for provisioning to finish (#24758)
- resource/aws_servicecatalog_provisioned_product: Wait for update to finish (#24758)
- resource/aws_spot_fleet_request: Add
overrides.instance_requirements
argument (#24448)
BUG FIXES:
- resource/aws_alb_listener_rule: Don't force recreate listener rule on priority change. (#23768)
- resource/aws_default_subnet: Fix
InvalidSubnet.Conflict
errors when associating IPv6 CIDR blocks (#24685) - resource/aws_ebs_volume: Add configurable timeouts (#24745)
- resource/aws_imagebuilder_image_recipe: Fix
ResourceDependencyException
errors when a dependency is modified (#24708) - resource/aws_kms_key: Retry on
MalformedPolicyDocumentException
errors when updating key policy (#24697) - resource/aws_servicecatalog_provisioned_product: Prevent error when retrieving a provisioned product in a non-available state (#24758)
- resource/aws_subnet: Fix
InvalidSubnet.Conflict
errors when associating IPv6 CIDR blocks (#24685)
FEATURES:
- New Data Source:
aws_emrcontainers_virtual_cluster
(#20003) - New Data Source:
aws_iam_instance_profiles
(#24423) - New Data Source:
aws_secretsmanager_secrets
(#24514) - New Resource:
aws_emrcontainers_virtual_cluster
(#20003) - New Resource:
aws_iot_topic_rule_destination
(#24395)
ENHANCEMENTS:
- data-source/aws_ami: Add
deprecation_time
attribute (#24489) - data-source/aws_msk_cluster: Add
bootstrap_brokers_public_sasl_iam
,bootstrap_brokers_public_sasl_scram
andbootstrap_brokers_public_tls
attributes (#21005) - data-source/aws_ssm_patch_baseline: Add the following attributes:
approved_patches
,approved_patches_compliance_level
,approval_rule
,global_filter
,rejected_patches
,rejected_patches_action
,source
(#24401) - resource/aws_ami: Add
deprecation_time
argument (#24489) - resource/aws_ami_copy: Add
deprecation_time
argument (#24489) - resource/aws_ami_from_instance: Add
deprecation_time
argument (#24489) - resource/aws_iot_topic_rule: Add
http
anderror_action.http
arguments (#16087) - resource/aws_iot_topic_rule: Add
kafka
anderror_action.kafka
arguments (#24395) - resource/aws_iot_topic_rule: Add
s3.canned_acl
anderror_action.s3.canned_acl
arguments (#19175) - resource/aws_iot_topic_rule: Add
timestream
anderror_action.timestream
arguments (#22337) - resource/aws_lambda_permission: Add
function_url_auth_type
argument (#24510) - resource/aws_msk_cluster: Add
bootstrap_brokers_public_sasl_iam
,bootstrap_brokers_public_sasl_scram
andbootstrap_brokers_public_tls
attributes (#21005) - resource/aws_msk_cluster: Add
broker_node_group_info.connectivity_info
argument to support public access (#21005) - resource/aws_msk_cluster: Add
client_authentication.unauthenticated
argument (#21005) - resource/aws_msk_cluster: Allow in-place update of
client_authentication
andencryption_info.encryption_in_transit.client_broker
(#21005)
BUG FIXES:
- resource/aws_cloudfront_distribution: Fix PreconditionFailed errors when other CloudFront resources are changed before the distribution (#24537)
- resource/aws_ecs_service: Fix retry when using the
wait_for_steady_state
parameter (#24541) - resource/aws_launch_template: Fix crash when reading
license_specification
(#24579) - resource/aws_ssm_document: Always include
attachment_sources
when updating SSM documents (#24530)
ENHANCEMENTS:
- resource/aws_kms_key: Add support for HMAC_256 customer master key spec (#24450)
BUG FIXES:
- resource/aws_acm_certificate_validation: Restore certificate issuance timestamp as the resource
id
value, fixing error on existing resource Read (#24453) - resource/aws_kms_alias: Fix reserved prefix used in
name
andname_prefix
plan time validation (#24469)
FEATURES:
- New Data Source:
aws_ce_cost_category
(#24402) - New Data Source:
aws_ce_tags
(#24402) - New Data Source:
aws_cloudfront_origin_access_identities
(#24382) - New Data Source:
aws_mq_broker_instance_type_offerings
(#24394) - New Resource:
aws_athena_data_catalog
(#22968) - New Resource:
aws_ce_cost_category
(#24402) - New Resource:
aws_docdb_event_subscription
(#24379)
ENHANCEMENTS:
- data-source/aws_grafana_workspace: Add
tags
attribute (#24358) - data-source/aws_instance: Add
maintenance_options
attribute (#24377) - data-source/aws_launch_template: Add
maintenance_options
attribute (#24377) - provider: Add support for Assume Role with Web Identity. (#24441)
- resource/aws_acm_certificate: Add
validation_option
argument (#3853) - resource/aws_acm_certificate_validation: Increase default resource Create (certificate issuance) timeout to 75 minutes (#20073)
- resource/aws_emr_cluster: Add
list_steps_states
argument (#20871) - resource/aws_grafana_workspace: Add
tags
argument (#24358) - resource/aws_instance: Add
maintenance_options
argument (#24377) - resource/aws_launch_template: Add
maintenance_options
argument (#24377) - resource/aws_mq_broker: Make
maintenance_window_start_time
updateable without recreation. (#24385) - resource/aws_rds_cluster: Add
serverlessv2_scaling_configuration
argument to support Aurora Serverless v2 (#24363) - resource/aws_spot_fleet_request: Add
terminate_instances_on_delete
argument (#17268)
BUG FIXES:
- data-source/aws_kms_alias: Fix
name
plan time validation (#13000) - provider: Setting
skip_metadata_api_check = false
now overridesAWS_EC2_METADATA_DISABLED
environment variable. (#24441) - resource/aws_acm_certificate: Correctly handle SAN entries that match
domain_name
(#20073) - resource/aws_dms_replication_task: Fix to stop the task before updating, if required (#24047)
- resource/aws_ec2_availability_zone_group: Don't crash if
group_name
is not found (#24422) - resource/aws_elasticache_cluster: Update regex pattern to target specific Redis V6 versions through the
engine_version
attribute (#23734) - resource/aws_elasticache_replication_group: Update regex pattern to target specific Redis V6 versions through the
engine_version
attribute (#23734) - resource/aws_kms_alias: Fix
name
andname_prefix
plan time validation (#13000) - resource/aws_lb: Fix bug causing an error on update if tags unsupported in ISO region (#24334)
- resource/aws_s3_bucket_policy: Let resource be removed from tfstate if bucket deleted outside Terraform (#23510)
- resource/aws_s3_bucket_versioning: Let resource be removed from tfstate if bucket deleted outside Terraform (#23510)
- resource/aws_ses_receipt_filter: Allow period character (
.
) inname
argument (#24383)
FEATURES:
ENHANCEMENTS:
- data-source/aws_imagebuilder_infrastructure_configuration: Add
instance_metadata_options
attribute (#24285) - data-source/aws_opensearch_domain: Add
cold_storage_options
attribute to thecluster_config
configuration block (#24284) - resource/aws_db_proxy: Add
auth.username
argument (#24264) - resource/aws_elasticache_user: Add plan-time validation of password argumnet length (#24274)
- resource/aws_elasticsearch_domain: For Elasticsearch versions 6.7+, allow in-place update of
node_to_node_encryption.0.enabled
andencrypt_at_rest.0.enabled
. (#24222) - resource/aws_fsx_ontap_file_system: Add support for
SINGLE_AZ_1
deployment_type
. (#24280) - resource/aws_imagebuilder_infrastructure_configuration: Add
instance_metadata_options
argument (#24285) - resource/aws_instance: Add
capacity_reservation_specification.capacity_reservation_target.capacity_reservation_resource_group_arn
argument (#24283) - resource/aws_instance: Add
network_interface.network_card_index
argument (#24283) - resource/aws_opensearch_domain: Add
cold_storage_options
argument to thecluster_config
configuration block (#24284) - resource/aws_opensearch_domain: For Elasticsearch versions 6.7+, allow in-place update of
node_to_node_encryption.0.enabled
andencrypt_at_rest.0.enabled
. (#24222) - resource/aws_transfer_server: Add
workflow_details
argument (#24248) - resource/aws_waf_byte_match_set: Additional supported values for
byte_match_tuples.field_to_match.type
argument (#24286) - resource/aws_wafregional_web_acl: Additional supported values for
logging_configuration.redacted_fields.field_to_match.type
argument (#24286) - resource/aws_workspaces_workspace: Additional supported values for
workspace_properties.compute_type_name
argument (#24286)
BUG FIXES:
- data-source/aws_db_instance: Prevent panic when setting instance connection endpoint values (#24299)
- data-source/aws_efs_file_system: Prevent panic when searching by tag returns 0 or multiple results (#24298)
- data-source/aws_elasticache_cluster: Gracefully handle additional tagging error type in non-standard AWS partitions (i.e., ISO) (#24275)
- resource/aws_appstream_user_stack_association: Prevent panic during resource read (#24303)
- resource/aws_cloudformation_stack_set: Prevent
Validation
errors whenoperation_preferences.failure_tolerance_count
is zero (#24250) - resource/aws_elastic_beanstalk_environment: Correctly set
cname_prefix
attribute (#24278) - resource/aws_elasticache_cluster: Gracefully handle additional tagging error type in non-standard AWS partitions (i.e., ISO) (#24275)
- resource/aws_elasticache_parameter_group: Gracefully handle additional tagging error type in non-standard AWS partitions (i.e., ISO) (#24275)
- resource/aws_elasticache_replication_group: Gracefully handle additional tagging error type in non-standard AWS partitions (i.e., ISO) (#24275)
- resource/aws_elasticache_subnet_group: Gracefully handle additional tagging error type in non-standard AWS partitions (i.e., ISO) (#24275)
- resource/aws_elasticache_user: Gracefully handle additional tagging error type in non-standard AWS partitions (i.e., ISO) (#24275)
- resource/aws_elasticache_user_group: Gracefully handle additional tagging error type in non-standard AWS partitions (i.e., ISO) (#24275)
- resource/aws_instance: Fix issue with assuming Placement and disableApiTermination instance attributes exist when managing a Snowball Edge device (#19256)
- resource/aws_kinesis_firehose_delivery_stream: Increase the maximum length of the
processing_configuration.processors.parameters.parameter_value
argument's value to5120
(#24312) - resource/aws_macie2_member: Correct type for
invitation_disable_email_notification
parameter (#24304) - resource/aws_s3_bucket_server_side_encryption_configuration: Retry on
ServerSideEncryptionConfigurationNotFoundError
errors due to eventual consistency (#24266) - resource/aws_sfn_state_machine: Prevent panic during resource update (#24302)
- resource/aws_shield_protection_group: When updating resource tags, use the
protection_group_arn
parameter instead ofarn
. (#24296) - resource/aws_ssm_association: Prevent panic when
wait_for_success_timeout_seconds
is configured (#24300)
FEATURES:
- New Data Source:
aws_iam_saml_provider
(#10498) - New Data Source:
aws_nat_gateways
(#24190) - New Resource:
aws_datasync_location_fsx_openzfs_file_system
(#24200) - New Resource:
aws_elasticache_user_group_association
(#24204) - New Resource:
aws_qldb_stream
(#19297)
ENHANCEMENTS:
- data-source/aws_qldb_ledger: Add
kms_key
andtags
attributes (#19297) - resource/aws_ami_launch_permission: Add
group
argument (#20677) - resource/aws_ami_launch_permission: Add
organization_arn
andorganizational_unit_arn
arguments (#21694) - resource/aws_athena_database: Add
properties
argument. (#24172) - resource/aws_athena_database: Add import support. (#24172)
- resource/aws_config_config_rule: Add
source.custom_policy_details
argument. (#24057) - resource/aws_config_config_rule: Add plan time validation for
source.source_detail.event_source
andsource.source_detail.message_type
. (#24057) - resource/aws_config_config_rule: Make
source.source_identifier
optional. (#24057) - resource/aws_eks_addon: Add
preserve
argument (#24218) - resource/aws_grafana_workspace: Add plan time validations for
authentication_providers
,authentication_providers
,authentication_providers
. (#24170) - resource/aws_qldb_ledger: Add
kms_key
argument (#19297) - resource/aws_vpc_ipam_scope: Add pagination when describing IPAM Scopes (#24188)
BUG FIXES:
- resource/aws_athena_database: Add drift detection for
comment
. (#24172) - resource/aws_cloudformation_stack_set: Prevent
InvalidParameter
errors when updatingoperation_preferences
(#24202) - resource/aws_cloudwatch_event_connection: Add validation to
auth_parameters.api_key.key
,auth_parameters.api_key.value
,auth_parameters.basic.username
,auth_parameters.basic.password
,auth_parameters.oauth.authorization_endpoint
,auth_parameters.oauth.client_parameters.client_id
andauth_parameters.oauth.client_parameters.client_secret
arguments (#24154) - resource/aws_cloudwatch_log_subscription_filter: Retry resource create and update when a conflicting operation error is returned (#24148)
- resource/aws_ecs_service: Retry when using the
wait_for_steady_state
parameter andResourceNotReady
errors are returned from the AWS API (#24223) - resource/aws_ecs_service: Wait for service to reach an active state after create and update operations (#24223)
- resource/aws_emr_cluster: Ignore
UnknownOperationException
errors when reading a cluster's auto-termination policy (#24237) - resource/aws_lambda_function_url: Ignore
ResourceConflictException
errors caused by existingFunctionURLAllowPublicAccess
permission statements (#24220) - resource/aws_vpc_ipam_scope: Prevent panic when describing IPAM Scopes by ID (#24188)
NOTES:
- resource/aws_s3_bucket: The
acceleration_status
,acl
,cors_rule
,grant
,lifecycle_rule
,logging
,object_lock_configuration.rule
,policy
,replication_configuration
,request_payer
,server_side_encryption_configuration
,versioning
, andwebsite
parameters are now Optional. Please refer to the documentation for details on drift detection and potential conflicts when configuring these parameters with the standaloneaws_s3_bucket_*
resources. (#23985)
FEATURES:
- New Data Source:
aws_eks_addon_version
(#23157) - New Data Source:
aws_lambda_function_url
(#24053) - New Data Source:
aws_memorydb_acl
(#23891) - New Data Source:
aws_memorydb_cluster
(#23991) - New Data Source:
aws_memorydb_snapshot
(#23990) - New Data Source:
aws_memorydb_user
(#23890) - New Data Source:
aws_opensearch_domain
(#23902) - New Data Source:
aws_ssm_maintenance_windows
(#24011) - New Resource:
aws_db_instance_automated_backups_replication
(#23759) - New Resource:
aws_dynamodb_contributor_insights
(#23947) - New Resource:
aws_iot_indexing_configuration
(#9929) - New Resource:
aws_iot_logging_options
(#13392) - New Resource:
aws_iot_provisioning_template
(#12108) - New Resource:
aws_lambda_function_url
(#24053) - New Resource:
aws_opensearch_domain
(#23902) - New Resource:
aws_opensearch_domain_policy
(#23902) - New Resource:
aws_opensearch_domain_saml_options
(#23902) - New Resource:
aws_rds_cluster_activity_stream
(#22097)
ENHANCEMENTS:
- data-source/aws_imagebuilder_distribution_configuration: Add
account_id
attribute to thelaunch_template_configuration
attribute of thedistribution
configuration block (#23924) - data-source/aws_route: Add
core_network_arn
argument (#24024) - data-source/aws_route_table: Add 'routes.core_network_arn' attribute' (#24024)
- provider: Add support for reading custom CA bundle setting from shared config files (#24064)
- resource/aws_cloudformation_stack_set: Add
operation_preferences
argument (#23908) - resource/aws_default_route_table: Add
core_network_arn
argument to theroute
configuration block (#24024) - resource/aws_dlm_lifecycle_policy: Add
policy_details.schedule.create_rule.cron_expression
,policy_details.schedule.retain_rule.interval
,policy_details.schedule.retain_rule.interval_unit
,policy_details.policy_type
,policy_details.schedule.deprecate_rule
,policy_details.parameters
,policy_details.schedule.variable_tags
,policy_details.schedule.fast_restore_rule
,policy_details.schedule.share_rule
,policy_details.resource_locations
,policy_details.schedule.create_rule.location
,policy_details.action
andpolicy_details.event_source
arguments (#23880) - resource/aws_dlm_lifecycle_policy: Add plan time validations for
policy_details.resource_types
anddescription
arguments (#23880) - resource/aws_dlm_lifecycle_policy: Make
policy_details.resource_types
,policy_details.schedule
,policy_details.target_tags
,policy_details.schedule.retain_rule
andpolicy_details.schedule.create_rule.interval
arguments optional (#23880) - resource/aws_elasticache_cluster: Add
auto_minor_version_upgrade
argument (#23996) - resource/aws_fms_policy: Retry when
InternalErrorException
errors are returned from the AWS API (#23952) - resource/aws_fsx_ontap_file_system: Support updating
storage_capacity
,throughput_capacity
, anddisk_iops_configuration
. (#24002) - resource/aws_imagebuilder_distribution_configuration: Add
account_id
argument to thelaunch_template_configuration
attribute of thedistribution
configuration block (#23924) - resource/aws_iot_authorizer: Add
enable_caching_for_http
argument (#23993) - resource/aws_lambda_permission: Add
principal_org_id
argument. (#24001) - resource/aws_mq_broker: Add validation to
broker_name
andsecurity_groups
arguments (#18088) - resource/aws_organizations_account: Add
close_on_deletion
argument to close account on deletion (#23930) - resource/aws_route: Add
core_network_arn
argument (#24024) - resource/aws_route_table: Add
core_network_arn
argument to theroute
configuration block (#24024) - resource/aws_s3_bucket: Speed up resource deletion, especially when the S3 buckets contains a large number of objects and
force_destroy
istrue
(#24020) - resource/aws_s3_bucket: Update
acceleration_status
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_accelerate_configuration
resource. (#23816) - resource/aws_s3_bucket: Update
acl
andgrant
parameters to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring these parameters with the standaloneaws_s3_bucket_acl
resource. (#23798) - resource/aws_s3_bucket: Update
cors_rule
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_cors_configuration
resource. (#23817) - resource/aws_s3_bucket: Update
lifecycle_rule
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_lifecycle_configuration
resource. (#23818) - resource/aws_s3_bucket: Update
logging
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_logging
resource. (#23819) - resource/aws_s3_bucket: Update
object_lock_configuration.rule
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_object_lock_configuration
resource. (#23984) - resource/aws_s3_bucket: Update
policy
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_policy
resource. (#23843) - resource/aws_s3_bucket: Update
replication_configuration
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_replication_configuration
resource. (#23842) - resource/aws_s3_bucket: Update
request_payer
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_request_payment_configuration
resource. (#23844) - resource/aws_s3_bucket: Update
server_side_encryption_configuration
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_server_side_encryption_configuration
resource. (#23822) - resource/aws_s3_bucket: Update
versioning
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_versioning
resource. (#23820) - resource/aws_s3_bucket: Update
website
parameter to be configurable. Please refer to the documentation for details on drift detection and potential conflicts when configuring this parameter with the standaloneaws_s3_bucket_website_configuration
resource. (#23821) - resource/aws_storagegateway_gateway: Add
maintenance_start_time
argument (#15355) - resource/aws_storagegateway_nfs_file_share: Add
bucket_region
andvpc_endpoint_dns_name
arguments to support PrivateLink endpoints (#24038) - resource/aws_vpc_ipam: add
cascade
argument (#23973) - resource/aws_vpn_connection: Add
core_network_arn
andcore_network_attachment_arn
attributes (#24024) - resource/aws_xray_group: Add
insights_configuration
argument (#24028)
BUG FIXES:
- data-source/aws_elasticache_cluster: Allow some
tags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#23979) - resource/aws_backup_report_plan: Wait for asynchronous lifecycle operations to complete (#23967)
- resource/aws_cloudformation_stack_set: Consider
QUEUED
a valid pending state for resource creation (#22160) - resource/aws_dynamodb_table_item: Allow
item
names to still succeed if they include non-letters (#14075) - resource/aws_elasticache_cluster: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#23979) - resource/aws_elasticache_parameter_group: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#23979) - resource/aws_elasticache_replication_group: Allow disabling
auto_minor_version_upgrade
(#23996) - resource/aws_elasticache_replication_group: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#23979) - resource/aws_elasticache_replication_group: Waits for available state before updating tags (#24021)
- resource/aws_elasticache_subnet_group: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#23979) - resource/aws_elasticache_user: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#23979) - resource/aws_elasticache_user_group: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#23979) - resource/aws_elasticsearch_domain_saml_option: Fix difference caused by
subject_key
default not matching AWS default; old and new defaults are equivalent (#20892) - resource/aws_lb: Fix attribute key not recognized issue preventing creation in ISO-B regions (#23972)
- resource/aws_redshift_cluster: Correctly use
number_of_nodes
argument value when restoring from snapshot (#13203) - resource/aws_route: Ensure that resource ID is set in case of wait-for-creation time out (#24024)
- resource/aws_s3_bucket_lifecycle_configuration: Prevent
MalformedXML
errors when handling diffs inrule.filter
(#23893)
FEATURES:
ENHANCEMENTS:
- data-source/aws_eips: Set
public_ips
for VPC as well as EC2 Classic (#23859) - data-source/aws_elasticache_cluster: Add
log_delivery_configuration
attribute (#20068) - data-source/aws_elasticache_replication_group: Add
log_delivery_configuration
attribute (#20068) - data-source/aws_elasticsearch_domain: Add
cold_storage_options
attribute to thecluster_config
configuration block (#19713) - data-source/aws_lambda_function: Add
ephemeral_storage
attribute (#23873) - resource/aws_elasticache_cluster: Add
log_delivery_configuration
argument (#20068) - resource/aws_elasticache_replication_group: Add
log_delivery_configuration
argument (#20068) - resource/aws_elasticsearch_domain: Add
cold_storage_options
argument to thecluster_config
configuration block (#19713) - resource/aws_elasticsearch_domain: Add configurable Create and Delete timeouts (#19713)
- resource/aws_lambda_function: Add
ephemeral_storage
argument (#23873) - resource/aws_lambda_function: Add error handling for
ResourceConflictException
errors on create and update (#23879) - resource/aws_mskconnect_custom_plugin: Implement resource Delete (#23544)
- resource/aws_mwaa_environment: Add
schedulers
argument (#21941) - resource/aws_network_firewall_policy: Allow use of managed rule group arns for network firewall managed rule groups. (#22355)
BUG FIXES:
- resource/aws_autoscaling_group: Fix issue where group was not recreated if
initial_lifecycle_hook
changed (#20708) - resource/aws_cloudfront_distribution: Fix default value of
origin_path
inorigin
block (#20709) - resource/aws_cloudwatch_event_target: Fix setting
path_parameter_values
. (#23862)
FEATURES:
- New Data Source:
aws_cloudwatch_event_bus
(#23792) - New Data Source:
aws_imagebuilder_image_pipelines
(#23741) - New Data Source:
aws_memorydb_parameter_group
(#23814) - New Data Source:
aws_route53_traffic_policy_document
(#23602) - New Resource:
aws_cognito_user_in_group
(#23765) - New Resource:
aws_keyspaces_keyspace
(#23770) - New Resource:
aws_route53_traffic_policy
(#23602) - New Resource:
aws_route53_traffic_policy_instance
(#23602)
ENHANCEMENTS:
- data-source/aws_imagebuilder_distribution_configuration: Add
organization_arns
andorganizational_unit_arns
attributes to thedistribution.ami_distribution_configuration.launch_permission
configuration block (#22104) - data-source/aws_msk_cluster: Add
zookeeper_connect_string_tls
attribute (#23804) - data-source/aws_ssm_document: Support
TEXT
document_format
(#23757) - resource/aws_api_gateway_stage: Add
canary_settings
argument. (#23754) - resource/aws_athena_workgroup: Add
acl_configuration
andexpected_bucket_owner
arguments to theconfiguration.result_configuration
block (#23748) - resource/aws_autoscaling_group: Add
instance_reuse_policy
argument to support Warm Pool scale-in (#23769) - resource/aws_autoscaling_group: Update documentation to include Warm Pool hibernation (#23772)
- resource/aws_cloudformation_stack_set_instance: Add
operation_preferences
argument (#23666) - resource/aws_cloudwatch_log_subscription_filter: Add plan time validations for
name
,destination_arn
,filter_pattern
,role_arn
,distribution
. (#23760) - resource/aws_glue_schema: Update documentation to include Protobuf data format support (#23815)
- resource/aws_imagebuilder_distribution_configuration: Add
organization_arns
andorganizational_unit_arns
arguments to thedistribution.ami_distribution_configuration.launch_permission
configuration block (#22104) - resource/aws_instance: Add
user_data_replace_on_change
attribute (#23604) - resource/aws_ssm_maintenance_window_task: Add
arn
andwindow_task_id
attributes. (#23756) - resource/aws_ssm_maintenance_window_task: Add
cutoff_behavior
argument. (#23756)
BUG FIXES:
- data-source/aws_ssm_document: Dont generate
arn
for AWS managed docs. (#23757) - resource/aws_ecs_service: Ensure that
load_balancer
andservice_registries
can be updated in-place (#23786) - resource/aws_launch_template: Fix
network_interfaces.device_index
andnetwork_interfaces.network_card_index
of0
not being set (#23767) - resource/aws_ssm_maintenance_window_task: Allow creating a window taks without targets. (#23756)
FEATURES:
- New Data Source:
aws_networkmanager_connection
(#13251) - New Data Source:
aws_networkmanager_connections
(#13251) - New Data Source:
aws_networkmanager_device
(#13251) - New Data Source:
aws_networkmanager_devices
(#13251) - New Data Source:
aws_networkmanager_global_network
(#13251) - New Data Source:
aws_networkmanager_global_networks
(#13251) - New Data Source:
aws_networkmanager_link
(#13251) - New Data Source:
aws_networkmanager_links
(#13251) - New Data Source:
aws_networkmanager_site
(#13251) - New Data Source:
aws_networkmanager_sites
(#13251) - New Resource:
aws_gamelift_game_server_group
(#23606) - New Resource:
aws_networkmanager_connection
(#13251) - New Resource:
aws_networkmanager_customer_gateway_association
(#13251) - New Resource:
aws_networkmanager_device
(#13251) - New Resource:
aws_networkmanager_global_network
(#13251) - New Resource:
aws_networkmanager_link
(#13251) - New Resource:
aws_networkmanager_link_association
(#13251) - New Resource:
aws_networkmanager_site
(#13251) - New Resource:
aws_networkmanager_transit_gateway_connect_peer_association
(#13251) - New Resource:
aws_networkmanager_transit_gateway_registration
(#13251) - New Resource:
aws_vpc_endpoint_security_group_association
(#13737)
ENHANCEMENTS:
- data-source/aws_ec2_transit_gateway_connect_peer: Add
arn
attribute (#13251) - data-source/aws_imagebuilder_image: Add
container_recipe_arn
attribute (#23647) - data-source/aws_launch_template: Add
capacity_reservation_resource_group_arn
attribute to thecapacity_reservation_specification.capacity_reservation_target
configuration block (#23365) - data-source/aws_launch_template: Add
capacity_reservation_specification
,cpu_options
,elastic_inference_accelerator
andlicense_specification
attributes (#23365) - data-source/aws_launch_template: Add
ipv4_prefixes
,ipv4_prefix_count
,ipv6_prefixes
andipv6_prefix_count
attributes to thenetwork_interfaces
configuration block (#23365) - data-source/aws_launch_template: Add
private_dns_name_options
attribute (#23365) - data-source/aws_redshift_cluster: Add
availability_zone_relocation_enabled
attribute. (#20812) - resource/aws_appconfig_configuration_profile: Add
type
argument to support AWS AppConfig Feature Flags (#23719) - resource/aws_athena_database: Add
acl_configuration
andexpected_bucket_owner
arguments (#23745) - resource/aws_athena_database: Add
comment
argument to support database descriptions (#23745) - resource/aws_athena_database: Do not recreate the resource if
bucket
changes (#23745) - resource/aws_cloud9_environment_ec2: Add
connection_type
andimage_id
arguments (#19195) - resource/aws_cloudformation_stack_set:_instance: Add
call_as
argument (#23339) - resource/aws_dms_replication_task: Add optional
start_replication_task
andstatus
argument (#23692) - resource/aws_ec2_transit_gateway_connect_peer: Add
arn
attribute (#13251) - resource/aws_ecs_service:
enable_ecs_managed_tags
,load_balancer
,propagate_tags
andservice_registries
can now be updated in-place (#23600) - resource/aws_imagebuilder_image: Add
container_recipe_arn
argument (#23647) - resource/aws_iot_certificate: Add
ca_pem
argument, enabling the use of existing IoT certificates (#23126) - resource/aws_iot_topic_rule: Add
cloudwatch_logs
anderror_action.cloudwatch_logs
arguments (#23440) - resource/aws_launch_configuration: Add
ephemeral_block_device.no_device
argument (#23152) - resource/aws_launch_template: Add
capacity_reservation_resource_group_arn
argument to thecapacity_reservation_specification.capacity_reservation_target
configuration block (#23365) - resource/aws_launch_template: Add
ipv4_prefixes
,ipv4_prefix_count
,ipv6_prefixes
andipv6_prefix_count
arguments to thenetwork_interfaces
configuration block (#23365) - resource/aws_launch_template: Add
private_dns_name_options
argument (#23365) - resource/aws_msk_configuration: Correctly set
latest_revision
as Computed whenserver_properties
changes (#23662) - resource/aws_quicksight_user: Allow custom values for
namespace
(#23607) - resource/aws_rds_cluster: Add
db_cluster_instance_class
,allocated_storage
,storage_type
, andiops
arguments to support Multi-AZ deployments for MySQL & PostgreSQL (#23684) - resource/aws_rds_global_cluster: Add configurable timeouts (#23560)
- resource/aws_rds_instance: Add
source_db_instance_automated_backup_arn
option withinrestore_to_point_in_time
attribute (#23086) - resource/aws_redshift_cluster: Add
availability_zone_relocation_enabled
attribute and allowavailability_zone
to be changed in-place. (#20812) - resource/aws_transfer_server: Add
pre_authentication_login_banner
andpost_authentication_login_banner
arguments (#23631) - resource/aws_vpc_endpoint: The
security_group_ids
attribute can now be empty when the resource is created. In this case the VPC's default security is associated with the VPC endpoint (#13737)
BUG FIXES:
- resource/aws_amplify_app: Allow
repository
to be updated in-place (#23517) - resource/aws_api_gateway_stage: Fixed issue with providing
cache_cluster_size
withoutcache_cluster_enabled
resulted in waiter error (#23091) - resource/aws_athena_database: Remove from state on resource Read if deleted outside of Terraform (#23745)
- resource/aws_cloudformation_stack_set: Use
call_as
attribute when reading stack sets, fixing an error raised when using a delegated admistrator account (#23339) - resource/aws_cloudsearch_domain: Set correct defaults for
index_field.facet
,index_field.highlight
,index_field.return
,index_field.search
andindex_field.sort
, preventing spurious resource diffs (#23687) - resource/aws_db_instance: Fix issues where configured update timeout was not respected, and update would fail if instance were in the process of being configured. (#23560)
- resource/aws_rds_event_subscription: Fix issue where
enabled
was sometimes not updated (#23560) - resource/aws_rds_global_cluster: Fix ability to perform cluster version upgrades, including of clusters in distinct regions, such as previously got error: "Invalid database cluster identifier" (#23560)
- resource/aws_route53domains_registered_domain: Redirect all Route 53 Domains AWS API calls to the
us-east-1
Region (#23672) - resource/aws_s3_bucket_acl: Fix resource import for S3 bucket names consisting of uppercase letters, underscores, and a maximum of 255 characters (#23678)
- resource/aws_s3_bucket_lifecycle_configuration: Support empty string filtering (default behavior of the
aws_s3_bucket.lifecycle_rule
parameter in provider versions prior to v4.0) (#23746) - resource/aws_s3_bucket_replication_configuration: Change
rule
configuration block to list instead of set (#23703) - resource/aws_s3_bucket_replication_configuration: Set
rule.id
as Computed to prevent drift when the value is not configured (#23703) - resource/aws_s3_bucket_versioning: Add missing support for
Disabled
bucket versioning (#23723)
ENHANCEMENTS:
- resource/aws_account_alternate_contact: Add configurable timeouts (#23516)
- resource/aws_s3_bucket: Add error handling for
NotImplemented
errors when readingobject_lock_enabled
andobject_lock_configuration
into terraform state. (#13366) - resource/aws_s3_bucket: Add top-level
object_lock_enabled
parameter (#23556) - resource/aws_s3_bucket_replication_configuration: Add
token
field to specify x-amz-bucket-object-lock-token for enabling replication on object lock enabled buckets or enabling object lock on an existing bucket. (#23624) - resource/aws_servicecatalog_budget_resource_association: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_constraint: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_organizations_access: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_portfolio: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_portfolio_share: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_principal_portfolio_association: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_product: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_product_portfolio_association: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_provisioned_product: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_provisioning_artifact: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_service_action: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_tag_option: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_tag_option_resource_association: Add configurable timeouts (#23518)
- resource/aws_synthetics_canary: Add optional
environment_variables
torun_config
. (#23574)
BUG FIXES:
- resource/aws_account_alternate_contact: Improve eventual consistency handling to avoid "no resource found" on updates (#23516)
- resource/aws_image_builder_image_recipe: Fix regression in 4.3.0 whereby Windows-based images wouldn't build because of the newly introduced
systems_manager_agent.uninstall_after_build
argument. (#23580) - resource/aws_kms_external_key: Increase
tags
eventual consistency timeout from 5 minutes to 10 minutes (#23593) - resource/aws_kms_key: Increase
description
andtags
eventual consistency timeouts from 5 minutes to 10 minutes (#23593) - resource/aws_kms_replica_external_key: Increase
tags
eventual consistency timeout from 5 minutes to 10 minutes (#23593) - resource/aws_kms_replica_key: Increase
tags
eventual consistency timeout from 5 minutes to 10 minutes (#23593) - resource/aws_s3_bucket_lifecycle_configuration: Correctly configure
rule.filter.object_size_greater_than
andrule.filter.object_size_less_than
in API requests and terraform state (#23441) - resource/aws_s3_bucket_lifecycle_configuration: Prevent drift when
rule.noncurrent_version_expiration.newer_noncurrent_versions
orrule.noncurrent_version_transition.newer_noncurrent_versions
is not specified (#23441) - resource/aws_s3_bucket_replication_configuration: Correctly configure empty
rule.filter
configuration block in API requests (#23586) - resource/aws_s3_bucket_replication_configuration: Ensure both
key
andvalue
arguments of therule.filter.tag
configuration block are correctly populated in the outgoing API request and terraform state. (#23579) - resource/aws_s3_bucket_replication_configuration: Prevent inconsistent final plan when
rule.filter.prefix
is an empty string (#23586)
FEATURES:
- New Data Source:
aws_connect_queue
(#22768) - New Data Source:
aws_ec2_serial_console_access
(#23443) - New Data Source:
aws_ec2_transit_gateway_connect
(#22181) - New Data Source:
aws_ec2_transit_gateway_connect_peer
(#22181) - New Resource:
aws_apprunner_vpc_connector
(#23173) - New Resource:
aws_connect_routing_profile
(#22813) - New Resource:
aws_connect_user_hierarchy_structure
(#22836) - New Resource:
aws_ec2_network_insights_path
(#23330) - New Resource:
aws_ec2_serial_console_access
(#23443) - New Resource:
aws_ec2_transit_gateway_connect
(#22181) - New Resource:
aws_ec2_transit_gateway_connect_peer
(#22181) - New Resource:
aws_grafana_license_association
(#23401) - New Resource:
aws_route53domains_registered_domain
(#12711)
ENHANCEMENTS:
- data-source/aws_ec2_transit_gateway: Add
transit_gateway_cidr_blocks
attribute (#22181) - data-source/aws_eks_node_group: Add
taints
attribute (#23452) - resource/aws_apprunner_service: Add
network_configuration
argument (#23173) - resource/aws_cloudwatch_metric_alarm: Additional allowed values for
extended_statistic
andmetric_query.metric.stat
arguments (#22942) - resource/aws_ec2_transit_gateway: Add custom
timeouts
block (#22181) - resource/aws_ec2_transit_gateway: Add
transit_gateway_cidr_blocks
argument (#22181) - resource/aws_eks_cluster: Retry when
ResourceInUseException
errors are returned from the AWS API during resource deletion (#23366) - resource/aws_glue_job: Add support for streaming jobs by removing the default value for the
timeout
argument and marking it as Computed (#23275) - resource/aws_lambda_function: Add support for
dotnet6
runtime
value (#23426) - resource/aws_lambda_layer_version: Add support for
dotnet6
compatible_runtimes
value (#23426) - resource/aws_route:
nat_gateway_id
target no longer conflicts withdestination_ipv6_cidr_block
(#23427)
BUG FIXES:
- resource/aws_dms_endpoint: Fix bug where KMS key was ignored for DynamoDB, OpenSearch, Kafka, Kinesis, Oracle, PostgreSQL, and S3 engines. (#23444)
- resource/aws_networkfirewall_rule_group: Allow any character in
source
anddestination
rule_group.rules_source.stateful_rule.header
arguments as per the AWS API docs (#22727) - resource/aws_opsworks_application: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_custom_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_ecs_cluster_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_ganglia_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_haproxy_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_instance: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_java_app_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_memcached_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_mysql_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_nodejs_app_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_php_app_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_rails_app_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_rds_db_instance: Correctly remove from state in certain deletion situations (#23397)
- resource/aws_opsworks_stack: Fix error reported on successful deletion, lack of eventual consistency wait (#23397)
- resource/aws_opsworks_static_web_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_user_profile: Fix error reported on successful deletion (#23397)
- resource/aws_route53_resolver_firewall_domain_list: Remove limit for number of
domains
. (#23485) - resource/aws_synthetics_canary: Retry canary creation if it fails because of IAM propagation. (#23394)
NOTES:
- resource/aws_internet_gateway: Set
vpc_id
as Computed to prevent drift when theaws_internet_gateway_attachment
resource is used (#16386) - resource/aws_s3_bucket_lifecycle_configuration: The
prefix
argument of therule
configuration block has been deprecated. Use thefilter
configuration block instead. (#23325)
FEATURES:
- New Data Source:
aws_ec2_transit_gateway_multicast_domain
(#22756) - New Data Source:
aws_ec2_transit_gateway_vpc_attachments
(#12409) - New Resource:
aws_ec2_transit_gateway_multicast_domain
(#22756) - New Resource:
aws_ec2_transit_gateway_multicast_domain_association
(#22756) - New Resource:
aws_ec2_transit_gateway_multicast_group_member
(#22756) - New Resource:
aws_ec2_transit_gateway_multicast_group_source
(#22756) - New Resource:
aws_internet_gateway_attachment
(#16386) - New Resource:
aws_opsworks_ecs_cluster_layer
(#12495) - New Resource:
aws_vpc_endpoint_policy
(#17039)
ENHANCEMENTS:
- data-source/aws_ec2_transit_gateway: Add
multicast_support
attribute (#22756) - provider: Improves error message when
Profile
and static credential environment variables are set. (#23388) - provider: Makes
region
an optional parameter to allow sourcing from shared config files and IMDS (#23384) - provider: Retrieves region from IMDS when credentials retrieved from IMDS. (#23388)
- resource/aws_connect_queue: The
quick_connect_ids
argument can now be updated in-place (#22821) - resource/aws_connect_security_profile: add
permissions
attribute to read (#22761) - resource/aws_ec2_fleet: Add
context
argument (#23304) - resource/aws_ec2_transit_gateway: Add
multicast_support
argument (#22756) - resource/aws_imagebuilder_image_pipeline: Add
schedule.timezone
argument (#23322) - resource/aws_imagebuilder_image_recipe: Add
systems_manager_agent.uninstall_after_build
argument (#23293) - resource/aws_instance: Prevent double base64 encoding of
user_data
anduser_data_base64
on update (#23362) - resource/aws_s3_bucket: Add error handling for
NotImplemented
error when readinglogging
into terraform state (#23398) - resource/aws_s3_bucket_object_lock_configuration: Mark
token
argument as sensitive (#23368) - resource/aws_servicecatalog_provisioned_product: Add
outputs
attribute (#23270)
BUG FIXES:
- provider: Validates names of named profiles before use. (#23388)
- resource/aws_dms_replication_task: Allow
cdc_start_position
to be computed (#23328) - resource/aws_ecs_cluster: Fix bug preventing describing clusters in ISO regions (#23341)
FEATURES:
- New Data Source:
aws_grafana_workspace
(#22874) - New Data Source:
aws_iam_openid_connect_provider
(#23240) - New Data Source:
aws_ssm_instances
(#23162) - New Resource:
aws_cloudtrail_event_data_store
(#22490) - New Resource:
aws_grafana_workspace
(#22874)
ENHANCEMENTS:
- provider: Add
custom_ca_bundle
argument (#23279) - provider: Add
sts_region
argument (#23212) - provider: Expands environment variables in file paths in provider configuration. (#23282)
- provider: Updates list of valid AWS regions (#23282)
- resource/aws_dms_endpoint: Add
s3_settings.add_column_name
,s3_settings.canned_acl_for_objects
,s3_settings.cdc_inserts_and_updates
,s3_settings.cdc_inserts_only
,s3_settings.cdc_max_batch_interval
,s3_settings.cdc_min_file_size
,s3_settings.cdc_path
,s3_settings.csv_no_sup_value
,s3_settings.csv_null_value
,s3_settings.data_page_size
,s3_settings.date_partition_delimiter
,s3_settings.date_partition_sequence
,s3_settings.dict_page_size_limit
,s3_settings.enable_statistics
,s3_settings.encoding_type
,s3_settings.ignore_headers_row
,s3_settings.include_op_for_full_load
,s3_settings.max_file_size
,s3_settings.preserve_transactions
,s3_settings.rfc_4180
,s3_settings.row_group_length
,s3_settings.timestamp_column_name
,s3_settings.use_csv_no_sup_value
arguments (#20913) - resource/aws_elasticache_replication_group: Add plan-time validation to
description
andreplication_group_description
to ensure non-empty strings (#23254) - resource/aws_fms_policy: Add
delete_unused_fm_managed_resources
argument (#21295) - resource/aws_fms_policy: Add
tags
argument andtags_all
attribute to support resource tagging (#21299) - resource/aws_imagebuilder_image_recipe: Update plan time validation of
block_device_mapping.ebs.kms_key_id
,block_device_mapping.ebs.snapshot_id
,block_device_mapping.ebs.volume_type
,name
,parent_image
. (#23235) - resource/aws_instance: Allow updates to
user_data
anduser_data_base64
without forcing resource replacement (#18043) - resource/aws_s3_bucket: Add error handling for
MethodNotAllowed
andXNotImplemented
errors when readingwebsite
into terraform state. (#23278) - resource/aws_s3_bucket: Add error handling for
NotImplemented
errors when readingacceleration_status
,policy
, orrequest_payer
into terraform state. (#23278)
BUG FIXES:
- provider: Credentials with expiry, such as assuming a role, would not renew. (#23282)
- provider: Setting a custom CA bundle caused the provider to fail. (#23282)
- resource/aws_iam_instance_profile: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_openid_connect_provider: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_policy: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_saml_provider: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_server_certificate: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_service_linked_role: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_virtual_mfa_device: Improve tag handling in ISO regions (#23283)
- resource/aws_s3_bucket_lifecycle_configuration: Ensure both
key
andvalue
arguments of thefilter
tag
configuration block are correctly populated in the outgoing API request and terraform state. (#23252) - resource/aws_s3_bucket_lifecycle_configuration: Prevent non-empty plans when
filter
is an empty configuration block (#23232)
FEATURES:
- New Data Source:
aws_backup_framework
(#23193) - New Data Source:
aws_backup_report_plan
(#23146) - New Data Source:
aws_imagebuilder_container_recipe
(#23040) - New Data Source:
aws_imagebuilder_container_recipes
(#23134) - New Data Source:
aws_service
(#16640) - New Resource:
aws_backup_framework
(#23175) - New Resource:
aws_backup_report_plan
(#23098) - New Resource:
aws_gamelift_script
(#11560) - New Resource:
aws_iam_service_specific_credential
(#16185) - New Resource:
aws_iam_signing_certificate
(#23161) - New Resource:
aws_iam_virtual_mfa_device
(#23113) - New Resource:
aws_imagebuilder_container_recipe
(#22965)
ENHANCEMENTS:
- data-source/aws_imagebuilder_image_pipeline: Add
container_recipe_arn
attribute (#23111) - data-source/aws_kms_public_key: Add
public_key_pem
attribute (#23130) - resource/aws_api_gateway_authorizer: Add
arn
attribute. (#23151) - resource/aws_autoscaling_group: Disable scale-in protection before draining instances (#23187)
- resource/aws_cloudformation_stack_set: Add
call_as
argument (#22440) - resource/aws_elastic_transcoder_preset: Add plan time validations to
audio.audio_packing_mode
,audio.channels
,audio.codec
,audio.sample_rate
,audio_codec_options.bit_depth
,audio_codec_options.bit_order
,audio_codec_options.profile
,audio_codec_options.signed
,audio_codec_options.signed
,container
,thumbnails.aspect_ratio
,thumbnails.format
,thumbnails.padding_policy
,thumbnails.sizing_policy
,type
,video.aspect_ratio
,video.codec
,video.display_aspect_ratio
,video.fixed_gop
,video.frame_rate
,video.max_frame_rate
,video.padding_policy
,video.sizing_policy
,video_watermarks.horizontal_align
,video_watermarks.id
,video_watermarks.sizing_policy
,video_watermarks.target
,video_watermarks.vertical_align
(#13974) - resource/aws_elastic_transcoder_preset: Allow
audio.bit_rate
to be computed. (#13974) - resource/aws_gamelift_build: Add
object_version
argument tostorage_location
block. (#22966) - resource/aws_gamelift_build: Add import support (#22966)
- resource/aws_gamelift_fleet: Add
certificate_configuration
argument (#22967) - resource/aws_gamelift_fleet: Add import support (#22967)
- resource/aws_gamelift_fleet: Add plan time validation to
ec2_instance_type
(#22967) - resource/aws_gamelift_fleet: Adds
script_arn
attribute. (#11560) - resource/aws_gamelift_fleet: Adds
script_id
argument. (#11560) - resource/aws_glue_catalog_database: Add support
create_table_default_permission
argument (#22964) - resource/aws_glue_trigger: Add
event_batching_condition
argument. (#22963) - resource/aws_iam_user_login_profile: Make
pgp_key
optional (#12384) - resource/aws_imagebuilder_image_pipeline: Add
container_recipe_arn
argument (#23111) - resource/aws_prometheus_workspace: Add
tags
argument andtags_all
attribute to support resource tagging (#23202) - resource/aws_ssm_association: Add
arn
attribute (#17732) - resource/aws_ssm_association: Add
wait_for_success_timeout_seconds
argument (#17732) - resource/aws_ssm_association: Add plan time validation to
association_name
,document_version
,schedule_expression
,output_location.s3_bucket_name
,output_location.s3_key_prefix
,targets.key
,targets.values
,automation_target_parameter_name
(#17732)
BUG FIXES:
- data-source/aws_vpc_ipam_pool: error if no pool found (#23195)
- provider: Support
ap-northeast-3
,ap-southeast-3
andus-iso-west-1
as valid AWS Regions (#23191) - provider: Use AWS HTTP client which allows IMDS authentication in container environments and custom RootCAs in ISO regions (#23191)
- resource/aws_appmesh_route: Handle zero
max_retries
(#23035) - resource/aws_elastic_transcoder_preset: Allow
video_codec_options
to be empty. (#13974) - resource/aws_rds_cluster: Fix crash when configured
engine_version
string is shorter than theEngineVersion
string returned from the AWS API (#23039) - resource/aws_s3_bucket_lifecycle_configuration: Correctly handle the
days
value of therule
transition
configuration block when set to0
(#23120) - resource/aws_s3_bucket_lifecycle_configuration: Fix extraneous diffs especially after import (#23144)
- resource/aws_sagemaker_endpoint_configuration: Emptiness check for arguments, Allow not passing
async_inference_config.kms_key_id
. (#22960) - resource/aws_vpn_connection: Add support for
ipsec.1-aes256
connection type (#23127)
BREAKING CHANGES:
- data-source/aws_connect_hours_of_operation: The hours_of_operation_arn attribute is renamed to arn (#22375)
- resource/aws_batch_compute_environment: No
compute_resources
configuration block can be specified whentype
isUNMANAGED
(#22805) - resource/aws_cloudwatch_event_target: The
ecs_target
launch_type
argument no longer has a default value (previously wasEC2
) (#22803) - resource/aws_cloudwatch_event_target:
ecs_target.0.launch_type
can no longer be set to""
; instead, remove or set tonull
(#22954) - resource/aws_connect_hours_of_operation: The hours_of_operation_arn attribute is renamed to arn (#22375)
- resource/aws_default_network_acl: These arguments can no longer be set to
""
:egress.*.cidr_block
,egress.*.ipv6_cidr_block
,ingress.*.cidr_block
, oringress.*.ipv6_cidr_block
(#22928) - resource/aws_default_route_table: These arguments can no longer be set to
""
:route.*.cidr_block
,route.*.ipv6_cidr_block
(#22931) - resource/aws_default_vpc:
ipv6_cidr_block
can no longer be set to""
; remove or set tonull
(#22948) - resource/aws_efs_mount_target:
ip_address
can no longer be set to""
; instead, remove or set tonull
(#22954) - resource/aws_elasticache_cluster: Either
engine
orreplication_group_id
must be specified (#20482) - resource/aws_elasticsearch_domain:
ebs_options.0.volume_type
can no longer be set to""
; instead, remove or set tonull
(#22954) - resource/aws_fsx_ontap_storage_virtual_machine: Remove deprecated
active_directory_configuration.0.self_managed_active_directory_configuration.0.organizational_unit_distinguidshed_name
, migrating value toactive_directory_configuration.0.self_managed_active_directory_configuration.0.organizational_unit_distinguished_name
(#22915) - resource/aws_instance:
private_ip
can no longer be set to""
; remove or set tonull
(#22948) - resource/aws_lb_target_group: For
protocol = "TCP"
,stickiness
can no longer be type set tolb_cookie
even whenenabled = false
; instead use typesource_ip
(#22996) - resource/aws_network_acl: These arguments can no longer be set to
""
:egress.*.cidr_block
,egress.*.ipv6_cidr_block
,ingress.*.cidr_block
, oringress.*.ipv6_cidr_block
(#22928) - resource/aws_route: Exactly one of these can be set:
destination_cidr_block
,destination_ipv6_cidr_block
,destination_prefix_list_id
. These arguments can no longer be set to""
:destination_cidr_block
,destination_ipv6_cidr_block
. (#22931) - resource/aws_route_table: These arguments can no longer be set to
""
:route.*.cidr_block
,route.*.ipv6_cidr_block
(#22931) - resource/aws_s3_bucket: The
acceleration_status
argument has been deprecated and is now read-only. Use theaws_s3_bucket_accelerate_configuration
resource instead. (#22610) - resource/aws_s3_bucket: The
acl
andgrant
arguments have been deprecated and are now read-only. Use theaws_s3_bucket_acl
resource instead. (#22537) - resource/aws_s3_bucket: The
cors_rule
argument has been deprecated and is now read-only. Use theaws_s3_bucket_cors_configuration
resource instead. (#22611) - resource/aws_s3_bucket: The
lifecycle_rule
argument has been deprecated and is now read-only. Use theaws_s3_bucket_lifecycle_configuration
resource instead. (#22581) - resource/aws_s3_bucket: The
logging
argument has been deprecated and is now read-only. Use theaws_s3_bucket_logging
resource instead. (#22599) - resource/aws_s3_bucket: The
object_lock_configuration
rule
argument has been deprecated and is now read-only. Use theaws_s3_bucket_object_lock_configuration
resource instead. (#22612) - resource/aws_s3_bucket: The
policy
argument has been deprecated and is now read-only. Use theaws_s3_bucket_policy
resource instead. (#22538) - resource/aws_s3_bucket: The
replication_configuration
argument has been deprecated and is now read-only. Use theaws_s3_bucket_replication_configuration
resource instead. (#22604) - resource/aws_s3_bucket: The
request_payer
argument has been deprecated and is now read-only. Use theaws_s3_bucket_request_payment_configuration
resource instead. (#22613) - resource/aws_s3_bucket: The
server_side_encryption_configuration
argument has been deprecated and is now read-only. Use theaws_s3_bucket_server_side_encryption_configuration
resource instead. (#22605) - resource/aws_s3_bucket: The
versioning
argument has been deprecated and is now read-only. Use theaws_s3_bucket_versioning
resource instead. (#22606) - resource/aws_s3_bucket: The
website
,website_domain
, andwebsite_endpoint
arguments have been deprecated and are now read-only. Use theaws_s3_bucket_website_configuration
resource instead. (#22614) - resource/aws_vpc:
ipv6_cidr_block
can no longer be set to""
; remove or set tonull
(#22948) - resource/aws_vpc_ipv6_cidr_block_association:
ipv6_cidr_block
can no longer be set to""
; remove or set tonull
(#22948)
NOTES:
- data-source/aws_cognito_user_pools: The type of the
ids
andarns
attributes has changed from Set to List. If no volumes match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_db_event_categories: The type of the
ids
attribute has changed from Set to List. If no event categories match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ebs_volumes: The type of the
ids
attribute has changed from Set to List. If no volumes match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_coip_pools: The type of the
pool_ids
attribute has changed from Set to List. If no COIP pools match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_local_gateway_route_tables: The type of the
ids
attribute has changed from Set to List. If no local gateway route tables match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_local_gateway_virtual_interface_groups: The type of the
ids
andlocal_gateway_virtual_interface_ids
attributes has changed from Set to List. If no local gateway virtual interface groups match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_local_gateways: The type of the
ids
attribute has changed from Set to List. If no local gateways match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_transit_gateway_route_tables: The type of the
ids
attribute has changed from Set to List. If no transit gateway route tables match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_efs_access_points: The type of the
ids
andarns
attributes has changed from Set to List. If no access points match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_elasticache_replication_group: The
number_cache_clusters
attribute has been deprecated. All configurations usingnumber_cache_clusters
should be updated to use thenum_cache_clusters
attribute instead (#22667) - data-source/aws_elasticache_replication_group: The
replication_group_description
attribute has been deprecated. All configurations usingreplication_group_description
should be updated to use thedescription
attribute instead (#22667) - data-source/aws_emr_release_labels: The type of the
ids
attribute has changed from Set to List. If no release labels match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_iam_policy_document: The
source_json
andoverride_json
attributes have been deprecated. Use thesource_policy_documents
andoverride_policy_documents
attributes respectively instead. (#22890) - data-source/aws_inspector_rules_packages: If no rules packages match the specified criteria an empty list is returned (previously an error was raised) (#21219)
- data-source/aws_instances: If no instances match the specified criteria an empty list is returned (previously an error was raised) (#5055)
- data-source/aws_ip_ranges: If no ranges match the specified criteria an empty list is returned (previously an error was raised) (#21219)
- data-source/aws_network_acls: The type of the
ids
attribute has changed from Set to List. If no NACLs match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_network_interfaces: The type of the
ids
attribute has changed from Set to List. If no network interfaces match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_route_tables: The type of the
ids
attribute has changed from Set to List. If no route tables match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_s3_bucket_object: The data source is deprecated; use
aws_s3_object
instead (#22877) - data-source/aws_s3_bucket_objects: The data source is deprecated; use
aws_s3_objects
instead (#22877) - data-source/aws_security_groups: If no security groups match the specified criteria an empty list is returned (previously an error was raised) (#21219)
- data-source/aws_ssoadmin_instances: The type of the
identity_store_ids
andarns
attributes has changed from Set to List. If no instances match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_subnet_ids: The
aws_subnet_ids
data source has been deprecated and will be removed in a future version. Use theaws_subnets
data source instead (#22743) - data-source/aws_vpcs: The type of the
ids
attributes has changed from Set to List. If no VPCs match the specified criteria an empty list is returned (previously an error was raised) (#22253) - provider: The
assume_role.duration_seconds
argument has been deprecated. All configurations usingassume_role.duration_seconds
should be updated to use the newassume_role.duration
argument instead. (#23077) - resource/aws_acmpca_certificate_authority: The
status
attribute has been deprecated. Use theenabled
attribute instead. (#22878) - resource/aws_autoscaling_attachment: The
alb_target_group_arn
argument has been deprecated. All configurations usingalb_target_group_arn
should be updated to use the newlb_target_group_arn
argument instead (#22662) - resource/aws_autoscaling_group: The
tags
argument has been deprecated. All configurations usingtags
should be updated to use thetag
argument instead (#22663) - resource/aws_budgets_budget: The
cost_filters
attribute has been deprecated. Use thecost_filter
attribute instead. (#22888) - resource/aws_connect_hours_of_operation: Timeout support has been removed as it is not needed for this resource (#22375)
- resource/aws_customer_gateway:
ip_address
can no longer be set to""
(#22926) - resource/aws_db_instance: The
name
argument has been deprecated. All configurations usingname
should be updated to use thedb_name
argument instead (#22668) - resource/aws_default_subnet: If no default subnet exists in the specified Availability Zone one is now created. The
force_destroy
destroy argument has been added (defaults tofalse
). Setting this argument totrue
deletes the default subnet onterraform destroy
(#22253) - resource/aws_default_vpc: If no default VPC exists in the current AWS Region one is now created. The
force_destroy
destroy argument has been added (defaults tofalse
). Setting this argument totrue
deletes the default VPC onterraform destroy
(#22253) - resource/aws_ec2_client_vpn_endpoint: The
status
attribute has been deprecated (#22887) - resource/aws_ec2_client_vpn_endpoint: The type of the
dns_servers
argument has changed from Set to List (#22889) - resource/aws_ec2_client_vpn_network_association: The
security_groups
argument has been deprecated. Use thesecurity_group_ids
argument of theaws_ec2_client_vpn_endpoint
resource instead (#22911) - resource/aws_ec2_client_vpn_network_association: The
status
attribute has been deprecated (#22887) - resource/aws_ec2_client_vpn_route: Add custom
timeouts
block (#22911) - resource/aws_ecs_cluster: The
capacity_providers
anddefault_capacity_provider_strategy
arguments have been deprecated. Use theaws_ecs_cluster_capacity_providers
resource instead. (#22783) - resource/aws_elasticache_replication_group: The
cluster_mode
argument has been deprecated. All configurations usingcluster_mode
should be updated to use the root-levelnum_node_groups
andreplicas_per_node_group
arguments instead (#22666) - resource/aws_elasticache_replication_group: The
number_cache_clusters
argument has been deprecated. All configurations usingnumber_cache_clusters
should be updated to use thenum_cache_clusters
argument instead (#22666) - resource/aws_elasticache_replication_group: The
replication_group_description
argument has been deprecated. All configurations usingreplication_group_description
should be updated to use thedescription
argument instead (#22666) - resource/aws_route: The
instance_id
argument has been deprecated. All configurations usinginstance_id
should be updated to use thenetwork_interface_id
argument instead (#22664) - resource/aws_route_table: The
instance_id
argument of theroute
configuration block has been deprecated. All configurations usingroute
instance_id
should be updated to use theroute
network_interface_id
argument instead (#22664) - resource/aws_s3_bucket_object: The resource is deprecated; use
aws_s3_object
instead (#22877)
FEATURES:
- New Data Source:
aws_cloudfront_realtime_log_config
(#22620) - New Data Source:
aws_ec2_client_vpn_endpoint
(#14218) - New Data Source:
aws_eips
(#7537) - New Data Source:
aws_s3_object
(#22850) - New Data Source:
aws_s3_objects
(#22850) - New Resource:
aws_cognito_user
(#19919) - New Resource:
aws_dataexchange_revision
(#22933) - New Resource:
aws_network_acl_association
(#18807) - New Resource:
aws_s3_bucket_accelerate_configuration
(#22617) - New Resource:
aws_s3_bucket_acl
(#22853) - New Resource:
aws_s3_bucket_cors_configuration
(#12141) - New Resource:
aws_s3_bucket_lifecycle_configuration
(#22579) - New Resource:
aws_s3_bucket_logging
(#22608) - New Resource:
aws_s3_bucket_object_lock_configuration
(#22644) - New Resource:
aws_s3_bucket_request_payment_configuration
(#22649) - New Resource:
aws_s3_bucket_server_side_encryption_configuration
(#22609) - New Resource:
aws_s3_bucket_versioning
(#5132) - New Resource:
aws_s3_bucket_website_configuration
(#22648) - New Resource:
aws_s3_object
(#22850)
ENHANCEMENTS:
- data-source/aws_ami: Add
boot_mode
attribute. (#22939) - data-source/aws_cloudwatch_log_group: Automatically trim
:*
suffix fromarn
attribute (#22043) - data-source/aws_ec2_client_vpn_endpoint: Add
security_group_ids
andvpc_id
attributes (#22911) - data-source/aws_elasticache_replication_group: Add
description
,num_cache_clusters
,num_node_groups
, andreplicas_per_node_group
attributes (#22667) - data-source/aws_imagebuilder_distribution_configuration: Add
container_distribution_configuration
attribute to thedistribution
configuration block (#22838) - data-source/aws_imagebuilder_distribution_configuration: Add
launch_template_configuration
attribute to thedistribution
configuration block (#22884) - data-source/aws_imagebuilder_image_recipe: Add
parameter
attribute to thecomponent
configuration block (#22856) - provider: Add
duration
argument to theassume_role
configuration block (#23077) - provider: Add
ec2_metadata_service_endpoint
,ec2_metadata_service_endpoint_mode
,use_dualstack_endpoint
,use_fips_endpoint
arguments (#22804) - provider: Add environment variables
TF_AWS_DYNAMODB_ENDPOINT
,TF_AWS_IAM_ENDPOINT
,TF_AWS_S3_ENDPOINT
, andTF_AWS_STS_ENDPOINT
. (#23052) - provider: Add support for
shared_config_file
parameter (#20587) - provider: Add support for
shared_credentials_files
parameter and deprecatesshared_credentials_file
(#23080) - provider: Adds
s3_use_path_style
parameter and deprecatess3_force_path_style
. (#23055) - provider: Changes
shared_config_file
parameter toshared_config_files
(#23080) - provider: Updates AWS authentication to use AWS SDK for Go v2 https://aws.github.io/aws-sdk-go-v2/docs/ (#20587)
- resource/aws_ami: Add
boot_mode
andebs_block_device.outpost_arn
arguments. (#22939) - resource/aws_ami_copy: Add
boot_mode
andebs_block_device.outpost_arn
attributes (#22972) - resource/aws_ami_from_instance: Add
boot_mode
andebs_block_device.outpost_arn
attributes (#22972) - resource/aws_api_gateway_domain_name: Add
ownership_verification_certificate_arn
argument. (#21076) - resource/aws_apigatewayv2_domain_name: Add
domain_name_configuration.ownership_verification_certificate_arn
argument. (#21076) - resource/aws_autoscaling_attachment: Add
lb_target_group_arn
argument (#22662) - resource/aws_cloudwatch_event_target: Add plan time validation for
input
,input_path
,run_command_targets.values
,http_target.header_parameters
,http_target.query_string_parameters
,redshift_target.database
,redshift_target.db_user
,redshift_target.secrets_manager_arn
,redshift_target.sql
,redshift_target.statement_name
,retry_policy.maximum_event_age_in_seconds
,retry_policy.maximum_retry_attempts
. (#22946) - resource/aws_db_instance: Add
db_name
argument (#22668) - resource/aws_ec2_client_vpn_authorization_rule: Configurable Create and Delete timeouts (#20688)
- resource/aws_ec2_client_vpn_endpoint: Add
client_connect_options
argument (#22793) - resource/aws_ec2_client_vpn_endpoint: Add
client_login_banner_options
argument (#22793) - resource/aws_ec2_client_vpn_endpoint: Add
security_group_ids
andvpc_id
arguments (#22911) - resource/aws_ec2_client_vpn_endpoint: Add
session_timeout_hours
argument (#22793) - resource/aws_ec2_client_vpn_endpoint: Add
vpn_port
argument (#22793) - resource/aws_ec2_client_vpn_network_association: Configurable Create and Delete timeouts (#20689)
- resource/aws_elasticache_replication_group: Add
description
argument (#22666) - resource/aws_elasticache_replication_group: Add
num_cache_clusters
argument (#22666) - resource/aws_elasticache_replication_group: Add
num_node_groups
andreplicas_per_node_group
arguments (#22666) - resource/aws_fsx_lustre_file_system: Add
log_configuration
argument. (#22935) - resource/aws_fsx_ontap_file_system: Reduce the minimum valid value of the
throughput_capacity
argument to128
(128 MB/s) (#22898) - resource/aws_glue_partition_index: Add support for custom timeouts. (#22941)
- resource/aws_imagebuilder_distribution_configuration: Add
launch_template_configuration
argument to thedistribution
configuration block (#22842) - resource/aws_imagebuilder_image_recipe: Add
parameter
argument to thecomponent
configuration block (#22837) - resource/aws_mq_broker:
auto_minor_version_upgrade
andhost_instance_type
can be changed without recreating broker (#20661) - resource/aws_s3_bucket_cors_configuration: Retry when
NoSuchCORSConfiguration
errors are returned from the AWS API (#22977) - resource/aws_s3_bucket_versioning: Add eventual consistency handling to help ensure bucket versioning is stabilized. (#21076)
- resource/aws_vpn_connection: Add the ability to revert changes to unconfigured tunnel options made outside of Terraform to their documented default values (#17031)
- resource/aws_vpn_connection: Mark
customer_gateway_configuration
asSensitive
(#15806) - resource/aws_wafv2_web_acl: Support
version
onmanaged_rule_group_statement
(#21732)
BUG FIXES:
- data-source/aws_vpc_peering_connections: Return empty array instead of error when no connections found. (#17382)
- resource/aws_cloudformation_stack: Retry resource Create and Update for IAM eventual consistency (#22840)
- resource/aws_cloudwatch_event_target: Preserve order of
http_target.path_parameter_values
. (#22946) - resource/aws_db_instance: Fix error with reboot of replica (#22178)
- resource/aws_ec2_client_vpn_authorization_rule: Don't raise an error when
InvalidClientVpnEndpointId.NotFound
is returned during refresh (#20688) - resource/aws_ec2_client_vpn_endpoint:
connection_log_options.cloudwatch_log_stream
argument is Computed, preventing spurious resource diffs (#22891) - resource/aws_ecs_capacity_provider: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_ecs_cluster: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_ecs_service: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_ecs_task_definition: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_ecs_task_set: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_route_table_association: Handle nil 'AssociationState' in ISO regions (#22806)
- resource/aws_route_table_association: Retry resource Read for EC2 eventual consistency (#22927)
- resource/aws_vpc_ipam: Correct update of
description
(#22863) - resource/aws_waf_rule_group: Prevent panic when expanding the rule group's set of
activated_rule
(#22978) - resource/aws_wafregional_rule_group: Prevent panic when expanding the rule group's set of
activated_rule
(#22978)
For information on prior major releases, see their changelogs: