v2.41.0

FEATURES:

• New Resource: aws_eks_fargate_profile (#11111)
• New Resource: aws_lambda_provisioned_concurrency_config (#11129)

ENHANCEMENTS:

• data-source/aws_route_table: adds attributes gateway_id and associations.gateway_id (#11122)
• resource/aws_autoscaling_group: Add max_instance_lifetime argument (#10951)
• resource/aws_autoscaling_group: Add mixed_instances_policy launch_template override configuration block weighted_capacity argument (#11004)
• resource/aws_codebuild_project: Add Linux GPU worker (#11035)
• resource/aws_docdb_cluster_instance: Add support for ca_cert_identifier parameter (#11041)
• resource/aws_emr_cluster: Outputs EMR cluster ARN (#11078)
• resource/aws_iam_access_key: Remove deprecation from secret and mark secret and ses_smtp_password to sensitive (#10908)
• resource/aws_iam_user: Delete a user's virtual MFA devices when force_destroy is enabled (#11040)
• resource/aws_route_table_association: adds attribute gateway_id (#11122)

BUG FIXES:

• resource/aws_batch_compute_environment: Forces new resource when launch_template contents are changed (#11057)
• resource/aws_datasync_location_s3: Automatically retry creation for IAM errors due to eventual consistency (#10984)
• resource/aws_launch_template: Only set associate_public_ip_address on network interfaces if it's explicitly set to avoid problems with multiple network interfaces (#10157)

v2.40.0

NOTES:

• resource/aws_datasync_task: The DataSync API and SDK have removed BEST_EFFORT as a valid value for the options configuration block posix_permissions argument. The value has been removed from the validation in this resource to match those changes. (#10985)

FEATURES:

• New Resource: aws_dx_hosted_transit_virtual_interface (#8523)
• New Resource: aws_dx_hosted_transit_virtual_interface_accepter (#8523)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add vpc_config nested block cluster_security_group_id attribute (#11002)
• resource/aws_cloudwatch_metric_alarm: Add threshold_metric_id argument (support Anomaly Detection metrics) (#9828)
• resource/aws_codebuild_project: Add support for BUILD_GENERAL1_2XLARGE CodeBuild compute type [GH11015]
• resource/aws_dx_private_virtual_interface: Support tagging-on-create (#9572)
• resource/aws_dx_private_virtual_interface: Validate Virtual Interface type on import (#9572)
• resource/aws_dx_public_virtual_interface: Validate Virtual Interface type on import (#9572)
• resource/aws_ebs_snapshot: Support tagging-on-create and in-place tags updates (#10935)
• resource/aws_ebs_snapshot_copy: Support tagging-on-create and in-place tags updates (#10936)
• resource/aws_eks_cluster: Add vpc_config configuration block cluster_security_group_id attribute (#11002)
• resource/aws_lambda_function: Support waiting for function creation and configuration updates (#11016)

BUG FIXES:

• data-source/aws_iam_group: Ensure users attribute populates fully when group contains more than 100 users (#10993)
• resource/aws_default_route_table: Return helpful not found error on resource creation instead of generic Provider produced inconsistent result after apply error when given invalid default_route_table_id argument value (#10981)
• resource/aws_default_route_table: Propose resource recreation for missing Default Route Table on refresh instead of returning an error (#10981)

v2.39.0

FEATURES:

• New Data Source: aws_guardduty_detector (#10463)
• New Resource: aws_glue_workflow (#10891)

ENHANCEMENTS:

• provider: Support for EC2 Metadata secure tokens (#10940)
• resource/aws_glue_job: Add number_of_workers and worker_type arguments (#9115)
• resource/aws_glue_job: Add tags argument and arn attribute (#10968)
• resource/aws_glue_trigger: Add workflow_name argument (#9762)
• resource/aws_glue_trigger: Add actions configuration block crawler_name argument (#10190)
• resource/aws_glue_trigger: Add predicate conditions configuration block crawler_name and crawl_state arguments (#10190)
• resource/aws_glue_trigger: Add tags argument and arn attribute (#10967)
• resource/aws_iam_group_policy: Add IAM Policy JSON difference suppression and validation to policy argument (#9660)
• resource/aws_lambda_event_source_mapping: Add maximum_batching_window_in_seconds argument (#10051)
• resource/aws_lambda_function: Support java11, nodejs12.x, and python3.8 as valid runtime argument values in validation (#10938)
• resource/aws_lambda_layer_version: Support java11, nodejs12.x, and python3.8 as valid compatible_runtimes argument values in validation (#10938)
• resource/aws_resourcegroups_group: Add tags argument (#10640)

BUG FIXES:

• data_source/aws_instance: Fixes a bug where multiple EBS volumes would get collapsed and only one would return (#10045)
• resource/aws_appmesh_virtual_node: Allow FQDN values in service_discovery aws_cloud_map configuration block namespace_name and service_name argument validations (#9788)
• resource/aws_batch_compute_environment: Propose resource recreation when updating compute_resources configuration block tags argument (#10937)
• resource/aws_iam_instance_profile: Remove requirement to specify a role, as it is not required by the API (#10525)
• resource/aws_opsworks_application: Fixes issue where terraform apply continuously suggests applying changes to ssh_key or password in app_source property (#10175)
• resource/aws_opsworks_stack: Fixes issue where terraform apply continuously suggests applying changes to ssh_key or password in custom_cookbooks_source property (#10175)

v2.38.0

FEATURES:

• New Resource: aws_eks_node_group (#10916)

v2.37.0

ENHANCEMENTS:

• resource/aws_api_gateway_rest_api: Add tags argument and arn attribute (#10581)
• resource/aws_cloudtrail: support Tag on create (#10818)
• resource/aws_db_instance: Add ca_cert_identifier argument (#10490)
• resource/aws_dlm_lifecycle_policy: Add tags argument and arn attribute (#10864)
• resource/aws_efs_file_system: Add AFTER_7_DAYS as a valid lifecycle_policy configuratio block transition_to_ia argument value (#10825)
• resource/aws_glue_crawler: Add tags argument (#10805)
• resource/aws_s3_bucket_inventory: Add IntelligentTieringAccessTier as valid value for optional_fields argument (#10746)
• resource/aws_waf_geo_match_set: Support resource import and add arn attribute (#10480)
• resource/aws_waf_regex_match_set: Support resource import and add arn attribute (#10481)
• resource/aws_waf_regex_pattern_set: Support resource import and add arn attribute (#10482)
• resource/aws_waf_size_constraint_set: Support resource import and add arn attribute (#10484)
• resource/aws_waf_xss_match_set: Support resource import and add arn attribute (#10485)
• resource/aws_wafregional_rate_based_rule: Add tags argument and arn attribute (#10897)
• resource/aws_wafregional_rule_group: Add tags argument and arn attribute (#10896)
• resource/aws_wafregional_rule: Add tags argument and arn attribute (#10895)
• resource/aws_wafregional_web_acl: Add tags argument (#10889)
• resource/aws_wafregional_web_acl_association: Support resource import (#10538)

BUG FIXES:

• data-source/aws_iam_policy_document: Prevent panic when combining single principal identifier with multiple principal identifiers (#10780)
• data-source/aws_iam_policy_document: Prevent losing identifier elements when combining single and multiple principals identifiers (#10844)
• resource/aws_servicequotas_service_quota: Remove resource from Terraform state on NoSuchResourceException error (#10735)

v2.36.0

ENHANCEMENTS:

• data-source/aws_iam_group: Add users attribute (#7132)
• resource/aws_apigateway_stage: Add arn attribute (#10570)
• resource/aws_apigateway_usage_plan: Add tags argument and arn attribute (#10566)
• resource/aws_s3_bucket: Retry reading tags on NoSuchBucket errors due to eventual inconsistency (#10863)
• resource/aws_waf_rule: Add arn attribute (#10798)
• resource/aws_waf_rule_group: Add arn attribute (#10799)

v2.35.0

NOTES:

• provider: New ignore_tag_prefixes and ignore_tags arguments are being tested as a public preview for ignoring tags across all resources under a provider. Support for the functionality must be added to individual resources in the codebase and is only implemented for the aws_subnet and aws_vpc resources at this time. Until a general availability announcement, no compatibility promises are made with these provider arguments and their functionality. (#10418)

FEATURES:

• New Data Source: aws_qldb_ledger (#10394)
• New Resource: aws_qldb_ledger (#10394)

ENHANCEMENTS:

• data-source/aws_db_cluster_snapshot: Add tags attribute (#10488)
• data-source/aws_db_instance: Add tags attribute (#10550)
• data-source/aws_vpc_endpoint: Add filter and tags arguments (#10503)
• provider: Add ignore_tag_prefixes and ignore_tags arguments (in public preview, see note above) (#10418)
• resource/aws_acmpca_certificate_authority: Support tagging on creation (#10736)
• resource/aws_api_gateway_api_key: Add tags argument and arn attribute (#10568)
• resource/aws_api_gateway_client_certificate: Add tags argument and arn attribute (#10569)
• resource/aws_api_gateway_domain_name: Add tags argument and arn attribute (#10567)
• resource/aws_api_gateway_vpc_link: Add tags argument and arn attribute (#10561)
• resource/aws_cloudwatch_log_group: Support tagging on creation (#10753)
• resource/aws_db_cluster_snapshot: Add tags argument (#10488)
• resource/aws_ec2_fleet: Support in-place tags updates (#10761)
• resource/aws_launch_template: Support tagging on creation (#10759)
• resource/aws_mq_broker: Support in-place security_groups updates (#10442)
• resource/aws_storagegateway_cached_iscsi_volume: Add tags argument (#10613)
• resource/aws_storagegateway_gateway: Add tags argument (#10588)
• resource/aws_storagegateway_nfs_file_share: Add tags argument (#10722)
• resource/aws_subnet: Support provider-wide ignore tags (in public preview, see note above) (#10418)
• resource/aws_swf_domain: Add tags argument and arn attribute (#10763)
• resource/aws_vpc: Support provider-wide ignore tags (in public preview, see note above) (#10418)
• resource/aws_waf_rate_based_rule: Add tags argument and arn attribute (#10479)

BUG FIXES:

• data-source/aws_route53_resolver_rule: Do not retrieve tags for rules shared with the AWS account that owns the data source (#10348)
• resource/aws_api_gateway_authorizer: Set authorizer_result_ttl_in_seconds argument default to 300 to match API default which properly allows setting to 0 for disabling caching (#9605)
• resource/aws_autoscaling_group: Batch ELB attachments and detachments by 10 to prevent API and rate limiting errors (#10445)
• resource/aws_s3_bucket_public_access_block: Remove from Terraform state when S3 Bucket is already destroyed (#10534)
• resource/aws_ssm_maintenance_window_task: Prevent crashes with empty configuration blocks (#10713)

v2.34.0

ENHANCEMENTS:

• resource/aws_ecr_repository: Add image_scanning_configuration configuration block (support image scanning on push) (#10671)
• resource/aws_elasticache_replication_group: Add kms_key_id argument (support KMS encryption) (#10380)
• resource/aws_flow_log: Add log_format argument (#10374)
• resource/aws_glue_job: Add glue_version argument (#10237)
• resource/aws_storagegateway_smb_file_share: Add tags argument (#10620)

BUG FIXES:

• resource/aws_backup_plan: Correctly handle changes to recovery_point_tags arguments (#10641)
• resource/aws_backup_plan: Prevent diffs didn't match errors with rule configuration blocks (#10641)
• resource/aws_cloudhsm_v2_cluster: Ensure multiple tag configurations are applied correctly (#10309)
• resource/aws_cloudhsm_v2_cluster: Perform drift detection with tags (#10309)
• resource/aws_dx_gateway_association: Fix backwards compatibility issue with missing dx_gateway_association_id attribute (#8776)
• resource/aws_s3_bucket: Bypass MethodNotAllowed errors for Object Lock Configuration on read (support AWS C2S) (#10657)

v2.33.0

FEATURES:

• New Data Source: aws_waf_rate_based_rule (#10124)
• New Data Source: aws_wafregional_rate_based_rule (#10125)
• New Resource: aws_quicksight_user (#10401)

ENHANCEMENTS:

• resource/aws_glue_classifier: Add csv_classifier configuration block (support CSV classifiers) (#9824)
• resource/aws_waf_byte_match_set: Support resource import (#10477)
• resource/aws_waf_rate_based_rule: Support resource import (#10475)
• resource/aws_waf_rule: Add tags argument (#10408)
• resource/aws_waf_rule_group: Add tags argument (#10408)
• resource/aws_waf_web_acl: Add tags argument (#10408)

BUG FIXES:

• resource/aws_gamelift_fleet: Increase default deletion timeout to 20 minutes to match service timing (#10443)

v2.32.0

NOTES:

• provider: The underlying Terraform codebase dependency for the provider SDK and acceptance testing framework has been migrated from github.com/hashicorp/terraform to github.com/hashicorp/terraform-plugin-sdk. They are functionality equivalent and this should only impact codebase development to switch imports. For more information see the Terraform Plugin SDK page in the Extending Terraform documentation. (#10367)

ENHANCEMENTS:

• resource/aws_emr_instance_group: Add configurations_json argument (#10426)

BUG FIXES:

• provider: Fix session handling to correctly validate and use assume_role credentials (#10379)
• resource/aws_autoscaling_group: Batch ALB/NLB attachments and detachments by 10 to prevent API and rate limiting errors (#10435)
• resource/aws_emr_instance_group: Remove terminated instance groups from the Terraform state (#10425)
• resource/aws_s3_bucket: Prevent infinite deletion recursion with force_destroy argument and object keys with empty "directory" prefixes present since version 2.29.0 (#10388)
• resource/aws_vpc_endpoint_route_table_association: Fix resource import support (#10454)