ci(deps): Update Terraform aws to v5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	major	4.67.0 -> 5.82.2

⚠️ MAJOR MAJOR MAJOR ⚠️

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.82.2

Compare Source

BUG FIXES:

• data-source/aws_lb_listener: Add mutual_authentication.advertise_trust_store_ca_names attribute. This fixes a regression introduced in v5.82.0 causing setting mutual_authentication: Invalid address to set: []string{"mutual_authentication", "0", "advertise_trust_store_ca_names"} errors (#​40658)

v5.82.1

Compare Source

ENHANCEMENTS:

• resource/aws_autoscaling_group: Add availability_zone_distribution argument (#​40634)

BUG FIXES:

• data-source/aws_iam_policy_document: Reverts plan-time validation for statement sid (#​40639)

v5.82.0

Compare Source

NOTES:

• resource/aws_resourcegroups_resource: The format of the read-only id attribute has changed to prevent inconsistent parsing which resulted in provider crashes under certain conditions. The new format is a comma-delimited string combining group_arn and resource_arn in their entirety. Configuarations relying on the previous format may need to be updated to continue functioning correctly. (#​40579)

FEATURES:

• New Data Source: aws_servicecatalogappregistry_attribute_group_associations (#​38306)
• New Resource: aws_api_gateway_domain_name_access_association (#​40566)
• New Resource: aws_cloudfront_vpc_origin (#​40239)
• New Resource: aws_memorydb_multi_region_cluster (#​40376)
• New Resource: aws_networkmanager_dx_gateway_attachment (#​40546)
• New Resource: aws_rds_cluster_snapshot_copy (#​40398)

ENHANCEMENTS:

• data-source/aws_dx_gateway: Add arn attribute (#​40546)
• data-source/aws_iam_policy_document: Add plan-time validation that the statement sid is valid, including on alphanumeric characters (#​40562)
• data-source/aws_vpc_endpoint: Add service_region attribute (#​40583)
• resource/aws_bedrockagent_agent: Add agent_collaboration attribute to configure agent collaboration role (#​40543)
• resource/aws_cloudfront_distribution: Add origin.vpc_origin_config argument (#​40239)
• resource/aws_db_parameter_group: Support import of name_prefix argument (#​40622)
• resource/aws_dx_gateway: Add arn attribute (#​40546)
• resource/aws_fsx_lustre_file_system: Add efa_enabled argument (#​40381)
• resource/aws_lb_listener: Add advertise_trust_store_ca_names attribute to the mutual_authentication configuration block (#​40550)
• resource/aws_memorydb_cluster: Add multi_region_cluster_name argument (#​40376)
• resource/aws_networkmanager_attachment_accepter: Add edge_locations attribute (#​40546)
• resource/aws_resourcegroups_resource: Add import support (#​40579)
• resource/aws_vpc_endpoint: Add service_region argument (#​40583)

BUG FIXES:

• data-source/aws_acmpca_certificate_authority: Ignore AccessDeniedException: ... is not authorized to perform: acm-pca:GetCertificateAuthorityCsr on resource: ... errors for RAM-shared CAs (#​39952)
• data-source/aws_licensemanager_received_license: Fix setting entitlements: Invalid address to set: []string{"entitlements", "0", "overage"} errors (#​40621)
• resource/aws_amplify_domain_association: No longer ignores changes to certificate_settings when updating. (#​40589)
• resource/aws_amplify_domain_association: Prevent "unexpected state" error when setting certificate_settings.type to CUSTOM. (#​40589)
• resource/aws_amplify_domain_association: Prevent ValidationException when setting certificate_settings.type to AMPLIFY_MANAGED. (#​40589)
• resource/aws_amplify_domain_association: Prevent permanent diff when certificate_settings not set. (#​40589)
• resource/aws_amplify_domain_association: Prevents panic in some circumstances when certificate_settings is not set during update. (#​40589)
• resource/aws_api_gateway_domain_name: Correct arn for private custom domain names (#​40566)
• resource/aws_codeconnections_host: Mark vpc_configuration.tls_certificate as Optional (#​40574)
• resource/aws_elasticache_replication_group: Prevent perpetual diff which triggers resource replacement on at_rest_encryption_enabled when engine is valkey. (#​40514)
• resource/aws_lakeformation_permissions: Add support for IAMPrincipals principal group (#​38600)
• resource/aws_lakeformation_permissions: Fix refreshing state so order is not considered in permissions and permissions_with_grant_option attributes (#​38047)
• resource/aws_lakeformation_resource_lf_tag: Fix panic when resource tries to destroy a LFTag reference that does not exist (#​40584)
• resource/aws_lambda_invocation: Set new computed value for result attribute when changing input attribute, for lifecycle scope "CRUD" (#​34263)
• resource/aws_medialive_channel: Added missing teletext_destination_settings. (#​33797)
• resource/aws_rds_cluster: Fix issue with waiter when modifying allocated_storage (#​40601)
• resource/aws_resourcegroups_resource: Fix crash when parsing certain ARN formats (#​40579)
• resource/aws_s3_bucket: Destroying a bucket with force_destroy = true can now delete objects with non-XML-safe keys (#​40537)
• resource/aws_s3_directory_bucket: Destroying a directory bucket with force_destroy = true can now delete objects with non-XML-safe keys (#​40537)
• resource/aws_secretsmanager_secret_rotation: Fix bug where automatically_after_days was not being set properly when schedule_expression had been set previously (#​34295)
• resource/aws_secretsmanager_secret_rotation: Retry rotation in case it has not yet propagated when previously an error would occur: InvalidRequestException: A previous rotation isn't complete. That rotation will be reattempted. (#​34295)
• resource/aws_sqs_queue_redrive_allow_policy: Fix perpetual redrive_allow_policy diffs (#​40604)

v5.81.0

Compare Source

FEATURES:

• New Data Source: aws_servicecatalogappregistry_attribute_group (#​38188)
• New Ephemeral Resource: aws_ssm_parameter (#​40313)
• New Resource: aws_bedrock_inference_profile (#​40294)
• New Resource: aws_cloudwatch_log_anomaly_detector (#​40437)
• New Resource: aws_ecr_account_setting (#​40219)
• New Resource: aws_msk_single_scram_secret_association (#​37056)
• New Resource: aws_servicecatalogappregistry_attribute_group (#​38183)
• New Resource: aws_servicecatalogappregistry_attribute_group_association (#​38290)

ENHANCEMENTS:

• data-source/aws_api_gateway_domain_name: Add policy and domain_name_id attributes (#​40364)
• data-source/aws_servicecatalogappregistry_application: Add tags attribute (#​38243)
• data-source/aws_sesv2_configuration_set: Add delivery_options.max_delivery_seconds and tracking_options.https_policy attributes (#​40194)
• resource/aws_api_gateway_base_path_mapping: Add domain_name_id argument (#​40447)
• resource/aws_api_gateway_domain_name: Add policy argument and domain_name_id attribute (#​40364)
• resource/aws_api_gateway_domain_name: Support PRIVATE as a valid value for endpoint_configuration.types argument, enabling custom domain name support for private REST API endpoints (#​40364)
• resource/aws_ebs_snapshot_copy: Add completion_duration_minutes argument (#​40336)
• resource/aws_glue_catalog_table_optimizer: Add configuration.retention_configuration and configuration.orphan_file_deletion_configuration attributes. (#​40199)
• resource/aws_instance: Add enable_primary_ipv6 argument to add support for enabling primary IPv6 addresses on EC2 instances (#​36425)
• resource/aws_kinesis_stream: Add plan-time validation that shard_count would not exceed the AWS account's shard quota when the data stream capacity mode is PROVISIONED, preventing the provider from retrying for 1 hour in the case that the quota is exceeded. This functionality requires the kinesis:DescribeLimits IAM permission (#​40499)
• resource/aws_kinesis_stream: Add plan-time validation that creation of an on-demand stream would not exceed the AWS account's data stream quota, preventing the provider from retrying for 1 hour in the case that the quota is exceeded. This functionality requires the kinesis:DescribeLimits IAM permission (#​40499)
• resource/aws_msk_replicator: Add topic_replication.topic_name_configuration argument (#​40101)
• resource/aws_network_interface: Add enable_primary_ipv6 argument to add support for enabling primary IPv6 addresses for network interfaces (#​36425)
• resource/aws_networkfirewall_firewall_policy: Add stateful_engine_options.flow_timeouts argument (#​39996)
• resource/aws_rds_cluster: Add serverlessv2_scaling_configuration.seconds_until_auto_pause argument (#​40441)
• resource/aws_rds_global_cluster: Add tags argument and tags_all attribute (#​40470)
• resource/aws_sagemaker_notebook_instance: Support notebook-al2-v3 value for platform_identifier (#​40484)
• resource/aws_servicecatalogappregistry_application: Add tags argument and tags_all attribute (#​38243)
• resource/aws_sesv2_configuration_set: Add delivery_options.max_delivery_seconds and tracking_options.https_policy arguments (#​40194)

BUG FIXES:

• data-source/aws_kinesis_stream: Fix InvalidArgumentException: NextToken and StreamName cannot be provided together errors when the data stream has more than 1000 shards (#​40499)
• resource/aws_ce_cost_category: Change rule from TypeSet to TypeList as order is significant (#​40521)
• resource/aws_fsx_windows_file_system: Fix plan-time validation of throughput_capacity validation to allow values up to 12228 (#​40468)
• resource/aws_networkfirewall_logging_configuration: Correctly manage all configured logging_configuration.log_destination_configs (#​40092)
• resource/aws_rds_cluster: Fix InvalidDBClusterStateFault errors when deleting clusters that are members of a global cluster (#​40333)
• resource/aws_rds_cluster: Fix InvalidParameterValue: Serverless v2 maximum capacity 0.0 isn't valid. The maximum capacity must be at least 1.0. errors when removing serverlessv2_scaling_configuration in an update (#​40511)
• resource/aws_rds_cluster: Respect storage_type when restoring from S3 (#​40471)
• resource/aws_rds_cluster: Respect storage_type when restoring from snapshot (#​40471)
• resource/aws_rds_cluster: Respect storage_type when restoring to a point in time (#​40471)
• resource/aws_rds_global_cluster: Mark database_name as Computed. This prevents resource recreation when the source cluster specifies a database_name (#​40469)

v5.80.0

Compare Source

FEATURES:

• New Resource: aws_codeconnections_connection (#​40300)
• New Resource: aws_codeconnections_host (#​40300)
• New Resource: aws_s3tables_namespace (#​40420)
• New Resource: aws_s3tables_table (#​40420)
• New Resource: aws_s3tables_table_bucket (#​40420)
• New Resource: aws_s3tables_table_bucket_policy (#​40420)
• New Resource: aws_s3tables_table_policy (#​40420)

ENHANCEMENTS:

• resource/aws_bedrockagent_agent: Increase instruction max length for validation to 8000 (#​40279)
• resource/aws_dynamodb_table_replica: Add deletion_protection_enabled argument (#​35359)
• resource/aws_rds_cluster: Adjust serverlessv2_scaling_configuration.max_capacity and serverlessv2_scaling_configuration.min_capacity minimum values to 0 to support Amazon Aurora Serverless v2 scaling to 0 ACUs (#​40230)
• resource/aws_s3_directory_bucket: Support LocalZone as a valid value for location.type, enabling support for Amazon S3 Express One Zone in AWS Dedicated Local Zones (#​40339)

BUG FIXES:

• resource/aws_bedrock_provisioned_model_throughput: Properly manages tags_all when planning. (#​40305)
• resource/aws_connect_contact_flow: Fix deserialization failed, failed to decode response body with invalid JSON errors on Read (#​40419)
• resource/aws_rds_cluster_instance: Fix error when destroying from a read replica cluster (#​40409)

v5.79.0

Compare Source

FEATURES:

• New Resource: aws_vpc_block_public_access_exclusion (#​40235)
• New Resource: aws_vpc_block_public_access_options (#​40233)

ENHANCEMENTS:

• resource/aws_eks_cluster: Add compute_config, storage_config, and kubernetes_network_config.elastic_load_balancing arguments for EKS Auto Mode (#​40370)
• resource/aws_eks_cluster: Add remote_network_config argument for EKS Auto Mode (#​40371)
• resource/aws_lambda_event_source_mapping: Add metrics_config argument (#​40322)
• resource/aws_lambda_event_source_mapping: Add provisioned_poller_config argument (#​40303)
• resource/aws_rds_cluster: Add ability to promote read replica cluster to standalone (#​40337)
• resource/aws_vpc_endpoint_service: Add supported_regions argument (#​40346)

BUG FIXES:

• resource/aws_fsx_openzfs_file_system: Increase maximum value of disk_iops_configuration.iops from 350000 to 400000 for deployment_type = "SINGLE_AZ_2" (#​40359)

v5.78.0

Compare Source

NOTES:

• resource/aws_s3_bucket_lifecycle_configuration: Lifecycle configurations can now be applied to directory buckets (#​40268)

FEATURES:

• New Resource: aws_iam_organizations_features (#​40164)

ENHANCEMENTS:

• data-source/aws_memorydb_cluster: Add engine attribute (#​40224)
• data-source/aws_memorydb_snapshot: Add cluster_configuration.engine attribute (#​40224)
• resource/aws_memorydb_cluster: Add engine argument (#​40224)
• resource/aws_memorydb_snapshot: Add cluster_configuration.engine attribute (#​40224)

BUG FIXES:

• data-source/aws_rds_reserved_instance_offering: When product_description (e.g., "postgresql") is a substring of multiple products, fix Error: multiple RDS Reserved Instance Offerings matched; use additional constraints to reduce matches to a single RDS Reserved Instance Offering (#​40281)
• provider: Suppress Warning: AWS account ID not found for provider when skip_requesting_account_id is true (#​40264)
• resource/aws_batch_job_definition: Fix crash when specifying eksProperties or ecsProperties block (#​40172)
• resource/aws_bedrock_guardrail: Fix perpetual diff if multiple content_policy_config.filters_configs are specified. (#​40304)
• resource/aws_chatbot_slack_channel_configuration: Fix inconsistent provider result when order of sns_topic_arnschanges (#​40253)
• resource/aws_chatbot_teams_channel_configuration: Fix inconsistent provider result when order of sns_topic_arnschanges (#​40291)
• resource/aws_db_instance: When changing storage_type from io1 or io2 to gp3, fix bug causing error InvalidParameterCombination: You must specify both the storage size and iops when modifying the storage size or iops on a DB instance that has iops (#​37257)
• resource/aws_db_instance: When changing a gp3 volume's allocated_storage to a value larger than the threshold value for engine, fix bug causing error InvalidParameterCombination: You must specify both the storage size and iops when modifying the storage size or iops on a DB instance that has iops (#​28847)

v5.77.0

Compare Source

NOTES:

• New ephemeral resources aws_kms_secrets, aws_lambda_invocation, and aws_secretsmanager_secret_version now support ephemeral values. (#​40009)

FEATURES:

• New Ephemeral Resource: aws_kms_secrets (#​40009)
• New Ephemeral Resource: aws_lambda_invocation (#​39988)
• New Ephemeral Resource: aws_secretsmanager_secret_version (#​40009)
• New Resource: aws_rds_instance_state (#​40180)

ENHANCEMENTS:

• data-source/aws_ami: Add warning diagnostic when most_recent is true and certain filter criteria are missing (#​40211)
• data-source/aws_ecs_service: Add availability_zone_rebalancing attribute (#​40225)
• resource/aws_ecs_service: Add availability_zone_rebalancing attribute (#​40225)
• resource/aws_ecs_service: Add vpc_lattice_configurations argument (#​40177)
• resource/aws_ecs_task_definition: Add versionConsistency argument to container_definitions (#​40216)
• resource/aws_lambda_function: Add support for nodejs22.x runtime value (#​40277)
• resource/aws_lambda_layer_version: Add support for nodejs22.x compatible_runtimes value (#​40277)
• resource/aws_rds_global_cluster: Add endpoint argument to point to the writer DB instance in the current primary cluster (#​39960)

BUG FIXES:

• data-source/aws_subnet: Set tags from the DescribeSubnets response, removing the need for the ec2:DescribeTags IAM permission (#​40144)
• resource/aws_cognito_user_pool: Fix crash when hashing nil schema element (#​40195)
• resource/aws_eks_addon: Fix crash when pod_identity_association is modified (#​40168)
• resource/aws_eks_addon: Fix to prevent persistent differences when pod_identity_association is changed (#​40168)

v5.76.0

Compare Source

FEATURES:

• New Resource: aws_vpc_security_group_vpc_association (#​40069)

ENHANCEMENTS:

• resource/aws_lambda_function: Add support for python3.13 runtime value (#​40277)
• resource/aws_lambda_layer_version: Add support for python3.13 compatible_runtimes value (#​40277)
• resource/aws_medialive_channel: Add missing h265 codec settings (#​40071)

BUG FIXES:

• resource/aws_api_gateway_integration: Fix BadRequestException: Invalid mapping expression specified and NotFoundException: Invalid parameter name specified errors when making updates to request_parameters and/or cache_key_parameters (#​40124)
• resource/aws_api_gateway_method: Fix BadRequestException: Invalid mapping expression specified and NotFoundException: Invalid parameter name specified errors when making updates to request_parameters (#​40124)
• resource/aws_autoscaling_group: Handle eventual consistency issues that occur when using a launch_template that is updated causing ValidationError: You must use a valid fully-formed launch template. (#​40088)
• resource/aws_eip: Properly surface errors during deletion when ipam_pool_id is set (#​40082)
• resource/aws_elasticache_reserved_cache_node: Fix Provider returned invalid result object after apply errors (#​40090)
• resource/aws_iam_group_policies_exclusive: Add validation to prevent null values in policy_names (#​40076)
• resource/aws_iam_group_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#​40076)
• resource/aws_iam_instance_profile: Handle eventual consistency issues that occur when this resource is updated and has dependents (#​40088)
• resource/aws_iam_role_policies_exclusive: Add validation to prevent null values in policy_names (#​40076)
• resource/aws_iam_role_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#​40076)
• resource/aws_iam_user_policies_exclusive: Add validation to prevent null values in policy_names (#​40076)
• resource/aws_iam_user_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#​40076)
• resource/aws_launch_template: Handle eventual consistency issues that occur when this resource is updated and has dependents (#​40088)

v5.75.1

Compare Source

ENHANCEMENTS:

• data-source/aws_cloudwatch_event_bus: Add description attribute (#​39980)
• resource/aws_api_gateway_account: Add attribute reset_on_delete to properly reset CloudWatch Role ARN on deletion. (#​40004)
• resource/aws_cloudwatch_event_bus: Add description argument (#​39980)

BUG FIXES:

• resource/aws_api_gateway_deployment: Rolls back validation of canary_settings and stage_description when stage_name not set. (#​40067)
• resource/aws_dynamodb_table: Allow table TTL to be disabled by allowing ttl[0].attribute_name to be set when ttl[0].enabled is false (#​40046)
• resource/aws_sagemaker_domain: Fix issue causing a ValidationException on updates when RStudio is disabled on the domain (#​40049)

v5.75.0

Compare Source

BREAKING CHANGES:

• resource/aws_api_gateway_stage: Add canary_settings.deployment_id attribute as required (#​39929)

NOTES:

• provider: validation of arguments implementing the custom ARNType will properly surface validation errors (#​40008)
• resource/aws_api_gateway_stage: deployment_id was added to canary_settings as a required attribute. This breaking change was necessary to make canary_settings functional. Without this change all canary traffic was routed to the main deployment (#​39929)

FEATURES:

• New Data Source: aws_spot_datafeed_subscription (#​39647)

ENHANCEMENTS:

• data-source/aws_batch_job_definition: Add init_containers, share_process_namespace, and image_pull_secrets attributes (#​40019)
• resource/aws_batch_job_definition: Add init_containers and share_process_namespace arguments (#​40019)
• resource/aws_batch_job_definition: Increase maximum number of containers arguments to 10 (#​40019)
• resource/aws_eks_addon: Add pod_identity_association argument (#​38357)
• resource/aws_iam_user_login_profile: Mark the password argument as sensitive (#​39991)

BUG FIXES:

• resource/aws_api_gateway_deployment: Fix destroy error when canary stage still exists on resource (#​39929)
• resource/aws_codedeploy_deployment_group: Remove maximum items limit on the alarm_configuration.alarms argument (#​39971)
• resource/aws_eks_addon: Handle ResourceNotFound exceptions during resource destruction (#​38357)
• resource/aws_elasticache_reserved_cache_node: Fix Value Conversion Error during resource creation (#​39945)
• resource/aws_lb_listener: Fix errors when updating the tcp_idle_timeout_seconds argument for gateway load balancers (#​40039)
• resource/aws_lb_listener: Remove the default tcp_idle_timeout_seconds value, preventing ModifyListenerAttributes API calls when a value is not explicitly configured (#​40039)
• resource/aws_vpc_ipam_pool: Fix bug when public_ip_source = "amazon": The request can only contain PubliclyAdvertisable if the AddressFamily is IPv6 and PublicIpSource is byoip. (#​40042)

v5.74.0

Compare Source

FEATURES:

• New Data Source: aws_lb_listener_rule (#​39865)
• New Resource: aws_opensearch_authorize_vpc_endpoint_access (#​39846)
• New Resource: aws_ssmquicksetup_configuration_manager (#​39931)

ENHANCEMENTS:

• data-source/aws_imagebuilder_distribution_configuration: Add distribution.s3_export_configuration attribute (#​35492)
• data-source/aws_imagebuilder_image_recipe: Fix block_device_mapping.0.ebs.0.delete_on_termination: '' expected type 'bool', got unconvertible type 'string' errors (#​39928)
• resource/aws_codedeploy_deployment_group: Add termination_hook_enabled argument (#​35482)
• resource/aws_eks_cluster: Add zonal_shift_config argument (#​39852)
• resource/aws_imagebuilder_distribution_configuration: Add distribution.s3_export_configuration argument (#​35492)
• resource/aws_imagebuilder_image_pipeline: Allow container_recipe_arn and image_recipe_arn to be updated in-place (#​39117)
• resource/aws_keyspaces_keyspace: Add replication_specification argument (#​36331)
• resource/aws_launch_template: Add efa-only as a valid value for network_interfaces.interface_type (#​39882)
• resource/aws_transfer_server: Add TransferSecurityPolicy-Restricted-2024-06 as a valid value for security_policy_name (#​39871)

BUG FIXES:

• resource/aws_docdb_cluster: Use master_password on resource Create when snapshot_identifier is configured (#​38193)
• resource/aws_imagebuilder_container_recipe: Change component.parameter.name, component.parameter.value, target_repository.repository_name, and target_repository.service to ForceNew (#​39117)
• resource/aws_route53_record: Fix interface conversion: interface {} is nil, not map[string]interface {} panic when geolocation_routing_policy is empty (#​39944)
• resource/aws_ssm_patch_baseline: Update approval_rule.approve_after_days validation to allow a maximum value of 360 (#​39949)
• resource/aws_wafv2_web_acl: Fix decoding JSON: unexpected end of JSON input errors when updating from using rule_json to using rule (#​39283)
• resource/aws_wafv2_web_acl: Fix unmarshal error for incompatible types in rule_json (#​39878)

v5.73.0

Compare Source

FEATURES:

• New Data Source: aws_ssm_patch_baselines (#​39779)
• New Resource: aws_imagebuilder_lifecycle_policy (#​35674)
• New Resource: aws_resiliencehub_resiliency_policy (#​38913)
• New Resource: aws_sagemaker_hub (#​39807)
• New Resource: aws_sagemaker_mlflow_tracking_server (#​39796)

ENHANCEMENTS:

• data-source/aws_elasticache_reserved_cache_node_offering: Support valkey as valid value for product_description (#​39745)
• data-source/aws_lakeformation_data_lake_settings: Add parameters map attribute to read CROSS_ACCOUNT_VERSION (#​39826)
• data-source/aws_lb: Add enable_zonal_shift attribute (#​39585)
• resource/aws_apprunner_auto_scaling_configuration_version: Remove the upper limit on min_size and max_size (#​39843)
• resource/aws_batch_job_definition: Ensure that new revisions are created with tags (#​39797)
• resource/aws_codedeploy_deployment_config: Add zonal_config argument (#​34850)
• resource/aws_dynamodb_kinesis_streaming_destination: Add approximate_creation_date_time_precision argument (#​38098)
• resource/aws_elasticache_cluster: Support valkey as valid value for engine (#​39745)
• resource/aws_elasticache_global_replication_group: Support Valkey versions for engine_version (#​39745)
• resource/aws_elasticache_replication_group: Support Valkey versions for engine_version (#​39745)
• resource/aws_elasticache_replication_group: Support valkey as valid value for engine (#​39745)
• resource/aws_elasticache_serverless_cache: Support valkey as valid value for engine (#​39745)
• resource/aws_kinesis_firehose_delivery_stream: Add iceberg_configuration argument (#​39844)
• resource/aws_lakeformation_data_lake_settings: Add parameters map argument enabling CROSS_ACCOUNT_VERSION to be set (#​39826)
• resource/aws_lb: Add enable_zonal_shift argument (#​39585)
• resource/aws_lb_listener: Add tcp_idle_timeout_seconds argument (#​39585)
• resource/aws_route53profiles_association: Add regex and string length validation for name argument (#​39798)
• resource/aws_s3_bucket_object: Remove the call to kms:DescribeKey for the S3 default AWS managed key (alias/aws/s3) on Read (#​39782)
• resource/aws_s3_object: Remove the call to kms:DescribeKey for the S3 default AWS managed key (alias/aws/s3) on Read (#​39782)
• resource/aws_s3_object_copy: Remove the call to kms:DescribeKey for the S3 default AWS managed key (alias/aws/s3) on Read (#​39782)
• resource/aws_sagemaker_domain: Add default_user_settings.jupyter_lab_app_settings.app_lifecycle_management, default_user_settings.jupyter_lab_app_settings.built_in_lifecycle_config_arn, default_user_settings.jupyter_lab_app_settings.emr_settings, default_space_settings.jupyter_lab_app_settings.app_lifecycle_management, default_space_settings.jupyter_lab_app_settings.built_in_lifecycle_config_arn, default_space_settings.jupyter_lab_app_settings.emr_settings, default_user_settings.auto_mount_home_efs, default_user_settings.canvas_app_settings.emr_serverless_settings, default_user_settings.studio_web_portal_settings.hidden_instance_types, default_user_settings.code_editor_app_settings.app_lifecycle_management, default_user_settings.code_editor_app_settings.built_in_lifecycle_config_arn, and tag_propagation arguments (#​39774)
• resource/aws_sagemaker_domain: Allow app_network_access_type and app_security_group_management to be updated in-place (#​39774)
• resource/aws_sagemaker_feature_group: Add feature_definition.collection_config, feature_definition.collection_type, and throughput_config arguments (#​39805)
• resource/aws_sagemaker_space: Add space_settings.code_editor_app_settings.app_lifecycle_management and space_settings.jupyter_lab_app_settings.app_lifecycle_management arguments (#​39800)
• resource/aws_sagemaker_user_profile: Add user_settings.auto_mount_home_efs, user_settings.canvas_app_settings.emr_serverless_settings, user_settings.code_editor_app_settings.app_lifecycle_management, user_settings.code_editor_app_settings.built_in_lifecycle_config_arn, user_settings.jupyter_lab_app_settings.app_lifecycle_management, user_settings.jupyter_lab_app_settings.built_in_lifecycle_config_arn, user_settings.jupyter_lab_app_settings.emr_settings and user_settings.studio_web_portal_settings.hidden_instance_types arguments (#​39774)

BUG FIXES:

• data-source/aws_workspaces_bundle: Return the first matching bundle when searching by name. This fixes a regression introduced in v5.72.0 causing multiple WorkSpaces Bundles matched; use additional constraints to reduce matches to a single WorkSpaces Bundle errors (#​39777)
• resource/aws_dynamodb_table: Fix validation error when optional attribute in on_demand_throughput is excluded (#​39784)
• resource/aws_ecr_repository_policy: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_elasticache_serverless_cache: Fix InvalidParameterValue: This API supports only cross-engine upgrades to Valkey engine currently errors on Update (#​39745)
• resource/aws_iam_policy: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_iam_role_policy: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_kms_key: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_quicksight_data_set: Fix InvalidParameterValueException: Invalid RowLevelPermissionDataSet. Namespace parameter should not be specified for Version 2 errors on Create and Update (#​39778)
• resource/aws_route53_record: Allow creation of records with ttl=0 (#​39728)
• resource/aws_s3_bucket_policy: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_secretsmanager_secret: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_security_group_rule: Remove from state when rule not found. This fixes a regression introduced in v5.60.0 (#​39834)

v5.72.1

Compare Source

FEATURES:

• New Resource: aws_iam_group_policy_attachments_exclusive (#​39732)
• New Resource: aws_iam_user_policy_attachments_exclusive (#​39731)

ENHANCEMENTS:

• resource/aws_resourceexplorer2_view: Add scope argument (#​39744)

BUG FIXES:

• data-source/aws_batch_job_definition: Properly handles ignored tags. (#​39734)
• data-source/aws_cognito_user_pool: Properly handles ignored tags. (#​39734)
• resource/aws_cognito_user_pool: Properly handles ignored tags. (#​39734)
• resource/aws_dynamodb_table: Fix crash when billing_mode is set to PAY_PER_REQUEST without global_secondary_index updates (#​39752)
• resource/aws_dynamodb_table_replica: Properly handles default and ignored tags. (#​39734)
• resource/aws_resourceexplorer2_index: Correctly mark incomplete AGGREGATOR indexes as tainted on Create (#​39744)

v5.72.0

Compare Source

NOTES:

• This version contains all the features, enhancements, and bug fixes from the v5.71.0 release which was removed from the Terraform Registry (#​39692)
• resource/aws_iam_role: The managed_policy_arns argument is deprecated. Use the aws_iam_role_policy_attachments_exclusive resource instead. (#​39718)

FEATURES:

• New Resource: aws_iam_role_policy_attachments_exclusive (#​39718)

ENHANCEMENTS:

• data-source/aws_workspaces_directory: Add saml_properties attribute (#​39060)
• resource/aws_appflow_flow: Add source_flow_config.source_connector_properties.sapo_data.pagination_config and source_flow_config.source_connector_properties.sapo_data.parallelism_config attributes (#​38932)
• resource/aws_cloudwatch_event_rule: Add tags to AWS API request on Update to support ABAC aws:RequestTag conditions (#​39648)
• resource/aws_cloudwatch_event_target: Add appsync_target configuration block (#​37773)
• resource/aws_dynamodb_table: Add on_demand_throughput and global_secondary_index.on_demand_throughput arguments (#​37799)
• resource/aws_rds_cluster: Increase maximum value of serverlessv2_scaling_configuration.max_capacity and serverlessv2_scaling_configuration.min_capacity from 128 to 256 (#​39697)
• resource/aws_rds_cluster_instance: Treat storage-optimization status as success when creating or updating cluster DB instances (#​39691)
• resource/aws_workspaces_directory: Add saml_properties configuration block (#​39060)

BUG FIXES:

• data-source/aws_ssm_document: Correct arn for automation documents (#​39705)
• resource/aws_cognito_user_pool:

---

Configuration

📅 Schedule: Branch creation - "after 10:30 before 18:00 every weekday except after 13:00 before 14:00" in timezone America/Lima, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.