Releases: hashicorp/terraform-provider-aws
Releases · hashicorp/terraform-provider-aws
v2.59.0
NOTES:
- provider: Region validation now automatically supports the new
af-south-1
(Africa (Cape Town)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the AWS Documentation. When the region is not enabled, the Terraform AWS Provider will return errors during credential validation (e.g.error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid
) or AWS operations will throw their own errors (e.g.data.aws_availability_zones.current: Error fetching Availability Zones: AuthFailure: AWS was not able to validate the provided access credentials
). (#12715) - resource/aws_iam_user: The additional
force_destroy
behavior for handling signing certificates requires two additional IAM permissions (iam:ListSigningCertificates
andiam:DeleteSigningCertificate
). Restrictive IAM permissions for Terraform runs may require updates. (#10542) - resource/aws_rds_cluster: Due to recent API support for Aurora MySQL 5.7 and PostgreSQL Global Clusters which implemented the engine mode as
provisioned
instead of the previousglobal
for Aurora MySQL 5.6, the resource now requires theDescribeGlobalClusters
API call. Restrictive IAM permissions may require updates. (#12867)
FEATURES:
ENHANCEMENTS:
- data_source/aws_acm_certificate: Add
tags
output (#11659) - data-source/aws_cloudtrail_service_account: Support
af-south-1
region (#12967) - data-source/aws_elastic_beanstalk_hosted_zone: Support
af-south-1
region (#12967) - data-source/aws_elb_hosted_zone_id: Support
af-south-1
region (#12967) - data-source/aws_elb_service_account: Support
af-south-1
region (#12967) - data-source/aws_s3_bucket: Support
af-south-1
region forhosted_zone_id
attribute (#12967) - provider: Support automatic region validation for
af-south-1
(#12715) - resource/aws_apigatewayv2_api: Add
cors_configuration
,credentials_arn
,route_key
andtarget
attributes (#12452) - resource/aws_appsync_graphql_api: Add
log_config
configuration blockexclude_verbose_content
argument (#12884) - resource/aws_config_configuration_recorder: Prevent error during deletion operation when resource is missing (#12734)
- resource/aws_default_network_acl: Support import (#12924)
- resource/aws_lambda_alias: Suppress differences for equivalent
function_name
argument values of name versus ARN (#12902) - resource/aws_network_acl_rule: Support import (#12921)
- resource/aws_route: Add plan-time validation for
destination_cidr_block
anddestination_ipv6_cidr_block
arguments (#12890) - resource/aws_s3_bucket: Support
af-south-1
region forhosted_zone_id
attribute (#12967) - resource/aws_service_discovery_private_dns_namespace: Support import (#12929)
- resource/aws_ssm_activation: Support import (#12933)
- resource/aws_ssm_maintenance_window_target: Add plan-time validation to
resource_type
argument (#11783) - resource/aws_ssm_maintenance_window_target: Support import (#12935)
- resource/aws_volume_attachment: Support import (#12948)
- resource/aws_waf_ipset: Add plan-time validation for
ip_set_descriptors
configuration block arguments (#12775) - resource/aws_waf_sql_injection_match_set: Support import (#11657)
- resource/aws_waf_xss_match_set: Add plan-time validation for
xss_match_tuples
configuration block arguments (#12777) - resource/aws_wafregional_web_acl: Add plan-time validation to various arguments (#12793)
BUG FIXES:
- data-source/aws_launch_template: Prevent type error with
network_interfaces
associate_public_ip_address
attribute (#12936) - resource/aws_glue_security_configuration: Prevent empty string KMS Key ARN in S3 Encryption settings (#12898)
- resource/aws_iam_user: Ensure
force_destroy
argument removes signing certificates when enabled (#10542) - resource/aws_rds_cluster: Prevent unexpected
global_cluster_identifier
differences and deletion error withaurora-mysql
andaurora-postgresql
Global Cluster members (#12867) - resource/aws_route: Prevent not found after creation error with
destination_ipv6_cidr_block
set to::0/0
(#12890)
v2.58.0
FEATURES:
- New Data Source:
aws_regions
(#12269) - New Resource:
aws_apigatewayv2_deployment
(#9245) - New Resource:
aws_apigatewayv2_domain_name
(#9391) - New Resource:
aws_apigatewayv2_integration_response
(#9365) - New Resource:
aws_apigatewayv2_route
(#8881) - New Resource:
aws_apigatewayv2_route_response
(#9373) - New Resource:
aws_apigatewayv2_stage
(#9232) - New Resource:
aws_dms_event_subscription
(#7170)
ENHANCEMENTS:
- data-source/aws_dynamodb_table: Add
replica
attribute (initial support for Global Tables V2 (version 2019.11.21)) (#12342) - data-source/aws_instance: Exports
volume_name
forroot_block_device
(#12620) - resource/aws_backup_plan: Add
rule
configuration blockcopy_action
configuration block (support cross region copy) (#11923) - resource/aws_cognito_identity_provider: Support plan-time validation for
idp_identifiers
,provider_name
, andprovider_type
arguments (#10705) - resource/aws_dms_endpoint: Add
elasticsearch_settings
configuration block andelasticsearch
toengine_name
validation (support Elasticsearch endpoints) (#11792) - resource/aws_dms_endpoint: Add
kinesis_settings
configuration block andkinesis
toengine_name
validation (support Kinesis endpoints) (#8633) - resource/aws_dynamodb_table: Add
replica
configuration block (initial support for Global Tables V2 (version 2019.11.21)) (#12342) - resource/aws_ec2_client_vpn_endpoint: Allow two
authentication_options
configuration blocks (#12819) - resource/aws_instance: Allow changing root volume size without re-creating resource (#12620)
- resource/aws_instance: Exports
volume_name
forroot_block_device
(#12620)
BUG FIXES:
- resource/aws_dlm_lifecycle_policy: Ensure plan-time validation for
times
argument only allows 24 hour format (#12800)
v2.57.0
BREAKING CHANGES:
- provider: The configuration for the preview ignore tags functionality has been updated to include a wrapping configuration block. For example:
provider "aws" {
ignore_tags {
keys = ["TagKey1"]
}
}
FEATURES:
- New Data Source:
aws_cloudfront_distribution
(#6468) - New Resource:
aws_apigatewayv2_authorizer
(#9228) - New Resource:
aws_apigatewayv2_integration
(#8949) - New Resource:
aws_apigatewayv2_model
(#8912)
ENHANCEMENTS:
- data-source/aws_lambda_layer_version: Support plan-time validation for
compatible_runtime
argumentdotnetcore3.1
value (support .NET Core 3.1) (#12712) - resource/aws_cloudhsm_v2_cluster: Support tag-on-create (#11683)
- resource/aws_docdb_cluster: Add
deletion_protection
argument (#12650) - resource/aws_egress_only_internet_gateway: Add
tags
argument (#11568) - resource/aws_lambda_function: Support plan-time validation for
runtime
argumentdotnetcore3.1
value (support .NET Core 3.1) (#12712) - resource/aws_lambda_layer_version: Support plan-time validation for
compatible_runtimes
argumentdotnetcore3.1
value (support .NET Core 3.1) (#12712) - resource/aws_rds_global_cluster: Add
aurora-postgresql
toengine
argument plan-time validation (#12401) - resource/aws_redshift_snapshot_copy_grant: Support resource import (#10350)
- resource/aws_spot_fleet_request: Add
tags
argument (support tagging of Spot Fleet Request itself) (#12295) - resource/aws_spot_fleet_request: Support plan-time validation for
launch_specification
configuration blockebs_block_device
volume_type
,iam_instance_profile_arn
,placement_tenancy
, androot_block_device
volume_type
arguments (#12295) - resource/aws_spot_fleet_request: Support plan-time validation for
allocation_strategy
,instance_interruption_behaviour
, andtarget_group_arns
arguments (#12295) - service/ec2: Prevent eventual consistency errors tagging resources on creation (#12735)
BUG FIXES:
- resource/aws_appautoscaling_policy: Fix error when importing DynamoDB Table Index policy (#11232)
- resource/aws_db_instance: Allow creating read replica into RAM shared Subnet with VPC Security Group (#12700)
- resource/aws_kms_key: Prevent eventual consistency related errors on creation (#12738)
- resource/aws_lb_target_group: Automatically propose resource recreation for TCP
protocol
Target Groups whenhealth_check
configuration blockinterval
,protocol
, ortimeout
argument values are updated (#4568)
v2.56.0
NOTES:
- resource/aws_emr_cluster: The bug fix in this release will potentially re-create EMR Clusters with multiple bootstrap actions, since bootstrap actions cannot be modified in place. To avoid re-creation, temporarily add the
ignore_changes
lifecycle configuration argument and/or update the order in your Terraform configuration.
ENHANCEMENTS:
- data-source/aws_launch_template: Add
hibernation_options
attribute (#12492) - resource/aws_codepipeline: Adds cross-region action support (#12549)
- resource/aws_dx_connection: Support
2Gbps
and5Gbps
values in plan-time validation forbandwidth
argument (#12559) - resource/aws_dx_lag: Support
2Gbps
and5Gbps
values in plan-time validation forbandwidth
argument (#12559) - resource/aws_elastic_transcoder_preset: Support plan-time validation for
role
argument (#12575) - resource/aws_kms_grant: Support resource import (#11991)
- resource/aws_launch_template: Add
hibernation_options
configuration block (#12492)
BUG FIXES:
- resource/aws_codedeploy_deployment_group: Fix
blue_green_deployment_config
updates for ECS (#11885) - resource/aws_emr_cluster: Now properly sets the order when multiple bootstrap actions are defined
- resource/aws_kms_grant: Remove resource from Terraform state instead of error if removed outside Terraform (#12560)
- resource/aws_s3_bucket: Prevent various panics with empty configuration blocks (#12614)
- resource/aws_volume_attachment: Ensure any error is shown while waiting for volume to detach (#12596)
v2.55.0
FEATURES:
- New Resource:
aws_ec2_availability_zone_group
(#12400)
ENHANCEMENTS:
- data-source/aws_availability_zone: Add
all_availability_zones
andfilter
arguments (#12400) - data-source/aws_availability_zone: Add
group_name
,network_border_group
, andopt_in_status
attributes (#12400) - data-source/aws_availability_zones: Add
all_availability_zones
andfilter
arguments (#12400) - data-source/aws_availability_zones: Add
group_names
attribute (#12400) - data-source/aws_ec2_transit_gateway_dx_gateway_attachement: Add
filter
andtags
arguments (#12516) - data-source/aws_ec2_transit_gateway_vpn_attachment: Add
filter
andtags
arguments (#12415) - data-source/aws_instance: Add
metadata_options
attribute (#12491) - data-source/aws_launch_template: Add
filter
andtags
arguments (#12403) - data-source/aws_launch_template: Add
metadata_options
attribute (#12491) - data-source/aws_prefix_list: Add
filter
argument (#12416) - data-source/aws_vpc_endpoint_service: Add
filter
andtags
arguments (#12404) - resource/aws_athena_workgroup: Add
force_destroy
argument (#12254) - resource/aws_cloudwatch_log_metric_filter: Support resource import (#11992)
- resource/aws_flow_log: Add
max_aggregation_interval
argument (#12483) - resource/aws_instance: Add
metadata_options
configuration block (support IMDSv2) (#12491) - resource/aws_launch_template: Add
metadata_options
configuration block (support IMDSv2) (#12491) - resource/aws_msk_cluster: Add
logging_info
configuration block (support CloudWatch, Firehose, and S3 logging) (#12215) - resource/aws_mq_configuration: Support plan-time validation for
engine_type
argument (#11843) - resource/aws_route53_health_check: A dd plan-time validation to
insufficient_data_health_status
(#12305) - resource/aws_storagegateway_nfs_file_share: Add
path
attribute (#12530)
BUG FIXES:
- resource/aws_db_instance: Allow restoring from snapshot into RAM shared Subnet with VPC Security Group (#12447)
- resource/aws_mq_configuration: Remove extraneous
ListTags
API call during refresh (#11843) - resource/aws_neptune_cluster_instance: Add missing
configuring-log-exports
as allowed pending state (#12079) - resource/aws_route53_health_check: Do not recreate health check when using compressed ipv6 address (#12305)
v2.54.0
FEATURES:
ENHANCEMENTS:
- data-source/aws_iam_role: Add
tags
attribute (#12349) - data-source/aws_lb: Add
drop_invalid_header_fields
attribute (#11257) - provider: Support AWS shared configuration file
duration_seconds
setting for assume role (#12359) - resource/aws_backup_plan: Support resource import (#12381)
- resource/aws_cognito_user_pool: Add
email_configuration
configuration blockfrom_email_address
argument (#11607) - resource/aws_cognito_user_pool: Add
username_configuration
configuration block (Support case insensitive usernames) (#12317) - resource/aws_cognito_user_pool_client: Add
analytics_configuration
configuration block (Support Pinpoint analytics) (#11762) - resource/aws_cognito_user_pool_client: Add
prevent_user_existence_errors
argument (#11604) - resource/aws_dlm_lifecycle_policy: Support plan-time validation for 1 hour schedules in
policy_details
schedule
create_rule
interval
argument (#12327) - resource/aws_inspector_assessment_template: Add
tags
argument (#12375) - resource/aws_inspector_assessment_template: Support resource import (#12375)
- resource/aws_lambda_function: Support plan-time validation for
handler
argument (#12411) - resource/aws_lb: Add
drop_invalid_header_fields
argument (#11257) - resource/aws_nat_gateway: Support tag-on-create (#12347)
- resource/aws_opsworks_application: Support resource import (#12383)
- resource/aws_opsworks_application: Add plan-time validation to
data_source_arn
anddata_source_type
arguments andapp_source
configuration blocktype
argument (#12383) - resource/aws_opsworks_custom_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_opsworks_ganglia_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_opsworks_haproxy_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_opsworks_java_app_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_opsworks_memcached_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_opsworks_mysql_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_opsworks_nodejs_app_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_opsworks_php_app_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_opsworks_rails_app_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_opsworks_static_web_layer: Add
tags
argument,arn
attribute, and plan-time validation tocustom_instance_profile_arn
argument (#11667) - resource/aws_vpc_dhcp_options_association: Support resource import (#7252)
BUG FIXES:
- resource/aws_api_gateway_rest_api: Ignore ordering differences for
endpoint_configuration
configuration blockvpc_endpoint_ids
argument (#12350) - resource/aws_backup_selection: Automatically retry on additional IAM Role eventual consistency error (#10687)
- resource/aws_backup_vault: Remove resource from Terraform state when deleted outside Terraform (#11845)
- resource/aws_cognito_user_pool_client: Ignore ordering differences for
callback_urls
,logout_urls
, andsupported_identity_providers
arguments (#12388) - resource/aws_ebs_snapshot_copy: Return API errors instead of panic if unable to read snapshot (#12283)
- resource/aws_kinesis_stream: Ensure
kms_key_id
argument in-place updates complete successfully (#12008) - resource/aws_lambda_alias: Propose resource recreation for
function_name
argument updates (#11170) - resource/aws_opsworks_application: Mark
app_source
configuration blockssh_key
argument as sensitive (#11984) - resource/aws_opsworks_stack: Mark
custom_cookbooks_source
configuration blockssh_key
argument as sensitive (#11984) - resource/aws_s3_bucket: Retry
NoSuchBucket
error when setting tags during resource creation (#12418)
v2.53.0
NOTES:
- resource/aws_cognito_user_pool: The addition of Software Token MFA support required the use of new
GetUserPoolMfaConfig
andSetUserPoolMfaConfig
API calls. Restrictive IAM permissions for Terraform may require updates. (#12358)
FEATURES:
- New Resource:
aws_apigatewayv2_api
(#8842)
ENHANCEMENTS:
- resource/aws_appsync_graphql_api: Add
xray_enabled
argument (#11972) - resource/aws_cloud9_environment_ec2: Add
tags
argument (#12132) - resource/aws_cognito_user_pool: Add
software_token_mfa_configuration
configuration block (Support Time-based One-Time Password (TOTP) Multi-Factor Authentication) (#12358) - resource/aws_ec2_traffic_mirror_filter: Add
tags
argument (#12133) - resource/aws_ec2_traffic_mirror_session: Add
tags
argument (#12134) - resource/aws_ec2_traffic_mirror_target: Add
tags
argument andnetwork_load_balancer_arn
plan-time validation (#12135) - resource/aws_flow_log: Add
tags
argument (#12273) - resource/aws_flow_log: Add
iam_role_arn
andlog_destination
plan-time validation (#12273) - resource/aws_globalaccelerator_accelerator: Add
tags
argument (#12309) - resource/aws_vpc_endpoint: Support tag-on-create (#12288)
- resource/aws_vpc_endpoint_service: Support tag-on-create and add
network_load_balancer_arns
plan-time validation (#12290)
BUG FIXES:
- resource/aws_vpn_gateway: Automatically retry on
DetachVpnGateway
calls receivingInvalidParameterValue: This call cannot be completed because there are pending VPNs or Virtual Interfaces
(#11720) - resource/aws_vpn_gateway_attachment: Automatically retry on
DetachVpnGateway
calls receivingInvalidParameterValue: This call cannot be completed because there are pending VPNs or Virtual Interfaces
(#11720)
v2.52.0
FEATURES:
- New Data Source:
aws_ec2_instance_type_offering
(#12139) - New Data Source:
aws_ec2_instance_type_offerings
(#12139)
ENHANCEMENTS:
- resource/aws_eks_cluster: Add
encryption_config
configuration block (#12280) - resource/aws_globalaccelerator_accelerator: Add
dns_name
andhosted_zone_id
attributes (#11670) - resource/aws_lb_target_group: Add
load_balancing_algorithm_type
argument (support Least Outstanding Requests algorithm for Application Load Balancers) (#11141) - resource/aws_s3_bucket: Add
grant
to implement ACL policy grants (#3728)
BUG FIXES:
- resource/aws_iam_service_linked_role: Allow
aws_service_name
argument validation to accept values in AWS partitions outside AWS Commercial and AWS GovCloud (US) (#11919) - resource/aws_lambda_function_event_invoke_config: Retry on additional IAM eventual consistency error with SNS Topic destinations (#12171)
- resource/aws_media_store_container: Prevent
ValidationException
error on creation when no tags are configured (#12170)
v2.51.0
FEATURES:
- New Data Source:
aws_sfn_activity
(#11080) - New Data Source:
aws_sfn_state_machine
(#10932) - New Resource:
aws_ec2_traffic_mirror_filter
(#9372) - New Resource:
aws_ec2_traffic_mirror_filter_rule
(#9372) - New Resource:
aws_ec2_traffic_mirror_session
(#9372) - New Resource:
aws_ec2_traffic_mirror_target
(#9372) - New Resource:
aws_s3_access_point
(#11276)
ENHANCEMENTS:
- data-source/aws_lambda_layer_version: Support plan-time validation for
compatible_runtime
argumentruby2.7
value (#12116) - resource/aws_dx_hosted_private_virtual_interface: Add
amazon_side_asn
attribute (#11415) - resource/aws_dx_hosted_public_virtual_interface: Add
amazon_side_asn
attribute (#11415) - resource/aws_dx_hosted_transit_virtual_interface: Add
amazon_side_asn
attribute (#11415) - resource/aws_dx_private_virtual_interface: Add
amazon_side_asn
attribute (#11415) - resource/aws_dx_public_virtual_interface: Add
amazon_side_asn
attribute (#11415) - resource/aws_dx_transit_virtual_interface: Add
amazon_side_asn
attribute (#11415) - resource/aws_glub_job: Add
notification_property
configuration block (#12115) - resource/aws_lambda_event_source_mapping: Add
bisect_batch_on_function_error
,maximum_record_age_in_seconds
,maximum_retry_attempts
, andparallelization_factor
arguments (#11100) - resource/aws_lambda_event_source_mapping: Add
destination_config
configuration block (#11100) - resource/aws_lambda_function: Support plan-time validation for
runtime
argumentruby2.7
value (#12116) - resource/aws_lambda_layer_version: Support plan-time validation for
compatible_runtimes
argumentruby2.7
value (#12116) - resource/aws_msk_cluster: Support in-place updates to
enhanced_monitoring
andnumber_of_broker_nodes
arguments (#11451) - resource/aws_msk_cluster: Add
open_monitoring
configuration block (support Prometheus monitoring configuration) (#11451)
BUG FIXES:
- resource/aws_workspaces_directory: Prevent panic and remove resource from Terraform state if removed outside Terraform (#11837)
v2.50.0
NOTES:
- resource/aws_lambda_function: The
publish
argument now will also publish versions for configuration updates. This is accomplished via a separatePublishVersion
API call, where before the publishing only occured via thePublish
parameter of theUpdateFunctionCode
API call. Restrictive IAM permissions for Terraform may require updates. (#11211) - resource/aws_ram_resource_share_accepter: The
status
attribute now reflects the status of the RAM Resource Share and not the RAM Resource Share Invitation (which expires after 7 days). (#11562)
FEATURES:
- New Data Source:
aws_lambda_alias
(#9490)
ENHANCEMENTS:
- resource/aws_appmesh_route: Add
priority
andheader
attributes to support route priorities and HTTP header-based routing (#10402) - resource/aws_iam_access_key: Add
ses_smtp_password_v4
attribute (add per-region SigV4 support) (#11144) - resource/aws_security_group: Support import of
name_prefix
argument (#12052) - resource/aws_transfer_server: Add
host_key
argument andhost_key_fingerprint
attribute (#8913)
BUG FIXES:
- resource/aws_lambda_function: If
publish
argument is enabled, also publish new versions on function configuration-only updates in addition to function code updates (#11211) - resource/aws_lambda_permission: Fix error when Lambda permission is deleted out-of-band (#11924)
- resource/aws_ram_resource_share_accepter: Fix read operations after the RAM Resource Share Invitation is no longer present after 7 days (#11562)