Skip to content

Releases: hashicorp/terraform-provider-aws

v5.40.0

07 Mar 23:00
e3b903a
Compare
Choose a tag to compare

FEATURES:

  • New Function: arn_build (#34952)
  • New Function: arn_parse (#34952)
  • New Resource: aws_account_region (#35739)
  • New Resource: aws_securitylake_subscriber (#35981)

ENHANCEMENTS:

  • data-source/aws_rds_engine_version: Add has_major_target and has_minor_target optional arguments and valid_major_targets and valid_minor_targets attributes (#36246)
  • resource/aws_batch_job_queue: added parameter compute_environment_order which conflicts with compute_environments but aligns with AWS API. compute_environments has been deprecated. (#34750)
  • resource/aws_cloudfront_distribution: Remove the upper limit on origin.custom_origin_config.origin_read_timeout (#36088)
  • resource/aws_db_instance: Add io2 as a valid value for storage_type (#36252)
  • resource/aws_elasticache_serverless_cache: Add plan-time validation of cache_usage_limits.ecpu_per_second.maximum (#35927)
  • resource/aws_iot_policy: Add tagging support (#36102)
  • resource/aws_iot_role_alias: Add tagging support (#36255)
  • resource/aws_opensearch_domain: Add use_off_peak_window argument to the auto_tune_options configuration block (#36067)
  • resource/aws_rds_cluster: Add io2 as a valid value for storage_type (#36252)
  • resource/aws_s3_bucket_object: Adds attribute arn. (#35710)
  • resource/aws_s3_object: Adds attribute arn. (#35710)
  • resource/aws_s3_object_copy: Adds attribute arn. (#35710)
  • resource/aws_wafv2_rule_group: Add evaluation_window_sec argument to the rate_based_statement configuration block (#36045)
  • resource/aws_wafv2_web_acl: Add evaluation_window_sec argument to the rate_based_statement configuration block (#36045)

BUG FIXES:

  • data-source/aws_rds_engine_version: Fix bugs that could limit engine version to a default version even when not appropriate (#36246)
  • resource/aws_db_instance: Correctly sets parameter_group_name when replicate_source_db is in different region. (#36080)
  • resource/aws_elastic_beanstalk_environment: Fix InvalidParameterValue: Environment named ... is in an invalid state for this operation. Must be Ready errors when tags are updated along with other attributes (#36074)
  • resource/aws_elasticache_serverless_cache: Change cache_usage_limits.data_storage.maximum and cache_usage_limits.ecpu_per_second.maximum to ForceNew (#35927)
  • resource/aws_medialive_channel: Fix handling of optional encoder_settings.audio_descriptions arguments (#36097)
  • resource/aws_rds_global_cluster: Fix bugs and delays that could occur when performing major or minor version upgrades (#36246)
  • resource/aws_s3_bucket: Tags with empty values no longer remove all tags. (#35710)
  • resource/aws_s3_bucket_object: Tags with empty values no longer remove all tags. (#35710)
  • resource/aws_s3_object: Tags with empty values no longer remove all tags. (#35710)
  • resource/aws_s3_object_copy: Tags with empty values no longer remove all tags. (#35710)
  • resource/aws_vpclattice_listener_rule: Remove action.forward.target_groups maximum item limit (#36095)

v5.39.1

01 Mar 18:38
Compare
Choose a tag to compare

BUG FIXES:

  • data-source/aws_instance: Fix panic: Invalid address to set related to root_block_device.0.tags_all (#36054)

v5.39.0

29 Feb 23:24
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: aws_redshift_data_shares (#35937)
  • New Resource: aws_apprunner_deployment (#35758)
  • New Resource: aws_config_retention_configuration (#15136)
  • New Resource: aws_securityhub_automation_rule (#34781)
  • New Resource: aws_shield_proactive_engagement (#34667)

ENHANCEMENTS:

  • aws_kinesis_firehose_delivery_stream: Add custom_time_zone and file_extension arguments to the extended_S3_configuration configuration block (#35969)
  • resource/aws_appflow_flow: Allow task.source_fields to be a null value (#35993)
  • resource/aws_codepipeline: Add trigger configuration block (#35475)
  • resource/aws_config_configuration_recorder: Add plan-time validation of aws_config_organization_custom_rule.lambda_function_arn (#15136)
  • resource/aws_instance: Add configurable read timeout (#35955)
  • resource/aws_instance: Apply default tags to volumes/block devices managed through an aws_instance, add ebs_block_device.*.tags_all and root_block_device.*.tags_all attributes which include default tags (#33769)
  • resource/aws_mq_broker: Add data_replication_mode and data_replication_primary_broker_arn arguments, enabling support for cross-region data replication (#35990)
  • resource/aws_mwaa_environment: Add endpoint_management attribute (#35961)
  • resource/aws_redshiftserverless_namespace:
    Add attributes admin_password_secret_kms_key_id and manage_admin_password (#35965)
  • resource/aws_shield_drt_access_log_bucket_association: Support resource import (#34667)
  • resource/aws_shield_drt_access_role_arn_association: Support resource import (#34667)
  • resource/aws_spot_instance_request: Add configurable read timeout (#35955)
  • resource/aws_wafv2_web_acl: Add application_integration_url attribute (#35974)

BUG FIXES:

  • data/aws_redshiftserverless_namespace: Properly set iam_roles attribute on read (#35965)
  • resource/aws_appflow_flow: Fix perpetual diff when task.task_type is set to Map_all (#35993)
  • resource/aws_config_configuration_recorder: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when recording_group.exclusion_by_resource_types is empty (#15136)
  • resource/aws_config_rule: Change name to ForceNew (#15136)
  • resource/aws_config_rule: Fix InvalidParameterValueException: PolicyText is required when Owner is CUSTOM_POLICY errors on resource Update (#15136)
  • resource/aws_ecs_task_definition: Fix perpetual container_definitions diffs when Names are ordered differently (#36029)
  • resource/aws_msk_replicator: Fix incorrect detect_and_copy_new_topics attribute value from state read/refresh (#35966)
  • resource/aws_redshiftserverless_workgroup: Fix max_capacity removal (#36032)
  • resource/aws_redshiftserverless_workgroup: Fix updating both base_capacity and max_capacity (#36032)
  • resource/aws_shield_drt_access_log_bucket_association: Change log_bucket and role_arn_association_id to ForceNew (#34667)

v5.38.0

22 Feb 23:13
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: aws_batch_job_definition (#34663)
  • New Data Source: aws_cognito_user_group (#34046)
  • New Data Source: aws_cognito_user_groups (#34046)

ENHANCEMENTS:

  • data-source/aws_alb_target_group: Add load_balancer_arns attribute (#34364)
  • data-source/aws_ec2_instance_type: Add maximum_network_cards attribute (#35840)
  • data-source/aws_elasticache_subnet_group: Add vpc_id attribute (#35887)
  • data-source/aws_lb_target_group: Add load_balancer_arns attribute (#34364)
  • provider: Add token_bucket_rate_limiter_capacity parameter (#35926)
  • resource/aws_alb_target_group: Add load_balancer_arns attribute (#34364)
  • resource/aws_codedeploy_deployment_config: Add arn attribute (#35888)
  • resource/aws_codepipeline: Add execution_mode argument (#35875)
  • resource/aws_config_configuration_recorder: Add recording_mode configuration block (#35527)
  • resource/aws_db_instance: Add plan-time validation of performance_insights_retention_period (#35870)
  • resource/aws_elasticache_subnet_group: Add vpc_id attribute (#35887)
  • resource/aws_lb_target_group: Add load_balancer_arns attribute (#34364)
  • resource/aws_redshiftserverless_workgroup: Add max_capacity argument (#35720)
  • resource/aws_transfer_server: Add TransferSecurityPolicy-2024-01 and TransferSecurityPolicy-FIPS-2024-01 as valid values for security_policy_name (#35879)

BUG FIXES:

  • data-source/aws_caller_identity: Fix authentication signature error when alternate sts_region is specified (#35860)
  • data-source/aws_eks_access_entry: Fix cluster_name plan-time validation, allowing single-character names (#35874)
  • data-source/aws_eks_addon: Fix cluster_name plan-time validation, allowing single-character names (#35874)
  • data-source/aws_eks_cluster: Fix name plan-time validation, allowing single-character names (#35874)
  • resource/aws_cloudsearch_domain: Prevent panic when reading nil index_field options response values (#35900)
  • resource/aws_eks_access_entry: Fix cluster_name plan-time validation, allowing single-character names (#35874)
  • resource/aws_eks_access_policy_association: Fix cluster_name plan-time validation, allowing single-character names (#35874)
  • resource/aws_eks_addon: Fix cluster_name plan-time validation, allowing single-character names (#35874)
  • resource/aws_eks_cluster: Fix name plan-time validation, allowing single-character names (#35874)
  • resource/aws_eks_fargate_profile: Fix cluster_name plan-time validation, allowing single-character names (#35874)
  • resource/aws_eks_node_group: Fix cluster_name plan-time validation, allowing single-character names (#35874)
  • resource/aws_prometheus_scraper: Fixes invalid result after apply error. (#35844)
  • resource/aws_sqs_queue_policy: Retry IAM eventual consistency errors (#35861)

v5.37.0

15 Feb 21:25
Compare
Choose a tag to compare

NOTES:

  • provider: Updates to Go 1.21 (used by Terraform starting with v1.6.0), which, for Windows, requires at least Windows 10 or Windows Server 2016--support for previous versions has been discontinued--and, for macOS, requires macOS 10.15 Catalina or later--support for previous versions has been discontinued. (#35832)
  • resource/aws_bedrock_provisioned_model_throughput: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#35689)

FEATURES:

  • New Data Source: aws_db_parameter_group (#35698)
  • New Resource: aws_bedrock_provisioned_model_throughput (#35689)
  • New Resource: aws_cloudfront_key_value_store (#35663)
  • New Resource: aws_redshift_data_share_consumer_association (#35771)

ENHANCEMENTS:

  • data-source/aws_ecr_pull_through_cache_rule: Add credential_arn attribute (#34475)
  • data-source/aws_ecs_task_execution: Add client_token argument (#34402)
  • data-source/aws_neptune_cluster_instance: Add skip_final_snapshot argument (#35698)
  • data-source/aws_rds_engine_version: Improve search functionality and options by adding latest, preferred_major_targets, and preferred_upgrade_targets. Add version_actual attribute (#35698)
  • data-source/aws_rds_orderable_db_instance: Improve search functionality and options by adding engine_latest_version and supports_clusters arguments and converting read_replica_capable, supported_engine_modes, supported_network_types, and supports_multi_az to arguments for use as search criteria (#35698)
  • resource/aws_appsync_graphql_api: Add introspection_config, query_depth_limit, and resolver_count_limit arguments (#35631)
  • resource/aws_codeartifact_domain: Add s3_bucket_arn attribute (#35760)
  • resource/aws_ecr_pull_through_cache_rule: Add credential_arn argument (#34475)
  • resource/aws_ecs_service: Add service_connect_configuration.service.timeout and service_connect_configuration.service.tls configuration blocks (#35684)
  • resource/aws_ecs_task_definition: Add track_latest argument (#30154)
  • resource/aws_glue_catalog_database: Add federated_database argument (#35799)
  • resource/aws_glue_trigger: Add configurable timeouts (#35542)
  • resource/aws_rds_cluster: Add domain and domain_iam_role_name arguments to support Kerberos authentication (#35753)
  • resource/aws_route53_record: Add geoproximity_routing_policy configuration block to support geoproximity routing (#35565)
  • resource/aws_route53_resolver_rule: Add target_ip.protocol argument (#35744)
  • resource/aws_sagemaker_endpoint_configuration: Add routing_config argument. Enables the specification of a routing_strategy. (#34777)
  • resource/aws_sagemaker_space: Add ownership_settings, space_sharing_settings, space_settings.app_type, space_settings.code_editor_app_settings, space_settings.custom_file_system, space_settings.jupyter_lab_app_settings, and space_settings.space_storage_settings arguments (#35116)

BUG FIXES:

  • provider: Fix failed to get rate limit token, retry quota exceeded errors (#35817)
  • resource/aws_apigateway_domain_name: Properly send changes to ownership_verification_certificate_arn on update (#35777)
  • resource/aws_apigatewayv2_route: Fix BadRequestException: Unable to update route. Authorizer type is invalid or null errors when updating authorizer_id (#35821)
  • resource/aws_autoscaling_group: Fix version to computed for inconsistent final plan issue (#35774)
  • resource/aws_datasync_task: Fix crash when reading empty report_override values (#35778)
  • resource/aws_datasync_task: Prevent ValidationErrors when empty values are sent with report_override arguments (#35778)
  • resource/aws_db_proxy: Change auth from TypeList to TypeSet as order is not significant (#35819)
  • resource/aws_ecs_account_setting_default: Remove plan-time validation of value (#33393)
  • resource/aws_ecs_task_definition: Fix perpetual container_definitions diffs when Secrets are ordered differently (#35792)
  • resource/aws_eks_access_policy_association: Retry IAM eventual consistency errors on create (#35736)
  • resource/aws_instance: Fix ReservationCapacityExceeded errors when updating instance_type and capacity_reservation_specification.capacity_reservation_target.capacity_reservation_id (#33412)
  • resource/aws_lakeformation_resource: Properly handle configured false values for use_service_linked_role (#35799)
  • resource/aws_medialive_channel: Added client_cache to hls_group_settings. (#35738)
  • resource/aws_ram_resource_share_accepter: Fix handling of out-of-band resource share deletion (#35800)
  • resource/aws_redshift_data_share_authorization: Fix read operation to properly handle shares in ACTIVE status (#35771)
  • resource/aws_s3_bucket_acl: Correctly updates access_control_policy when switching configuration to acl. (#35775)
  • resource/resource_share_acceptor: Wait until RAM resource share available after accepting the invitation (#34753)

v5.36.0

08 Feb 23:24
acff092
Compare
Choose a tag to compare

NOTES:

  • data-source/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#35615)
  • resource/aws_controltower_landing_zone: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#34595)
  • resource/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#35615)

FEATURES:

  • New Resource: aws_controltower_landing_zone (#34595)
  • New Resource: aws_osis_pipeline (#35582)
  • New Resource: aws_redshift_data_share_authorization (#35703)
  • New Resource: aws_securitylake_custom_log_source (#35354)

ENHANCEMENTS:

  • resource/aws_cloudwatch_metric_stream: Add plan-time validation of output_format (#35569)
  • resource/aws_db_instance: Add diag.log and notify.log as valid values for enabled_cloudwatch_logs_exports (#35626)
  • resource/aws_db_instance: Add domain_auth_secret_arn, domain_dns_ips, domain_fqdn, and domain_ou arguments to support self-managed Active Directory (#35500)
  • resource/aws_s3_bucket_metric: Add filter.access_point argument (#35590)
  • resource/aws_verifiedaccess_group: Add sse_configuration argument (#34055)

BUG FIXES:

  • resource/aws_db_instance: Creating resource from point-in-time recovery now handles password attribute correctly (#35589)
  • resource/aws_dynamodb_table: Ensure that replicas are always set on Read (#35630)
  • resource/aws_emr_cluster: Properly normalize launch_specifications.on_demand_specification.allocation_strategy and launch_specifications.spot_specification.allocation_strategy values to fix perpetual state differences (#34367)
  • resource/aws_kinesis_firehose_delivery_stream: Change extended_s3_configuration.processing_configuration.processors.parameters from TypeList to TypeSet as order is not significant (#35672)
  • resource/aws_lambda_function: Resolve consecutive diff issue in logging_config when values for application_log_level or system_log_level are not specified (#35694)
  • resource/aws_lb_listener: Fixes unexpected diff when using default_action parameters which don't match the type. (#35678)
  • resource/aws_lb_listener: Was incorrectly reporting conflicting default_action[].target_group_arn when ignore_changes was set. (#35671)
  • resource/aws_lb_listener: Was not storing default_action[].forward in state if only a single target_group was set. (#35671)
  • resource/aws_lb_listener_rule: Fixes unexpected diff when using action parameters which don't match the type. (#35678)
  • resource/aws_lb_listener_rule: Was incorrectly reporting conflicting action[].target_group_arn when ignore_changes was set. (#35671)
  • resource/aws_lb_listener_rule: Was not storing action[].forward in state if only a single target_group was set. (#35671)
  • resource/aws_ssm_patch_baseline: Mark json as Computed if there are content changes (#35606)

v5.35.0

02 Feb 05:17
a316669
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: aws_bedrock_custom_model (#34310)
  • New Data Source: aws_bedrock_custom_models (#34310)
  • New Data Source: aws_ssmcontacts_rotation (#32710)
  • New Resource: aws_bedrock_custom_model (#34310)
  • New Resource: aws_lexv2models_slot (#34617)
  • New Resource: aws_lexv2models_slot_type (#35555)
  • New Resource: aws_rekognition_collection (#35407)
  • New Resource: aws_sesv2_email_identity_policy (#35486)
  • New Resource: aws_ssmcontacts_rotation (#32710)

ENHANCEMENTS:

  • data-source/aws_redshift_cluster: Add multi_az attribute (#35508)
  • resource/aws_lakeformation_resource: Add hybrid_access_enabled argument (#35571)
  • resource/aws_lakeformation_resource: Add with_federation argument (#35154)
  • resource/aws_redshift_cluster: Add multi_az argument (#35508)
  • resource/aws_redshiftserverless_endpoint_access: Add owner_account argument (#35509)
  • resource/aws_wafv2_rule_group: Add header_order to field_to_match configuration blocks (#35521)
  • resource/aws_wafv2_web_acl: Add header_orderto field_to_match configuration blocks (#35521)

BUG FIXES:

  • data-source/aws_networkmanager_core_network_policy_document: Remove core_network_configuration.edge_locations maximum item limit (#35585)
  • resource/aws_backup_plan: Fix InvalidParameterValueException: Invalid lifecycle. EBS Cold Tier is not yet supported errors on resource Create in AWS GovCloud (US) (#35560)
  • resource/aws_cognito_user_group: Allow import of user groups with names containing / (#35501)
  • resource/aws_dms_event_subscription: Mark source_ids as Optional. This fixes a regression introduced in v5.31.0 (#35541)
  • resource/aws_efs_file_system: Increase lifecycle_policy maximum item limit to 3 (#35522)
  • resource/aws_eks_access_entry: Retry IAM eventual consistency errors on create (#35535)
  • resource/aws_finspace_kx_cluster: Increase command_line_arguments max length restriction from 50 to 1024. (#35581)

v5.34.0

26 Jan 01:51
a06bcc9
Compare
Choose a tag to compare

FEATURES:

  • New Resource: aws_rekognition_project (#35429)
  • New Resource: aws_route53domains_delegation_signer_record (#33596)

ENHANCEMENTS:

  • data-source/aws_codecommit_repository: Add kms_key_id attribute (#35095)
  • data-source/aws_imagebuilder_components: Add support for ThirdParty owner value (#35286)
  • data-source/aws_imagebuilder_container_recipes: Add support for ThirdParty owner value (#35286)
  • data-source/aws_imagebuilder_image_recipes: Add support for ThirdParty owner value (#35286)
  • data-source/aws_ssm_patch_baseline: Add json attribute to facilitate use with S3 buckets (#33402)
  • resource/aws_accessanalyzer_analyzer: Add configuration configuration block (#35310)
  • resource/aws_appflow_flow: Add flow_status attribute (#34948)
  • resource/aws_codecommit_repository: Add kms_key_id argument (#35095)
  • resource/aws_codecommit_trigger: Add plan-time validation of trigger.destination_arn and trigger.events (#35095)
  • resource/aws_ecs_capacity_provider: Add auto_scaling_group_provider.managed_draining argument (#35421)
  • resource/aws_fis_experiment_template: Add support for AutoScalingGroups, Buckets, ReplicationGroups, Tables and TransitGateways to action.*.target (#35300)
  • resource/aws_fsx_openzfs_file_system: Add skip_final_backup argument (#35320)
  • resource/aws_network_interface_sg_attachment: Increase default timeouts to 3 minutes and allow them to be configured (#35435)
  • resource/aws_prometheus_scraper: Add role_arn attribute (#35453)
  • resource/aws_route53domains_registered_domain: Support resource import (#33596)
  • resource/aws_ssm_patch_baseline: Add json attribute to facilitate use with S3 buckets (#33402)
  • resource/aws_wafv2_web_acl: Add challenge_config argument (#35367)

BUG FIXES:

  • resource/aws_codebuild_project: Allow build_batch_config to be removed on Update (#34121)
  • resource/aws_eks_access_entry: Mark kubernetes_groups as Computed (#35391)
  • resource/aws_eks_access_entry: Mark type and user_name as Optional, allowing values to be configured (#35391)
  • resource/aws_grafana_license_association: Fix missing workspace_id attribute after import (#35290)
  • resource/aws_security_group_rule: Fix UnsupportedOperation: The functionality you requested is not available in this region errors on Read in certain partitions (#33484)

v5.33.0

18 Jan 22:45
a98686f
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: aws_eks_access_entry (#35037)
  • New Resource: aws_eks_access_entry (#35037)
  • New Resource: aws_eks_access_policy_association (#35037)
  • New Resource: aws_lexv2models_intent (#34891)

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add access_config attribute (#35037)
  • data-source/aws_secretsmanager_secret: Add created_date and last_changed_date attributes (#35117)
  • data-source/aws_secretsmanager_secret_version: Add created_date attribute (#35117)
  • resource/aws_backup_plan: Add rule.lifecycle.opt_in_to_archive_for_supported_resources and rule.copy_action.lifecycle.opt_in_to_archive_for_supported_resources and arguments (#34994)
  • resource/aws_eks_cluster: Add access_config configuration block (#35037)
  • resource/aws_lakeformation_resource: Add use_service_linked_role argument (#35284)
  • resource/aws_secretsmanager_secret_rotation: Add rotate_immediately argument (#35105)

BUG FIXES:

  • resource/aws_datasync_task: Allow schedule to be removed successfully (#35282)
  • resource/aws_fis_experiment_template: Fix validation error when not using target.resource_arns or target.resource_tag attributes. (#35254)
  • resource/aws_lb_listener: Fix ValidationError: Mutual Authentication mode passthrough does not support ignoring certificate expiry errors when mutual_authentication.mode is set to passthrough (#35289)
  • resource/aws_secretsmanager_secret_version: Fix InvalidParameterException: The parameter RemoveFromVersionId can't be empty. Staging label AWSCURRENT is currently attached to version ..., so you must explicitly reference that version in RemoveFromVersionId errors when a secret is updated outside Terraform (#19943)

v5.32.1

12 Jan 18:03
Compare
Choose a tag to compare

BUG FIXES:

  • data-source/aws_ecr_image: Fix error when most_recent is not also latest (#35269)
  • resource/aws_iot_ca_certificate: Change registration_config.role_arn from TypeBool to TypeString, fixing Inappropriate value for attribute "role_arn": a bool is required errors (#35234)
  • resource/aws_mq_broker: Fix interface conversion: interface {} is *schema.Set, not []string panic (#35265)