Releases: hashicorp/terraform-provider-aws
Releases · hashicorp/terraform-provider-aws
v5.40.0
FEATURES:
- New Function:
arn_build
(#34952) - New Function:
arn_parse
(#34952) - New Resource:
aws_account_region
(#35739) - New Resource:
aws_securitylake_subscriber
(#35981)
ENHANCEMENTS:
- data-source/aws_rds_engine_version: Add
has_major_target
andhas_minor_target
optional arguments andvalid_major_targets
andvalid_minor_targets
attributes (#36246) - resource/aws_batch_job_queue: added parameter
compute_environment_order
which conflicts withcompute_environments
but aligns with AWS API.compute_environments
has been deprecated. (#34750) - resource/aws_cloudfront_distribution: Remove the upper limit on
origin.custom_origin_config.origin_read_timeout
(#36088) - resource/aws_db_instance: Add
io2
as a valid value forstorage_type
(#36252) - resource/aws_elasticache_serverless_cache: Add plan-time validation of
cache_usage_limits.ecpu_per_second.maximum
(#35927) - resource/aws_iot_policy: Add tagging support (#36102)
- resource/aws_iot_role_alias: Add tagging support (#36255)
- resource/aws_opensearch_domain: Add
use_off_peak_window
argument to theauto_tune_options
configuration block (#36067) - resource/aws_rds_cluster: Add
io2
as a valid value forstorage_type
(#36252) - resource/aws_s3_bucket_object: Adds attribute
arn
. (#35710) - resource/aws_s3_object: Adds attribute
arn
. (#35710) - resource/aws_s3_object_copy: Adds attribute
arn
. (#35710) - resource/aws_wafv2_rule_group: Add
evaluation_window_sec
argument to therate_based_statement
configuration block (#36045) - resource/aws_wafv2_web_acl: Add
evaluation_window_sec
argument to therate_based_statement
configuration block (#36045)
BUG FIXES:
- data-source/aws_rds_engine_version: Fix bugs that could limit engine version to a default version even when not appropriate (#36246)
- resource/aws_db_instance: Correctly sets
parameter_group_name
whenreplicate_source_db
is in different region. (#36080) - resource/aws_elastic_beanstalk_environment: Fix
InvalidParameterValue: Environment named ... is in an invalid state for this operation. Must be Ready
errors whentags
are updated along with other attributes (#36074) - resource/aws_elasticache_serverless_cache: Change
cache_usage_limits.data_storage.maximum
andcache_usage_limits.ecpu_per_second.maximum
to ForceNew (#35927) - resource/aws_medialive_channel: Fix handling of optional
encoder_settings.audio_descriptions
arguments (#36097) - resource/aws_rds_global_cluster: Fix bugs and delays that could occur when performing major or minor version upgrades (#36246)
- resource/aws_s3_bucket: Tags with empty values no longer remove all tags. (#35710)
- resource/aws_s3_bucket_object: Tags with empty values no longer remove all tags. (#35710)
- resource/aws_s3_object: Tags with empty values no longer remove all tags. (#35710)
- resource/aws_s3_object_copy: Tags with empty values no longer remove all tags. (#35710)
- resource/aws_vpclattice_listener_rule: Remove
action.forward.target_groups
maximum item limit (#36095)
v5.39.1
v5.39.0
FEATURES:
- New Data Source:
aws_redshift_data_shares
(#35937) - New Resource:
aws_apprunner_deployment
(#35758) - New Resource:
aws_config_retention_configuration
(#15136) - New Resource:
aws_securityhub_automation_rule
(#34781) - New Resource:
aws_shield_proactive_engagement
(#34667)
ENHANCEMENTS:
- aws_kinesis_firehose_delivery_stream: Add
custom_time_zone
andfile_extension
arguments to theextended_S3_configuration
configuration block (#35969) - resource/aws_appflow_flow: Allow
task.source_fields
to be anull
value (#35993) - resource/aws_codepipeline: Add
trigger
configuration block (#35475) - resource/aws_config_configuration_recorder: Add plan-time validation of
aws_config_organization_custom_rule.lambda_function_arn
(#15136) - resource/aws_instance: Add configurable
read
timeout (#35955) - resource/aws_instance: Apply default tags to volumes/block devices managed through an
aws_instance
, addebs_block_device.*.tags_all
androot_block_device.*.tags_all
attributes which include default tags (#33769) - resource/aws_mq_broker: Add
data_replication_mode
anddata_replication_primary_broker_arn
arguments, enabling support for cross-region data replication (#35990) - resource/aws_mwaa_environment: Add
endpoint_management
attribute (#35961) - resource/aws_redshiftserverless_namespace:
Add attributesadmin_password_secret_kms_key_id
andmanage_admin_password
(#35965) - resource/aws_shield_drt_access_log_bucket_association: Support resource import (#34667)
- resource/aws_shield_drt_access_role_arn_association: Support resource import (#34667)
- resource/aws_spot_instance_request: Add configurable
read
timeout (#35955) - resource/aws_wafv2_web_acl: Add
application_integration_url
attribute (#35974)
BUG FIXES:
- data/aws_redshiftserverless_namespace: Properly set
iam_roles
attribute on read (#35965) - resource/aws_appflow_flow: Fix perpetual diff when
task.task_type
is set toMap_all
(#35993) - resource/aws_config_configuration_recorder: Fix
panic: interface conversion: interface {} is nil, not map[string]interface {}
whenrecording_group.exclusion_by_resource_types
is empty (#15136) - resource/aws_config_rule: Change
name
to ForceNew (#15136) - resource/aws_config_rule: Fix
InvalidParameterValueException: PolicyText is required when Owner is CUSTOM_POLICY
errors on resource Update (#15136) - resource/aws_ecs_task_definition: Fix perpetual
container_definitions
diffs whenName
s are ordered differently (#36029) - resource/aws_msk_replicator: Fix incorrect
detect_and_copy_new_topics
attribute value from state read/refresh (#35966) - resource/aws_redshiftserverless_workgroup: Fix
max_capacity
removal (#36032) - resource/aws_redshiftserverless_workgroup: Fix updating both
base_capacity
andmax_capacity
(#36032) - resource/aws_shield_drt_access_log_bucket_association: Change
log_bucket
androle_arn_association_id
to ForceNew (#34667)
v5.38.0
FEATURES:
- New Data Source:
aws_batch_job_definition
(#34663) - New Data Source:
aws_cognito_user_group
(#34046) - New Data Source:
aws_cognito_user_groups
(#34046)
ENHANCEMENTS:
- data-source/aws_alb_target_group: Add
load_balancer_arns
attribute (#34364) - data-source/aws_ec2_instance_type: Add
maximum_network_cards
attribute (#35840) - data-source/aws_elasticache_subnet_group: Add
vpc_id
attribute (#35887) - data-source/aws_lb_target_group: Add
load_balancer_arns
attribute (#34364) - provider: Add
token_bucket_rate_limiter_capacity
parameter (#35926) - resource/aws_alb_target_group: Add
load_balancer_arns
attribute (#34364) - resource/aws_codedeploy_deployment_config: Add
arn
attribute (#35888) - resource/aws_codepipeline: Add
execution_mode
argument (#35875) - resource/aws_config_configuration_recorder: Add
recording_mode
configuration block (#35527) - resource/aws_db_instance: Add plan-time validation of
performance_insights_retention_period
(#35870) - resource/aws_elasticache_subnet_group: Add
vpc_id
attribute (#35887) - resource/aws_lb_target_group: Add
load_balancer_arns
attribute (#34364) - resource/aws_redshiftserverless_workgroup: Add
max_capacity
argument (#35720) - resource/aws_transfer_server: Add
TransferSecurityPolicy-2024-01
andTransferSecurityPolicy-FIPS-2024-01
as valid values forsecurity_policy_name
(#35879)
BUG FIXES:
- data-source/aws_caller_identity: Fix authentication signature error when alternate
sts_region
is specified (#35860) - data-source/aws_eks_access_entry: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - data-source/aws_eks_addon: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - data-source/aws_eks_cluster: Fix
name
plan-time validation, allowing single-character names (#35874) - resource/aws_cloudsearch_domain: Prevent panic when reading nil
index_field
options response values (#35900) - resource/aws_eks_access_entry: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_access_policy_association: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_addon: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_cluster: Fix
name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_fargate_profile: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_eks_node_group: Fix
cluster_name
plan-time validation, allowing single-character names (#35874) - resource/aws_prometheus_scraper: Fixes invalid result after apply error. (#35844)
- resource/aws_sqs_queue_policy: Retry IAM eventual consistency errors (#35861)
v5.37.0
NOTES:
- provider: Updates to Go 1.21 (used by Terraform starting with v1.6.0), which, for Windows, requires at least Windows 10 or Windows Server 2016--support for previous versions has been discontinued--and, for macOS, requires macOS 10.15 Catalina or later--support for previous versions has been discontinued. (#35832)
- resource/aws_bedrock_provisioned_model_throughput: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#35689)
FEATURES:
- New Data Source:
aws_db_parameter_group
(#35698) - New Resource:
aws_bedrock_provisioned_model_throughput
(#35689) - New Resource:
aws_cloudfront_key_value_store
(#35663) - New Resource:
aws_redshift_data_share_consumer_association
(#35771)
ENHANCEMENTS:
- data-source/aws_ecr_pull_through_cache_rule: Add
credential_arn
attribute (#34475) - data-source/aws_ecs_task_execution: Add
client_token
argument (#34402) - data-source/aws_neptune_cluster_instance: Add
skip_final_snapshot
argument (#35698) - data-source/aws_rds_engine_version: Improve search functionality and options by adding
latest
,preferred_major_targets
, andpreferred_upgrade_targets
. Addversion_actual
attribute (#35698) - data-source/aws_rds_orderable_db_instance: Improve search functionality and options by adding
engine_latest_version
andsupports_clusters
arguments and convertingread_replica_capable
,supported_engine_modes
,supported_network_types
, andsupports_multi_az
to arguments for use as search criteria (#35698) - resource/aws_appsync_graphql_api: Add
introspection_config
,query_depth_limit
, andresolver_count_limit
arguments (#35631) - resource/aws_codeartifact_domain: Add
s3_bucket_arn
attribute (#35760) - resource/aws_ecr_pull_through_cache_rule: Add
credential_arn
argument (#34475) - resource/aws_ecs_service: Add
service_connect_configuration.service.timeout
andservice_connect_configuration.service.tls
configuration blocks (#35684) - resource/aws_ecs_task_definition: Add
track_latest
argument (#30154) - resource/aws_glue_catalog_database: Add
federated_database
argument (#35799) - resource/aws_glue_trigger: Add configurable
timeouts
(#35542) - resource/aws_rds_cluster: Add
domain
anddomain_iam_role_name
arguments to support Kerberos authentication (#35753) - resource/aws_route53_record: Add
geoproximity_routing_policy
configuration block to support geoproximity routing (#35565) - resource/aws_route53_resolver_rule: Add
target_ip.protocol
argument (#35744) - resource/aws_sagemaker_endpoint_configuration: Add
routing_config
argument. Enables the specification of arouting_strategy
. (#34777) - resource/aws_sagemaker_space: Add
ownership_settings
,space_sharing_settings
,space_settings.app_type
,space_settings.code_editor_app_settings
,space_settings.custom_file_system
,space_settings.jupyter_lab_app_settings
, andspace_settings.space_storage_settings
arguments (#35116)
BUG FIXES:
- provider: Fix
failed to get rate limit token, retry quota exceeded
errors (#35817) - resource/aws_apigateway_domain_name: Properly send changes to
ownership_verification_certificate_arn
on update (#35777) - resource/aws_apigatewayv2_route: Fix
BadRequestException: Unable to update route. Authorizer type is invalid or null
errors when updatingauthorizer_id
(#35821) - resource/aws_autoscaling_group: Fix version to computed for inconsistent final plan issue (#35774)
- resource/aws_datasync_task: Fix crash when reading empty
report_override
values (#35778) - resource/aws_datasync_task: Prevent ValidationErrors when empty values are sent with
report_override
arguments (#35778) - resource/aws_db_proxy: Change
auth
fromTypeList
toTypeSet
as order is not significant (#35819) - resource/aws_ecs_account_setting_default: Remove plan-time validation of
value
(#33393) - resource/aws_ecs_task_definition: Fix perpetual
container_definitions
diffs whenSecrets
are ordered differently (#35792) - resource/aws_eks_access_policy_association: Retry IAM eventual consistency errors on create (#35736)
- resource/aws_instance: Fix
ReservationCapacityExceeded
errors when updatinginstance_type
andcapacity_reservation_specification.capacity_reservation_target.capacity_reservation_id
(#33412) - resource/aws_lakeformation_resource: Properly handle configured
false
values foruse_service_linked_role
(#35799) - resource/aws_medialive_channel: Added
client_cache
tohls_group_settings
. (#35738) - resource/aws_ram_resource_share_accepter: Fix handling of out-of-band resource share deletion (#35800)
- resource/aws_redshift_data_share_authorization: Fix read operation to properly handle shares in
ACTIVE
status (#35771) - resource/aws_s3_bucket_acl: Correctly updates
access_control_policy
when switching configuration toacl
. (#35775) - resource/resource_share_acceptor: Wait until RAM resource share available after accepting the invitation (#34753)
v5.36.0
NOTES:
- data-source/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#35615)
- resource/aws_controltower_landing_zone: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#34595)
- resource/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#35615)
FEATURES:
- New Resource:
aws_controltower_landing_zone
(#34595) - New Resource:
aws_osis_pipeline
(#35582) - New Resource:
aws_redshift_data_share_authorization
(#35703) - New Resource:
aws_securitylake_custom_log_source
(#35354)
ENHANCEMENTS:
- resource/aws_cloudwatch_metric_stream: Add plan-time validation of
output_format
(#35569) - resource/aws_db_instance: Add
diag.log
andnotify.log
as valid values forenabled_cloudwatch_logs_exports
(#35626) - resource/aws_db_instance: Add
domain_auth_secret_arn
,domain_dns_ips
,domain_fqdn
, anddomain_ou
arguments to support self-managed Active Directory (#35500) - resource/aws_s3_bucket_metric: Add
filter.access_point
argument (#35590) - resource/aws_verifiedaccess_group: Add
sse_configuration
argument (#34055)
BUG FIXES:
- resource/aws_db_instance: Creating resource from point-in-time recovery now handles
password
attribute correctly (#35589) - resource/aws_dynamodb_table: Ensure that
replica
s are always set on Read (#35630) - resource/aws_emr_cluster: Properly normalize
launch_specifications.on_demand_specification.allocation_strategy
andlaunch_specifications.spot_specification.allocation_strategy
values to fix perpetual state differences (#34367) - resource/aws_kinesis_firehose_delivery_stream: Change
extended_s3_configuration.processing_configuration.processors.parameters
fromTypeList
toTypeSet
as order is not significant (#35672) - resource/aws_lambda_function: Resolve consecutive diff issue in
logging_config
when values forapplication_log_level
orsystem_log_level
are not specified (#35694) - resource/aws_lb_listener: Fixes unexpected diff when using
default_action
parameters which don't match thetype
. (#35678) - resource/aws_lb_listener: Was incorrectly reporting conflicting
default_action[].target_group_arn
whenignore_changes
was set. (#35671) - resource/aws_lb_listener: Was not storing
default_action[].forward
in state if only a singletarget_group
was set. (#35671) - resource/aws_lb_listener_rule: Fixes unexpected diff when using
action
parameters which don't match thetype
. (#35678) - resource/aws_lb_listener_rule: Was incorrectly reporting conflicting
action[].target_group_arn
whenignore_changes
was set. (#35671) - resource/aws_lb_listener_rule: Was not storing
action[].forward
in state if only a singletarget_group
was set. (#35671) - resource/aws_ssm_patch_baseline: Mark
json
as Computed if there are content changes (#35606)
v5.35.0
FEATURES:
- New Data Source:
aws_bedrock_custom_model
(#34310) - New Data Source:
aws_bedrock_custom_models
(#34310) - New Data Source:
aws_ssmcontacts_rotation
(#32710) - New Resource:
aws_bedrock_custom_model
(#34310) - New Resource:
aws_lexv2models_slot
(#34617) - New Resource:
aws_lexv2models_slot_type
(#35555) - New Resource:
aws_rekognition_collection
(#35407) - New Resource:
aws_sesv2_email_identity_policy
(#35486) - New Resource:
aws_ssmcontacts_rotation
(#32710)
ENHANCEMENTS:
- data-source/aws_redshift_cluster: Add
multi_az
attribute (#35508) - resource/aws_lakeformation_resource: Add
hybrid_access_enabled
argument (#35571) - resource/aws_lakeformation_resource: Add
with_federation
argument (#35154) - resource/aws_redshift_cluster: Add
multi_az
argument (#35508) - resource/aws_redshiftserverless_endpoint_access: Add
owner_account
argument (#35509) - resource/aws_wafv2_rule_group: Add
header_order
tofield_to_match
configuration blocks (#35521) - resource/aws_wafv2_web_acl: Add
header_order
tofield_to_match
configuration blocks (#35521)
BUG FIXES:
- data-source/aws_networkmanager_core_network_policy_document: Remove
core_network_configuration.edge_locations
maximum item limit (#35585) - resource/aws_backup_plan: Fix
InvalidParameterValueException: Invalid lifecycle. EBS Cold Tier is not yet supported
errors on resource Create in AWS GovCloud (US) (#35560) - resource/aws_cognito_user_group: Allow import of user groups with names containing
/
(#35501) - resource/aws_dms_event_subscription: Mark
source_ids
as Optional. This fixes a regression introduced in v5.31.0 (#35541) - resource/aws_efs_file_system: Increase
lifecycle_policy
maximum item limit to 3 (#35522) - resource/aws_eks_access_entry: Retry IAM eventual consistency errors on create (#35535)
- resource/aws_finspace_kx_cluster: Increase
command_line_arguments
max length restriction from 50 to 1024. (#35581)
v5.34.0
FEATURES:
- New Resource:
aws_rekognition_project
(#35429) - New Resource:
aws_route53domains_delegation_signer_record
(#33596)
ENHANCEMENTS:
- data-source/aws_codecommit_repository: Add
kms_key_id
attribute (#35095) - data-source/aws_imagebuilder_components: Add support for
ThirdParty
owner
value (#35286) - data-source/aws_imagebuilder_container_recipes: Add support for
ThirdParty
owner
value (#35286) - data-source/aws_imagebuilder_image_recipes: Add support for
ThirdParty
owner
value (#35286) - data-source/aws_ssm_patch_baseline: Add
json
attribute to facilitate use with S3 buckets (#33402) - resource/aws_accessanalyzer_analyzer: Add
configuration
configuration block (#35310) - resource/aws_appflow_flow: Add
flow_status
attribute (#34948) - resource/aws_codecommit_repository: Add
kms_key_id
argument (#35095) - resource/aws_codecommit_trigger: Add plan-time validation of
trigger.destination_arn
andtrigger.events
(#35095) - resource/aws_ecs_capacity_provider: Add
auto_scaling_group_provider.managed_draining
argument (#35421) - resource/aws_fis_experiment_template: Add support for
AutoScalingGroups
,Buckets
,ReplicationGroups
,Tables
andTransitGateways
toaction.*.target
(#35300) - resource/aws_fsx_openzfs_file_system: Add
skip_final_backup
argument (#35320) - resource/aws_network_interface_sg_attachment: Increase default timeouts to 3 minutes and allow them to be configured (#35435)
- resource/aws_prometheus_scraper: Add
role_arn
attribute (#35453) - resource/aws_route53domains_registered_domain: Support resource import (#33596)
- resource/aws_ssm_patch_baseline: Add
json
attribute to facilitate use with S3 buckets (#33402) - resource/aws_wafv2_web_acl: Add
challenge_config
argument (#35367)
BUG FIXES:
- resource/aws_codebuild_project: Allow
build_batch_config
to be removed on Update (#34121) - resource/aws_eks_access_entry: Mark
kubernetes_groups
as Computed (#35391) - resource/aws_eks_access_entry: Mark
type
anduser_name
as Optional, allowing values to be configured (#35391) - resource/aws_grafana_license_association: Fix missing
workspace_id
attribute after import (#35290) - resource/aws_security_group_rule: Fix
UnsupportedOperation: The functionality you requested is not available in this region
errors on Read in certain partitions (#33484)
v5.33.0
FEATURES:
- New Data Source:
aws_eks_access_entry
(#35037) - New Resource:
aws_eks_access_entry
(#35037) - New Resource:
aws_eks_access_policy_association
(#35037) - New Resource:
aws_lexv2models_intent
(#34891)
ENHANCEMENTS:
- data-source/aws_eks_cluster: Add
access_config
attribute (#35037) - data-source/aws_secretsmanager_secret: Add
created_date
andlast_changed_date
attributes (#35117) - data-source/aws_secretsmanager_secret_version: Add
created_date
attribute (#35117) - resource/aws_backup_plan: Add
rule.lifecycle.opt_in_to_archive_for_supported_resources
andrule.copy_action.lifecycle.opt_in_to_archive_for_supported_resources
and arguments (#34994) - resource/aws_eks_cluster: Add
access_config
configuration block (#35037) - resource/aws_lakeformation_resource: Add
use_service_linked_role
argument (#35284) - resource/aws_secretsmanager_secret_rotation: Add
rotate_immediately
argument (#35105)
BUG FIXES:
- resource/aws_datasync_task: Allow
schedule
to be removed successfully (#35282) - resource/aws_fis_experiment_template: Fix validation error when not using
target.resource_arns
ortarget.resource_tag
attributes. (#35254) - resource/aws_lb_listener: Fix
ValidationError: Mutual Authentication mode passthrough does not support ignoring certificate expiry
errors whenmutual_authentication.mode
is set topassthrough
(#35289) - resource/aws_secretsmanager_secret_version: Fix
InvalidParameterException: The parameter RemoveFromVersionId can't be empty. Staging label AWSCURRENT is currently attached to version ..., so you must explicitly reference that version in RemoveFromVersionId
errors when a secret is updated outside Terraform (#19943)
v5.32.1
BUG FIXES:
- data-source/aws_ecr_image: Fix error when
most_recent
is not alsolatest
(#35269) - resource/aws_iot_ca_certificate: Change
registration_config.role_arn
fromTypeBool
toTypeString
, fixingInappropriate value for attribute "role_arn": a bool is required
errors (#35234) - resource/aws_mq_broker: Fix
interface conversion: interface {} is *schema.Set, not []string
panic (#35265)