Skip to content

Releases: hashicorp/terraform-provider-aws

v5.23.0

26 Oct 23:17
734f2ed
Compare
Choose a tag to compare

NOTES:

  • provider: This release includes an update to the AWS SDK for Go v2 with breaking type changes to several services: finspace, kafka, medialive, rds, s3control, timestreamwrite, and xray. These changes primarily affect how arguments with default values are serialized for outbound requests, changing scalar types to pointers. See this AWS SDK for Go V2 issue for additional context. The corresponding provider changes should make this breakfix transparent to users, but as with any breaking change there is the potential for missed edge cases. If errors are observed in the impacted resources, please link to this dependency update pull request in the bug report. (#34096)

FEATURES:

  • New Resource: aws_iot_domain_configuration (#24765)

ENHANCEMENTS:

  • data-source/aws_imagebuilder_image: Add image_scanning_configuration attribute (#34049)
  • resource/aws_config_config_rule: Add evaluation_mode attribute (#34033)
  • resource/aws_elasticache_replication_group: Add ip_discovery and network_type arguments (#34019)
  • resource/aws_imagebuilder_image: Add image_scanning_configuration configuration block (#34049)
  • resource/aws_kms_key: Add configurable timeouts (#34112)
  • resource/aws_lambda_function: Add vpc_config.ipv6_allowed_for_dual_stack argument (#34045)
  • resource/aws_lb: Add dns_record_client_routing_policy attribute to configure Availability Zonal DNS affinity on Network Load Balancer (NLB) (#33992)
  • resource/aws_lb_target_group: Add target_health_state configuration block (#34070)
  • resource/aws_lb_target_group: Remove default value (false) for connection_termination argument and mark as Computed, to support new default behavior for UDP/TCP_UDP target groups (#34070)
  • resource/aws_neptune_cluster: Add slowquery as a valid enable_cloudwatch_logs_exports value (#34053)

BUG FIXES:

  • provider/tags: Prevent crash when tags_all is null (#34073)
  • resource/aws_autoscaling_group: Fix error when launch_template name is updated. (#34086)
  • resource/aws_dms_s3_endpoint: Don't send the default value of false for add_trailing_padding_character, maintaining compatibility with older (pre-3.4.7) DMS engine versions (#34048)
  • resource/aws_ecs_task_definition: Add 0 as a valid value for volume.efs_volume_configuration.transit_encryption_port, preventing unexpected drift (#34020)
  • resource/aws_identitystore_group: Fix updating description attribute when it is changed (#34037)
  • resource/aws_iot_indexing_configuration: Add thing_indexing_configuration.filter attribute, resolving InvalidRequestException: NamedShadowNames Filter must not be empty for enabling NamedShadowIndexingMode errors (#26859)
  • resource/aws_storagegateway_gateway: Support the value 0 (representing Sunday) for maintenance_start_time.day_of_week (#34015)
  • resource/aws_verifiedaccess_group: Fix InvalidParameterValue: Policy Document cannot be provided when Policy Enabled is false or missing errors when updating policy_document (#34054)

v5.22.0

19 Oct 22:45
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: aws_media_convert_queue (#27075)
  • New Resource: aws_elasticsearch_vpc_endpoint (#33925)
  • New Resource: aws_msk_replicator (#33973)

ENHANCEMENTS:

  • data-source/aws_ec2_client_vpn_endpoint: Add self_service_portal_url attribute (#34007)
  • resource/aws_alb: Support import of name_prefix argument (#33852)
  • resource/aws_alb_target_group: Support import of name_prefix argument (#33852)
  • resource/aws_cloudfront_public_key: Support import of name_prefix argument (#33852)
  • resource/aws_db_option_group: Support import of name_prefix argument (#33852)
  • resource/aws_docdb_cluster: Support import of cluster_identifier_prefix argument (#33852)
  • resource/aws_docdb_cluster_instance: Support import of identifier_prefix argument (#33852)
  • resource/aws_docdb_cluster_parameter_group: Support import of name_prefix argument (#33852)
  • resource/aws_docdb_subnet_group: Support import of name_prefix argument (#33852)
  • resource/aws_ec2_client_vpn_endpoint: Add self_service_portal_url attribute (#34007)
  • resource/aws_elb: Support import of name_prefix argument (#33852)
  • resource/aws_emr_security_configuration: Support import of name_prefix argument (#33852)
  • resource/aws_iam_group_policy: Support import of name_prefix argument (#33852)
  • resource/aws_iam_role_policy: Support import of name_prefix argument (#33852)
  • resource/aws_iam_user_policy: Support import of name_prefix argument (#33852)
  • resource/aws_iot_provisioning_template: Add type attribute (#33950)
  • resource/aws_lb: Support import of name_prefix argument (#33852)
  • resource/aws_lb_target_group: Support import of name_prefix argument (#33852)
  • resource/aws_neptune_cluster: Support import of cluster_identifier_prefix argument (#33852)
  • resource/aws_neptune_cluster_instance: Support import of identifier_prefix argument (#33852)
  • resource/aws_neptune_cluster_parameter_group: Support import of name_prefix argument (#33852)
  • resource/aws_neptune_event_subscription: Support import of name_prefix argument (#33852)
  • resource/aws_pinpoint_app: Support import of name_prefix argument (#33852)
  • resource/aws_rds_cluster: Support import of cluster_identifier_prefix argument (#33852)
  • resource/aws_rds_cluster_instance: Support import of identifier_prefix argument (#33852)
  • resource/aws_signer_signing_profile: Support import of name_prefix argument (#33852)
  • resource/aws_signer_signing_profile_permission: Add signer:SignPayload as a valid action value (#33852)
  • resource/aws_signer_signing_profile_permission: Support import of statement_id_prefix argument (#33852)
  • resource/aws_transfer_server: Change pre_authentication_login_banner and post_authentication_login_banner length limits to 4096 (#33937)
  • resource/aws_wafv2_web_acl: Add ja3_fingerprint to field_to_match configuration blocks (#33933)

BUG FIXES:

  • data-source/aws_dms_certificate: Fix crash when certificate not found (#34012)
  • resource/aws_cloudformation_stack: Fix error when computed values are not set when there is no update (#33969)
  • resource/aws_codecommit_repository: Doesn't force replacement when renaming (#32207)
  • resource/aws_db_instance: Creating resource from snapshot or point-in-time recovery now handles manage_master_user_password and master_user_secret_kms_key_id attributes correctly (#33699)
  • resource/aws_elasticache_replication_group: Fix error when switching engine_version from 6.x to a specific 6.<digit> version number (#33954)
  • resource/aws_iam_role: Fix refreshing permission_boundary when deleted outside of Terraform (#33963)
  • resource/aws_iam_user: Fix refreshing permission_boundary when deleted outside of Terraform (#33963)
  • resource/aws_inspector2_enabler: Fix Value at 'resourceTypes' failed to satisfy constraint errors (#33348)
  • resource/aws_neptune_cluster_instance: Remove ForceNew from engine_version (#33487)
  • resource/aws_neptune_cluster_parameter_group: Fix condition where defined cluster parameters with system default values are seen as updates (#33487)
  • resource/aws_s3_bucket_object_lock_configuration: Fix found resource errors on Delete (#33966)

v5.21.0

12 Oct 21:04
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: aws_servicequotas_templates (#33871)
  • New Resource: aws_ec2_image_block_public_access (#33810)
  • New Resource: aws_guardduty_organization_configuration_feature (#33913)
  • New Resource: aws_servicequotas_template_association (#33725)
  • New Resource: aws_verifiedaccess_group (#33297)
  • New Resource: aws_verifiedaccess_instance_logging_configuration (#33864)

ENHANCEMENTS:

  • data-source/aws_dms_endpoint: Add s3_settings.glue_catalog_generation attribute (#33778)
  • data-source/aws_msk_cluster: Add cluster_uuid attribute (#33805)
  • resource/aws_codedeploy_deployment_group: Add outdated_instances_strategy argument (#33844)
  • resource/aws_dms_endpoint: Add s3_settings.glue_catalog_generation attribute (#33778)
  • resource/aws_dms_s3_endpoint: Add glue_catalog_generation attribute (#33778)
  • resource/aws_docdb_cluster: Add allow_major_version_upgrade argument (#33790)
  • resource/aws_docdb_cluster_instance: Add copy_tags_to_snapshot argument (#31022)
  • resource/aws_dynamodb_table: Add import_table configuration block (#33802)
  • resource/aws_msk_cluster: Add cluster_uuid attribute (#33805)
  • resource/aws_msk_serverless_cluster: Add cluster_uuid attribute (#33805)
  • resource/aws_networkmanager_core_network: Add base_policy_document argument (#33712)
  • resource/aws_redshiftserverless_workgroup: Allow require_ssl and use_fips_ssl config_parameters keys (#33916)
  • resource/aws_s3_bucket: Use configurable timeout for resource Delete (#33845)
  • resource/aws_verifiedaccess_instance: Add fips_enabled argument (#33880)
  • resource/aws_vpclattice_target_group: Add config.lambda_event_structure_version argument (#33804)
  • resource/aws_vpclattice_target_group: Make config.port, config.protocol and config.vpc_identifier optional (#33804)
  • resource/aws_wafv2_web_acl: Add aws_managed_rules_acfp_rule_set to managed_rule_group_configs configuration block (#33915)

BUG FIXES:

  • provider: Respect valid values for the AWS_S3_US_EAST_1_REGIONAL_ENDPOINT environment variable when configuring the S3 API client (#33874)
  • resource/aws_appflow_connector_profile: Fix various crashes (#33856)
  • resource/aws_db_parameter_group: Group names containing periods (.) no longer fail validation (#33704)
  • resource/aws_opensearchserverless_collection: Fix crash when error is returned (#33918)
  • resource/aws_rds_cluster_parameter_group: Group names containing periods (.) no longer fail validation (#33704)

v5.20.1

10 Oct 16:02
1e981db
Compare
Choose a tag to compare

NOTES:

v5.20.0

06 Oct 18:09
Compare
Choose a tag to compare

FEATURES:

  • New Resource: aws_guardduty_detector_feature (#31463)
  • New Resource: aws_servicequotas_template (#33688)
  • New Resource: aws_sesv2_account_vdm_attributes (#33705)
  • New Resource: aws_verifiedaccess_instance_trust_provider_attachment (#33734)

ENHANCEMENTS:

  • data-source/aws_guardduty_detector: Add features attribute (#31463)
  • resource/aws_finspace_kx_cluster: Increase default creation timeout to 45 minutes, default deletion timeout to 60 minutes (#33745)
  • resource/aws_finspace_kx_environment: Increase default deletion timeout to 45 minutes (#33745)
  • resource/aws_guardduty_filter: Add plan-time validation of name (#21030)
  • resource/aws_kinesis_firehose_delivery_stream: Add opensearchserverless_configuration and msk_source_configuration configuration blocks (#33101)
  • resource/aws_kinesis_firehose_delivery_stream: Add opensearchserverless as a valid destination value (#33101)

BUG FIXES:

  • data-source/aws_fsx_ontap_storage_virtual_machine: Fix crash when active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group is not configured (#33800)
  • resource/aws_ec2_transit_gateway_route : Fix TGW route search filter to avoid routes being missed when more than 1,000 static routes are in a TGW route table (#33765)
  • resource/aws_fsx_ontap_storage_virtual_machine: Fix crash when active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group is not configured (#33800)
  • resource/aws_medialive_channel: Fix VPC settings flatten/expand/docs. (#33558)
  • resource/aws_vpc_endpoint: Set dns_options.dns_record_ip_type to Computed to prevent diffs (#33743)

v5.19.0

29 Sep 00:55
dbf42d7
Compare
Choose a tag to compare

BREAKING CHANGES:

NOTES:

  • data-source/aws_s3_bucket_object: The metadata attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#33660)
  • data-source/aws_s3_object: The metadata attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#33660)
  • resource/aws_iam_*: This release introduces additional validation of IAM policy JSON arguments to detect duplicate keys. Previously, arguments with duplicated keys resulted in all but one of the key values being overwritten. Since this results in unexpected IAM policies being submitted to AWS, we have updated the validation logic to error in these cases. This may cause existing IAM policy arguments to fail validation, however, those policies are likely not what was originally intended. (#33570)

FEATURES:

  • New Resource: aws_cleanrooms_configured_table (#33602)
  • New Resource: aws_dms_replication_config (#32908)
  • New Resource: aws_lexv2models_bot (#33475)
  • New Resource: aws_rds_custom_db_engine_version (#33285)
  • New Resource: aws_vpclattice_service_network (#30482)

ENHANCEMENTS:

  • data-source/aws_opensearch_domain: Add off_peak_window_options attribute (#30965)
  • resource/aws_cloud9_environment_ec2: Add ubuntu-22.04-x86_64 and resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64 as valid values for image_id (#33662)
  • resource/aws_fsx_ontap_volume: Add bypass_snaplock_enterprise_retention argument and snaplock_configuration configuration block to support SnapLock (#32530)
  • resource/aws_fsx_ontap_volume: Add copy_tags_to_backups and snapshot_policy arguments (#32530)
  • resource/aws_fsx_openzfs_volume: Add delete_volume_options argument (#32530)
  • resource/aws_lightsail_bucket: Add force_delete argument (#33586)
  • resource/aws_opensearch_domain: Add off_peak_window_options configuration block (#30965)
  • resource/aws_opensearch_outbound_connection: Add connection_properties, connection_mode and accept_connection arguments (#32990)
  • resource/aws_schemas_schema: Add JSONSchemaDraft4 schema type support (#33442)
  • resource/aws_wafv2_rule_group: Add rate_based_statement.custom_key configuration block (#33594)
  • resource/aws_wafv2_web_acl: Add rate_based_statement.custom_key configuration block (#33594)

BUG FIXES:

  • resource/aws_batch_job_queue: Correctly validates elements of compute_environments as ARNs (#33577)
  • resource/aws_cloudfront_continuous_deployment_policy: Fix IllegalUpdate errors when updating a staging aws_cloudfront_distribution that is part of continuous deployment (#33578)
  • resource/aws_cloudfront_distribution: Fix IllegalUpdate errors when updating a staging distribution associated with an aws_cloudfront_continuous_deployment_policy (#33578)
  • resource/aws_cloudfront_distribution: Fix PreconditionFailed errors when destroying a distribution associated with an aws_cloudfront_continuous_deployment_policy (#33578)
  • resource/aws_cloudfront_distribution: Fix StagingDistributionInUse errors when destroying a distribution associated with an aws_cloudfront_continuous_deployment_policy (#33578)
  • resource/aws_datasync_location_fsx_ontap_file_system: Correct handling of protocol.smb.domain, protocol.smb.user and protocol.smb.password (#33641)
  • resource/aws_glacier_vault_lock: Fail validation if duplicated keys are found in policy (#33570)
  • resource/aws_iam_group_policy: Fail validation if duplicated keys are found in policy (#33570)
  • resource/aws_iam_policy: Fail validation if duplicated keys are found in policy (#33570)
  • resource/aws_iam_role: Fail validation if duplicated keys are found in assume_role_policy (#33570)
  • resource/aws_iam_role_policy: Fail validation if duplicated keys are found in policy (#33570)
  • resource/aws_iam_user_policy: Fail validation if duplicated keys are found in policy (#33570)
  • resource/aws_mediastore_container_policy: Fail validation if duplicated keys are found in policy (#33570)
  • resource/aws_s3_bucket_policy: Fix intermittent couldn't find resource errors on resource Create (#33537)
  • resource/aws_ssoadmin_permission_set_inline_policy: Fail validation if duplicated keys are found in inline_policy (#33570)
  • resource/aws_transfer_access: Fail validation if duplicated keys are found in policy (#33570)
  • resource/aws_transfer_user: Fail validation if duplicated keys are found in policy (#33570)

v5.18.1

26 Sep 18:24
ae5802a
Compare
Choose a tag to compare

NOTES:

  • documentation: Duplicate CDKTF guides with differing file extensions have been removed to resolve failures in the provider release workflow. (#33630)

v5.18.0

21 Sep 21:33
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: aws_fsx_ontap_file_system (#32503)
  • New Data Source: aws_fsx_ontap_storage_virtual_machine (#32621)
  • New Data Source: aws_fsx_ontap_storage_virtual_machines (#32624)
  • New Data Source: aws_organizations_organizational_unit (#33408)
  • New Resource: aws_opensearch_package (#33227)
  • New Resource: aws_opensearch_package_association (#33227)

ENHANCEMENTS:

  • resource/aws_fsx_ontap_storage_virtual_machine: Remove ForceNew from active_directory_configuration.self_managed_active_directory_configuration.domain_name, active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group and active_directory_configuration.self_managed_active_directory_configuration.organizational_unit_distinguished_name allowing an SVM to join AD after creation (#33466)

BUG FIXES:

  • data-source/aws_sesv2_email_identity: Mark dkim_signing_attributes.domain_signing_private_key as sensitive (#33477)
  • resource/aws_db_instance: Fix so that storage_throughput can be changed when iops and allocated_storage are not changed (#33529)
  • resource/aws_db_option_group: Avoid erroneous differences being reported when an option port and/or version is not set (#33511)
  • resource/aws_fsx_ontap_storage_virtual_machine: Avoid recreating resource when active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group is configured (#33466)
  • resource/aws_fsx_ontap_storage_virtual_machine: Change file_system_id to ForceNew (#32621)
  • resource/aws_s3_bucket_accelerate_configuration: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#33531)
  • resource/aws_s3_bucket_policy: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#33531)
  • resource/aws_s3_bucket_versioning: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#33531)
  • resource/aws_sesv2_email_identity: Mark dkim_signing_attributes.domain_signing_private_key as sensitive (#33477)

v5.17.0

14 Sep 21:28
Compare
Choose a tag to compare

NOTES:

  • data-source/aws_s3_object: Migration to AWS SDK for Go v2 means that the edge case of specifying a single / as the value for key is no longer supported (#33358)

FEATURES:

  • New Resource: aws_shield_application_layer_automatic_response (#33432)
  • New Resource: aws_verifiedaccess_instance (#33459)

ENHANCEMENTS:

  • data-source/aws_s3_object: Add checksum_mode argument and checksum_crc32, checksum_crc32c, checksum_sha1 and checksum_sha256 attributes (#33358)
  • data-source/aws_s3control_multi_region_access_point: Add details.region.bucket_account_id attribute (#33416)
  • resource/aws_s3_object: Add checksum_algorithm argument and checksum_crc32, checksum_crc32c, checksum_sha1 and checksum_sha256 attributes (#33358)
  • resource/aws_s3_object_copy: Add checksum_algorithm argument and checksum_crc32, checksum_crc32c, checksum_sha1 and checksum_sha256 attributes (#33358)
  • resource/aws_s3control_multi_region_access_point: Add details.region.bucket_account_id argument to support cross-account Multi-Region Access Points (#33416)
  • resource/aws_s3control_multi_region_access_point: Add details.region.region attribute (#33416)
  • resource/aws_schemas_schema: Add JSONSchemaDraft4 schema type support (#35971)
  • resource/aws_transfer_connector: Add sftp_config argument and make as2_config optional (#32741)
  • resource/aws_wafv2_web_acl: Retry resource Update on WAFOptimisticLockException errors (#33432)

BUG FIXES:

  • resource/aws_dms_replication_task: Fix error when replication_task_settings is nil (#33456)
  • resource/aws_elasticache_cluster: Fix regression for redis engine types caused by the new transit_encryption_enabled argument (#33451)
  • resource/aws_neptune_cluster: Fix ignored kms_key_arn on restore from DB cluster snapshot (#33413)
  • resource/aws_servicecatalog_product: Allow import on provisioning_artifact_parameters attribute (#33448)
  • resource/aws_subnet: Fix destroy error when there is a lingering ENI for DMS (#33375)

v5.16.2

11 Sep 22:31
73a8fec
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: aws_cognito_identity_pool (#33053)
  • New Resource: aws_verifiedaccess_trust_provider (#33195)

ENHANCEMENTS:

  • resource/aws_autoscaling_group: Change the default values of instance_refresh.preferences.scale_in_protected_instances and instance_refresh.preferences.standby_instances from Wait to the Amazon EC2 Auto Scaling console recommended value of Ignore (#33382)
  • resource/aws_s3control_object_lambda_access_point: Add alias attribute (#33388)

BUG FIXES:

  • resource/aws_autoscaling_group: Fix ValidationError errors when starting Auto Scaling group instance refresh (#33382)
  • resource/aws_iot_topic_rule: Fix InvalidParameter errors on Update with Kafka destinations (#33360)
  • resource/aws_lightsail_certificate: Fix validation of name (#33405)
  • resource/aws_lightsail_database: Fix validation of name (#33405)
  • resource/aws_lightsail_disk: Fix validation of name (#33405)
  • resource/aws_lightsail_instance: Fix validation of name (#33405)
  • resource/aws_lightsail_lb: Fix validation of lb_name (#33405)
  • resource/aws_lightsail_lb_attachment: Fix validation of lb_name (#33405)
  • resource/aws_lightsail_lb_certificate: Fix validation of lb_name (#33405)
  • resource/aws_lightsail_lb_certificate_attachment: Fix validation of lb_name (#33405)
  • resource/aws_lightsail_lb_https_redirection_policy: Fix validation of lb_name (#33405)
  • resource/aws_lightsail_lb_stickiness_policy: Fix validation of lb_name (#33405)