Releases: hashicorp/terraform-provider-aws
Releases · hashicorp/terraform-provider-aws
v5.23.0
NOTES:
- provider: This release includes an update to the AWS SDK for Go v2 with breaking type changes to several services:
finspace
,kafka
,medialive
,rds
,s3control
,timestreamwrite
, andxray
. These changes primarily affect how arguments with default values are serialized for outbound requests, changing scalar types to pointers. See this AWS SDK for Go V2 issue for additional context. The corresponding provider changes should make this breakfix transparent to users, but as with any breaking change there is the potential for missed edge cases. If errors are observed in the impacted resources, please link to this dependency update pull request in the bug report. (#34096)
FEATURES:
- New Resource:
aws_iot_domain_configuration
(#24765)
ENHANCEMENTS:
- data-source/aws_imagebuilder_image: Add
image_scanning_configuration
attribute (#34049) - resource/aws_config_config_rule: Add
evaluation_mode
attribute (#34033) - resource/aws_elasticache_replication_group: Add
ip_discovery
andnetwork_type
arguments (#34019) - resource/aws_imagebuilder_image: Add
image_scanning_configuration
configuration block (#34049) - resource/aws_kms_key: Add configurable timeouts (#34112)
- resource/aws_lambda_function: Add
vpc_config.ipv6_allowed_for_dual_stack
argument (#34045) - resource/aws_lb: Add
dns_record_client_routing_policy
attribute to configure Availability Zonal DNS affinity on Network Load Balancer (NLB) (#33992) - resource/aws_lb_target_group: Add
target_health_state
configuration block (#34070) - resource/aws_lb_target_group: Remove default value (
false
) forconnection_termination
argument and mark as Computed, to support new default behavior for UDP/TCP_UDP target groups (#34070) - resource/aws_neptune_cluster: Add
slowquery
as a validenable_cloudwatch_logs_exports
value (#34053)
BUG FIXES:
- provider/tags: Prevent crash when
tags_all
is null (#34073) - resource/aws_autoscaling_group: Fix error when
launch_template
name is updated. (#34086) - resource/aws_dms_s3_endpoint: Don't send the default value of
false
foradd_trailing_padding_character
, maintaining compatibility with older (pre-3.4.7) DMS engine versions (#34048) - resource/aws_ecs_task_definition: Add
0
as a valid value forvolume.efs_volume_configuration.transit_encryption_port
, preventing unexpected drift (#34020) - resource/aws_identitystore_group: Fix updating
description
attribute when it is changed (#34037) - resource/aws_iot_indexing_configuration: Add
thing_indexing_configuration.filter
attribute, resolvingInvalidRequestException: NamedShadowNames Filter must not be empty for enabling NamedShadowIndexingMode
errors (#26859) - resource/aws_storagegateway_gateway: Support the value
0
(representing Sunday) formaintenance_start_time.day_of_week
(#34015) - resource/aws_verifiedaccess_group: Fix
InvalidParameterValue: Policy Document cannot be provided when Policy Enabled is false or missing
errors when updatingpolicy_document
(#34054)
v5.22.0
FEATURES:
- New Data Source:
aws_media_convert_queue
(#27075) - New Resource:
aws_elasticsearch_vpc_endpoint
(#33925) - New Resource:
aws_msk_replicator
(#33973)
ENHANCEMENTS:
- data-source/aws_ec2_client_vpn_endpoint: Add
self_service_portal_url
attribute (#34007) - resource/aws_alb: Support import of
name_prefix
argument (#33852) - resource/aws_alb_target_group: Support import of
name_prefix
argument (#33852) - resource/aws_cloudfront_public_key: Support import of
name_prefix
argument (#33852) - resource/aws_db_option_group: Support import of
name_prefix
argument (#33852) - resource/aws_docdb_cluster: Support import of
cluster_identifier_prefix
argument (#33852) - resource/aws_docdb_cluster_instance: Support import of
identifier_prefix
argument (#33852) - resource/aws_docdb_cluster_parameter_group: Support import of
name_prefix
argument (#33852) - resource/aws_docdb_subnet_group: Support import of
name_prefix
argument (#33852) - resource/aws_ec2_client_vpn_endpoint: Add
self_service_portal_url
attribute (#34007) - resource/aws_elb: Support import of
name_prefix
argument (#33852) - resource/aws_emr_security_configuration: Support import of
name_prefix
argument (#33852) - resource/aws_iam_group_policy: Support import of
name_prefix
argument (#33852) - resource/aws_iam_role_policy: Support import of
name_prefix
argument (#33852) - resource/aws_iam_user_policy: Support import of
name_prefix
argument (#33852) - resource/aws_iot_provisioning_template: Add
type
attribute (#33950) - resource/aws_lb: Support import of
name_prefix
argument (#33852) - resource/aws_lb_target_group: Support import of
name_prefix
argument (#33852) - resource/aws_neptune_cluster: Support import of
cluster_identifier_prefix
argument (#33852) - resource/aws_neptune_cluster_instance: Support import of
identifier_prefix
argument (#33852) - resource/aws_neptune_cluster_parameter_group: Support import of
name_prefix
argument (#33852) - resource/aws_neptune_event_subscription: Support import of
name_prefix
argument (#33852) - resource/aws_pinpoint_app: Support import of
name_prefix
argument (#33852) - resource/aws_rds_cluster: Support import of
cluster_identifier_prefix
argument (#33852) - resource/aws_rds_cluster_instance: Support import of
identifier_prefix
argument (#33852) - resource/aws_signer_signing_profile: Support import of
name_prefix
argument (#33852) - resource/aws_signer_signing_profile_permission: Add
signer:SignPayload
as a validaction
value (#33852) - resource/aws_signer_signing_profile_permission: Support import of
statement_id_prefix
argument (#33852) - resource/aws_transfer_server: Change
pre_authentication_login_banner
andpost_authentication_login_banner
length limits to 4096 (#33937) - resource/aws_wafv2_web_acl: Add
ja3_fingerprint
tofield_to_match
configuration blocks (#33933)
BUG FIXES:
- data-source/aws_dms_certificate: Fix crash when certificate not found (#34012)
- resource/aws_cloudformation_stack: Fix error when
computed
values are not set when there is no update (#33969) - resource/aws_codecommit_repository: Doesn't force replacement when renaming (#32207)
- resource/aws_db_instance: Creating resource from snapshot or point-in-time recovery now handles
manage_master_user_password
andmaster_user_secret_kms_key_id
attributes correctly (#33699) - resource/aws_elasticache_replication_group: Fix error when switching
engine_version
from6.x
to a specific6.<digit>
version number (#33954) - resource/aws_iam_role: Fix refreshing
permission_boundary
when deleted outside of Terraform (#33963) - resource/aws_iam_user: Fix refreshing
permission_boundary
when deleted outside of Terraform (#33963) - resource/aws_inspector2_enabler: Fix
Value at 'resourceTypes' failed to satisfy constraint
errors (#33348) - resource/aws_neptune_cluster_instance: Remove ForceNew from
engine_version
(#33487) - resource/aws_neptune_cluster_parameter_group: Fix condition where defined cluster parameters with system default values are seen as updates (#33487)
- resource/aws_s3_bucket_object_lock_configuration: Fix
found resource
errors on Delete (#33966)
v5.21.0
FEATURES:
- New Data Source:
aws_servicequotas_templates
(#33871) - New Resource:
aws_ec2_image_block_public_access
(#33810) - New Resource:
aws_guardduty_organization_configuration_feature
(#33913) - New Resource:
aws_servicequotas_template_association
(#33725) - New Resource:
aws_verifiedaccess_group
(#33297) - New Resource:
aws_verifiedaccess_instance_logging_configuration
(#33864)
ENHANCEMENTS:
- data-source/aws_dms_endpoint: Add
s3_settings.glue_catalog_generation
attribute (#33778) - data-source/aws_msk_cluster: Add
cluster_uuid
attribute (#33805) - resource/aws_codedeploy_deployment_group: Add
outdated_instances_strategy
argument (#33844) - resource/aws_dms_endpoint: Add
s3_settings.glue_catalog_generation
attribute (#33778) - resource/aws_dms_s3_endpoint: Add
glue_catalog_generation
attribute (#33778) - resource/aws_docdb_cluster: Add
allow_major_version_upgrade
argument (#33790) - resource/aws_docdb_cluster_instance: Add
copy_tags_to_snapshot
argument (#31022) - resource/aws_dynamodb_table: Add
import_table
configuration block (#33802) - resource/aws_msk_cluster: Add
cluster_uuid
attribute (#33805) - resource/aws_msk_serverless_cluster: Add
cluster_uuid
attribute (#33805) - resource/aws_networkmanager_core_network: Add
base_policy_document
argument (#33712) - resource/aws_redshiftserverless_workgroup: Allow
require_ssl
anduse_fips_ssl
config_parameters
keys (#33916) - resource/aws_s3_bucket: Use configurable timeout for resource Delete (#33845)
- resource/aws_verifiedaccess_instance: Add
fips_enabled
argument (#33880) - resource/aws_vpclattice_target_group: Add
config.lambda_event_structure_version
argument (#33804) - resource/aws_vpclattice_target_group: Make
config.port
,config.protocol
andconfig.vpc_identifier
optional (#33804) - resource/aws_wafv2_web_acl: Add
aws_managed_rules_acfp_rule_set
tomanaged_rule_group_configs
configuration block (#33915)
BUG FIXES:
- provider: Respect valid values for the
AWS_S3_US_EAST_1_REGIONAL_ENDPOINT
environment variable when configuring the S3 API client (#33874) - resource/aws_appflow_connector_profile: Fix various crashes (#33856)
- resource/aws_db_parameter_group: Group names containing periods (
.
) no longer fail validation (#33704) - resource/aws_opensearchserverless_collection: Fix crash when error is returned (#33918)
- resource/aws_rds_cluster_parameter_group: Group names containing periods (
.
) no longer fail validation (#33704)
v5.20.1
NOTES:
- provider: Build with Terraform Plugin Framework v1.4.1, fixing potential initialization errors when using v1.6 of the Terraform CLI.
v5.20.0
FEATURES:
- New Resource:
aws_guardduty_detector_feature
(#31463) - New Resource:
aws_servicequotas_template
(#33688) - New Resource:
aws_sesv2_account_vdm_attributes
(#33705) - New Resource:
aws_verifiedaccess_instance_trust_provider_attachment
(#33734)
ENHANCEMENTS:
- data-source/aws_guardduty_detector: Add
features
attribute (#31463) - resource/aws_finspace_kx_cluster: Increase default creation timeout to 45 minutes, default deletion timeout to 60 minutes (#33745)
- resource/aws_finspace_kx_environment: Increase default deletion timeout to 45 minutes (#33745)
- resource/aws_guardduty_filter: Add plan-time validation of
name
(#21030) - resource/aws_kinesis_firehose_delivery_stream: Add
opensearchserverless_configuration
andmsk_source_configuration
configuration blocks (#33101) - resource/aws_kinesis_firehose_delivery_stream: Add
opensearchserverless
as a validdestination
value (#33101)
BUG FIXES:
- data-source/aws_fsx_ontap_storage_virtual_machine: Fix crash when
active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
is not configured (#33800) - resource/aws_ec2_transit_gateway_route : Fix TGW route search filter to avoid routes being missed when more than 1,000 static routes are in a TGW route table (#33765)
- resource/aws_fsx_ontap_storage_virtual_machine: Fix crash when
active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
is not configured (#33800) - resource/aws_medialive_channel: Fix VPC settings flatten/expand/docs. (#33558)
- resource/aws_vpc_endpoint: Set
dns_options.dns_record_ip_type
toComputed
to prevent diffs (#33743)
v5.19.0
BREAKING CHANGES:
- data-source/aws_s3_bucket_object: Following migration to AWS SDK for Go v2, the
metadata
attribute's keys are always returned in lowercase (#33660) - data-source/aws_s3_object: Following migration to AWS SDK for Go v2, the
metadata
attribute's keys are always returned in lowercase (#33660)
NOTES:
- data-source/aws_s3_bucket_object: The
metadata
attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#33660) - data-source/aws_s3_object: The
metadata
attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#33660) - resource/aws_iam_*: This release introduces additional validation of IAM policy JSON arguments to detect duplicate keys. Previously, arguments with duplicated keys resulted in all but one of the key values being overwritten. Since this results in unexpected IAM policies being submitted to AWS, we have updated the validation logic to error in these cases. This may cause existing IAM policy arguments to fail validation, however, those policies are likely not what was originally intended. (#33570)
FEATURES:
- New Resource:
aws_cleanrooms_configured_table
(#33602) - New Resource:
aws_dms_replication_config
(#32908) - New Resource:
aws_lexv2models_bot
(#33475) - New Resource:
aws_rds_custom_db_engine_version
(#33285) - New Resource:
aws_vpclattice_service_network
(#30482)
ENHANCEMENTS:
- data-source/aws_opensearch_domain: Add
off_peak_window_options
attribute (#30965) - resource/aws_cloud9_environment_ec2: Add
ubuntu-22.04-x86_64
andresolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64
as valid values forimage_id
(#33662) - resource/aws_fsx_ontap_volume: Add
bypass_snaplock_enterprise_retention
argument andsnaplock_configuration
configuration block to support SnapLock (#32530) - resource/aws_fsx_ontap_volume: Add
copy_tags_to_backups
andsnapshot_policy
arguments (#32530) - resource/aws_fsx_openzfs_volume: Add
delete_volume_options
argument (#32530) - resource/aws_lightsail_bucket: Add
force_delete
argument (#33586) - resource/aws_opensearch_domain: Add
off_peak_window_options
configuration block (#30965) - resource/aws_opensearch_outbound_connection: Add
connection_properties
,connection_mode
andaccept_connection
arguments (#32990) - resource/aws_schemas_schema: Add
JSONSchemaDraft4
schema type support (#33442) - resource/aws_wafv2_rule_group: Add
rate_based_statement.custom_key
configuration block (#33594) - resource/aws_wafv2_web_acl: Add
rate_based_statement.custom_key
configuration block (#33594)
BUG FIXES:
- resource/aws_batch_job_queue: Correctly validates elements of
compute_environments
as ARNs (#33577) - resource/aws_cloudfront_continuous_deployment_policy: Fix
IllegalUpdate
errors when updating a stagingaws_cloudfront_distribution
that is part of continuous deployment (#33578) - resource/aws_cloudfront_distribution: Fix
IllegalUpdate
errors when updating a staging distribution associated with anaws_cloudfront_continuous_deployment_policy
(#33578) - resource/aws_cloudfront_distribution: Fix
PreconditionFailed
errors when destroying a distribution associated with anaws_cloudfront_continuous_deployment_policy
(#33578) - resource/aws_cloudfront_distribution: Fix
StagingDistributionInUse
errors when destroying a distribution associated with anaws_cloudfront_continuous_deployment_policy
(#33578) - resource/aws_datasync_location_fsx_ontap_file_system: Correct handling of
protocol.smb.domain
,protocol.smb.user
andprotocol.smb.password
(#33641) - resource/aws_glacier_vault_lock: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_iam_group_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_iam_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_iam_role: Fail validation if duplicated keys are found in
assume_role_policy
(#33570) - resource/aws_iam_role_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_iam_user_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_mediastore_container_policy: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_s3_bucket_policy: Fix intermittent
couldn't find resource
errors on resource Create (#33537) - resource/aws_ssoadmin_permission_set_inline_policy: Fail validation if duplicated keys are found in
inline_policy
(#33570) - resource/aws_transfer_access: Fail validation if duplicated keys are found in
policy
(#33570) - resource/aws_transfer_user: Fail validation if duplicated keys are found in
policy
(#33570)
v5.18.1
v5.18.0
FEATURES:
- New Data Source:
aws_fsx_ontap_file_system
(#32503) - New Data Source:
aws_fsx_ontap_storage_virtual_machine
(#32621) - New Data Source:
aws_fsx_ontap_storage_virtual_machines
(#32624) - New Data Source:
aws_organizations_organizational_unit
(#33408) - New Resource:
aws_opensearch_package
(#33227) - New Resource:
aws_opensearch_package_association
(#33227)
ENHANCEMENTS:
- resource/aws_fsx_ontap_storage_virtual_machine: Remove ForceNew from
active_directory_configuration.self_managed_active_directory_configuration.domain_name
,active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
andactive_directory_configuration.self_managed_active_directory_configuration.organizational_unit_distinguished_name
allowing an SVM to join AD after creation (#33466)
BUG FIXES:
- data-source/aws_sesv2_email_identity: Mark
dkim_signing_attributes.domain_signing_private_key
as sensitive (#33477) - resource/aws_db_instance: Fix so that
storage_throughput
can be changed wheniops
andallocated_storage
are not changed (#33529) - resource/aws_db_option_group: Avoid erroneous differences being reported when an
option
port
and/orversion
is not set (#33511) - resource/aws_fsx_ontap_storage_virtual_machine: Avoid recreating resource when
active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
is configured (#33466) - resource/aws_fsx_ontap_storage_virtual_machine: Change
file_system_id
to ForceNew (#32621) - resource/aws_s3_bucket_accelerate_configuration: Retry resource Delete on
OperationAborted: A conflicting conditional operation is currently in progress against this resource
errors (#33531) - resource/aws_s3_bucket_policy: Retry resource Delete on
OperationAborted: A conflicting conditional operation is currently in progress against this resource
errors (#33531) - resource/aws_s3_bucket_versioning: Retry resource Delete on
OperationAborted: A conflicting conditional operation is currently in progress against this resource
errors (#33531) - resource/aws_sesv2_email_identity: Mark
dkim_signing_attributes.domain_signing_private_key
as sensitive (#33477)
v5.17.0
NOTES:
- data-source/aws_s3_object: Migration to AWS SDK for Go v2 means that the edge case of specifying a single
/
as the value forkey
is no longer supported (#33358)
FEATURES:
- New Resource:
aws_shield_application_layer_automatic_response
(#33432) - New Resource:
aws_verifiedaccess_instance
(#33459)
ENHANCEMENTS:
- data-source/aws_s3_object: Add
checksum_mode
argument andchecksum_crc32
,checksum_crc32c
,checksum_sha1
andchecksum_sha256
attributes (#33358) - data-source/aws_s3control_multi_region_access_point: Add
details.region.bucket_account_id
attribute (#33416) - resource/aws_s3_object: Add
checksum_algorithm
argument andchecksum_crc32
,checksum_crc32c
,checksum_sha1
andchecksum_sha256
attributes (#33358) - resource/aws_s3_object_copy: Add
checksum_algorithm
argument andchecksum_crc32
,checksum_crc32c
,checksum_sha1
andchecksum_sha256
attributes (#33358) - resource/aws_s3control_multi_region_access_point: Add
details.region.bucket_account_id
argument to support cross-account Multi-Region Access Points (#33416) - resource/aws_s3control_multi_region_access_point: Add
details.region.region
attribute (#33416) - resource/aws_schemas_schema: Add
JSONSchemaDraft4
schema type support (#35971) - resource/aws_transfer_connector: Add
sftp_config
argument and makeas2_config
optional (#32741) - resource/aws_wafv2_web_acl: Retry resource Update on
WAFOptimisticLockException
errors (#33432)
BUG FIXES:
- resource/aws_dms_replication_task: Fix error when
replication_task_settings
isnil
(#33456) - resource/aws_elasticache_cluster: Fix regression for
redis
engine types caused by the newtransit_encryption_enabled
argument (#33451) - resource/aws_neptune_cluster: Fix ignored
kms_key_arn
on restore from DB cluster snapshot (#33413) - resource/aws_servicecatalog_product: Allow import on
provisioning_artifact_parameters
attribute (#33448) - resource/aws_subnet: Fix destroy error when there is a lingering ENI for DMS (#33375)
v5.16.2
FEATURES:
- New Data Source:
aws_cognito_identity_pool
(#33053) - New Resource:
aws_verifiedaccess_trust_provider
(#33195)
ENHANCEMENTS:
- resource/aws_autoscaling_group: Change the default values of
instance_refresh.preferences.scale_in_protected_instances
andinstance_refresh.preferences.standby_instances
fromWait
to the Amazon EC2 Auto Scaling console recommended value ofIgnore
(#33382) - resource/aws_s3control_object_lambda_access_point: Add
alias
attribute (#33388)
BUG FIXES:
- resource/aws_autoscaling_group: Fix
ValidationError
errors when starting Auto Scaling group instance refresh (#33382) - resource/aws_iot_topic_rule: Fix
InvalidParameter
errors on Update with Kafka destinations (#33360) - resource/aws_lightsail_certificate: Fix validation of
name
(#33405) - resource/aws_lightsail_database: Fix validation of
name
(#33405) - resource/aws_lightsail_disk: Fix validation of
name
(#33405) - resource/aws_lightsail_instance: Fix validation of
name
(#33405) - resource/aws_lightsail_lb: Fix validation of
lb_name
(#33405) - resource/aws_lightsail_lb_attachment: Fix validation of
lb_name
(#33405) - resource/aws_lightsail_lb_certificate: Fix validation of
lb_name
(#33405) - resource/aws_lightsail_lb_certificate_attachment: Fix validation of
lb_name
(#33405) - resource/aws_lightsail_lb_https_redirection_policy: Fix validation of
lb_name
(#33405) - resource/aws_lightsail_lb_stickiness_policy: Fix validation of
lb_name
(#33405)