ENHANCEMENTS:
- resource/aws_account_alternate_contact: Add configurable timeouts (#23516)
- resource/aws_s3_bucket: Add error handling for
NotImplemented
errors when readingobject_lock_enabled
andobject_lock_configuration
into terraform state. (#13366) - resource/aws_s3_bucket: Add top-level
object_lock_enabled
parameter (#23556) - resource/aws_s3_bucket_replication_configuration: Add
token
field to specify x-amz-bucket-object-lock-token for enabling replication on object lock enabled buckets or enabling object lock on an existing bucket. (#23624) - resource/aws_servicecatalog_budget_resource_association: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_constraint: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_organizations_access: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_portfolio: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_portfolio_share: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_principal_portfolio_association: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_product: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_product_portfolio_association: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_provisioned_product: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_provisioning_artifact: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_service_action: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_tag_option: Add configurable timeouts (#23518)
- resource/aws_servicecatalog_tag_option_resource_association: Add configurable timeouts (#23518)
- resource/aws_synthetics_canary: Add optional
environment_variables
torun_config
. (#23574)
BUG FIXES:
- resource/aws_account_alternate_contact: Improve eventual consistency handling to avoid "no resource found" on updates (#23516)
- resource/aws_image_builder_image_recipe: Fix regression in 4.3.0 whereby Windows-based images wouldn't build because of the newly introduced
systems_manager_agent.uninstall_after_build
argument. (#23580) - resource/aws_kms_external_key: Increase
tags
eventual consistency timeout from 5 minutes to 10 minutes (#23593) - resource/aws_kms_key: Increase
description
andtags
eventual consistency timeouts from 5 minutes to 10 minutes (#23593) - resource/aws_kms_replica_external_key: Increase
tags
eventual consistency timeout from 5 minutes to 10 minutes (#23593) - resource/aws_kms_replica_key: Increase
tags
eventual consistency timeout from 5 minutes to 10 minutes (#23593) - resource/aws_s3_bucket_lifecycle_configuration: Correctly configure
rule.filter.object_size_greater_than
andrule.filter.object_size_less_than
in API requests and terraform state (#23441) - resource/aws_s3_bucket_lifecycle_configuration: Prevent drift when
rule.noncurrent_version_expiration.newer_noncurrent_versions
orrule.noncurrent_version_transition.newer_noncurrent_versions
is not specified (#23441) - resource/aws_s3_bucket_replication_configuration: Correctly configure empty
rule.filter
configuration block in API requests (#23586) - resource/aws_s3_bucket_replication_configuration: Ensure both
key
andvalue
arguments of therule.filter.tag
configuration block are correctly populated in the outgoing API request and terraform state. (#23579) - resource/aws_s3_bucket_replication_configuration: Prevent inconsistent final plan when
rule.filter.prefix
is an empty string (#23586)
FEATURES:
- New Data Source:
aws_connect_queue
(#22768) - New Data Source:
aws_ec2_serial_console_access
(#23443) - New Data Source:
aws_ec2_transit_gateway_connect
(#22181) - New Data Source:
aws_ec2_transit_gateway_connect_peer
(#22181) - New Resource:
aws_apprunner_vpc_connector
(#23173) - New Resource:
aws_connect_routing_profile
(#22813) - New Resource:
aws_connect_user_hierarchy_structure
(#22836) - New Resource:
aws_ec2_network_insights_path
(#23330) - New Resource:
aws_ec2_serial_console_access
(#23443) - New Resource:
aws_ec2_transit_gateway_connect
(#22181) - New Resource:
aws_ec2_transit_gateway_connect_peer
(#22181) - New Resource:
aws_grafana_license_association
(#23401) - New Resource:
aws_route53domains_registered_domain
(#12711)
ENHANCEMENTS:
- data-source/aws_ec2_transit_gateway: Add
transit_gateway_cidr_blocks
attribute (#22181) - data-source/aws_eks_node_group: Add
taints
attribute (#23452) - resource/aws_apprunner_service: Add
network_configuration
argument (#23173) - resource/aws_cloudwatch_metric_alarm: Additional allowed values for
extended_statistic
andmetric_query.metric.stat
arguments (#22942) - resource/aws_ec2_transit_gateway: Add custom
timeouts
block (#22181) - resource/aws_ec2_transit_gateway: Add
transit_gateway_cidr_blocks
argument (#22181) - resource/aws_eks_cluster: Retry when
ResourceInUseException
errors are returned from the AWS API during resource deletion (#23366) - resource/aws_glue_job: Add support for streaming jobs by removing the default value for the
timeout
argument and marking it as Computed (#23275) - resource/aws_lambda_function: Add support for
dotnet6
runtime
value (#23426) - resource/aws_lambda_layer_version: Add support for
dotnet6
compatible_runtimes
value (#23426) - resource/aws_route:
nat_gateway_id
target no longer conflicts withdestination_ipv6_cidr_block
(#23427)
BUG FIXES:
- resource/aws_dms_endpoint: Fix bug where KMS key was ignored for DynamoDB, OpenSearch, Kafka, Kinesis, Oracle, PostgreSQL, and S3 engines. (#23444)
- resource/aws_networkfirewall_rule_group: Allow any character in
source
anddestination
rule_group.rules_source.stateful_rule.header
arguments as per the AWS API docs (#22727) - resource/aws_opsworks_application: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_custom_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_ecs_cluster_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_ganglia_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_haproxy_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_instance: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_java_app_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_memcached_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_mysql_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_nodejs_app_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_php_app_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_rails_app_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_rds_db_instance: Correctly remove from state in certain deletion situations (#23397)
- resource/aws_opsworks_stack: Fix error reported on successful deletion, lack of eventual consistency wait (#23397)
- resource/aws_opsworks_static_web_layer: Fix error reported on successful deletion (#23397)
- resource/aws_opsworks_user_profile: Fix error reported on successful deletion (#23397)
- resource/aws_route53_resolver_firewall_domain_list: Remove limit for number of
domains
. (#23485) - resource/aws_synthetics_canary: Retry canary creation if it fails because of IAM propagation. (#23394)
NOTES:
- resource/aws_internet_gateway: Set
vpc_id
as Computed to prevent drift when theaws_internet_gateway_attachment
resource is used (#16386) - resource/aws_s3_bucket_lifecycle_configuration: The
prefix
argument of therule
configuration block has been deprecated. Use thefilter
configuration block instead. (#23325)
FEATURES:
- New Data Source:
aws_ec2_transit_gateway_multicast_domain
(#22756) - New Data Source:
aws_ec2_transit_gateway_vpc_attachments
(#12409) - New Resource:
aws_ec2_transit_gateway_multicast_domain
(#22756) - New Resource:
aws_ec2_transit_gateway_multicast_domain_association
(#22756) - New Resource:
aws_ec2_transit_gateway_multicast_group_member
(#22756) - New Resource:
aws_ec2_transit_gateway_multicast_group_source
(#22756) - New Resource:
aws_internet_gateway_attachment
(#16386) - New Resource:
aws_opsworks_ecs_cluster_layer
(#12495) - New Resource:
aws_vpc_endpoint_policy
(#17039)
ENHANCEMENTS:
- data-source/aws_ec2_transit_gateway: Add
multicast_support
attribute (#22756) - provider: Improves error message when
Profile
and static credential environment variables are set. (#23388) - provider: Makes
region
an optional parameter to allow sourcing from shared config files and IMDS (#23384) - provider: Retrieves region from IMDS when credentials retrieved from IMDS. (#23388)
- resource/aws_connect_queue: The
quick_connect_ids
argument can now be updated in-place (#22821) - resource/aws_connect_security_profile: add
permissions
attribute to read (#22761) - resource/aws_ec2_fleet: Add
context
argument (#23304) - resource/aws_ec2_transit_gateway: Add
multicast_support
argument (#22756) - resource/aws_imagebuilder_image_pipeline: Add
schedule.timezone
argument (#23322) - resource/aws_imagebuilder_image_recipe: Add
systems_manager_agent.uninstall_after_build
argument (#23293) - resource/aws_instance: Prevent double base64 encoding of
user_data
anduser_data_base64
on update (#23362) - resource/aws_s3_bucket: Add error handling for
NotImplemented
error when readinglogging
into terraform state (#23398) - resource/aws_s3_bucket_object_lock_configuration: Mark
token
argument as sensitive (#23368) - resource/aws_servicecatalog_provisioned_product: Add
outputs
attribute (#23270)
BUG FIXES:
- provider: Validates names of named profiles before use. (#23388)
- resource/aws_dms_replication_task: Allow
cdc_start_position
to be computed (#23328) - resource/aws_ecs_cluster: Fix bug preventing describing clusters in ISO regions (#23341)
FEATURES:
- New Data Source:
aws_grafana_workspace
(#22874) - New Data Source:
aws_iam_openid_connect_provider
(#23240) - New Data Source:
aws_ssm_instances
(#23162) - New Resource:
aws_cloudtrail_event_data_store
(#22490) - New Resource:
aws_grafana_workspace
(#22874)
ENHANCEMENTS:
- provider: Add
custom_ca_bundle
argument (#23279) - provider: Add
sts_region
argument (#23212) - provider: Expands environment variables in file paths in provider configuration. (#23282)
- provider: Updates list of valid AWS regions (#23282)
- resource/aws_dms_endpoint: Add
s3_settings.add_column_name
,s3_settings.canned_acl_for_objects
,s3_settings.cdc_inserts_and_updates
,s3_settings.cdc_inserts_only
,s3_settings.cdc_max_batch_interval
,s3_settings.cdc_min_file_size
,s3_settings.cdc_path
,s3_settings.csv_no_sup_value
,s3_settings.csv_null_value
,s3_settings.data_page_size
,s3_settings.date_partition_delimiter
,s3_settings.date_partition_sequence
,s3_settings.dict_page_size_limit
,s3_settings.enable_statistics
,s3_settings.encoding_type
,s3_settings.ignore_headers_row
,s3_settings.include_op_for_full_load
,s3_settings.max_file_size
,s3_settings.preserve_transactions
,s3_settings.rfc_4180
,s3_settings.row_group_length
,s3_settings.timestamp_column_name
,s3_settings.use_csv_no_sup_value
arguments (#20913) - resource/aws_elasticache_replication_group: Add plan-time validation to
description
andreplication_group_description
to ensure non-empty strings (#23254) - resource/aws_fms_policy: Add
delete_unused_fm_managed_resources
argument (#21295) - resource/aws_fms_policy: Add
tags
argument andtags_all
attribute to support resource tagging (#21299) - resource/aws_imagebuilder_image_recipe: Update plan time validation of
block_device_mapping.ebs.kms_key_id
,block_device_mapping.ebs.snapshot_id
,block_device_mapping.ebs.volume_type
,name
,parent_image
. (#23235) - resource/aws_instance: Allow updates to
user_data
anduser_data_base64
without forcing resource replacement (#18043) - resource/aws_s3_bucket: Add error handling for
MethodNotAllowed
andXNotImplemented
errors when readingwebsite
into terraform state. (#23278) - resource/aws_s3_bucket: Add error handling for
NotImplemented
errors when readingacceleration_status
,policy
, orrequest_payer
into terraform state. (#23278)
BUG FIXES:
- provider: Credentials with expiry, such as assuming a role, would not renew. (#23282)
- provider: Setting a custom CA bundle caused the provider to fail. (#23282)
- resource/aws_iam_instance_profile: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_openid_connect_provider: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_policy: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_saml_provider: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_server_certificate: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_service_linked_role: Improve tag handling in ISO regions (#23283)
- resource/aws_iam_virtual_mfa_device: Improve tag handling in ISO regions (#23283)
- resource/aws_s3_bucket_lifecycle_configuration: Ensure both
key
andvalue
arguments of thefilter
tag
configuration block are correctly populated in the outgoing API request and terraform state. (#23252) - resource/aws_s3_bucket_lifecycle_configuration: Prevent non-empty plans when
filter
is an empty configuration block (#23232)
FEATURES:
- New Data Source:
aws_backup_framework
(#23193) - New Data Source:
aws_backup_report_plan
(#23146) - New Data Source:
aws_imagebuilder_container_recipe
(#23040) - New Data Source:
aws_imagebuilder_container_recipes
(#23134) - New Data Source:
aws_service
(#16640) - New Resource:
aws_backup_framework
(#23175) - New Resource:
aws_backup_report_plan
(#23098) - New Resource:
aws_gamelift_script
(#11560) - New Resource:
aws_iam_service_specific_credential
(#16185) - New Resource:
aws_iam_signing_certificate
(#23161) - New Resource:
aws_iam_virtual_mfa_device
(#23113) - New Resource:
aws_imagebuilder_container_recipe
(#22965)
ENHANCEMENTS:
- data-source/aws_imagebuilder_image_pipeline: Add
container_recipe_arn
attribute (#23111) - data-source/aws_kms_public_key: Add
public_key_pem
attribute (#23130) - resource/aws_api_gateway_authorizer: Add
arn
attribute. (#23151) - resource/aws_autoscaling_group: Disable scale-in protection before draining instances (#23187)
- resource/aws_cloudformation_stack_set: Add
call_as
argument (#22440) - resource/aws_elastic_transcoder_preset: Add plan time validations to
audio.audio_packing_mode
,audio.channels
,audio.codec
,audio.sample_rate
,audio_codec_options.bit_depth
,audio_codec_options.bit_order
,audio_codec_options.profile
,audio_codec_options.signed
,audio_codec_options.signed
,container
,thumbnails.aspect_ratio
,thumbnails.format
,thumbnails.padding_policy
,thumbnails.sizing_policy
,type
,video.aspect_ratio
,video.codec
,video.display_aspect_ratio
,video.fixed_gop
,video.frame_rate
,video.max_frame_rate
,video.padding_policy
,video.sizing_policy
,video_watermarks.horizontal_align
,video_watermarks.id
,video_watermarks.sizing_policy
,video_watermarks.target
,video_watermarks.vertical_align
(#13974) - resource/aws_elastic_transcoder_preset: Allow
audio.bit_rate
to be computed. (#13974) - resource/aws_gamelift_build: Add
object_version
argument tostorage_location
block. (#22966) - resource/aws_gamelift_build: Add import support (#22966)
- resource/aws_gamelift_fleet: Add
certificate_configuration
argument (#22967) - resource/aws_gamelift_fleet: Add import support (#22967)
- resource/aws_gamelift_fleet: Add plan time validation to
ec2_instance_type
(#22967) - resource/aws_gamelift_fleet: Adds
script_arn
attribute. (#11560) - resource/aws_gamelift_fleet: Adds
script_id
argument. (#11560) - resource/aws_glue_catalog_database: Add support
create_table_default_permission
argument (#22964) - resource/aws_glue_trigger: Add
event_batching_condition
argument. (#22963) - resource/aws_iam_user_login_profile: Make
pgp_key
optional (#12384) - resource/aws_imagebuilder_image_pipeline: Add
container_recipe_arn
argument (#23111) - resource/aws_prometheus_workspace: Add
tags
argument andtags_all
attribute to support resource tagging (#23202) - resource/aws_ssm_association: Add
arn
attribute (#17732) - resource/aws_ssm_association: Add
wait_for_success_timeout_seconds
argument (#17732) - resource/aws_ssm_association: Add plan time validation to
association_name
,document_version
,schedule_expression
,output_location.s3_bucket_name
,output_location.s3_key_prefix
,targets.key
,targets.values
,automation_target_parameter_name
(#17732)
BUG FIXES:
- data_source/aws_vpc_ipam_pool: error if no pool found (#23195)
- provider: Support
ap-northeast-3
,ap-southeast-3
andus-iso-west-1
as valid AWS Regions (#23191) - provider: Use AWS HTTP client which allows IMDS authentication in container environments and custom RootCAs in ISO regions (#23191)
- resource/aws_appmesh_route: Handle zero
max_retries
(#23035) - resource/aws_elastic_transcoder_preset: Allow
video_codec_options
to be empty. (#13974) - resource/aws_rds_cluster: Fix crash when configured
engine_version
string is shorter than theEngineVersion
string returned from the AWS API (#23039) - resource/aws_s3_bucket_lifecycle_configuration: Correctly handle the
days
value of therule
transition
configuration block when set to0
(#23120) - resource/aws_s3_bucket_lifecycle_configuration: Fix extraneous diffs especially after import (#23144)
- resource/aws_sagemaker_endpoint_configuration: Emptiness check for arguments, Allow not passing
async_inference_config.kms_key_id
. (#22960) - resource/aws_vpn_connection: Add support for
ipsec.1-aes256
connection type (#23127)
BREAKING CHANGES:
- data-source/aws_connect_hours_of_operation: The hours_of_operation_arn attribute is renamed to arn (#22375)
- resource/aws_batch_compute_environment: No
compute_resources
configuration block can be specified whentype
isUNMANAGED
(#22805) - resource/aws_cloudwatch_event_target: The
ecs_target
launch_type
argument no longer has a default value (previously wasEC2
) (#22803) - resource/aws_cloudwatch_event_target:
ecs_target.0.launch_type
can no longer be set to""
; instead, remove or set tonull
(#22954) - resource/aws_connect_hours_of_operation: The hours_of_operation_arn attribute is renamed to arn (#22375)
- resource/aws_default_network_acl: These arguments can no longer be set to
""
:egress.*.cidr_block
,egress.*.ipv6_cidr_block
,ingress.*.cidr_block
, oringress.*.ipv6_cidr_block
(#22928) - resource/aws_default_route_table: These arguments can no longer be set to
""
:route.*.cidr_block
,route.*.ipv6_cidr_block
(#22931) - resource/aws_default_vpc:
ipv6_cidr_block
can no longer be set to""
; remove or set tonull
(#22948) - resource/aws_efs_mount_target:
ip_address
can no longer be set to""
; instead, remove or set tonull
(#22954) - resource/aws_elasticache_cluster: Either
engine
orreplication_group_id
must be specified (#20482) - resource/aws_elasticsearch_domain:
ebs_options.0.volume_type
can no longer be set to""
; instead, remove or set tonull
(#22954) - resource/aws_fsx_ontap_storage_virtual_machine: Remove deprecated
active_directory_configuration.0.self_managed_active_directory_configuration.0.organizational_unit_distinguidshed_name
, migrating value toactive_directory_configuration.0.self_managed_active_directory_configuration.0.organizational_unit_distinguished_name
(#22915) - resource/aws_instance:
private_ip
can no longer be set to""
; remove or set tonull
(#22948) - resource/aws_lb_target_group: For
protocol = "TCP"
,stickiness
can no longer be type set tolb_cookie
even whenenabled = false
; instead use typesource_ip
(#22996) - resource/aws_network_acl: These arguments can no longer be set to
""
:egress.*.cidr_block
,egress.*.ipv6_cidr_block
,ingress.*.cidr_block
, oringress.*.ipv6_cidr_block
(#22928) - resource/aws_route: Exactly one of these can be set:
destination_cidr_block
,destination_ipv6_cidr_block
,destination_prefix_list_id
. These arguments can no longer be set to""
:destination_cidr_block
,destination_ipv6_cidr_block
. (#22931) - resource/aws_route_table: These arguments can no longer be set to
""
:route.*.cidr_block
,route.*.ipv6_cidr_block
(#22931) - resource/aws_s3_bucket: The
acceleration_status
argument has been deprecated and is now read-only. Use theaws_s3_bucket_accelerate_configuration
resource instead. (#22610) - resource/aws_s3_bucket: The
acl
andgrant
arguments have been deprecated and are now read-only. Use theaws_s3_bucket_acl
resource instead. (#22537) - resource/aws_s3_bucket: The
cors_rule
argument has been deprecated and is now read-only. Use theaws_s3_bucket_cors_configuration
resource instead. (#22611) - resource/aws_s3_bucket: The
lifecycle_rule
argument has been deprecated and is now read-only. Use theaws_s3_bucket_lifecycle_configuration
resource instead. (#22581) - resource/aws_s3_bucket: The
logging
argument has been deprecated and is now read-only. Use theaws_s3_bucket_logging
resource instead. (#22599) - resource/aws_s3_bucket: The
object_lock_configuration
rule
argument has been deprecated and is now read-only. Use theaws_s3_bucket_object_lock_configuration
resource instead. (#22612) - resource/aws_s3_bucket: The
policy
argument has been deprecated and is now read-only. Use theaws_s3_bucket_policy
resource instead. (#22538) - resource/aws_s3_bucket: The
replication_configuration
argument has been deprecated and is now read-only. Use theaws_s3_bucket_replication_configuration
resource instead. (#22604) - resource/aws_s3_bucket: The
request_payer
argument has been deprecated and is now read-only. Use theaws_s3_bucket_request_payment_configuration
resource instead. (#22613) - resource/aws_s3_bucket: The
server_side_encryption_configuration
argument has been deprecated and is now read-only. Use theaws_s3_bucket_server_side_encryption_configuration
resource instead. (#22605) - resource/aws_s3_bucket: The
versioning
argument has been deprecated and is now read-only. Use theaws_s3_bucket_versioning
resource instead. (#22606) - resource/aws_s3_bucket: The
website
,website_domain
, andwebsite_endpoint
arguments have been deprecated and are now read-only. Use theaws_s3_bucket_website_configuration
resource instead. (#22614) - resource/aws_vpc:
ipv6_cidr_block
can no longer be set to""
; remove or set tonull
(#22948) - resource/aws_vpc_ipv6_cidr_block_association:
ipv6_cidr_block
can no longer be set to""
; remove or set tonull
(#22948)
NOTES:
- data-source/aws_cognito_user_pools: The type of the
ids
andarns
attributes has changed from Set to List. If no volumes match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_db_event_categories: The type of the
ids
attribute has changed from Set to List. If no event categories match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ebs_volumes: The type of the
ids
attribute has changed from Set to List. If no volumes match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_coip_pools: The type of the
pool_ids
attribute has changed from Set to List. If no COIP pools match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_local_gateway_route_tables: The type of the
ids
attribute has changed from Set to List. If no local gateway route tables match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_local_gateway_virtual_interface_groups: The type of the
ids
andlocal_gateway_virtual_interface_ids
attributes has changed from Set to List. If no local gateway virtual interface groups match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_local_gateways: The type of the
ids
attribute has changed from Set to List. If no local gateways match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_ec2_transit_gateway_route_tables: The type of the
ids
attribute has changed from Set to List. If no transit gateway route tables match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_efs_access_points: The type of the
ids
andarns
attributes has changed from Set to List. If no access points match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_elasticache_replication_group: The
number_cache_clusters
attribute has been deprecated. All configurations usingnumber_cache_clusters
should be updated to use thenum_cache_clusters
attribute instead (#22667) - data-source/aws_elasticache_replication_group: The
replication_group_description
attribute has been deprecated. All configurations usingreplication_group_description
should be updated to use thedescription
attribute instead (#22667) - data-source/aws_emr_release_labels: The type of the
ids
attribute has changed from Set to List. If no release labels match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_iam_policy_document: The
source_json
andoverride_json
attributes have been deprecated. Use thesource_policy_documents
andoverride_policy_documents
attributes respectively instead. (#22890) - data-source/aws_inspector_rules_packages: If no rules packages match the specified criteria an empty list is returned (previously an error was raised) (#21219)
- data-source/aws_instances: If no instances match the specified criteria an empty list is returned (previously an error was raised) (#5055)
- data-source/aws_ip_ranges: If no ranges match the specified criteria an empty list is returned (previously an error was raised) (#21219)
- data-source/aws_network_acls: The type of the
ids
attribute has changed from Set to List. If no NACLs match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_network_interfaces: The type of the
ids
attribute has changed from Set to List. If no network interfaces match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_route_tables: The type of the
ids
attribute has changed from Set to List. If no route tables match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_s3_bucket_object: The data source is deprecated; use
aws_s3_object
instead (#22877) - data-source/aws_s3_bucket_objects: The data source is deprecated; use
aws_s3_objects
instead (#22877) - data-source/aws_security_groups: If no security groups match the specified criteria an empty list is returned (previously an error was raised) (#21219)
- data-source/aws_ssoadmin_instances: The type of the
identity_store_ids
andarns
attributes has changed from Set to List. If no instances match the specified criteria an empty list is returned (previously an error was raised) (#21219) - data-source/aws_subnet_ids: The
aws_subnet_ids
data source has been deprecated and will be removed in a future version. Use theaws_subnets
data source instead (#22743) - data-source/aws_vpcs: The type of the
ids
attributes has changed from Set to List. If no VPCs match the specified criteria an empty list is returned (previously an error was raised) (#22253) - provider: The
assume_role.duration_seconds
argument has been deprecated. All configurations usingassume_role.duration_seconds
should be updated to use the newassume_role.duration
argument instead. (#23077) - resource/aws_acmpca_certificate_authority: The
status
attribute has been deprecated. Use theenabled
attribute instead. (#22878) - resource/aws_autoscaling_attachment: The
alb_target_group_arn
argument has been deprecated. All configurations usingalb_target_group_arn
should be updated to use the newlb_target_group_arn
argument instead (#22662) - resource/aws_autoscaling_group: The
tags
argument has been deprecated. All configurations usingtags
should be updated to use thetag
argument instead (#22663) - resource/aws_budgets_budget: The
cost_filters
attribute has been deprecated. Use thecost_filter
attribute instead. (#22888) - resource/aws_connect_hours_of_operation: Timeout support has been removed as it is not needed for this resource (#22375)
- resource/aws_customer_gateway:
ip_address
can no longer be set to""
(#22926) - resource/aws_db_instance The
name
argument has been deprecated. All configurations usingname
should be updated to use thedb_name
argument instead (#22668) - resource/aws_default_subnet: If no default subnet exists in the specified Availability Zone one is now created. The
force_destroy
destroy argument has been added (defaults tofalse
). Setting this argument totrue
deletes the default subnet onterraform destroy
(#22253) - resource/aws_default_vpc: If no default VPC exists in the current AWS Region one is now created. The
force_destroy
destroy argument has been added (defaults tofalse
). Setting this argument totrue
deletes the default VPC onterraform destroy
(#22253) - resource/aws_ec2_client_vpn_endpoint: The
status
attribute has been deprecated (#22887) - resource/aws_ec2_client_vpn_endpoint: The type of the
dns_servers
argument has changed from Set to List (#22889) - resource/aws_ec2_client_vpn_network_association: The
security_groups
argument has been deprecated. Use thesecurity_group_ids
argument of theaws_ec2_client_vpn_endpoint
resource instead (#22911) - resource/aws_ec2_client_vpn_network_association: The
status
attribute has been deprecated (#22887) - resource/aws_ec2_client_vpn_route: Add custom
timeouts
block (#22911) - resource/aws_ecs_cluster: The
capacity_providers
anddefault_capacity_provider_strategy
arguments have been deprecated. Use theaws_ecs_cluster_capacity_providers
resource instead. (#22783) - resource/aws_elasticache_replication_group: The
cluster_mode
argument has been deprecated. All configurations usingcluster_mode
should be updated to use the root-levelnum_node_groups
andreplicas_per_node_group
arguments instead (#22666) - resource/aws_elasticache_replication_group: The
number_cache_clusters
argument has been deprecated. All configurations usingnumber_cache_clusters
should be updated to use thenum_cache_clusters
argument instead (#22666) - resource/aws_elasticache_replication_group: The
replication_group_description
argument has been deprecated. All configurations usingreplication_group_description
should be updated to use thedescription
argument instead (#22666) - resource/aws_route: The
instance_id
argument has been deprecated. All configurations usinginstance_id
should be updated to use thenetwork_interface_id
argument instead (#22664) - resource/aws_route_table: The
instance_id
argument of theroute
configuration block has been deprecated. All configurations usingroute
instance_id
should be updated to use theroute
network_interface_id
argument instead (#22664) - resource/aws_s3_bucket_object: The resource is deprecated; use
aws_s3_object
instead (#22877)
FEATURES:
- New Data Source:
aws_cloudfront_realtime_log_config
(#22620) - New Data Source:
aws_ec2_client_vpn_endpoint
(#14218) - New Data Source:
aws_eips
(#7537) - New Data Source:
aws_s3_object
(#22850) - New Data Source:
aws_s3_objects
(#22850) - New Resource:
aws_cognito_user
(#19919) - New Resource:
aws_dataexchange_revision
(#22933) - New Resource:
aws_network_acl_association
(#18807) - New Resource:
aws_s3_bucket_accelerate_configuration
(#22617) - New Resource:
aws_s3_bucket_acl
(#22853) - New Resource:
aws_s3_bucket_cors_configuration
(#12141) - New Resource:
aws_s3_bucket_lifecycle_configuration
(#22579) - New Resource:
aws_s3_bucket_logging
(#22608) - New Resource:
aws_s3_bucket_object_lock_configuration
(#22644) - New Resource:
aws_s3_bucket_request_payment_configuration
(#22649) - New Resource:
aws_s3_bucket_server_side_encryption_configuration
(#22609) - New Resource:
aws_s3_bucket_versioning
(#5132) - New Resource:
aws_s3_bucket_website_configuration
(#22648) - New Resource:
aws_s3_object
(#22850)
ENHANCEMENTS:
- data-source/aws_ami: Add
boot_mode
attribute. (#22939) - data-source/aws_cloudwatch_log_group: Automatically trim
:*
suffix fromarn
attribute (#22043) - data-source/aws_ec2_client_vpn_endpoint: Add
security_group_ids
andvpc_id
attributes (#22911) - data-source/aws_elasticache_replication_group: Add
description
,num_cache_clusters
,num_node_groups
, andreplicas_per_node_group
attributes (#22667) - data-source/aws_imagebuilder_distribution_configuration: Add
container_distribution_configuration
attribute to thedistribution
configuration block (#22838) - data-source/aws_imagebuilder_distribution_configuration: Add
launch_template_configuration
attribute to thedistribution
configuration block (#22884) - data-source/aws_imagebuilder_image_recipe: Add
parameter
attribute to thecomponent
configuration block (#22856) - provider: Add
duration
argument to theassume_role
configuration block (#23077) - provider: Add
ec2_metadata_service_endpoint
,ec2_metadata_service_endpoint_mode
,use_dualstack_endpoint
,use_fips_endpoint
arguments (#22804) - provider: Add environment variables
TF_AWS_DYNAMODB_ENDPOINT
,TF_AWS_IAM_ENDPOINT
,TF_AWS_S3_ENDPOINT
, andTF_AWS_STS_ENDPOINT
. (#23052) - provider: Add support for
shared_config_file
parameter (#20587) - provider: Add support for
shared_credentials_files
parameter and deprecatesshared_credentials_file
(#23080) - provider: Adds
s3_use_path_style
parameter and deprecatess3_force_path_style
. (#23055) - provider: Changes
shared_config_file
parameter toshared_config_files
(#23080) - provider: Updates AWS authentication to use AWS SDK for Go v2 https://aws.github.io/aws-sdk-go-v2/docs/ (#20587)
- resource/aws_ami: Add
boot_mode
andebs_block_device.outpost_arn
arguments. (#22939) - resource/aws_ami_copy: Add
boot_mode
andebs_block_device.outpost_arn
attributes (#22972) - resource/aws_ami_from_instance: Add
boot_mode
andebs_block_device.outpost_arn
attributes (#22972) - resource/aws_api_gateway_domain_name: Add
ownership_verification_certificate_arn
argument. (#21076) - resource/aws_apigatewayv2_domain_name: Add
domain_name_configuration.ownership_verification_certificate_arn
argument. (#21076) - resource/aws_autoscaling_attachment: Add
lb_target_group_arn
argument (#22662) - resource/aws_cloudwatch_event_target: Add plan time validation for
input
,input_path
,run_command_targets.values
,http_target.header_parameters
,http_target.query_string_parameters
,redshift_target.database
,redshift_target.db_user
,redshift_target.secrets_manager_arn
,redshift_target.sql
,redshift_target.statement_name
,retry_policy.maximum_event_age_in_seconds
,retry_policy.maximum_retry_attempts
. (#22946) - resource/aws_db_instance: Add
db_name
argument (#22668) - resource/aws_ec2_client_vpn_authorization_rule: Configurable Create and Delete timeouts (#20688)
- resource/aws_ec2_client_vpn_endpoint: Add
client_connect_options
argument (#22793) - resource/aws_ec2_client_vpn_endpoint: Add
client_login_banner_options
argument (#22793) - resource/aws_ec2_client_vpn_endpoint: Add
security_group_ids
andvpc_id
arguments (#22911) - resource/aws_ec2_client_vpn_endpoint: Add
session_timeout_hours
argument (#22793) - resource/aws_ec2_client_vpn_endpoint: Add
vpn_port
argument (#22793) - resource/aws_ec2_client_vpn_network_association: Configurable Create and Delete timeouts (#20689)
- resource/aws_elasticache_replication_group: Add
description
argument (#22666) - resource/aws_elasticache_replication_group: Add
num_cache_clusters
argument (#22666) - resource/aws_elasticache_replication_group: Add
num_node_groups
andreplicas_per_node_group
arguments (#22666) - resource/aws_fsx_lustre_file_system: Add
log_configuration
argument. (#22935) - resource/aws_fsx_ontap_file_system: Reduce the minimum valid value of the
throughput_capacity
argument to128
(128 MB/s) (#22898) - resource/aws_glue_partition_index: Add support for custom timeouts. (#22941)
- resource/aws_imagebuilder_distribution_configuration: Add
launch_template_configuration
argument to thedistribution
configuration block (#22842) - resource/aws_imagebuilder_image_recipe: Add
parameter
argument to thecomponent
configuration block (#22837) - resource/aws_mq_broker:
auto_minor_version_upgrade
andhost_instance_type
can be changed without recreating broker (#20661) - resource/aws_s3_bucket_cors_configuration: Retry when
NoSuchCORSConfiguration
errors are returned from the AWS API (#22977) - resource/aws_s3_bucket_versioning: Add eventual consistency handling to help ensure bucket versioning is stabilized. (#21076)
- resource/aws_vpn_connection: Add the ability to revert changes to unconfigured tunnel options made outside of Terraform to their documented default values (#17031)
- resource/aws_vpn_connection: Mark
customer_gateway_configuration
asSensitive
(#15806) - resource/aws_wafv2_web_acl: Support
version
onmanaged_rule_group_statement
(#21732)
BUG FIXES:
- data-source/aws_vpc_peering_connections: Return empty array instead of error when no connections found. (#17382)
- resource/aws_cloudformation_stack: Retry resource Create and Update for IAM eventual consistency (#22840)
- resource/aws_cloudwatch_event_target: Preserve order of
http_target.path_parameter_values
. (#22946) - resource/aws_db_instance: Fix error with reboot of replica (#22178)
- resource/aws_ec2_client_vpn_authorization_rule: Don't raise an error when
InvalidClientVpnEndpointId.NotFound
is returned during refresh (#20688) - resource/aws_ec2_client_vpn_endpoint:
connection_log_options.cloudwatch_log_stream
argument is Computed, preventing spurious resource diffs (#22891) - resource/aws_ecs_capacity_provider: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_ecs_cluster: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_ecs_service: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_ecs_task_definition: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_ecs_task_set: Fix tagging error preventing use in ISO partitions (#23030)
- resource/aws_route_table_association: Handle nil 'AssociationState' in ISO regions (#22806)
- resource/aws_route_table_association: Retry resource Read for EC2 eventual consistency (#22927)
- resource/aws_vpc_ipam: Correct update of
description
(#22863) - resource/aws_waf_rule_group: Prevent panic when expanding the rule group's set of
activated_rule
(#22978) - resource/aws_wafregional_rule_group: Prevent panic when expanding the rule group's set of
activated_rule
(#22978)
BUG FIXES:
- resource/aws_backup_selection: Fix permanent diffs for
condition
andnot_resources
arguments causing resource recreation (#22882)
FEATURES:
- New Data Source:
aws_api_gateway_export
(#22731) - New Data Source:
aws_api_gateway_sdk
(#22731) - New Data Source:
aws_apigatewayv2_export
(#22732) - New Data Source:
aws_connect_contact_flow_module
(#22518) - New Data Source:
aws_connect_prompt
(#22636) - New Data Source:
aws_connect_quick_connect
(#22527) - New Data Source:
aws_datapipeline_pipeline
(#22597) - New Data Source:
aws_datapipeline_pipeline_definition
(#22597) - New Data Source:
aws_imagebuilder_components
(#21881) - New Data Source:
aws_imagebuilder_distribution_configurations
(#22733) - New Data Source:
aws_imagebuilder_infrastructure_configurations
(#22723) - New Resource:
aws_connect_queue
(#22566) - New Resource:
aws_connect_security_profile
(#22369) - New Resource:
aws_dataexchange_data_set
(#22697) - New Resource:
aws_datapipeline_pipeline_definition
(#22597) - New Resource:
aws_devicefarm_test_grid_project
(#22688) - New Resource:
aws_ecs_cluster_capacity_providers
(#22672) - New Resource:
aws_sagemaker_project
(#21534)
ENHANCEMENTS:
- resource/aws_api_gateway_stage: Add
web_acl_arn
attribute (#18561) - resource/aws_elasticache_replication_group: Add
user_group_ids
to associateaws_elasticache_user_group
withaws_elasticache_replication_group
(#20406) - resource/aws_imagebuilder_distribution_configuration: Add
container_distribution_configuration
argument (#22758) - resource/aws_iot_role_alias: Increase the maximum allowed value of the
credential_duration
argument to43200
(12 hours) (#22757) - resource/aws_network_interface: Add
private_ip_list
,private_ip_list_enabled
,ipv6_address_list
, andipv6_address_list_enabled
attributes (#17846) - resource/aws_s3_bucket_notification: Add
eventbridge
argument (#22045) - resource/aws_vpc_endpoint_subnet_association: Fix resource importing (#22796)
BUG FIXES:
- data-source/aws_ecr_repository: Further refine tag error handling in ISO partitions (#22780)
- data-source/aws_lb: Further refine tag error handling for ISO regions (#22717)
- data-source/aws_lb: Further refine tag error handling for ISO regions (#22717)
- data-source/aws_lb_listener: Further refine tag error handling for ISO regions (#22717)
- data-source/aws_lb_target_group: Further refine tag error handling for ISO regions (#22717)
- data-source/aws_sqs_queue: Further refine tag error handling in ISO partitions (#22780)
- data-source/aws_vpc: Suppress errors if main route table cannot be found (#22724)
- resource/aws_cloudfront_distribution: Increase the maximum valid
origin_keepalive_timeout
value to180
(#22632) - resource/aws_cloudwatch_composite_alarm: Further refine tag error handling for ISO regions (#22717)
- resource/aws_cloudwatch_event_bus: Further refine tag error handling for ISO regions (#22717)
- resource/aws_cloudwatch_event_rule: Further refine tag error handling for ISO regions (#22717)
- resource/aws_cloudwatch_metric_alarm: Further refine tag error handling for ISO regions (#22717)
- resource/aws_cloudwatch_metric_stream: Further refine tag error handling for ISO regions (#22717)
- resource/aws_ecr_repository: Further refine tag error handling in ISO partitions (#22780)
- resource/aws_ecs_capacity_provider: Further refine tag error handling in ISO partitions (#22780)
- resource/aws_ecs_cluster: Further refine tag error handling in ISO partitions (#22780)
- resource/aws_ecs_cluster: Provide new resource
aws_ecs_cluster_capacity_providers
to avoid bugs usingcapacity_providers
anddefault_capacity_provider_strategy
, which arguments will be deprecated in a future version (#22672) - resource/aws_ecs_service: Further refine tag error handling in ISO partitions (#22780)
- resource/aws_ecs_task_definition: Further refine tag error handling in ISO partitions (#22780)
- resource/aws_ecs_task_set: Further refine tag error handling in ISO partitions (#22780)
- resource/aws_instance: Prevent panic when reading the instance's block device mappings (#22719)
- resource/aws_internet_gateway: No longer give up before the attachment timeout (4m) is exceeded (previously it was giving up after 20 not found checks). (#22713)
- resource/aws_lambda_function: Prevent errors when attempting to configure code signing in the
ap-southeast-3
AWS Region (#22693) - resource/aws_lb: Further refine tag error handling for ISO regions (#22717)
- resource/aws_lb_listener: Further refine tag error handling for ISO regions (#22717)
- resource/aws_lb_listener_rule: Further refine tag error handling for ISO regions (#22717)
- resource/aws_lb_target_group: Further refine tag error handling for ISO regions (#22717)
- resource/aws_sns_topic: Further refine tag error handling in ISO partitions (#22780)
- resource/aws_sqs_queue: Further refine tag error handling in ISO partitions (#22780)
- resource/aws_vpc: Suppress errors if main route table, default NACL or default security group cannot be found (#22724)
- resource/aws_vpc_dhcp_options_association: Support
default
DHCP Options ID (#22722)
FEATURES:
- New Data Source:
aws_cloudfront_origin_access_identity
(#22572) - New Data Source:
aws_vpc_ipam_preview_next_cidr
(#22643) - New Resource:
aws_appsync_api_cache
(#22578) - New Resource:
aws_appsync_domain_name
(#22487) - New Resource:
aws_appsync_domain_name_api_association
(#22487) - New Resource:
aws_cloudsearch_domain
(#17723) - New Resource:
aws_cloudsearch_domain_service_access_policy
(#17723) - New Resource:
aws_detective_invitation_accepter
(#22163) - New Resource:
aws_detective_member
(#22163) - New Resource:
aws_fsx_data_repository_association
(#22291) - New Resource:
aws_lambda_invocation
(#19488)
ENHANCEMENTS:
- data-source/aws_cognito_user_pool_clients: Add
client_names
attribute (#22615) - data-source/aws_imagebuilder_image_recipe: Add
user_data_base64
attribute (#21763) - resource/aws_dynamodb_table: Add special case handling when switching
billing_mode
fromPAY_PER_REQUEST
toPROVISIONED
and provisioned throughput is ignored. (#22630) - resource/aws_fsx_lustre_file_system: Add
file_system_type_version
argument (#22291) - resource/aws_imagebuilder_image_recipe: Add
user_data_base64
argument (#21763) - resource/aws_opsworks_custom_layer: Add plan time validation for
ebs_volume.type
andcustom_json
. (#12433) - resource/aws_opsworks_custom_layer: Add support for
cloudwatch_configuration
(#12433) - resource/aws_security_group: Ensure that the Security Group is found 3 times in a row before declaring that it has been created (#22420)
BUG FIXES:
- resource/aws_apprunner_custom_domain_association: Add the status
binding_certificate
as a valid target when waiting for creation. (#20222) - resource/aws_cloudfront_distribution: Increase the maximum valid
origin_keepalive_timeout
value to180
(#22632) - resource/aws_ecr_lifecycle_policy: Fix diffs in
policy
when no changes are detected (#22665) - resource/aws_load_balancer_policy: Suppress
policy_attribute
differences (#21776)
FEATURES:
- New Data Source:
aws_cognito_user_pool_client
(#22477) - New Resource:
aws_cognito_identity_pool_provider_principal_tag
(#22514) - New Resource:
aws_connect_contact_flow_module
(#22349) - New Resource:
aws_connect_quick_connect
(#22250) - New Resource:
aws_devicefarm_instance_profile
(#22458) - New Resource:
aws_memorydb_snapshot
(#22486) - New Resource:
aws_shield_protection_health_check_association
(#21993)
ENHANCEMENTS:
- data-source/aws_cloudfront_distribution: Add
aliases
attribute (#22552) - data-source/aws_customer_gateway: Add
certificate_arn
attribute (#22435) - data-source/aws_ebs_snapshot: Add
storage_tier
andoutpost_arn
attributes. (#22342) - data-source/aws_ecr_repository: Allow some
tags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22535) - data-source/aws_eks_cluster: Add
ip_family
to thekubernetes_network_config
configuration block (#22485) - data-source/aws_elb_service_account: Add account ID for
ap-southeast-3
AWS Region (#22453) - data-source/aws_iam_role: Allow some
tags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22544) - data-source/aws_iam_user: Allow some
tags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22544) - data-source/aws_instance: Add the
instance_metadata_tags
attribute to themetadata_options
configuration block (#22463) - data-source/aws_launch_template: Add the
instance_metadata_tags
attribute to themetadata_options
configuration block (#22463) - data-source/aws_lb: Allow some
tags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22551) - data-source/aws_lb_listener: Allow some
tags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22551) - data-source/aws_lb_target_group: Allow some
tags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22551) - data-source/aws_sagemaker_prebuilt_ecr_image: Add account IDs for the BlazingText image in
af-south-1
andeu-south-1
AWS Regions (#22455) - data-source/aws_sagemaker_prebuilt_ecr_image: Add account IDs for the DeepAR Forecasting image in
af-south-1
andeu-south-1
AWS Regions (#22455) - data-source/aws_sagemaker_prebuilt_ecr_image: Add account IDs for the Factorization Machines image in
af-south-1
,ap-northeast-3
andeu-south-1
AWS Regions (#22455) - data-source/aws_sagemaker_prebuilt_ecr_image: Add account IDs for the Spark ML Serving image in
af-south-1
,ap-east-1
,cn-north-1
,cn-northwest-1
,eu-north-1
,eu-south-1
,eu-west-3
,me-south-1
andsa-east-1
AWS Regions (#22455) - data-source/aws_sagemaker_prebuilt_ecr_image: Add account IDs for the XGBoost image in
af-south-1
,ap-northeast-3
andeu-south-1
AWS Regions (#22455) - data-source/aws_sqs_queue: Allow some
tags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22516) - resource/aws_appsync_datasource: Add
authorization_config
attribute to thehttp_config
configuration block (#22411) - resource/aws_appsync_datasource: Add
delta_sync_config
andversioned
to thedynamodb_config
configuration block (#22411) - resource/aws_appsync_datasource: Add
relational_database_config
argument (#22411) - resource/aws_appsync_datasource: Add plan time validation for
service_role_arn
andlambda_config.function_arn
(#22411) - resource/aws_appsync_function: Add
max_batch_size
andsync_config
arguments. (#22484) - resource/aws_appsync_resolver: Add
max_batch_size
andsync_config
arguments. (#22510) - resource/aws_backup_selection: Add
condition
configuration block andnot_resources
argument in support of fine-grained backup plan resource assignment (#22074) - resource/aws_cloudwatch_composite_alarm: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22556) - resource/aws_cloudwatch_event_bus: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22550) - resource/aws_cloudwatch_event_rule: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22550) - resource/aws_cloudwatch_log_destination_policy: Add
force_update
argument. (#22460) - resource/aws_cloudwatch_log_destination_policy: Add plan time validation for
access_policy
. (#22460) - resource/aws_cloudwatch_metric_alarm: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22556) - resource/aws_cloudwatch_metric_stream: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22556) - resource/aws_connect_contact_flow: add delete function (#22303)
- resource/aws_customer_gateway: Add
certificate_arn
argument (#22435) - resource/aws_ebs_snapshot: Add
outpost_arn
,storage_tier
,permanent_restore
,temporary_restore_days
arguments (#22342) - resource/aws_ebs_snapshot_copy: Add
storage_tier
,permanent_restore
,temporary_restore_days
arguments (#22342) - resource/aws_ebs_snapshot_import: Add
storage_tier
,permanent_restore
,temporary_restore_days
arguments (#22342) - resource/aws_ecr_repository: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22535) - resource/aws_ecs_capacity_provider: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22529) - resource/aws_ecs_cluster: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22529) - resource/aws_ecs_service: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22529) - resource/aws_ecs_task_definition: Add
skip_destroy
argument to optionally prevent overwriting previous revision (#22269) - resource/aws_ecs_task_definition: Add plan time validation for
family
(#18610) - resource/aws_ecs_task_definition: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22529) - resource/aws_ecs_task_set: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22529) - resource/aws_eks_cluster: Add
ip_family
to thekubernetes_network_config
configuration block (#22485) - resource/aws_glue_crawler: add
delta_target
argument. (#22472) - resource/aws_iam_role: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22544) - resource/aws_iam_user: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22544) - resource/aws_instance: Add the
instance_metadata_tags
argument to themetadata_options
configuration block (#22463) - resource/aws_launch_template: Add the
instance_metadata_tags
argument to themetadata_options
configuration block (#22463) - resource/aws_lb: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22551) - resource/aws_lb_listener: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22551) - resource/aws_lb_listener_rule: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22551) - resource/aws_lb_target_group: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22551) - resource/aws_s3_bucket: Add additional protection against
object_lock_configuration
causing errors in partitions (e.g., ISO) where not supported (#22575) - resource/aws_sns_topic: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22511) - resource/aws_sqs_queue: Attempt
tags
-on-create, fallback to tag after create, and allow sometags
errors to be non-fatal to support non-standard AWS partitions (i.e., ISO) (#22516) - resource/aws_vpc: Add
ipv6_cidr_block_network_border_group
argument (#22211) - resource/aws_vpc_ipam_pool_cidr_allocation: Add
disallowed_cidrs
argument (#22470) - resource/aws_vpc_ipam_preview_next_cidr: Add
disallowed_cidrs
argument (#22501) - resource/aws_vpn_connection: Add
vgw_telemetry.certificate_arn
attribute (#19311) - resource/aws_vpn_connection:
customer_gateway_id
,transit_gateway_id
andvpn_gateway_id
can be updated without recreating the resource (#19311) - resource/aws_vpn_connection:
tunnel1_preshared_key
andtunnel2_preshared_key
can be updated without recreating the resource (#19311)
BUG FIXES:
- data-source/aws_vpc_ipam_pool: Return an error if more than 1 IPAM Pool matches (#22438)
- data-source/aws_vpc_ipam_pool: Set
address_family
,allocation_default_netmask_length
,allocation_max_netmask_length
,allocation_min_netmask_length
andtags
attributes (#22438) - resource/aws_cloudfront_distribution: Increase the maximum valid
origin_read_timeout
value to180
(#22461) - resource/aws_fsx_lustre_file_system: Add missing values to
per_unit_storage_throughput
validation (#22462) - resource/aws_fsx_openzfs_file_system: Change
root_volume_configuration.copy_tags_to_snapshots
to ForceNew (#22480) - resource/aws_fsx_openzfs_file_system: Fix crash with nil
root_volume_configuration.nfs_exports
value (#22480) - resource/aws_memorydb_cluster: Correctly propagate configurable timeouts to waiters. (#22489)
- resource/aws_route53_record: Fix import with underscores in names (#21556)
- resource/aws_sqs_queue: Don't timeout when a queue policy
Condition
value contains an empty array (#22547) - resource/aws_ssm_parameter: Mark
version
as Computed whenvalue
changes (#22522) - resource/aws_subnet: Protect against errors when
availability_zone_id
is not supported in a partition (e.g., ISO) (#22580) - resource/aws_subnet: Resource-based naming is not available in the
ap-southeast-3
region (#22531)
FEATURES:
- New Data Source:
aws_batch_scheduling_policy
(#22335) - New Data Source:
aws_cognito_user_pool_clients
(#22289) - New Data Source:
aws_cognito_user_pool_signing_certificate
(#22285) - New Data Source:
aws_mskconnect_custom_plugin
(#22333) - New Data Source:
aws_mskconnect_worker_configuration
(#22414) - New Data Source:
aws_organizations_resource_tags
(#22371) - New Data Source:
aws_ses_active_receipt_rule_set
(#22310) - New Data Source:
aws_ses_domain_identity
(#22321) - New Data Source:
aws_ses_email_identity
(#22321) - New Resource:
aws_batch_scheduling_policy
(#22262) - New Resource:
aws_cloud9_environment_membership
(#11857) - New Resource:
aws_codebuild_resource_policy
(#22196) - New Resource:
aws_datasync_location_fsx_lustre_file_system
(#22346) - New Resource:
aws_datasync_location_hdfs
(#22347) - New Resource:
aws_devicefarm_device_pool
(#21025) - New Resource:
aws_devicefarm_network_profile
(#22448) - New Resource:
aws_devicefarm_upload
(#22443) - New Resource:
aws_fsx_openzfs_file_system
(#22234) - New Resource:
aws_fsx_openzfs_snapshot
(#22234) - New Resource:
aws_fsx_openzfs_volume
(#22234) - New Resource:
aws_memorydb_cluster
(#22388) - New Resource:
aws_memorydb_parameter_group
(#22304) - New Resource:
aws_memorydb_subnet_group
(#22256) - New Resource:
aws_memorydb_user
(#22261) - New Resource:
aws_mskconnect_custom_plugin
(#22333) - New Resource:
aws_mskconnect_worker_configuration
(#22414) - New Resource:
aws_sagemaker_device
(#22427) - New Resource:
aws_vpc_endpoint_connection_accepter
(#19083) - New Resource:
aws_vpc_ipam_organization_admin_account
(#22394)
ENHANCEMENTS:
- data-source/aws_batch_job_queue: Add
scheduling_policy_arn
attribute (#22348) - data-source/aws_cloudtrail_service_account: Add service account ID for
ap-southeast-3
AWS Region (#22295) - data-source/aws_ecs_task_definition: Add
arn
attribute. (#21856) - data-source/aws_elb_hosted_zone_id: Add hosted zone ID for
ap-southeast-3
AWS Region (#22295) - data-source/aws_s3_bucket: Add hosted zone ID for
ap-southeast-3
AWS Region (#22295) - data-source/aws_ssm_parameters_by_path: Add
recursive
argument (#22222) - data-source/aws_subnet: Add
enable_dns64
,ipv6_native
,enable_resource_name_dns_aaaa_record_on_launch
,enable_resource_name_dns_a_record_on_launch
andprivate_dns_hostname_type_on_launch
attributes (#22339) - provider: Add validation for the
duration
,external_id
andsession_name
arguments in theassume_role
configuration block (#18085) - resource/aws_batch_job_queue: Add
scheduling_policy_arn
attribute (#22298) - resource/aws_cloud9_environment_ec2: Add plan time validations for
name
,automatic_stop_time_minutes
,description
. (#18560) - resource/aws_cloudfront_distribution: Add plan time validation to
ordered_cache_behavior.forwarded_values.cookies
,ordered_cache_behavior.lambda_function_association.event_type
,ordered_cache_behavior.lambda_function_association.lambda_arn
,ordered_cache_behavior.function_association.lambda_arn
,ordered_cache_behavior.function_association.event_type
,ordered_cache_behavior.viewer_protocol_policy
,comment
,default_cache_behavior.forwarded_values.cookies
,default_cache_behavior.lambda_function_association.event_type
,ordered_cache_behavior.lambda_function_association.lambda_arn
,default_cache_behavior.function_association.lambda_arn
,default_cache_behavior.function_association.event_type
,default_cache_behavior.viewer_protocol_policy
,origin.custom_origin_config.origin_keepalive_timeout
,origin.custom_origin_config.origin_read_timeout
,origin.custom_origin_config.origin_protocol_policy
,origin.custom_origin_config.origin_ssl_protocols
,price_class
,viewer_certificate.acm_certificate_arn
,viewer_certificate.minimum_protocol_version
,viewer_certificate.ssl_support_method
. (#21034) - resource/aws_codebuild_project: Add
artifacts.bucket_owner_access
,secondary_artifacts.bucket_owner_access
,logs_config.s3_logs.bucket_owner_access
,project_visibility
,resource_access_role
arguments. (#22189) - resource/aws_codebuild_project: Add
public_project_alias
attribute. (#22189) - resource/aws_codebuild_project: Add
secondary_source_version
argument (#22345) - resource/aws_codebuild_project: Add plan time validation for
cache.modes
andservice_role
. (#22189) - resource/aws_codepipeline: Add plan time validation to
name
,role_arn
,stage.name
,stage.action.name
,stage.action.name
,stage.action.run_order
,stage.action.namespace
,action.configuration
, andaction.version
(#18451) - resource/aws_codepipeline_webhook: Add
arn
attribute. (#22406) - resource/aws_codepipeline_webhook: Add plan time validation for
authentication_configuration.secret_token
,filter.json_path
,filter.match_equals
,name
. (#22406) - resource/aws_codepipeline_webhook: Allow updating
filter
in place. (#22406) - resource/aws_dax_cluster: Add
cluster_endpoint_encryption_type
argument (#22396) - resource/aws_dx_private_virtual_interface: Add
sitelink_enabled
argument (#22350) - resource/aws_dx_transit_virtual_interface: Add
sitelink_enabled
argument (#22350) - resource/aws_ecr_replication_configuration: Add
repository_filter
toreplication_configuration
block (#21231) - resource/aws_ecr_replication_configuration: Increase
MaxItems
forrule
to10
and fordestination
to25
(#22281) - resource/aws_elasticsearch_domain: Tag on create (#18082)
- resource/aws_glue_trigger: Add
start_on_creation
argument (#22439) - resource/aws_kinesis_firehose_delivery_stream: Add
error_output_prefix
argument toextended_s3_configuration
s3_backup_configuration
configuration block (#11229) - resource/aws_kinesis_firehose_delivery_stream: Add
error_output_prefix
argument toredshift_configuration
s3_backup_configuration
configuration block (#11229) - resource/aws_kinesis_firehose_delivery_stream: Add
error_output_prefix
argument tos3_configuration
configuration block (#11229) - resource/aws_networkfirewall_resource_policy: Handle delete-after-create eventual consistency (#22402)
- resource/aws_kinesis_stream: Improve reading kinesis stream state. (#15489)
- resource/aws_kinesis_stream_consumer: Improve reading kinesis stream state (#15489)
- resource/aws_s3_bucket: Add hosted zone ID for
ap-southeast-3
AWS Region (#22295) - resource/aws_s3_bucket_object: Support objects greater than 5GB in size by using the Amazon S3 upload manager (#21727)
- resource/aws_sagemaker_app: Add
lifecycle_config_arn
andsagemaker_image_version_arn
arguments toresource_spec
configuration block (#21508) - resource/aws_sagemaker_domain: Add
lifecycle_config_arn
andsagemaker_image_version_arn
arguments todefault_resource_spec
configuration block (#21508) - resource/aws_sagemaker_user_profile: Add
lifecycle_config_arn
andsagemaker_image_version_arn
arguments todefault_resource_spec
configuration block (#21508) - resource/aws_subnet: Add
enable_dns64
,ipv6_native
,enable_resource_name_dns_aaaa_record_on_launch
,enable_resource_name_dns_a_record_on_launch
andprivate_dns_hostname_type_on_launch
arguments (#22339) - resource/aws_timestreamwrite_table: Add
magnetic_store_write_properties
argument. (#22363)
BUG FIXES:
- resource/aws_appstream_fleet: Correctly create resource with
stream_view
argument (#22395) - resource/aws_codebuild_project: Fix plan validation to take into account computed values for
cache.location
(#21458) - resource/aws_dynamodb_table: Remove extraneous
kms_key_arn
attribute from thettl
configuration block (#21334) - resource/aws_ec2_traffic_mirror_filter_rule: Prevent crash during resource read (#22315)
- resource/aws_launch_template: Correctly set
default_version
andlatest_version
as Computed whenname
,name_prefix
ordescription
change (#22277) - resource/aws_networkfirewall_rule_group: Allow any character in
ip_set
definition
as per the AWS API docs (#22284) - resource/aws_ses_event_destination: Allow
.
and@
characters incloudwatch_destination.default_value
argument (#22359) - resource/aws_ssoadmin_managed_policy_attachment: Fix missing call to
ProvisionPermissionSet
after detaching the managed policy (#21773) - resource/aws_vpc_ipam_pool_cidr_allocation: update
cidr
andnetmask_length
attributes netmask to a minimum of 0 and maximum of 32 (#22418)
NOTES:
- resource/aws_fsx_ontap_storage_virtual_machine: The
active_directory_configuration.self_managed_active_directory_configuration.organizational_unit_distinguidshed_name
attribute has been deprecated. All configurations usingactive_directory_configuration.self_managed_active_directory_configuration.organizational_unit_distinguidshed_name
should be updated to use the newactive_directory_configuration.self_managed_active_directory_configuration.organizational_unit_distinguished_name
attribute instead (#22246)
FEATURES:
- New Data Source:
aws_connect_bot_association
(#21097) - New Data Source:
aws_connect_hours_of_operation
(#22207) - New Data Source:
aws_connect_lambda_function_association
(#21276) - New Resource:
aws_connect_bot_association
(#21097) - New Resource:
aws_connect_hours_of_operation
(#21934) - New Resource:
aws_connect_lambda_function_association
(#21276) - New Resource:
aws_ecr_pull_through_cache_rule
(#22172) - New Resource:
aws_ecr_registry_scanning_configuration
(#22179) - New Resource:
aws_ecrpublic_repository_policy
(#16901)
ENHANCEMENTS:
- data-source/aws_sagemaker_prebuilt_ecr_image: Add Hugging Face DLCs (#21983)
- resource/aws_appsync_graphql_api: Add
lambda_authorizer_config
argument (#20857) - resource/aws_dynamodb_table: Allows restoring to point-in-time (#19292)
- resource/aws_fsx_backup: Add
volume_id
argument to support Amazon FSx for NetApp ONTAP backup (#21960) - resource/aws_networkfirewall_firewall_policy: Add
stateful_default_actions
andstateful_engine_options
configuration blocks. Addpriority
attribute tostateful_rule_group_reference
block (#21955) - resource/aws_networkfirewall_firewall_rule_group: Add
stateful_rule_options
configuration block (#21955) - resource/aws_route: Extend creation timeout to 5 minutes (#21531)
- resource/aws_route_table: Extend creation timeout to 5 minutes (#21531)
- resource/iam_service_linked_role: Add
tags
argument (#22185)
BUG FIXES:
- data-source/aws_s3_bucket: Correct Route 53 hosted zone ID for S3 websites in the
eu-south-1
,af-south-1
andus-gov-east-1
AWS Regions (#22227) - resource/aws_cloudwatch_event_bus_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22165) - resource/aws_ecr_lifecycle_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22142) - resource/aws_elasticsearch_domain: Fix erroneous diffs in
access_policies
when no changes made or policies are equivalent (#22157) - resource/aws_elasticsearch_domain: Fix erroneous diffs in
advanced_options
due to AWS defaults being returned (#22157) - resource/aws_elasticsearch_domain_policy: Fix erroneous diffs in
access_policies
when no changes made or policies are equivalent (#22157) - resource/aws_emr_cluster: Wait for the cluster to reach a terminated state on deletion (#12578)
- resource/aws_glacier_vault: Fix erroneous diffs in
access_policy
when no changes made or policies are equivalent (#22166) - resource/aws_glacier_vault_lock: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22166) - resource/aws_glue_resource_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22167) - resource/aws_iam_role: Fix eventual consistency problem with
arn
sometimes being a unique ID instead of the role ARN (#22217) - resource/aws_iot_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22169) - resource/aws_media_store_container_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22170) - resource/aws_networkfirewall_resource_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22171) - resource/aws_s3_access_point: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22255) - resource/aws_s3_bucket: Correct Route 53 hosted zone ID for S3 websites in the
eu-south-1
,af-south-1
andus-gov-east-1
AWS Regions (#22227) - resource/aws_s3_bucket: Ensure
versioning
is set correctly when nested values are explicitly set tofalse
. (#22221) - resource/aws_s3control_access_point_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22255) - resource/aws_s3control_bucket_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22255) - resource/aws_s3control_multi_region_access_point_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22255) - resource/aws_s3control_object_lambda_access_point_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22255) - resource/aws_sagemaker_model_package_group_policy: Fix erroneous diffs in
resource_policy
when no changes made or policies are equivalent (#22259) - resource/aws_secretsmanager_secret: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22217) - resource/aws_secretsmanager_secret_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22217) - resource/aws_ses_identity_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22214) - resource/aws_sns_topic: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22213) - resource/aws_sns_topic_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22213) - resource/aws_sqs_queue: Fix "error reading, empty result" and various eventual consistency errors (#22194)
- resource/aws_sqs_queue: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22194) - resource/aws_sqs_queue_policy: Fix "error reading, empty result" and various eventual consistency errors (#22194)
- resource/aws_sqs_queue_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22194) - resource/aws_ssoadmin_permission_set_inline_policy: Fix erroneous diffs in
inline_policy
when no changes made or policies are equivalent (#22192) - resource/aws_transfer_access: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22193) - resource/aws_transfer_user: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22193)
FEATURES:
- New Resource:
aws_codecommit_approval_rule_template_association
(#13467) - New Resource:
aws_detective_graph
(#22042) - New Resource:
aws_ec2_subnet_cidr_reservation
(#22051) - New Resource:
aws_ecs_task_set
(#22096) - New Resource:
aws_emr_studio
(#21855) - New Resource:
aws_emr_studio_session_mapping
(#22140)
ENHANCEMENTS:
- data-source/aws_dynamodb_table: Add
table_class
attribute (#22110) - resource/aws_backup_region_settings: Add
resource_type_management_preference
argument (#22021) - resource/aws_cloudtrail: Add plan time validations for
cloud_watch_logs_group_arn
,cloud_watch_logs_role_arn
,name
,s3_key_prefix
. (#21882) - resource/aws_dynamodb_table: Add
table_class
argument (#22110) - resource/aws_ecs_task_definition: Add
runtime_platform
argument in support of Fargate for ECS Windows containers (#22016) - resource/aws_elasticache_replication_group: Add
data_tiering_enabled
argument (#22066) - resource/aws_elasticsearch_domain: Add
auto_tune_options
configuration block (#21652) - resource/aws_kinesis_stream: Add
stream_mode_details
argument in support of Kinesis Data Streams On-Demand (#22002) - resource/aws_lambda_event_source_mapping: Add
filter_criteria
argument (#21937) - resource/aws_sqs_queue: Add
sqs_managed_sse_enabled
argument (#21954) - resource/aws_transfer_server: Add
function
argument in support of custom identity providers (#22039)
BUG FIXES:
- data-source/aws_ecs_cluster: Ensure that
setting
attribute is set consistently (#22119) - resource/aws_api_gateway_rest_api: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22115) - resource/aws_api_gateway_rest_api_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22115) - resource/aws_appstream_image_builder: Correctly create resource with
image_arn
argument (#22077) - resource/aws_backup_vault_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22130) - resource/aws_cloudwatch_log_resource_policy: Fix erroneous diffs in
policy_document
when no changes made or policies are equivalent (#22135) - resource/aws_codeartifact_domain_permissions_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22136) - resource/aws_codeartifact_repository_permissions_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22136) - resource/aws_ecr_registry_policy: Fix order-related diffs in
policy
(#22004) - resource/aws_ecr_repository_policy: Fix order-related diffs in
policy
(#22004) - resource/aws_efs_file_system_policy: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22100) - resource/aws_iam_group_policy: Fix order-related diffs in
policy
(#22067) - resource/aws_iam_policy: Fix order-related diffs in
policy
(#22067) - resource/aws_iam_role: Fix order-related diffs in
policy
(#22099) - resource/aws_iam_role: Prevent
arn
attribute from ever containing a unique ID immediately after role creation (#22004) - resource/aws_iam_role_policy: Fix order-related diffs in
policy
(#22067) - resource/aws_iam_user_policy: Fix order-related diffs in
policy
(#22067) - resource/aws_lb: Correctly configure
enable_waf_fail_open
during resource creation (#22072) - resource/aws_redshift_cluster: Adds retries to enabling and disabling the redshift cluster's logging (#22080)
- resource/aws_s3_bucket_replication_configuration: Fix
MalformedXML
errors for replication rules using XML schema V1 (#22026) - resource/aws_vpc_endpoint: Fix erroneous diffs in
policy
when no changes made or policies are equivalent (#22137)
FEATURES:
- New Data Source:
aws_codecommit_approval_rule_template
(#11487) - New Data Source:
aws_vpc_pool_data_source
(#21998) - New Resource:
aws_codecommit_approval_rule_template
(#11487) - New Resource:
aws_vpc_ipam
(#21998) - New Resource:
aws_vpc_ipam_pool
(#21998) - New Resource:
aws_vpc_ipam_scope
(#21998) - New Resource:
aws_vpc_ipam_pool_cidr
(#21998) - New Resource:
aws_vpc_ipam_pool_cidr_allocation
(#21998) - New Resource:
aws_vpc_ipv6_cidr_block_association
(#21998)
ENHANCEMENTS:
- data-source/aws_autoscaling_groups: Add support for tag filters (#21966)
- resource/aws_account_alternate_contact: Add
account_id
argument (#21888) - resource/aws_lb_target_group: Add support for
connection_termination
argument for NLBs (#21130) - resource/aws_synthetics_canary: Add
artifact_config
argument. (#21963) - resource/aws_synthetics_canary: Make
artifact_s3_location
updateable. (#21963) - resource/aws_vpc:
cidr_block
value can now either be set explicitly or computed computed via AWS IPAM (#21998) - resource/aws_vpc_ipv4_cidr_block_association:
cidr_block
value can now either be set explicitly or computed via AWS IPAM (#21998)
BUG FIXES:
- data-source/aws_cloudfront_distribution: Correct
hosted_zone_id
for AWS China regions (#21943) - resource/aws_cloudfront_distribution: Correct
hosted_zone_id
for AWS China regions (#21943) - resource/aws_kms_external_key: Fix order-related diffs in
policy
(#21990) - resource/aws_kms_key: Fix order-related diffs in
policy
(#21969) - resource/aws_kms_replica_external_key: Fix order-related diffs in
policy
(#21990) - resource/aws_kms_replica_key: Fix order-related diffs in
policy
(#21990) - resource/aws_s3_bucket: Fix order-related diffs in
policy
(#21997) - resource/aws_s3_bucket_policy: Fix order-related diffs in
policy
(#21997) - resource/aws_s3_bucket_replication_configuration: Mark
event_threshold
indestination
metrics
configuration block asOptional
(#21901)
FEATURES:
- New Data Source:
aws_ec2_instance_types
(#21850) - New Data Source:
aws_imagebuilder_image_recipes
(#21814) - New Resource:
aws_account_alternate_contact
(#21789) - New Resource:
aws_appstream_stack_fleet_association
(#21484) - New Resource:
aws_appstream_stack_user_association
(#21485) - New Resource:
aws_appstream_user
(#21485) - New Resource:
aws_fsx_ontap_storage_virtual_machine
(#21780) - New Resource:
aws_fsx_ontap_volume
(#21889)
ENHANCEMENTS:
- data source/aws_lambda_function: Add
image_uri
attribute (#21015) - data-source/aws_elb: Add
desync_mitigation_mode
attribute (#14764) - data-source/aws_lb: Add
desync_mitigation_mode
attribute (#14764) - data-source/aws_lb: Add
enable_waf_fail_open
attribute (#16393) - resource/aws_athena_workgroup: Add
engine_version
argument (#17733) - resource/aws_cloudtrail: Add
exclude_management_event_sources
argument (#17203) - resource/aws_dlm_lifecycle_policy: Add
cross_region_copy_rule
argument in theschedule
configuration block (#12868) - resource/aws_ec2_fleet: Support in-place update of Launch Template config (#15387)
- resource/aws_ecs_service: Allow
capacity_provider_strategy
changes to be updated in place, when possible (#20707) - resource/aws_elasticache_replication_group: Allow
auth_token
argument to be rotated without destroy and create (#16203) - resource/aws_elb: Add
desync_mitigation_mode
argument (#14764) - resource/aws_lb: Add
desync_mitigation_mode
argument (#14764) - resource/aws_lb: Add
enable_waf_fail_open
argument (#16393) - resource/aws_lb: Update
name
andname_prefix
plan-time validation to exclude"internal-"
(#10693) - resource/aws_ssm_association: Add
s3_region
argument tooutput_location
configuration block (#21803)
BUG FIXES:
- data-source/aws_iam_policy_document: No longer show changes when there's a single condition (#19533)
- resource/aws_apprunner_service: Make instance_role_arn optional (#20149)
- resource/aws_autoscaling_group: Prevent infinite wait for capacity when increasing
min_size
and not specifyingdesired_capacity
(#12018) - resource/aws_ecs_service: Mark
enable_ecs_managed_tags
asForceNew
(#7983) - resource/aws_imagebuilder_image_recipe: Enabled updates without failures due to
aws_imagebuilder_image_pipeline
dependencies. (#21884) - resource/aws_rds_cluster_instance: Fix error from unexpected state
storage-optimization
(#21900) - resource/aws_s3_bucket: Prevent
OperationAborted
conflict errors when simultaneously applyingaws_s3_bucket_policy
,aws_s3_bucket_public_access_block
changes (#12949) - resource/aws_s3_bucket_policy: Prevent
OperationAborted
conflict errors when simultaneously applyingaws_s3_bucket
,aws_s3_bucket_public_access_block
changes (#12949) - resource/aws_s3_bucket_public_access_block: Prevent
OperationAborted
conflict errors when simultaneously applyingaws_s3_bucket_policy
,aws_s3_bucket
changes (#12949)
FEATURES:
- New Data Source:
aws_emr_release_labels
(#21767) - New Resource:
aws_appstream_directory_config
(#21505) - New Resource:
aws_iot_thing_group
(#21799) - New Resource:
aws_iot_thing_group_membership
(#21799) - New Resource:
aws_lambda_layer_version_permission
(#11941) - New Resource:
aws_s3_bucket_replication_configuration
(#20777) - New Resource:
aws_s3control_access_point_policy
(#19294) - New Resource:
aws_s3control_multi_region_access_point
(#21060) - New Resource:
aws_s3control_multi_region_access_point_policy
(#21060) - New Resource:
aws_s3control_object_lambda_access_point
(#19294) - New Resource:
aws_s3control_object_lambda_access_point_policy
(#19294) - New Resource:
aws_securityhub_finding_aggregator
(#21560)
ENHANCEMENTS:
- aws_s3_access_point: Add
alias
attribute (#19294) - aws_s3_access_point: Add
endpoints
attribute (#19294) - data-source/aws_ec2_instance_type: Add
encryption_in_transit_supported
attribute (#21837) - resource/aws_emr_cluster: Add
auto_termination_policy
argument (#21702) - resource/aws_iot_thing_type: Add
tags
argument andtags_all
attribute to support resource tagging (#21769) - resource/aws_kinesis_firehose_delivery_stream: Add
dynamic_partitioning_configuration
configuration block (#20769) - resource/aws_lambda_layer_version: Add
skip_destroy
argument (#11997) - resource/aws_neptune_cluster: Support in-place update of
engine_version
(#21760) - resource/aws_route53_resolver_dnssec_config: Increase resource creation and deletion timeouts to 10 minutes (#21797)
- resource/aws_sagemaker_endpoint: Add
deployment_config
argument (#21765)
BUG FIXES:
- aws_s3_access_point:
vpc_configuration.vpc_id
is ForceNew (#19294) - data-source/aws_cloudfront_response_headers_policy: Correctly set
custom_headers_config
attribute (#21838) - resource/aws_autoscaling_group: Fix pending state in instance refresh (#21777)
- resource/aws_cloudfront_cache_policy: Fix 0 values for
default_ttl
,max_ttl
andmin_ttl
arguments (#21793) - resource/aws_internet_gateway: Allow
available
as a pending state during gateway detach (#21794) - resource/aws_lambda_layer_version: Increase MaxItems for compatible_runtimes field to 15. (#21825)
- resource/aws_route: On route creation with high custom creation timeout configured, the aws_route resource does no longer give up before the create timeout is exceeded (previously it was giving up after 20 not found checks). (#21831)
- resource/aws_security_group: Fix lack of pagination when describing security groups (#21743)
FEATURES:
- New Data Source:
aws_key_pair
(#15829) - New Resource:
aws_cloudfront_field_level_encryption_config
(#15033) - New Resource:
aws_cloudfront_field_level_encryption_profile
(#12509) - New Resource:
aws_docdb_global_cluster
(#20978) - New Resource:
aws_s3_bucket_intelligent_tiering_configuration
(#20329)
ENHANCEMENTS:
- resource/aws_batch_job_queue: Remove limit of 3 items from the
compute_environments
argument (#21737) - resource/aws_cloudfront_function: Add
live_etag_version
attribute (#19697) - resource/aws_datasync_s3_location: Add validation to
agent_arns
,s3_bucket_arn
ands3_config.bucket_access_role_arn
arguments (#21661) - resource/aws_docdb_cluster: Add
global_cluster_identifier
argument (#20978) - resource/aws_ebs_encryption_by_default: Add import support (#21717)
BUG FIXES:
- data-source/aws_network_interface: Correctly set
attachment
attribute (#21542) - data-source/aws_route: Fix lack of pagination when describing route tables (#21710)
- resource/aws_cloudfront_cache_policy: Fix assorted crashes (#12509)
- resource/aws_cloudfront_cache_policy: The
parameters_in_cache_key_and_forwarded_to_origin
argument is required (#12509) - resource/aws_cloudfront_function: The
etag
attribute always theDEVELOPMENT
version's value (#19697) - resource/aws_cloudfront_origin_request_policy: Fix assorted crashes (#12509)
- resource/aws_default_route_table: Fix lack of pagination when describing route tables (#21710)
- resource/aws_eks_node_group: Respect order of configured
instance_types
(#21404) - resource/aws_elasticsearch_domain: Fix tagging on creation (#21738)
- resource/aws_internet_gateway: Retry resource read after creation to deal with EC2 API eventual consistency (#21542)
- resource/aws_route_table: Fix lack of pagination when describing route tables (#21710)
- resource/aws_route_table_association: Fix lack of pagination when describing route tables (#21710)
- resource/aws_security_group_rule: Fix resource import for rules with
icmp
oricmpv6
protocol (#21163) - resource/aws_servicecatalog_provisioned_product: Allow empty values in provisioning parameters (#21669)
BUG FIXES:
- provider: Additional fixes to allow setting endpoints with non-standard, legacy keys. (#21657)
BUG FIXES:
- provider: Fix bug preventing custom endpoints from being set (#21639)
- provider: Fix bug preventing proper assignment of custom endpoints (#21641)
FEATURES:
- New Data Source:
aws_cloudfront_response_headers_policy
(#21620) - New Data Source:
aws_iam_user_ssh_key
(#21335) - New Resource:
aws_backup_vault_lock_configuration
(#21315) - New Resource:
aws_cloudfront_response_headers_policy
(#21620) - New Resource:
aws_kms_replica_external_key
(#20533) - New Resource:
aws_kms_replica_key
(#20533) - New Resource:
aws_prometheus_alert_manager_definition
(#21431) - New Resource:
aws_prometheus_rule_group_namespace
(#21470)
ENHANCEMENTS:
- data-source/aws_kms_key: Add
multi_region
andmulti_region_configuration
attributes (#20533) - data-source/aws_launch_template: Add
network_card_index
attribute tonetwork_interfaces
configuration block (#21555) - data-source/aws_network_interface: Add
arn
attribute (#21265) - data-source/aws_s3_bucket: Return
hosted_zone_id
attribute forcn-northwest-1
(Ningxia) region (#21337) - resource/aws_apigateway_usage_plan : Add
throttle
argument forapi_stages
block. (#21461) - resource/aws_batch_compute_environment: Add
ec2_configuration
argument tocompute_resources
configuration block (#21565) - resource/aws_cloudfront_distribution: Add
response_headers_policy_id
argument todefault_cache_behavior
configuration block (#21620) - resource/aws_cloudfront_distribution: Add
response_headers_policy_id
argument toordered_cache_behavior
configuration block (#21620) - resource/aws_dms_endpoint: Add
include_transaction_details
,include_partition_value
,partition_include_schema_table
,include_table_alter_operations
,include_control_details
andinclude_null_and_empty
arguments tokinesis_settings
configuration block (#20084) - resource/aws_eks_node_group: Support for
BOTTLEROCKET_ARM_64
andBOTTLEROCKET_x86_64
ami_type
argument values (#21616) - resource/aws_glue_crawler: Add
dlq_event_queue_arn
andevent_queue_arn
arguments to thes3_target
configuration block (#21467) - resource/aws_glue_data_catalog_encryption_settings: Disable encryption on resource deletion (#21452)
- resource/aws_kinesisanalyticsv2_application:
runtime_environment
now supportsFLINK-1_13
(#21341) - resource/aws_kms_external_key: Add
multi_region
argument (#20533) - resource/aws_kms_key: Add
multi_region
argument (#20533) - resource/aws_launch_template: Add
network_card_index
argument tonetwork_interfaces
configuration block (#21555) - resource/aws_network_interface: Add
arn
andowner_id
attributes (#21265) - resource/aws_network_interface: Add
ipv4_prefix
,ipv4_prefix_count
,ipv6_prefix
andipv6_prefix_count
arguments (#21265) - resource/aws_route53_key_signing_key: Deactivate key-signing key with
ACTION_NEEDED
status before deletion (#21369) - resource/aws_s3_bucket: Add
metrics
andreplication_time
arguments toreplication_configuration.rules
configuration block to support Amazon S3 Replication Time Control (#21176) - resource/aws_s3_bucket: Return
hosted_zone_id
attribute forcn-northwest-1
(Ningxia) region (#21337) - resource/aws_storage_gateway_nfs_file_share: Add
audit_destination_arn
argument. (#21482)
BUG FIXES:
- aws/resource_aws_lex_slot_type: Correctly determine
version
attribute (#21509) - resource/aws_cloudwatch_metric_alarm: Fix imported 'treat_missing_data' diff (#21363)
- resource/aws_codedeploy_deployment_group: Correctly update
deployment_group_name
argument (#21362) - resource/aws_db_event_subscription: Fix adding new
event_categories
to existing resource (#21338) - resource/aws_flow_log: parameters of destination_options block now properly force resource rebuild (#21434)
- resource/aws_kinesisanalyticsv2_application: Correctly update
run_configuration
argument (#21303) - resource/aws_placement_group:
partition_count
argument is Computed, preventing spurious resource diffs (#21555)
FEATURES:
- New Resource:
aws_chime_voice_connector_termination_credentials
(#21162) - New Resource:
aws_glue_partition_index
(#21234) - New Resource:
aws_sagemaker_model_package_group_policy
(#21250)
ENHANCEMENTS:
- data-source/aws_instance: Add
placement_partition_number
attribute (#7777) - data-source/glue_connection: Add tagging support. (#21226)
- resource/aws_flow_log: Add
destination_options
argument to support Apache Parquet, Hive-compatible prefixes and hourly partitioned files (#21285) - resource/aws_glue_resource_policy: Add
enable_hybrid
argument. (#21239) - resource/aws_instance: Add
placement_partition_number
argument (#7777) - resource/aws_placement_group: Add
partition_count
argument (#15360) - resource/aws_rds_cluster: Add
db_instance_parameter_group_name
attribute to allow major version upgrade using custom parameter groups (#17111) - resource/aws_rds_cluster: Add
enable_global_write_forwarding
attribute (#17111) - resource/glue_connection: Add tagging support. (#21226)
- resource/rds_cluster_instance: Add
performance_insights_retention_period
attribute (#17111)
BUG FIXES:
- resource/aws_glue_catalog_table: change
partition_index.keys
to list instead of set (#21234) - resource/aws_imagebuilder_distribution_configuration: remove hard limit on distribution target accounts (#21254)
- resource/aws_rds_cluster: Add possible pending states for cluster update (#17111)
- resource/aws_rds_cluster_instance: Remove force new resource on the
engine_version
parameter to allow upgrade without remove instances (#17111) - resource/glue_catalog_table: Ignore not exists errors on delete (#21227)
FEATURES:
- New Resource:
aws_dx_connection_confirmation
(#16489) - New Resource:
aws_dx_hosted_connection
(#16489)
ENHANCEMENTS:
- resource/aws_cloudformation_stack_set_instance: Add
deployment_targets
organizational_unit_ids
argument (#21193) - resource/aws_db_instance: Add
replica_mode
argument (#17991) - resource/aws_default_route_table: Add custom
timeouts
block (#21161) - resource/aws_dms_endpoint: Add
message_format
,include_transaction_details
,include_partition_value
,partition_include_schema_table
,include_table_alter_operations
,include_control_details
,message_max_bytes
,include_null_and_empty
,security_protocol
,ssl_client_certificate_arn
,ssl_client_key_arn
,ssl_client_key_password
,ssl_ca_certificate_arn
,sasl_username
,sasl_password
andno_hex_prefix
arguments tokafka_settings
configuration block (#20904) - resource/aws_dms_endpoint: Add plan time validation for
mongodb_settings.auth_type
,mongodb_settings.auth_mechanism
,mongodb_settings.nesting_level
ands3_settings.compression_type
arguments (#21174) - resource/aws_dms_endpoint: Added missing
engine_name
values for sources and/or targets (#21174) - resource/aws_dms_replication_task: Add
cdc_start_position
argument (#21201) - resource/aws_dx_lag: Add
connection_id
argument (#16489) - resource/aws_emr_cluster: Add
log_encryption_kms_key_id
argument (#17706) - resource/aws_lex_bot: Added waiter support to account for
BUILDING
status (#21122) - resource/aws_route_table: Add custom
timeouts
block (#21161) - resource/aws_volume_attachment: Add
stop_instance_before_detaching
argument (#21144) - resource/aws_vpn_gateway_route_propagation: Add custom
timeouts
block (#21161)
BUG FIXES:
- aws/resource_aws_lex_bot: Correctly determine
version
attribute (#20383) - aws/resource_aws_lex_intent: Correctly determine
version
attribute (#20383) - resource/aws_appstream_fleet: More error validation in waiter (#21125)
- resource/aws_appstream_stack: More error validation in waiter (#21125)
- resource/aws_autoscalingplans_scaling_plan: Fix updates to
scaling_instruction
argument (#17987) - resource/aws_elasticache_replication_group: Properly updates tags on Replication Group member clusters when scaling up (#21185)
- resource/aws_elasticache_replication_group: Properly updates tags on the Replication Group in addition to the member clusters (#21185)
- resource/aws_lb_target_group: Handle attributes at creation:
deregistration_delay
,load_balancing_algorithm_type
,preserve_client_ip
,proxy_protocol_v2
,slow_start
,stickiness
, andlambda_multi_value_headers_enabled
(#21187) - resource/aws_route: Use custom
timeouts
values (#21161) - resource/aws_ses_configuration_set: Fix ARN (#21188)
FEATURES:
- New Data Source:
aws_cloudcontrolapi_resource
(#21110) - New Data Source:
aws_db_proxy
(#21053) - New Data Source:
aws_ec2_host
(#10817) - New Data Source:
aws_kinesis_firehose_delivery_stream
(#18445) - New Data Source:
aws_ssm_parameters_by_path
(#9615) - New Resource:
aws_appstream_image_builder
(#21036) - New Resource:
aws_cloudcontrolapi_resource
(#21110) - New Resource:
aws_ec2_host
(#10817) - New Resource:
aws_iot_authorizer
(#14671) - New Resource:
aws_quicksight_data_source
(#20710) - New Resource:
aws_redshift_scheduled_action
(#13474) - New Resource:
aws_sagemaker_studio_lifecycle_config
(#21041)
ENHANCEMENTS:
- data-source/aws_lambda_function: Add support for Graviton2 with
architectures
attribute (#21091) - data-source/aws_lambda_layer_version: Add support for Graviton2 with
compatible_architectures
attribute (#21091) - provider: Add parameter
http_proxy
to provider configuration (#21077) - resource/aws_lb_target_group: Support
alb
value fortarget_type
argument (#21069) - resource/aws_lambda_function: Add support for Graviton2 with
architectures
argument (#21091) - resource/aws_lambda_layer_version: Add support for Graviton2 with
compatible_architectures
argument (#21091) - resource/aws_sagemaker_app_image_config: Add tagging support. (#21037)
- resource/aws_sagemaker_domain: Add
default_user_settings.jupyter_server_app_settings.lifecycle_config_arns
anddefault_user_settings.kernel_gateway_app_settings.lifecycle_config_arns
arguments (#21041) - resource/aws_user_profile: Add
user_settings.jupyter_server_app_settings.lifecycle_config_arns
anduser_settings.kernel_gateway_app_settings.lifecycle_config_arns
arguments (#21041)
BUG FIXES:
- resource/aws_dx_connection: Mark
provider_name
as Computed to avoid resource recreation with pre-v3.56.0 configurations (#21085) - resource/aws_dx_lag: Mark
provider_name
as Computed to avoid resource recreation with pre-v3.56.0 configurations (#21085) - resource/aws_route_table_association: Wait for up to 40 not found checks when creating a new route table association (#21062)
FEATURES:
- New Data Source:
aws_cloudfront_log_delivery_canonical_user_id
(#15167) - New Data Source:
aws_cloudwatch_log_groups
(#17151) - New Data Source:
aws_connect_contact_flow
(#16854) - New Data Source:
aws_connect_instance
(#16709) - New Data Source:
aws_iam_users
(#20877) - New Data Source:
aws_msk_broker_nodes
(#20615) - New Data Source:
aws_msk_kafka_version
(#20638) - New Resource:
aws_appstream_fleet
(#20543) - New Resource:
aws_chime_voice_connector_streaming
(#20933) - New Resource:
aws_connect_contact_flow
(#16854) - New Resource:
aws_connect_instance
(#16709) - New Resource:
aws_ec2_managed_prefix_list_entry
(#19394) - New Resource:
aws_fsx_ontap_filesystem
(#20951) - New Resource:
aws_sagemaker_flow_definition
(#20825)
ENHANCEMENTS:
- data-source/efs_file_system: Add
transition_to_primary_storage_class
tolifecycle_policy
. (#20971) - resource/aws_msk_cluster: Add
zookeeper_connect_string_tls
attribute (#15661) - resource/aws_msk_cluster: Configurable Create, Update and Delete timeouts (#17726)
BUG FIXES:
- data-source/aws_launch_template: Fix
error setting metadata_options
(#21008) - resource/aws_cognito_user_pool: Fix removal of
lambda_config
(#20952) - resource/aws_msk_cluster: Don't recreate cluster if order of
broker_node_group_info.client_subnets
orbroker_node_group_info.security_groups
entries change (#14627) - resource/efs_file_system: Allow multiple lifecycle policies. (#20971)
FEATURES:
- New Data Source:
aws_eks_clusters
(#20315) - New Data Source:
aws_eks_node_group
(#13564) - New Data Source:
aws_eks_node_groups
(#13564) - New Resource:
aws_chime_voice_connector_logging
(#20863) - New Resource:
aws_transfer_access
(#20342)
ENHANCEMENTS:
- resource/aws_cloudtrail: Add
advanced_event_selector
argument (#19368) - resource/aws_config_delivery_channel: Add
s3_kms_key_arn
argument (#20600) - resource/aws_ec2_client_vpn_endpoint: Add
self_service_portal
andauthentication_options.self_service_saml_provider_arn
arguments to support self-service portal (#17897) - resource/aws_ec2_managed_prefix_list: allow updating
max_entries
. (#20797) - resource/aws_efs_file_system: Add
lifecycle_policy.transition_to_primary_storage_class
argument to support Intelligent-Tiering (#20874) - resource/aws_efs_file_system_policy: Add
bypass_policy_lockout_safety_check
argument (#20838) - resource/aws_iam_role: Add plan time validation for
path
,permissions_boundary
,managed_policy_arns
. (#19532) - resource/aws_iam_role: Retry
assume_role_policy
updates for IAM eventual consistency (#12436) - resource/aws_iam_role:
name_prefix
is now Computed (#20785) - resource/aws_launch_template: add plan time validation to
spot_options.block_duration_minutes
(#20796) - resource/aws_launch_template: add support for
http_protocol_ipv6
tometadata_options
. (#20796) - resource/aws_mwaa_environment: Increase resource creation timeout to 2 hours (#20861)
- resource/aws_route53_health_check: Add plan time validation for
regions
(#20795) - resource/aws_sagemaker_endpoint_configuration: Add
async_inference_config
argument (#20809) - resource/aws_transfer_server: Add
directory_id
argument to support Microsoft Active Directory (AD) authentication (#20342)
BUG FIXES:
- resource/aws_cognito_user_pool: Fix continual diff on
email_configuration.configuration_set
(#20791) - resource/aws_db_instance: Fix updating
license_model
. (#20779) - resource/aws_iam_role: Change
name_prefix
validation to a range of 1 to 38 characters (#20785) - resource/aws_imagebuilder_distribution_configuration: Improve validation error message of
name
argument (#20842) - resource/aws_kms_key: Extends timeouts for policy and tag propagation to 5 minutes each (#20914)
- resource/aws_route53_health_check: Fix update for
ip_address
(#20795)
FEATURES:
- New Resource:
aws_chime_voice_connector_origination
(#20676) - New Resource:
aws_chime_voice_connector_termination
(#20667) - New Resource:
aws_quicksight_group_membership
(#20687)
FEATURES:
- New Resource:
aws_service_discovery_instance
(#17498)
ENHANCEMENTS:
- data-source/aws_instance: Add
ipv6_addresses
attribute (#17859) - resource/aws_athena_database: Read the database name from the
AwsDataCatalog
(#19765) - resource/aws_cloudformation_stack_set: Retry when
OperationInProgress
errors are returned from the AWS API (#10969) - resource/aws_cloudformation_stack_set_instance: Retry when
OperationInProgress
errors are returned from the AWS API (#10969) - resource/aws_config_organization_conformance_pack: Add configurable timeouts (#20560)
- resource/aws_redshift_cluster: Add
cluster_nodes
attribute (#4563) - resource/aws_s3_bucket: Retry on
PutBucketEncryption
HTTP 409 errors due to eventual consistency (#11795) - resource/aws_sagemaker_notebook_instance: Add
platform_identifier
argument (#20711) - resource/aws_service_discovery_service: Add
force_destroy
argument (#3538) - resource_aws_route53_health_check: Add
RECOVERY_CONTROL
health check type androuting_control_arn
argument (#20731) - resource_vpn_connection: Handle paginated response when reading Transit Gateway Attachments (#20775)
BUG FIXES:
- resource/aws_ecs_cluster: Ensure that
setting
attribute is set consistently (#20720) - resource/aws_pinpoint_email_channel: When specifying the
configuration_set
parameter, use the name of the set instead of the ARN. (#20691) - resource/aws_route53_record: Support
set_identifier
values containing_
(#13453)
FEATURES:
- New Data Source:
aws_dx_connection
(#17852) - New Data Source:
aws_dx_location
(#9735) - New Data Source:
aws_dx_locations
(#9735) - New Resource:
aws_appstream_stack
(#20547) - New Resource:
aws_autoscaling_group_tag
(#20009) - New Resource:
aws_dynamodb_tag
(#13783) - New Resource:
aws_ecs_tag
(#13783) - New Resource:
aws_route53recoverycontrolconfig_cluster
(#20568) - New Resource:
aws_route53recoverycontrolconfig_control_panel
(#20568) - New Resource:
aws_route53recoverycontrolconfig_routing_control
(#20568) - New Resource:
aws_route53recoverycontrolconfig_safety_rule
(#20568) - New Resource:
aws_route53recoveryreadiness_cell
(#20526) - New Resource:
aws_route53recoveryreadiness_readiness_check
(#20526) - New Resource:
aws_route53recoveryreadiness_recovery_group
(#20526) - New Resource:
aws_route53recoveryreadiness_resource_set
(#20526)
ENHANCEMENTS:
- data-source/aws_elasticache_user: Mark
passwords
attribute as sensitive. (#20629) - data-source/aws_efs_file_system: Add ability to filter results by
tags
(#20399) - data-source/aws_route53_delegation_set: Add
arn
attribute (#20664) - data-source/aws_route53_zone: Add
arn
attribute (#20652) - resource/aws_dx_connection: Add
owner_account_id
attribute (#17852) - resource/aws_dx_connection: Add
provider_name
argument (#17852) - resource/aws_dx_lag: Add
owner_account_id
attribute (#17852) - resource/aws_dx_lag: Add
provider_name
argument (#17852) - resource/aws_eks_node_group: Add
update_config
argument to support parallel node upgrades (#20137) - resource/aws_elasticache_user: Mark
passwords
argument as sensitive. (#20629) - resource/aws_fsx_lustre_filesystem: Allow creating filesystem from backup using
backup_id
. (#20614) - resource/aws_fsx_windows_filesystem: Allow creating filesystem from backup using
backup_id
. (#20643) - resource/aws_route53_delegation_set: Add
arn
attribute (#20664) - resource/aws_route53_delegation_set: Add plan time validation for
reference_name
(#20664) - resource/aws_route53_health_check: Add
arn
attribute. (#20653) - resource/aws_route53_health_check: Add plan time validation for
failure_threshold
,ip_address
,fqdn
,port
,resource_path
,search_string
,child_healthchecks
. (#20653) - resource/aws_route53_query_log: Add
arn
attribute. (#20666) - resource/aws_route53_zone: Add
arn
attribute (#20652) - resource/aws_route53_zone: Add plan time validation for
comment
(#20652) - resource/aws_s3_bucket_inventory: Add missing values to
optional_fields
argument (#20658)
BUG FIXES:
- data-source/aws_kms_public_key: Correctly base64 encode
public_key
value (#19944) - data-source/aws_route53_resolver_rule: Fix lack of pagination when listing rules (#20642)
- resource/aws_codebuild_webhook: Only update
build_type
if a value is specified (#20671) - resource/aws_route53_delegation_set: Properly remove from state when resource does not exist (#20664)
- resource/aws_route53_query_log: Properly remove from state when resource does not exist (#20666)
FEATURES:
- New Data Source:
aws_iam_roles
(#18585) - New Data Source:
aws_subnets
(#18803) - New Resource:
aws_chime_voice_connector_group
(#20565) - New Resource:
aws_fsx_backup
(#20569) - New Resource:
aws_sagemaker_device_fleet
(#20058) - New Resource:
aws_sagemaker_human_task_ui
(#20570)
ENHANCEMENTS:
- aws/resource_aws_appconfig_deployment: Add
state
attribute (#20288) - resource/aws_db_parameter_group: Allow parameter values to be mixed case, prioritize certain parameters when chunking, and avoid diffs with mixed-case parameter names (#18818)
- resource/aws_dms_endpoint: Add
s3_settings.data_format
,s3_settings.parquet_timestamp_in_millisecond
,s3_settings.parquet_version
,s3_settings.encryption_mode
ands3_settings.server_side_encryption_kms_key_id
arguments. (#17591) - resource/aws_lambda_function: Add support for
python3.9
runtime
value (#20593) - resource/aws_lambda_layer_version: Add support for
python3.9
compatible_runtimes
value (#20593) - resource/aws_wafv2: Add missing values to
text_transformation
argument foraws_wafv2_web_acl
andaws_wafv2_rule_group
resources (#20564)
BUG FIXES:
- aws/resource_aws_appconfig_deployment: Remove internal waiter after start of deployment (#20288)
- aws/resource_aws_cloudwatch_event_rule: Correctly handle ARN in
event_bus_name
argument (#20312) - aws/resource_aws_cloudwatch_event_target: Correctly handle ARN in
event_bus_name
argument (#20312) - resource/aws_eks_addon: Treat
DEGRADED
as a pending state during creation (#20562) - resource/aws_eks_identity_provider_config: Increase Create and Delete timeouts to 40 minutes (#20561)
- resource/aws_elasticache_user: Correctly update
passwords
(#20530) - resource/aws_lambda_function: Fix
handler
,runtime
attribute validation forpackage_type
isZip
(#20575) - resource/aws_lambda_function: fix Osaka ap-northeast-3 lambda function creation, failing due to code signer service not available in the region. (#20555)
- resource/aws_rds_cluster_parameter_group: Handle paginated response when reading parameters from RDS cluster parameter group. (#16010)
- resource/aws_storagegateway_smb_file_share: Only set
oplocks_enabled
if a value is specified in configuration (#20579)
FEATURES:
ENHANCEMENTS:
- data-source/aws_workspaces_directory: Add
workspace_access_properties.device_type_linux
attribute (#20462) - resource/aws_athena_workgroup: Add
requester_pays_enabled
argument (#20457) - resource/aws_cloudwatch_metric_alarm: Add support for
account_id
(#20541) - resource/aws_codebuild_webhook: Add support for
build_type
(#20480) - resource/aws_db_instance: Use engine_version and engine_version_actual to set and track engine versions (#20207)
- resource/aws_workspaces_directory: Add
workspace_access_properties.device_type_linux
argument (#20462)
BUG FIXES:
- aws/resource_aws_imagebuilder_infrastructure_configuration: Always set
terminate_instance_on_failure
on create and update (#20464) - resource/aws_iot_topic_rule: Correctly update resource on
error_action
change (#16471) - resource/aws_iot_topic_rule: Enhance handling of IAM eventual consistency errors during create (#20467)
- resource/aws_synthetics_canary: Correctly report any resource creation errors (#20463)
ENHANCEMENTS:
- data-source/aws_acm_certificate: Add status attribute (#20232)
- data-source/aws_ec2_coip_pool: Add
arn
attribute (#17046) - resource/aws_appconfig_deployment: Include predefined strategies in plan time validation of
deployment_strategy_id
(#20420) - resource/aws_autoscaling_schedule: Add
time_zone
argument (#19829) - resource/aws_db_instance: Add
customer_owned_ip_enabled
argument (#17864) - resource/aws_db_instance: Add
nchar_character_set_name
argument (#20437) - resource/aws_kms_external_key: Add
bypass_policy_lockout_safety_check
argument (#18117) - resource/aws_kms_key: Add
bypass_policy_lockout_safety_check
argument (#18117) - resource/aws_launch_template: Allow all supported resource types
tag_specifications.resource_type
(#20409) - resource/aws_redshift_parameter_group: Make Redshift parameters case sensitive. (#19772)
BUG FIXES:
- aws/resource_aws_amplify_branch: Correctly handle branch names that contain '/' (#20426)
- aws/resource_aws_apigateway_vpc_link: Ensure deletion does not return an error when resource is not found (#20441)
- aws/resource_aws_instance: Fix running
terraform plan
with withskip_credentials_validation=true
(#20357) - aws/resource_aws_instance: Fix state refresh when launch template was deleted (#20357)
FEATURES:
- New Resource:
aws_sagemaker_workforce
(#20065) - New Resource:
aws_sagemaker_workteam
(#20122) - New Resource:
aws_storagegateway_file_system_association
(#20082)
ENHANCEMENTS:
- data-source/aws_ec2_instance_type_offerings: Add
locations
andlocation_types
attributes (#16704) - data-source/aws_lb: Add ability to filter results by
tags
(#6458) - data-source/aws_qldb_ledger: Add
permissions_mode
attribute (#20302) - resource/aws_budgets_budget: Add the
cost_filter
argument which allows multiplevalues
to be specified per filter. This new argument will eventually replace thecost_filters
argument (#9092) - resource/aws_budgets_budget: Change
time_period_start
to an optional argument. If you don't specify a start date, AWS defaults to the start of your chosen time period (#9092) - resource/aws_cognito_user_pool_client: Set
callback_urls
andlogout_urls
as computed. (#20065) - resource/aws_dx_connection: Add support for
100Gbps
bandwidth
#20364) - resource/aws_dx_lag: Add support for
100Gbps
connections_bandwidth
#20364) - resource/aws_qldb_ledger: Add
permissions_mode
support (#20302) - resource/aws_rds_cluster: Use engine_version and engine_version_actual to set and track engine versions (#20211)
- resource/aws_rds_cluster_instance: Use engine_version and engine_version_actual to set and track engine versions (#20211)
- resource/aws_s3_bucket_object: Existing resource can now be imported (#10036)
- resource/aws_sagemaker_model: Add
inference_execution_config
. (#20066) - resource/aws_secretsmanager_secret: Add replica support (#20293)
- resource/aws_storagegateway_gateway: Add new option for gateway_type,
FILE_FSX_SMB
, to be used withaws_storagegateway_file_system_association
(#20082)
BUG FIXES:
- resource/aws_elasticache_user: Correctly handle user modifications and deletion (#20339)
- resource/aws_budgets_budget: Change the service name in the
arn
attribute frombudgetservice
tobudgets
(#9092) - resource/aws_budgets_budget: Suppress plan differences with trailing zeroes for
limit_amount
(#9092) - resource/aws_budgets_budget_action: Change the service name in the
arn
attribute frombudgetservice
tobudgets
(#9092) - resource/aws_lex_bot: Fix computed
version
for dependent resources (#20336) - resource/aws_lex_intent: Fix computed
version
for dependent resources (#20336) - resource/aws_lex_slot_type: Fix computed
version
for dependent resources (#20336)
FEATURES:
- New Data Source:
aws_elasticache_user
(#16629) - New Resource:
aws_appconfig_deployment
(#20172) - New Resource:
aws_elasticache_user
(#16629) - New Resource:
aws_elasticache_user_group
(#16504)
ENHANCEMENTS:
- resource/aws_cloudwatch_event_target: Add support for Redshift event target. (#20256)
- resource/aws_glue_crawler: Add
sample_size
argument ins3_target
block. (#20203) - resource/aws_instance: Add support for configuration with Launch Template (#10807)
- resource/aws_servicecatalog_provisioned_product: Increase timeouts to align with CloudFormation (30 min.) (#20254)
- resource/aws_storagegateway_smb_file_share: Add
bucket_region
,oplocks_enabled
andvpc_endpoint_dns_name
arguments (#20234)
BUG FIXES:
- aws/resource_aws_lambda_event_source_mapping: Ignore
InvalidParameterValueException
error caused by IAM propagation when creating Lambda event source mapping with Kinesis stream source (#20229) - aws/resource_aws_route_table_association: Correctly handle
associated
as a pending state when waiting for deletion of an association (#20265)
NOTES:
- resource/aws_dx_gateway_association_proposal: If an accepted Proposal reaches end-of-life and is removed by AWS do not recreate the resource, instead refreshing Terraform state from the resource's Direct Connect Gateway ID and Associated Gateway ID. (#19741)
FEATURES:
- New Resource:
aws_appconfig_application
(#19307) - New Resource:
aws_appconfig_configuration_profile
(#19320) - New Resource:
aws_appconfig_deployment_strategy
(#19359) - New Resource:
aws_appconfig_environment
(#19307) - New Resource:
aws_appconfig_hosted_configuration_version
(#19324) - New Resource:
aws_config_organization_conformance_pack
(#17298) - New Resource:
aws_securityhub_organization_configuration
(#19108) - New Resource:
aws_securityhub_standards_control
(#14714)
ENHANCEMENTS:
- resource/aws_cloudwatch_event_target: Add
enable_ecs_managed_tags
,enable_execute_command
,placement_constraints
,propagate_tags
, andtags
arguments toecs_target
block. (#19975) - resource/aws_cognito_user_pool_client: Add the
enable_token_revocation
argument to support targeted sign out (#20031) - resource/aws_fsx_windows_file_system: Add
aliases
argument (#20054) - resource/aws_guardduty_detector: Add
datasources
argument (#19954) - resource/aws_guardduty_organization_configuration: Add
datasources
argument (#15241) - resource/aws_iam_access_key: Add encrypted SES SMTP password (#19579)
- resource/aws_kms_key: Add plan time validation to
description
. (#19967) - resource/aws_s3_bucket: Add the delete_marker_replication_status argument for V2 replication configurations (#19323)
- resource/aws_s3_bucket_object: Add
source_hash
argument to complimentetag
's encryption limitations (#11522) - resource/aws_sagemaker_domain: Add support for
retention_policy
(#18562) - resource/aws_wafv2_web_acl: Support
scope_down_statement
onmanaged_rule_group_statement
(#19407)
BUG FIXES:
- resource/aws_cognito_user_pool_client: Allow the
default_redirect_uri
argument value to be an empty string (#20031) - resource/aws_cognito_user_pool_client: Retry on
ConcurrentModificationException
(#20031) - resource/aws_datasync_location_s3: Correctly parse S3 on Outposts location URI (#19859)
- resource/aws_db_instance: Ignore allocated_storage for replica at creation time (#12548)
- resource/aws_elasticache_replication_group: Cannot set
cluster_mode.replicas_per_node_group
when member of Global Replication Group (#20111)
FEATURES:
- New Resource:
aws_eks_identity_provider_config
(#17959) - New Resource:
aws_rds_cluster_role_association
(#12370)
ENHANCEMENTS:
- aws_rds_cluster: Set
iam_roles
as Computed to prevent drift when theaws_rds_cluster_role_association
resource is used (#12370) - resource/aws_transfer_server: Add
security_group_ids
argument toendpoint_details
configuration block. (#17539)
BUG FIXES:
- data-source/aws_lakeformation_permissions: Fix various problems with permissions including select-only (#20108)
- resource/aws_eks_cluster: Don't associate an
encryption_config
if there's already one (#19986) - resource/aws_lakeformation_permissions: Fix various problems with permissions including select-only (#20108)
- resource/aws_ram_resource_share_accepter: Allow destroy even where AWS API provides no way to disassociate (#19718)
FEATURES:
- New Data Source:
aws_iam_session_context
(#19957) - New Data Source:
aws_servicecatalog_launch_paths
(#19572) - New Data Source:
aws_servicecatalog_portfolio_constraints
(#19813) - New Resource:
aws_cloudfront_monitoring_subscription
(#18083) - New Resource:
aws_servicecatalog_provisioned_product
(#19459)
ENHANCEMENTS:
- resource/aws_fsx_windows_file_system: Add
audit_log_configuration
argument. (#19970)
BUG FIXES:
- resource/aws_cloudwatch_event_target: Don't crash if
sqs_target
configuration block is empty. (#19946) - resource/aws_mwaa_environment: Changes to the
kms_key
argument force resource recreation (#19994)
FEATURES:
- New Resource:
aws_cloudwatch_event_bus_policy
(#16874) - New Resource:
aws_efs_backup_policy
(#18006) - New Resource:
aws_elasticsearch_domain_saml_options
(#19497) - New Resource:
aws_neptune_cluster_endpoint
(#19898)
ENHANCEMENTS:
- resource/aws_default_route_table: Add retries when creating, deleting and replacing routes (#19426)
- resource/aws_default_route_table: Add retries when creating, deleting and replacing routes (#19426)
- resource/aws_ecs_capacity_provider: Allow updates to the
auto_scaling_group_provider
argument without recreating the resource (#16942) - resource/aws_eks_cluster: Allow updates to
encryption_config
(#19144) - resource/aws_lb_target_group: Add support for
app_cookie
stickiness type andcookie_name
argument (#18102) - resource/aws_main_route_table_association: Wait for association to reach the required state (#19426)
- resource/aws_neptune_cluster: Add
copy_tags_to_snapshot
argument (#19899) - resource/aws_route: Add retries when creating, deleting and replacing routes (#19426)
- resource/aws_route_table: Add retries when creating, deleting and replacing routes (#19426)
- resource/aws_route_table_association: Wait for association to reach the required state (#19426)
BUG FIXES:
- resource/aws_backup_vault_policy: Correctly handle deleting policy of deleted vault (#19854)
- resource/aws_backup_vault_policy: Correctly handle reading policy of deleted vault (#19749)
- resource/aws_glue_catalog_database: Set
location_uri
as compute to prevent drift whentarget_table
haslocation_uri
set. (#19743) - resource/aws_glue_catalog_table: Fix updating
schema_reference
when columns are present. (#19742)
FEATURES:
- New Data Source:
aws_appmesh_virtual_service
(#19774) - New Data Source:
aws_servicecatalog_portfolio
(#19500) - New Resource:
aws_budgets_budget_action
(#19554) - New Resource:
aws_route53_resolver_firewall_config
(#18733)
ENHANCEMENTS:
- resource/aws_cloudwatch_log_metric_filter: Add support for
unit
in themetric_transformation
block. (#19804) - resource/aws_datasync_location_nfs: Add
mount_options
argument. (#19767) - resource/aws_datasync_location_nfs: Add plan time validation for
on_prem_config.agent_arns
,server_hostname
, andsubdirectory
. (#19767) - resource/aws_datasync_location_nfs: Add support for updating. (#19767)
- resource/aws_ecs_cluster: Add plan time validation for
name
. (#19785) - resource/aws_ecs_cluster: Add support for
configuration
. (#19785) - resource/aws_eks_node_group: Allow minimum value of
0
fordesired_size
andmin_size
in thescaling_config
configuration block (#19810) - resource/aws_spot_fleet_request: Add
on_demand_allocation_strategy
,on_demand_max_total_price
, andon_demand_target_capacity
arguments (#13127)
BUG FIXES:
- data-source/aws_directory_service_directory: Check VpcSettings and ConnectSettings for nil values (#19820)
- data-source/aws_lakeformation_permissions: Fix diffs resulting from order of column names and exclude column names (#19817)
- resource/aws_cognito_identity_provider: Fix updating
idp_identifiers
crash. (#19819) - resource/aws_glue_trigger: Fix default timeouts for Create and Delete operations (#19827)
- resource/aws_lakeformation_permissions: Fix bug preventing updates (inconsistent result) (#19817)
- resource/aws_lakeformation_permissions: Fix bug where resource is not properly removed from state (#19817)
- resource/aws_lakeformation_permissions: Fix diffs resulting only from order of column names and exclude column names (#19817)
- resource/aws_lambda_event_source_mapping: Enhance handling of IAM eventual consistency errors during create (#19831)
- resource/aws_sqs_queue: Correctly handle the default
kms_data_key_reuse_period_seconds
value of300
for unencrypted queues (#19834)
FEATURES:
- New Data Source:
aws_appmesh_mesh
(#19577) - New Data Source:
aws_globalaccelerator_accelerator
(#19647)
ENHANCEMENTS:
- data-source/aws_nat_gateway: Add
connectivity_type
attribute (#19758) - data-source/aws_transfer_server: Add
domain
attribute. (#19691) - resource/aws_cognito_user_pool: Add
custom_domain
,domain
, andestimated_number_of_users
attributes (#16502) - resource/aws_cognito_user_pool: Add
custom_email_sender
,custom_sms_sender
, andkms_key_id
tolambda_config
(#16502) - resource/aws_cognito_user_pool: Add plan time validation for
name
(#16502) - resource/aws_cognito_user_pool_client: Add plan time validation for
id_token_validity
andaccess_token_validity
. (#19702) - resource/aws_cur_report_definition: Add
arn
attribute. (#19705) - resource/aws_cur_report_definition: Add plan time validation for
report_name
. (#19705) - resource/aws_cur_report_definition: Support updating definition. (#19705)
- resource/aws_datasync_location_smb: Add plan time validation for
domain
,agent_arns
,password
,server_hostname
,subdirectory
, anduser
. (#19753) - resource/aws_datasync_location_smb: Add support for updating. (#19753)
- resource/aws_default_vpc_dhcp_options: Add
owner_id
argument. (#19656) - resource/aws_ecs_task_definition: Add plan time validation for
family
andrequires_compatibilities
. (#19670) - resource/aws_ecs_task_definition: Add support for
ephemeral_storage
. (#19694) - resource/aws_ecs_task_definition: Add support for
fsx_windows_file_server_volume_configuration
. (#19670) - resource/aws_fsx_lustre_filesystem: Add
data_compression_type
argument. (#19664) - resource/aws_nat_gateway: Add
connectivity_type
argument (#19758) - resource/aws_sqs_queue: Add
deduplication_scope
andfifo_throughput_limit
arguments (#19639) - resource/aws_sqs_queue: Add
url
attribute (#19639) - resource/aws_transfer_server: Add
domain
argument. (#19691) - resource/aws_transfer_user: Add
posix_profile
argument. (#19693)
BUG FIXES:
- data-source/aws_acmpca_certificate_authority: Fix
error setting tags
(#19681) - data-source/aws_servicequotas_service_quota: Correctly handle errors embedded in API struct (#19722)
- resource/aws_batch_job_definition: Suppress differences for empty
linuxParameters.devices
andlinuxParameters.tmpfs
arrays in thecontainer_properties
argument (#19666) - resource/aws_cloudwatch_event_target: Fix
ecs_target.launch_type
not allowing empty string values. (#19703) - resource/aws_cloudwatch_event_target: Increase the maximum allowed value for the
input_transformer
input_paths
argument to 100 (#19703) - resource/aws_cloudwatch_metric_alarm: Allow extended statistics in the
stat
argument of themetric
configuration block (#19668) - resource/aws_cognito_user_pool: Suppress diff for empty
account_recovery_setting
. (#19704) - resource/aws_cognito_user_pool_client: Fix plan time validation for
refresh_token_validity
(#19702) - resource/aws_iot_topic_rule: Allow tags containing
@
character (#19677) - resource/aws_lambda_function: Prevents perpetual diff in
vpc_config
(#17610) - resource/aws_servicequotas_service_quota: Correctly handle errors embedded in API struct (#19722)
- resource/aws_sqs_queue: Allow
visibility_timeout_seconds
to be0
when creating queue (#19639) - resource/aws_sqs_queue: Ensure that queue attributes propagate completely during Create and Update (#19639)
FEATURES:
- New Resource:
aws_amplify_branch
(#11937) - New Resource:
aws_amplify_domain_association
(#11938) - New Resource:
aws_amplify_webhook
(#11939) - New Resource:
aws_servicecatalog_principal_portfolio_association
(#19470)
ENHANCEMENTS:
- data-source/aws_launch_configuration: Add
throughput
attribute toebs_block_device
androot_block_device
configuration blocks to support GP3 volumes (#19632) - resource/aws_acmpca_certificate_authority: Add
s3_object_acl
argument torevocation_configuration.crl_configuration
configuration block (#19578) - resource/aws_cloudwatch_log_metric_filter: Add
dimensions
argument tometric_transformation
configuration block (#19625) - resource/aws_cloudwatch_metric_alarm: Add plan time validation to
metric_query.metric.stat
. (#19571) - resource/aws_devicefarm_project: Add
default_job_timeout_minutes
andtags
argument (#19574) - resource/aws_devicefarm_project: Add plan time validation for
name
(#19574) - resource/aws_fsx_lustre_filesystem: Allow updating
storage_capacity
. (#19568) - resource/aws_launch_configuration: Add
throughput
argument toebs_block_device
androot_block_device
configuration blocks to support GP3 volumes (#19632)
BUG FIXES:
- resource/aws_amplify_app: Mark the
enable_performance_mode
argument in theauto_branch_creation_config
configuration block asForceNew
(#11937) - resource/aws_cloudwatch_event_api_destination: Fix crash on resource update (#19654)
- resource/aws_elasticache_cluster: Fix provider-level
default_tags
support for resource (#19615) - resource/aws_iam_access_key: Fix status not defaulting to Active (#19606)
FEATURES:
- New Data Source:
aws_cloudwatch_event_connection
(#18905) - New Resource:
aws_amplify_app
(#15966) - New Resource:
aws_amplify_backend_environment
(#11936) - New Resource:
aws_cloudwatch_event_api_destination
(#18905) - New Resource:
aws_cloudwatch_event_connection
(#18905) - New Resource:
aws_schemas_discoverer
(#19100) - New Resource:
aws_schemas_registry
(#19100) - New Resource:
aws_schemas_schema
(#19100) - New Resource:
aws_servicecatalog_budget_resource_association
(#19452) - New Resource:
aws_servicecatalog_provisioning_artifact
(#19316) - New Resource:
aws_servicecatalog_tag_option_resource_association
(#19448)
ENHANCEMENTS:
- data-source/aws_msk_cluster: Add
bootstrap_brokers_sasl_iam
attribute (#19404) - resource/aws_cloudfront_distribution: Add
connection_attempts
,connection_timeout
, andorigin_shield
. (#16049) - resource/aws_cloudtrail: Add
AWS::DynamoDB::Table
as an option forevent_selector
.data_resource
.type
(#19559) - resource/aws_ec2_capacity_reservation: Add
outpost_arn
argument (#19535) - resource/aws_ecs_service: Add support for ECS Anywhere with the
launch_type
EXTERNAL
(#19557) - resource/aws_eks_node_group: Add
taint
argument (#19482) - resource/aws_elasticache_parameter_group: Add
tags
argument andarn
andtags_all
attributes (#19551) - resource/aws_lambda_event_source_mapping: Add
function_response_types
argument to support AWS Lambda checkpointing (#19425) - resource/aws_lambda_event_source_mapping: Add
queues
argument to support Amazon MQ for Apache ActiveMQ event sources (#19425) - resource/aws_lambda_event_source_mapping: Add
self_managed_event_source
andsource_access_configuration
arguments to support self-managed Apache Kafka event sources (#19425) - resource/aws_lambda_event_source_mapping: Add
tumbling_window_in_seconds
argument to support AWS Lambda streaming analytics calculations (#19425) - resource/aws_msk_cluster: Add
bootstrap_brokers_sasl_iam
attribute (#19404) - resource/aws_msk_cluster: Add
iam
argument toclient_authentication.sasl
configuration block (#19404) - resource/aws_msk_configuration:
kafka_versions
argument is optional (#17571) - resource/aws_sns_topic: Add
firehose_success_feedback_role_arn
,firehose_success_feedback_sample_rate
andfirehose_failure_feedback_role_arn
arguments. (#19528) - resource/aws_sns_topic: Add
owner
attribute. (#19528) - resource/aws_sns_topic: Add plan time validation for
application_success_feedback_role_arn
,application_failure_feedback_role_arn
,http_success_feedback_role_arn
,http_failure_feedback_role_arn
,lambda_success_feedback_role_arn
,lambda_failure_feedback_role_arn
,sqs_success_feedback_role_arn
,sqs_failure_feedback_role_arn
. (#19528)
BUG FIXES:
- data-source/aws_launch_template: Add
interface_type
tonetwork_interfaces
attribute (#19492) - data-source/aws_mq_broker: Correct type for
logs.audit
attribute (#19502) - resource/aws_apprunner_service: Correctly configure
authentication_configuration
,code_configuration
, andimage_configuration
nested arguments in API requests (#19471) - resource/aws_apprunner_service: Handle asynchronous IAM eventual consistency error on creation (#19483)
- resource/aws_apprunner_service: Suppress
instance_configuration
cpu
andmemory
differences (#19483) - resource/aws_batch_job_definition: Don't crash when setting
timeout.attempt_duration_seconds
tonull
(#19505) - resource/aws_cloudformation_stack: Avoid conflicts with
on_failure
anddisable_rollback
(#10539) - resource/aws_cloudwatch_event_api_destination: Reduce the maximum allowed value for the
invocation_rate_limit_per_second
argument to300
(#19594) - resource/aws_ec2_managed_prefix_list: Fix crash with multiple description-only updates (#19517)
- resource/aws_eks_addon: Use
service_account_role_arn
, if set, on updates (#19454) - resource/aws_glue_connection:
connection_properties
are optional (#19375) - resource/aws_lb_listener_rule: Allow blank string for
action.redirect.query
nested argument (#19496) - resource/aws_synthetics_canary: Change minimum
timeout_in_seconds
inrun_config
from60
to3
(#19515) - resource/aws_vpn_connection: Allow
local_ipv4_network_cidr
,remote_ipv4_network_cidr
,local_ipv6_network_cidr
, andremote_ipv6_network_cidr
to be CIDRs of any size (#17573)
FEATURES:
- New Data Source:
aws_service_discovery_dns_namespace
(#6856) - New Resource:
aws_cloudwatch_metric_stream
(#18870) - New Resource:
aws_servicecatalog_constraint
(#19385) - New Resource:
aws_servicecatalog_product_portfolio_association
(#19385) - New Resource:
aws_servicecatalog_service_action
(#19369)
ENHANCEMENTS:
- resource/aws_autoscaling_policy: Add
PredictiveScaling
policy_type
andpredictive_scaling_configuration
argument (#19447)
BUG FIXES:
- resource/aws_networkfirewall_rule_group: Correctly update resource on
rules
change (#19430)
FEATURES:
- New Data Source:
aws_cloudfront_function
(#19315) - New Data Source:
aws_glue_connection
(#18802) - New Data Source:
aws_glue_data_catalog_encryption_settings
(#18802) - New Data Source:
aws_organizations_delegated_administrators
(#19389) - New Data Source:
aws_organizations_delegated_services
(#19389) - New Resource:
aws_apprunner_auto_scaling_configuration_version
(#19432) - New Resource:
aws_apprunner_connection
(#19432) - New Resource:
aws_apprunner_custom_domain_association
(#19432) - New Resource:
aws_apprunner_service
(#19432) - New Resource:
aws_cloudfront_function
(#19315) - New Resource:
aws_macie2_invitation_accepter
(#19304) - New Resource:
aws_macie2_member
(#19304) - New Resource:
aws_macie2_organization_admin_account
(#19303) - New Resource:
aws_organizations_delegated_administrator
(#19389) - New Resource:
aws_servicecatalog_organizations_access
(#19278) - New Resource:
aws_servicecatalog_portfolio_share
(#19278)
ENHANCEMENTS:
- data-source/aws_outposts_outpost:
owner_id
is now an optional argument (#17585) - data-source/aws_outposts_outposts: Add
owner_id
argument (#17585) - resource/aws_cloudfront_distribution: Add
function_association
argument toordered_cache_behavior
anddefault_cache_behavior
configuration blocks (#19315) - resource/aws_glue_catalog_database: Add
target_database
argument (#19371) - resource/aws_glue_catalog_table: Add
target_table
argument (#19372) - resource/aws_launch_template: Add
interface_type
argument tonetwork_interfaces
configuration block (#18841) - resource/aws_network_interface: Add
interface_type
argument (#18841)
BUG FIXES:
- resource/aws_lambda_function: Wait for successful completion of function code update (#19386)
- resource/aws_pinpoint_email_channel:
role_arn
argument is optional (#19361)
FEATURES:
- New Resource:
aws_macie2_custom_data_identifier
(#19254) - New Resource:
aws_macie2_findings_filter
(#19283) - New Resource:
aws_servicecatalog_tag_option
(#19300) - New Resource:
aws_timestreamwrite_database
(#15463) - New Resource:
aws_timestreamwrite_table
(#19354)
ENHANCEMENTS:
- data-source/aws_codestarconnections_connection: Add
host_arn
attribute (#19284) - data-source/aws_lb_listener: Add
tags
attribute. (#19286) - resource/aws_ami_copy: Add
destination_outpost_arn
argument (#17735) - resource/aws_cloudwatch_event_target: Add
http_target
argument (#19337) - resource/aws_codestarconnections_connection: Add
host_arn
argument (#19284) - resource/aws_datasync_location_s3: Add
agent_arns
argument (#18547) - resource/aws_datasync_option: Add
private_link_endpoint
,security_group_arns
,subnet_arns
andvpc_endpoint_id
arguments (#16207) - resource/aws_datasync_task: Add
excludes
argument andoverwrite_mode
,task_queueing
, andtransfer_mode
to theoptions
configuration block (#16204) - resource/aws_datasync_task: Add
schedule
argument (#14452) - resource/aws_datasync_task: Add plan time validation to
cloudwatch_log_group_arn
,destination_location_arn
andsource_location_arn
(#14452) - resource/aws_eks_node_group: Add
node_group_name_prefix
argument (#13938) - resource/aws_lambda_event_source_mapping: Support reading
starting_position
andstarting_position_timestamp
attributes (#19253) - resource/aws_lb_listener: Add
tags
argument &tags_all
attribute. (#19286) - resource/aws_lb_listener_rule: Add plan time validation to
listener_arn
,action.target_group_arn
,action.forward.target_group.arn
,action.redirect.host
,action.redirect.path
,action.redirect.query
,action.redirect.status_code
,action.fixed_response.message_body
,action.authenticate_cognito.user_pool_arn
. (#19285) - resource/aws_lb_listener_rule: Add tagging support. (#19285)
FEATURES:
- New Data Source:
aws_cloudwatch_event_source
(#19219) - New Resource:
aws_dynamodb_kinesis_streaming_destination
(#16743) - New Resource:
aws_macie2_classification_job
(#19165)
ENHANCEMENTS:
- data-source/aws_transfer_server: Add
certificate
,endpoint_type
,protocols
andsecurity_policy_name
attributes (#13371) - resource/aws_cloudwatch_event_bus: Support partner event bus creation (#19072)
- resource/aws_cloudwatch_event_rule: Support partner event bus names (#18491)
- resource/aws_cloudwatch_event_target: Support partner event bus names (#18491)
- resource/aws_codebuild_project: Add
file_system_locations
argument (#12130) - resource/aws_cognito_identity_pool: Add allow_classic_flow argument (#19176)
- resource/aws_datasync_location_s3: Add
s3_storage_class
argument (#19190) - resource/aws_glue_connection: Add plan time validation for
connection_properties
,description
,match_criteria
,name
, andphysical_connection_requirements.security_group_id_list
(#19172) - resource/aws_msk_cluster: Support in-place
instance_type
updates (#17447) - resource/aws_sfn_state_machine: Add
tracing_configuration
attribute (#15434) - resource/aws_shield_protection: Add
tags
argument (#19168) - resource/aws_transfer_server: Add
protocols
argument (#13371) - resource/aws_transfer_server: Add
security_policy_name
argument (#15375)
BUG FIXES:
- aws_batch_compute_environment: Allow update of just
service_role
for managed compute environments (#19205) - aws_batch_compute_environment:
service_role
argument is optional (#19205) - provider: Prevent
Provider produced inconsistent final plan
errors when lifecycle arguments apply to resourcetags
not known until apply (#19251) - resource/aws_appautoscaling_target: Ignore
ObjectNotFoundException
on deletion (#18115) - resource/aws_batch_job_definition: Prevent diff with default value of
fargatePlatformConfiguration
(#19207) - resource/aws_lakeformation_permissions: Fix issues related to permissions not being revoked and attempts to revoke non-existent permissions (#18505)
- resource/aws_mwaa_environment: Correctly apply
plugins_s3_object_version
change (#19266) - resource/aws_sfn_state_machine: Handle eventual consistency of state machine updates (#15434)
- resource/aws_ssoadmin_managed_policy_attachment: Retry attachment/detachment when other permission-set attachment event was not yet propagated, to avoid ConflictException. (#19216)
NOTES:
- provider:
default_tags
support generally available to all provider resources that supporttags
with the exception ofaws_autoscaling_group
(#19084)
FEATURES:
- New Data Source:
aws_cloudformation_type
(#18579) - New Data Source:
aws_kms_public_key
(#18873) - New Data Source:
aws_resourcegroupstaggingapi_resources
(#17804) - New Resource:
aws_cloudformation_type
(#18579) - New Resource:
aws_codestarconnections_host
(#16918) - New Resource:
aws_macie2_account
(#19069) - New Resource:
aws_rds_proxy_endpoint
(#18881) - New Resource:
aws_route53_resolver_firewall_rule
(#18712) - New Resource:
aws_route53_resolver_firewall_rule_group_association
(#19164) - New Resource:
aws_servicecatalog_product
(#19122)
ENHANCEMENTS:
- data-source/aws_efs_mount_target: Add
access_point_id
,file_system_id
arguments (#18918) - data-source/aws_iam_policy: Add support for lookup by
arn
,name
, and/orpath_prefix
(#6084) - data-source/aws_launch_template: Add
placement
host_resource_group_arn
attribute (#15785) - data/source_aws_eks_addon: added validation for
cluster_name
(#19078) - data/source_aws_eks_cluster: added validation for
cluster_name
(#19078) - resource/aws_appsync_resolver: Mark
request_template
andresponse_template
as optional (support Lambda) (#14710) - resource/aws_batch_compute_environment: Additional supported value
FARGATE
andFARGATE_SPOT
for thetype
argument in thecompute_resources
configuration block (#16819) - resource/aws_batch_compute_environment: The
instance_role
,instance_type
andmin_vcpus
arguments in thecompute_resources
configuration block are now optional (#16819) - resource/aws_batch_compute_environment: The
security_group_ids
andsubnets
arguments in thecompute_resources
configuration block can now be updated in-place for Fargate compute resources (#16819) - resource/aws_batch_job_definition: Add
propagate_tags
argument (#18336) - resource/aws_codebuild_project: Add
build_batch_config
argument (#14534) - resource/aws_codebuild_project: Add
build_status_config
attribute tosource
andsecondary_sources
configuration blocks (#15442) - resource/aws_codebuild_project: Add
concurrent_build_limit
argument to specify build concurrency. (#18320) - resource/aws_codebuild_project: Add plan time validation for
secondary_artifacts
,secondary_sources
,service_role
(#18843) - resource/aws_eip: Add
address
argument to recover or an IPv4 address from an address pool, supporting BYOIP (#8876) - resource/aws_eks_addon: added validation for
cluster_name
(#19078) - resource/aws_eks_cluster: added validation for
name
(#19078) - resource/aws_eks_fargate_profile: added validation for
cluster_name
(#19078) - resource/aws_eks_node_group: added validation for
cluster_name
(#19078) - resource/aws_elasticache_global_replication_group: Adds parameter
engine_version_actual
to match other ElastiCache resources (#18920) - resource/aws_elasticache_subnet_group: Add
tags
argument (#19119) - resource/aws_instance: Make
instance_initiated_shutdown_behavior
also computed, allowing value to be read (#18880) - resource/aws_lambda_event_source_mapping: Don't incorrectly update unspecified
maximum_batching_window_in_seconds
,maximum_record_age_in_seconds
andmaximum_retry_attempts
arguments from their default values (#17933) - resource/aws_lambda_event_source_mapping: Fix update of
batch_size
for MSK event source mappings (#17933) - resource/aws_launch_template: Add
placement
host_resource_group_arn
argument (#15785) - resource/aws_organizations_organizational_unit: Add
tags
argument (#18861) - resource/aws_rds_global_cluster: Allow
engine_version
to be upgraded in place. (#18598) - resource/aws_s3outposts_endpoint: Extends creation timeout to 20 minutes (#18454)
- resource/aws_ses_configuration_set: Adds
reputation_metrics_enabled
andsending_enabled
arguments andlast_fresh_start
attribute (#17608) - resource/aws_ses_receipt_rule: Add
encoding
argument tosns_action
configuration block. (#17654) - resource/aws_sns_topic_policy: Add
owner
attribute (#14123) - resource/aws_sns_topic_policy: Add plan time validation to
arn
(#14123) - resource/aws_wafv2_web_acl_logging_configuration: Add
logging_filter
argument (#19051)
BUG FIXES:
- provider: Prevent
Provider produced inconsistent final plan
errors when resourcetags
are not known until apply (#18958) - resource/aws_batch_job_definition: Treat empty
container_properties.logConfiguration.secretOptions
array asnull
to prevent continual diffs (#16120) - resource/aws_batch_job_queue: Recreate batch job queue if the
name
changes (#19121) - resource/aws_codebuild_project: Allow fetching submodules for bitbucket source types (#18843)
- resource/aws_codebuild_project: Fix removing
secondary_sources
andsecondary_artifacts
(#18843) - resource/aws_ec2_managed_prefix_list: Prevent
entry
description
update errors (#19095) - resource/aws_elasticache_cluster: Allows specifying Redis 6.x (#18920)
- resource/aws_elasticache_replication_group: Allows specifying Redis 6.x (#18920)
- resource/aws_glue_crawler: Allow '/' in
name
argument (#19160) - resource/aws_lambda_event_source_mapping: Support -1 (forever) as a valid value for
maximum_record_age_in_seconds
(#16113) - resource/aws_lambda_event_source_mapping: Support -1 (forever) as a valid value for
maximum_retry_attempts
(#16113) - resource/aws_ram_principal_association: Improve handling of eventual consistency (#17032)
- resource/aws_ram_resource_share: Improve handling of eventual consistency (#17032)
- resource/aws_ram_resource_share_accepter: Improve handling of eventual consistency (#17032)
- resource/aws_storagegateway_gateway: Correctly handle additional error message returned in some regions (#19116)
- resource/aws_vpc_endpoint: Fix auto_accept failing while waiting for the VPC Endpoint Connection acceptance (#19059)
- resource/aws_vpn_connection: Prevent flipped
tunnel1_*
andtunnel2_*
ordering whentunnel1_inside_cidr
,tunnel1_inside_ipv6_cidr
, ortunnel1_preshared_key
is configured (#19077)
NOTES:
- provider: The HTTP User-Agent header has been reordered so the AWS SDK Go product is last, except when using the TF_APPEND_USER_AGENT environment variable. Environments dependent on the previous User-Agent header ordering may require updates. (#18855)
FEATURES:
- New Data Source:
aws_eks_addon
(#16972) - New Resource:
aws_eks_addon
(#16972) - New Resource:
aws_route53_resolver_firewall_domain_list
(#18558) - New Resource:
aws_securityhub_insight
(#18494)
ENHANCEMENTS:
- resource/aws_autoscaling_group: Add Warm Pool support (#18734)
- resource/aws_cloudfront_distribution: Add
trusted_key_groups
argument (#18644) - resource/aws_codedeploy_app: Add
arn
,linked_to_github
,github_account_name
,application_id
attributes (#18564) - resource/aws_codedeploy_app: Add
tags
argument (#18564) - resource/aws_codedeploy_app: Add plan time validation for
name
(#18564) - resource/aws_codedeploy_deployment_group: Add
arn
,compute_platform
, anddeployment_group_id
attributes (#18716) - resource/aws_codedeploy_deployment_group: Add
tags
argument (#18716) - resource/aws_codedeploy_deployment_group: Add plan time validation for
terminate_blue_instances_on_deployment_success.termination_wait_time_in_minutes
,service_role_arn
,load_balancer_info.target_group_pair_info.prod_traffic_route.listener_arns
,load_balancer_info.target_group_pair_info.test_traffic_route.listener_arns
,trigger_configuration.trigger_target_arn
(#18716) - resource/aws_codedeploy_deployment_group: Updating
deployment_group_name
doesnt recreate group (#18716) - resource/aws_dynamodb_table: Add
kms_key_arn
argument toreplica
configuration block (#18373) - resource/aws_emr_cluster: Adds support for multiple subnets (#17219)
- resource/aws_rds_cluster: Database port is updated in-place (#18081)
- resource/aws_servicequotas_service_quota: Add plan time validation to
quota_code
andservice_code
(#17992) - resource/aws_sns_topic: Add
fifo_topic
andcontent_based_deduplication
attributes (#15828)
BUG FIXES:
- resource/aws_dynamodb_table: Update Global Secondary Index provisioned throughput settings on new changes (#18215)
- resource/aws_ecr_replication_configuration: Remove relication rules on resource deletion (#18882)
- resource/aws_eip: Tags are created for EIPs which default to vpc domain (#18909)
- resource/aws_fms_policy: Use API model regular expression for
resource_type
andresource_type_list
argument plan time validation (#18600) - resource/aws_sqs_queue: Append
.fifo
suffix for Terraform-assigned FIFO queue names (#17164)
FEATURES:
- New Resource:
aws_cloudfront_key_group
(#17041) - New Resource:
aws_ecr_registry_policy
(#16831) - New Resource:
aws_ecr_replication_configuration
(#16853) - New Resource:
aws_kinesisanalyticsv2_application_snapshot
(#18056) - New Resource:
aws_mwaa_environment
(#16616)
ENHANCEMENTS:
- data-source/aws_lb_listener: Add
alpn_policy
argument (#14462) - data-source/aws_s3_bucket_object: Add
bucket_key_enabled
attribute (Support S3 Bucket Keys) (#16581) - resource/aws_eip: Tags are set on create (#17612)
- resource/aws_kinesisanalyticsv2_application: Add
force_stop
attribute (#18056) - resource/aws_kinesisanalyticsv2_application: Add
run_configuration
attribute for starting a Flink application (#18056) - resource/aws_kinesisanalyticsv2_application: Add
start_application
attribute (#18056) - resource/aws_kinesisanalyticsv2_application:
starting_position_configuration
can be specified when starting a SQL application (#18056) - resource/aws_lb_listener: Add
alpn_policy
argument (#14462) - resource/aws_s3_bucket: Add
bucket_key_enabled
argument toserver_side_encryption_configuration
rule
configuration block (Support S3 Bucket Keys) (#16581) - resource/aws_s3_bucket_object: Add
bucket_key_enabled
attribute (Support S3 Bucket Keys) (#16581) - resource/aws_s3_object_copy: Add
bucket_key_enabled
argument (#18611)
BUG FIXES:
- resource/aws_appmesh_gateway_route: Handle read-after-create eventual consistency (#18529)
- resource/aws_appmesh_mesh: Handle read-after-create eventual consistency (#18529)
- resource/aws_appmesh_route: Handle read-after-create eventual consistency (#18529)
- resource/aws_appmesh_virtual_gateway: Handle read-after-create eventual consistency (#18529)
- resource/aws_appmesh_virtual_node: Handle read-after-create eventual consistency (#18529)
- resource/aws_appmesh_virtual_router: Handle read-after-create eventual consistency (#18529)
- resource/aws_appmesh_virtual_service: Handle read-after-create eventual consistency (#18529)
- resource/aws_cloudhsm_v2_hsm: Prevent orphaned HSM Instances by additionally matching on ENI identifier during lookup (#18580)
- resource/aws_dms_replication_task: Handle read-only attributes in
replication_task_settings
to avoid unnecessary diffs. (#13476) - resource/aws_docdb_cluster_parameter_group: Read all user parameters and parameters specified in the configuration. (#18486)
- resource/aws_ecr_lifecycle_policy: Handle read-after-create eventual consistency (#18464)
- resource/aws_ecr_repository: Handle read-after-create eventual consistency (#18464)
- resource/aws_ecr_repository_policy: Handle read-after-create eventual consistency (#18464)
- resource/aws_elasticache_replication_group: Remmoves incorrect plan-time validation for
automatic_failover_enabled
(#18635) - resource/aws_iam_group: Handle read-after-create eventual consistency (#18459)
- resource/aws_iam_group_membership: Handle read-after-create eventual consistency (#18459)
- resource/aws_iam_group_policy: Handle read-after-create eventual consistency (#18459)
- resource/aws_iam_group_policy_attachment: Handle read-after-create eventual consistency (#18459)
- resource/aws_iam_user: Handle read-after-create eventual consistency (#18458)
- resource/aws_iam_user_group_membership: Handle read-after-create eventual consistency (#18458)
- resource/aws_iam_user_login_profile: Handle read-after-create eventual consistency (#18458)
- resource/aws_iam_user_policy: Handle read-after-create eventual consistency (#18458)
- resource/aws_iam_user_policy_attachment: Handle read-after-create eventual consistency (#18458)
- resource/aws_iam_user_ssh_key: Handle read-after-create eventual consistency (#18458)
- resource/aws_lb_target_group: Handle read-after-create eventual consistency (#18634)
- resource/aws_secretsmanager_secret: Handle read-after-create eventual consistency (#18462)
- resource/aws_secretsmanager_secret_policy: Handle read-after-create eventual consistency (#18462)
- resource/aws_secretsmanager_secret_rotation: Handle read-after-create eventual consistency (#18462)
- resource/aws_secretsmanager_secret_version: Handle read-after-create eventual consistency (#18462)
- resource/aws_ssm_parameter: Allow
allowed_pattern
anddescription
arguments to be empty strings (#18588) - resource/aws_ssm_parameter: Allow
tags
to be applied to resource whenoverwrite
is configured (#18640) - resource/aws_vpc_endpoint_route_table_association: Handle read-after-create eventual consistency (#18465)
- resource/aws_xray_sampling_rule: Change the maximum length of
rule_name
from 128 to 32 (#18667)
FEATURES:
- New Resource:
aws_cloudwatch_query_definition
(#17899)
ENHANCEMENTS:
- data-source/aws_efs_file_system: Add
availability_zone_id
andavailability_zone_name
attributes (#18319) - data-source/aws_iam_policy: Add
policy_id
andtags
attributes (#18276) - resource/aws_apigatewayv2_route: Add
request_parameter
attribute (#18410) - resource/aws_appmesh_virtual_gateway: Add
spec.backend_defaults.client_policy.tls.certificate
,spec.backend_defaults.client_policy.tls.validation.subject_alternative_names
,spec.listener.tls.certificate
andspec.listener.tls.validation.subject_alternative_names
attributes to support mutual TLS authentication (#18106) - resource/aws_appmesh_virtual_gateway: Add
spec.backend_defaults.client_policy.tls.validation.trust.sds
andspec.listener.tls.validation.trust.sds
attributes to support Envoy Service Discovery Service certificates (#18106) - resource/aws_appmesh_virtual_node: Add
spec.backend.virtual_service.client_policy.tls.certificate
,spec.backend.virtual_service.client_policy.tls.validation.subject_alternative_names
,spec.backend_defaults.client_policy.tls.certificate
,spec.backend_defaults.client_policy.tls.validation.subject_alternative_names
,spec.listener.tls.certificate
andspec.listener.tls.validation.subject_alternative_names
attributes to support mutual TLS authentication (#18127) - resource/aws_appmesh_virtual_node: Add
spec.backend.virtual_service.client_policy.tls.validation.trust.sds
,spec.backend_defaults.client_policy.tls.validation.trust.sds
andspec.listener.tls.validation.trust.sds
attributes to support Envoy Service Discovery Service certificates (#18127) - resource/aws_backup_plan: Add
enable_continuous_backup
argument (#18315) - resource/aws_cloudformation_stack_set: Add
auto_deployment
configuration block andpermissions_model
arguments (support service managed permissions) (#12423) - resource/aws_cognito_user_pool: Allow
schema
items to be added without recreating resource. (#18512) - resource/aws_ecs_service: Add
deployment_circuit_breaker
(#16936) - resource/aws_efs_file_system: Add
availability_zone_id
attribute andavailability_zone_name
argument (#18319) - resource/aws_efs_file_system: Add
number_of_mount_targets
,size_in_bytes
andowner_id
attributes (#17969) - resource/aws_elasticsearch_domain: Add
domain_endpoint_options
configuration blockcustom_endpoint
,custom_endpoint_certificate_arn
, andcustom_endpoint_enabled
arguments (#16192) - resource/aws_iam_policy: Add
policy_id
attribute (#18276) - resource/aws_iam_policy: Add tagging support (#18276)
- resource/aws_lb_target_group: Add preserve_client_ip target attribute support (#17731)
- resource/aws_route:
destination_prefix_list_id
attribute can be specified for managed prefix list destinations (#17291) - resource/aws_ssm_parameter: Add plan time validation to
name
,description
andallowed_pattern
(#17830) - resource/aws_ssm_parameter: Tag on create (#17830)
BUG FIXES:
- resource/aws_ec2_transit_gateway_route_table_propagation: Wait for enable and disable operations to complete (#18470)
- resource/aws_ecs_service: Improve handling of eventual consistency including security group dependency violations on deletion (#16936)
- resource/aws_iam_role: Handle read-after-create eventual consistency (#18435)
- resource/aws_iam_role_policy: Handle read-after-create eventual consistency (#18435)
- resource/aws_iam_role_policy_attachment: Handle read-after-create eventual consistency (#18435)
- resource/aws_network_interface_sg_attachment: Handle read-after-create eventual consistency (#18466)
- resource/aws_route_table: Improve eventual consistency handling and handling of out-of-band resource removal (#17319)
- resource/aws_route_table_association: Improve eventual consistency handling and handling of out-of-band resource removal (#17319)
- resource/aws_s3_bucket_object: Handle read-after-create eventual consistency (#17236)
- resource/aws_securityhub_organization_admin_account: Retry on
ResourceConflictException
error during creation (#18341) - resource/aws_sns_topic_subscription: Enforce lowercase
protocol
argument validation to match API and prevent resource errors (#18475) - resource/aws_sns_topic_subscription: Handle read-after-create eventual consistency (#18475)
- resource/aws_spot_instance_request: Handle read-after-create eventual consistency (#18473)
- resource/aws_synthetics_canary: Handle asynchronous IAM eventual consistency error on creation (#18404)
- resource/aws_vpc_dhcp_options_association: Handle read-after-create eventual consistency (#18472)
- resource/aws_vpn_gateway_route_propagation: Improve eventual consistency handling and handling of out-of-band resource removal (#17319)
NOTES:
- resource/aws_storagegateway_upload_buffer: The Storage Gateway
ListLocalDisks
API operation has been implemented to support thedisk_path
attribute for Cached and VTL gateway types. Environments using restrictive IAM permissions may require updates. (#18313)
FEATURES:
- New Data Source:
aws_codestarconnections_connection
(#18129) - New Resource:
aws_lightsail_instance_public_ports
(#8611)
ENHANCEMENTS:
- resource/aws_ami_from_instance: Tag on create. (#17968)
- resource/aws_ecr_repository_policy: Add plan time validation for
policy
(#14193) - resource/aws_fms_admin_account: Extend creation timeout to 10 minutes (#17596)
- resource/aws_iam_instance_profile: Add tagging support (#17962)
- resource/aws_iam_openid_connect_provider: Add plan time validation for
client_id_list
andthumbprint_list
(#17964) - resource/aws_iam_openid_connect_provider: Add tagging support (#17964)
- resource/aws_iam_saml_provider: Add plan time validation for
name
andsaml_metadata_document
(#17965) - resource/aws_iam_saml_provider: Add tagging support (#17965)
- resource/aws_iam_server_certificate: Add
expiration
andupload_date
attributes (#17967) - resource/aws_iam_server_certificate: Add tagging support (#17967)
- resource/aws_light_instance_public_ports: Add
cidrs
argument toport_info
(#14905) - resource/aws_pinpoint_email_channel: Add
configuration_set
argument (#18314) - resource/aws_pinpoint_email_channel: Add plan time validation for
identity
androle_arn
(#18314) - resource/aws_pinpoint_event_stream: Plan time validations for
destination_stream_arn
androle_arn
(#18305) - resource/aws_route: Validate route destination and target attributes (#16930)
- resource/aws_sns_topic_subscription: Add plan time validation for
subscription_role_arn
andtopic_arn
(#14101) - resource/aws_storagegateway_upload_buffer: Add
disk_path
argument for Cached and VTL gateways (#18313)
BUG FIXES:
- data-source/aws_storagegateway_local_disk: Allow
disk_path
reference ondisk_node
lookup and vice-versa (#18313) - resource/aws_api_gateway_vpc_link: Persist ID of failed VPC Link to state (#18382)
- resource/aws_apigatewayv2_domain_name: Allow update of mutual TLS S3 object version (#18351)
- resource/aws_cloudfront_distribution: Allow
forwarded_values
to be set to empty when values were previously set (#18042) - resource/aws_cloudwatch_event_permission: Fix error in Event Bridge/CloudWatch Events bus name validation (#16815)
- resource/aws_cloudwatch_event_rule: Fix error in Event Bridge/CloudWatch Events bus name validation (#16815)
- resource/aws_cloudwatch_event_target: Fix error in Event Bridge/CloudWatch Events bus name validation (#16815)
- resource/aws_config_configuration_aggregator: Allow name to have uppercase characters (#14247)
- resource/aws_ecs_service: Re-create service when
service_registries
changes (#17387) - resource/aws_elasticache_replication_group: Prevents re-creation of secondary replication groups when encryption is enabled (#18361)
- resource/aws_mq_configuration: Add
ldap
as anauthentication_strategy
andRabbitMQ
as anengine_type
(#18070) - resource/aws_network_acl: Handle EC2 eventual consistency errors on creation (#18388)
- resource/aws_network_acl_rule: Handle EC2 eventual consistency errors on creation (#18388)
- resource/aws_pinpoint_event_stream: Retry on eventual consistency error (#18305)
- resource/aws_pinpoint_sms_channel: Set all params on update (#18281)
- resource/aws_route: Correctly handle updates to the route target attributes (
egress_only_gateway_id
,gateway_id
,instance_id
,local_gateway_id
,nat_gateway_id
,network_interface_id
,transit_gateway_id
,vpc_peering_connection_id
) (#16930) - resource/aws_sns_topic_subscription: recreate subscription if topic is deleted (#14101)
- resource/aws_subnet: Handle EC2 eventual consistency errors on creation (#18392)
- resource/aws_vpc: Handle EC2 eventual consistency errors on creation (#18391)
- resource/aws_wafv2_web_acl_logging_configuration: Remove deprecation warning for
redacted_fields
single_header
argument (#18384)
NOTES:
- data-source/aws_vpc_endpoint_service: The
service_type
argument filtering has been switched from client-side to new EC2 API functionality (#17641) - provider: New
default_tags
argument as a public preview for applying tags across all resources under a provider. Support for the functionality must be added to individual resources in the codebase and is only implemented for theaws_subnet
andaws_vpc
resources at this time. Until a general availability announcement, no compatibility promises are made with these provider arguments and their functionality. (#17974) - resource/aws_codebuild_project: The
source
andsecondary_sources
configuration blockauth
attributes have been deprecated to match the CodeBuild API documentation. Use theaws_codebuild_source_credential
resource instead. (#17465) - resource/aws_wafv2_web_acl_logging_configuration: The
redacted_fields
configuration blockall_query_arguments
,body
, andsingle_query_argument
arguments have been deprecated to match the WAF API documentation (#14319)
FEATURES:
- New Data Source:
aws_ec2_transit_gateway_route_tables
(#17589) - New Data Source:
aws_kinesis_stream_consumer
(#17149) - New Resource:
aws_kinesis_stream_consumer
(#17149)
ENHANCEMENTS:
- provider: Add
default_tags
argument (in public preview, see note above) (#17974) - resource/aws_db_parameter_group: Store all values in lowercase to prevent unexpected diffs (#17909)
- resource/aws_ssm_parameter: Add support for
Intelligent-Tiering
(#11967) - resource/aws_storagegateway_gateway: Add support for
smb_file_share_visibility
. (#18076) - resource/aws_subnet: Support provider-wide default tags (in public preview, see note above) (#17974)
- resource/aws_vpc: Support provider-wide default tags (in public preview, see note above) (#17974)
BUG FIXES:
- data-source/aws_vpc_endpoint_service: Prevent panic with incorrect
service_type
argument values (#17641) - resource/aws_dms_certificate: Correctly base64 decode
certificate_wallet
value (#17958) - resource/aws_globalaccelerator_accelerator: Correct length for
name
attribute validation (#17985) - resource/aws_lakeformation_permissions: Properly serialize SELECT permission for
permissions
andpermissions_with_grant_option
fields (#18203) - resource/aws_ssm_patch_group: Allow for a single patch group to be registered with multiple patch baselines (#15213)
- resource/aws_ssm_patch_group: Replace
Provider produced inconsistent result after apply
with actual error message (#15213) - resource/aws_waf_rule: Fix rule deletion when still referenced by a WebACL (#17876)
- resource/aws_wafv2_web_acl_logging_configuration: Ensure
redacted_fields
are applied to the resource (#14319)
FEATURES:
- New Data Source:
aws_acmpca_certificate
(#10213) - New Resource:
aws_acmpca_certificate
(#10213) - New Resource:
aws_acmpca_certificate_authority_certificate
(#17850)
ENHANCEMENTS:
- resource/aws_appautoscaling_scheduled_action: Adds
timezone
support (#17689) - resource/aws_appautoscaling_scheduled_action: Allows any timezone to be specified for
start_time
andend_time
(#17689) - resource/aws_appautoscaling_scheduled_action: Allows setting leaving
min_capacity
ormax_capacity
unset. (#8777) - resource/aws_appautoscaling_scheduled_action: No longer re-creates when changes can be updated in-place. (#8777)
- resource/aws_cognito_user_pool: Add support for
configuration_set
inemail_configuration
(#14935) - resource/aws_cognito_user_pool_client: Add plan time validation for
name
,default_redirect_uri
,supported_identity_providers
(#14935) - resource/aws_cognito_user_pool_client: Add support for
access_token_validity
andid_token_validity
,token_validity_units
(#14935) - resource/aws_db_instance: Allow
snapshot_identifier
to be removed from configuration without resource recreation (#18013) - resource/aws_elasticache_replication_group: Allows creating a Replication Group as part of a Global Replication Group (#17725)
- resource/aws_kinesis_analytics_application: Add
start_application
attribute (#17784) - resource/aws_kinesis_analytics_application:
starting_position_configuration
can be specified when starting an application (#17784) - resource/aws_mq_broker: Add RabbitMQ as option for
engine_type
, and new argumentsauthentication_strategy
,ldap_server_metadata
, andstorage_type
. Improve handling of eventual consistency. (#16108) - resource/aws_mq_broker: Support updating broker engine version without recreating broker (#12758)
BUG FIXES:
- resource/aws_rds_cluster_instance: Add
configuring-iam-database-auth
pending state (#17982) - resource/aws_storagegateway_upload_buffer: Replace
Provider produced inconsistent result after apply
with actual error message (#17880)
FEATURES:
- New Resource:
aws_route53_hosted_zone_dnssec
(#17474)
ENHANCEMENTS:
- data-source/aws_msk_cluster: Orders
bootstrap_brokers
,bootstrap_brokers_sasl_scram
,bootstrap_brokers_tls
, andzookeeper_connect_string
(#17579) - provider: Support automatic region validation for
ap-northeast-3
(#17934) - resource/aws_globalaccelerator_accelerator: Add plan time validation to
name
,flow_logs_s3_bucket
andflow_logs_s3_prefix
attributes (#17739) - resource/aws_msk_cluster: Orders
bootstrap_brokers
,bootstrap_brokers_sasl_scram
,bootstrap_brokers_tls
, andzookeeper_connect_string
(#17579) - resource/aws_route53_record: Support
DS
value fortype
argument (#17040)
BUG FIXES:
- resource/aws_acm_certificate: Trigger resource recreation with
VALIDATION_TIMED_OUT
status (#17869) - resource/aws_globalaccelerator_accelerator: Allow update of flow log attribute for active flow logs (#17739)
- resource/aws_kms_grant: Adds support for operations on asymmetric keys (#17836)
- resource/aws_neptune_cluster_instance: Add "storage-optimization" to Neptune cluster instance create/update pending states (#17901)
- resource/aws_neptune_cluster_parameter_group: Correctly update resource by
id
(#17872) - resource/aws_ssm_maintenance_window_task: Prevent
ValidationException
error on update when priority is not set or 0 (#17885)
FEATURES:
- New Data Source:
aws_apigatewayv2_api
(#13883) - New Data Source:
aws_apigatewayv2_apis
(#13883) - New Resource:
aws_cognito_user_pool_ui_customization
(#8114) - New Resource:
aws_ecrpublic_repository
(#16865) - New Resource:
aws_sagemaker_app
(#17251)
ENHANCEMENTS:
- provider: Add validation for
role_arn
,policy_arns
, andpolicy
(#12642) - resource/aws_autoscaling_group: Added support Auto Scaling groups with multiple launch templates using a mixed instances policy (#16325)
- resource/aws_dms_certificate: Add
tags
argument (#17163) - resource/aws_gamelift_build: Support all valid operating system values (#17764)
- resource/aws_sagemaker_domain: Make
default_resource_spec
optional for thetensor_board_app_settings
,jupyter_server_app_settings
andkernel_gateway_app_settings
config blocks. (#17251) - resource/aws_sns_topic_subscription: Add
email
,email-json
, andfirehose
to protocol values. Addsubscription_role_arn
argument for Firehose support. Addconfirmation_was_authenticated
,owner_id
, andpending_confirmation
attributes. (#14923)
BUG FIXES:
- provider: Underlying Terraform Plugin SDK update to ensure data source errors include configuration source (file and line) (#17801)
- resource/aws_backup_plan:
backup_options
andresource_type
attributes inadvanced_backup_setting
configuration block are both required (#17692) - resource/aws_glue_trigger: Support starting ON_DEMAND triggers via
enabled
flag. (#17488) - resource/aws_sagemaker_domain: Wait for update to finish. (#17251)
- resource/aws_sagemaker_user_profile: Wait for update to finish. (#17251)
- resource/aws_sns_topic_subscription: Fix to avoid
delivery_policy
always showing diff. (#14255)
ENHANCEMENTS:
- resource/aws_iam_role: Add
inline_policy
andmanaged_policy_arns
arguments to support exclusive policy management (#5904)
BUG FIXES:
- data-source/aws_iam_policy_document: Keep empty conditions (#17752)
- resource/aws_db_instance: Fix conflicting argument validation error (#17755)
- resource/aws_instance: Prevent error with
iam_instance_profile
containing additional forward slashes from path (#17734) - resource/aws_lb_target_group_attachment: Retry InvalidTarget errors when creating (#8538)
- resource/aws_synthetics_canary: Fix Canary Update when in running state (#17704)
FEATURES:
- New Resource:
aws_cloudwatch_event_archive
(#17270) - New Resource:
aws_elasticache_global_replication_group
(#15885) - New Resource:
aws_s3_object_copy
(#15461) - New Resource:
aws_securityhub_invite_accepter
(#12684)
ENHANCEMENTS:
- data-source/aws_ami: Add
usage_operation
,platform_details
,ena_support
attributes (#13971) - data-source/aws_security_groups: Adds
arns
attribute (#13944) - data-source/aws_subnet: Add
available_ip_address_count
attributes (#13554) - resource/aws_ami: Add
usage_operation
,platform_details
,image_owner_alias
,image_type
,hypervisor
,owner_id
,platform
,public
attributes (#13971) - resource/aws_ami_copy: Add
usage_operation
,platform_details
,image_owner_alias
,image_type
,hypervisor
,owner_id
,platform
,public
attributes (#13971) - resource/aws_ami_from_instance: Add
usage_operation
,platform_details
,image_owner_alias
,image_type
,hypervisor
,owner_id
,platform
,public
attributes (#13971) - resource/aws_cloudwatch_event_target: Adds
dead_letter_config
attributes (#17241) - resource/aws_cloudwatch_event_target: Adds
retry_policy
attributes (#17241) - resource/aws_cloudwatch_metric_alarm: Add plan time validation to
alarm_name
,comparison_operator
,metric_name
,metric_query.id
,metric_query.expression
,metric_query.metric.metric_name
,metric_query.metric.namespace
,metric_query.metric.unit
,namespace
,period
,statistic
,alarm_description
,insufficient_data_actions
,ok_actions
,unit
, andextended_statistic
(#12817) - resource/aws_cognito_user_pool_client: Add support for
application_arn
in theanalytics_configuration
block. (#16734) - resource/aws_db_instance: Adds plan-time validation for
username
andname
whensnapshot_identifier
is set (#17156) - resource/aws_dx_gateway_association: Changes to
proposal_id
do not force resource recreation (#12482) - resource/aws_ecs_capacity_provider: Add
managed_scaling
blockinstance_warmup_period
argument (#16941) - resource/aws_lambda_function: Handle eventual consistency issues after publishing a version (#14578)
- resource/aws_spot_instance_request: Add import support (#12787)
- resource/aws_spot_instance_request: Add plan time validation for
spot_type
andblock_duration_minutes
(#12787) - resource/ses_receipt_rule_set: Add
arn
attribute (#17611) - resource/ses_receipt_rule_set: Add plan time validation to
name
(#17611)
BUG FIXES:
- resource/aws_ebs_volume: Only specify throughput on update for
gp3
volumes (#17646) - resource/aws_fms_policy: Update
resource_type_list
plan-time validation to includeAWS::EC2::VPC
. (#17595) - resource/aws_lb_cookie_stickiness_policy: Allow zero value for
cookie_expiration_period
(#17204) - resource/aws_lb_listener_certificate: Prevent resource ID parsing error with IAM Server Certificate names containing underscores (#17645)
- resource/aws_lb_target_group: Use gRPC matcher when using gRPC protocol (#17534)
- resource/aws_ses_receipt_rule: Fix name validation regex to include
.
(period) (#17627) - resource/aws_ssm_document: Recreate resource on
name
update (#17582) - resource/aws_transfer_ssh_key: Corrects user_name validation (#17621)
- resource/aws_transfer_user: Corrects user_name validation (#17621)
FEATURES:
- New Data Source:
aws_cloudfront_cache_policy
(#17336) - New Resource:
aws_cloudfront_cache_policy
(#17336) - New Resource:
aws_cloudfront_realtime_log_config
(#14974) - New Resource:
aws_config_conformance_pack
(#17313) - New Resource:
aws_sagemaker_model_package_group
(#17366) - New Resource:
aws_securityhub_organization_admin_account
(#17501) - New Resource:
aws_synthetics_canary
(#13140)
ENHANCEMENTS:
- data-source/aws_customer_gateway: Add
device_name
attribute (#14786) - data-source/aws_iam_policy_document: Support merging policy documents by adding
source_policy_documents
andoverride_policy_documents
arguments (#12055) - provider: Add terraform-provider-aws version to HTTP User-Agent header (#17486)
- resource/aws_budgets_budget: Add
arn
attribute (#13139) - resource/aws_budgets_budget: Add plan time validation for
budget_type
,time_unit
, andsubscriber_sns_topic_arns
arguments (#13139) - resource/aws_cloudfront_distribution: Add
cache_policy_id
attribute (#17336) - resource/aws_cloudfront_distribution: Add
realtime_log_config_arn
attribute todefault_cache_behavior
andordered_cache_behavior
configuration blocks (#14974) - resource/aws_cloudfront_public_key: Add import support (#17044)
- resource/aws_cloudwatch_log_destination: Add plan time validation to
role_arn
,name
andtarget_arn
. (#11687) - resource/aws_cloudwatch_log_group: Add plan time validation for
retention_in_days
argument (#14673) - resource/aws_codebuild_report_group: Add
delete_reports
argument (#17338) - resource/aws_codestarconnections_connection: Add
tags
argument (#16835) - resource/aws_customer_gateway: Add
device_name
argument (#14786) - resource/aws_dynamodb_table: Add plan-time validation for indexes on undefined attributes (#6364)
- resource/aws_ec2_capacity_reservation: Add
owner_id
attribute (#17129) - resource/aws_ec2_traffic_mirror_filter: Add
arn
attribute. (#13948) - resource/aws_ec2_traffic_mirror_filter_rule: Add arn attribute. (#13949)
- resource/aws_ec2_traffic_mirror_filter_rule: Add plan time validation to
destination_port_range.from_port
,destination_port_range.to_port
,source_port_range.from_port
, andsource_port_range.to_port
. (#13949) - resource/aws_elastictranscoder_pipeline: Add plan time validations to
content_config.storage_class
,content_config_permissions.access
,content_config_permissions.grantee_type
,notifications.completed
,notifications.error
,notifications.progressing
,notifications.warning
,thumbnail_config.storage_class
,thumbnail_config_permissions.access
,thumbnail_config_permissions.grantee_type
(#13973) - resource/aws_fms_policy: Allow use of
resource_type
orresource_type_list
attributes (#17418) - resource/aws_imagebuilder_image_recipe: Add
gp3
as a valid value for thevolume_type
attribute (#17286) - resource/aws_lambda_event_source_mapping: Add
topics
attribute to support Amazon MSK as an event source (#14746) - resource/aws_lb_listener_certificate: Add import support (#16474)
- resource/aws_licensemanager_license_configuration: Add
arn
andowner_account_id
attributes (#17160) - resource/aws_ses_active_receipt_rule_set: Add
arn
attribute (#13962) - resource/aws_ses_active_receipt_rule_set: Add plan time validation for
rule_set_name
argument (#13962) - resource/aws_ses_configuration_set: Add
arn
attribute. (#13972) - resource/aws_ses_configuration_set: Add
delivery_options
argument (#11600) - resource/aws_ses_configuration_set: Add plan time validation to
name
. (#13972) - resource/aws_ses_event_destination: Add
arn
attribute (#13964) - resource/aws_ses_event_destination: Add plan time validation for
name
,cloudwatch_destination.default_value
,cloudwatch_destination.default_name
,kinesis_destination.role_arn
,kinesis_destination.stream_arn
, andsns_destination.topic_arn
attributes (#13964) - resource/aws_ses_receipt_rule: Add
arn
attribute (#13960) - resource/aws_ses_receipt_rule: Add plan time validations for
name
,tls_policy
,add_header_action.header_name
,add_header_action.header_value
,bounce_action.topic_arn
,lambda_action.function_arn
,lambda_action.topic_arn
,lambda_action.invocation_type
,s3_action,topic_arn
,sns_action.topic_arn
,stop_action.scope
,stop_action.topic_arn
,workmail_action.topic_arn
, andworkmail_action.organization_arn
attributes (#13960) - resource/aws_ses_template: Add
arn
attribute (#13963) - resource/aws_sns_topic_subscription: Add
redrive_policy
argument (#11770) - resource/aws_ssm_association: Add
apply_only_at_cron_interval
argument (#15038) - resource/aws_ssm_document: Add
version_name
argument (#14128) - resource/aws_ssm_maintenance_window_task: Add
task_invocation_parameters
run_command_parameters
blockcloudwatch_config
anddocument_version
arguments (#11774) - resource/aws_ssm_maintenance_window_task: Add plan time validation to
max_concurrency
,max_errors
,priority
,service_role_arn
,targets
,targets.notification_arn
,targets.service_role_arn
,task_type
,task_invocation_parameters.run_command_parameters.comment
,task_invocation_parameters.run_command_parameters.document_hash
,task_invocation_parameters.run_command_parameters.timeout_seconds
, andtask_invocation_parameters.run_command_parameters.notification_config.notification_events
arguments (#11774) - resource/aws_ssm_maintenance_window_task: Make
service_role_arn
optional (#12200) - resource/aws_ssm_patch_baseline: Add
approval_rule
blockapprove_until_date
argument (#13850) - resource/aws_ssm_patch_baseline: Add
approved_patches_enable_non_security
andrejected_patches_action
arguments (#11772) - resource/aws_ssm_patch_baseline: Add
source
configuration block (#11879) - resource/aws_ssm_patch_baseline: Adds
arn
attribute. (#11772) - resource/aws_ssm_patch_baseline: Adds plan time validation for
name
,description
,global_filter.key
,global_filter.values
,approved_patches
,rejected_patches
,approval_rule.approve_after_days
,approval_rule.patch_filter.key
, andapproval_rule.patch_filter.values
. (#11772)
BUG FIXES:
- resource/aws_glue_catalog_database: Use Catalog Id when deleting Databases. (#17489)
- resource/aws_iam_instance_profile: Detach role when role doesn't exist + remove when deleted from state. (#16188)
- resource/aws_instance: Fix use of
throughput
andiops
forgp3
volumes at the same time (#17380) - resource/aws_lambda_event_source_mapping: Wait for create and update operations to complete (#14765)
- resource/aws_lambda_function: Prevent crash when using
Image
package type (#17082) - resource/aws_ssm_parameter: Use ARN value from API response rather than generating the value (#16618)
- resource/aws_wafv2_web_acl_association: Increase creation timeout value from 2 to 5 minutes to prevent WAFUnavailableEntityException (#17545)
FEATURES:
- New Resource:
aws_ec2_transit_gateway_prefix_list_reference
(#16823) - New Resource:
aws_route53_key_signing_key
(#16840) - New Resource:
aws_cloudfront_origin_request_policy
(#17342) - New Data Source:
aws_cloudfront_origin_request_policy
(#17342)
ENHANCEMENTS:
- data-source/aws_subnet: Add
customer_owned_ipv4_pool
andmap_customer_owned_ip_on_launch
attributes (#16676) - resource/aws_glacier_vault: Add plan-time validation for
notification
configuration blockevents
andsns_topic_arn
arguments (#12645) - resource/aws_glue_catalog_table: Adds support for specifying schema from schema registry. (#17335)
- resource/aws_iam_access_key: Add
create_date
attribute (#17318) - resource/aws_iam_access_key: Support resource import (#17321)
- resource/aws_subnet: Add
customer_owned_ipv4_pool
andmap_customer_owned_ip_on_launch
attributes (#16676) - resource/aws_lb: Add
ipv6_address
attribute (#17229) - resource/aws_sfn_state_machine: Add support for
EXPRESS
state machinetype
(#12249) - resource/aws_lb_target_group: Add
protocol_version
attribute (#17260) - resource/aws_cloudfront_distribution: Add
cloudfront_origin_request_policy_id
attribute (#17342)
BUG FIXES:
- data-source/aws_partition: Correct
reverse_dns_prefix
value in AWS China, C2S, and SC2S (#17142) - provider: Only validate AWS shared configuration profile SSO configuration when attempting to use SSO cached credentials (#17469)
- resource/aws_api_gateway_method_settings: Ignore non-existent resource errors during deletion (#17234)
- resource/aws_api_gateway_method_settings: Prevent confusing Terraform error on resource disappearance during creation (#17234)
- resource/aws_cloudwatch_event_rule: Prevent perpetual differences with
name_prefix
argument values beginning withterraform-
(#17030) - resource/aws_glacier_vault: Prevent crash with
GetVaultAccessPolicy
API errors (#12645) - resource/aws_glacier_vault: Properly remove from state when resource does not exist (#12645)
- resource/aws_glue_crawler: Use standard retry timeout for IAM eventual consistency and retry on LakeFormation permissions errors (#17256)
- resource/aws_glue_partition: Fix
partition_values
to preserve order. (#17344) - resource/aws_iam_access_key: Ensure
Inactive
status
is properly configured during resource creation (#17322) - resource/aws_kinesis_firehose_delivery_stream: Use standard retry timeout for IAM eventual consistency and retry on LakeFormation access errors (#17254)
- resource/aws_security_group: Prevent perpetual differences with
name_prefix
argument values beginning withterraform-
(#17030) - resource/aws_ssoadmin_permission_set: Properly update resource with
relay_state
argument (#17423) - resource/aws_vpc_endpoint: Return unsuccessful deletion information immediately as an error instead of timing out while waiting for deletion (#16656)
- resource/aws_vpc_endpoint_service: Return unsuccessful deletion information immediately as an error instead of timing out while waiting for deletion (#16656)
NOTES:
- data-source/aws_route53_zone: The Route 53
ListResourceRecordSets
API call has been implemented to support thename_servers
attribute for private Hosted Zones similar to the resource implementation. Environments using restrictive IAM permissions may require updates. (#17002)
FEATURES:
- New Data Source:
aws_imagebuilder_image
(#16710) - New Resource:
aws_imagebuilder_image
(#16710) - New Resource:
aws_prometheus_workspace
(#16882) - New Resource:
aws_sagemaker_app_image_config
(#17221)
ENHANCEMENTS:
- data-source/aws_elasticache_replication_group: Add
multi_az_enabled
argument (#17320) - data-source/aws_vpc_peering_connection: Add
cidr_block_set
andpeer_cidr_block_set
attributes (#13420) - provider: Support AWS Single-Sign On (SSO) cached credentials (#17340)
- resource/aws_codeartifact_domain: Make
encryption_key
optional (#17262) - resource/aws_elasticache_replication_group: Add
multi_az_enabled
argument (#17320) - resource/aws_elasticache_replication_group: Allow changing
cluster_mode.replica_count
without re-creation (#17301)
BUG FIXES:
- data-source/aws_elb_hosted_zone_id: Correct values for
cn-north-1
andcn-northwest-1
regions (#17226) - data-source/aws_lb_listener: Prevent error when retrieving a listener whose default action contains weighted target groups (#17238)
- data-source/aws_route53_zone: Ensure
name_servers
is populated for private Hosted Zones (#17002) - resource/aws_ebs_volume: Allow both
size
andsnapshot_id
attributes to be specified (#17243) - resource/aws_elasticache_replication_group: Correctly update computed
member_clusters
values (#17201) - resource/aws_sagemaker_code_repository: fix doc name (#17221)
NOTES
- resource/aws_lightsail_instance: The
ipv6_address
attribute has been deprecated. Use theipv6_addresses
attribute instead. This is due to a backwards incompatible change in the Lightsail API. (#17155)
FEATURES
- New Resource:
aws_backup_global_settings
(#16475) - New Resource:
aws_sagemaker_feature_group
(#16728) - New Resource:
aws_sagemaker_image_version
(#17141) - New Resource:
aws_sagemaker_user_profile
(#17123)
ENHANCEMENTS
- data-source/aws_ami: Add
throughput
attribute toblock_device_mappings
ebs
attribute (#16631) - data-source/aws_ebs_volume: Add
throughput
attribute (#16517) - data-source/aws_elasticache_replication_group: Adds
arn
attribute (#15348) - data-source/aws_iam_user: Add
tags
attribute (#13287) - resource/aws_ami: Support
volume_type
value ofgp3
and addthroughput
argument toebs_block_device
configuration block (#16631) - resource/aws_ami_copy: Add
throughput
argument toebs_block_device
configuration block (#16631) - resource/aws_ami_from_instance: Add
throughput
argument toebs_block_device
configuration block (#16631) - resource/aws_ebs_volume: Add
throughput
argument (#16517) - resource/aws_elasticache_replication_group: Adds
arn
attribute (#15348) - resource/aws_lightsail_instance: Add
ipv6_addresses
attribute (#17155) - resource/aws_sagemaker_domain: Delete implicit EFS file system (#17123)
BUG FIXES
- data-source/aws_lambda_function: Prevent error when getting Code Signing Config for container image based lambdas during read (#17180)
- provider: Fix error messages for missing required blocks not including the block name (#17211)
- provider: Prevent panic when sending Ctrl-C (SIGINT) to Terraform (#17211)
- resource/aws_api_gateway_authorizer: Ensure
authorizer_credentials
are configured whentype
isCOGNITO_USER_POOLS
(#16614) - resource/aws_api_gateway_rest_api: Allow
api_key_source
,binary_media_types
, anddescription
arguments to be omitted from configuration with OpenAPI specification import (body
argument) (#17099) - resource/aws_api_gateway_rest_api: Ensure
api_key_source
,binary_media_types
,description
,minimum_compression_size
,name
, andpolicy
configuration values are correctly applied as an override after OpenAPI specification import (body
argument) (#17099) - resource/aws_api_gateway_rest_api: Fix
disable_execute_api_endpoint
andendpoint_configuration
vpc_endpoint_ids
handling with OpenAPI specification import (body
argument) (#17209) - resource/aws_lakeformation_data_lake_settings: Avoid unnecessary resource cycling (#17189)
- resource/aws_lakeformation_permissions: Handle resources with multiple permissions (#17189)
- resource/aws_lambda_function: Prevent panic with missing
FunctionConfiguration
PackageType
attribute in API response (#16544) - resource/aws_lambda_function: Prevent panic with missing environment variable value (#17056)
- resource/aws_sagemaker_image: Fix catching image not found on read error (#17141)
BUG FIXES
- data-source/instance: Fix EBS and root block device tags issue with "Invalid address to set" (#17136)
FEATURES
- New Data Source:
aws_api_gateway_domain_name
(#12489) - New Data Source:
aws_identitystore_group
(#15322) - New Data Source:
aws_identitystore_user
(#15322) - New Resource:
aws_cloudwatch_composite_alarm
(#15023) - New Resource:
aws_fms_policy
(#9594) - New Resource:
aws_route53_resolver_dnssec_config
(#17012) - New Resource:
aws_sagemaker_domain
(#16077) - New Resource:
aws_ssoadmin_account_assignment
(#15322)
ENHANCEMENTS
- data-source/aws_workspaces_directory: Add access properties (#16688)
- resource/aws_api_gateway_base_path_mapping: Support in-place updates for
api_id
,base_path
, andstage_name
(#16147) - resource/aws_api_gateway_domain_name: Add
mutual_tls_authentication
configuration block (#15258) - resource/aws_api_gateway_integration: Add
tls_config
configuration block (#15499) - resource/aws_api_gateway_method: Add
operation_name
argument (#13282) - resource/aws_api_gateway_rest_api: Add
disable_execute_api_endpoint
argument (#16198) - resource/aws_api_gateway_rest_api: Add
parameters
argument (#7374) - resource/aws_apigatewayv2_integration: Add
response_parameters
attribute (#17043) - resource/aws_codepipeline: Deprecates GitHub v1 (OAuth token) authentication and removes hashing of GitHub token (#16959)
- resource/aws_codepipeline: Adds GitHub v2 (CodeStar Connetion) authentication (#16959)
- resource/aws_dms_endpoint: Add
s3_settings
date_partition_enabled
argument (#16827) - resource/aws_elasticache_cluster: Add support for final snapshot with Redis engine (#15592)
- resource/aws_elasticache_replication_group: Add support for final snapshot (#15592)
- resource/aws_globalaccelerator_accelerator: Add custom timeouts (#17112)
- resource/aws_globalaccelerator_endpoint_group: Add custom timeouts (#17112)
- resource/aws_globalaccelerator_endpoint_listener: Add custom timeouts (#17112)
- resource/aws_instance: Add
tags
parameter toroot_block_device
,ebs_block_device
blocks.(#15474) - resource/aws_workspaces_directory: Add access properties (#16688)
BUG FIXES
- resource/aws_appmesh_route: Allow an empty
match
attribute to specified for agrpc_route
, indicating that any service should be matched (#16867) - resource/aws_db_instance: Correctly validate
final_snapshot_identifier
argument at plan-time (#16885) - resource/aws_dms_endpoint: Support
extra_connection_attributes
for all engine names during create and read (#16827) - resource/aws_instance: Prevent
volume_tags
from improperly interfering withtags
inaws_ebs_volume
(#15474) - resource/aws_networkfirewall_rule_group: Prevent resource recreation due to
stateful_rule
changes after creation (#16884) - resource/aws_route53_zone_association: Prevent deletion errors for missing Hosted Zone or VPC association (#17023)
- resource/aws_sagemaker_image - fix error on wait for delete when image does not exist (#16077)
- resource/aws_s3_bucket_inventory: Prevent crashes with empty
destination
,filter
, andschedule
configuration blocks (#17055) - service/apigateway: All operations will now automatically retry on
ConflictException: Unable to complete operation due to concurrent modification. Please try again later.
errors.
FEATURES
- New Data Source:
aws_ssoadmin_instances
(#15808) - New Data Source:
aws_ssoadmin_permission_set
(#15808) - New Resource:
aws_sagemaker_image
(#16082) - New Resource:
aws_ssoadmin_managed_policy_attachment
(#15808) - New Resource:
aws_ssoadmin_permission_set
(#15808) - New Resource:
aws_ssoadmin_permission_set_inline_policy
(#15808)
ENHANCEMENTS
- data-source/aws_imagebuilder_image_recipe: Add
working_directory
attribute (#16947) - data-source/aws_elasticache_replication_group: Add reader_endpoint_address attribute (#9979)
- resource/aws_elasticache_replication_group: Add reader_endpoint_address attribute (#9979)
- resource/aws_elasticache_replication_group: Allows configuring
replicas_per_node_group
for "Redis (cluster mode disabled)" (#16829) - resource/aws_imagebuilder_image_recipe: Add
working_directory
argument (#16947) - resource/aws_glue_crawler: add support for
lineage_configuration
andrecrawl_policy
(#16714) - resource/aws_glue_crawler: add plan time validations to
name
,description
andtable_prefix
(#16714) - resource/aws_kinesis_stream: Update
retention_period
argument plan-time validation to include up to 8760 hours (#16608) - resource/aws_msk_cluster: Support
PER_TOPIC_PER_PARTITION
value forenhanced_monitoring
argument plan-time validation (#16914) - resource/aws_route53_zone: Add length validations for
delegation_set_id
andname
arguments (#12340) - resource/aws_vpc_endpoint_service: Make
private_dns_name
configurable and addprivate_dns_name_configuration
attribute (#16495)
BUG FIXES
- resource/aws_emr_cluster: Remove from state instead of returning an error on long terminated cluster (#16924)
- resource/aws_glue_catalog_table: Glue table partition keys should be set to empty list instead of being unset (#16727)
- resource/aws_imagebuilder_distribution_configuration: Remove
user_ids
argument maximum limit (#16905) - resource/aws_transfer_user: Update
user_name
argument validation to support 100 characters (#16938)
FEATURES
- New Data Source:
aws_ec2_managed_prefix_list
(#16738) - New Data Source:
aws_lakeformation_data_lake_settings
(#13250) - New Data Source:
aws_lakeformation_permissions
(#13396) - New Data Source:
aws_lakeformation_resource
(#13396) - New Resource:
aws_codestarconnections_connection
(#15990) - New Resource:
aws_ec2_managed_prefix_list
(#14068) - New Resource:
aws_lakeformation_data_lake_settings
(#13250) - New Resource:
aws_lakeformation_permissions
(#13396) - New Resource:
aws_lakeformation_resource
(#13267)
ENHANCEMENTS
- data-source/aws_autoscaling_group: Adds
launch_template
attribute (#16297) - data-source/aws_availability_zone: Add
parent_zone_id
,parent_zone_name
, andzone_type
attributes (additional support for Local and Wavelength Zones) (#16770) - data-source/aws_eip: Add
carrier_ip
attribute (#16724) - data-source/aws_instance: Add
enclave_options
attribute (Nitro Enclaves) (#16361) - data-source/aws_instance: Add
ebs_block_device
androot_block_device
configuration blockthroughput
attribute (#16620) - data-source/aws_launch_configuration: Add
metadata_options
attribute (#14637) - data-source/aws_launch_template: Add
enclave_options
attribute (Nitro Enclaves) (#16361) - data-source/aws_network_interface: Add
association
carrier_ip
andcustomer_owned_ip
attributes (#16723) - resource/aws_autoscaling_group: Adds support for Instance Refresh (#16678)
- resource/aws_eip: Add
carrier_ip
attribute (#16724) - resource/aws_instance: Add
enclave_options
configuration block (Nitro Enclaves) (#16361) - resource/aws_instance: Add
ebs_block_device
androot_block_device
configuration blockthroughput
attribute (#16620) - resource/aws_kinesis_firehose_delivery_stream: Mark
http_endpoint_configuration
access_key
as sensitive (#16684) - resource/aws_launch_configuration: Add
metadata_options
configuration block (#14637) - resource/aws_launch_template: Add
enclave_options
configuration block (Nitro Enclaves) (#16361) - resource/aws_vpn_connection: Add support for VPN tunnel options and enable acceleration, DPDTimeoutAction, StartupAction, local/remote IPv4/IPv6 network CIDR and tunnel inside IP version. (#14740)
BUG FIXES
- data-source/aws_ec2_coip_pools: Ensure all results from large environments are returned (#16669)
- data-source/aws_ec2_local_gateways: Ensure all results from large environments are returned (#16669)
- data-source/aws_ec2_local_gateway_route_tables: Ensure all results from large environments are returned (#16669)
- data-source/aws_ec2_local_gateway_virtual_interface_groups: Ensure all results from large environments are returned (#16669)
- data-source/aws_prefix_list: Using
name
argument no longer overrides other arguments (#16739) - resource/aws_db_instance: Fix missing
db_subnet_group_name
in API request when usingrestore_to_point_in_time
(#16830) - resource/aws_eip_association: Handle eventual consistency when creating resource (#16808)
- resource/aws_main_route_table_association: Prevent crash on creation when VPC main route table association is not found (#16680)
- resource/aws_workspaces_workspace: Prevent panic from terminated WorkSpace (#16692)
NOTES
- resource/aws_imagebuilder_image_recipe: Previously the ordering of
component
configuration blocks was not properly handled by the resource, which could cause unexpected behavior with multiple Components. These configurations may see the ordering difference being fixed after upgrade. (#16566)
FEATURES
ENHANCEMENTS
- data-source/aws_launch_template: Add
associate_carrier_ip_address
attribute tonetwork_interfaces
configuration block (#16707) - data-source/aws_launch_template: Add
throughput
attribute toblock_device_mappings.ebs
configuration block (#16649) - data-source/aws_launch_template: Support
id
as argument (#16457) - resource/aws_appmesh_virtual_node: Add
listener.connection_pool
attribute (#16167) - resource/aws_appmesh_virtual_node: Add
listener.outlier_detection
attribute (#16167) - resource/aws_launch_template: Add
associate_carrier_ip_address
attribute tonetwork_interfaces
configuration block (#16707) - resource/aws_launch_template: Add
throughput
attribute toblock_device_mappings.ebs
configuration block (#16649) - resource/aws_spot_fleet_request: Add
throughput
attribute tolaunch_specification.ebs_block_device
andlaunch_specification.root_block_device
configuration blocks (#16652) - resource/aws_ssm_maintenance_window: Add
schedule_offset
argument (#16569) - resource/aws_workspaces_workspace: Add failed request error code along with message (#16459)
BUG FIXES
- data-source/aws_customer_gateway: Prevent missing
id
attribute when not configured as argument (#16667) - data-source/aws_ec2_transit_gateway: Prevent missing
id
attribute when not configured as argument (#16667) - data-source/aws_ec2_transit_gateway_peering_attachment: Prevent missing
id
attribute when not configured as argument (#16667) - data-source/aws_ec2_transit_gateway_route_table: Prevent missing
id
attribute when not configured as argument (#16667) - data-source/aws_ec2_transit_gateway_vpc_attachment: Prevent missing
id
attribute when not configured as argument (#16667) - data-source/aws_guardduty_detector: Prevent missing
id
attribute when not configured as argument (#16667) - data-source/aws_imagebuilder_image_recipe: Ensure proper ordering of
component
attribute (#16566) - resource/aws_backup_plan: Prevent plan-time validation error for pre-existing resources with
lifecycle
delete_after
and/orcopy_action
lifecycle
delete_after
arguments configured (#16605) - resource/aws_imagebuilder_image_recipe: Ensure proper ordering of
component
configuration blocks (#16566) - resource/aws_workspaces_directory: Fix empty custom_security_group_id & default_ou (#16589)
ENHANCEMENTS
- resource/aws_backup_plan: Add plan-time validation for various arguments (#16476)
- resource/aws_eks_node_group: Make
capacity_type
aComputed
attribute (#16552) - resource/aws_lambda_event_source_mapping: Add support for updating
maximum_batching_window_in_seconds
for SQS queue event sources (#16518) - resource/aws_ssm_maintenance_window_target: Add plan-time validation for
owner_information
andtargets
arguments (#16478) - resource/aws_storagegateway_gateway - add
timeout_in_seconds
,organizational_unit
,domain_controllers
arguments forsmb_active_directory_settings
block. (#16472) - resource/aws_storagegateway_gateway - add
smb_active_directory_settings. active_directory_status
,ec2_instance_id
,endpoint_type
,host_environment
, andgateway_network_interface
attributes. (#16472) - resource/aws_storagegateway_gateway - add plan time validations for
smb_guest_password
,smb_active_directory_settings. username
,smb_active_directory_settings. password
,smb_active_directory_settings. domain_name
,gateway_timezone
, andgateway_name
. (#16472) - resource/aws_storagegateway_gateway - add support for
medium_changer_type
valuemedium_changer_type
. (#16472)
BUG FIXES
- resource/aws_backup_plan: Retry on eventual consistency error during deletion (#16476)
- resource/aws_cloudwatch_event_target: Prevent potential panic and prevent recreation after state upgrade with custom
event_bus_name
value (#16484) - resource/aws_ec2_client_vpn_network_association: Increase associate and disassociate timeouts from 10min to 30min (#16522)
- resource/aws_instance: Automatically retry instance restart on eventual consistency error during
instance_type
in-place update (#16443) - resource/aws_lambda_function: Prevent error during deletion when resource not found (#16183)
- resource/aws_ssm_maintenance_window_target: Remove from state if not found (#16478)
FEATURES
- New Resource:
aws_glue_registry
(#16418)
ENHANCEMENTS
- resource/aws_apigatewayv2_domain_name: Add
mutual_tls_authentication
attribute to support mutual TLS authentication (#15249) - resource/aws_appmesh_virtual_gateway: Add
listener.connection_pool
attribute (#16168) - data-source/aws_eks_cluster: add
kubernetes_network_config
attribute (#15518) - resource/aws_storagegateway_smb_file_share - add support for
notification_policy
andaccess_based_enumeration
. (#16414) - resource/aws_storagegateway_smb_file_share - add plan time validation to
invalid_user_list
andvalid_user_list
. (#16414) - resource/aws_cognito_user_pool: add support for account recovery setting. (#12444)
- resource/aws_eks_cluster: add
kubernetes_network_config
argument (#15518) - resource/aws_eks_node_group: Add
capacity_type
argument and support multipleinstance_types
(Support Spot Node Groups) (#16510) - resource/aws_lambda_function: Add support for Container Images (#16512)
BUG FIXES
- resource/aws_fsx_windows_file_system: Prevent potential panics, unexpected errors, and use correct operation timeout on update (#16488)
FEATURES
- New Data Source:
aws_imagebuilder_image_pipeline
(#16299) - New Data Source:
aws_imagebuilder_image_recipe
(#16218) - New Data Source:
aws_serverlessrepository_application
(#15874) - New Resource:
aws_backup_region_settings
(#16114) - New Resource:
aws_imagebuilder_image_pipeline
(#16299) - New Resource:
aws_imagebuilder_image_recipe
(#16218) - New Resource:
aws_msk_scram_secret_association
(#15302) - New Resource:
aws_networkfirewall_resource_policy
(#16279) - New Resource:
aws_serverlessrepository_stack
(#15874)
ENHANCEMENTS
- data-source/aws_codeartifact_repository_endpoint: Support
nuget
value informat
argument plan-time validation (#16422) - data-source/aws_msk_cluster: Add
bootstrap_brokers_sasl_scram
attribute (#15302) - resource/aws_db_proxy_default_target_group: Make
connection_pool_config
optional (#16303) - resource/aws_kinesisanalyticsv2_application:
runtime_environment
now supportsFLINK-1_11
(#16389) - resource/aws_msk_cluster: Add
bootstrap_brokers_sasl_scram
attribute (#15302) - resource/aws_msk_cluster: Add
client_authentication
sasl
scram
argument (#15302) - resource/aws_networkfirewall_firewall: Add
firewall_status
attribute to expose VPC endpoints (#16399)
BUG FIXES
- data-source/aws_lambda_function: Prevent Lambda
GetFunctionCodeSigningConfig
API call error outside AWS Commercial regions (#16412) - resource/aws_cloudwatch_event_permission: Prevent
arn: invalid prefix
error during read in some environments (#16319) - resource/aws_kinesis_analytics_application: Respect the order of 'record_column' attributes (#16260)
- resource/aws_kinesisanalyticsv2_application: Respect the order of 'record_column' attributes (#16260)
- resource/aws_lambda_function: Prevent Lambda
GetFunctionCodeSigningConfig
API call error outside AWS Commercial regions (#16412) - resource/aws_lb_listener: Mark
port
argument as optional and only defaultprotocol
argument toHTTP
for Application Load Balancers (Support Gateway Load Balancer) (#16306) - resource/aws_securityhub_member: Prevent
invited
attribute updates due to recent API changes (#16404)
FEATURES
- New Data Source:
aws_lambda_code_signing_config
(#16384) - New Data Source:
aws_signer_signing_job
(#16383) - New Data Source:
aws_signer_signing_profile
(#16383) - New Resource:
aws_lambda_code_signing_config
(#16384) - New Resource:
aws_signer_signing_job
(#16383) - New Resource:
aws_signer_signing_profile
(#16383) - New Resource:
aws_signer_signing_profile_permission
(#16383)
ENHANCEMENTS
- data-source/aws_lambda_function: Add
code_signing_config_arn
,signing_profile_version_arn
, andsigning_job_arn
attributes (#16384) - data-source/aws_lambda_layer_version: Add
signing_profile_version_arn
andsigning_job_arn
attributes (#16384) - resource/aws_accessanalyzer_analyzer: Adds plan time validation to
analyzer_name
(#16265) - resource/aws_accessanalyzer_analyzer: Adds plan time validation to
analyzer_name
(#16265) - resource/aws_fsx_windows_file_system: Support updating
throughput_capacity
andstorage_capacity
(#15582) - resource/aws_glue_catalog_table: Add partition index support (#16194)
- resource/aws_lambda_function: Add
code_signing_config_arn
argument andsigning_profile_version_arn
andsigning_job_arn
attributes (#16384) - resource/aws_lambda_layer_version: Add
signing_profile_version_arn
andsigning_job_arn
attributes (#16384) - resource/aws_storagegateway_nfs_file_share: Add support for
notification_policy
. (#16340) - resource/aws_storagegateway_nfs_file_share: Add plan time validation for
client_list
,nfs_file_share_defaults. directory_mode
,nfs_file_share_defaults. file_mode
,nfs_file_share_defaults. group_id
,nfs_file_share_defaults. owner_id
(#16340) - resource/aws_workspaces_directory: Allows assigning IP group (#14451)
BUG FIXES
- resource/aws_fsx_windows_file_system: Update the default creation timeout from 30 to 45 minutes (#16363)
- resource/aws_lb: Fix
enable_cross_zone_load_balancing
argument handling with Gateway Load Balancers (#16314)
- New Data Source:
aws_imagebuilder_component
(#16159) - New Data Source:
aws_imagebuilder_distribution_configuration
(#16180) - New Data Source:
aws_imagebuilder_infrastructure_configuration
(#16186) - New Resource:
aws_api_gateway_rest_api_policy
(#13619) - New Resource:
aws_backup_vault_policy
(#16112) - New Resource:
aws_glue_dev_endpoint
(#7895) - New Resource:
aws_imagebuilder_component
(#16159) - New Resource:
aws_imagebuilder_distribution_configuration
(#16180) - New Resource:
aws_imagebuilder_infrastructure_configuration
(#16186) - New Resource:
aws_networkfirewall_firewall
(#16277) - New Resource:
aws_networkfirewall_firewall_policy
(#16277) - New Resource:
aws_networkfirewall_logging_configuration
(#16277) - New Resource:
aws_networkfirewall_rule_group
(#16277)
ENHANCEMENTS
- resource/aws_globalaccelerator_endpoint_group: Add
arn
andport_override
attributes (#16121) - resource/aws_glue_catalog_table: Add support for
parameters
argument tostorage_descriptor.columns
block (#16052) - resource/aws_glue_catalog_table: Add plan time validation for
description
,name
,partition_keys.name
,partition_keys.comment
,partition_keys.type
,retention
,view_original_text
,view_expanded_text
,storage_descriptor.name
,storage_descriptor.comment
,storage_descriptor.type
,storage_descriptor.bucket_columns
,storage_descriptor.ser_de_info.name
,storage_descriptor.skewed_info.skewed_column_names
,storage_descriptor.sort_columns.column
,storage_descriptor.sort_columns.sort_order
(#16052) - resource/aws_msk_cluster: Support in-place
kafka_version
upgrade (#13654) - resource/aws_storagegateway_smb_file_share: Add
file_share_name
argument (#16008) - resource_aws_storagegateway_nfs_file_share: Add
file_share_name
argument (#16072)
BUG FIXES
- data-source/aws_s3_bucket: Use provider credentials when getting the bucket region (fix AWS China non-ICP S3 Buckets and other restrictive environments) (#15481)
- resource/aws_apigatewayv2_stage: Correctly handle deletion of route_settings (#16133)
- resource/aws_backup_plan -
lifecycle
block incopy_action
is optional (#16116) - resource/aws_eks_fargate_profile: Serialize multiple profile creation and deletion to prevent
ResourceInUseException
errors (#14020) - resource/aws_organizations_organization: Prevent recreation when
feature_set
is updated toALL
(#15473) - resource/aws_s3_bucket: Use provider credentials when getting the bucket region (fix AWS China non-ICP S3 Buckets and other restrictive environments) (#15481)
- resource/aws_s3_bucket_object: Correctly updates
version_id
when certain configuration keys are changed (#14900)
ENHANCEMENTS
- data-source/aws_ec2_transit_gateway_route_table: Add
arn
attribute (#13921) - data-source/aws_ec2_transit_gateway_vpc_attachment: Add
appliance_mode_support
attribute (#16159) - data-source/aws_route_table: Add
route
vpc_endpoint_id
attribute (#16131) - resource/aws_db_instance: Add
restore_to_point_in_time
argument andlatest_restorable_time
attribute (#15969) - resource/aws_default_route_table: Add
route
configuration blockvpc_endpoint_id
argument (#16131) - resource/aws_ec2_transit_gateway: Support in-place updates for most arguments (#15556)
- resource/aws_ec2_transit_gateway_route_table: Add
arn
attribute (#13921) - resource/aws_ec2_transit_gateway_vpc_attachment: Add
appliance_mode_support
argument (#16159) - resource/aws_ec2_transit_gateway_vpc_attachment_accepter: Add
appliance_mode_support
attribute (#16159) - resource/aws_kinesis_firehose_delivery_stream: Add
http_endpoint_configuration
configuration block (#15356) - resource/aws_lb: Support
load_balancer_type
argument value ofgateway
(#16131) - resource/aws_lb_target_group: Support
protocol
argument value ofGENEVE
(#16131) - resource/aws_rds_cluster: Add
restore_to_point_in_time
argument (#7031) - resource/aws_route: Add
vpc_endpoint_id
argument (#16131) - resource/aws_route_table: Add
route
configuration blockvpc_endpoint_id
argument (#16131) - resource/aws_vpc_endpoint: Support
vpc_endpoint_type
argument valueGatewayLoadBalancer
(#16131) - resource/aws_vpc_endpoint_service: Add
gateway_load_balancer_arns
argument (#16131) - resource/aws_workspaces_workspace: Add configurable timeouts (#15479)
BUG FIXES
- data-source/aws_network_interface: Prevent crash with ENI attachments missing DeviceIndex or AttachmentID (#15567)
- resource/aws_cognito_identity_pool: Update
identity_pool_name
argument validation to include additional characters supported by the API (#15773) - resource/aws_db_instance: Ignore
DBInstanceNotFound
error during deletion (#15942) - resource/aws_ecs_service: Properly remove resource from Terraform state with
ClusterNotFoundException
error (#15927) - resource/aws_eip: In EC2-Classic, wait until Instance returns as associated during create or update (#16032)
- resource/aws_eip_association: Retry on additional EC2 Address eventual consistency errors on creation (#16032)
- resource/aws_eip_association: In EC2-Classic, wait until Instance returns as associated during creation (#16032)
- resource/aws_kinesis_analytics_application: Handle IAM role eventual consistency issues (#16125)
- resource/aws_kinesisanalyticsv2_application: Handle IAM role eventual consistency issues (#16125)
- resource/aws_lb_target_group: Allow invalid configurations that were allowed prior to 3.10. (#15613)
- resource/aws_network_interface: Prevent crash with ENI attachments missing DeviceIndex or AttachmentID (#15567)
- resource/aws_s3_bucket: Add plan-time validation to
acl
(#15327) - resource/aws_workspaces_bundle: Fix empty (private) owner (#14535)
BUG FIXES
- resource/aws_cloudwatch_event_target: Prevent regression from version 3.14.0 with
ListTargetsByRuleInput.EventBusName
error (#16075)
FEATURES
- New Data Source:
aws_route53_resolver_endpoint
(#8628) - New Data Source:
aws_sagemaker_prebuilt_ecr_image
(#15924) - New Data Source:
aws_workspaces_workspace
(#14135) - New Resource:
aws_secretsmanager_secret_policy
(#14468)
ENHANCEMENTS
- resource/aws_apigatewayv2_integration:
timeout_milliseconds
has different valid ranges and default values between HTTP and WebSocket APIs.timeout_milliseconds
is nowComputed
, meaning Terraform will only perform drift detection of its value when present in a configuration. (#16017) - resource/aws_cloudwatch_event_permission: Add
event_bus_name
(#15922) - resource/aws_cloudwatch_event_target: Add plan time validation to
arn
,role_arn
,launch_type
,task_definition_arn
(#11685) - resource/aws_cloudwatch_event_target: Add
event_bus_name
(#15799) - resource/aws_codeartifact_domain: add
tags
argument. (#16006) - resource/aws_codeartifact_repository: add
tags
argument. (#16006) - resource/aws_eip: Add
network_border_group
argument (#14028) - resource/aws_glue_catalog_database: add plan time validations for
description
andname
. (#15956) - resource/aws_glue_crawler: Support MongoDB target (#15934)
- resource/aws_glue_trigger: Add plan time validation to
name
(#15793) - resource/aws_glue_trigger: Add
security_configuration
andnotification_property
arguments toactions
block (#15793) - resource/aws_kinesis_analytics_application: Wait for resource deletion. (#16005)
- resource/aws_kinesis_analytics_application:
inputs.parallelism
is a computed attribute. (#16005) - resource/aws_kinesis_analytics_application: Handle
inputs.processing_configuration
addition and deletion. (#16005) - resource/aws_kinesis_analytics_application: Handle
reference_data_sources
deletion. (#16005) - resource/aws_kinesis_analytics_application: Handle
cloudwatch_logging_options
deletion. (#16005) - resource/aws_kinesis_analytics_application: Set the
description
attribute on creation. (#16005) - resource/aws_sagemaker_endpoint_configuration: Add support for
data_capture_config
. (#15887) - resource/aws_sagemaker_endpoint_configuration: Add plan time validation for
production_variants.accelerator_type
,production_variants.instance_type
. (#15887) - resource/aws_sagemaker_model: Add support for
primary_container. image_config
andcontainers.image_config
(#15957) - resource/aws_sagemaker_model: Add plan time validation for
execution_role_arn
(#15957)
BUG FIXES
- resource/aws_datasync_task: Allow
UNAVAILABLE
as pending status during creation (#15949) - resource/aws_glue_classifier: Fix
quote_symbol
being optional (#15948) - resource/aws_lambda_function: Publish version if value of
publish
is only change (#15020) - resource/aws_rds_cluster: Prevent error removing cluster from global cluster when not found (#15938)
- resource/aws_rds_cluster: Prevent recreation when using
snapshot_identifier
andkms_key_id
withoutstorage_encrypted = true
(#15915) - resource/aws_rds_cluster_instance: Add Cluster Identifier to creation error message (#15939)
- resource/aws_rds_global_cluster: Prevent error removing cluster from global cluster when not found (#15938)
NOTES
- data-source/aws_autoscaling_groups: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_caller_identity: The
id
attribute has changed to the ID of the AWS Account. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ebs_snapshot_ids: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ebs_volumes: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_coip_pools: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_instance_type_offerings: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_local_gateway_route_tables: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_local_gateway_virtual_interface_groups: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_local_gateways: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_spot_price: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_efs_access_points: The
id
attribute has changed to the EFS File System identifier. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_glue_script: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_inspector_rules_packages: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_instances: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_kms_ciphertext: The
id
attribute has changed to the KMS Key. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_kms_secrets: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15725) - data-source/aws_network_acls: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_network_interfaces: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_organizations_organizational_units: The
id
attribute has changed to the parent identifier. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_outposts_outposts: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_outposts_sites: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_route_tables: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_route53_resolver_rules: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_s3_bucket_objects: The
id
attribute has changed to the name of the S3 Bucket. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_security_groups: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_vpc_peering_connections: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_vpcs: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896)
FEATURES
- New Resource:
aws_glue_resource_policy
(#10361) - New Resource:
aws_s3control_bucket
(#15510) - New Resource:
aws_s3control_bucket_lifecycle_configuration
(#15604) - New Resource:
aws_s3control_bucket_policy
(#15575) - New Resource:
aws_s3outposts_endpoint
(#15585) - New Resource:
aws_sagemaker_code_repository
(#15809) - New Resource:
aws_storagegateway_tape_pool
(#15370)
ENHANCEMENTS
- resource/aws_cloudwatch_event_rule: Add
event_bus_name
(#15727) - resource/aws_ecs_service: Add
wait_for_steady_state
argument (#3485) - resource/aws_s3_access_point: Support S3 on Outposts (#15621)
- resource/aws_sagemaker_model: Add
container
configuration blockmode
argument (#15371) - resource/aws_sagemaker_notebook_instance: Add support for
additional_code_repositories
(#15830) - resource/aws_sagemaker_notebook_instance: Add
url
andnetwork_interface_id
attributes (#15802)
BUG FIXES
- data-source/aws_autoscaling_groups: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_caller_identity: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_ebs_snapshot_ids: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_ebs_volumes: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_ec2_coip_pools: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_ec2_instance_type_offerings: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_ec2_local_gateway_route_tables: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_ec2_local_gateway_virtual_interface_groups: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_ec2_local_gateways: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_ec2_spot_price: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_efs_access_points: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_glue_script: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_inspector_rules_packages: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_instances: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_kms_ciphertext: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_kms_secrets: Prevent plan differences with the
id
attribute (#15725) - data-source/aws_network_acls: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_network_interfaces: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_organizations_organizational_units: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_outposts_outposts: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_outposts_sites: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_route_tables: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_route53_resolver_rules: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_s3_bucket_objects: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_security_groups: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_vpc_peering_connections: Prevent plan differences with the
id
attribute (#15896) - data-source/aws_vpcs: Prevent plan differences with the
id
attribute (#15896) - resource/aws_apigatewayv2_integration: Correctly handle update of AWS service integrations (#15894)
- resource/aws_api_gateway_usage_plan: Change
api_stages
to from List to Set (#14345) - resource/aws_lambda_function: Update published
version
andqualified_arn
on config changes (#15121) - resource/aws_rds_global_cluster: Prevent recreation when using encrypted
source_db_cluster_identifier
withoutstorage_encrypted
(#15916) - resource/aws_vpc_peering_connection_options: Only modify options that have changed (#12126)
FEATURES
- New Data Source:
aws_rds_certificate
(#15789) - New Resource:
aws_autoscalingplans_scaling_plan
(#8965) - New Resource:
aws_cloudwatch_event_bus
(#10256) - New Resource:
aws_kinesisanalyticsv2_application
(#11652) - New Resource:
aws_storagegateway_stored_iscsi_volume
(#12027)
ENHANCEMENTS
- resource/aws_cloudwatch_event_target: Add validation to
input_transformer.input_paths
map (#15669) - resource/aws_codeartifact_repository - support external connections (#15569)
- resource/aws_fsx_lustre_file_system: Add
copy_tags_to_backups
support (#15687) - resource/aws_fsx_lustre_file_system: Increased maximum
automatic_backup_retention_days
from 35 to 90 (#15641) - resource/aws_fsx_windows_file_system: Increased maximum
automatic_backup_retention_days
from 35 to 90 (#15641) - resource/aws_glue_catalog_table: add validation checks for resource properties (#12523)
- resource/aws_network_interface: Add
ipv6_addresses
andipv6_address_count
arguments (#12281) - resource/aws_sagemaker_notebook_instance:
lifecycle_config_name
androot_access
are updateable. (#15385) - resource/aws_sagemaker_notebook_instance: plan time validation for
role_arn
,instance_type
. (#15385)
BUGFIXES
- resource/aws_workspaces_workspace: Fix terminated state resolution (#15705)
- resource/aws_glue_table_catalog_table: Prevent errors on
unset
ofser_de_info.name
(#15127) - resource/aws_glue_security_configuration: Don't send empty
kms_arn
if mode isDISABLED
(#13618)
FEATURES
- New Data Source:
aws_codeartifact_repository_endpoint
(#15566) - New Resource:
aws_appmesh_gateway_route
(#15638) - New Resource:
aws_appmesh_virtual_gateway
(#15611)
BUG FIXES
- resource/aws_ec2_transit_gateway_route: Prevent plan errors with compressed IPv6 addresses (#14846)
ENHANCEMENTS
- data-source/aws_workspaces_directory: Add workspaces creation properties (#14577)
- resource/aws_backup_plan: Add support for AdvancedBackupSettings (#15341)
- resource/aws_sagemaker_notebook_instance: Add
default_code_repository
attribute (#13772) - resource/aws_sagemaker_notebook_instance: Add
volume_size
attribute (#15521) - resource/aws_workspaces_directory: Add workspaces creation properties (#14577)
FEATURES
- New Data Source:
aws_codeartifact_authorization_token
(#15425) - New Data Source:
aws_ec2_instance_type
(#13124) - New Data Source:
aws_lex_bot_alias
(#8919) - New Data Source:
aws_redshift_orderable_cluster
(#15438) - New Resource:
aws_codeartifact_repository_permissions_policy
(#15562) - New Resource:
aws_lex_bot_alias
(#8919) - New Resource:
aws_s3_bucket_ownership_controls
(#15482)
NOTES
- data-source/aws_acm_certificate: The
id
attribute has changed to the ARN of the ACM Certificate. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_autoscaling_group: The
id
attribute has changed to the name of the Auto Scaling Group. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_availability_zones: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_db_event_categories: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ebs_default_kms_key: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ebs_encryption_by_default: The
id
attribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ec2_instance_type_offering: The
id
attribute has changed to the EC2 Instance Type. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ecr_authorization_token: The
id
attribute has changed to the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ecr_image: The
id
attribute has changed to the SHA256 digest of the ECR Image. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_eks_cluster_auth: The
id
attribute has changed to the name of the EKS Cluster. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_iam_account_alias: The
id
attribute has changed to the AWS Account Alias. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_kms_alias: The
id
attribute has changed to the ARN of the KMS Alias. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_partition: The
id
attribute has changed to the identifier of the AWS Partition. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_regions: The
id
attribute has changed to the identifier of the AWS Partition. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_sns_topic: The
id
attribute has changed to the ARN of the SNS Topic. The first apply of this updated data source may show this difference. (#15399)
ENHANCEMENTS
- data-source/aws_batch_compute_environment: Add
tags
attribute (#15470) - data-source/aws_batch_job_queue: Add
tags
attribute (#15470) - data-source/aws_vpc_endpoint_service: Accept
service_type
as argument (#15467) - resource/aws_appmesh_route: Add
timeout
configuration block togrpc_route
,http_route
,http2_route
andtcp_route
attributes. (#14361) - resource/aws_appmesh_virtual_node: Add
timeout
configuration block tolistener
attribute. (#14361) - resource/aws_batch_compute_environment: Add
tags
argument (#15470) - resource/aws_batch_job_definition: Add
tags
argument (#15470) - resource/aws_batch_job_queue: Add
tags
argument (#15470) - resource/aws_lb_target_group: Add
source_ip
as an option for thestickiness.type
argument. (#15295) - resource/aws_sns_topic_subscription: Create subscriptions with attributes (delivery policy, filter policy, etc.) instead of separate API calls (#10496)
BUG FIXES
- data-source/aws_acm_certificate: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_autoscaling_group: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_availability_zones: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_db_event_categories: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_ebs_default_kms_key: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_ebs_encryption_by_default: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_ec2_instance_type_offering: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_ecr_authorization_token: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_ecr_image: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_eks_cluster_auth: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_iam_account_alias: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_kms_alias: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_partition: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_regions: Prevent plan differences with the
id
attribute (#15399) - data-source/aws_sns_topic: Prevent plan differences with the
id
attribute (#15399) - resource/aws_acm_certificate: Prevent unexpected timeout error on deletion due to API retries (#15522)
- resource/aws_batch_job_definition: Prevent unexpected plan difference for
container_properties
argument value with new secrets support (#15470) - resource/aws_codestarnotifications_notification_rule: Prevent unexpected timeout error during target deletion due to API retries (#15523)
- resource/aws_config_remediation_configuration: Prevent unexpected timeout error on deletion due to API retries (#15524)
- resource/aws_db_proxy: Increase default deletion timeout to 60 minutes (#15537)
- resource/aws_db_proxy_target: Ensure
db_proxy_name
andtarget_group_name
attributes are properly imported (#15537) - resource/aws_ecs_cluster: Prevent IAM Service Linked Role error on first ECS provision (#15457)
- resource/aws_emr_instance_fleet: Prevent error on deletion when EMR Cluster is no longer running (#15548)
- resource/aws_emr_managed_scaling_policy: Ensure
cluster_id
attribute is properly saved during import (#15541) - resource/aws_emr_managed_scaling_policy: Handle additional cases where resource should be removed from Terraform state (#15541)
- resource/aws_gamelift_fleet: Prevent unexpected timeout error on creation due to API retries (#15526)
- resource/aws_glue_workflow: Ensure
max_concurrent_runs
attribute is properly saved during import (#15538) - resource/aws_lex_bot: Prevent unexpected timeout error on creation due to API retries (#15527)
- resource/aws_lex_bot_alias: Prevent unexpected timeout error on creation due to API retries (#15527)
- resource/aws_lex_intent: Prevent unexpected timeout error on creation due to API retries (#15527)
- resource/aws_lex_slot_type: Prevent unexpected timeout error on creation due to API retries (#15527)
- resource/aws_organizations_policy: Prevent errors with imported AWS-managed Organizations policies (#15446)
- resource/aws_s3_bucket: Correctly handle provider-level ignored tag configuration (#12013)
- resource/aws_s3_bucket: Correctly set expiration for lifecycle_rule with abort_incomplete_multipart_upload_days set (#15263)
- resource/aws_s3_bucket_analytics_configuration: Prevent unexpected timeout error on deletion due to API retries (#15529)
- resource/aws_s3_bucket_object: Correctly handle provider-level ignored tag configuration (#12013)
FEATURES
- New Resource:
aws_backup_vault_notifications
(#12501) - New Resource:
aws_codeartifact_domain
(#13743) - New Resource:
aws_codeartifact_domain_permissions
(#13753) - New Resource:
aws_codeartifact_repository
(#14429) - New Resource:
aws_db_proxy_target
(#12784) - New Resource:
aws_glue_data_catalog_encryption_settings
(#14916) - New Resource:
aws_glue_ml_transform
(#14909) - New Resource:
aws_glue_partition
(#12547) - New Resource:
aws_lex_bot
(#8918) - New Resource:
aws_lex_intent
(#8917) - New Data Source:
aws_lex_bot
(#8918) - New Data Source:
aws_lex_intent
(#8917)
ENHANCEMENTS
- resource/aws_appmesh_route: Add
grpc_route
andhttp2_route
attributes to support gRPC and HTTP/2 services (#11669) - resource/aws_appmesh_route: Add
retry_policy
attribute to support App Mesh retry policies (#11660) - resource/aws_appmesh_virtual_node: Add
grpc
andhttp2
as valid values for theprotocol
attribute (#11669) - resource/aws_appmesh_virtual_node: Add
spec.backend_defaults
,spec.backend.virtual_service.client_policy
andspec.listener.tls
attributes to support TLS in transit encryption (#12541) - resource/aws_appmesh_virtual_router: Add
grpc
andhttp2
as valid values for theprotocol
attribute (#11669) - resource/aws_fsx_lustre_file_system: Add
auto_import_policy
argument (#15231) - resource/aws_fsx_lustre_file_system: Support
daily_automatic_backup_start_time
(#15299) - resource/aws_fsx_lustre_file_system: Add
storage_type
anddrive_cache_type
(#14727) - resource/aws_glue_crawler: Add
connection_name
field tos3_target
block (#15350) - resource/aws_sagemaker_notebook_instance: Ability to configure root access for Sagemaker notebook instances (#14184)
BUG FIXES
- data-source/aws_s3_bucket_object: Prevent crash when S3 HeadObject returns empty response (#14154)
- resource/aws_db_instance: Prevent ordering differences with
enabled_cloudwatch_logs_exports
argument (#15404) - resource/aws_ec2_client_vpn_authorization_rule: Increased active and revoked timeouts from 5 to 10 minutes (#15367)
- resource/aws_rds_cluster: Prevent ordering differences with
enabled_cloudwatch_logs_exports
argument (#15404) - resource/aws_redshift_cluster: Increase default update timeout to 75 minutes (#15339)
FEATURES
- New Resource:
aws_datasync_location_fsx_windows
(#12686) - New Resource:
aws_route53_resolver_query_log_config
. (#14897) - New Resource:
aws_route53_resolver_query_log_config_association
. (#14901) - New Data Source:
aws_rds_engine_version
(#15228) - New Data Source:
aws_docdb_engine_version
(#15253) - New Data Source:
aws_neptune_engine_version
(#15259) - New Data Source:
aws_workspaces_image
(#11428)
ENHANCEMENTS
- data-source/aws_lb: Add
customer_owned_ipv4_pool
andsubnet_mapping
outpost_id
attributes (#15170) - resource/aws_apigatewayv2_api: Add
disable_execute_api_endpoint
attribute (#15250) - resource/aws_apigatewayv2_authorizer: Add
authorizer_payload_format_version
,authorizer_result_ttl_in_seconds
andenable_simple_responses
attribute to support Lambda authorizers for HTTP APIs (#15232) - resource/aws_apigatewayv2_authorizer: Change
identity_sources
to an optional attribute (#15232) - resource/aws_appmesh_mesh: Add
mesh_owner
andresource_owner
attributes (#14349) - resource/aws_appmesh_route: Add
mesh_owner
argument andresource_owner
attribute (#14349) - resource/aws_appmesh_virtual_node: Add
mesh_owner
argument andresource_owner
attribute (#14349) - resource/aws_appmesh_virtual_router: Add
mesh_owner
argument andresource_owner
attribute (#14349) - resource/aws_appmesh_virtual_service: Add
mesh_owner
argument andresource_owner
attribute (#14349) - resource/aws_elasticsearch_domain: Support
AUDIT_LOGS
log type (#15218) - resource/aws_glue_connection: Support
NETWORK
connection type (#14818) - resource/aws_glue_crawler: Add support for
scan_all
andscan_rate
arguments for ddb targets (#14819) - resource/aws_glue_crawler: Allow removing
table_prefix
(#15268) - resource/aws_glue_job: Add
non_overridable_arguments
argument (#14793) - resource/aws_glue_workflow: Add
tags
argument (#14910) - resource/aws_glue_workflow: Add
arn
attribute (#14910) - resource/aws_glue_workflow: Add
max_concurrent_runs
argument (#14910) - resource/aws_glue_workflow: Plan time validation for
name
(#14910) - resource/aws_fsx_lustre_file_system: Add support for backup retention (#14446)
- resource/aws_fsx_lustre_file_system: Add
kms_key_id
argument (#15057) - resource/aws_fsx_lustre_file_system: Add
mount_name
argument (#14313) - resource/aws_lb: Add
customer_owned_ipv4_pool
argument andsubnet_mapping
outpost_id
attribute (#15170) - resource/aws_organizations_policy: Add
tags
argument (#15316) - resource/aws_rds_cluster: Add
allow_major_version_upgrade
argument (#14709) - resource/aws_storagegateway_smb_file_share: Add
admin_user_list
argument (#12196) - resource/aws_transfer_server: Support
VPC
value forendpoint_type
argument and addendpoint_details
configuration blockaddress_allocation_ids
,subnet_ids
, andvpc_id
arguments (#12599) - resource/aws_transfer_user: Add
home_directory_mappings
configuration blocks andhome_directory_type
argument (#13591)
BUG FIXES
- resource/aws_dynamodb_table: Ensure changes in
name
,range_key
,projection_type
, ornon_key_attributes
of alocal_secondary_index
configuration block force resource recreation (#12335) - resource/aws_dynamodb_table: Ensure
local_secondary_index
non_key_attributes
are sent through API requests on resource creation (#15115) - resource/aws_efs_mount_target: Increase create timeout to 30 minutes (#15293)
- resource/aws_fsx_lustre_file_system: Change
aws_fsx_lustre_file_system's
'snetwork_interface_ids
toTypeList
to preserve ordering. (#14314) - resource/aws_neptune_cluster_instance: Add
configuring-enhanced-monitoring
to expected states when creating and updating (#15284) - resource/aws_vpn_gateway: Increase VPC detachment timeout to 30 minutes (#15201)
- resource/aws_vpn_gateway_attachment: Increase VPC detachment timeout to 30 minutes (#15201)
FEATURES
- New Resource:
aws_config_remediation_configuration
(#13884)
ENHANCEMENTS
- resource/aws_db_cluster_snapshot: Add plan-time validation for
db_cluster_snapshot_identifier
argument (#15132) - resource/aws_kinesis_firehose_delivery_stream: Add
server_side_encryption
key_arn
andkey_type
arguments (support KMS Customer Managed Key encryption) (#11954)
BUG FIXES
- data-source/aws_kms_secrets: Prevent
plaintext
values to appear in CLI output with Terraform 0.13 (#15169) - resource/aws_acm_certificate: Prevent tagging is not permitted on re-import error (#15060)
- resource/aws_cognito_identity_pool: Prevent ordering differences for
openid_connect_provider_arns
argument (#15178)
FEATURES
- New Resource:
aws_db_proxy_default_target_group
(#12743)
BUG FIXES
- resource/aws_ec2_client_vpn_authorization_rule: Increase active and revoked timeouts from 1 to 5 minutes (#15037)
FEATURES
- New Data Source:
aws_docdb_orderable_db_instance
(#14931) - New Data Source:
aws_lex_slot_type
(#8916) - New Data Source:
aws_neptune_orderable_db_instance
(#14953) - New Data Source:
aws_rds_orderable_db_instance
(#14834) - New Data Source:
aws_vpc_peering_connections
(#9491) - New Resource:
aws_codebuild_report_group
(#12573) - New Resource:
aws_db_proxy
(#12704) - New Resource:
aws_emr_instance_fleet
(#14813) - New Resource:
aws_glue_user_defined_function
(#12537) - New Resource:
aws_guardduty_filter
(#14876) - New Resource:
aws_lex_slot_type
(#8916)
ENHANCEMENTS
- data-source/aws_cur_report_definition: Add
refresh_closed_reports
andreport_versioning
attributes (#12428) - data-source/aws_outposts_outpost: Add
arn
argument (#14967) - data-source/aws_route: Add
local_gateway_id
attribute (#14864) - data-source/aws_route_table: Add
route
local_gateway_id
attribute (#14864) - resource/aws_acm_certificate: Provide additional plan-time validation for
subject_alternative_names
argument values (#14782) - resource/aws_ami: Support
io2
value forvolume_type
argument plan-time validation (#14906) - resource/aws_autoscaling_group: Support provider-level
ignore_tags
configuration (#13868) - resource/aws_cloudtrail: Add
insight_selector
configuration block (#12390) - resource/aws_cur_report_definition: Add
refresh_closed_reports
andreport_versioning
arguments (#12428) - resource/aws_cur_report_definition: Support
ATHENA
value inadditional_artifacts
argument plan-time validation (#12428) - resource/aws_cur_report_definition: Support
Parquet
value incompression
andformat
argument plan-time validations (#12428) - resource/aws_cur_report_definition: Support
MONTHLY
value intime_unit
argument plan-time validation (#12428) - resource/aws_ebs_volume: Support io2 type (#14894)
- resource/aws_ec2_client_vpn_endpoint: Support
authentication_options
type
argumentfederated-authentication
value and newsaml_provider_arn
argument (#14171) - resource/aws_emr_cluster: Add
core_instance_fleet
andmaster_instance_fleet
configuration blocks (#14788) - resource/aws_instance: Support
io2
value forvolume_type
argument plan-time validation (#14906) - resource/aws_kinesis_firehose_delivery_stream: Add
elasticsearch_configuration
vpc_config
configuration block (#13269) - resource/aws_kinesis_firehose_delivery_stream: Add
elasticsearch_configuration
cluster_endpoint
argument (#12484) - resource/aws_kinesis_firehose_delivery_stream: Add various plan-time validations for arguments (#12484)
- resource/aws_launch_template: Support
io2
value forvolume_type
argument plan-time validation (#14906) - resource/aws_msk_configuration: Support resource in-place updates and deletion (#14826)
- resource/aws_route: Add
local_gateway_id
argument (#14864) - resource/aws_route_table: Add
route
local_gateway_id
argument (#14864) - resource/aws_spot_fleet_request: Support
io2
value forvolume_type
argument plan-time validation (#14906) - resource/aws_wafv2_rule_group: Add
ip_set_forwarded_ip_config
configuration block toip_set_reference_statement
(#14902) - resource/aws_wafv2_web_acl: Add
ip_set_forwarded_ip_config
configuration block toip_set_reference_statement
(#14902)
BUG FIXES
- resource/aws_autoscaling_group: Prevent unnecessary tag removal and recreation within tag updates (#13868)
- resource/aws_cloudfront_distribution: Prevent panic with missing
ForwardedValues
(#14993) - resource/aws_dynamodb_table: Properly update
global_secondary_index
non_key_attributes
values (#9988) - resource/aws_emr_cluster: Prevent recreation when
ebs_config.volumes_per_instance
is greater than 1 (#14858) - resource/aws_lambda_function_event_invoke_config: Prevent unexpected format of function resource error (#14851)
- resource/aws_lightsail_instance: Prevent panic with key-only tags (#13868)
- resource/aws_mq_configuration: Prevent additional revision creation with
tags
only updates (#14850) - resource/aws_opsworks_stack: Suppress equivalent
custom_json
differences (#14886) - resource/aws_rds_cluster_endpoint: Increase creation timeout to 30 minutes (#14862)
- resource/aws_route53_resolver_rule: Correct handling for single period (
.
) value indomain_name
argument (#15015) - resource/aws_route53_zone_association: Correctly handle zones with over 100 VPC associations (#14885)
- resource/aws_waf_rate_based_rule: Properly update
rate_limit
value (#14964) - resource/aws_workspaces_workspace: Prevent error when
workspace_properties
running_mode
is set toALWAYS_ON
(#13976)
FEATURES
- New Data Source:
aws_db_subnet_group
(#9525) - New Resource:
aws_emr_managed_scaling_policy
(#13965) - New Resource:
aws_guardduty_publishing_destination
(#13894) - New Resource:
aws_securityhub_action_target
(#10493) - New Resource:
aws_xray_encryption_config
(#13600) - New Resource:
aws_xray_group
(#13597)
ENHANCEMENTS
- resource/aws_apigatewayv2_integration: Add
integration_subtype
argument (Support AWS service integrations for HTTP APIs) (#14860) - resource/aws_elasticache_replication_group: Add plan-time validation for
notification_topic_arn
andsnapshot_arns
arguments (#12974) - resource/aws_globalaccelerator_endpoint_group: Add
client_ip_preservation_enabled
argument to theendpoint_configuration
configuration block (#14486) - resource/aws_storagegateway_cached_iscsi_volume: Add
kms_encrypted
andkms_key
arguments (#12066) - resource/aws_storagegateway_gateway: Add
smb_security_strategy
argument (#13563) - resource/aws_storagegateway_gateway: Add plan-time validation for
gateway_ip_address
argument (#13563) - resource/aws_storagegateway_gateway: Add
average_download_rate_limit_in_bits_per_sec
andaverage_upload_rate_limit_in_bits_per_sec
arguments (#13568) - resource/aws_storagegateway_nfs_file_share: Add
cache_attributes
configuration block (#14759) - resource/aws_storagegateway_nfs_file_share: Support
S3_INTELLIGENT_TIERING
value indefault_storage_class
argument plan-time validation (#14759) - resource/aws_storagegateway_smb_file_share: Add
cache_attributes
configuration block andcase_sensitivity
argument (#14790) - resource/aws_storagegateway_smb_file_share: Support
S3_INTELLIGENT_TIERING
value indefault_storage_class
argument plan-time validation (#14790) - resource/aws_xray_sampling_rule: Add
tags
argument (#14831)
BUG FIXES
- resource/aws_acmpca_certificate_authority: Ensure
DELETED
status triggers state removal (#13684) - resource/aws_appmesh_virtual_node: Prevent panics with empty
backend
configuration blocks (#14074) - resource/aws_cloudfront_distribution: Preview panics during resource import with empty
forwarded_values.query_string
(#14844) - resource/aws_elasticache_replication_group: Ensure
tags
are stored in Terraform state and properly updated (#12974) - resource/aws_emr_instance_group: Increase creation and update timeout to 30 minutes (#13077] / [#14106)
- resource/aws_globalaccelerator_accelerator: Increase creation timeout to 10 minutes (#14486)
- resource/aws_globalaccelerator_endpoint_group: Prevent differences with
health_check_path
defaults (#14486) - resource/aws_glue_crawler: Properly update
schedule
value (#14792)
ENHANCEMENTS
- data-source/aws_lambda_layer_version: Support
java8.al2
andprovided.al2
inruntime
argument plan-time validation (#14663) - provider: Support for appending information to User-Agent request headers with the
TF_APPEND_USER_AGENT
environment variable (#14555) - resource/aws_apigatewayv2_api: Add
body
argument (#12567) - resource/aws_customer_gateway: Support tag on create (#14501)
- resource/aws_dms_replication_instance: Add
allow_major_version_upgrade
argument (#14550) - resource/aws_ec2_client_vpn_network_association: Allow specifying custom security groups (#14146)
- resource/aws_ec2_client_vpn_network_association: Support resource import (#14146)
- resource/aws_egress_only_intrenet_gateway:-Ssupport tag on create (#14501)
- resource/aws_eks_node_group: Support
AL2_ARM_64
value forami_type
argument plan-time validation (#14729) - resource/aws_eks_node_group: Add
launch_template
configuration block (#14639) - resource/aws_internet_gateway: Support tag on create (#14501)
- resource/aws_lambda_function: Support
java8.al2
andprovided.al2
inruntime
argument plan-time validation (#14663) - resource/aws_lambda_layer_version: Support
java8.al2
andprovided.al2
incompatible_runtimes
argument plan-time validation (#14663) - resource/aws_launch_template: Support
elastic-gpu
andspot-instances-request
intag_specifications
resource_type
argument plan-time validation (#14662) - resource/aws_network_acl: Support tag on create (#14501)
- resource/aws_network_interface: Support tag on create (#14501)
- resource/aws_route_table: Support tag on create (#14501)
- resource/aws_security_group: Support tag on create (#14501)
- resource/aws_spot_instance_request: Support tag on create (#14501)
- resource/aws_storagegatway_smb_file_share: Add
audit_destination_arn
andsmb_acl_enabled
arguments (#13572) - resource/aws_subnet: Support tag on create (#14501)
- resource/aws_subnet: Add plan-time validation to
ipv6_cidr_block
argument (#12303) - resource/aws_vpc_dhcp_options: Support tag on create (#14501)
- resource/aws_vpc_peering_connection: Support tag on create (#14501)
- resource/aws_vpn_connection: Support tag on create (#14501)
- resource/aws_vpn_gateway: Support tag on create (#14501)
- resource/aws_wafv2_rule_group: Add
forwarded_ip_config
configuration block togeo_match_statement
(#14685) - resource/aws_wafv2_web_acl: Add
forwarded_ip_config
configuration block torate_based_statement
andgeo_match_statement
(#14685) - resource/aws_wafv2_web_acl: Support
FORWARDED_IP
value forrate_based_statement
aggregate_key_type
argument plan-time validation (#14685)
BUG FIXES
- resource/aws_api_gateway_vpc_link: Increase create, update, and delete timeouts to 20 minutes (#10407)
- resource/aws_apigatewayv2_stage: Set
execution_arn
attribute for HTTP APIs (#14638) - resource/aws_db_parameter_group: Restore ability to update
parameter
configuration values (#12112) - resource/aws_user_pool_domain: Ensure state removal when deleted outside Terraform (#14732)
- resource/aws_rds_cluster_parameter_group: Restore ability to update
parameter
configuration values (#12112) - resource/aws_ssm_parameter: Handle retries after creation for asynchronous
data_type
validation process (#14514) - resource/aws_storagegateway_nfs_file_share: Skip
UpdateSMBFileShare
API call when onlytags
change and remove extraneousListTagsForResource
API call during read (#13590) - resource/aws_subnet: Ensure
ipv6_cidr_block
argument performs removal when removed from configuration (#12303)
ENHANCEMENTS
- data-source/aws_launch_configuration: Add
ebs_block_device
no_device
attribute (#14583) - data-source/aws_lb: Add
subnet_mapping
private_ipv4_address
attribute (#14545) - provider: Upgrade to Terraform Plugin SDK V2. There should be no breaking changes from a practitioner's perspective. Some validation errors should now feature enhanced messaging. (#14432)
- resource/aws_accessanalyzer_analyzer: Support
ORGANIZATION
value intype
argument (#14493) - resource/aws_codebuild_project: Support
WINDOWS_SERVER_2019_CONTAINER
value inenvironment
type
argument plan-time validation (#14532) - resource/aws_organizations_organization: Support
AISERVICES_OPT_OUT_POLICY
value inenabled_policy_types
argument plan-time validation (Support AI Opt Out policies) (#14650) - resource/aws_organizations_policy: Support
AISERVICES_OPT_OUT_POLICY
value intype
argument plan-time validation (Support AI Opt Out policies) (#14528) - resource/aws_route53_health_check: Add
disabled
argument (#14614)
BUG FIXES
- data-source/aws_launch_template: Prevent type error with
network_interfaces
delete_on_termination
attribute (#14599) - resource/aws_acm_certificate_validation: Prevent panic with missing
DomainValidationOptions
ResourceRecord
attribute in API response [#14590] - resource/aws_ecr_repository: Prevent panic with missing
EncryptionConfiguration
attribute in API response (#14584) - resource/aws_wafv2_rule_group: Prevent unnecessary resource recreation with
rule
updates (#14617) - resource/aws_wafv2_web_acl: Prevent unnecessary resource recreation with
rule
updates (#14616)
NOTES:
- resource/aws_route53_zone_association: The addition of cross-account zone association support required the use of new
ListHostedZonesByVPC
API call and adding the VPC Region to the resource ID for new resources. Restrictive IAM permissions for Terraform and cross-region imports may require updates. (#14215)
FEATURES
- New Data Source:
aws_ec2_spot_price
(#12504) - New Resource:
aws_route53_vpc_association_authorization
(#14215)
ENHANCEMENTS
- data-source/aws_ecr_repository: Allow
registry_id
as an argument (#14368) - data-source/aws_ecr_repository: Add
image_scanning_configuration
andimage_tag_mutability
attributes (#14368) - data-source/aws_ecr_repository: Add
encryption_configuration
attribute (#14520) - resource/aws_api_gateway_method_settings: Plan-time validation added to
settings
unauthorized_cache_control_header_strategy
andlogging_level
arguments (#12651) - resource/aws_ecr_repository: Add
encryption_configuration
attribute (#14520) - resource/aws_lb: Add
subnet_mapping
configuration blockprivate_ipv4_address
argument (#11404) - resource/aws_rds_global_cluster: Add
force_destroy
andsource_db_cluster_identifier
arguments (#14487) - resource/aws_rds_global_cluster: Add
global_cluster_members
attribute (#14487) - resource/aws_route53_zone_association: Cross-account zone associations can now be created in conjunction with the new
aws_route53_vpc_association_authorization
resource (#14215) - resource/aws_ssm_parameter: Add
data_type
argument (supportaws:ec2:image
parameters) (#13326)
BUG FIXES
- data-source/aws_availability_zones: Prevent unexpected plan output every apply with
group_names
attribute (#14412) - data-source/aws_s3_bucket: Ensure provider
s3_force_path_style
configuration is passed through for getting S3 Bucket location with non-AWS implementations (#14481) - resource/aws_api_gateway_method_settings: Allow
settings
cache_ttl_in_seconds
argument to be set to 0 (#12651) - resource/aws_elastictranscoder_preset: Prevent empty configuration block panics (#14092)
- resource/aws_lambda_event_source_mapping: Allow
maximum_retry_attempts
argument to be set to 0 (#12479) - resource/aws_rds_cluster: Add an
InvalidDBClusterStateFault
retryable error condition for clusters part of a global cluster (#14420) - resource/aws_rds_cluster: Increase retry timeout for deletion to 2 minutes (#14420)
- resource/aws_rds_cluster: Prevent error when both
global_cluster_identifier
andreplication_source_identifier
are configured on creation (#14490) - resource/aws_s3_bucket: Ensure provider
s3_force_path_style
configuration is passed through for getting S3 Bucket location with non-AWS implementations (#14481) - resource/aws_secretsmanager_secret: Allow retries for IAM eventual consistency errors (#14459)
- resource/aws_security_group: Ensure
name_prefix
argument with hex digitsa
throughf
is properly imported (#14475) - resource/aws_spot_fleet_request: Allow
target_capacity
argument to be updated to 0 (#12759) - resource/aws_spot_fleet_request: Wait for modify operation completion (default timeout of 10 minutes) (#12759)
- resource/aws_vpc_dhcp_options_association: Properly trigger resource recreation when VPC is deleted outside Terraform (#14367)
NOTES:
- provider: This version is built using Go 1.14.5, including security fixes to the crypto/x509 and net/http packages.
BREAKING CHANGES
- provider: New versions of the provider can only be automatically installed on Terraform 0.12 and later (#14143)
- provider: All "removed" attributes are cut, using them would result in a Terraform Core level error (#14001)
- provider: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) to static, environment, shared credentials, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) (#14077)
- provider: The
AWS_METADATA_TIMEOUT
environment variable no longer has any effect as we now depend on the default AWS Go SDK EC2 Metadata client timeout of one second with two retries (#14077) - provider: Remove deprecated
kinesis_analytics
andr53
custom service endpoint arguments (#14238) - data-source/aws_availability_zones: Remove deprecated
blacklisted_names
andblacklisted_zone_ids
arguments (#14134) - data-source/aws_directory_service_directory: Return an error when a single result is not found (#14006)
- data-source/aws_ecr_repository: Return an error when a single result is not found (#10520)
- data-source/aws_efs_file_system: Return an error when a single result is not found (#14005)
- data-source/aws_launch_template: Return an error when a single result is not found (#10521)
- data-source/aws_route53_resolver_rule: Trailing period removed from
domain_name
argument set in data-source (#14220) - data-source/aws_route53_zone: Trailing period removed from
name
argument set in data-source (#14220) - resource/aws_acm_certificate:
certificate_body
,certificate_chain
, andprivate_key
attributes are no longer stored in the Terraform state with hash values (#9685) - resource/aws_acm_certificate:
domain_validation_options
attribute changed from list to set (#14199) - resource/aws_acm_certificate: Plan-time validation added to
domain_name
andsubject_alternative_names
arguments to prevent usage of strings with trailing periods (#14220) - resource/aws_api_gateway_method_settings: Remove
Computed
property fromthrottling_burst_limit
andthrottling_rate_limit
arguments, enabling drift detection (#14266) - resource/aws_api_gateway_method_settings: Update
throttling_burst_limit
andthrottling_rate_limit
argument defaults to match API default of-1
to keep throttling disabled (#14266) - resource/aws_autoscaling_group:
availability_zones
andvpc_zone_identifier
argument conflict now reported at plan-time (#12927) - resource/aws_autoscaling_group: Remove
Computed
property fromload_balancers
andtarget_group_arns
arguments, enabling drift detection (#14064) - resource/aws_cloudfront_distribution:
active_trusted_signers
argument renamed totrusted_signers
to support accessingitems
in Terraform 0.12 (#14339) - resource/aws_cloudwatch_log_group: Automatically trim
:*
suffix fromarn
attribute (#14214) - resource/aws_codepipeline: Removes
GITHUB_TOKEN
environment variable (#14175) - resource/aws_cognito_user_pool: Remove deprecated
admin_create_user_config
configuration blockunused_account_validity_days
argument (#14294) - resource/aws_dx_gateway: Remove automatic
aws_dx_gateway_association
resource import (#14124) - resource/aws_dx_gateway_association: Remove deprecated
vpn_gateway_id
argument (#14144) - resource/aws_dx_gateway_association_proposal: Remove deprecated
vpn_gateway_id
argument (#14144) - resource/aws_ebs_volume: Return an error when
iops
argument set to a value greater than 0 for volume types other thanio1
(#14310) - resource/aws_elastic_transcoder_preset: Remove
video
configuration blockmax_frame_rate
argument default value (#7141) - resource/aws_emr_cluster: Remove deprecated
instance_group
configuration block,core_instance_count
,core_instance_type
, andmaster_instance_type
arguments (#14137) - resource/aws_glue_job: Remove deprecated
allocated_capacity
argument (#14296) - resource/aws_iam_access_key: Remove deprecated
ses_smtp_password
attribute (#14299) - resource/aws_iam_instance_profile: Remove deprecated
roles
argument (#14303) - resource/aws_iam_server_certificate: Remove state hashing from
certificate_body
,certificate_chain
, andprivate_key
arguments for new or recreated resources (#14187) - resource/aws_instance: Return an error when
ebs_block_device
iops
orroot_block_device
iops
argument set to a value greater than0
for volume types other thanio1
(#14310) - resource/aws_lambda_alias: Resource import no longer converts Lambda Function name to ARN (#12876)
- resource/aws_launch_template:
network_interfaces
delete_on_termination
argument changed frombool
tostring
type (#8612) - resource/aws_lb_listener_rule: Remove deprecated
condition
configuration blockfield
andvalues
arguments (#14309) - resource/aws_msk_cluster: Update
encryption_info
encryption_in_transit
client_broker
argument default to match API default ofTLS
(#14132) - resource/aws_rds_cluster: Update
scaling_configuration
min_capacity
argument default to match API default of1
(#14268) - resource/aws_route53_resolver_rule: Trailing period removed from
domain_name
argument set in resource (#14220) - resource/aws_route53_zone: Trailing period removed from
name
argument set in resource (#14220) - resource/aws_s3_bucket: Remove automatic
aws_s3_bucket_policy
resource import (#14121) - resource/aws_s3_bucket: Convert
region
to read-only attribute (#14127) - resource/aws_s3_bucket_metric: Update
filter
argument to require at least one of theprefix
ortags
nested arguments (#14230) - resource/aws_security_group: Remove automatic
aws_security_group_rule
resource import (#12616) - resource/aws_ses_domain_identity: Plan-time validation added to
domain
argument to prevent usage of strings with trailing periods (#14220) - resource/aws_ses_domain_identity_verification: Plan-time validation added to
domain
argument to prevent usage of strings with trailing periods (#14220) - resource/aws_sns_platform_application:
platform_credential
andplatform_principal
attributes are no longer stored in the Terraform state with hash values (#3894) - resource/aws_spot_fleet_request: Remove 24 hour default for
valid_until
argument (#9718) - resource/aws_ssm_maintenance_window_task: Remove deprecated
logging_info
andtask_parameters
configuration blocks (#14311)
FEATURES
- New Data Source: aws_workspaces_directory (#13529)
ENHANCEMENTS
- provider: Always enable shared configuration file support (no longer require
AWS_SDK_LOAD_CONFIG
environment variable) (#14077) - provider: Add
assume_role
configuration blockduration_seconds
,policy_arns
,tags
, andtransitive_tag_keys
arguments (#14077) - data-source/aws_instance: Add
secondary_private_ips
attribute (#14079) - data-source/aws_s3_bucket: Replace
GetBucketLocation
API call with custom HTTP call for FIPS endpoint support (#14221) - resource/aws_acm_certificate: Enable
domain_validation_options
usage in downstream resourcecount
andfor_each
references (#14199) - resource/aws_api_gateway_authorizer: Add plan-time validation to
authorizer_credentials
argument (#12643) - resource/aws_api_gateway_method_settings: Add import support (#14266)
- resource/aws_apigatewayv2_integration: Add
request_parameters
attribute (#14080) - resource/aws_apigatewayv2_integration: Add
tls_config
attribute (#13013) - resource/aws_apigatewayv2_route: Support for updating route key (#13833)
- resource/aws_apigatewayv2_stage: Make
deployment_id
aComputed
attribute (#13644) - resource/aws_fsx_lustre_file_system: Add
deployment_type
andper_unit_storage_throughput
attributes (#13639) - resource_aws_fsx_windows_file_system - add
storage_type
argument. (#14316) - resource_aws_fsx_windows_file_system: add support for multi-az (#12676)
- resource_aws_fsx_windows_file_system: add
SINGLE_AZ_2
deployment type (#12676) - resource_aws_fsx_windows_file_system: adds
preferred_file_server_ip
,remote_administration_endpoint
attributes (#12676) - resource/aws_instance: Add
secondary_private_ips
argument (conflicts withnetwork_interface
configuration block) (#14079)
BUG FIXES
- provider: Ensure nil is not passed to RetryError helpers, may result in some bug fixes (#14104)
- provider: Ensure configured STS endpoint is used during
AssumeRole
API calls (#14077) - provider: Prefer AWS shared configuration over EC2 metadata credentials by default (#14077)
- provider: Prefer CodeBuild, ECS, EKS credentials over EC2 metadata credentials by default (#14077)
- data-source/aws_lb:
enable_http2
now properly set (#14167) - resource/aws_acm_certificate: Prevent unexpected ordering differences with
domain_validation_options
attribute (#14199) - resource/aws_api_gateway_authorizer: Allow
authorizer_result_ttl_in_seconds
to be set to 0 (#12643) - resource/aws_apigatewayv2_integration: Correctly handle the
integration_method
attribute for AWS Lambda integrations(#13266) - resource/aws_apigatewayv2_integration: Correctly handle the
passthrough_behavior
attribute for HTTP APIs (#13062) - resource/aws_apigatewayv2_stage: Correctly handle
default_route_setting
androute_setting
data_trace_enabled
andlogging_level
for HTTP APIs.logging_level
is nowComputed
, meaning Terraform will only perform drift detection of its value when present in a configuration. (#13809) - resource/aws_appautoscaling_target: Only retry
DeregisterScalableTarget
retries on all errors on deletion (#14259) - resource/aws_dx_gateway_association: Increase default create/update/delete timeouts to 30 minutes (#14144)
- resource/aws_codepipeline: Only retry
CreatePipeline
errors for IAM eventual consistency errors (#14264) - resource/aws_elasticsearch_domain: Update method to properly set
advanced_security_options
(#14167) - resource/aws_lambda_function: Increase IAM retry timeout for creation to standard 2 minute timeout (#14291)
- resource/aws_lb_cookie_stickiness_policy:
lb_port
now properly set (#14167) - resource/aws_network_acl_rule: Immediately return
DescribeNetworkAcls
errors on creation (#14261) - resource/aws_s3_bucket: Replace
GetBucketLocation
API call with custom HTTP call for FIPS endpoint support (#14221) - resource/aws_sns_topic_subscription: Immediately return
ListSubscriptionsByTopic
errors (#14262) - resource/aws_spot_fleet_request: Only retry
RequestSpotFleet
on IAM eventual consistency errors and use standard 2 minute timeout (#14265) - resource/aws_spot_instance_request:
primary_network_interface_id
now properly set (#14167) - resource/aws_ssm_activation: Only retry
CreateActivation
on IAM eventual consistency errors and use standard 2 minute timeout (#14263) - resource/aws_ssm_association:
parameters
now properly set (#14167)
For information on prior major releases, see their changelogs: