v5.59.0

FEATURES:

• resource/aws_kinesis_firehose_delivery_stream: Add secrets_manager_configuration to redshift_configuration, snowflake_configuration, and splunk_configuration (#38151)
• New Data Source: aws_cloudfront_origin_access_control (#36301)
• New Data Source: aws_timestreamwrite_database (#36368)
• New Data Source: aws_timestreamwrite_table (#36599)
• New Resource: aws_datazone_project (#38345)
• New Resource: aws_grafana_workspace_service_account (#38101)
• New Resource: aws_grafana_workspace_service_account_token (#38101)
• New Resource: aws_rds_certificate (#35003)
• New Resource: aws_rekognition_stream_processor (#37536)

ENHANCEMENTS:

• data-source/aws_elasticache_replication_group: Add cluster_mode attribute (#38002)
• data-source/aws_lakeformation_data_lake_settings: Add allow_full_table_external_data_access attribute (#34474)
• data-source/aws_msk_cluster: Add broker_node_group_info attribute (#37705)
• resource/aws_bedrockagent_agent : Add skip_resource_in_use_check argument (#37586)
• resource/aws_bedrockagent_agent_action_group: Add action_group_executor.custom_control argument (#37484)
• resource/aws_bedrockagent_agent_action_group: Add function_schema configuration block (#37484)
• resource/aws_bedrockagent_agent_alias : Add routing_configuration.provisioned_throughput argument (#37520)
• resource/aws_codebuild_webhook: Add scope_configuration argument (#38199)
• resource/aws_codepipeline: Add timeout_in_minutes argument to the action configuration block (#36316)
• resource/aws_db_instance: Add engine_lifecycle_support argument (#37708)
• resource/aws_ecs_cluster: Add configuration.managed_storage_configuration argument (#37932)
• resource/aws_elasticache_replication_group: Add cluster_mode argument (#38002)
• resource/aws_emrserverless_application: Add interactive_configuration argument (#37889)
• resource/aws_fis_experiment_template: Add experiment_options configuration block (#36900)
• resource/aws_fsx_lustre_file_system: Add final_backup_tags and skip_final_backup arguments (#37717)
• resource/aws_fsx_ontap_volume: Add final_backup_tags argument (#37717)
• resource/aws_fsx_openzfs_file_system: Add delete_options and final_backup_tags arguments (#37717)
• resource/aws_fsx_windows_file_system: Add final_backup_tags argument (#37717)
• resource/aws_imagebuilder_image_pipeline: Add execution_role and workflow arguments (#37317)
• resource/aws_kinesis_firehose_delivery_stream: Add secrets_manager_configuration to http_endpoint_configuration (#38245)
• resource/aws_kinesisanalyticsv2_application: Support FLINK-1_19 as a valid value for runtime_environment (#38350)
• resource/aws_lakeformation_data_lake_settings: Add allow_full_table_external_data_access attribute (#34474)
• resource/aws_lb_target_group: Add target_group_health configuration block (#37082)
• resource/aws_msk_replicator: Add starting_position argument (#36968)
• resource/aws_rds_cluster: Add engine_lifecycle_support argument (#37708)
• resource/aws_rds_global_cluster: Add engine_lifecycle_support argument (#37708)
• resource/aws_redshift_cluster_snapshot: Set arn from DescribeClusterSnapshots API response (#37996)
• resource/aws_vpclattice_listener: Support TLS_PASSTHROUGH as a valid value for protocol (#37964)
• resource/aws_wafv2_web_acl: Add enable_machine_learning to aws_managed_rules_bot_control_rule_set configuration block (#37006)

BUG FIXES:

• data-source/aws_efs_access_point: Set id the the access point ID, not the file system ID. This fixes a regression introduced in v5.58.0 (#38372)
• data-source/aws_lb_listener: Correctly set default_action.target_group_arn (#37348)
• resource/aws_chime_voice_connector_group: Properly handle voice connector groups deleted out of band (#36774)
• resource/aws_codebuild_project: Fix unsetting concurrent_build_limit (#37748)
• resource/aws_codepipeline: Mark trigger as Computed (#36316)
• resource/aws_ecs_service: Change volume_configuration.managed_ebs_volume.throughput from TypeString to TypeInt (#38109)
• resource/aws_elasticache_replication_group: Allows setting replicas_per_node_group to 0 and sets the maximum to 5. (#38396)
• resource/aws_elasticache_replication_group: Requires description. (#38396)
• resource/aws_elasticache_replication_group: When num_cache_clusters is set, prevents setting replicas_per_node_group. (#38396)
• resource/aws_elasticache_replication_group: num_cache_clusters must be at least 2 when automatic_failover_enabled is true. (#38396)
• resource/aws_elastictranscoder_pipeline: Properly handle NotFound exceptions during deletion (#38018)
• resource/aws_elastictranscoder_preset: Properly handle NotFound exceptions during deletion (#38018)
• resource/aws_lb_target_group: Use the configured ip_address_type value when target_type is instance (#36423)
• resource/aws_lb_trust_store: Wait until trust store is ACTIVE on resource Create (#38332)
• resource/aws_pinpoint_app: Fix interface conversion: interface {} is nil, not map[string]interface {} panic when campaign_hook is empty ({}) (#38323)
• resource/aws_transfer_server: Add supported values TransferSecurityPolicy-FIPS-2024-05, TransferSecurityPolicy-Restricted-2018-11, and TransferSecurityPolicy-Restricted-2020-06 for the security_policy_name argument (#38425)

v5.58.0

FEATURES:

• New Resource: aws_cloudwatch_log_account_policy (#38328)
• New Resource: aws_verifiedpermissions_identity_source (#38181)

ENHANCEMENTS:

• data-source/aws_launch_template: Add network_interfaces.primary_ipv6 attribute (#37142)
• data-source/aws_mskconnect_connector: Add tags attribute (#38270)
• data-source/aws_mskconnect_custom_plugin: Add tags attribute (#38270)
• data-source/aws_mskconnect_worker_configuration: Add tags attribute (#38270)
• data-source/aws_oam_link: Add link_configuration attribute (#38277)
• resource/aws_cloudformation_stack_set_instance: Extend deployment_targets argument. (#37898)
• resource/aws_cloudtrail_event_data_store: Add billing_mode argument (#38273)
• resource/aws_db_instance: Fix InvalidParameterCombination: A parameter group can't be specified during Read Replica creation for the following DB engine: postgres errors (#38227)
• resource/aws_ec2_capacity_reservation: Add configurable timeouts (#36754)
• resource/aws_ec2_capacity_reservation: Retry InsufficientInstanceCapacity errors (#36754)
• resource/aws_eks_cluster: Add bootstrap_self_managed_addons argument (#38162)
• resource/aws_fms_policy: Add resource_set_ids attribute (#38161)
• resource/aws_fsx_ontap_file_system: Add 384, 768, 1536, 3072, and 6144 as valid values for throughput_capacity (#38308)
• resource/aws_fsx_ontap_file_system: Add 384, 768, and 1536 as valid values for throughput_capacity_per_ha_pair (#38308)
• resource/aws_fsx_ontap_file_system: Add MULTI_AZ_2 as a valid value for deployment_type (#38308)
• resource/aws_globalaccelerator_cross_account_attachment: Add cidr_block argument to resource configuration block (#38196)
• resource/aws_iam_server_certificate: Add configurable delete timeout (#38212)
• resource/aws_launch_template: Add network_interfaces.primary_ipv6 argument (#37142)
• resource/aws_mskconnect_connector: Add tags argument and tags_all attribute (#38270)
• resource/aws_mskconnect_custom_plugin: Add tags argument and tags_all attribute (#38270)
• resource/aws_mskconnect_worker_configuration: Add tags argument and tags_all attribute (#38270)
• resource/aws_mskconnect_worker_configuration: Add resource deletion logic (#38270)
• resource/aws_oam_link: Add link_configuration argument (#38277)
• resource/aws_rds_cluster: Add ca_certificate_identifier argument and ca_certificate_valid_till attribute (#37108)
• resource/aws_ssm_association: Add tags argument and tags_all attribute (#38271)

BUG FIXES:

• aws_dx_lag: Checks for errors other than NotFound when reading. (#38292)
• aws_dynamodb_kinesis_streaming_destination: Checks for errors other than NotFound when reading. (#38292)
• aws_ec2_capacity_block_reservation: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_access_policy: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_collection: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_security_config: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_security_policy: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_vpc_endpoint: Checks for errors other than NotFound when reading. (#38292)
• aws_ram_principal_association: Checks for errors other than NotFound when reading. (#38292)
• aws_route_table: Checks for errors other than NotFound when reading. (#38292)
• data-source/aws_ecr_repository: Fix issue where the tags attribute is not set (#38272)
• data-source/aws_eks_cluster: Add access_config.bootstrap_cluster_creator_admin_permissions attribute (#38295)
• resource/aws_appstream_fleet: Support 0 as a valid value for idle_disconnect_timeout_in_seconds (#38274)
• resource/aws_cloudformation_stack_set_instance: Add ForceNew to deployment_targets attributes to ensure a new resource is recreated when the deployment_targets argument is changed, which was not the case previously. (#37898)
• resource/aws_db_instance: Correctly mark incomplete instances as tainted during creation (#38252)
• resource/aws_eks_cluster: Set access_config.bootstrap_cluster_creator_admin_permissions to true on Read for clusters with no access_config configured. This allows in-place updates of existing clusters when access_config is configured (#38295)
• resource/aws_elasticache_serverless_cache: Allow cache_usage_limits.data_storage.maximum, cache_usage_limits.data_storage.minimum, cache_usage_limits.ecpu_per_second.maximum and cache_usage_limits.ecpu_per_second.minimum to be updated in-place (#38269)
• resource/aws_mskconnect_connector: Fix interface conversion: interface {} is nil, not map[string]interface {} panic when log_delivery.worker_log_delivery is empty ({}) (#38270)

v5.57.0

FEATURES:

• New Data Source: aws_appstream_image (#38225)
• New Data Source: aws_cognito_user_pool (#37399)
• New Data Source: aws_ec2_transit_gateway_peering_attachments (#25743)
• New Data Source: aws_transfer_connector (#38213)

ENHANCEMENTS:

• data-source/aws_backup_plan: Add rule attribute (#37890)
• resource/aws_amplify_domain_association: Add certificate_settings argument (#37105)
• resource/aws_ec2_transit_gateway_peering_attachment: Add options argument (#36902)
• resource/aws_iot_authorizer: Add tags argument (#37152)
• resource/aws_iot_topic_rule: Add cloudwatch_logs.batch_mode and error_action.cloudwatch_logs.batch_mode arguments (#36772)
• resource/aws_sagemaker_endpoint_configuration: Add support for InputAndOutput in capture_mode (#37726)

BUG FIXES:

• resource/aws_iot_provisioning_template: Fix pre_provisioning_hook update operation (#37152)
• resource/aws_iot_topic_rule: Retry IAM eventual consistency errors on Update (#36286)

v5.56.1

BUG FIXES:

• data-source/aws_cognito_user_pool_client: Fix InvalidParameterException: 2 validation errors detected errors on Read (#38168)
• resource/aws_cognito_user: Fix a bug that caused resource recreation for resources imported with certain import ID formats (#38182)
• resource/aws_cognito_user_pool: Fix runtime error: index out of range [0] with length 0 panic when adding lambda_config (#38184)

v5.56.0

FEATURES:

• New Resource: aws_appfabric_app_authorization_connection (#38084)
• New Resource: aws_appfabric_ingestion (#37291)
• New Resource: aws_appfabric_ingestion_destination (#37627)
• New Resource: aws_networkfirewall_tls_inspection_configuration (#35168)
• New Resource: aws_networkmonitor_monitor (#35722)
• New Resource: aws_networkmonitor_probe (#35722)

ENHANCEMENTS:

• resource/aws_controltower_control: Add parameters argument and arn attribute (#38071)
• resource/aws_networkfirewall_logging_configuration: Add plan-time validation of firewall_arn (#35168)
• resource/aws_quicksight_account_subscription: Add iam_identity_center_instance_arn attribute (#36830)
• resource/aws_route53_resolver_firewall_rule: Add firewall_domain_redirection_action argument (#37242)
• resource/aws_route53_resolver_firewall_rule: Add q_type argument (#38074)
• resource/aws_sagemaker_domain: Add default_user_settings.canvas_app_settings.generative_ai_settings configuration block (#37139)
• resource/aws_sagemaker_domain: Add default_user_settings.code_editor_app_settings.custom_image configuration block (#37153)
• resource/aws_sagemaker_endpoint_configuration: Add production_variants.inference_ami_version and shadow_production_variants.inference_ami_version arguments (#38085)
• resource/aws_sagemaker_user_profile: Add user_settings.canvas_app_settings.generative_ai_settings configuration block (#37139)
• resource/aws_sagemaker_user_profile: Add user_settings.code_editor_app_settings.custom_image configuration block (#37153)
• resource/aws_sagemaker_workforce: add oidc_config.authentication_request_extra_params and oidc_config.scope arguments (#38078)
• resource/aws_sagemaker_workteam: Add worker_access_configuration attribute (#38087)
• resource/aws_wafv2_web_acl: Add sensitivity_level argument to sqli_match_statement configuration block (#38077)

BUG FIXES:

• data-source/aws_ecs_service: Correctly set tags (#38067)
• resource/aws_drs_replication_configuration_template: Fix issues preventing creation and deletion (#38143)

v5.55.0

FEATURES:

• New Resource: aws_drs_replication_configuration_template (#26399)

ENHANCEMENTS:

• data-source/aws_autoscaling_group: Add mixed_instances_policy.launch_template.override.instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price attribute (#38003)
• data-source/aws_glue_catalog_table: Add additional_locations argument in storage_descriptor (#37891)
• data-source/aws_launch_template: Add instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price attribute (#38003)
• data-source/aws_networkmanager_core_network_policy_document: Add attachment_policies.action.add_to_network_function_group argument (#38013)
• data-source/aws_networkmanager_core_network_policy_document: Add network_function_groups configuration block (#38013)
• data-source/aws_networkmanager_core_network_policy_document: Add send-via and send-to as valid values for segment_actions.action (#38013)
• data-source/aws_networkmanager_core_network_policy_document: Add single-hop and dual-hop as valid values for segment_actions.mode (#38013)
• data-source/aws_networkmanager_core_network_policy_document: Add when_sent_to and via configuration blocks to segment_actions (#38013)
• resource/aws_api_gateway_integration: Increase maximum value of timeout_milliseconds from 29000 (29 seconds) to 300000 (5 minutes) (#38010)
• resource/aws_appsync_api_key: Add api_key_id attribute (#36568)
• resource/aws_autoscaling_group: Add mixed_instances_policy.launch_template.override.instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price argument (#38003)
• resource/aws_autoscaling_group: Add plan-time validation of warm_pool.max_group_prepared_capacity and warm_pool.min_size (#37174)
• resource/aws_docdb_cluster: Add restore_to_point_in_time argument (#37716)
• resource/aws_dynamodb_table: Adds validation for ttl values. (#37991)
• resource/aws_ec2_fleet: Add launch_template_config.override.instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price argument (#38003)
• resource/aws_glue_catalog_table: Add additional_locations argument in storage_descriptor (#37891)
• resource/aws_glue_job: Add maintenance_window argument (#37760)
• resource/aws_launch_template: Add instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price argument (#38003)

BUG FIXES:

• data-source/aws_ami: Fix interface conversion: interface {} is types.ProductCodeValues, not string panic (#37977)
• data-source/aws_networkmanager_core_network_policy_document: Add correct except values to the returned JSON document when segment_actions.share_with_except is configured (#38013)
• provider: Now falls back to non-FIPS endpoint if use_fips_endpoint is set and no FIPS endpoint is available (#38057)
• resource/aws_autoscaling_group: Fix bug updating warm_pool.max_group_prepared_capacity to 0 (#37174)
• resource/aws_dynamodb_table: Fixes perpetual diff when ttl.attribute_name is set when ttl.enabled is not set. (#37991)
• resource/aws_ec2_network_insights_path: Mark destination as Optional (#36966)
• resource/aws_lambda_event_source_mapping: Remove the upper limit on scaling_config.maximum_concurrency (#37980)
• service/transitgateway: Fix resource Read pagination regression causing NotFound errors (#38011)

v5.54.1

BUG FIXES:

• data-source/aws_ami: Fix interface conversion: interface {} is types.ProductCodeValues, not string panic (######)
• resource/aws_codebuild_project: Increase maximum values of build_batch_config.timeout_in_mins and build_timeout from 480 (8 hours) to 2160 (36 hours) (#37970)

v5.54.0

NOTES:

• resource/aws_ec2_capacity_block_reservation: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#37528)

FEATURES:

• New Data Source: aws_ec2_capacity_block_offering (#37528)
• New Resource: aws_appfabric_app_authorization (#37468)
• New Resource: aws_appfabric_app_bundle (#37542)
• New Resource: aws_ec2_capacity_block_reservation (#37528)
• New Resource: aws_fms_resource_set (#37767)
• New Resource: aws_guardduty_malware_protection_plan (#37919)

ENHANCEMENTS:

• data-source/aws_opensearch_domain: Add ip_address_type argument (#37237)
• resource/aws_ec2_traffic_mirror_session: Mark packet_length as Computed (#36962)
• resource/aws_opensearch_domain: Add ip_address_type argument (#37237)
• resource/aws_vpc_endpoint: Add subnet_configuration argument to support user defined IP addresses (#37226)

BUG FIXES:

• data-source/aws_ami: Fix query returning no results (#37958)
• provider: Fixes an error where some data sources were not returning tags (#37966)
• resource/aws_applicationinsights_application: Change resource_group_name to ForceNew (#36962)
• resource/aws_dynamodb_table: Fix UnknownOperationException: Tagging is not currently supported in DynamoDB Local errors on resource Read (#37924)
• resource/aws_ec2_capacity_reservation: Fix InvalidCapacityReservationId.NotFound errors during Read and Delete when resource is manually deleted (#37127)
• resource/aws_route53_zone: Fix InvalidInput: 1 validation error detected: Value '...' at 'resourceId' failed to satisfy constraint: Member must have length less than or equal to 32 errors for resources imported with a /hostedzone/ prefix (#37893)
• service/apigatewayv2: Retry on ConflictException: Unable to complete operation due to concurrent modification errors (#37902)

v5.53.0

FEATURES:

• New Resource: aws_paymentcryptography_key (#37017)
• New Resource: aws_paymentcryptography_key_alias (#37020)

ENHANCEMENTS:

• data-source/aws_customer_gateway: Add bgp_asn_extended argument (#37815)
• data-source/aws_rds_engine_version: Add supports_limitless_database attribute (#37271)
• provider: The use_fips_endpoint flag is now ignored for any service with a custom endpoint configured in endpoints. (#34233)
• resource/aws_apigatewayv2_authorizer: Add configurable delete timeout (#37732)
• resource/aws_customer_gateway: Add bgp_asn_extended argument (#37815)
• resource/aws_fsx_lustre_file_system: Add metadata_configuration argument (#37868)
• resource/aws_lb: Add support for IPv6-only Application Load Balancers (#37700)
• resource/aws_mwaa_environment: Add max_webservers and min_webservers attributes (#37632)
• resource/aws_pipes_pipe: Add log_configuration argument (#37135)
• resource/aws_route53_record: Fix InvalidChangeBatch errors on resource Delete (#37850)
• resource/aws_s3_bucket: Ignore UnsupportedOperation errors when reading acceleration_status, server_side_encryption_configuration and tags (#37801)
• resource/aws_transfer_ssh_key: Add ssh_key_id attribute (#37548)

BUG FIXES:

• resource/aws_apigatewayv2_authorizer: Fix ConflictException errors on resource Delete (#37732)
• resource/aws_bedrockagent_agent: Increase instruction max length for validation to 4000 (#37758)
• resource/aws_cloudwatch_log_group: Correctly handles tag updates with empty string tags (#37668)
• resource/aws_kms_external_key: Fixes timeout error on creation when ignore_tags matches tag assigned to resource (#37818)
• resource/aws_kms_key: Fixes timeout error on creation when ignore_tags matches tag assigned to resource (#37818)
• resource/aws_kms_replica_external_key: Fixes timeout error on creation when ignore_tags matches tag assigned to resource (#37818)
• resource/aws_kms_replica_key: Fixes timeout error on creation when ignore_tags matches tag assigned to resource (#37818)
• resource/aws_mq_broker: Do not reboot on changes to maintenance_window_start_time or auto_minor_version_upgrade (#36506)
• resource/aws_pipes_pipe: Mark source_parameters.self_managed_kafka_parameters.credentials.basic_auth as Optional (#34293)
• resource/aws_secretsmanager_secret: Tags with empty values no longer remove all tags. (#37743)
• resource/aws_ssm_parameter: Fix Cannot import non-existent remote object errors when importing resources with version (#37832)
• resource/aws_vpc_endpoint: Restore pre-v5.51.0 default of false for private_dns_enabled (#37715)
• service/chatbot: Correctly overrides region when using custom endpoint. (#37851)
• service/costoptimizationhub: Correctly overrides region when using custom endpoint. (#37851)
• service/cur: Correctly overrides region when using custom endpoint. (#37851)
• service/globalaccelerator: Correctly overrides region when using custom endpoint. (#37851)
• service/route53: Correctly overrides region when using custom endpoint. (#37851)
• service/route53domains: Correctly overrides region when using custom endpoint. (#37851)
• service/shield: Correctly overrides region when using custom endpoint. (#37851)

v5.52.0

ENHANCEMENTS:

• resource/aws_kinesisanalyticsv2_application: Add application_mode argument (#37714)
• resource/aws_lightsail_bucket: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_certificate: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_container_service: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_database: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_distribution: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_key_pair: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_lb: Add support to ListTags function for proper key-only tag handling (#37711)

BUG FIXES:

• resource/aws_lightsail_database: Prevent destroy failure when resource is already deleted outside Terraform (#37711)
• resource/aws_lightsail_instance: Fix crash when reading a resource that has a key-only tag (#37587)
• resource/aws_lightsail_key_pair: Prevent destroy failure when resource is already deleted outside Terraform (#37711)
• resource/aws_lightsail_lb: Prevent destroy failure when resource is already deleted outside Terraform (#37711)