diff --git a/go.mod b/go.mod
index 11b5611a838..7c03cafbab1 100644
--- a/go.mod
+++ b/go.mod
@@ -56,12 +56,12 @@ require (
 	github.com/hashicorp/consul/sdk v0.7.0
 	github.com/hashicorp/cronexpr v1.1.1
 	github.com/hashicorp/go-checkpoint v0.0.0-20171009173528-1545e56e46de
-	github.com/hashicorp/go-cleanhttp v0.5.1
+	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-connlimit v0.3.0
 	github.com/hashicorp/go-cty-funcs v0.0.0-20200930094925-2721b1e36840
 	github.com/hashicorp/go-discover v0.0.0-20200812215701-c4b85f6ed31f
 	github.com/hashicorp/go-envparse v0.0.0-20180119215841-310ca1881b22
-	github.com/hashicorp/go-getter v1.5.2
+	github.com/hashicorp/go-getter v1.5.4
 	github.com/hashicorp/go-hclog v0.12.0
 	github.com/hashicorp/go-immutable-radix v1.3.0
 	github.com/hashicorp/go-memdb v1.3.0
diff --git a/go.sum b/go.sum
index 83268525da7..0d2b0eb0599 100644
--- a/go.sum
+++ b/go.sum
@@ -347,8 +347,9 @@ github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe
 github.com/hashicorp/go-checkpoint v0.0.0-20171009173528-1545e56e46de h1:XDCSythtg8aWSRSO29uwhgh7b127fWr+m5SemqjSUL8=
 github.com/hashicorp/go-checkpoint v0.0.0-20171009173528-1545e56e46de/go.mod h1:xIwEieBHERyEvaeKF/TcHh1Hu+lxPM+n2vT1+g9I4m4=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-connlimit v0.2.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0=
 github.com/hashicorp/go-connlimit v0.3.0 h1:oAojHGjFxUTTTA8c5XXnDqWJ2HLuWbDiBPTpWvNzvqM=
 github.com/hashicorp/go-connlimit v0.3.0/go.mod h1:OUj9FGL1tPIhl/2RCfzYHrIiWj+VVPGNyVPnUX8AqS0=
@@ -360,8 +361,8 @@ github.com/hashicorp/go-envparse v0.0.0-20180119215841-310ca1881b22 h1:HTmDIaSN9
 github.com/hashicorp/go-envparse v0.0.0-20180119215841-310ca1881b22/go.mod h1:/NlxCzN2D4C4L2uDE6ux/h6jM+n98VFQM14nnCIfHJU=
 github.com/hashicorp/go-gatedio v0.5.0 h1:Jm1X5yP4yCqqWj5L1TgW7iZwCVPGtVc+mro5r/XX7Tg=
 github.com/hashicorp/go-gatedio v0.5.0/go.mod h1:Lr3t8L6IyxD3DAeaUxGcgl2JnRUpWMCsmBl4Omu/2t4=
-github.com/hashicorp/go-getter v1.5.2 h1:XDo8LiAcDisiqZdv0TKgz+HtX3WN7zA2JD1R1tjsabE=
-github.com/hashicorp/go-getter v1.5.2/go.mod h1:orNH3BTYLu/fIxGIdLjLoAJHWMDQ/UKQr5O4m3iBuoo=
+github.com/hashicorp/go-getter v1.5.4 h1:/A0xlardcuhx8SEe1rh1371xV7Yi4j3xeluu53VXeyg=
+github.com/hashicorp/go-getter v1.5.4/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI=
 github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
 github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
diff --git a/vendor/github.com/hashicorp/go-cleanhttp/cleanhttp.go b/vendor/github.com/hashicorp/go-cleanhttp/cleanhttp.go
index 8d306bf5134..fe28d15b6f9 100644
--- a/vendor/github.com/hashicorp/go-cleanhttp/cleanhttp.go
+++ b/vendor/github.com/hashicorp/go-cleanhttp/cleanhttp.go
@@ -32,6 +32,7 @@ func DefaultPooledTransport() *http.Transport {
 		IdleConnTimeout:       90 * time.Second,
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
+		ForceAttemptHTTP2:     true,
 		MaxIdleConnsPerHost:   runtime.GOMAXPROCS(0) + 1,
 	}
 	return transport
diff --git a/vendor/github.com/hashicorp/go-cleanhttp/go.mod b/vendor/github.com/hashicorp/go-cleanhttp/go.mod
index 310f07569fc..005ccdef9c3 100644
--- a/vendor/github.com/hashicorp/go-cleanhttp/go.mod
+++ b/vendor/github.com/hashicorp/go-cleanhttp/go.mod
@@ -1 +1,3 @@
 module github.com/hashicorp/go-cleanhttp
+
+go 1.13
diff --git a/vendor/github.com/hashicorp/go-getter/client.go b/vendor/github.com/hashicorp/go-getter/client.go
index 78a96bf0be0..d531c2a772d 100644
--- a/vendor/github.com/hashicorp/go-getter/client.go
+++ b/vendor/github.com/hashicorp/go-getter/client.go
@@ -67,6 +67,15 @@ type Client struct {
 	// By default a no op progress listener is used.
 	ProgressListener ProgressTracker
 
+	// Insecure controls whether a client verifies the server's
+	// certificate chain and host name. If Insecure is true, crypto/tls
+	// accepts any certificate presented by the server and any host name in that
+	// certificate. In this mode, TLS is susceptible to machine-in-the-middle
+	// attacks unless custom verification is used. This should be used only for
+	// testing or in combination with VerifyConnection or VerifyPeerCertificate.
+	// This is identical to tls.Config.InsecureSkipVerify.
+	Insecure bool
+
 	Options []ClientOption
 }
 
@@ -289,7 +298,7 @@ func (c *Client) Get() error {
 		// if we're specifying a subdir.
 		err := g.Get(dst, u)
 		if err != nil {
-			err = fmt.Errorf("error downloading '%s': %s", src, err)
+			err = fmt.Errorf("error downloading '%s': %s", u.Redacted(), err)
 			return err
 		}
 	}
diff --git a/vendor/github.com/hashicorp/go-getter/client_option_insecure.go b/vendor/github.com/hashicorp/go-getter/client_option_insecure.go
new file mode 100644
index 00000000000..75da58cdda2
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-getter/client_option_insecure.go
@@ -0,0 +1,14 @@
+package getter
+
+// WithInsecure allows for a user to avoid
+// checking certificates (not recommended).
+// For example, when connecting on HTTPS where an
+// invalid certificate is presented.
+// User assumes all risk.
+// Not all getters have support for insecure mode yet.
+func WithInsecure() func(*Client) error {
+	return func(c *Client) error {
+		c.Insecure = true
+		return nil
+	}
+}
diff --git a/vendor/github.com/hashicorp/go-getter/detect_s3.go b/vendor/github.com/hashicorp/go-getter/detect_s3.go
index 8e0f4a03b46..89f3c35dcf4 100644
--- a/vendor/github.com/hashicorp/go-getter/detect_s3.go
+++ b/vendor/github.com/hashicorp/go-getter/detect_s3.go
@@ -34,6 +34,8 @@ func (d *S3Detector) detectHTTP(src string) (string, bool, error) {
 		return d.detectPathStyle(hostParts[0], parts[1:])
 	} else if len(hostParts) == 4 {
 		return d.detectVhostStyle(hostParts[1], hostParts[0], parts[1:])
+	} else if len(hostParts) == 5 && hostParts[1] == "s3" {
+		return d.detectNewVhostStyle(hostParts[2], hostParts[0], parts[1:])
 	} else {
 		return "", false, fmt.Errorf(
 			"URL is not a valid S3 URL")
@@ -59,3 +61,13 @@ func (d *S3Detector) detectVhostStyle(region, bucket string, parts []string) (st
 
 	return "s3::" + url.String(), true, nil
 }
+
+func (d *S3Detector) detectNewVhostStyle(region, bucket string, parts []string) (string, bool, error) {
+	urlStr := fmt.Sprintf("https://s3.%s.amazonaws.com/%s/%s", region, bucket, strings.Join(parts, "/"))
+	url, err := url.Parse(urlStr)
+	if err != nil {
+		return "", false, fmt.Errorf("error parsing S3 URL: %s", err)
+	}
+
+	return "s3::" + url.String(), true, nil
+}
diff --git a/vendor/github.com/hashicorp/go-getter/get_gcs.go b/vendor/github.com/hashicorp/go-getter/get_gcs.go
index 4b895877b39..4f2172b24cc 100644
--- a/vendor/github.com/hashicorp/go-getter/get_gcs.go
+++ b/vendor/github.com/hashicorp/go-getter/get_gcs.go
@@ -6,6 +6,7 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	"cloud.google.com/go/storage"
@@ -22,7 +23,7 @@ func (g *GCSGetter) ClientMode(u *url.URL) (ClientMode, error) {
 	ctx := g.Context()
 
 	// Parse URL
-	bucket, object, err := g.parseURL(u)
+	bucket, object, _, err := g.parseURL(u)
 	if err != nil {
 		return 0, err
 	}
@@ -59,7 +60,7 @@ func (g *GCSGetter) Get(dst string, u *url.URL) error {
 	ctx := g.Context()
 
 	// Parse URL
-	bucket, object, err := g.parseURL(u)
+	bucket, object, _, err := g.parseURL(u)
 	if err != nil {
 		return err
 	}
@@ -105,7 +106,7 @@ func (g *GCSGetter) Get(dst string, u *url.URL) error {
 			}
 			objDst = filepath.Join(dst, objDst)
 			// Download the matching object.
-			err = g.getObject(ctx, client, objDst, bucket, obj.Name)
+			err = g.getObject(ctx, client, objDst, bucket, obj.Name, "")
 			if err != nil {
 				return err
 			}
@@ -118,7 +119,7 @@ func (g *GCSGetter) GetFile(dst string, u *url.URL) error {
 	ctx := g.Context()
 
 	// Parse URL
-	bucket, object, err := g.parseURL(u)
+	bucket, object, fragment, err := g.parseURL(u)
 	if err != nil {
 		return err
 	}
@@ -127,11 +128,21 @@ func (g *GCSGetter) GetFile(dst string, u *url.URL) error {
 	if err != nil {
 		return err
 	}
-	return g.getObject(ctx, client, dst, bucket, object)
+	return g.getObject(ctx, client, dst, bucket, object, fragment)
 }
 
-func (g *GCSGetter) getObject(ctx context.Context, client *storage.Client, dst, bucket, object string) error {
-	rc, err := client.Bucket(bucket).Object(object).NewReader(ctx)
+func (g *GCSGetter) getObject(ctx context.Context, client *storage.Client, dst, bucket, object, fragment string) error {
+	var rc *storage.Reader
+	var err error
+	if fragment != "" {
+		generation, err := strconv.ParseInt(fragment, 10, 64)
+		if err != nil {
+			return err
+		}
+		rc, err = client.Bucket(bucket).Object(object).Generation(generation).NewReader(ctx)
+	} else {
+		rc, err = client.Bucket(bucket).Object(object).NewReader(ctx)
+	}
 	if err != nil {
 		return err
 	}
@@ -145,7 +156,7 @@ func (g *GCSGetter) getObject(ctx context.Context, client *storage.Client, dst,
 	return copyReader(dst, rc, 0666, g.client.umask())
 }
 
-func (g *GCSGetter) parseURL(u *url.URL) (bucket, path string, err error) {
+func (g *GCSGetter) parseURL(u *url.URL) (bucket, path, fragment string, err error) {
 	if strings.Contains(u.Host, "googleapis.com") {
 		hostParts := strings.Split(u.Host, ".")
 		if len(hostParts) != 3 {
@@ -160,6 +171,7 @@ func (g *GCSGetter) parseURL(u *url.URL) (bucket, path string, err error) {
 		}
 		bucket = pathParts[3]
 		path = pathParts[4]
+		fragment = u.Fragment
 	}
 	return
 }
diff --git a/vendor/github.com/hashicorp/go-getter/get_http.go b/vendor/github.com/hashicorp/go-getter/get_http.go
index b0229d763f9..f5a39c5cbb9 100644
--- a/vendor/github.com/hashicorp/go-getter/get_http.go
+++ b/vendor/github.com/hashicorp/go-getter/get_http.go
@@ -2,6 +2,7 @@ package getter
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/xml"
 	"fmt"
 	"io"
@@ -11,6 +12,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/hashicorp/go-cleanhttp"
 	safetemp "github.com/hashicorp/go-safetemp"
 )
 
@@ -74,6 +76,11 @@ func (g *HttpGetter) Get(dst string, u *url.URL) error {
 
 	if g.Client == nil {
 		g.Client = httpClient
+		if g.client != nil && g.client.Insecure {
+			insecureTransport := cleanhttp.DefaultTransport()
+			insecureTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+			g.Client.Transport = insecureTransport
+		}
 	}
 
 	// Add terraform-get to the parameter.
@@ -82,7 +89,7 @@ func (g *HttpGetter) Get(dst string, u *url.URL) error {
 	u.RawQuery = q.Encode()
 
 	// Get the URL
-	req, err := http.NewRequest("GET", u.String(), nil)
+	req, err := http.NewRequestWithContext(ctx, "GET", u.String(), nil)
 	if err != nil {
 		return err
 	}
@@ -157,6 +164,11 @@ func (g *HttpGetter) GetFile(dst string, src *url.URL) error {
 
 	if g.Client == nil {
 		g.Client = httpClient
+		if g.client != nil && g.client.Insecure {
+			insecureTransport := cleanhttp.DefaultTransport()
+			insecureTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+			g.Client.Transport = insecureTransport
+		}
 	}
 
 	var currentFileSize int64
@@ -164,7 +176,7 @@ func (g *HttpGetter) GetFile(dst string, src *url.URL) error {
 	// We first make a HEAD request so we can check
 	// if the server supports range queries. If the server/URL doesn't
 	// support HEAD requests, we just fall back to GET.
-	req, err := http.NewRequest("HEAD", src.String(), nil)
+	req, err := http.NewRequestWithContext(ctx, "HEAD", src.String(), nil)
 	if err != nil {
 		return err
 	}
@@ -181,7 +193,6 @@ func (g *HttpGetter) GetFile(dst string, src *url.URL) error {
 				if fi, err := f.Stat(); err == nil {
 					if _, err = f.Seek(0, io.SeekEnd); err == nil {
 						currentFileSize = fi.Size()
-						req.Header.Set("Range", fmt.Sprintf("bytes=%d-", currentFileSize))
 						if currentFileSize >= headResp.ContentLength {
 							// file already present
 							return nil
@@ -191,7 +202,17 @@ func (g *HttpGetter) GetFile(dst string, src *url.URL) error {
 			}
 		}
 	}
-	req.Method = "GET"
+
+	req, err = http.NewRequestWithContext(ctx, "GET", src.String(), nil)
+	if err != nil {
+		return err
+	}
+	if g.Header != nil {
+		req.Header = g.Header.Clone()
+	}
+	if currentFileSize > 0 {
+		req.Header.Set("Range", fmt.Sprintf("bytes=%d-", currentFileSize))
+	}
 
 	resp, err := g.Client.Do(req)
 	if err != nil {
diff --git a/vendor/github.com/hashicorp/go-getter/get_s3.go b/vendor/github.com/hashicorp/go-getter/get_s3.go
index dc577c07042..d897ab50c76 100644
--- a/vendor/github.com/hashicorp/go-getter/get_s3.go
+++ b/vendor/github.com/hashicorp/go-getter/get_s3.go
@@ -261,7 +261,7 @@ func (g *S3Getter) parseUrl(u *url.URL) (region, bucket, path, version string, c
 	} else {
 		pathParts := strings.SplitN(u.Path, "/", 3)
 		if len(pathParts) != 3 {
-			err = fmt.Errorf("URL is not a valid S3 complaint URL")
+			err = fmt.Errorf("URL is not a valid S3 compliant URL")
 			return
 		}
 		bucket = pathParts[1]
diff --git a/vendor/github.com/hashicorp/go-getter/go.mod b/vendor/github.com/hashicorp/go-getter/go.mod
index 9c0ae09b7a7..b89a575b12b 100644
--- a/vendor/github.com/hashicorp/go-getter/go.mod
+++ b/vendor/github.com/hashicorp/go-getter/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/cheggaaa/pb v1.0.27
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fatih/color v1.7.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.0
+	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-safetemp v1.0.0
 	github.com/hashicorp/go-version v1.1.0
 	github.com/klauspost/compress v1.11.2
diff --git a/vendor/github.com/hashicorp/go-getter/go.sum b/vendor/github.com/hashicorp/go-getter/go.sum
index 99c5ea66b0c..8aeb2b9c328 100644
--- a/vendor/github.com/hashicorp/go-getter/go.sum
+++ b/vendor/github.com/hashicorp/go-getter/go.sum
@@ -42,8 +42,8 @@ github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OI
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/hashicorp/go-cleanhttp v0.5.0 h1:wvCrVc9TjDls6+YGAF2hAifE1E5U1+b4tH6KdvN3Gig=
-github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
 github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
 github.com/hashicorp/go-version v1.1.0 h1:bPIoEKD27tNdebFGGxxYwcL4nepeY4j1QP23PFRGzg0=
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 8048ca9e35b..7bc3a2e85fd 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -380,7 +380,7 @@ github.com/hashicorp/errwrap
 # github.com/hashicorp/go-checkpoint v0.0.0-20171009173528-1545e56e46de
 ## explicit
 github.com/hashicorp/go-checkpoint
-# github.com/hashicorp/go-cleanhttp v0.5.1
+# github.com/hashicorp/go-cleanhttp v0.5.2
 ## explicit
 github.com/hashicorp/go-cleanhttp
 # github.com/hashicorp/go-connlimit v0.3.0
@@ -413,7 +413,7 @@ github.com/hashicorp/go-discover/provider/vsphere
 # github.com/hashicorp/go-envparse v0.0.0-20180119215841-310ca1881b22
 ## explicit
 github.com/hashicorp/go-envparse
-# github.com/hashicorp/go-getter v1.5.2
+# github.com/hashicorp/go-getter v1.5.4
 ## explicit
 github.com/hashicorp/go-getter
 github.com/hashicorp/go-getter/helper/url