FEATURES:
- New Resource:
aws_workspaces_connection_alias
(#32482)
ENHANCEMENTS:
- data-source/aws_appmesh_gateway_route: Add
path
to thespec.http_route.action.rewrite
andspec.http2_route.action.rewrite
configuration blocks (#32449) - data-source/aws_db_instance: Add
max_allocated_storage
attribute (#32477) - data-source/aws_ec2_host: Add
asset_id
attribute (#32388) - resource/aws_appmesh_gateway_route: Add
path
to thespec.http_route.action.rewrite
andspec.http2_route.action.rewrite
configuration blocks (#32449) - resource/aws_cloudformation_stack_set_instance: Added the
stack_instance_summaries
attribute to track all account and stack IDs for deployments to organizational units. (#24523) - resource/aws_cloudformation_stack_set_instance: Changes to
deployment_targets
now force a new resource. (#24523) - resource/aws_connect_queue: add delete function (#32538)
- resource/aws_connect_routing_profile: add delete function (#32540)
- resource/aws_db_instance: Add
backup_target
attribute (#32609) - resource/aws_ec2_host: Add
asset_id
argument (#32388) - resource/aws_ec2_traffic_mirror_filter_rule: Fix crash when updating
rule_number
(#32594) - resource/aws_lightsail_key_pair: Add
tags
attribute (#32606) - resource/aws_signer_signing_profile: Add
signing_material
attribute. (#32414) - resource/aws_signer_signing_profile: Update
platform_id
validation. (#32414) - resource/aws_wafv2_web_acl: Add
association_config
argument (#31668)
BUG FIXES:
- data-source/aws_dms_replication_instance: Fixed bug that caused
replication_instance_private_ips
,replication_instance_public_ips
, andvpc_security_group_ids
to always returnnull
(#32551) - data-source/aws_mq_broker: Fix
setting user: Invalid address to set
errors (#32593) - data-source/aws_vpc_endpoint: Add
dns_options.private_dns_only_for_inbound_resolver_endpoint
(#32517) - resource/aws_appflow_flow: Fix tasks not updating properly due to empty task being processed (#26614)
- resource/aws_cloudformation_stack_set_instance: Fix error when deploying to organizational units with no accounts. (#24523)
- resource/aws_cognito_user_pool: Suppress diff when
schema.string_attribute_constraints
is omitted forString
attribute types (#32445) - resource/aws_config_config_rule: Prevent crash from unhandled read error (#32520)
- resource/aws_datasync_agent: Prevent persistent diffs when
private_link_endpoint
is not explicitly configured. (#32546) - resource/aws_globalaccelerator_custom_routing_endpoint_group: Respect configured
endpoint_group_region
value on resource Create (#32393) - resource/aws_pipes_pipe: Fix
Error: setting target_parameters: Invalid address to set
errors when creating pipes with ecs task targets (#32432) - resource/aws_pipes_pipe: Fix
ValidationException
errors when updating pipe (#32622) - resource/aws_quicksight_analysis: Correctly expand comparison method (#32285)
- resource/aws_quicksight_group_membership: Allow non
default
value for namespace (#32494) - resource/aws_route53_cidr_location: Fix
Value Conversion Error
errors (#32596) - resource/aws_wafv2_web_acl: Fixed error handling
response_inspection
parameters (#31111)
ENHANCEMENTS:
- data-source/aws_ssm_parameter: Add
insecure_value
attribute (#30817) - resource/aws_fms_policy: Add
policy_option
attribute forsecurity_service_policy_data
block (#25362) - resource/aws_iam_virtual_mfa_device: Add
enable_date
anduser_name
attributes (#32462)
BUG FIXES:
- resource/aws_config_config_rule: Prevent crash on nil describe output (#32439)
- resource/aws_mq_broker: default
replication_user
tofalse
(#32454) - resource/aws_quicksight_analysis: Fix exception thrown when specifying
definition.sheets.visuals.bar_chart_visual.chart_configuration.category_axis.scrollbar_options.visible_range
(#32464) - resource/aws_quicksight_analysis: Fix exception thrown when specifying
definition.sheets.visuals.pivot_table_visual.chart_configuration.field_options.selected_field_options.visibility
(#32464) - resource/aws_quicksight_analysis: Fix exception thrown when specifying
definition.sheets.visuals.pivot_table_visual.chart_configuration.field_wells.pivot_table_aggregated_field_wells.rows
(#32464) - resource/aws_quicksight_dashboard: Fix exception thrown when specifying
definition.sheets.visuals.bar_chart_visual.chart_configuration.category_axis.scrollbar_options.visible_range
(#32464) - resource/aws_quicksight_dashboard: Fix exception thrown when specifying
definition.sheets.visuals.pivot_table_visual.chart_configuration.field_options.selected_field_options.visibility
(#32464) - resource/aws_quicksight_dashboard: Fix exception thrown when specifying
definition.sheets.visuals.pivot_table_visual.chart_configuration.field_wells.pivot_table_aggregated_field_wells.rows
(#32464) - resource/aws_quicksight_template: Fix exception thrown when specifying
definition.sheets.visuals.bar_chart_visual.chart_configuration.category_axis.scrollbar_options.visible_range
(#32464) - resource/aws_quicksight_template: Fix exception thrown when specifying
definition.sheets.visuals.pivot_table_visual.chart_configuration.field_options.selected_field_options.visibility
(#32464) - resource/aws_quicksight_template: Fix exception thrown when specifying
definition.sheets.visuals.pivot_table_visual.chart_configuration.field_wells.pivot_table_aggregated_field_wells.rows
(#32464)
FEATURES:
- New Data Source:
aws_opensearchserverless_security_config
(#32321) - New Data Source:
aws_opensearchserverless_security_policy
(#32226) - New Data Source:
aws_opensearchserverless_vpc_endpoint
(#32276) - New Resource:
aws_cleanrooms_collaboration
(#31680)
ENHANCEMENTS:
- resource/aws_aws_keyspaces_table: Add
client_side_timestamps
configuration block (#32339) - resource/aws_glue_catalog_database: Add
target_database.region
argument (#32283) - resource/aws_glue_crawler: Add
iceberg_target
configuration block (#32332) - resource/aws_internetmonitor_monitor: Add
health_events_config
configuration block (#32343) - resource/aws_lambda_function: Support
code_signing_config_arn
in theap-east-1
AWS Region (#32327) - resource/aws_qldb_stream: Add configurable Create and Delete timeouts (#32345)
- resource/aws_service_discovery_private_dns_namespace: Allow
description
to be updated in-place (#32342) - resource/aws_service_discovery_public_dns_namespace: Allow
description
to be updated in-place (#32342) - resource/aws_timestreamwrite_table: Add
schema
configuration block (#32354)
BUG FIXES:
- provider: Correctly handle
forbidden_account_ids
(#32352) - resource/aws_kms_external_key: Correctly remove all tags (#32371)
- resource/aws_kms_key: Correctly remove all tags (#32371)
- resource/aws_kms_replica_external_key: Correctly remove all tags (#32371)
- resource/aws_kms_replica_key: Correctly remove all tags (#32371)
- resource/aws_secretsmanager_secret_rotation: Fix
InvalidParameterException: You cannot specify both rotation frequency and schedule expression together
errors on resource Update (#31915) - resource/aws_ssm_parameter: Skip Update if only
overwrite
parameter changes (#32372) - resource/aws_vpc_endpoint: Fix
InvalidParameter: PrivateDnsOnlyForInboundResolverEndpoint not supported for this service
errors creating S3 Interface VPC endpoints (#32355)
BUG FIXES:
- resource/aws_s3_bucket: Fix
InvalidArgument: Invalid attribute name specified
errors when listing S3 Bucket objects, caused by an AWS SDK for Go regression (#32317)
BUG FIXES:
- provider: Prevent resource recreation if
tags
ortags_all
are updated (#32297)
FEATURES:
- New Data Source:
aws_opensearchserverless_access_policy
(#32231) - New Data Source:
aws_opensearchserverless_collection
(#32247) - New Data Source:
aws_sfn_alias
(#32176) - New Data Source:
aws_sfn_state_machine_versions
(#32176) - New Resource:
aws_ec2_instance_connect_endpoint
(#31858) - New Resource:
aws_sfn_alias
(#32176) - New Resource:
aws_transfer_agreement
(#32203) - New Resource:
aws_transfer_certificate
(#32203) - New Resource:
aws_transfer_connector
(#32203) - New Resource:
aws_transfer_profile
(#32203)
ENHANCEMENTS:
- resource/aws_batch_compute_environment: Add
placement_group
attribute to thecompute_resources
configuration block (#32200) - resource/aws_emrserverless_application: Do not recreate the resource if
release_label
changes (#32278) - resource/aws_fis_experiment_template: Add
log_configuration
configuration block (#32102) - resource/aws_fis_experiment_template: Add
parameters
attribute to thetarget
configuration block (#32160) - resource/aws_fis_experiment_template: Add support for
Pods
andTasks
toaction.*.target
(#32152) - resource/aws_lambda_event_source_mapping: The
queues
argument has changed from a set to a list with a maximum of one element. (#31931) - resource/aws_pipes_pipe: Add
activemq_broker_parameters
,dynamodb_stream_parameters
,kinesis_stream_parameters
,managed_streaming_kafka_parameters
,rabbitmq_broker_parameters
,self_managed_kafka_parameters
andsqs_queue_parameters
attributes to thesource_parameters
configuration block. NOTE: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#31607) - resource/aws_pipes_pipe: Add
batch_job_parameters
,cloudwatch_logs_parameters
,ecs_task_parameters
,eventbridge_event_bus_parameters
,http_parameters
,kinesis_stream_parameters
,lambda_function_parameters
,redshift_data_parameters
,sagemaker_pipeline_parameters
,sqs_queue_parameters
andstep_function_state_machine_parameters
attributes to thetarget_parameters
configuration block. NOTE: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#31607) - resource/aws_pipes_pipe: Add
enrichment_parameters
argument (#31607) - resource/aws_resourcegroups_group:
resource_query
no longer conflicts withconfiguration
(#30242) - resource/aws_s3_bucket_logging: Retry on empty read of logging config (#30916)
- resource/aws_sfn_state_machine: Add
description
,publish
,revision_id
,state_machine_version_arn
andversion_description
attributes (#32176)
BUG FIXES:
- resource/aws_db_instance: Fix resource Create returning instances not in the
available
state whenidentifier_prefix
is specified (#32287) - resource/aws_resourcegroups_resource: Fix crash when resource Create fails (#30242)
- resource/aws_route: Fix
reading Route in Route Table (rtb-1234abcd) with destination (1.2.3.4/5): couldn't find resource
errors when reading new resource (#32196) - resource/aws_vpc_security_group_egress_rule:
security_group_id
is Required (#32148) - resource/aws_vpc_security_group_ingress_rule:
security_group_id
is Required (#32148)
NOTES:
- provider: Updates to Go 1.20, the last release that will run on any release of Windows 7, 8, Server 2008 and Server 2012. A future release will update to Go 1.21, and these platforms will no longer be supported. (#32108)
- provider: Updates to Go 1.20, the last release that will run on macOS 10.13 High Sierra or 10.14 Mojave. A future release will update to Go 1.21, and these platforms will no longer be supported. (#32108)
- provider: Updates to Go 1.20. The provider will now notice the
trust-ad
option in/etc/resolv.conf
and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver. (#32108)
FEATURES:
- New Data Source:
aws_sesv2_email_identity
(#32026) - New Data Source:
aws_sesv2_email_identity_mail_from_attributes
(#32026) - New Resource:
aws_chimesdkvoice_sip_rule
(#32070) - New Resource:
aws_organizations_resource_policy
(#32056)
ENHANCEMENTS:
- data-source/aws_organizations_organization: Return the full set of attributes when running as a delegated administrator for AWS Organizations (#32056)
- provider: Mask all sensitive values that appear when
TF_LOG
level isTRACE
(#32174) - resource/aws_config_configuration_recorder: Add
exclusion_by_resource_types
andrecording_strategy
attributes to therecording_group
configuration block (#32007) - resource/aws_datasync_task: Add
object_tags
attribute tooptions
configuration block (#27811) - resource/aws_networkmanager_attachment_accepter: Added support for Transit Gateway route table attachments (#32023)
- resource/aws_ses_active_receipt_rule_set: Support import (#27604)
BUG FIXES:
- resource/aws_api_gateway_rest_api: Fix crash when
binary_media_types
isnull
(#32169) - resource/aws_datasync_location_object_storage: Don't ignore
server_certificate
argument (#27811) - resource/aws_eip: Fix
reading EC2 EIP (eipalloc-abcd1234): couldn't find resource
errors when reading new resource (#32016) - resource/aws_quicksight_analysis: Fix schema mapping for string set elements (#31903)
- resource/aws_redshiftserverless_workgroup: Fix
waiting for completion: unexpected state 'AVAILABLE'
errors when deleting resource (#32067) - resource/aws_route_table: Fix
reading Route Table (rtb-abcd1234): couldn't find resource
errors when reading new resource (#30999) - resource/aws_storagegateway_smb_file_share: Fix update error when
kms_encrypted
istrue
butkms_key_arn
is not sent in the request (#32171)
FEATURES:
- New Data Source:
aws_organizations_policies
(#31545) - New Data Source:
aws_organizations_policies_for_target
(#31682) - New Resource:
aws_chimesdkvoice_sip_media_application
(#31937) - New Resource:
aws_opensearchserverless_collection
(#31091) - New Resource:
aws_opensearchserverless_security_config
(#28776) - New Resource:
aws_opensearchserverless_vpc_endpoint
(#28651)
ENHANCEMENTS:
- resource/aws_elb: Add configurable Create and Update timeouts (#31976)
- resource/aws_glue_data_quality_ruleset: Add
catalog_id
argument totarget_table
block (#31926)
BUG FIXES:
- provider: Fix
index out of range [0] with length 0
panic (#32004) - resource/aws_elb: Recreate the resource if
subnets
is updated to an empty list (#31976) - resource/aws_lambda_provisioned_concurrency_config: The
function_name
argument now properly handles ARN values (#31933) - resource/aws_quicksight_data_set: Allow physical table map to be optional (#31863)
- resource/aws_ssm_default_patch_baseline: Fix
*conns.AWSClient is not ssm.ssmClient: missing method SSMClient
panic (#31928)
NOTES:
- resource/aws_instance: The
metadata_options.http_endpoint
argument now correctly defaults toenabled
. (#24774) - resource/aws_lambda_function: The
replace_security_groups_on_destroy
andreplacement_security_group_ids
attributes are being deprecated as AWS no longer supports this operation. These attributes now have no effect, and will be removed in a future major version. (#31904)
FEATURES:
- New Data Source:
aws_quicksight_theme
(#31900) - New Resource:
aws_opensearchserverless_access_policy
(#28518) - New Resource:
aws_opensearchserverless_security_policy
(#28470) - New Resource:
aws_quicksight_theme
(#31900)
ENHANCEMENTS:
- data-source/aws_redshift_cluster: Add
cluster_namespace_arn
attribute (#31884) - resource/aws_redshift_cluster: Add
cluster_namespace_arn
attribute (#31884) - resource/aws_vpc_endpoint: Add
private_dns_only_for_inbound_resolver_endpoint
attribute to thedns_options
configuration block (#31873)
BUG FIXES:
- resource/aws_ecs_task_definition: Fix to prevent persistent diff when
efs_volume_configuration
has bothroot_volume
andauthorization_config
set. (#26880) - resource/aws_instance: Fix default for
metadata_options.http_endpoint
argument. (#24774) - resource/aws_keyspaces_keyspace: Correct plan time validation for
name
(#31352) - resource/aws_keyspaces_table: Correct plan time validation for
keyspace_name
,table_name
and column names (#31352) - resource/aws_quicksight_analysis: Fix assignment of KPI visual field well target values (#31901)
- resource/aws_redshift_cluster: Allow
availability_zone_relocation_enabled
to betrue
whenpublicly_accessible
istrue
(#31886) - resource/aws_vpc: Fix
reading EC2 VPC (vpc-abcd1234) Attribute (enableDnsSupport): couldn't find resource
errors when reading new resource (#31877)
NOTES:
- resource/aws_mwaa_environment: Upgrading your environment to a new major version of Apache Airflow forces replacement of the resource (#31833)
FEATURES:
- New Data Source:
aws_budgets_budget
(#31691) - New Data Source:
aws_ecr_pull_through_cache_rule
(#31696) - New Data Source:
aws_guardduty_finding_ids
(#31711) - New Data Source:
aws_iam_principal_policy_simulation
(#25569) - New Resource:
aws_chimesdkvoice_global_settings
(#31365) - New Resource:
aws_finspace_kx_cluster
(#31806) - New Resource:
aws_finspace_kx_database
(#31803) - New Resource:
aws_finspace_kx_environment
(#31802) - New Resource:
aws_finspace_kx_user
(#31804)
ENHANCEMENTS:
- data/aws_ec2_transit_gateway_connect_peer: Add
bgp_peer_address
andbgp_transit_gateway_addresses
attributes (#31752) - provider: Adds
retry_mode
parameter (#31745) - resource/aws_chime_voice_connector: Add tagging support (#31746)
- resource/aws_ec2_transit_gateway_connect_peer: Add
bgp_peer_address
andbgp_transit_gateway_addresses
attributes (#31752) - resource/aws_ec2_transit_gateway_route_table_association: Add
replace_existing_association
argument (#31452) - resource/aws_fis_experiment_template: Add support for
Volumes
toactions.*.target
(#31499) - resource/aws_instance: Add
instance_market_options
configuration block andinstance_lifecycle
andspot_instance_request_id
attributes (#31495) - resource/aws_lambda_function: Add support for
ruby3.2
runtime
value (#31842) - resource/aws_lambda_layer_version: Add support for
ruby3.2
compatible_runtimes
value (#31842) - resource/aws_mwaa_environment: Consider
CREATING_SNAPSHOT
a valid pending state for resource update (#31833) - resource/aws_networkfirewall_firewall_policy: Add
stream_exception_policy
option tofirewall_policy.stateful_engine_options
(#31541) - resource/aws_redshiftserverless_workgroup: Additional supported values for
config_parameter.parameter_key
(#31747) - resource/aws_sagemaker_model: Add
container.model_package_name
andprimary_container.model_package_name
arguments (#31755)
BUG FIXES:
- data-source/aws_redshift_cluster: Fix crash reading clusters in
modifying
state (#31772) - provider/default_tags: Fix perpetual diff when identical tags are moved from
default_tags
to resourcetags
, and vice versa (#31826) - resource/aws_autoscaling_group: Ignore any
Failed
scaling activities due to IAM eventual consistency (#31282) - resource/aws_dx_connection: Convert
vlan_id
fromTypeString
toTypeInt
in Terraform state for existing resources. This fixes a regression introduced in v5.1.0 causinga number is required
errors (#31735) - resource/aws_globalaccelerator_endpoint_group: Fix bug updating
endpoint_configuration.weight
to0
(#31767) - resource/aws_medialive_channel: Fix spelling in
hls_cdn_settings
expander. (#31844) - resource/aws_redshiftserverless_namespace: Fix perpetual
iam_roles
diffs when the namespace contains a workgroup (#31749) - resource/aws_redshiftserverless_workgroup: Change
config_parameter
fromTypeList
toTypeSet
as order is not significant (#31747) - resource/aws_redshiftserverless_workgroup: Fix
ValidationException: Can't update multiple configurations at the same time
errors (#31747) - resource/aws_vpc_endpoint: Fix tagging error preventing use in ISO partitions (#31801)
BREAKING CHANGES:
- resource/aws_iam_role: The
role_last_used
attribute has been removed. Use theaws_iam_role
data source instead. (#31656)
NOTES:
- resource/aws_autoscaling_group: The
load_balancers
andtarget_group_arns
attributes have been changed toComputed
. This means that omitting this argument is interpreted as ignoring any existing load balancer or target group attachments. To remove all load balancer or target group attachments an empty list should be specified. (#31527) - resource/aws_iam_role: The
role_last_used
attribute has been removed. Use theaws_iam_role
data source instead. See the community feedback provided in the linked issue for additional justification on this change. As the attribute is read-only, unlikely to be used as an input to another resource, and available in the corresponding data source, a breaking change in a minor version was deemed preferable to a long deprecation/removal cycle in this circumstance. (#31656) - resource/aws_redshift_cluster: Ignores the parameter
aqua_configuration_status
, since the AWS API ignores it. Now always returnsauto
. (#31612)
FEATURES:
- New Data Source:
aws_vpclattice_resource_policy
(#31372) - New Resource:
aws_autoscaling_traffic_source_attachment
(#31527) - New Resource:
aws_emrcontainers_job_template
(#31399) - New Resource:
aws_glue_data_quality_ruleset
(#31604) - New Resource:
aws_quicksight_analysis
(#31542) - New Resource:
aws_quicksight_dashboard
(#31448) - New Resource:
aws_resourcegroups_resource
(#31430)
ENHANCEMENTS:
- data-source/aws_autoscaling_group: Add
traffic_source
attribute (#31527) - data-source/aws_opensearch_domain: Add
off_peak_window_options
attribute (#35970) - provider: Increases size of HTTP request bodies in logs to 1 KB (#31718)
- resource/aws_appsync_graphql_api: Add
visibility
argument (#31369) - resource/aws_appsync_graphql_api: Add plan time validation for
log_config.cloudwatch_logs_role_arn
(#31369) - resource/aws_autoscaling_group: Add
traffic_source
configuration block (#31527) - resource/aws_cloudformation_stack_set: Add
managed_execution
argument (#25210) - resource/aws_fsx_ontap_volume: Add
skip_final_backup
argument (#31544) - resource/aws_fsx_ontap_volume: Remove default value for
security_style
argument and mark as Computed (#31544) - resource/aws_fsx_ontap_volume: Update
ontap_volume_type
attribute to be configurable (#31544) - resource/aws_fsx_ontap_volume:
junction_path
is Optional (#31544) - resource/aws_fsx_ontap_volume:
storage_efficiency_enabled
is Optional (#31544) - resource/aws_grafana_workspace: Increase default Create and Update timeouts to 30 minutes (#31422)
- resource/aws_lambda_invocation: Add lifecycle_scope CRUD to invoke on each resource state transition (#29367)
- resource/aws_lambda_layer_version_permission: Add
skip_destroy
attribute (#29571) - resource/aws_lambda_provisioned_concurrency_configuration: Add
skip_destroy
argument (#31646) - resource/aws_opensearch_domain: Add
off_peak_window_options
configuration block (#35970) - resource/aws_sagemaker_endpoint_configuration: Add and
shadow_production_variants.serverless_config.provisioned_concurrency
arguments (#31398) - resource/aws_transfer_server: Add support for
TransferSecurityPolicy-2023-05
security_policy_name
value (#31536)
BUG FIXES:
- data-source/aws_dx_connection: Fix the
vlan_id
being returned as null (#31480) - provider/tags: Fix crash when some
tags
arenull
and others arecomputed
(#31687) - provider: Limits size of HTTP response bodies in logs to 4 KB (#31718)
- resource/aws_autoscaling_group: Fix
The AutoRollback parameter cannot be set to true when the DesiredConfiguration parameter is empty
errors when refreshing instances (#31715) - resource/aws_autoscaling_group: Now ignores previous failed scaling activities (#31551)
- resource/aws_cloudfront_distribution: Remove the upper limit on
origin_keepalive_timeout
(#31608) - resource/aws_connect_instance: Fix crash when reading instances with
CREATION_FAILED
status (#31689) - resource/aws_connect_security_profile: Set correct
tags
in state (#31716) - resource/aws_dx_connection: Fix the
vlan_id
being returned as null (#31480) - resource/aws_ecs_service: Fix crash when just
alarms
is updated (#31683) - resource/aws_fsx_ontap_volume: Change
storage_virtual_machine_id
to ForceNew (#31544) - resource/aws_fsx_ontap_volume: Change
volume_type
to ForceNew (#31544) - resource/aws_kendra_index: Persist
user_group_resolution_mode
value to state after creation (#31669) - resource/aws_medialive_channel: Fix attribute spelling in
hls_cdn_settings
expand (#31647) - resource/aws_quicksight_data_set: Fix join_instruction not applied when creating dataset (#31424)
- resource/aws_quicksight_data_set: Ignore failure to read refresh properties for non-SPICE datasets (#31488)
- resource/aws_rbin_rule: Fix crash when multiple
resource_tags
blocks are configured (#31393) - resource/aws_rds_cluster: Correctly update
db_cluster_instance_class
(#31709) - resource/aws_redshift_cluster: No longer errors on deletion when status is
Maintenance
(#31612) - resource/aws_route53_vpc_association_authorization: Fix
ConcurrentModification
error (#31588) - resource/aws_s3_bucket_replication_configuration: Replication configs sometimes need more than a second or two. This resolves a race condition and adds retry logic when reading them. (#30995)
BUG FIXES:
- provider/tags: Fix crash when tags are
null
(#31587)
BREAKING CHANGES:
- data-source/aws_api_gateway_rest_api:
minimum_compression_size
is now a string type to allow values set via thebody
attribute to be properly computed. (#30969) - data-source/aws_connect_hours_of_operation: The
hours_of_operation_arn
attribute has been removed (#31484) - data-source/aws_db_instance: With the retirement of EC2-Classic the
db_security_groups
attribute has been removed (#30966) - data-source/aws_elasticache_cluster: With the retirement of EC2-Classic the
security_group_names
attribute has been removed (#30966) - data-source/aws_elasticache_replication_group: Remove
number_cache_clusters
,replication_group_description
arguments -- usenum_cache_clusters
, anddescription
, respectively, instead (#31008) - data-source/aws_iam_policy_document: Don't add empty
statement.sid
values tojson
attribute value (#28539) - data-source/aws_iam_policy_document:
source_json
andoverride_json
have been removed -- usesource_policy_documents
andoverride_policy_documents
, respectively, instead (#30829) - data-source/aws_identitystore_group: The
filter
argument has been removed (#31312) - data-source/aws_identitystore_user: The
filter
argument has been removed (#31312) - data-source/aws_launch_configuration: With the retirement of EC2-Classic the
vpc_classic_link_id
andvpc_classic_link_security_groups
attributes have been removed (#30966) - data-source/aws_redshift_cluster: With the retirement of EC2-Classic the
cluster_security_groups
attribute has been removed (#30966) - data-source/aws_secretsmanager_secret: The
rotation_enabled
,rotation_lambda_arn
androtation_rules
attributes have been removed (#31487) - data-source/aws_vpc_peering_connection: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been removed (#30966) - provider: The
assume_role.duration_seconds
,assume_role_with_web_identity.duration_seconds
,s3_force_path_style
,shared_credentials_file
andskip_get_ec2_platforms
attributes have been removed (#31155) - provider: The
aws_subnet_ids
data source has been removed (#31140) - provider: With the retirement of EC2-Classic the
aws_db_security_group
resource has been removed (#30966) - provider: With the retirement of EC2-Classic the
aws_elasticache_security_group
resource has been removed (#30966) - provider: With the retirement of EC2-Classic the
aws_redshift_security_group
resource has been removed (#30966) - provider: With the retirement of Macie Classic the
aws_macie_member_account_association
resource has been removed (#31058) - provider: With the retirement of Macie Classic the
aws_macie_s3_bucket_association
resource has been removed (#31058) - resource/aws_acmpca_certificate_authority: The
status
attribute has been removed (#31084) - resource/aws_api_gateway_rest_api:
minimum_compression_size
is now a string type to allow values set via thebody
attribute to be properly computed. (#30969) - resource/aws_autoscaling_attachment:
alb_target_group_arn
has been removed -- uselb_target_group_arn
instead (#30828) - resource/aws_autoscaling_group: Remove deprecated
tags
attribute (#30842) - resource/aws_budgets_budget: The
cost_filters
attribute has been removed (#31395) - resource/aws_ce_anomaly_subscription: The
threshold
attribute has been removed (#30374) - resource/aws_cloudwatch_event_target: The
ecs_target.propagate_tags
attribute now has no default value (#25233) - resource/aws_codebuild_project: The
secondary_sources.auth
andsource.auth
attributes have been removed (#31483) - resource/aws_connect_hours_of_operation: The
hours_of_operation_arn
attribute has been removed (#31484) - resource/aws_connect_queue: The
quick_connect_ids_associated
attribute has been removed (#31376) - resource/aws_connect_routing_profile: The
queue_configs_associated
attribute has been removed (#31376) - resource/aws_db_instance: Remove
name
- usedb_name
instead (#31232) - resource/aws_db_instance: With the retirement of EC2-Classic the
security_group_names
attribute has been removed (#30966) - resource/aws_db_instance:
id
is no longer the AWS databaseidentifier
-id
is now thedbi-resource-id
. Refer toidentifier
instead ofid
to use the database's identifier (#31232) - resource/aws_default_vpc: With the retirement of EC2-Classic the
enable_classiclink
andenable_classiclink_dns_support
attributes have been removed (#30966) - resource/aws_dms_endpoint:
s3_settings.ignore_headers_row
has been removed (#30452) - resource/aws_docdb_cluster:
snapshot_identifier
change now properly forces replacement (#29409) - resource/aws_ec2_client_vpn_endpoint: The
status
attribute has been removed (#31223) - resource/aws_ec2_client_vpn_network_association: The
security_groups
attribute has been removed (#31396) - resource/aws_ec2_client_vpn_network_association: The
status
attribute has been removed (#31223) - resource/aws_ecs_cluster: The
capacity_providers
anddefault_capacity_provider_strategy
attributes have been removed (#31346) - resource/aws_eip: With the retirement of EC2-Classic the
standard
domain is no longer supported (#30966) - resource/aws_eip_association: With the retirement of EC2-Classic the
standard
domain is no longer supported (#30966) - resource/aws_elasticache_cluster: With the retirement of EC2-Classic the
security_group_names
attribute has been removed (#30966) - resource/aws_elasticache_replication_group: Remove
availability_zones
,number_cache_clusters
,replication_group_description
arguments -- usepreferred_cache_cluster_azs
,num_cache_clusters
, anddescription
, respectively, instead (#31008) - resource/aws_elasticache_replication_group: Remove
cluster_mode
configuration block -- use top-levelnum_node_groups
andreplicas_per_node_group
instead (#31008) - resource/aws_kinesis_firehose_delivery_stream: Remove
s3_configuration
attribute from the root of the resource.s3_configuration
is now a part of the following blocks:elasticsearch_configuration
,opensearch_configuration
,redshift_configuration
,splunk_configuration
, andhttp_endpoint_configuration
(#31138) - resource/aws_kinesis_firehose_delivery_stream: Remove
s3
as an option fordestination
. Useextended_s3
instead (#31138) - resource/aws_kinesis_firehose_delivery_stream: Rename
extended_s3_configuration.0.s3_backup_configuration.0.buffer_size
andextended_s3_configuration.0.s3_backup_configuration.0.buffer_interval
toextended_s3_configuration.0.s3_backup_configuration.0.buffering_size
andextended_s3_configuration.0.s3_backup_configuration.0.buffering_interval
, respectively (#31141) - resource/aws_kinesis_firehose_delivery_stream: Rename
redshift_configuration.0.s3_backup_configuration.0.buffer_size
andredshift_configuration.0.s3_backup_configuration.0.buffer_interval
toredshift_configuration.0.s3_backup_configuration.0.buffering_size
andredshift_configuration.0.s3_backup_configuration.0.buffering_interval
, respectively (#31141) - resource/aws_kinesis_firehose_delivery_stream: Rename
s3_configuration.0.buffer_size
ands3_configuration.0.buffer_internval
tos3_configuration.0.buffering_size
ands3_configuration.0.buffering_internval
, respectively (#31141) - resource/aws_launch_configuration: With the retirement of EC2-Classic the
vpc_classic_link_id
andvpc_classic_link_security_groups
attributes have been removed (#30966) - resource/aws_lightsail_instance: The
ipv6_address
attribute has been removed (#31489) - resource/aws_medialive_multiplex_program: The
statemux_settings
attribute has been removed. Usestatmux_settings
argument instead (#31034) - resource/aws_msk_cluster: The
broker_node_group_info.ebs_volume_size
attribute has been removed (#31324) - resource/aws_neptune_cluster:
snapshot_identifier
change now properly forces replacement (#29409) - resource/aws_networkmanager_core_network: Removed
policy_document
argument -- useaws_networkmanager_core_network_policy_attachment
resource instead (#30875) - resource/aws_rds_cluster: The
engine
argument is now required and has no default (#31112) - resource/aws_rds_cluster:
snapshot_identifier
change now properly forces replacement (#29409) - resource/aws_rds_cluster_instance: The
engine
argument is now required and has no default (#31112) - resource/aws_redshift_cluster: With the retirement of EC2-Classic the
cluster_security_groups
attribute has been removed (#30966) - resource/aws_route:
instance_id
can no longer be set in configurations. Usenetwork_interface_id
instead, for example, settingnetwork_interface_id
toaws_instance.test.primary_network_interface_id
. (#30804) - resource/aws_route_table:
route.*.instance_id
can no longer be set in configurations. Useroute.*.network_interface_id
instead, for example, settingnetwork_interface_id
toaws_instance.test.primary_network_interface_id
. (#30804) - resource/aws_secretsmanager_secret: The
rotation_enabled
,rotation_lambda_arn
androtation_rules
attributes have been removed (#31487) - resource/aws_security_group: With the retirement of EC2-Classic non-VPC security groups are no longer supported (#30966)
- resource/aws_security_group_rule: With the retirement of EC2-Classic non-VPC security groups are no longer supported (#30966)
- resource/aws_servicecatalog_product: Changes to any
provisioning_artifact_parameters
arguments now properly trigger a replacement. This fixes incorrect behavior, but may technically be breaking for configurations expecting non-functional in-place updates. (#31061) - resource/aws_vpc: With the retirement of EC2-Classic the
enable_classiclink
andenable_classiclink_dns_support
attributes have been removed (#30966) - resource/aws_vpc_peering_connection: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been removed (#30966) - resource/aws_vpc_peering_connection_accepter: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been removed (#30966) - resource/aws_vpc_peering_connection_options: With the retirement of EC2-Classic the
allow_classic_link_to_remote_vpc
andallow_vpc_to_remote_classic_link
attributes have been removed (#30966) - resource/aws_wafv2_web_acl: The
statement.managed_rule_group_statement.excluded_rule
andstatement.rule_group_reference_statement.excluded_rule
attributes have been removed (#31374) - resource/aws_wafv2_web_acl_logging_configuration: The
redacted_fields.all_query_arguments
,redacted_fields.body
andredacted_fields.single_query_argument
attributes have been removed (#31486)
NOTES:
- data-source/aws_elasticache_replication_group: Update configurations to use
description
instead of thereplication_group_description
argument (#31008) - data-source/aws_elasticache_replication_group: Update configurations to use
num_cache_clusters
instead of thenumber_cache_clusters
argument (#31008) - data-source/aws_opensearch_domain: The
kibana_endpoint
attribute has been deprecated. All configurations usingkibana_endpoint
should be updated to use thedashboard_endpoint
attribute instead (#31490) - data-source/aws_quicksight_data_set: The
tags_all
attribute has been deprecated and will be removed in a future version (#31162) - data-source/aws_redshift_service_account: The
aws_redshift_service_account
data source has been deprecated and will be removed in a future version. AWS documentation states that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#31006) - data-source/aws_service_discovery_service: The
tags_all
attribute has been deprecated and will be removed in a future version (#31162) - resource/aws_api_gateway_rest_api: Update configurations with
minimum_compression_size
set to pass the value as a string. Valid values remain the same. (#30969) - resource/aws_autoscaling_attachment: Update configurations to use
lb_target_group_arn
instead ofalb_target_group_arn
which has been removed (#30828) - resource/aws_db_event_subscription: Configurations that define
source_ids
using theid
attribute ofaws_db_instance
must be updated to useidentifier
instead - for example,source_ids = [aws_db_instance.example.id]
must be updated tosource_ids = [aws_db_instance.example.identifier]
(#31232) - resource/aws_db_instance: Configurations that define
replicate_source_db
using theid
attribute ofaws_db_instance
must be updated to useidentifier
instead - for example,replicate_source_db = aws_db_instance.example.id
must be updated toreplicate_source_db = aws_db_instance.example.identifier
(#31232) - resource/aws_db_instance: The change of what
id
is, namely, a DBI Resource ID now versus DB Identifier previously, has far-reaching consequences. Configurations that refer to, for example,aws_db_instance.example.id
will now have errors and must be changed to useidentifier
instead, for example,aws_db_instance.example.identifier
(#31232) - resource/aws_db_instance_role_association: Configurations that define
db_instance_identifier
using theid
attribute ofaws_db_instance
must be updated to useidentifier
instead - for example,db_instance_identifier = aws_db_instance.example.id
must be updated todb_instance_identifier = aws_db_instance.example.identifier
(#31232) - resource/aws_db_proxy_target: Configurations that define
db_instance_identifier
using theid
attribute ofaws_db_instance
must be updated to useidentifier
instead - for example,db_instance_identifier = aws_db_instance.example.id
must be updated todb_instance_identifier = aws_db_instance.example.identifier
(#31232) - resource/aws_db_snapshot: Configurations that define
db_instance_identifier
using theid
attribute ofaws_db_instance
must be updated to useidentifier
instead - for example,db_instance_identifier = aws_db_instance.example.id
must be updated todb_instance_identifier = aws_db_instance.example.identifier
(#31232) - resource/aws_docdb_cluster: Changes to the
snapshot_identifier
attribute will now trigger a replacement, rather than an in-place update. This corrects the previous behavior which resulted in a successful apply, but did not actually restore the cluster from the designated snapshot. (#29409) - resource/aws_dx_gateway_association: The
vpn_gateway_id
attribute has been deprecated. All configurations usingvpn_gateway_id
should be updated to use theassociated_gateway_id
attribute instead (#31384) - resource/aws_elasticache_replication_group: Update configurations to use
description
instead of thereplication_group_description
argument (#31008) - resource/aws_elasticache_replication_group: Update configurations to use
num_cache_clusters
instead of thenumber_cache_clusters
argument (#31008) - resource/aws_elasticache_replication_group: Update configurations to use
preferred_cache_cluster_azs
instead of theavailability_zones
argument (#31008) - resource/aws_elasticache_replication_group: Update configurations to use top-level
num_node_groups
andreplicas_per_node_group
instead ofcluster_mode.0.num_node_groups
andcluster_mode.0.replicas_per_node_group
, respectively (#31008) - resource/aws_flow_log: The
log_group_name
attribute has been deprecated. All configurations usinglog_group_name
should be updated to use thelog_destination
attribute instead (#31382) - resource/aws_guardduty_organization_configuration: The
auto_enable
argument has been deprecated. Use theauto_enable_organization_members
argument instead. (#30736) - resource/aws_neptune_cluster: Changes to the
snapshot_identifier
attribute will now trigger a replacement, rather than an in-place update. This corrects the previous behavior which resulted in a successful apply, but did not actually restore the cluster from the designated snapshot. (#29409) - resource/aws_networkmanager_core_network: Update configurations to use the
aws_networkmanager_core_network_policy_attachment
resource instead of thepolicy_document
argument (#30875) - resource/aws_opensearch_domain: The
engine_version
attribute no longer has a default value. When omitted, the underlying AWS API will use the latest OpenSearch engine version. (#31568) - resource/aws_opensearch_domain: The
kibana_endpoint
attribute has been deprecated. All configurations usingkibana_endpoint
should be updated to use thedashboard_endpoint
attribute instead (#31490) - resource/aws_rds_cluster: Changes to the
snapshot_identifier
attribute will now trigger a replacement, rather than an in-place update. This corrects the previous behavior which resulted in a successful apply, but did not actually restore the cluster from the designated snapshot. (#29409) - resource/aws_rds_cluster: Configurations not including the
engine
argument must be updated to includeengine
as it is now required. Previously, not includingengine
was equivalent toengine = "aurora"
and created a MySQL-5.6-compatible cluster (#31112) - resource/aws_rds_cluster_instance: Configurations not including the
engine
argument must be updated to includeengine
as it is now required. Previously, not includingengine
was equivalent toengine = "aurora"
and created a MySQL-5.6-compatible cluster instance (#31112) - resource/aws_route: Since
instance_id
can no longer be set in configurations, usenetwork_interface_id
instead. For example, setnetwork_interface_id
toaws_instance.test.primary_network_interface_id
. (#30804) - resource/aws_route_table: Since
route.*.instance_id
can no longer be set in configurations, useroute.*.network_interface_id
instead. For example, setnetwork_interface_id
toaws_instance.test.primary_network_interface_id
. (#30804) - resource/aws_ssm_association: The
instance_id
attribute has been deprecated. All configurations usinginstance_id
should be updated to use thetargets
attribute instead (#31380)
ENHANCEMENTS:
- provider: Allow
computed
tags
on resources (#30793) - provider: Allow
default_tags
and resourcetags
to include zero values""
(#30793) - provider: Duplicate
default_tags
can now be included and will be overwritten by resourcetags
(#30793) - resource/aws_db_instance: Updates to
identifier
andidentifier_prefix
will no longer cause the database instance to be destroyed and recreated (#31232) - resource/aws_eip: Deprecate
vpc
attribute. Usedomain
instead (#31567) - resource/aws_guardduty_organization_configuration: Add
auto_enable_organization_members
attribute (#30736) - resource/aws_kinesis_firehose_delivery_stream: Add
s3_configuration
toelasticsearch_configuration
,opensearch_configuration
,redshift_configuration
,splunk_configuration
, andhttp_endpoint_configuration
(#31138) - resource/aws_opensearch_domain: Removed
engine_version
default value (#31568) - resource/aws_wafv2_web_acl: Support
rule_action_override
onrule_group_reference_statement
(#31374)
BUG FIXES:
- resource/aws_ecs_capacity_provider: Allow an
instance_warmup_period
of0
in theauto_scaling_group_provider.managed_scaling
configuration block (#24005) - resource/aws_launch_template: Remove default values in
metadata_options
to allow default condition (#30545) - resource/aws_s3_bucket: Fix bucket_regional_domain_name not including region for buckets in us-east-1 (#25724)
- resource/aws_s3_object: Remove
acl
default in order to work with S3 buckets that have ACL disabled (#27197) - resource/aws_s3_object_copy: Remove
acl
default in order to work with S3 buckets that have ACL disabled (#27197) - resource/aws_servicecatalog_product: Changes to
provisioning_artifact_parameters
arguments now properly trigger a replacement (#31061) - resource/aws_vpc_peering_connection: Fix crash in
vpcPeeringConnectionOptionsEqual
(#30966)
For information on prior major releases, see their changelogs: