Skip to content

Update Terraform aws to v6 #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
soerenschneider wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update Terraform aws to v6 #11

soerenschneider wants to merge 2 commits into from

Conversation

@soerenschneider
Copy link
Owner

@soerenschneider soerenschneider commented Jun 19, 2025

This PR contains the following updates:

Package Type Update Change
aws (source) required_provider major 5.59.0 -> 6.0.0

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.0.0

Compare Source

BREAKING CHANGES:

  • data-source/aws_ami: The severity of the diagnostic returned when most_recent is true and owner and image ID filter criteria has been increased to an error. Existing configurations which were previously receiving a warning diagnostic will now fail to apply. To prevent this error, set the owner argument or include a filter block with an image-id or owner-id name/value pair. To continue using unsafe filter values with most_recent set to true, set the new allow_unsafe_filter argument to true. This is not recommended. (#​42114)
  • data-source/aws_ecs_task_definition: Remove inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • data-source/aws_ecs_task_execution: Remove inference_accelerator_overrides attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • data-source/aws_elbv2_listener_rule: The action.authenticate_cognito, action.authenticate_oidc, action.fixed_response, action.forward, action.forward.stickiness, action.redirect, condition.host_header, condition.http_header, condition.http_request_method, condition.path_pattern, condition.query_string, and condition.source_ip attributes are now list nested blocks instead of single nested blocks (#​42283)
  • data-source/aws_identitystore_user: filter has been removed (#​42325)
  • data-source/aws_launch_template: Remove elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • data-source/aws_launch_template: elastic_gpu_specifications has been removed (#​42312)
  • data-source/aws_opensearch_domain: kibana_endpoint has been removed (#​42268)
  • data-source/aws_opensearchserverless_security_config: saml_options is now a list nested block instead of a single nested block (#​42270)
  • data-source/aws_service_discovery_service: Remove tags_all attribute (#​42136)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_application resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_custom_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ecs_cluster_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ganglia_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_haproxy_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_instance resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_java_app_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_memcached_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_mysql_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_nodejs_app_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_permission resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_php_app_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rails_app_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rds_db_instance resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_stack resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_static_web_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_user_profile resource has been removed (#​41948)
  • provider: As the AWS SDK for Go v2 does not support Amazon SimpleDB the aws_simpledb_domain resource has been removed. Add a constraint to v5 of the Terraform AWS Provider for continued use of this resource (#​41775)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_fleet resource has been removed (#​42059)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_website_certificate_authority_association resource has been removed (#​42059)
  • provider: The aws_redshift_service_account resource has been removed. AWS recommends that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#​41941)
  • provider: The endpoints.iotanalytics and endpoints.iotevents configuration arguments have been removed (#​42703)
  • provider: The endpoints.opsworks configuration argument has been removed (#​41948)
  • provider: The endpoints.simpledb and endpoints.sdb configuration arguments have been removed (#​41775)
  • provider: The endpoints.worklink configuration argument has been removed (#​42059)
  • resource/aws_accessanalyzer_archive_rule: filter.exists now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_alb_target_group: preserve_client_ip now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_api_gateway_account: The reset_on_delete argument has been removed (#​42226)
  • resource/aws_api_gateway_deployment: Remove canary_settings, execution_arn, invoke_url, stage_description, and stage_name arguments. Instead, use the aws_api_gateway_stage resource to manage stages. (#​42249)
  • resource/aws_batch_compute_environment: Rename compute_environment_name to name
    resource/aws_batch_compute_environment: Rename compute_environment_name_prefix to name_prefix (#​38050)
  • resource/aws_batch_compute_environment_data_source: Rename compute_environment_name to name (#​38050)
  • resource/aws_batch_job_queue: Remove deprecated parameter compute_environments in place of compute_environment_order (#​40751)
  • resource/aws_bedrock_model_invocation_logging_configuration: logging_config, logging_config.cloudwatch_config, logging_config.cloudwatch_config.large_data_delivery_s3_config, and logging_config.s3_config are now list nested blocks instead of single nested blocks (#​42307)
  • resource/aws_cloudfront_key_value_store: Attribute id is now set to remote object's Id instead of name (#​42230)
  • resource/aws_cloudfront_response_headers_policy: The etag argument is now computed only (#​38448)
  • resource/aws_cloudtrail_event_data_store: suspend now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_cognito_user_in_group: The id attribute is now a comma-delimited string concatenating the user_pool_id, group_name, and username arguments (#​34082)
  • resource/aws_cur_report_definition: The s3_prefix argument is now required (#​38446)
  • resource/aws_db_instance: character_set_name now cannot be set with replicate_source_db, restore_to_point_in_time, s3_import, or snapshot_identifier. (#​42348)
  • resource/aws_dms_endpoint: Remove s3_settings attribute. Use aws_dms_s3_endpoint instead (#​42379)
  • resource/aws_dx_gateway_association: vpn_gateway_id has been removed (#​42323)
  • resource/aws_ec2_spot_instance_fleet: terminate_instances_on_delete now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_ec2_spot_instance_request: Remove block_duration_minutes attribute (#​42060)
  • resource/aws_ecs_task_definition: Remove inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • resource/aws_eip: vpc has been removed. Use domain instead. (#​42340)
  • resource/aws_eks_addon: resolve_conflicts has been removed. Use resolve_conflicts_on_create and resolve_conflicts_on_update instead. (#​42318)
  • resource/aws_elasticache_cluster: auto_minor_version_upgrade now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_elasticache_replication_group: at_rest_encryption_enabled and auto_minor_version_upgrade now only accept one of "" (empty string), true, or false (#​42434)
  • resource/aws_elasticache_replication_group: auth_token_update_strategy no longer has a default value. If auth_token is set, auth_token_update_strategy must also be explicitly configured. (#​42336)
  • resource/aws_evidently_feature: variations.value.bool_value now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_flow_log: log_group_name has been removed. Use log_destination instead. (#​42333)
  • resource/aws_globalaccelerator_accelerator: The id attribute is now computed only (#​42097)
  • resource/aws_guardduty_detector: Deprecates datasources. Use aws_guardduty_detector_feature resources instead. (#​42436)
  • resource/aws_guardduty_organization_configuration: The auto_enable attribute has been removed (#​42251)
  • resource/aws_identitystore_group: filter has been removed (#​42325)
  • resource/aws_imagebuilder_container_recipe: instance_configuration.block_device_mapping.ebs.delete_on_termination and instance_configuration.block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#​42434)
  • resource/aws_imagebuilder_image_recipe: block_device_mapping.ebs.delete_on_termination and block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#​42434)
  • resource/aws_instance: Remove cpu_core_count and cpu_threads_per_core. Instead, use cpu_options. (#​42280)
  • resource/aws_instance: user_data now displays cleartext instead of a hash. Base64 encoded content should use user_data_base64 instead. (#​42078)
  • resource/aws_launch_template: block_device_mappings.ebs.delete_on_termination, block_device_mappings.ebs.encrypted, ebs_optimized, network_interfaces.associate_carrier_ip_address, network_interfaces.associate_public_ip_address, network_interfaces.delete_on_termination, and network_interfaces.primary_ipv6 now only accept one of "" (empty string), true, or false (#​42434)
  • resource/aws_launch_template: Remove elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • resource/aws_launch_template: elastic_gpu_specifications has been removed (#​42312)
  • resource/aws_lb_listener: mutual_authentication attributes advertise_trust_store_ca_names, ignore_client_certificate_expiry, and trust_store_arn are only valid if mode is verify (#​42326)
  • resource/aws_lb_target_group: preserve_client_ip now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_mq_broker: logs.audit now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_networkmanager_core_network: The base_policy_region argument has been removed. Use base_policy_regions instead. (#​38398)
  • resource/aws_opensearch_domain: kibana_endpoint has been removed (#​42268)
  • resource/aws_opensearchserverless_security_config: saml_options is now a list nested block instead of a single nested block (#​42270)
  • resource/aws_paymentcryptography_key: key_attributes and key_attributes.key_modes_of_use are now list nested blocks instead of single nested blocks. (#​42264)
  • resource/aws_quicksight_data_set: tags_all has been removed (#​42260)
  • resource/aws_redshift_cluster: Attributes cluster_public_key, cluster_revision_number, and endpoint are now read only and should not be set (#​42119)
  • resource/aws_redshift_cluster: The logging attribute has been removed (#​42013)
  • resource/aws_redshift_cluster: The publicly_accessible attribute now defaults to false (#​41978)
  • resource/aws_redshift_cluster: The snapshot_copy attribute has been removed (#​41995)
  • resource/aws_rekognition_stream_processor: regions_of_interest.bounding_box is now a list nested block instead of a single nested block (#​41380)
  • resource/aws_resiliencehub_resiliency_policy: policy, policy.az, policy.hardware, policy.software, and policy.region are now list nested blocks instead of single nested blocks (#​42297)
  • resource/aws_sagemaker_app_image_config: Exactly one code_editor_app_image_config, jupyter_lab_image_config, or kernel_gateway_image_config block must be configured (#​42753)
  • resource/aws_sagemaker_image_version: id is now a comma-delimited string concatenating image_name and version (#​42536)
  • resource/aws_sagemaker_notebook_instance: Remove accelerator_types from your configuration—it no longer exists. Instead, use instance_type to use Inferentia. (#​42099)
  • resource/aws_ssm_association: Remove instance_id argument (#​42224)
  • resource/aws_verifiedpermissions_schema: definition is now a list nested block instead of a single nested block (#​42305)
  • resource/aws_wafv2_web_acl: rule.statement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_bot_control_rule_set.enable_machine_learning now defaults to false (#​39858)

NOTES:

  • data-source/aws_cloudtrail_service_account: This data source is deprecated. AWS recommends using a service principal name instead of an AWS account ID in any relevant IAM policy. (#​42320)
  • data-source/aws_kms_secret: This data source will be removed in a future version (#​42524)
  • data-source/aws_region: The name attribute has been deprecated. All configurations using name should be updated to use the region attribute instead (#​42131)
  • data-source/aws_s3_bucket: Add bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#​42014)
  • data-source/aws_servicequotas_templates: The region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#​42131)
  • data-source/aws_ssmincidents_replication_set: The region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#​42014)
  • data-source/aws_vpc_endpoint_service: The region attribute has been deprecated. All configurations using region should be updated to use the service_region attribute instead (#​42014)
  • data-source/aws_vpc_peering_connection: The region attribute has been deprecated. All configurations using region should be updated to use the requester_region attribute instead (#​42014)
  • provider: Support for the global S3 endpoint is deprecated, along with the s3_us_east_1_regional_endpoint argument. The ability to use the global S3 endpoint will be removed in v7.0.0. (#​42375)
  • resource/aws_cloudformation_stack_set_instance: The region attribute has been deprecated. All configurations using region should be updated to use the stack_set_instance_region attribute instead (#​42014)
  • resource/aws_codeconnections_host: Deprecates id in favor of arn (#​42232)
  • resource/aws_config_aggregate_authorization: The region attribute has been deprecated. All configurations using region should be updated to use the authorized_aws_region attribute instead (#​42014)
  • resource/aws_dx_hosted_connection: The region attribute has been deprecated. All configurations using region should be updated to use the connection_region attribute instead (#​42014)
  • resource/aws_elasticache_replication_group: The ability to provide an uppercase engine value is deprecated (#​42419)
  • resource/aws_elasticache_user: The ability to provide an uppercase engine value is deprecated (#​42419)
  • resource/aws_elasticache_user_group: The ability to provide an uppercase engine value is deprecated (#​42419)
  • resource/aws_elastictranscoder_pipeline: This resource is deprecated. Use AWS Elemental MediaConvert instead. (#​42313)
  • resource/aws_elastictranscoder_preset: This resource is deprecated. Use AWS Elemental MediaConvert instead. (#​42313)
  • resource/aws_evidently_feature: This resource is deprecated. Use AWS AppConfig feature flags instead. (#​42227)
  • resource/aws_evidently_launch: This resource is deprecated. Use AWS AppConfig feature flags instead. (#​42227)
  • resource/aws_evidently_project: This resource is deprecated. Use AWS AppConfig feature flags instead. (#​42227)
  • resource/aws_evidently_segment: This resource is deprecated. Use AWS AppConfig feature flags instead. (#​42227)
  • resource/aws_guardduty_organization_configuration: datasources now returns a deprecation warning (#​42251)
  • resource/aws_kinesis_analytics_application: Effective January 27, 2026, AWS will no longer support Kinesis Data Analytics for SQL. This resource is deprecated and will be removed in a future version. Use the aws_kinesisanalyticsv2_application resource instead (#​42102)
  • resource/aws_media_store_container: This resource is deprecated. It will be removed in a future version. Use S3, AWS MediaPackage, or other storage solution instead. (#​42265)
  • resource/aws_media_store_container_policy: This resource is deprecated. It will be removed in a future version. Use S3, AWS MediaPackage, or other storage solution instead. (#​42265)
  • resource/aws_redshift_cluster: The default value of encrypted is now true to match the AWS API. (#​42631)
  • resource/aws_s3_bucket: Add bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#​42014)
  • resource/aws_service_discovery_service: health_check_custom_config.failure_threshold is deprecated. The argument is no longer supported by AWS and is always set to 1 (#​40777)
  • resource/aws_servicequotas_template: The region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#​42131)
  • resource/aws_ssmincidents_replication_set: The region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#​42014)

ENHANCEMENTS:

  • data-source/aws_ami: Add allow_unsafe_filter argument (#​42114)
  • data-source/aws_availability_zone: Add group_long_name attribute (#​42014)
  • data-source/aws_availability_zone: Mark region as Optional, allowing a value to be configured (#​42014)
  • resource/aws_auditmanager_assessment: Add plan-time validation of roles.role_arn and roles.role_type (#​42131)
  • provider: Add enhanced region support to most resources, data sources, and ephemeral resources, allowing per-resource Region targeting without requiring multiple provider configurations. See the Enhanced Region Support guide for more information. (#​43075)
  • resource/aws_auditmanager_control: Add plan-time validation of control_mapping_sources.source_frequency, control_mapping_sources.source_set_up_option, and control_mapping_sources.source_type (#​42131)
  • resource/aws_auditmanager_framework_share: Add plan-time validation of destination_account (#​42741)
  • resource/aws_auditmanager_organization_admin_account_registration: Add plan-time validation of admin_account_id (#​42741)
  • resource/aws_cognito_user_in_group: Add import support (#​34082)
  • resource/aws_ecs_service: Add arn attribute (#​42733)
  • resource/aws_guardduty_detector: Adds validation to finding_publishing_frequency. (#​42436)
  • resource/aws_lb_listener: mutual_authentication attribute trust_store_arn is required if mode is verify (#​42326)
  • resource/aws_quicksight_iam_policy_assignment: Add plan-time validation of policy_arn (#​42131)
  • resource/aws_sagemaker_image_version: Add aliases argument (#​42610)
  • resource/aws_securitylake_subscriber: Add plan-time validation of access_type source.aws_log_source_resource.source_name, and subscriber_identity.external_id (#​42131)

BUG FIXES:

  • resource/aws_auditmanager_control: Fix Provider produced inconsistent result after apply errors (#​42131)
  • resource/aws_redshift_cluster: Fixes permanent diff when encrypted is not explicitly set to true. (#​42631)
  • resource/aws_rekognition_stream_processor: Fix regions_of_interest.bounding_box and regions_of_interest.polygon argument validation (#​41380)
  • resource/aws_sagemaker_image_version: Read the correct image version after creation rather than always fetching the latest (#​42536)
  • resource/aws_securitylake_subscriber: Change access_type to ForceNew (#​42131)

v5.100.0

Compare Source

NOTES:

  • resource/aws_route53_vpc_association_authorization: Because we cannot easily replicate the highly concurrent environments in which these errors have been observed, this fix is best effort and we ask for community help in verifying the reported issues are resolved by this change (#​42948)

FEATURES:

  • New Resource: aws_dsql_cluster (#​41868)
  • New Resource: aws_dsql_cluster_peering (#​41868)
  • New Resource: aws_prometheus_workspace_configuration (#​42478)
  • New Resource: aws_s3control_directory_bucket_access_point_scope (#​42338)
  • New Resource: aws_vpc_route_server (#​42392)
  • New Resource: aws_vpc_route_server_endpoint (#​42392)
  • New Resource: aws_vpc_route_server_peer (#​42392)
  • New Resource: aws_vpc_route_server_propagation (#​42392)
  • New Resource: aws_vpc_route_server_vpc_association (#​42392)
  • New Resource: aws_workspacesweb_data_protection_settings (#​42852)
  • New Resource: aws_workspacesweb_ip_access_settings (#​42863)
  • New Resource: aws_workspacesweb_user_access_logging_settings (#​42868)

ENHANCEMENTS:

  • data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-east-2 AWS Region (#​42915)
  • data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-east-2 AWS Region (#​42915)
  • data-source/aws_neptune_engine_version: Add several arguments and attributes to support dynamic selection of versions including latest, has_major_target, preferred_major_targets, and preferred_upgrade_targets (#​42854)
  • data-source/aws_s3_bucket: Add hosted zone ID for ap-east-2 AWS Region (#​42915)
  • provider: Support ap-east-2 as a valid AWS Region (#​42906)
  • resource/aws_fsx_lustre_file_system: Add data_read_cache_configuration and throughput_capacity arguments in support of the Intelligent-Tiering storage class (#​42839)
  • resource/aws_pinpointsmsvoicev2_phone_number: Add two_way_channel_role argument (#​42950)
  • resource/aws_route53_vpc_association_authorization: Add configurable timeouts for create, read, and delete (#​42948)
  • resource/aws_s3_access_point: Add support for S3 Directory Buckets (#​42338)
  • resource/aws_s3control_access_point_policy: Add support for S3 Directory Buckets (#​42338)
  • resource/aws_vpn_connection: Add preshared_key_storage argument and preshared_key_arn attribute (#​42819)
  • resource/aws_wafv2_rule_group: Add statement.asn_match_statement configuration block (#​42965)
  • resource/aws_wafv2_web_acl: Add statement.asn_match_statement configuration block (#​42965)

BUG FIXES:

  • resource/aws_cloudfrontkeyvaluestore_keys_exclusive: Batch update operations to stay under the Key Value Store Service Quota. The max_batch_size argument can be used to override the default value of 50 items. (#​42795)
  • resource/aws_cloudwatch_log_destination: Fix to return the first matched destination name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_group: Fix to return the first matched group name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_metric_filter: Fix to return the first matched filter name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_query_definition: Fix to return the first matched query definition ID during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_resource_policy: Fix to return the first matched policy name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_subscription_filter: Fix to return the first matched filter name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_dynamodb_table: Set new computed value for stream_arn attribute when changing stream_view_type (#​42561)
  • resource/aws_neptune_cluster: Enable minor and major version upgrades by fixing various issues preventing them (#​42854)
  • resource/aws_neptune_global_cluster: Enable minor and major version upgrades by fixing various issues preventing them (#​42854)
  • resource/aws_route53_vpc_association_authorization: Retry InvalidPaginationToken errors on read (#​42948)
  • resource/aws_verifiedaccess_endpoint: Fix InvalidParameterValue: The value of loadBalancerOptions.port you provided is not valid errors when creating TCP load balancer endpoints (#​42736)
  • resource/aws_vpc_endpoint_subnet_association: Fix OperationInProgress: VpcEndpoint modify operation in progress errors when deleting multiple associations in parallel (#​42884)

v5.99.1

Compare Source

BUG FIXES:

  • resource/aws_fms_admin_account: Fix panic: runtime error: invalid memory address or nil pointer dereference (#​42813)
  • resource/aws_lb: Ignore InvalidAction exceptions for DescribeCapacityReservation operations. This fixes a regression introduced in v5.99.0 (#​42812)
  • resource/aws_s3_bucket_lifecycle_configuration: Correctly handles switching child attributes of rule.filter. (#​42655)

v5.99.0

Compare Source

FEATURES:

  • New Resource: aws_notifications_channel_association (#​42575)
  • New Resource: aws_notifications_event_rule (#​42575)
  • New Resource: aws_notifications_notification_configuration (#​42575)
  • New Resource: aws_notifications_notification_hub (#​42544)
  • New Resource: aws_notificationscontacts_email_contact (#​42575)
  • New Resource: aws_quicksight_account_settings (#​42185)
  • New Resource: aws_workspacesweb_browser_settings (#​42681)
  • New Resource: aws_workspacesweb_network_settings (#​42722)
  • New Resource: aws_workspacesweb_user_settings (#​42783)

ENHANCEMENTS:

  • data-source/aws_ami: Add block_device_mappings.ebs["volume_initialization_rate"] attribute (#​42684)
  • data-source/aws_launch_template: Add block_device_mappings.ebs.volume_initialization_rate attribute (#​42684)
  • data-source/aws_verifiedpermissions_policy_store: Add tags attribute. This functionality requires the verifiedpermissions:ListTagsForResource IAM permission (#​42663)
  • resource/aws_ecs_service: Add volume_configuration.managed_ebs_volume.volume_initialization_rate argument (#​42750)
  • resource/aws_launch_template: Add block_device_mappings.ebs.volume_initialization_rate argument (#​42684)
  • resource/aws_lb: Add minimum_load_balancer_capacity configuration block. This functionality requires the elasticloadbalancing:DescribeCapacityReservations and elasticloadbalancing:ModifyCapacityReservation IAM permissions (#​42685)
  • resource/aws_organizations_account: Allow name to be updated in-place. This functionality requires the account:PutAccountName IAM permission (#​42350)
  • resource/aws_securityhub_standards_subscription: Add configurable Create and Delete timeouts (#​42759)
  • resource/aws_verifiedpermissions_policy_store: Add tags argument and tags_all attribute. This functionality requires the verifiedpermissions:ListTagsForResource, verifiedpermissions:TagResource, and verifiedpermissions:UntagResource IAM permissions (#​42663)

BUG FIXES:

  • data-source/aws_ecr_repository_creation_template: prefix can now be up to 256 characters (#​42723)
  • resource/aws_cloudwatch_log_stream: Fix to return the first matched stream name during the read operation. This fixes a regression introduced in v5.83.0 (#​42719)
  • resource/aws_cognitoidp_user_pool: Fix crash when the user_pool_add_ons.advanced_security_additional_flows block is non-empty, but contains only a single nil value. (#​42793)
  • resource/aws_ecr_repository_creation_template: prefix can now be up to 256 characters (#​42723)
  • resource/aws_elasticache_replication_group: Fix crash during read operations where configuration endpoint and node groups are nil and empty, respectively (#​42726)
  • resource/aws_s3_bucket: Ensure that HeadBucket S3 API calls are made using configured credentials. This fixes a regression introduced in v5.98.0 (#​42786)
  • resource/aws_s3_bucket_lifecycle_configuration: No longer returns warning on empty rule.filter. (#​42624)
  • resource/aws_vpc_endpoint: Fix issue where dns_options were not being updated correctly when private_dns_enabled was set to true (#​42746)

v5.98.0

Compare Source

FEATURES:

  • New Data Source: aws_account_primary_contact (#​42526)
  • New Data Source: aws_dynamodb_tables (#​42339)
  • New Resource: aws_bedrockagent_prompt (#​42211)
  • New Resource: aws_cloudfrontkeyvaluestore_keys_exclusive (#​42246)
  • New Resource: aws_dataexchange_revision_assets (#​42272)
  • New Resource: aws_inspector2_filter (#​42374)
  • New Resource: aws_wafv2_api_key (#​42525)

ENHANCEMENTS:

  • data-source/aws_cloudwatch_event_bus: Add dead_letter_config attribute (#​42471)
  • data-source/aws_cloudwatch_event_connection: Add kms_key_identifier attribute (#​42385)
  • data-source/aws_cognito_user_pool_client: Add refresh_token_rotation attribute (#​42430)
  • data-source/aws_cognitoidp_user_pool: Add user_pool_add_ons attribute (#​42470)
  • data-source/aws_dynamodb_table: Add point_in_time_recovery.recovery_period_in_days attribute (#​41484)
  • data-source/aws_ec2_client_vpn_endpoint: Add client_route_enforcement_options attribute (#​42424)
  • data-source/aws_imagebuilder_distribution_configuration: Add distribution.ssm_parameter_configuration attribute (#​42604)
  • data-source/aws_redshiftserverless_workgroup: Add track_name attribute (#​42451)
  • data-source/aws_workspaces_directory: Add active_directory_config, user_identity_type, workspace_directory_description, workspace_directory_name, and workspace_type attributes (#​42330)
  • resource/aws_appflow_flow: Add destination_flow_config.destination_connector_properties.salesforce.data_transfer_api argument (#​42479)
  • resource/aws_autoscaling_group: Add capacity_reservation_specification argument (#​42380)
  • resource/aws_bedrockagent_agent: Add prepared_at attribute. (#​42586)
  • resource/aws_bedrockagent_agent: Increase instruction max length for validation to 20000 (#​42596)
  • resource/aws_cloudwatch_event_bus: Add dead_letter_config argument (#​42471)
  • resource/aws_cloudwatch_event_connection: Add kms_key_identifier argument (#​42385)
  • resource/aws_cognito_managed_user_pool_client: Add refresh_token_rotation argument (#​42430)
  • resource/aws_cognito_user_pool_client: Add refresh_token_rotation argument (#​42430)
  • resource/aws_cognitoidp_user_pool: Add user_pool_add_ons.advanced_security_additional_flows argument (#​42470)
  • resource/aws_docdb_cluster: Add manage_master_user_password argument and master_user_secret attribute (#​42563)
  • resource/aws_dynamodb_table: Add point_in_time_recovery.recovery_period_in_days argument (#​41484)
  • resource/aws_ec2_client_vpn_endpoint: Add client_route_enforcement_options argument (#​42424)
  • resource/aws_ecs_account_setting_default: Add support for defaultLogDriverMode value in Name argument (#​42418)
  • resource/aws_imagebuilder_distribution_configuration: Add distribution.ssm_parameter_configuration argument (#​42604)
  • resource/aws_iot_domain_configuration: Add application_protocol and authentication_type arguments (#​42534)
  • resource/aws_msk_serverless_cluster: Add bootstrap_brokers_sasl_iam attribute. This functionality requires the kafka:GetBootstrapBrokers IAM permission (#​42148)
  • resource/aws_redshiftserverless_workgroup: Add track_name argument (#​42451)
  • resource/aws_rum_app_monitor: Add domain_list argument (#​42456)
  • resource/aws_rum_app_monitor: Mark domain as Optional (#​42456)
  • resource/aws_s3tables_table: Add encryption_configuration argument. This functionality requires the s3tables:GetTableEncryption IAM permission (#​42356)
  • resource/aws_s3tables_table_bucket: Add encryption_configuration argument. This functionality requires the s3tables:GetTableBucketEncryption IAM permission (#​42356)
  • resource/aws_securityhub_finding_aggregator: Support NO_REGIONS as a valid value for linking_mode (#​42574

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@soerenschneider soerenschneider self-assigned this Jun 19, 2025
@soerenschneider
Copy link
Owner Author

soerenschneider commented Jun 20, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@soerenschneider soerenschneider

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@soerenschneider @renovate-bot