v5.81.0

FEATURES:

• New Data Source: aws_servicecatalogappregistry_attribute_group (#38188)
• New Ephemeral Resource: aws_ssm_parameter (#40313)
• New Resource: aws_bedrock_inference_profile (#40294)
• New Resource: aws_cloudwatch_log_anomaly_detector (#40437)
• New Resource: aws_ecr_account_setting (#40219)
• New Resource: aws_msk_single_scram_secret_association (#37056)
• New Resource: aws_servicecatalogappregistry_attribute_group (#38183)
• New Resource: aws_servicecatalogappregistry_attribute_group_association (#38290)

ENHANCEMENTS:

• data-source/aws_api_gateway_domain_name: Add policy and domain_name_id attributes (#40364)
• data-source/aws_servicecatalogappregistry_application: Add tags attribute (#38243)
• data-source/aws_sesv2_configuration_set: Add delivery_options.max_delivery_seconds and tracking_options.https_policy attributes (#40194)
• resource/aws_api_gateway_base_path_mapping: Add domain_name_id argument (#40447)
• resource/aws_api_gateway_domain_name: Add policy argument and domain_name_id attribute (#40364)
• resource/aws_api_gateway_domain_name: Support PRIVATE as a valid value for endpoint_configuration.types argument, enabling custom domain name support for private REST API endpoints (#40364)
• resource/aws_ebs_snapshot_copy: Add completion_duration_minutes argument (#40336)
• resource/aws_glue_catalog_table_optimizer: Add configuration.retention_configuration and configuration.orphan_file_deletion_configuration attributes. (#40199)
• resource/aws_instance: Add enable_primary_ipv6 argument to add support for enabling primary IPv6 addresses on EC2 instances (#36425)
• resource/aws_kinesis_stream: Add plan-time validation that shard_count would not exceed the AWS account's shard quota when the data stream capacity mode is PROVISIONED, preventing the provider from retrying for 1 hour in the case that the quota is exceeded. This functionality requires the kinesis:DescribeLimits IAM permission (#40499)
• resource/aws_kinesis_stream: Add plan-time validation that creation of an on-demand stream would not exceed the AWS account's data stream quota, preventing the provider from retrying for 1 hour in the case that the quota is exceeded. This functionality requires the kinesis:DescribeLimits IAM permission (#40499)
• resource/aws_msk_replicator: Add topic_replication.topic_name_configuration argument (#40101)
• resource/aws_network_interface: Add enable_primary_ipv6 argument to add support for enabling primary IPv6 addresses for network interfaces (#36425)
• resource/aws_networkfirewall_firewall_policy: Add stateful_engine_options.flow_timeouts argument (#39996)
• resource/aws_rds_cluster: Add serverlessv2_scaling_configuration.seconds_until_auto_pause argument (#40441)
• resource/aws_rds_global_cluster: Add tags argument and tags_all attribute (#40470)
• resource/aws_sagemaker_notebook_instance: Support notebook-al2-v3 value for platform_identifier (#40484)
• resource/aws_servicecatalogappregistry_application: Add tags argument and tags_all attribute (#38243)
• resource/aws_sesv2_configuration_set: Add delivery_options.max_delivery_seconds and tracking_options.https_policy arguments (#40194)

BUG FIXES:

• data-source/aws_kinesis_stream: Fix InvalidArgumentException: NextToken and StreamName cannot be provided together errors when the data stream has more than 1000 shards (#40499)
• resource/aws_ce_cost_category: Change rule from TypeSet to TypeList as order is significant (#40521)
• resource/aws_fsx_windows_file_system: Fix plan-time validation of throughput_capacity validation to allow values up to 12228 (#40468)
• resource/aws_networkfirewall_logging_configuration: Correctly manage all configured logging_configuration.log_destination_configs (#40092)
• resource/aws_rds_cluster: Fix InvalidDBClusterStateFault errors when deleting clusters that are members of a global cluster (#40333)
• resource/aws_rds_cluster: Fix InvalidParameterValue: Serverless v2 maximum capacity 0.0 isn't valid. The maximum capacity must be at least 1.0. errors when removing serverlessv2_scaling_configuration in an update (#40511)
• resource/aws_rds_cluster: Respect storage_type when restoring from S3 (#40471)
• resource/aws_rds_cluster: Respect storage_type when restoring from snapshot (#40471)
• resource/aws_rds_cluster: Respect storage_type when restoring to a point in time (#40471)
• resource/aws_rds_global_cluster: Mark database_name as Computed. This prevents resource recreation when the source cluster specifies a database_name (#40469)

v5.80.0

FEATURES:

• New Resource: aws_codeconnections_connection (#40300)
• New Resource: aws_codeconnections_host (#40300)
• New Resource: aws_s3tables_namespace (#40420)
• New Resource: aws_s3tables_table (#40420)
• New Resource: aws_s3tables_table_bucket (#40420)
• New Resource: aws_s3tables_table_bucket_policy (#40420)
• New Resource: aws_s3tables_table_policy (#40420)

ENHANCEMENTS:

• resource/aws_bedrockagent_agent: Increase instruction max length for validation to 8000 (#40279)
• resource/aws_dynamodb_table_replica: Add deletion_protection_enabled argument (#35359)
• resource/aws_rds_cluster: Adjust serverlessv2_scaling_configuration.max_capacity and serverlessv2_scaling_configuration.min_capacity minimum values to 0 to support Amazon Aurora Serverless v2 scaling to 0 ACUs (#40230)
• resource/aws_s3_directory_bucket: Support LocalZone as a valid value for location.type, enabling support for Amazon S3 Express One Zone in AWS Dedicated Local Zones (#40339)

BUG FIXES:

• resource/aws_bedrock_provisioned_model_throughput: Properly manages tags_all when planning. (#40305)
• resource/aws_connect_contact_flow: Fix deserialization failed, failed to decode response body with invalid JSON errors on Read (#40419)
• resource/aws_rds_cluster_instance: Fix error when destroying from a read replica cluster (#40409)

v5.79.0

FEATURES:

• New Resource: aws_vpc_block_public_access_exclusion (#40235)
• New Resource: aws_vpc_block_public_access_options (#40233)

ENHANCEMENTS:

• resource/aws_eks_cluster: Add compute_config, storage_config, and kubernetes_network_config.elastic_load_balancing arguments for EKS Auto Mode (#40370)
• resource/aws_eks_cluster: Add remote_network_config argument for EKS Auto Mode (#40371)
• resource/aws_lambda_event_source_mapping: Add metrics_config argument (#40322)
• resource/aws_lambda_event_source_mapping: Add provisioned_poller_config argument (#40303)
• resource/aws_rds_cluster: Add ability to promote read replica cluster to standalone (#40337)
• resource/aws_vpc_endpoint_service: Add supported_regions argument (#40346)

BUG FIXES:

• resource/aws_fsx_openzfs_file_system: Increase maximum value of disk_iops_configuration.iops from 350000 to 400000 for deployment_type = "SINGLE_AZ_2" (#40359)

v5.78.0

NOTES:

• resource/aws_s3_bucket_lifecycle_configuration: Lifecycle configurations can now be applied to directory buckets (#40268)

FEATURES:

• New Resource: aws_iam_organizations_features (#40164)

ENHANCEMENTS:

• data-source/aws_memorydb_cluster: Add engine attribute (#40224)
• data-source/aws_memorydb_snapshot: Add cluster_configuration.engine attribute (#40224)
• resource/aws_memorydb_cluster: Add engine argument (#40224)
• resource/aws_memorydb_snapshot: Add cluster_configuration.engine attribute (#40224)

BUG FIXES:

• data-source/aws_rds_reserved_instance_offering: When product_description (e.g., "postgresql") is a substring of multiple products, fix Error: multiple RDS Reserved Instance Offerings matched; use additional constraints to reduce matches to a single RDS Reserved Instance Offering (#40281)
• provider: Suppress Warning: AWS account ID not found for provider when skip_requesting_account_id is true (#40264)
• resource/aws_batch_job_definition: Fix crash when specifying eksProperties or ecsProperties block (#40172)
• resource/aws_bedrock_guardrail: Fix perpetual diff if multiple content_policy_config.filters_configs are specified. (#40304)
• resource/aws_chatbot_slack_channel_configuration: Fix inconsistent provider result when order of sns_topic_arnschanges (#40253)
• resource/aws_chatbot_teams_channel_configuration: Fix inconsistent provider result when order of sns_topic_arnschanges (#40291)
• resource/aws_db_instance: When changing storage_type from io1 or io2 to gp3, fix bug causing error InvalidParameterCombination: You must specify both the storage size and iops when modifying the storage size or iops on a DB instance that has iops (#37257)
• resource/aws_db_instance: When changing a gp3 volume's allocated_storage to a value larger than the threshold value for engine, fix bug causing error InvalidParameterCombination: You must specify both the storage size and iops when modifying the storage size or iops on a DB instance that has iops (#28847)

v5.77.0

NOTES:

• New ephemeral resources aws_kms_secrets, aws_lambda_invocation, and aws_secretsmanager_secret_version now support ephemeral values. (#40009)

FEATURES:

• New Ephemeral Resource: aws_kms_secrets (#40009)
• New Ephemeral Resource: aws_lambda_invocation (#39988)
• New Ephemeral Resource: aws_secretsmanager_secret_version (#40009)
• New Resource: aws_rds_instance_state (#40180)

ENHANCEMENTS:

• data-source/aws_ami: Add warning diagnostic when most_recent is true and certain filter criteria are missing (#40211)
• data-source/aws_ecs_service: Add availability_zone_rebalancing attribute (#40225)
• resource/aws_ecs_service: Add availability_zone_rebalancing attribute (#40225)
• resource/aws_ecs_service: Add vpc_lattice_configurations argument (#40177)
• resource/aws_ecs_task_definition: Add versionConsistency argument to container_definitions (#40216)
• resource/aws_rds_global_cluster: Add endpoint argument to point to the writer DB instance in the current primary cluster (#39960)

BUG FIXES:

• data-source/aws_subnet: Set tags from the DescribeSubnets response, removing the need for the ec2:DescribeTags IAM permission (#40144)
• resource/aws_cognito_user_pool: Fix crash when hashing nil schema element (#40195)
• resource/aws_eks_addon: Fix crash when pod_identity_association is modified (#40168)
• resource/aws_eks_addon: Fix to prevent persistent differences when pod_identity_association is changed (#40168)

v5.76.0

FEATURES:

• New Resource: aws_vpc_security_group_vpc_association (#40069)

ENHANCEMENTS:

• resource/aws_medialive_channel: Add missing h265 codec settings (#40071)

BUG FIXES:

• resource/aws_api_gateway_integration: Fix BadRequestException: Invalid mapping expression specified and NotFoundException: Invalid parameter name specified errors when making updates to request_parameters and/or cache_key_parameters (#40124)
• resource/aws_api_gateway_method: Fix BadRequestException: Invalid mapping expression specified and NotFoundException: Invalid parameter name specified errors when making updates to request_parameters (#40124)
• resource/aws_autoscaling_group: Handle eventual consistency issues that occur when using a launch_template that is updated causing ValidationError: You must use a valid fully-formed launch template. (#40088)
• resource/aws_eip: Properly surface errors during deletion when ipam_pool_id is set (#40082)
• resource/aws_elasticache_reserved_cache_node: Fix Provider returned invalid result object after apply errors (#40090)
• resource/aws_iam_group_policies_exclusive: Add validation to prevent null values in policy_names (#40076)
• resource/aws_iam_group_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#40076)
• resource/aws_iam_instance_profile: Handle eventual consistency issues that occur when this resource is updated and has dependents (#40088)
• resource/aws_iam_role_policies_exclusive: Add validation to prevent null values in policy_names (#40076)
• resource/aws_iam_role_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#40076)
• resource/aws_iam_user_policies_exclusive: Add validation to prevent null values in policy_names (#40076)
• resource/aws_iam_user_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#40076)
• resource/aws_launch_template: Handle eventual consistency issues that occur when this resource is updated and has dependents (#40088)

v5.75.1

ENHANCEMENTS:

• data-source/aws_cloudwatch_event_bus: Add description attribute (#39980)
• resource/aws_api_gateway_account: Add attribute reset_on_delete to properly reset CloudWatch Role ARN on deletion. (#40004)
• resource/aws_cloudwatch_event_bus: Add description argument (#39980)

BUG FIXES:

• resource/aws_api_gateway_deployment: Rolls back validation of canary_settings and stage_description when stage_name not set. (#40067)
• resource/aws_dynamodb_table: Allow table TTL to be disabled by allowing ttl[0].attribute_name to be set when ttl[0].enabled is false (#40046)
• resource/aws_sagemaker_domain: Fix issue causing a ValidationException on updates when RStudio is disabled on the domain (#40049)

v5.75.0

BREAKING CHANGES:

• resource/aws_api_gateway_stage: Add canary_settings.deployment_id attribute as required (#39929)

NOTES:

• provider: validation of arguments implementing the custom ARNType will properly surface validation errors (#40008)
• resource/aws_api_gateway_stage: deployment_id was added to canary_settings as a required attribute. This breaking change was necessary to make canary_settings functional. Without this change all canary traffic was routed to the main deployment (#39929)

FEATURES:

• New Data Source: aws_spot_datafeed_subscription (#39647)

ENHANCEMENTS:

• data-source/aws_batch_job_definition: Add init_containers, share_process_namespace, and image_pull_secrets attributes (#40019)
• resource/aws_batch_job_definition: Add init_containers and share_process_namespace arguments (#40019)
• resource/aws_batch_job_definition: Increase maximum number of containers arguments to 10 (#40019)
• resource/aws_eks_addon: Add pod_identity_association argument (#38357)
• resource/aws_iam_user_login_profile: Mark the password argument as sensitive (#39991)

BUG FIXES:

• resource/aws_api_gateway_deployment: Fix destroy error when canary stage still exists on resource (#39929)
• resource/aws_codedeploy_deployment_group: Remove maximum items limit on the alarm_configuration.alarms argument (#39971)
• resource/aws_eks_addon: Handle ResourceNotFound exceptions during resource destruction (#38357)
• resource/aws_elasticache_reserved_cache_node: Fix Value Conversion Error during resource creation (#39945)
• resource/aws_lb_listener: Fix errors when updating the tcp_idle_timeout_seconds argument for gateway load balancers (#40039)
• resource/aws_lb_listener: Remove the default tcp_idle_timeout_seconds value, preventing ModifyListenerAttributes API calls when a value is not explicitly configured (#40039)
• resource/aws_vpc_ipam_pool: Fix bug when public_ip_source = "amazon": The request can only contain PubliclyAdvertisable if the AddressFamily is IPv6 and PublicIpSource is byoip. (#40042)

v5.74.0

FEATURES:

• New Data Source: aws_lb_listener_rule (#39865)
• New Resource: aws_opensearch_authorize_vpc_endpoint_access (#39846)
• New Resource: aws_ssmquicksetup_configuration_manager (#39931)

ENHANCEMENTS:

• data-source/aws_imagebuilder_distribution_configuration: Add distribution.s3_export_configuration attribute (#35492)
• data-source/aws_imagebuilder_image_recipe: Fix block_device_mapping.0.ebs.0.delete_on_termination: '' expected type 'bool', got unconvertible type 'string' errors (#39928)
• resource/aws_codedeploy_deployment_group: Add termination_hook_enabled argument (#35482)
• resource/aws_eks_cluster: Add zonal_shift_config argument (#39852)
• resource/aws_imagebuilder_distribution_configuration: Add distribution.s3_export_configuration argument (#35492)
• resource/aws_imagebuilder_image_pipeline: Allow container_recipe_arn and image_recipe_arn to be updated in-place (#39117)
• resource/aws_keyspaces_keyspace: Add replication_specification argument (#36331)
• resource/aws_launch_template: Add efa-only as a valid value for network_interfaces.interface_type (#39882)
• resource/aws_transfer_server: Add TransferSecurityPolicy-Restricted-2024-06 as a valid value for security_policy_name (#39871)

BUG FIXES:

• resource/aws_docdb_cluster: Use master_password on resource Create when snapshot_identifier is configured (#38193)
• resource/aws_imagebuilder_container_recipe: Change component.parameter.name, component.parameter.value, target_repository.repository_name, and target_repository.service to ForceNew (#39117)
• resource/aws_route53_record: Fix interface conversion: interface {} is nil, not map[string]interface {} panic when geolocation_routing_policy is empty (#39944)
• resource/aws_ssm_patch_baseline: Update approval_rule.approve_after_days validation to allow a maximum value of 360 (#39949)
• resource/aws_wafv2_web_acl: Fix decoding JSON: unexpected end of JSON input errors when updating from using rule_json to using rule (#39283)
• resource/aws_wafv2_web_acl: Fix unmarshal error for incompatible types in rule_json (#39878)

v5.73.0

FEATURES:

• New Data Source: aws_ssm_patch_baselines (#39779)
• New Resource: aws_imagebuilder_lifecycle_policy (#35674)
• New Resource: aws_resiliencehub_resiliency_policy (#38913)
• New Resource: aws_sagemaker_hub (#39807)
• New Resource: aws_sagemaker_mlflow_tracking_server (#39796)

ENHANCEMENTS:

• data-source/aws_elasticache_reserved_cache_node_offering: Support valkey as valid value for product_description (#39745)
• data-source/aws_lakeformation_data_lake_settings: Add parameters map attribute to read CROSS_ACCOUNT_VERSION (#39826)
• data-source/aws_lb: Add enable_zonal_shift attribute (#39585)
• resource/aws_apprunner_auto_scaling_configuration_version: Remove the upper limit on min_size and max_size (#39843)
• resource/aws_batch_job_definition: Ensure that new revisions are created with tags (#39797)
• resource/aws_codedeploy_deployment_config: Add zonal_config argument (#34850)
• resource/aws_dynamodb_kinesis_streaming_destination: Add approximate_creation_date_time_precision argument (#38098)
• resource/aws_elasticache_cluster: Support valkey as valid value for engine (#39745)
• resource/aws_elasticache_global_replication_group: Support Valkey versions for engine_version (#39745)
• resource/aws_elasticache_replication_group: Support Valkey versions for engine_version (#39745)
• resource/aws_elasticache_replication_group: Support valkey as valid value for engine (#39745)
• resource/aws_elasticache_serverless_cache: Support valkey as valid value for engine (#39745)
• resource/aws_kinesis_firehose_delivery_stream: Add iceberg_configuration argument (#39844)
• resource/aws_lakeformation_data_lake_settings: Add parameters map argument enabling CROSS_ACCOUNT_VERSION to be set (#39826)
• resource/aws_lb: Add enable_zonal_shift argument (#39585)
• resource/aws_lb_listener: Add tcp_idle_timeout_seconds argument (#39585)
• resource/aws_route53profiles_association: Add regex and string length validation for name argument (#39798)
• resource/aws_s3_bucket_object: Remove the call to kms:DescribeKey for the S3 default AWS managed key (alias/aws/s3) on Read (#39782)
• resource/aws_s3_object: Remove the call to kms:DescribeKey for the S3 default AWS managed key (alias/aws/s3) on Read (#39782)
• resource/aws_s3_object_copy: Remove the call to kms:DescribeKey for the S3 default AWS managed key (alias/aws/s3) on Read (#39782)
• resource/aws_sagemaker_domain: Add default_user_settings.jupyter_lab_app_settings.app_lifecycle_management, default_user_settings.jupyter_lab_app_settings.built_in_lifecycle_config_arn, default_user_settings.jupyter_lab_app_settings.emr_settings, default_space_settings.jupyter_lab_app_settings.app_lifecycle_management, default_space_settings.jupyter_lab_app_settings.built_in_lifecycle_config_arn, default_space_settings.jupyter_lab_app_settings.emr_settings, default_user_settings.auto_mount_home_efs, default_user_settings.canvas_app_settings.emr_serverless_settings, default_user_settings.studio_web_portal_settings.hidden_instance_types, default_user_settings.code_editor_app_settings.app_lifecycle_management, default_user_settings.code_editor_app_settings.built_in_lifecycle_config_arn, and tag_propagation arguments (#39774)
• resource/aws_sagemaker_domain: Allow app_network_access_type and app_security_group_management to be updated in-place (#39774)
• resource/aws_sagemaker_feature_group: Add feature_definition.collection_config, feature_definition.collection_type, and throughput_config arguments (#39805)
• resource/aws_sagemaker_space: Add space_settings.code_editor_app_settings.app_lifecycle_management and space_settings.jupyter_lab_app_settings.app_lifecycle_management arguments (#39800)
• resource/aws_sagemaker_user_profile: Add user_settings.auto_mount_home_efs, user_settings.canvas_app_settings.emr_serverless_settings, user_settings.code_editor_app_settings.app_lifecycle_management, user_settings.code_editor_app_settings.built_in_lifecycle_config_arn, user_settings.jupyter_lab_app_settings.app_lifecycle_management, user_settings.jupyter_lab_app_settings.built_in_lifecycle_config_arn, user_settings.jupyter_lab_app_settings.emr_settings and user_settings.studio_web_portal_settings.hidden_instance_types arguments (#39774)

BUG FIXES:

• data-source/aws_workspaces_bundle: Return the first matching bundle when searching by name. This fixes a regression introduced in v5.72.0 causing multiple WorkSpaces Bundles matched; use additional constraints to reduce matches to a single WorkSpaces Bundle errors (#39777)
• resource/aws_dynamodb_table: Fix validation error when optional attribute in on_demand_throughput is excluded (#39784)
• resource/aws_ecr_repository_policy: Fix persistent validation errors when malformed policy content is written to state (#39842)
• resource/aws_elasticache_serverless_cache: Fix InvalidParameterValue: This API supports only cross-engine upgrades to Valkey engine currently errors on Update (#39745)
• resource/aws_iam_policy: Fix persistent validation errors when malformed policy content is written to state (#39842)
• resource/aws_iam_role_policy: Fix persistent validation errors when malformed policy content is written to state (#39842)
• resource/aws_kms_key: Fix persistent validation errors when malformed policy content is written to state (#39842)
• resource/aws_quicksight_data_set: Fix InvalidParameterValueException: Invalid RowLevelPermissionDataSet. Namespace parameter should not be specified for Version 2 errors on Create and Update (#39778)
• resource/aws_route53_record: Allow creation of records with ttl=0 (#39728)
• resource/aws_s3_bucket_policy: Fix persistent validation errors when malformed policy content is written to state (#39842)
• resource/aws_secretsmanager_secret: Fix persistent validation errors when malformed policy content is written to state (#39842)
• resource/aws_security_group_rule: Remove from state when rule not found. This fixes a regression introduced in v5.60.0 (#39834)