v5.82.2

BUG FIXES:

• data-source/aws_lb_listener: Add mutual_authentication.advertise_trust_store_ca_names attribute. This fixes a regression introduced in v5.82.0 causing setting mutual_authentication: Invalid address to set: []string{"mutual_authentication", "0", "advertise_trust_store_ca_names"} errors (#40658)

v5.82.1

ENHANCEMENTS:

• resource/aws_autoscaling_group: Add availability_zone_distribution argument (#40634)

BUG FIXES:

• data-source/aws_iam_policy_document: Reverts plan-time validation for statement sid (#40639)

v5.82.0

NOTES:

• resource/aws_resourcegroups_resource: The format of the read-only id attribute has changed to prevent inconsistent parsing which resulted in provider crashes under certain conditions. The new format is a comma-delimited string combining group_arn and resource_arn in their entirety. Configuarations relying on the previous format may need to be updated to continue functioning correctly. (#40579)

FEATURES:

• New Data Source: aws_servicecatalogappregistry_attribute_group_associations (#38306)
• New Resource: aws_api_gateway_domain_name_access_association (#40566)
• New Resource: aws_cloudfront_vpc_origin (#40239)
• New Resource: aws_memorydb_multi_region_cluster (#40376)
• New Resource: aws_networkmanager_dx_gateway_attachment (#40546)
• New Resource: aws_rds_cluster_snapshot_copy (#40398)

ENHANCEMENTS:

• data-source/aws_dx_gateway: Add arn attribute (#40546)
• data-source/aws_iam_policy_document: Add plan-time validation that the statement sid is valid, including on alphanumeric characters (#40562)
• data-source/aws_vpc_endpoint: Add service_region attribute (#40583)
• resource/aws_bedrockagent_agent: Add agent_collaboration attribute to configure agent collaboration role (#40543)
• resource/aws_cloudfront_distribution: Add origin.vpc_origin_config argument (#40239)
• resource/aws_db_parameter_group: Support import of name_prefix argument (#40622)
• resource/aws_dx_gateway: Add arn attribute (#40546)
• resource/aws_fsx_lustre_file_system: Add efa_enabled argument (#40381)
• resource/aws_lb_listener: Add advertise_trust_store_ca_names attribute to the mutual_authentication configuration block (#40550)
• resource/aws_memorydb_cluster: Add multi_region_cluster_name argument (#40376)
• resource/aws_networkmanager_attachment_accepter: Add edge_locations attribute (#40546)
• resource/aws_resourcegroups_resource: Add import support (#40579)
• resource/aws_vpc_endpoint: Add service_region argument (#40583)

BUG FIXES:

• data-source/aws_acmpca_certificate_authority: Ignore AccessDeniedException: ... is not authorized to perform: acm-pca:GetCertificateAuthorityCsr on resource: ... errors for RAM-shared CAs (#39952)
• data-source/aws_licensemanager_received_license: Fix setting entitlements: Invalid address to set: []string{"entitlements", "0", "overage"} errors (#40621)
• resource/aws_amplify_domain_association: No longer ignores changes to certificate_settings when updating. (#40589)
• resource/aws_amplify_domain_association: Prevent "unexpected state" error when setting certificate_settings.type to CUSTOM. (#40589)
• resource/aws_amplify_domain_association: Prevent ValidationException when setting certificate_settings.type to AMPLIFY_MANAGED. (#40589)
• resource/aws_amplify_domain_association: Prevent permanent diff when certificate_settings not set. (#40589)
• resource/aws_amplify_domain_association: Prevents panic in some circumstances when certificate_settings is not set during update. (#40589)
• resource/aws_api_gateway_domain_name: Correct arn for private custom domain names (#40566)
• resource/aws_codeconnections_host: Mark vpc_configuration.tls_certificate as Optional (#40574)
• resource/aws_elasticache_replication_group: Prevent perpetual diff which triggers resource replacement on at_rest_encryption_enabled when engine is valkey. (#40514)
• resource/aws_lakeformation_permissions: Add support for IAMPrincipals principal group (#38600)
• resource/aws_lakeformation_permissions: Fix refreshing state so order is not considered in permissions and permissions_with_grant_option attributes (#38047)
• resource/aws_lakeformation_resource_lf_tag: Fix panic when resource tries to destroy a LFTag reference that does not exist (#40584)
• resource/aws_lambda_invocation: Set new computed value for result attribute when changing input attribute, for lifecycle scope "CRUD" (#34263)
• resource/aws_medialive_channel: Added missing teletext_destination_settings. (#33797)
• resource/aws_rds_cluster: Fix issue with waiter when modifying allocated_storage (#40601)
• resource/aws_resourcegroups_resource: Fix crash when parsing certain ARN formats (#40579)
• resource/aws_s3_bucket: Destroying a bucket with force_destroy = true can now delete objects with non-XML-safe keys (#40537)
• resource/aws_s3_directory_bucket: Destroying a directory bucket with force_destroy = true can now delete objects with non-XML-safe keys (#40537)
• resource/aws_secretsmanager_secret_rotation: Fix bug where automatically_after_days was not being set properly when schedule_expression had been set previously (#34295)
• resource/aws_secretsmanager_secret_rotation: Retry rotation in case it has not yet propagated when previously an error would occur: InvalidRequestException: A previous rotation isn't complete. That rotation will be reattempted. (#34295)
• resource/aws_sqs_queue_redrive_allow_policy: Fix perpetual redrive_allow_policy diffs (#40604)

v5.81.0

FEATURES:

• New Data Source: aws_servicecatalogappregistry_attribute_group (#38188)
• New Ephemeral Resource: aws_ssm_parameter (#40313)
• New Resource: aws_bedrock_inference_profile (#40294)
• New Resource: aws_cloudwatch_log_anomaly_detector (#40437)
• New Resource: aws_ecr_account_setting (#40219)
• New Resource: aws_msk_single_scram_secret_association (#37056)
• New Resource: aws_servicecatalogappregistry_attribute_group (#38183)
• New Resource: aws_servicecatalogappregistry_attribute_group_association (#38290)

ENHANCEMENTS:

• data-source/aws_api_gateway_domain_name: Add policy and domain_name_id attributes (#40364)
• data-source/aws_servicecatalogappregistry_application: Add tags attribute (#38243)
• data-source/aws_sesv2_configuration_set: Add delivery_options.max_delivery_seconds and tracking_options.https_policy attributes (#40194)
• resource/aws_api_gateway_base_path_mapping: Add domain_name_id argument (#40447)
• resource/aws_api_gateway_domain_name: Add policy argument and domain_name_id attribute (#40364)
• resource/aws_api_gateway_domain_name: Support PRIVATE as a valid value for endpoint_configuration.types argument, enabling custom domain name support for private REST API endpoints (#40364)
• resource/aws_ebs_snapshot_copy: Add completion_duration_minutes argument (#40336)
• resource/aws_glue_catalog_table_optimizer: Add configuration.retention_configuration and configuration.orphan_file_deletion_configuration attributes. (#40199)
• resource/aws_instance: Add enable_primary_ipv6 argument to add support for enabling primary IPv6 addresses on EC2 instances (#36425)
• resource/aws_kinesis_stream: Add plan-time validation that shard_count would not exceed the AWS account's shard quota when the data stream capacity mode is PROVISIONED, preventing the provider from retrying for 1 hour in the case that the quota is exceeded. This functionality requires the kinesis:DescribeLimits IAM permission (#40499)
• resource/aws_kinesis_stream: Add plan-time validation that creation of an on-demand stream would not exceed the AWS account's data stream quota, preventing the provider from retrying for 1 hour in the case that the quota is exceeded. This functionality requires the kinesis:DescribeLimits IAM permission (#40499)
• resource/aws_msk_replicator: Add topic_replication.topic_name_configuration argument (#40101)
• resource/aws_network_interface: Add enable_primary_ipv6 argument to add support for enabling primary IPv6 addresses for network interfaces (#36425)
• resource/aws_networkfirewall_firewall_policy: Add stateful_engine_options.flow_timeouts argument (#39996)
• resource/aws_rds_cluster: Add serverlessv2_scaling_configuration.seconds_until_auto_pause argument (#40441)
• resource/aws_rds_global_cluster: Add tags argument and tags_all attribute (#40470)
• resource/aws_sagemaker_notebook_instance: Support notebook-al2-v3 value for platform_identifier (#40484)
• resource/aws_servicecatalogappregistry_application: Add tags argument and tags_all attribute (#38243)
• resource/aws_sesv2_configuration_set: Add delivery_options.max_delivery_seconds and tracking_options.https_policy arguments (#40194)

BUG FIXES:

• data-source/aws_kinesis_stream: Fix InvalidArgumentException: NextToken and StreamName cannot be provided together errors when the data stream has more than 1000 shards (#40499)
• resource/aws_ce_cost_category: Change rule from TypeSet to TypeList as order is significant (#40521)
• resource/aws_fsx_windows_file_system: Fix plan-time validation of throughput_capacity validation to allow values up to 12228 (#40468)
• resource/aws_networkfirewall_logging_configuration: Correctly manage all configured logging_configuration.log_destination_configs (#40092)
• resource/aws_rds_cluster: Fix InvalidDBClusterStateFault errors when deleting clusters that are members of a global cluster (#40333)
• resource/aws_rds_cluster: Fix InvalidParameterValue: Serverless v2 maximum capacity 0.0 isn't valid. The maximum capacity must be at least 1.0. errors when removing serverlessv2_scaling_configuration in an update (#40511)
• resource/aws_rds_cluster: Respect storage_type when restoring from S3 (#40471)
• resource/aws_rds_cluster: Respect storage_type when restoring from snapshot (#40471)
• resource/aws_rds_cluster: Respect storage_type when restoring to a point in time (#40471)
• resource/aws_rds_global_cluster: Mark database_name as Computed. This prevents resource recreation when the source cluster specifies a database_name (#40469)

v5.80.0

FEATURES:

• New Resource: aws_codeconnections_connection (#40300)
• New Resource: aws_codeconnections_host (#40300)
• New Resource: aws_s3tables_namespace (#40420)
• New Resource: aws_s3tables_table (#40420)
• New Resource: aws_s3tables_table_bucket (#40420)
• New Resource: aws_s3tables_table_bucket_policy (#40420)
• New Resource: aws_s3tables_table_policy (#40420)

ENHANCEMENTS:

• resource/aws_bedrockagent_agent: Increase instruction max length for validation to 8000 (#40279)
• resource/aws_dynamodb_table_replica: Add deletion_protection_enabled argument (#35359)
• resource/aws_rds_cluster: Adjust serverlessv2_scaling_configuration.max_capacity and serverlessv2_scaling_configuration.min_capacity minimum values to 0 to support Amazon Aurora Serverless v2 scaling to 0 ACUs (#40230)
• resource/aws_s3_directory_bucket: Support LocalZone as a valid value for location.type, enabling support for Amazon S3 Express One Zone in AWS Dedicated Local Zones (#40339)

BUG FIXES:

• resource/aws_bedrock_provisioned_model_throughput: Properly manages tags_all when planning. (#40305)
• resource/aws_connect_contact_flow: Fix deserialization failed, failed to decode response body with invalid JSON errors on Read (#40419)
• resource/aws_rds_cluster_instance: Fix error when destroying from a read replica cluster (#40409)

v5.79.0

FEATURES:

• New Resource: aws_vpc_block_public_access_exclusion (#40235)
• New Resource: aws_vpc_block_public_access_options (#40233)

ENHANCEMENTS:

• resource/aws_eks_cluster: Add compute_config, storage_config, and kubernetes_network_config.elastic_load_balancing arguments for EKS Auto Mode (#40370)
• resource/aws_eks_cluster: Add remote_network_config argument for EKS Auto Mode (#40371)
• resource/aws_lambda_event_source_mapping: Add metrics_config argument (#40322)
• resource/aws_lambda_event_source_mapping: Add provisioned_poller_config argument (#40303)
• resource/aws_rds_cluster: Add ability to promote read replica cluster to standalone (#40337)
• resource/aws_vpc_endpoint_service: Add supported_regions argument (#40346)

BUG FIXES:

• resource/aws_fsx_openzfs_file_system: Increase maximum value of disk_iops_configuration.iops from 350000 to 400000 for deployment_type = "SINGLE_AZ_2" (#40359)

v5.78.0

NOTES:

• resource/aws_s3_bucket_lifecycle_configuration: Lifecycle configurations can now be applied to directory buckets (#40268)

FEATURES:

• New Resource: aws_iam_organizations_features (#40164)

ENHANCEMENTS:

• data-source/aws_memorydb_cluster: Add engine attribute (#40224)
• data-source/aws_memorydb_snapshot: Add cluster_configuration.engine attribute (#40224)
• resource/aws_memorydb_cluster: Add engine argument (#40224)
• resource/aws_memorydb_snapshot: Add cluster_configuration.engine attribute (#40224)

BUG FIXES:

• data-source/aws_rds_reserved_instance_offering: When product_description (e.g., "postgresql") is a substring of multiple products, fix Error: multiple RDS Reserved Instance Offerings matched; use additional constraints to reduce matches to a single RDS Reserved Instance Offering (#40281)
• provider: Suppress Warning: AWS account ID not found for provider when skip_requesting_account_id is true (#40264)
• resource/aws_batch_job_definition: Fix crash when specifying eksProperties or ecsProperties block (#40172)
• resource/aws_bedrock_guardrail: Fix perpetual diff if multiple content_policy_config.filters_configs are specified. (#40304)
• resource/aws_chatbot_slack_channel_configuration: Fix inconsistent provider result when order of sns_topic_arnschanges (#40253)
• resource/aws_chatbot_teams_channel_configuration: Fix inconsistent provider result when order of sns_topic_arnschanges (#40291)
• resource/aws_db_instance: When changing storage_type from io1 or io2 to gp3, fix bug causing error InvalidParameterCombination: You must specify both the storage size and iops when modifying the storage size or iops on a DB instance that has iops (#37257)
• resource/aws_db_instance: When changing a gp3 volume's allocated_storage to a value larger than the threshold value for engine, fix bug causing error InvalidParameterCombination: You must specify both the storage size and iops when modifying the storage size or iops on a DB instance that has iops (#28847)

v5.77.0

NOTES:

• New ephemeral resources aws_kms_secrets, aws_lambda_invocation, and aws_secretsmanager_secret_version now support ephemeral values. (#40009)

FEATURES:

• New Ephemeral Resource: aws_kms_secrets (#40009)
• New Ephemeral Resource: aws_lambda_invocation (#39988)
• New Ephemeral Resource: aws_secretsmanager_secret_version (#40009)
• New Resource: aws_rds_instance_state (#40180)

ENHANCEMENTS:

• data-source/aws_ami: Add warning diagnostic when most_recent is true and certain filter criteria are missing (#40211)
• data-source/aws_ecs_service: Add availability_zone_rebalancing attribute (#40225)
• resource/aws_ecs_service: Add availability_zone_rebalancing attribute (#40225)
• resource/aws_ecs_service: Add vpc_lattice_configurations argument (#40177)
• resource/aws_ecs_task_definition: Add versionConsistency argument to container_definitions (#40216)
• resource/aws_rds_global_cluster: Add endpoint argument to point to the writer DB instance in the current primary cluster (#39960)

BUG FIXES:

• data-source/aws_subnet: Set tags from the DescribeSubnets response, removing the need for the ec2:DescribeTags IAM permission (#40144)
• resource/aws_cognito_user_pool: Fix crash when hashing nil schema element (#40195)
• resource/aws_eks_addon: Fix crash when pod_identity_association is modified (#40168)
• resource/aws_eks_addon: Fix to prevent persistent differences when pod_identity_association is changed (#40168)

v5.76.0

FEATURES:

• New Resource: aws_vpc_security_group_vpc_association (#40069)

ENHANCEMENTS:

• resource/aws_medialive_channel: Add missing h265 codec settings (#40071)

BUG FIXES:

• resource/aws_api_gateway_integration: Fix BadRequestException: Invalid mapping expression specified and NotFoundException: Invalid parameter name specified errors when making updates to request_parameters and/or cache_key_parameters (#40124)
• resource/aws_api_gateway_method: Fix BadRequestException: Invalid mapping expression specified and NotFoundException: Invalid parameter name specified errors when making updates to request_parameters (#40124)
• resource/aws_autoscaling_group: Handle eventual consistency issues that occur when using a launch_template that is updated causing ValidationError: You must use a valid fully-formed launch template. (#40088)
• resource/aws_eip: Properly surface errors during deletion when ipam_pool_id is set (#40082)
• resource/aws_elasticache_reserved_cache_node: Fix Provider returned invalid result object after apply errors (#40090)
• resource/aws_iam_group_policies_exclusive: Add validation to prevent null values in policy_names (#40076)
• resource/aws_iam_group_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#40076)
• resource/aws_iam_instance_profile: Handle eventual consistency issues that occur when this resource is updated and has dependents (#40088)
• resource/aws_iam_role_policies_exclusive: Add validation to prevent null values in policy_names (#40076)
• resource/aws_iam_role_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#40076)
• resource/aws_iam_user_policies_exclusive: Add validation to prevent null values in policy_names (#40076)
• resource/aws_iam_user_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#40076)
• resource/aws_launch_template: Handle eventual consistency issues that occur when this resource is updated and has dependents (#40088)

v5.75.1

ENHANCEMENTS:

• data-source/aws_cloudwatch_event_bus: Add description attribute (#39980)
• resource/aws_api_gateway_account: Add attribute reset_on_delete to properly reset CloudWatch Role ARN on deletion. (#40004)
• resource/aws_cloudwatch_event_bus: Add description argument (#39980)

BUG FIXES:

• resource/aws_api_gateway_deployment: Rolls back validation of canary_settings and stage_description when stage_name not set. (#40067)
• resource/aws_dynamodb_table: Allow table TTL to be disabled by allowing ttl[0].attribute_name to be set when ttl[0].enabled is false (#40046)
• resource/aws_sagemaker_domain: Fix issue causing a ValidationException on updates when RStudio is disabled on the domain (#40049)