v5.55.0

FEATURES:

• New Resource: aws_drs_replication_configuration_template (#26399)

ENHANCEMENTS:

• data-source/aws_autoscaling_group: Add mixed_instances_policy.launch_template.override.instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price attribute (#38003)
• data-source/aws_glue_catalog_table: Add additional_locations argument in storage_descriptor (#37891)
• data-source/aws_launch_template: Add instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price attribute (#38003)
• data-source/aws_networkmanager_core_network_policy_document: Add attachment_policies.action.add_to_network_function_group argument (#38013)
• data-source/aws_networkmanager_core_network_policy_document: Add network_function_groups configuration block (#38013)
• data-source/aws_networkmanager_core_network_policy_document: Add send-via and send-to as valid values for segment_actions.action (#38013)
• data-source/aws_networkmanager_core_network_policy_document: Add single-hop and dual-hop as valid values for segment_actions.mode (#38013)
• data-source/aws_networkmanager_core_network_policy_document: Add when_sent_to and via configuration blocks to segment_actions (#38013)
• resource/aws_api_gateway_integration: Increase maximum value of timeout_milliseconds from 29000 (29 seconds) to 300000 (5 minutes) (#38010)
• resource/aws_appsync_api_key: Add api_key_id attribute (#36568)
• resource/aws_autoscaling_group: Add mixed_instances_policy.launch_template.override.instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price argument (#38003)
• resource/aws_autoscaling_group: Add plan-time validation of warm_pool.max_group_prepared_capacity and warm_pool.min_size (#37174)
• resource/aws_docdb_cluster: Add restore_to_point_in_time argument (#37716)
• resource/aws_dynamodb_table: Adds validation for ttl values. (#37991)
• resource/aws_ec2_fleet: Add launch_template_config.override.instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price argument (#38003)
• resource/aws_glue_catalog_table: Add additional_locations argument in storage_descriptor (#37891)
• resource/aws_glue_job: Add maintenance_window argument (#37760)
• resource/aws_launch_template: Add instance_requirements.max_spot_price_as_percentage_of_optimal_on_demand_price argument (#38003)

BUG FIXES:

• data-source/aws_ami: Fix interface conversion: interface {} is types.ProductCodeValues, not string panic (#37977)
• data-source/aws_networkmanager_core_network_policy_document: Add correct except values to the returned JSON document when segment_actions.share_with_except is configured (#38013)
• provider: Now falls back to non-FIPS endpoint if use_fips_endpoint is set and no FIPS endpoint is available (#38057)
• resource/aws_autoscaling_group: Fix bug updating warm_pool.max_group_prepared_capacity to 0 (#37174)
• resource/aws_dynamodb_table: Fixes perpetual diff when ttl.attribute_name is set when ttl.enabled is not set. (#37991)
• resource/aws_ec2_network_insights_path: Mark destination as Optional (#36966)
• resource/aws_lambda_event_source_mapping: Remove the upper limit on scaling_config.maximum_concurrency (#37980)
• service/transitgateway: Fix resource Read pagination regression causing NotFound errors (#38011)

v5.54.1

BUG FIXES:

• data-source/aws_ami: Fix interface conversion: interface {} is types.ProductCodeValues, not string panic (######)
• resource/aws_codebuild_project: Increase maximum values of build_batch_config.timeout_in_mins and build_timeout from 480 (8 hours) to 2160 (36 hours) (#37970)

v5.54.0

NOTES:

• resource/aws_ec2_capacity_block_reservation: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#37528)

FEATURES:

• New Data Source: aws_ec2_capacity_block_offering (#37528)
• New Resource: aws_appfabric_app_authorization (#37468)
• New Resource: aws_appfabric_app_bundle (#37542)
• New Resource: aws_ec2_capacity_block_reservation (#37528)
• New Resource: aws_fms_resource_set (#37767)
• New Resource: aws_guardduty_malware_protection_plan (#37919)

ENHANCEMENTS:

• data-source/aws_opensearch_domain: Add ip_address_type argument (#37237)
• resource/aws_ec2_traffic_mirror_session: Mark packet_length as Computed (#36962)
• resource/aws_opensearch_domain: Add ip_address_type argument (#37237)
• resource/aws_vpc_endpoint: Add subnet_configuration argument to support user defined IP addresses (#37226)

BUG FIXES:

• data-source/aws_ami: Fix query returning no results (#37958)
• provider: Fixes an error where some data sources were not returning tags (#37966)
• resource/aws_applicationinsights_application: Change resource_group_name to ForceNew (#36962)
• resource/aws_dynamodb_table: Fix UnknownOperationException: Tagging is not currently supported in DynamoDB Local errors on resource Read (#37924)
• resource/aws_ec2_capacity_reservation: Fix InvalidCapacityReservationId.NotFound errors during Read and Delete when resource is manually deleted (#37127)
• resource/aws_route53_zone: Fix InvalidInput: 1 validation error detected: Value '...' at 'resourceId' failed to satisfy constraint: Member must have length less than or equal to 32 errors for resources imported with a /hostedzone/ prefix (#37893)
• service/apigatewayv2: Retry on ConflictException: Unable to complete operation due to concurrent modification errors (#37902)

v5.53.0

FEATURES:

• New Resource: aws_paymentcryptography_key (#37017)
• New Resource: aws_paymentcryptography_key_alias (#37020)

ENHANCEMENTS:

• data-source/aws_customer_gateway: Add bgp_asn_extended argument (#37815)
• data-source/aws_rds_engine_version: Add supports_limitless_database attribute (#37271)
• provider: The use_fips_endpoint flag is now ignored for any service with a custom endpoint configured in endpoints. (#34233)
• resource/aws_apigatewayv2_authorizer: Add configurable delete timeout (#37732)
• resource/aws_customer_gateway: Add bgp_asn_extended argument (#37815)
• resource/aws_fsx_lustre_file_system: Add metadata_configuration argument (#37868)
• resource/aws_lb: Add support for IPv6-only Application Load Balancers (#37700)
• resource/aws_mwaa_environment: Add max_webservers and min_webservers attributes (#37632)
• resource/aws_pipes_pipe: Add log_configuration argument (#37135)
• resource/aws_route53_record: Fix InvalidChangeBatch errors on resource Delete (#37850)
• resource/aws_s3_bucket: Ignore UnsupportedOperation errors when reading acceleration_status, server_side_encryption_configuration and tags (#37801)
• resource/aws_transfer_ssh_key: Add ssh_key_id attribute (#37548)

BUG FIXES:

• resource/aws_apigatewayv2_authorizer: Fix ConflictException errors on resource Delete (#37732)
• resource/aws_bedrockagent_agent: Increase instruction max length for validation to 4000 (#37758)
• resource/aws_cloudwatch_log_group: Correctly handles tag updates with empty string tags (#37668)
• resource/aws_kms_external_key: Fixes timeout error on creation when ignore_tags matches tag assigned to resource (#37818)
• resource/aws_kms_key: Fixes timeout error on creation when ignore_tags matches tag assigned to resource (#37818)
• resource/aws_kms_replica_external_key: Fixes timeout error on creation when ignore_tags matches tag assigned to resource (#37818)
• resource/aws_kms_replica_key: Fixes timeout error on creation when ignore_tags matches tag assigned to resource (#37818)
• resource/aws_mq_broker: Do not reboot on changes to maintenance_window_start_time or auto_minor_version_upgrade (#36506)
• resource/aws_pipes_pipe: Mark source_parameters.self_managed_kafka_parameters.credentials.basic_auth as Optional (#34293)
• resource/aws_secretsmanager_secret: Tags with empty values no longer remove all tags. (#37743)
• resource/aws_ssm_parameter: Fix Cannot import non-existent remote object errors when importing resources with version (#37832)
• resource/aws_vpc_endpoint: Restore pre-v5.51.0 default of false for private_dns_enabled (#37715)
• service/chatbot: Correctly overrides region when using custom endpoint. (#37851)
• service/costoptimizationhub: Correctly overrides region when using custom endpoint. (#37851)
• service/cur: Correctly overrides region when using custom endpoint. (#37851)
• service/globalaccelerator: Correctly overrides region when using custom endpoint. (#37851)
• service/route53: Correctly overrides region when using custom endpoint. (#37851)
• service/route53domains: Correctly overrides region when using custom endpoint. (#37851)
• service/shield: Correctly overrides region when using custom endpoint. (#37851)

v5.52.0

ENHANCEMENTS:

• resource/aws_kinesisanalyticsv2_application: Add application_mode argument (#37714)
• resource/aws_lightsail_bucket: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_certificate: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_container_service: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_database: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_distribution: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_key_pair: Add support to ListTags function for proper key-only tag handling (#37711)
• resource/aws_lightsail_lb: Add support to ListTags function for proper key-only tag handling (#37711)

BUG FIXES:

• resource/aws_lightsail_database: Prevent destroy failure when resource is already deleted outside Terraform (#37711)
• resource/aws_lightsail_instance: Fix crash when reading a resource that has a key-only tag (#37587)
• resource/aws_lightsail_key_pair: Prevent destroy failure when resource is already deleted outside Terraform (#37711)
• resource/aws_lightsail_lb: Prevent destroy failure when resource is already deleted outside Terraform (#37711)

v5.51.1

ENHANCEMENTS:

• resource/aws_ecs_service: Add volume_configuration argument (#37019)
• resource/aws_ecs_task_definition: Add configure_at_launch parameter in volume argument (#37019)

BUG FIXES:

• data-source/aws_route53_zone: Fix incorrect name_servers values (#37685)
• data-source/aws_route53_zone: Permit both name and zone_id arguments when one is an empty string (#37686)
• resource/aws_route53_zone: Fix incorrect name_servers values (#37685)

v5.51.0

NOTES:

• data-source/aws_lambda_function: source_code_hash attribute has been deprecated in favor of code_sha256. Will be removed in a future major version (#37669)
• data-source/aws_lambda_layer_version: source_code_hash attribute has been deprecated in favor of code_sha256. Will be removed in a future major version (#37646)

FEATURES:

• New Data Source: aws_chatbot_slack_workspace (#37218)
• New Resource: aws_lambda_runtime_management_config (#37643)
• New Resource: aws_vpc_endpoint_private_dns (#37628)
• New Resource: aws_vpc_endpoint_service_private_dns_verification (#37176)

ENHANCEMENTS:

• data-source/aws_lambda_function: Add code_sha256 attribute (#37669)
• data-source/aws_lambda_layer_version: Add code_sha256 attribute (#37646)
• data-source/aws_route53_traffic_policy_document: Add support for application-load-balancer, elastic-beanstalk and network-load-balancer endpoint.type values (#37618)
• resource/aws_api_gateway_deployment: Add canary_settings attribute (#37573)
• resource/aws_iam_openid_connect_provider: Allow client_id_list to be updated in-place (#37612)
• resource/aws_lambda_function: Add code_sha256 attribute (#37669)
• resource/aws_lambda_function: Remove replace_security_group_on_destroy and replacement_security_group_ids deprecations, re-implement with alternate workflow (#37624)
• resource/aws_lambda_layer_version: Add code_sha256 attribute (#37646)
• resource/aws_route53_health_check: Add plan-time validation of cloudwatch_alarm_region (#37510)
• resource/aws_route53_record: Add plan-time validation of latency_routing_policy.region (#37510)
• resource/aws_route53_vpc_association_authorization: Add plan-time validation of vpc_region (#37510)
• resource/aws_route53_zone_association: Add plan-time validation of vpc_region (#37510)
• resource/aws_wafv2_web_acl: Add api_gateway, app_runner_service, cognito_user_pool, and verified_access_instance configuration blocks to association_config.request_body (#37588)

BUG FIXES:

• resource/aws_dynamodb_table_replica: Correctly set kms_key_arn on Read (#37570)
• resource/aws_kms_grant: Change grant_token to Sensitive (#37593)
• resource/aws_lambda_function: Fix issue when source_code_hash causes drift even if source code has not changed (#37669)
• resource/aws_lambda_layer_version: Fix issue when source_code_hash forces a replacement even if source code has not changed (#37646)
• resource/aws_m2_deployment: Fix state error on deployment_id during start/stop update (#37581)
• resource/aws_storagegateway_smb_file_share: Fix crash when cache_attributes is removed on update (#37611)

v5.50.0

ENHANCEMENTS:

• data-source/aws_budgets_budget: Add tags attribute (#37361)
• data-source/aws_instance: Add launch_time attribute (#37002)
• resource/aws_budgets_budget: Add tags argument (#37361)
• resource/aws_budgets_budget_action: Add tags argument (#37361)
• resource/aws_ecs_account_setting_default: Add support for fargateTaskRetirementWaitPeriod value in Name argument (#37018)
• resource/aws_ssm_resource_data_sync: Add plan-time validation of s3_destination.kms_key_arn, s3_destination.region and s3_destination.sync_format (#37481)

BUG FIXES:

• data-source/aws_bedrock_foundation_models: Fix validation regex for the by_provider argument (#37306)
• resource/aws_dynamodb_table: Fix UnknownOperationException: Tagging is not currently supported in DynamoDB Local errors on resource Read (#37472)
• resource/aws_glue_job: Fix interface conversion: interface {} is nil, not map[string]interface {} panic when notify_delay_after is empty (null) (#37347)
• resource/aws_iam_server_certificate: Now correctly reads tags after update and on read. (#37483)
• resource/aws_lakeformation_data_cells_filter: Fix inconsistent state error when using row_filter.all_rows_wildcard (#37433)
• resource/aws_organizations_account: Allow import of accounts with IAM access to the AWS Billing and Cost Management console (#35662)
• resource/aws_ram_principal_association: Correct plan-time validation of principal to fix panic: unexpected format for ID parts ([...]), the following id parts indexes are blank ([1]) (#37450)
• resource/aws_route53_record: Change region default to us-east-1 (#37565)
• resource/aws_vpc_endpoint_service: Fix destroy error when endpoint service is deleted out-of-band (#37534)

v5.49.0

FEATURES:

• New Data Source: aws_datazone_environment_blueprint (#36600)
• New Resource: aws_bedrockagent_data_source (#37158)
• New Resource: aws_datazone_domain (#36600)
• New Resource: aws_datazone_environment_blueprint_configuration (#36600)

ENHANCEMENTS:

• data-source/aws_iam_policy_document: Add minified_json attribute (#35677)
• resource/aws_dynamodb_table_export: Add plan-time validation of table_arn (#37288)
• resource/aws_kms_key: Add rotation_period_in_days argument (#37140)
• resource/aws_securitylake_subscriber_notification: Better handles importing resource (#37332)
• resource/aws_securitylake_subscriber_notification: Deprecates endpoint_id in favor of subscriber_endpoint (#37332)
• resource/aws_securitylake_subscriber_notification: Handles configuration.https_notification_configuration.authorization_api_key_value as sensitive value (#37332)

BUG FIXES:

• data-source/aws_fsx_ontap_storage_virtual_machine: Correctly set tags on Read (#37353)
• data-source/aws_rds_orderable_db_instance: Fix InvalidParameterValue: Invalid value 3412 for MaxRecords. Must be between 20 and 1000 errors (#37251)
• data-source/aws_resourceexplorer2_search: Fix 401 unauthorized error due to missing view_arn in the AWS API request (#36778)
• data-source/aws_resourceexplorer2_search: Fix panic caused by bad mappping between Terraform and AWS schemas (#36778)
• data-source/aws_resourceexplorer2_search: Fix state persistence and data types (#36778)
• resource/aws_bedrockagent_agent: Fix to use the configured prepare_agent value (or default value of true when omitted) for all create and update operations (#37405)
• resource/aws_elasticsearch_domain: Fix handling of unset auto_tune_options.rollback_on_disable argument (#37394)
• resource/aws_fsx_ontap_storage_virtual_machine: Correctly set tags and tags_all on resource Read (#37353)
• resource/aws_fsx_openzfs_file_system: Correctly set tags and tags_all on resource Read (#37353)
• resource/aws_kms_custom_key_store: Change trust_anchor_certificate to ForceNew (#37092)
• resource/aws_opensearch_domain: Fix handling of unset auto_tune_options.rollback_on_disable argument (#37394)
• resource/aws_opensearch_domain: Wait for auto_tune_options to be applied during creation (#37394)
• resource/aws_securitylake_aws_log_source: Correctly handles unspecified source_version (#36268)
• resource/aws_securitylake_aws_log_source: Prevents errors when creating multiple log sources concurrently (#36268)
• resource/aws_securitylake_custom_log_source: Prevents errors when creating multiple log sources concurrently (#36268)
• resource/aws_securitylake_custom_log_source: Validates length of source_name parameter (#36268)
• resource/aws_securitylake_subscriber: Allow more than one log source (#36268)
• resource/aws_securitylake_subscriber: Correctly handles unspecified access_type (#36268)
• resource/aws_securitylake_subscriber: Correctly handles unspecified source_version parameter for aws_log_source_resource and custom_log_source_resource (#36268)
• resource/aws_securitylake_subscriber: Correctly requires source_name parameter for aws_log_source_resource and custom_log_source_resource (#36268)
• resource/aws_securitylake_subscriber_notification: No longer recreates resource when not needed (#37332)
• resource/aws_securitylake_subscriber_notification: Requires value for configuration.https_notification_configuration.endpoint (#37332)
• resource/provider: Change the AWS SDK for Go v2 API client BackoffDelayer to maintain behavioral compatibility with AWS SDK for Go v1 (#37404)

v5.48.0

FEATURES:

• New Resource: aws_bedrockagent_agent_knowledge_base_association (#37185)

ENHANCEMENTS:

• resource/aws_cloudwatch_event_target: Add force_destroy argument (#37130)
• resource/aws_elasticache_replication_group: Increase default Delete timeout to 45 minutes (#37182)
• resource/aws_elasticache_replication_group: Use the configured Delete timeout when detaching from any global replication group (#37182)
• resource/aws_fsx_ontap_file_system: Add support for specifying 1 ha_pair with SINGLE_AZ_1 and MULTI_AZ_1 deployment types (#36511)
• resource/aws_fsx_ontap_file_system: Increase storage_capacity maximum to 1PiB (#36511)
• resource/aws_fsx_ontap_file_system: Support up to 12 ha_pairs (#36511)
• resource/aws_fsx_ontap_file_system: Update throughput_capacity_per_ha_pair to support all values from throughput_capacity (#36511)
• resource/aws_fsx_ontap_volume: Add aggregate_configuration configuration block (#36511)
• resource/aws_fsx_ontap_volume: Add size_in_bytes and volume_style arguments (#36511)

BUG FIXES:

• resource/aws_bcmdataexports_export: Fix table_configurations expand/flatten (#37205)
• resource/aws_cloudwatch_event_connection: Add plan-time validation preventing empty auth_parameters.oauth.oauth_http_parameters or auth_parameters.invocation_http_parameters
body, header and query_string configuration blocks (#26755)
• resource/aws_elasticache_replication_group: Decrease replica count after other updates (#34819)
• resource/aws_elasticache_replication_group: Fix unexpected state 'snapshotting' errors when increasing or decreasing replica count (#30493)