FEATURES
- New Resource:
aws_lakeformation_resource(#13267)
NOTES
- resource/aws_imagebuilder_image_recipe: Previously the ordering of
componentconfiguration blocks was not properly handled by the resource, which could cause unexpected behavior with multiple Components. These configurations may see the ordering difference being fixed after upgrade. (#16566)
FEATURES
ENHANCEMENTS
- data-source/aws_launch_template: Add
associate_carrier_ip_addressattribute tonetwork_interfacesconfiguration block (#16707) - data-source/aws_launch_template: Add
throughputattribute toblock_device_mappings.ebsconfiguration block (#16649) - data-source/aws_launch_template: Support
idas argument (#16457) - resource/aws_appmesh_virtual_node: Add
listener.connection_poolattribute (#16167) - resource/aws_appmesh_virtual_node: Add
listener.outlier_detectionattribute (#16167) - resource/aws_launch_template: Add
associate_carrier_ip_addressattribute tonetwork_interfacesconfiguration block (#16707) - resource/aws_launch_template: Add
throughputattribute toblock_device_mappings.ebsconfiguration block (#16649) - resource/aws_spot_fleet_request: Add
throughputattribute tolaunch_specification.ebs_block_deviceandlaunch_specification.root_block_deviceconfiguration blocks (#16652) - resource/aws_ssm_maintenance_window: Add
schedule_offsetargument (#16569) - resource/aws_workspaces_workspace: Add failed request error code along with message (#16459)
BUG FIXES
- data-source/aws_customer_gateway: Prevent missing
idattribute when not configured as argument (#16667) - data-source/aws_ec2_transit_gateway: Prevent missing
idattribute when not configured as argument (#16667) - data-source/aws_ec2_transit_gateway_peering_attachment: Prevent missing
idattribute when not configured as argument (#16667) - data-source/aws_ec2_transit_gateway_route_table: Prevent missing
idattribute when not configured as argument (#16667) - data-source/aws_ec2_transit_gateway_vpc_attachment: Prevent missing
idattribute when not configured as argument (#16667) - data-source/aws_guardduty_detector: Prevent missing
idattribute when not configured as argument (#16667) - data-source/aws_imagebuilder_image_recipe: Ensure proper ordering of
componentattribute (#16566) - resource/aws_backup_plan: Prevent plan-time validation error for pre-existing resources with
lifecycledelete_afterand/orcopy_actionlifecycledelete_afterarguments configured (#16605) - resource/aws_imagebuilder_image_recipe: Ensure proper ordering of
componentconfiguration blocks (#16566) - resource/aws_workspaces_directory: Fix empty custom_security_group_id & default_ou (#16589)
ENHANCEMENTS
- resource/aws_backup_plan: Add plan-time validation for various arguments (#16476)
- resource/aws_eks_node_group: Make
capacity_typeaComputedattribute (#16552) - resource/aws_lambda_event_source_mapping: Add support for updating
maximum_batching_window_in_secondsfor SQS queue event sources (#16518) - resource/aws_ssm_maintenance_window_target: Add plan-time validation for
owner_informationandtargetsarguments (#16478) - resource/aws_storagegateway_gateway - add
timeout_in_seconds,organizational_unit,domain_controllersarguments forsmb_active_directory_settingsblock. (#16472) - resource/aws_storagegateway_gateway - add
smb_active_directory_settings. active_directory_status,ec2_instance_id,endpoint_type,host_environment, andgateway_network_interfaceattributes. (#16472) - resource/aws_storagegateway_gateway - add plan time validations for
smb_guest_password,smb_active_directory_settings. username,smb_active_directory_settings. password,smb_active_directory_settings. domain_name,gateway_timezone, andgateway_name. (#16472) - resource/aws_storagegateway_gateway - add support for
medium_changer_typevaluemedium_changer_type. (#16472)
BUG FIXES
- resource/aws_backup_plan: Retry on eventual consistency error during deletion (#16476)
- resource/aws_cloudwatch_event_target: Prevent potential panic and prevent recreation after state upgrade with custom
event_bus_namevalue (#16484) - resource/aws_ec2_client_vpn_network_association: Increase associate and disassociate timeouts from 10min to 30min (#16522)
- resource/aws_instance: Automatically retry instance restart on eventual consistency error during
instance_typein-place update (#16443) - resource/aws_lambda_function: Prevent error during deletion when resource not found (#16183)
- resource/aws_ssm_maintenance_window_target: Remove from state if not found (#16478)
FEATURES
- New Data Source:
aws_glue_registry(#16418)
ENHANCEMENTS
- resource/aws_apigatewayv2_domain_name: Add
mutual_tls_authenticationattribute to support mutual TLS authentication (#15249) - resource/aws_appmesh_virtual_gateway: Add
listener.connection_poolattribute (#16168) - data-source/aws_eks_cluster: add
kubernetes_network_configattribute (#15518) - resource/aws_storagegateway_smb_file_share - add support for
notification_policyandaccess_based_enumeration. (#16414) - resource/aws_storagegateway_smb_file_share - add plan time validation to
invalid_user_listandvalid_user_list. (#16414) - resource/aws_cognito_user_pool: add support for account recovery setting. (#12444)
- resource/aws_eks_cluster: add
kubernetes_network_configargument (#15518) - resource/aws_eks_node_group: Add
capacity_typeargument and support multipleinstance_types(Support Spot Node Groups) (#16510) - resource/aws_lambda_function: Add support for Container Images (#16512)
BUG FIXES
- resource/aws_fsx_windows_file_system: Prevent potential panics, unexpected errors, and use correct operation timeout on update (#16488)
FEATURES
- New Data Source:
aws_imagebuilder_image_pipeline(#16299) - New Data Source:
aws_imagebuilder_image_recipe(#16218) - New Data Source:
aws_serverlessrepository_application(#15874) - New Resource:
aws_backup_region_settings(#16114) - New Resource:
aws_imagebuilder_image_pipeline(#16299) - New Resource:
aws_imagebuilder_image_recipe(#16218) - New Resource:
aws_msk_scram_secret_association(#15302) - New Resource:
aws_networkfirewall_resource_policy(#16279) - New Resource:
aws_serverlessrepository_stack(#15874)
ENHANCEMENTS
- data-source/aws_codeartifact_repository_endpoint: Support
nugetvalue informatargument plan-time validation (#16422) - data-source/aws_msk_cluster: Add
bootstrap_brokers_sasl_scramattribute (#15302) - resource/aws_db_proxy_default_target_group: Make
connection_pool_configoptional (#16303) - resource/aws_kinesisanalyticsv2_application:
runtime_environmentnow supportsFLINK-1_11(#16389) - resource/aws_msk_cluster: Add
bootstrap_brokers_sasl_scramattribute (#15302) - resource/aws_msk_cluster: Add
client_authenticationsaslscramargument (#15302) - resource/aws_networkfirewall_firewall: Add
firewall_statusattribute to expose VPC endpoints (#16399)
BUG FIXES
- data-source/aws_lambda_function: Prevent Lambda
GetFunctionCodeSigningConfigAPI call error outside AWS Commercial regions (#16412) - resource/aws_cloudwatch_event_permission: Prevent
arn: invalid prefixerror during read in some environments (#16319) - resource/aws_kinesis_analytics_application: Respect the order of 'record_column' attributes (#16260)
- resource/aws_kinesisanalyticsv2_application: Respect the order of 'record_column' attributes (#16260)
- resource/aws_lambda_function: Prevent Lambda
GetFunctionCodeSigningConfigAPI call error outside AWS Commercial regions (#16412) - resource/aws_lb_listener: Mark
portargument as optional and only defaultprotocolargument toHTTPfor Application Load Balancers (Support Gateway Load Balancer) (#16306) - resource/aws_securityhub_member: Prevent
invitedattribute updates due to recent API changes (#16404)
FEATURES
- New Data Source:
aws_lambda_code_signing_config(#16384) - New Data Source:
aws_signer_signing_job(#16383) - New Data Source:
aws_signer_signing_profile(#16383) - New Resource:
aws_lambda_code_signing_config(#16384) - New Resource:
aws_signer_signing_job(#16383) - New Resource:
aws_signer_signing_profile(#16383) - New Resource:
aws_signer_signing_profile_permission(#16383)
ENHANCEMENTS
- data-source/aws_lambda_function: Add
code_signing_config_arn,signing_profile_version_arn, andsigning_job_arnattributes (#16384) - data-source/aws_lambda_layer_version: Add
signing_profile_version_arnandsigning_job_arnattributes (#16384) - resource/aws_accessanalyzer_analyzer: Adds plan time validation to
analyzer_name(#16265) - resource/aws_accessanalyzer_analyzer: Adds plan time validation to
analyzer_name(#16265) - resource/aws_fsx_windows_file_system: Support updating
throughput_capacityandstorage_capacity(#15582) - resource/aws_glue_catalog_table: Add partition index support (#16194)
- resource/aws_lambda_function: Add
code_signing_config_arnargument andsigning_profile_version_arnandsigning_job_arnattributes (#16384) - resource/aws_lambda_layer_version: Add
signing_profile_version_arnandsigning_job_arnattributes (#16384) - resource/aws_storagegateway_nfs_file_share: Add support for
notification_policy. (#16340) - resource/aws_storagegateway_nfs_file_share: Add plan time validation for
client_list,nfs_file_share_defaults. directory_mode,nfs_file_share_defaults. file_mode,nfs_file_share_defaults. group_id,nfs_file_share_defaults. owner_id(#16340) - resource/aws_workspaces_directory: Allows assigning IP group (#14451)
BUG FIXES
- resource/aws_fsx_windows_file_system: Update the default creation timeout from 30 to 45 minutes (#16363)
- resource/aws_lb: Fix
enable_cross_zone_load_balancingargument handling with Gateway Load Balancers (#16314)
- New Data Source:
aws_imagebuilder_component(#16159) - New Data Source:
aws_imagebuilder_distribution_configuration(#16180) - New Data Source:
aws_imagebuilder_infrastructure_configuration(#16186) - New Resource:
aws_api_gateway_rest_api_policy(#13619) - New Resource:
aws_backup_vault_policy(#16112) - New Resource:
aws_glue_dev_endpoint(#7895) - New Resource:
aws_imagebuilder_component(#16159) - New Resource:
aws_imagebuilder_distribution_configuration(#16180) - New Resource:
aws_imagebuilder_infrastructure_configuration(#16186) - New Resource:
aws_networkfirewall_firewall(#16277) - New Resource:
aws_networkfirewall_firewall_policy(#16277) - New Resource:
aws_networkfirewall_logging_configuration(#16277) - New Resource:
aws_networkfirewall_rule_group(#16277)
ENHANCEMENTS
- resource/aws_globalaccelerator_endpoint_group: Add
arnandport_overrideattributes (#16121) - resource/aws_glue_catalog_table: Add support for
parametersargument tostorage_descriptor.columnsblock (#16052) - resource/aws_glue_catalog_table: Add plan time validation for
description,name,partition_keys.name,partition_keys.comment,partition_keys.type,retention,view_original_text,view_expanded_text,storage_descriptor.name,storage_descriptor.comment,storage_descriptor.type,storage_descriptor.bucket_columns,storage_descriptor.ser_de_info.name,storage_descriptor.skewed_info.skewed_column_names,storage_descriptor.sort_columns.column,storage_descriptor.sort_columns.sort_order(#16052) - resource/aws_msk_cluster: Support in-place
kafka_versionupgrade (#13654) - resource/aws_storagegateway_smb_file_share: Add
file_share_nameargument (#16008) - resource_aws_storagegateway_nfs_file_share: Add
file_share_nameargument (#16072)
BUG FIXES
- data-source/aws_s3_bucket: Use provider credentials when getting the bucket region (fix AWS China non-ICP S3 Buckets and other restrictive environments) (#15481)
- resource/aws_apigatewayv2_stage: Correctly handle deletion of route_settings (#16133)
- resource/aws_backup_plan -
lifecycleblock incopy_actionis optional (#16116) - resource/aws_eks_fargate_profile: Serialize multiple profile creation and deletion to prevent
ResourceInUseExceptionerrors (#14020) - resource/aws_organizations_organization: Prevent recreation when
feature_setis updated toALL(#15473) - resource/aws_s3_bucket: Use provider credentials when getting the bucket region (fix AWS China non-ICP S3 Buckets and other restrictive environments) (#15481)
- resource/aws_s3_bucket_object: Correctly updates
version_idwhen certain configuration keys are changed (#14900)
ENHANCEMENTS
- data-source/aws_ec2_transit_gateway_route_table: Add
arnattribute (#13921) - data-source/aws_ec2_transit_gateway_vpc_attachment: Add
appliance_mode_supportattribute (#16159) - data-source/aws_route_table: Add
routevpc_endpoint_idattribute (#16131) - resource/aws_db_instance: Add
restore_to_point_in_timeargument andlatest_restorable_timeattribute (#15969) - resource/aws_default_route_table: Add
routeconfiguration blockvpc_endpoint_idargument (#16131) - resource/aws_ec2_transit_gateway: Support in-place updates for most arguments (#15556)
- resource/aws_ec2_transit_gateway_route_table: Add
arnattribute (#13921) - resource/aws_ec2_transit_gateway_vpc_attachment: Add
appliance_mode_supportargument (#16159) - resource/aws_ec2_transit_gateway_vpc_attachment_accepter: Add
appliance_mode_supportattribute (#16159) - resource/aws_kinesis_firehose_delivery_stream: Add
http_endpoint_configurationconfiguration block (#15356) - resource/aws_lb: Support
load_balancer_typeargument value ofgateway(#16131) - resource/aws_lb_target_group: Support
protocolargument value ofGENEVE(#16131) - resource/aws_rds_cluster: Add
restore_to_point_in_timeargument (#7031) - resource/aws_route: Add
vpc_endpoint_idargument (#16131) - resource/aws_route_table: Add
routeconfiguration blockvpc_endpoint_idargument (#16131) - resource/aws_vpc_endpoint: Support
vpc_endpoint_typeargument valueGatewayLoadBalancer(#16131) - resource/aws_vpc_endpoint_service: Add
gateway_load_balancer_arnsargument (#16131) - resource/aws_workspaces_workspace: Add configurable timeouts (#15479)
BUG FIXES
- data-source/aws_network_interface: Prevent crash with ENI attachments missing DeviceIndex or AttachmentID (#15567)
- resource/aws_cognito_identity_pool: Update
identity_pool_nameargument validation to include additional characters supported by the API (#15773) - resource/aws_db_instance: Ignore
DBInstanceNotFounderror during deletion (#15942) - resource/aws_ecs_service: Properly remove resource from Terraform state with
ClusterNotFoundExceptionerror (#15927) - resource/aws_eip: In EC2-Classic, wait until Instance returns as associated during create or update (#16032)
- resource/aws_eip_association: Retry on additional EC2 Address eventual consistency errors on creation (#16032)
- resource/aws_eip_association: In EC2-Classic, wait until Instance returns as associated during creation (#16032)
- resource/aws_kinesis_analytics_application: Handle IAM role eventual consistency issues (#16125)
- resource/aws_kinesisanalyticsv2_application: Handle IAM role eventual consistency issues (#16125)
- resource/aws_lb_target_group: Allow invalid configurations that were allowed prior to 3.10. (#15613)
- resource/aws_network_interface: Prevent crash with ENI attachments missing DeviceIndex or AttachmentID (#15567)
- resource/aws_s3_bucket: Add plan-time validation to
acl(#15327) - resource/aws_workspaces_bundle: Fix empty (private) owner (#14535)
BUG FIXES
- resource/aws_cloudwatch_event_target: Prevent regression from version 3.14.0 with
ListTargetsByRuleInput.EventBusNameerror (#16075)
FEATURES
- New Data Source:
aws_route53_resolver_endpoint(#8628) - New Data Source:
aws_sagemaker_prebuilt_ecr_image(#15924) - New Data Source:
aws_workspaces_workspace(#14135) - New Resource:
aws_secretsmanager_secret_policy(#14468)
ENHANCEMENTS
- resource/aws_apigatewayv2_integration:
timeout_millisecondshas different valid ranges and default values between HTTP and WebSocket APIs.timeout_millisecondsis nowComputed, meaning Terraform will only perform drift detection of its value when present in a configuration. (#16017) - resource/aws_cloudwatch_event_permission: Add
event_bus_name(#15922) - resource/aws_cloudwatch_event_target: Add plan time validation to
arn,role_arn,launch_type,task_definition_arn(#11685) - resource/aws_cloudwatch_event_target: Add
event_bus_name(#15799) - resource/aws_codeartifact_domain: add
tagsargument. (#16006) - resource/aws_codeartifact_repository: add
tagsargument. (#16006) - resource/aws_eip: Add
network_border_groupargument (#14028) - resource/aws_glue_catalog_database: add plan time validations for
descriptionandname. (#15956) - resource/aws_glue_crawler: Support MongoDB target (#15934)
- resource/aws_glue_trigger: Add plan time validation to
name(#15793) - resource/aws_glue_trigger: Add
security_configurationandnotification_propertyarguments toactionsblock (#15793) - resource/aws_kinesis_analytics_application: Wait for resource deletion. (#16005)
- resource/aws_kinesis_analytics_application:
inputs.parallelismis a computed attribute. (#16005) - resource/aws_kinesis_analytics_application: Handle
inputs.processing_configurationaddition and deletion. (#16005) - resource/aws_kinesis_analytics_application: Handle
reference_data_sourcesdeletion. (#16005) - resource/aws_kinesis_analytics_application: Handle
cloudwatch_logging_optionsdeletion. (#16005) - resource/aws_kinesis_analytics_application: Set the
descriptionattribute on creation. (#16005) - resource/aws_sagemaker_endpoint_configuration: Add support for
data_capture_config. (#15887) - resource/aws_sagemaker_endpoint_configuration: Add plan time validation for
production_variants.accelerator_type,production_variants.instance_type. (#15887) - resource/aws_sagemaker_model: Add support for
primary_container. image_configandcontainers.image_config(#15957) - resource/aws_sagemaker_model: Add plan time validation for
execution_role_arn(#15957)
BUG FIXES
- resource/aws_datasync_task: Allow
UNAVAILABLEas pending status during creation (#15949) - resource/aws_glue_classifier: Fix
quote_symbolbeing optional (#15948) - resource/aws_lambda_function: Publish version if value of
publishis only change (#15020) - resource/aws_rds_cluster: Prevent error removing cluster from global cluster when not found (#15938)
- resource/aws_rds_cluster: Prevent recreation when using
snapshot_identifierandkms_key_idwithoutstorage_encrypted = true(#15915) - resource/aws_rds_cluster_instance: Add Cluster Identifier to creation error message (#15939)
- resource/aws_rds_global_cluster: Prevent error removing cluster from global cluster when not found (#15938)
NOTES
- data-source/aws_autoscaling_groups: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_caller_identity: The
idattribute has changed to the ID of the AWS Account. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ebs_snapshot_ids: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ebs_volumes: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_coip_pools: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_instance_type_offerings: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_local_gateway_route_tables: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_local_gateway_virtual_interface_groups: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_local_gateways: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_ec2_spot_price: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_efs_access_points: The
idattribute has changed to the EFS File System identifier. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_glue_script: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_inspector_rules_packages: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_instances: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_kms_ciphertext: The
idattribute has changed to the KMS Key. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_kms_secrets: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15725) - data-source/aws_network_acls: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_network_interfaces: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_organizations_organizational_units: The
idattribute has changed to the parent identifier. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_outposts_outposts: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_outposts_sites: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_route_tables: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_route53_resolver_rules: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_s3_bucket_objects: The
idattribute has changed to the name of the S3 Bucket. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_security_groups: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_vpc_peering_connections: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896) - data-source/aws_vpcs: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15896)
FEATURES
- New Resource:
aws_glue_resource_policy(#10361) - New Resource:
aws_s3control_bucket(#15510) - New Resource:
aws_s3control_bucket_lifecycle_configuration(#15604) - New Resource:
aws_s3control_bucket_policy(#15575) - New Resource:
aws_s3outposts_endpoint(#15585) - New Resource:
aws_sagemaker_code_repository(#15809) - New Resource:
aws_storagegateway_tape_pool(#15370)
ENHANCEMENTS
- resource/aws_cloudwatch_event_rule: Add
event_bus_name(#15727) - resource/aws_ecs_service: Add
wait_for_steady_stateargument (#3485) - resource/aws_s3_access_point: Support S3 on Outposts (#15621)
- resource/aws_sagemaker_model: Add
containerconfiguration blockmodeargument (#15371) - resource/aws_sagemaker_notebook_instance: Add support for
additional_code_repositories(#15830) - resource/aws_sagemaker_notebook_instance: Add
urlandnetwork_interface_idattributes (#15802)
BUG FIXES
- data-source/aws_autoscaling_groups: Prevent plan differences with the
idattribute (#15896) - data-source/aws_caller_identity: Prevent plan differences with the
idattribute (#15896) - data-source/aws_ebs_snapshot_ids: Prevent plan differences with the
idattribute (#15896) - data-source/aws_ebs_volumes: Prevent plan differences with the
idattribute (#15896) - data-source/aws_ec2_coip_pools: Prevent plan differences with the
idattribute (#15896) - data-source/aws_ec2_instance_type_offerings: Prevent plan differences with the
idattribute (#15896) - data-source/aws_ec2_local_gateway_route_tables: Prevent plan differences with the
idattribute (#15896) - data-source/aws_ec2_local_gateway_virtual_interface_groups: Prevent plan differences with the
idattribute (#15896) - data-source/aws_ec2_local_gateways: Prevent plan differences with the
idattribute (#15896) - data-source/aws_ec2_spot_price: Prevent plan differences with the
idattribute (#15896) - data-source/aws_efs_access_points: Prevent plan differences with the
idattribute (#15896) - data-source/aws_glue_script: Prevent plan differences with the
idattribute (#15896) - data-source/aws_inspector_rules_packages: Prevent plan differences with the
idattribute (#15896) - data-source/aws_instances: Prevent plan differences with the
idattribute (#15896) - data-source/aws_kms_ciphertext: Prevent plan differences with the
idattribute (#15896) - data-source/aws_kms_secrets: Prevent plan differences with the
idattribute (#15725) - data-source/aws_network_acls: Prevent plan differences with the
idattribute (#15896) - data-source/aws_network_interfaces: Prevent plan differences with the
idattribute (#15896) - data-source/aws_organizations_organizational_units: Prevent plan differences with the
idattribute (#15896) - data-source/aws_outposts_outposts: Prevent plan differences with the
idattribute (#15896) - data-source/aws_outposts_sites: Prevent plan differences with the
idattribute (#15896) - data-source/aws_route_tables: Prevent plan differences with the
idattribute (#15896) - data-source/aws_route53_resolver_rules: Prevent plan differences with the
idattribute (#15896) - data-source/aws_s3_bucket_objects: Prevent plan differences with the
idattribute (#15896) - data-source/aws_security_groups: Prevent plan differences with the
idattribute (#15896) - data-source/aws_vpc_peering_connections: Prevent plan differences with the
idattribute (#15896) - data-source/aws_vpcs: Prevent plan differences with the
idattribute (#15896) - resource/aws_apigatewayv2_integration: Correctly handle update of AWS service integrations (#15894)
- resource/aws_api_gateway_usage_plan: Change
api_stagesto from List to Set (#14345) - resource/aws_lambda_function: Update published
versionandqualified_arnon config changes (#15121) - resource/aws_rds_global_cluster: Prevent recreation when using encrypted
source_db_cluster_identifierwithoutstorage_encrypted(#15916) - resource/aws_vpc_peering_connection_options: Only modify options that have changed (#12126)
FEATURES
- New Data Source:
aws_rds_certificate(#15789) - New Resource:
aws_autoscalingplans_scaling_plan(#8965) - New Resource:
aws_cloudwatch_event_bus(#10256) - New Resource:
aws_kinesisanalyticsv2_application(#11652) - New Resource:
aws_storagegateway_stored_iscsi_volume(#12027)
ENHANCEMENTS
- resource/aws_cloudwatch_event_target: Add validation to
input_transformer.input_pathsmap (#15669) - resource/aws_codeartifact_repository - support external connections (#15569)
- resource/aws_fsx_lustre_file_system: Add
copy_tags_to_backupssupport (#15687) - resource/aws_fsx_lustre_file_system: Increased maximum
automatic_backup_retention_daysfrom 35 to 90 (#15641) - resource/aws_fsx_windows_file_system: Increased maximum
automatic_backup_retention_daysfrom 35 to 90 (#15641) - resource/aws_glue_catalog_table: add validation checks for resource properties (#12523)
- resource/aws_network_interface: Add
ipv6_addressesandipv6_address_countarguments (#12281) - resource/aws_sagemaker_notebook_instance:
lifecycle_config_nameandroot_accessare updateable. (#15385) - resource/aws_sagemaker_notebook_instance: plan time validation for
role_arn,instance_type. (#15385)
BUGFIXES
- resource/aws_workspaces_workspace: Fix terminated state resolution (#15705)
- resource/aws_glue_table_catalog_table: Prevent errors on
unsetofser_de_info.name(#15127) - resource/aws_glue_security_configuration: Don't send empty
kms_arnif mode isDISABLED(#13618)
FEATURES
- New Data Source:
aws_codeartifact_repository_endpoint(#15566) - New Resource:
aws_appmesh_gateway_route(#15638) - New Resource:
aws_appmesh_virtual_gateway(#15611)
BUG FIXES
- resource/aws_ec2_transit_gateway_route: Prevent plan errors with compressed IPv6 addresses (#14846)
ENHANCEMENTS
- data-source/aws_workspaces_directory: Add workspaces creation properties (#14577)
- resource/aws_backup_plan: Add support for AdvancedBackupSettings (#15341)
- resource/aws_sagemaker_notebook_instance: Add
default_code_repositoryattribute (#13772) - resource/aws_sagemaker_notebook_instance: Add
volume_sizeattribute (#15521) - resource/aws_workspaces_directory: Add workspaces creation properties (#14577)
FEATURES
- New Data Source:
aws_codeartifact_authorization_token(#15425) - New Data Source:
aws_ec2_instance_type(#13124) - New Data Source:
aws_lex_bot_alias(#8919) - New Data Source:
aws_redshift_orderable_cluster(#15438) - New Resource:
aws_codeartifact_repository_permissions_policy(#15562) - New Resource:
aws_lex_bot_alias(#8919) - New Resource:
aws_s3_bucket_ownership_controls(#15482)
NOTES
- data-source/aws_acm_certificate: The
idattribute has changed to the ARN of the ACM Certificate. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_autoscaling_group: The
idattribute has changed to the name of the Auto Scaling Group. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_availability_zones: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_db_event_categories: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ebs_default_kms_key: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ebs_encryption_by_default: The
idattribute has changed to the name of the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ec2_instance_type_offering: The
idattribute has changed to the EC2 Instance Type. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ecr_authorization_token: The
idattribute has changed to the AWS Region. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_ecr_image: The
idattribute has changed to the SHA256 digest of the ECR Image. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_eks_cluster_auth: The
idattribute has changed to the name of the EKS Cluster. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_iam_account_alias: The
idattribute has changed to the AWS Account Alias. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_kms_alias: The
idattribute has changed to the ARN of the KMS Alias. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_partition: The
idattribute has changed to the identifier of the AWS Partition. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_regions: The
idattribute has changed to the identifier of the AWS Partition. The first apply of this updated data source may show this difference. (#15399) - data-source/aws_sns_topic: The
idattribute has changed to the ARN of the SNS Topic. The first apply of this updated data source may show this difference. (#15399)
ENHANCEMENTS
- data-source/aws_batch_compute_environment: Add
tagsattribute (#15470) - data-source/aws_batch_job_queue: Add
tagsattribute (#15470) - data-source/aws_vpc_endpoint_service: Accept
service_typeas argument (#15467) - resource/aws_appmesh_route: Add
timeoutconfiguration block togrpc_route,http_route,http2_routeandtcp_routeattributes. (#14361) - resource/aws_appmesh_virtual_node: Add
timeoutconfiguration block tolistenerattribute. (#14361) - resource/aws_batch_compute_environment: Add
tagsargument (#15470) - resource/aws_batch_job_definition: Add
tagsargument (#15470) - resource/aws_batch_job_queue: Add
tagsargument (#15470) - resource/aws_lb_target_group: Add
source_ipas an option for thestickiness.typeargument. (#15295) - resource/aws_sns_topic_subscription: Create subscriptions with attributes (delivery policy, filter policy, etc.) instead of separate API calls (#10496)
BUG FIXES
- data-source/aws_acm_certificate: Prevent plan differences with the
idattribute (#15399) - data-source/aws_autoscaling_group: Prevent plan differences with the
idattribute (#15399) - data-source/aws_availability_zones: Prevent plan differences with the
idattribute (#15399) - data-source/aws_db_event_categories: Prevent plan differences with the
idattribute (#15399) - data-source/aws_ebs_default_kms_key: Prevent plan differences with the
idattribute (#15399) - data-source/aws_ebs_encryption_by_default: Prevent plan differences with the
idattribute (#15399) - data-source/aws_ec2_instance_type_offering: Prevent plan differences with the
idattribute (#15399) - data-source/aws_ecr_authorization_token: Prevent plan differences with the
idattribute (#15399) - data-source/aws_ecr_image: Prevent plan differences with the
idattribute (#15399) - data-source/aws_eks_cluster_auth: Prevent plan differences with the
idattribute (#15399) - data-source/aws_iam_account_alias: Prevent plan differences with the
idattribute (#15399) - data-source/aws_kms_alias: Prevent plan differences with the
idattribute (#15399) - data-source/aws_partition: Prevent plan differences with the
idattribute (#15399) - data-source/aws_regions: Prevent plan differences with the
idattribute (#15399) - data-source/aws_sns_topic: Prevent plan differences with the
idattribute (#15399) - resource/aws_acm_certificate: Prevent unexpected timeout error on deletion due to API retries (#15522)
- resource/aws_batch_job_definition: Prevent unexpected plan difference for
container_propertiesargument value with new secrets support (#15470) - resource/aws_codestarnotifications_notification_rule: Prevent unexpected timeout error during target deletion due to API retries (#15523)
- resource/aws_config_remediation_configuration: Prevent unexpected timeout error on deletion due to API retries (#15524)
- resource/aws_db_proxy: Increase default deletion timeout to 60 minutes (#15537)
- resource/aws_db_proxy_target: Ensure
db_proxy_nameandtarget_group_nameattributes are properly imported (#15537) - resource/aws_ecs_cluster: Prevent IAM Service Linked Role error on first ECS provision (#15457)
- resource/aws_emr_instance_fleet: Prevent error on deletion when EMR Cluster is no longer running (#15548)
- resource/aws_emr_managed_scaling_policy: Ensure
cluster_idattribute is properly saved during import (#15541) - resource/aws_emr_managed_scaling_policy: Handle additional cases where resource should be removed from Terraform state (#15541)
- resource/aws_gamelift_fleet: Prevent unexpected timeout error on creation due to API retries (#15526)
- resource/aws_glue_workflow: Ensure
max_concurrent_runsattribute is properly saved during import (#15538) - resource/aws_lex_bot: Prevent unexpected timeout error on creation due to API retries (#15527)
- resource/aws_lex_bot_alias: Prevent unexpected timeout error on creation due to API retries (#15527)
- resource/aws_lex_intent: Prevent unexpected timeout error on creation due to API retries (#15527)
- resource/aws_lex_slot_type: Prevent unexpected timeout error on creation due to API retries (#15527)
- resource/aws_organizations_policy: Prevent errors with imported AWS-managed Organizations policies (#15446)
- resource/aws_s3_bucket: Correctly handle provider-level ignored tag configuration (#12013)
- resource/aws_s3_bucket: Correctly set expiration for lifecycle_rule with abort_incomplete_multipart_upload_days set (#15263)
- resource/aws_s3_bucket_analytics_configuration: Prevent unexpected timeout error on deletion due to API retries (#15529)
- resource/aws_s3_bucket_object: Correctly handle provider-level ignored tag configuration (#12013)
FEATURES
- New Resource:
aws_backup_vault_notifications(#12501) - New Resource:
aws_codeartifact_domain(#13743) - New Resource:
aws_codeartifact_domain_permissions(#13753) - New Resource:
aws_codeartifact_repository(#14429) - New Resource:
aws_db_proxy_target(#12784) - New Resource:
aws_glue_data_catalog_encryption_settings(#14916) - New Resource:
aws_glue_ml_transform(#14909) - New Resource:
aws_glue_partition(#12547) - New Resource:
aws_lex_bot(#8918) - New Resource:
aws_lex_intent(#8917) - New Data Source:
aws_lex_bot(#8918) - New Data Source:
aws_lex_intent(#8917)
ENHANCEMENTS
- resource/aws_appmesh_route: Add
grpc_routeandhttp2_routeattributes to support gRPC and HTTP/2 services (#11669) - resource/aws_appmesh_route: Add
retry_policyattribute to support App Mesh retry policies (#11660) - resource/aws_appmesh_virtual_node: Add
grpcandhttp2as valid values for theprotocolattribute (#11669) - resource/aws_appmesh_virtual_node: Add
spec.backend_defaults,spec.backend.virtual_service.client_policyandspec.listener.tlsattributes to support TLS in transit encryption (#12541) - resource/aws_appmesh_virtual_router: Add
grpcandhttp2as valid values for theprotocolattribute (#11669) - resource/aws_fsx_lustre_file_system: Add
auto_import_policyargument (#15231) - resource/aws_fsx_lustre_file_system: Support
daily_automatic_backup_start_time(#15299) - resource/aws_fsx_lustre_file_system: Add
storage_typeanddrive_cache_type(#14727) - resource/aws_glue_crawler: Add
connection_namefield tos3_targetblock (#15350) - resource/aws_sagemaker_notebook_instance: Ability to configure root access for Sagemaker notebook instances (#14184)
BUG FIXES
- data-source/aws_s3_bucket_object: Prevent crash when S3 HeadObject returns empty response (#14154)
- resource/aws_db_instance: Prevent ordering differences with
enabled_cloudwatch_logs_exportsargument (#15404) - resource/aws_ec2_client_vpn_authorization_rule: Increased active and revoked timeouts from 5 to 10 minutes (#15367)
- resource/aws_rds_cluster: Prevent ordering differences with
enabled_cloudwatch_logs_exportsargument (#15404) - resource/aws_redshift_cluster: Increase default update timeout to 75 minutes (#15339)
FEATURES
- New Resource:
aws_datasync_location_fsx_windows(#12686) - New Resource:
aws_route53_resolver_query_log_config. (#14897) - New Resource:
aws_route53_resolver_query_log_config_association. (#14901) - New Data Source:
aws_rds_engine_version(#15228) - New Data Source:
aws_docdb_engine_version(#15253) - New Data Source:
aws_neptune_engine_version(#15259) - New Data Source:
aws_workspaces_image(#11428)
ENHANCEMENTS
- data-source/aws_lb: Add
customer_owned_ipv4_poolandsubnet_mappingoutpost_idattributes (#15170) - resource/aws_apigatewayv2_api: Add
disable_execute_api_endpointattribute (#15250) - resource/aws_apigatewayv2_authorizer: Add
authorizer_payload_format_version,authorizer_result_ttl_in_secondsandenable_simple_responsesattribute to support Lambda authorizers for HTTP APIs (#15232) - resource/aws_apigatewayv2_authorizer: Change
identity_sourcesto an optional attribute (#15232) - resource/aws_appmesh_mesh: Add
mesh_ownerandresource_ownerattributes (#14349) - resource/aws_appmesh_route: Add
mesh_ownerargument andresource_ownerattribute (#14349) - resource/aws_appmesh_virtual_node: Add
mesh_ownerargument andresource_ownerattribute (#14349) - resource/aws_appmesh_virtual_router: Add
mesh_ownerargument andresource_ownerattribute (#14349) - resource/aws_appmesh_virtual_service: Add
mesh_ownerargument andresource_ownerattribute (#14349) - resource/aws_elasticsearch_domain: Support
AUDIT_LOGSlog type (#15218) - resource/aws_glue_connection: Support
NETWORKconnection type (#14818) - resource/aws_glue_crawler: Add support for
scan_allandscan_ratearguments for ddb targets (#14819) - resource/aws_glue_crawler: Allow removing
table_prefix(#15268) - resource/aws_glue_job: Add
non_overridable_argumentsargument (#14793) - resource/aws_glue_workflow: Add
tagsargument (#14910) - resource/aws_glue_workflow: Add
arnattribute (#14910) - resource/aws_glue_workflow: Add
max_concurrent_runsargument (#14910) - resource/aws_glue_workflow: Plan time validation for
name(#14910) - resource/aws_fsx_lustre_file_system: Add support for backup retention (#14446)
- resource/aws_fsx_lustre_file_system: Add
kms_key_idargument (#15057) - resource/aws_fsx_lustre_file_system: Add
mount_nameargument (#14313) - resource/aws_lb: Add
customer_owned_ipv4_poolargument andsubnet_mappingoutpost_idattribute (#15170) - resource/aws_organizations_policy: Add
tagsargument (#15316) - resource/aws_rds_cluster: Add
allow_major_version_upgradeargument (#14709) - resource/aws_storagegateway_smb_file_share: Add
admin_user_listargument (#12196) - resource/aws_transfer_server: Support
VPCvalue forendpoint_typeargument and addendpoint_detailsconfiguration blockaddress_allocation_ids,subnet_ids, andvpc_idarguments (#12599) - resource/aws_transfer_user: Add
home_directory_mappingsconfiguration blocks andhome_directory_typeargument (#13591)
BUG FIXES
- resource/aws_dynamodb_table: Ensure changes in
name,range_key,projection_type, ornon_key_attributesof alocal_secondary_indexconfiguration block force resource recreation (#12335) - resource/aws_dynamodb_table: Ensure
local_secondary_indexnon_key_attributesare sent through API requests on resource creation (#15115) - resource/aws_efs_mount_target: Increase create timeout to 30 minutes (#15293)
- resource/aws_fsx_lustre_file_system: Change
aws_fsx_lustre_file_system's'snetwork_interface_idstoTypeListto preserve ordering. (#14314) - resource/aws_neptune_cluster_instance: Add
configuring-enhanced-monitoringto expected states when creating and updating (#15284) - resource/aws_vpn_gateway: Increase VPC detachment timeout to 30 minutes (#15201)
- resource/aws_vpn_gateway_attachment: Increase VPC detachment timeout to 30 minutes (#15201)
FEATURES
- New Resource:
aws_config_remediation_configuration(#13884)
ENHANCEMENTS
- resource/aws_db_cluster_snapshot: Add plan-time validation for
db_cluster_snapshot_identifierargument (#15132) - resource/aws_kinesis_firehose_delivery_stream: Add
server_side_encryptionkey_arnandkey_typearguments (support KMS Customer Managed Key encryption) (#11954)
BUG FIXES
- data-source/aws_kms_secrets: Prevent
plaintextvalues to appear in CLI output with Terraform 0.13 (#15169) - resource/aws_acm_certificate: Prevent tagging is not permitted on re-import error (#15060)
- resource/aws_cognito_identity_pool: Prevent ordering differences for
openid_connect_provider_arnsargument (#15178)
FEATURES
- New Resource:
aws_db_proxy_default_target_group(#12743)
BUG FIXES
- resource/aws_ec2_client_vpn_authorization_rule: Increase active and revoked timeouts from 1 to 5 minutes (#15037)
FEATURES
- New Data Source:
aws_docdb_orderable_db_instance(#14931) - New Data Source:
aws_lex_slot_type(#8916) - New Data Source:
aws_neptune_orderable_db_instance(#14953) - New Data Source:
aws_rds_orderable_db_instance(#14834) - New Data Source:
aws_vpc_peering_connections(#9491) - New Resource:
aws_codebuild_report_group(#12573) - New Resource:
aws_db_proxy(#12704) - New Resource:
aws_emr_instance_fleet(#14813) - New Resource:
aws_glue_user_defined_function(#12537) - New Resource:
aws_guardduty_filter(#14876) - New Resource:
aws_lex_slot_type(#8916)
ENHANCEMENTS
- data-source/aws_cur_report_definition: Add
refresh_closed_reportsandreport_versioningattributes (#12428) - data-source/aws_outposts_outpost: Add
arnargument (#14967) - data-source/aws_route: Add
local_gateway_idattribute (#14864) - data-source/aws_route_table: Add
routelocal_gateway_idattribute (#14864) - resource/aws_acm_certificate: Provide additional plan-time validation for
subject_alternative_namesargument values (#14782) - resource/aws_ami: Support
io2value forvolume_typeargument plan-time validation (#14906) - resource/aws_autoscaling_group: Support provider-level
ignore_tagsconfiguration (#13868) - resource/aws_cloudtrail: Add
insight_selectorconfiguration block (#12390) - resource/aws_cur_report_definition: Add
refresh_closed_reportsandreport_versioningarguments (#12428) - resource/aws_cur_report_definition: Support
ATHENAvalue inadditional_artifactsargument plan-time validation (#12428) - resource/aws_cur_report_definition: Support
Parquetvalue incompressionandformatargument plan-time validations (#12428) - resource/aws_cur_report_definition: Support
MONTHLYvalue intime_unitargument plan-time validation (#12428) - resource/aws_ebs_volume: Support io2 type (#14894)
- resource/aws_ec2_client_vpn_endpoint: Support
authentication_optionstypeargumentfederated-authenticationvalue and newsaml_provider_arnargument (#14171) - resource/aws_emr_cluster: Add
core_instance_fleetandmaster_instance_fleetconfiguration blocks (#14788) - resource/aws_instance: Support
io2value forvolume_typeargument plan-time validation (#14906) - resource/aws_kinesis_firehose_delivery_stream: Add
elasticsearch_configurationvpc_configconfiguration block (#13269) - resource/aws_kinesis_firehose_delivery_stream: Add
elasticsearch_configurationcluster_endpointargument (#12484) - resource/aws_kinesis_firehose_delivery_stream: Add various plan-time validations for arguments (#12484)
- resource/aws_launch_template: Support
io2value forvolume_typeargument plan-time validation (#14906) - resource/aws_msk_configuration: Support resource in-place updates and deletion (#14826)
- resource/aws_route: Add
local_gateway_idargument (#14864) - resource/aws_route_table: Add
routelocal_gateway_idargument (#14864) - resource/aws_spot_fleet_request: Support
io2value forvolume_typeargument plan-time validation (#14906) - resource/aws_wafv2_rule_group: Add
ip_set_forwarded_ip_configconfiguration block toip_set_reference_statement(#14902) - resource/aws_wafv2_web_acl: Add
ip_set_forwarded_ip_configconfiguration block toip_set_reference_statement(#14902)
BUG FIXES
- resource/aws_autoscaling_group: Prevent unnecessary tag removal and recreation within tag updates (#13868)
- resource/aws_cloudfront_distribution: Prevent panic with missing
ForwardedValues(#14993) - resource/aws_dynamodb_table: Properly update
global_secondary_indexnon_key_attributesvalues (#9988) - resource/aws_emr_cluster: Prevent recreation when
ebs_config.volumes_per_instanceis greater than 1 (#14858) - resource/aws_lambda_function_event_invoke_config: Prevent unexpected format of function resource error (#14851)
- resource/aws_lightsail_instance: Prevent panic with key-only tags (#13868)
- resource/aws_mq_configuration: Prevent additional revision creation with
tagsonly updates (#14850) - resource/aws_opsworks_stack: Suppress equivalent
custom_jsondifferences (#14886) - resource/aws_rds_cluster_endpoint: Increase creation timeout to 30 minutes (#14862)
- resource/aws_route53_resolver_rule: Correct handling for single period (
.) value indomain_nameargument (#15015) - resource/aws_route53_zone_association: Correctly handle zones with over 100 VPC associations (#14885)
- resource/aws_waf_rate_based_rule: Properly update
rate_limitvalue (#14964) - resource/aws_workspaces_workspace: Prevent error when
workspace_propertiesrunning_modeis set toALWAYS_ON(#13976)
FEATURES
- New Data Source:
aws_db_subnet_group(#9525) - New Resource:
aws_emr_managed_scaling_policy(#13965) - New Resource:
aws_guardduty_publishing_destination(#13894) - New Resource:
aws_securityhub_action_target(#10493) - New Resource:
aws_xray_encryption_config(#13600) - New Resource:
aws_xray_group(#13597)
ENHANCEMENTS
- resource/aws_apigatewayv2_integration: Add
integration_subtypeargument (Support AWS service integrations for HTTP APIs) (#14860) - resource/aws_elasticache_replication_group: Add plan-time validation for
notification_topic_arnandsnapshot_arnsarguments (#12974) - resource/aws_globalaccelerator_endpoint_group: Add
client_ip_preservation_enabledargument to theendpoint_configurationconfiguration block (#14486) - resource/aws_storagegateway_cached_iscsi_volume: Add
kms_encryptedandkms_keyarguments (#12066) - resource/aws_storagegateway_gateway: Add
smb_security_strategyargument (#13563) - resource/aws_storagegateway_gateway: Add plan-time validation for
gateway_ip_addressargument (#13563) - resource/aws_storagegateway_gateway: Add
average_download_rate_limit_in_bits_per_secandaverage_upload_rate_limit_in_bits_per_secarguments (#13568) - resource/aws_storagegateway_nfs_file_share: Add
cache_attributesconfiguration block (#14759) - resource/aws_storagegateway_nfs_file_share: Support
S3_INTELLIGENT_TIERINGvalue indefault_storage_classargument plan-time validation (#14759) - resource/aws_storagegateway_smb_file_share: Add
cache_attributesconfiguration block andcase_sensitivityargument (#14790) - resource/aws_storagegateway_smb_file_share: Support
S3_INTELLIGENT_TIERINGvalue indefault_storage_classargument plan-time validation (#14790) - resource/aws_xray_sampling_rule: Add
tagsargument (#14831)
BUG FIXES
- resource/aws_acmpca_certificate_authority: Ensure
DELETEDstatus triggers state removal (#13684) - resource/aws_appmesh_virtual_node: Prevent panics with empty
backendconfiguration blocks (#14074) - resource/aws_cloudfront_distribution: Preview panics during resource import with empty
forwarded_values.query_string(#14844) - resource/aws_elasticache_replication_group: Ensure
tagsare stored in Terraform state and properly updated (#12974) - resource/aws_emr_instance_group: Increase creation and update timeout to 30 minutes (#13077] / [#14106)
- resource/aws_globalaccelerator_accelerator: Increase creation timeout to 10 minutes (#14486)
- resource/aws_globalaccelerator_endpoint_group: Prevent differences with
health_check_pathdefaults (#14486) - resource/aws_glue_crawler: Properly update
schedulevalue (#14792)
ENHANCEMENTS
- data-source/aws_lambda_layer_version: Support
java8.al2andprovided.al2inruntimeargument plan-time validation (#14663) - provider: Support for appending information to User-Agent request headers with the
TF_APPEND_USER_AGENTenvironment variable (#14555) - resource/aws_apigatewayv2_api: Add
bodyargument (#12567) - resource/aws_customer_gateway: Support tag on create (#14501)
- resource/aws_dms_replication_instance: Add
allow_major_version_upgradeargument (#14550) - resource/aws_ec2_client_vpn_network_association: Allow specifying custom security groups (#14146)
- resource/aws_ec2_client_vpn_network_association: Support resource import (#14146)
- resource/aws_egress_only_intrenet_gateway:-Ssupport tag on create (#14501)
- resource/aws_eks_node_group: Support
AL2_ARM_64value forami_typeargument plan-time validation (#14729) - resource/aws_eks_node_group: Add
launch_templateconfiguration block (#14639) - resource/aws_internet_gateway: Support tag on create (#14501)
- resource/aws_lambda_function: Support
java8.al2andprovided.al2inruntimeargument plan-time validation (#14663) - resource/aws_lambda_layer_version: Support
java8.al2andprovided.al2incompatible_runtimesargument plan-time validation (#14663) - resource/aws_launch_template: Support
elastic-gpuandspot-instances-requestintag_specificationsresource_typeargument plan-time validation (#14662) - resource/aws_network_acl: Support tag on create (#14501)
- resource/aws_network_interface: Support tag on create (#14501)
- resource/aws_route_table: Support tag on create (#14501)
- resource/aws_security_group: Support tag on create (#14501)
- resource/aws_spot_instance_request: Support tag on create (#14501)
- resource/aws_storagegatway_smb_file_share: Add
audit_destination_arnandsmb_acl_enabledarguments (#13572) - resource/aws_subnet: Support tag on create (#14501)
- resource/aws_subnet: Add plan-time validation to
ipv6_cidr_blockargument (#12303) - resource/aws_vpc_dhcp_options: Support tag on create (#14501)
- resource/aws_vpc_peering_connection: Support tag on create (#14501)
- resource/aws_vpn_connection: Support tag on create (#14501)
- resource/aws_vpn_gateway: Support tag on create (#14501)
- resource/aws_wafv2_rule_group: Add
forwarded_ip_configconfiguration block togeo_match_statement(#14685) - resource/aws_wafv2_web_acl: Add
forwarded_ip_configconfiguration block torate_based_statementandgeo_match_statement(#14685) - resource/aws_wafv2_web_acl: Support
FORWARDED_IPvalue forrate_based_statementaggregate_key_typeargument plan-time validation (#14685)
BUG FIXES
- resource/aws_api_gateway_vpc_link: Increase create, update, and delete timeouts to 20 minutes (#10407)
- resource/aws_apigatewayv2_stage: Set
execution_arnattribute for HTTP APIs (#14638) - resource/aws_db_parameter_group: Restore ability to update
parameterconfiguration values (#12112) - resource/aws_user_pool_domain: Ensure state removal when deleted outside Terraform (#14732)
- resource/aws_rds_cluster_parameter_group: Restore ability to update
parameterconfiguration values (#12112) - resource/aws_ssm_parameter: Handle retries after creation for asynchronous
data_typevalidation process (#14514) - resource/aws_storagegateway_nfs_file_share: Skip
UpdateSMBFileShareAPI call when onlytagschange and remove extraneousListTagsForResourceAPI call during read (#13590) - resource/aws_subnet: Ensure
ipv6_cidr_blockargument performs removal when removed from configuration (#12303)
ENHANCEMENTS
- data-source/aws_launch_configuration: Add
ebs_block_deviceno_deviceattribute (#14583) - data-source/aws_lb: Add
subnet_mappingprivate_ipv4_addressattribute (#14545) - provider: Upgrade to Terraform Plugin SDK V2. There should be no breaking changes from a practitioner's perspective. Some validation errors should now feature enhanced messaging. (#14432)
- resource/aws_accessanalyzer_analyzer: Support
ORGANIZATIONvalue intypeargument (#14493) - resource/aws_codebuild_project: Support
WINDOWS_SERVER_2019_CONTAINERvalue inenvironmenttypeargument plan-time validation (#14532) - resource/aws_organizations_organization: Support
AISERVICES_OPT_OUT_POLICYvalue inenabled_policy_typesargument plan-time validation (Support AI Opt Out policies) (#14650) - resource/aws_organizations_policy: Support
AISERVICES_OPT_OUT_POLICYvalue intypeargument plan-time validation (Support AI Opt Out policies) (#14528) - resource/aws_route53_health_check: Add
disabledargument (#14614)
BUG FIXES
- data-source/aws_launch_template: Prevent type error with
network_interfacesdelete_on_terminationattribute (#14599) - resource/aws_acm_certificate_validation: Prevent panic with missing
DomainValidationOptionsResourceRecordattribute in API response [#14590] - resource/aws_ecr_repository: Prevent panic with missing
EncryptionConfigurationattribute in API response (#14584) - resource/aws_wafv2_rule_group: Prevent unnecessary resource recreation with
ruleupdates (#14617) - resource/aws_wafv2_web_acl: Prevent unnecessary resource recreation with
ruleupdates (#14616)
NOTES:
- resource/aws_route53_zone_association: The addition of cross-account zone association support required the use of new
ListHostedZonesByVPCAPI call and adding the VPC Region to the resource ID for new resources. Restrictive IAM permissions for Terraform and cross-region imports may require updates. (#14215)
FEATURES
- New Data Source:
aws_ec2_spot_price(#12504) - New Resource:
aws_route53_vpc_association_authorization(#14215)
ENHANCEMENTS
- data-source/aws_ecr_repository: Allow
registry_idas an argument (#14368) - data-source/aws_ecr_repository: Add
image_scanning_configurationandimage_tag_mutabilityattributes (#14368) - data-source/aws_ecr_repository: Add
encryption_configurationattribute (#14520) - resource/aws_api_gateway_method_settings: Plan-time validation added to
settingsunauthorized_cache_control_header_strategyandlogging_levelarguments (#12651) - resource/aws_ecr_repository: Add
encryption_configurationattribute (#14520) - resource/aws_lb: Add
subnet_mappingconfiguration blockprivate_ipv4_addressargument (#11404) - resource/aws_rds_global_cluster: Add
force_destroyandsource_db_cluster_identifierarguments (#14487) - resource/aws_rds_global_cluster: Add
global_cluster_membersattribute (#14487) - resource/aws_route53_zone_association: Cross-account zone associations can now be created in conjunction with the new
aws_route53_vpc_association_authorizationresource (#14215) - resource/aws_ssm_parameter: Add
data_typeargument (supportaws:ec2:imageparameters) (#13326)
BUG FIXES
- data-source/aws_availability_zones: Prevent unexpected plan output every apply with
group_namesattribute (#14412) - data-source/aws_s3_bucket: Ensure provider
s3_force_path_styleconfiguration is passed through for getting S3 Bucket location with non-AWS implementations (#14481) - resource/aws_api_gateway_method_settings: Allow
settingscache_ttl_in_secondsargument to be set to 0 (#12651) - resource/aws_elastictranscoder_preset: Prevent empty configuration block panics (#14092)
- resource/aws_lambda_event_source_mapping: Allow
maximum_retry_attemptsargument to be set to 0 (#12479) - resource/aws_rds_cluster: Add an
InvalidDBClusterStateFaultretryable error condition for clusters part of a global cluster (#14420) - resource/aws_rds_cluster: Increase retry timeout for deletion to 2 minutes (#14420)
- resource/aws_rds_cluster: Prevent error when both
global_cluster_identifierandreplication_source_identifierare configured on creation (#14490) - resource/aws_s3_bucket: Ensure provider
s3_force_path_styleconfiguration is passed through for getting S3 Bucket location with non-AWS implementations (#14481) - resource/aws_secretsmanager_secret: Allow retries for IAM eventual consistency errors (#14459)
- resource/aws_security_group: Ensure
name_prefixargument with hex digitsathroughfis properly imported (#14475) - resource/aws_spot_fleet_request: Allow
target_capacityargument to be updated to 0 (#12759) - resource/aws_spot_fleet_request: Wait for modify operation completion (default timeout of 10 minutes) (#12759)
- resource/aws_vpc_dhcp_options_association: Properly trigger resource recreation when VPC is deleted outside Terraform (#14367)
NOTES:
- provider: This version is built using Go 1.14.5, including security fixes to the crypto/x509 and net/http packages.
BREAKING CHANGES
- provider: New versions of the provider can only be automatically installed on Terraform 0.12 and later (#14143)
- provider: All "removed" attributes are cut, using them would result in a Terraform Core level error (#14001)
- provider: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) to static, environment, shared credentials, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) (#14077)
- provider: The
AWS_METADATA_TIMEOUTenvironment variable no longer has any effect as we now depend on the default AWS Go SDK EC2 Metadata client timeout of one second with two retries (#14077) - provider: Remove deprecated
kinesis_analyticsandr53custom service endpoint arguments (#14238) - data-source/aws_availability_zones: Remove deprecated
blacklisted_namesandblacklisted_zone_idsarguments (#14134) - data-source/aws_directory_service_directory: Return an error when a single result is not found (#14006)
- data-source/aws_ecr_repository: Return an error when a single result is not found (#10520)
- data-source/aws_efs_file_system: Return an error when a single result is not found (#14005)
- data-source/aws_launch_template: Return an error when a single result is not found (#10521)
- data-source/aws_route53_resolver_rule: Trailing period removed from
domain_nameargument set in data-source (#14220) - data-source/aws_route53_zone: Trailing period removed from
nameargument set in data-source (#14220) - resource/aws_acm_certificate:
certificate_body,certificate_chain, andprivate_keyattributes are no longer stored in the Terraform state with hash values (#9685) - resource/aws_acm_certificate:
domain_validation_optionsattribute changed from list to set (#14199) - resource/aws_acm_certificate: Plan-time validation added to
domain_nameandsubject_alternative_namesarguments to prevent usage of strings with trailing periods (#14220) - resource/aws_api_gateway_method_settings: Remove
Computedproperty fromthrottling_burst_limitandthrottling_rate_limitarguments, enabling drift detection (#14266) - resource/aws_api_gateway_method_settings: Update
throttling_burst_limitandthrottling_rate_limitargument defaults to match API default of-1to keep throttling disabled (#14266) - resource/aws_autoscaling_group:
availability_zonesandvpc_zone_identifierargument conflict now reported at plan-time (#12927) - resource/aws_autoscaling_group: Remove
Computedproperty fromload_balancersandtarget_group_arnsarguments, enabling drift detection (#14064) - resource/aws_cloudfront_distribution:
active_trusted_signersargument renamed totrusted_signersto support accessingitemsin Terraform 0.12 (#14339) - resource/aws_cloudwatch_log_group: Automatically trim
:*suffix fromarnattribute (#14214) - resource/aws_codepipeline: Removes
GITHUB_TOKENenvironment variable (#14175) - resource/aws_cognito_user_pool: Remove deprecated
admin_create_user_configconfiguration blockunused_account_validity_daysargument (#14294) - resource/aws_dx_gateway: Remove automatic
aws_dx_gateway_associationresource import (#14124) - resource/aws_dx_gateway_association: Remove deprecated
vpn_gateway_idargument (#14144) - resource/aws_dx_gateway_association_proposal: Remove deprecated
vpn_gateway_idargument (#14144) - resource/aws_ebs_volume: Return an error when
iopsargument set to a value greater than 0 for volume types other thanio1(#14310) - resource/aws_elastic_transcoder_preset: Remove
videoconfiguration blockmax_frame_rateargument default value (#7141) - resource/aws_emr_cluster: Remove deprecated
instance_groupconfiguration block,core_instance_count,core_instance_type, andmaster_instance_typearguments (#14137) - resource/aws_glue_job: Remove deprecated
allocated_capacityargument (#14296) - resource/aws_iam_access_key: Remove deprecated
ses_smtp_passwordattribute (#14299) - resource/aws_iam_instance_profile: Remove deprecated
rolesargument (#14303) - resource/aws_iam_server_certificate: Remove state hashing from
certificate_body,certificate_chain, andprivate_keyarguments for new or recreated resources (#14187) - resource/aws_instance: Return an error when
ebs_block_deviceiopsorroot_block_deviceiopsargument set to a value greater than0for volume types other thanio1(#14310) - resource/aws_lambda_alias: Resource import no longer converts Lambda Function name to ARN (#12876)
- resource/aws_launch_template:
network_interfacesdelete_on_terminationargument changed frombooltostringtype (#8612) - resource/aws_lb_listener_rule: Remove deprecated
conditionconfiguration blockfieldandvaluesarguments (#14309) - resource/aws_msk_cluster: Update
encryption_infoencryption_in_transitclient_brokerargument default to match API default ofTLS(#14132) - resource/aws_rds_cluster: Update
scaling_configurationmin_capacityargument default to match API default of1(#14268) - resource/aws_route53_resolver_rule: Trailing period removed from
domain_nameargument set in resource (#14220) - resource/aws_route53_zone: Trailing period removed from
nameargument set in resource (#14220) - resource/aws_s3_bucket: Remove automatic
aws_s3_bucket_policyresource import (#14121) - resource/aws_s3_bucket: Convert
regionto read-only attribute (#14127) - resource/aws_s3_bucket_metric: Update
filterargument to require at least one of theprefixortagsnested arguments (#14230) - resource/aws_security_group: Remove automatic
aws_security_group_ruleresource import (#12616) - resource/aws_ses_domain_identity: Plan-time validation added to
domainargument to prevent usage of strings with trailing periods (#14220) - resource/aws_ses_domain_identity_verification: Plan-time validation added to
domainargument to prevent usage of strings with trailing periods (#14220) - resource/aws_sns_platform_application:
platform_credentialandplatform_principalattributes are no longer stored in the Terraform state with hash values (#3894) - resource/aws_spot_fleet_request: Remove 24 hour default for
valid_untilargument (#9718) - resource/aws_ssm_maintenance_window_task: Remove deprecated
logging_infoandtask_parametersconfiguration blocks (#14311)
FEATURES
- New Data Source: aws_workspaces_directory (#13529)
ENHANCEMENTS
- provider: Always enable shared configuration file support (no longer require
AWS_SDK_LOAD_CONFIGenvironment variable) (#14077) - provider: Add
assume_roleconfiguration blockduration_seconds,policy_arns,tags, andtransitive_tag_keysarguments (#14077) - data-source/aws_instance: Add
secondary_private_ipsattribute (#14079) - data-source/aws_s3_bucket: Replace
GetBucketLocationAPI call with custom HTTP call for FIPS endpoint support (#14221) - resource/aws_acm_certificate: Enable
domain_validation_optionsusage in downstream resourcecountandfor_eachreferences (#14199) - resource/aws_api_gateway_authorizer: Add plan-time validation to
authorizer_credentialsargument (#12643) - resource/aws_api_gateway_method_settings: Add import support (#14266)
- resource/aws_apigatewayv2_integration: Add
request_parametersattribute (#14080) - resource/aws_apigatewayv2_integration: Add
tls_configattribute (#13013) - resource/aws_apigatewayv2_route: Support for updating route key (#13833)
- resource/aws_apigatewayv2_stage: Make
deployment_idaComputedattribute (#13644) - resource/aws_fsx_lustre_file_system: Add
deployment_typeandper_unit_storage_throughputattributes (#13639) - resource_aws_fsx_windows_file_system - add
storage_typeargument. (#14316) - resource_aws_fsx_windows_file_system: add support for multi-az (#12676)
- resource_aws_fsx_windows_file_system: add
SINGLE_AZ_2deployment type (#12676) - resource_aws_fsx_windows_file_system: adds
preferred_file_server_ip,remote_administration_endpointattributes (#12676) - resource/aws_instance: Add
secondary_private_ipsargument (conflicts withnetwork_interfaceconfiguration block) (#14079)
BUG FIXES
- provider: Ensure nil is not passed to RetryError helpers, may result in some bug fixes (#14104)
- provider: Ensure configured STS endpoint is used during
AssumeRoleAPI calls (#14077) - provider: Prefer AWS shared configuration over EC2 metadata credentials by default (#14077)
- provider: Prefer CodeBuild, ECS, EKS credentials over EC2 metadata credentials by default (#14077)
- data-source/aws_lb:
enable_http2now properly set (#14167) - resource/aws_acm_certificate: Prevent unexpected ordering differences with
domain_validation_optionsattribute (#14199) - resource/aws_api_gateway_authorizer: Allow
authorizer_result_ttl_in_secondsto be set to 0 (#12643) - resource/aws_apigatewayv2_integration: Correctly handle the
integration_methodattribute for AWS Lambda integrations(#13266) - resource/aws_apigatewayv2_integration: Correctly handle the
passthrough_behaviorattribute for HTTP APIs (#13062) - resource/aws_apigatewayv2_stage: Correctly handle
default_route_settingandroute_settingdata_trace_enabledandlogging_levelfor HTTP APIs.logging_levelis nowComputed, meaning Terraform will only perform drift detection of its value when present in a configuration. (#13809) - resource/aws_appautoscaling_target: Only retry
DeregisterScalableTargetretries on all errors on deletion (#14259) - resource/aws_dx_gateway_association: Increase default create/update/delete timeouts to 30 minutes (#14144)
- resource/aws_codepipeline: Only retry
CreatePipelineerrors for IAM eventual consistency errors (#14264) - resource/aws_elasticsearch_domain: Update method to properly set
advanced_security_options(#14167) - resource/aws_lambda_function: Increase IAM retry timeout for creation to standard 2 minute timeout (#14291)
- resource/aws_lb_cookie_stickiness_policy:
lb_portnow properly set (#14167) - resource/aws_network_acl_rule: Immediately return
DescribeNetworkAclserrors on creation (#14261) - resource/aws_s3_bucket: Replace
GetBucketLocationAPI call with custom HTTP call for FIPS endpoint support (#14221) - resource/aws_sns_topic_subscription: Immediately return
ListSubscriptionsByTopicerrors (#14262) - resource/aws_spot_fleet_request: Only retry
RequestSpotFleeton IAM eventual consistency errors and use standard 2 minute timeout (#14265) - resource/aws_spot_instance_request:
primary_network_interface_idnow properly set (#14167) - resource/aws_ssm_activation: Only retry
CreateActivationon IAM eventual consistency errors and use standard 2 minute timeout (#14263) - resource/aws_ssm_association:
parametersnow properly set (#14167)
For information on prior major releases, see their changelogs: