v6.19.0

6.19.0 (October 30, 2025)

FEATURES:

• New Data Source: aws_ecrpublic_images (#44795)
• New Resource: aws_lakeformation_identity_center_configuration (#44867)

ENHANCEMENTS:

• action/aws_lambda_invoke: Output logs in a progress message when log_type is Tail (#44843)
• data-source/aws_imagebuilder_image_recipe: Add ami_tags attribute (#44731)
• data-source/aws_lb_listener_rule: Add regex_values attribute to condition.host_header, condition.http_header and condition.path_pattern blocks (#44741)
• data-source/aws_lb_listener_rule: Add transform attribute (#44702)
• resource/aws_bedrockagentcore_gateway: Add validator to ensure correct authorizer_configuration and authorizer_type config (#44826)
• resource/aws_emrserverless_application: Add monitoring_configuration argument (#43317)
• resource/aws_emrserverless_application: Add runtime_configuration argument (#43302)
• resource/aws_identitystore_group: Adds arn attribute. (#44867)
• resource/aws_imagebuilder_image_recipe: Add ami_tags argument (#44731)
• resource/aws_lb_listener_rule: Add regex_values argument to condition.host_header, condition.http_header and condition.path_pattern blocks (#44741)
• resource/aws_lb_listener_rule: Add transform configuration block (#44702)
• resource/aws_lb_listener_rule: The values argument in condition.host_header, condition.http_header and condition.path_pattern is now optional (#44741)
• resource/aws_quicksight_data_set: Increase upper limit of physical_table_map.relational_table.name from 64 to 256 characters (#44807)
• resource/aws_sagemaker_notebook_instance: Add notebook-al2023-v1 to valid platform_identifier values (#44570)
• resource/aws_sqs_queue: Remove account_id and region from Resource Identity schema (#44846)
• resource/aws_sqs_queue_policy: Remove account_id and region from Resource Identity schema (#44846)
• resource/aws_sqs_queue_redrive_allow_policy: Remove account_id and region from Resource Identity schema (#44846)
• resource/aws_sqs_queue_redrive_policy: Remove account_id and region from Resource Identity schema (#44846)

BUG FIXES:

• data-source/aws_lakeformation_permissions: Allows IAM Identity Center Groups as principal. (#44867)
• provider: Fix crash when setting override region during provider initialization (#44860)
• resource/aws_bedrockagentcore_gateway: Change authorizer_configuration block from Required to Optional (#44812)
• resource/aws_bedrockagentcore_gateway: Mark authorizer_type argument as ForceNew (#44812)
• resource/aws_lakeformation_permissions: Allows IAM Identity Center Groups as principal. (#44867)

v6.18.0

6.18.0 (October 23, 2025)

NOTES:

• data-source/aws_organizations_organization: The accounts.status and non_master_accounts.status attributes are deprecated. Use the accounts.state and non_master_accounts.state attributes instead. (#44327)
• data-source/aws_organizations_organizational_unit_child_accounts: The accounts.status attribute is deprecated. Use accounts.state instead. (#44327)
• data-source/aws_organizations_organizational_unit_descendant_accounts: The accounts.status attribute is deprecated. Use accounts.state instead. (#44327)
• resource/aws_organizations_account: The status attribute is deprecated. Use state instead. (#44327)
• resource/aws_organizations_organization: The accounts.status and non_master_accounts.status attributes are deprecated. Use the accounts.state and non_master_accounts.state attributes instead. (#44327)

FEATURES:

• New Resource: aws_bedrockagentcore_memory (#44306)
• New Resource: aws_bedrockagentcore_memory_strategy (#44306)
• New Resource: aws_bedrockagentcore_oauth2_credential_provider (#44307)
• New Resource: aws_bedrockagentcore_token_vault_cmk (#44606)
• New Resource: aws_bedrockagentcore_workload_identity (#44308)

ENHANCEMENTS:

• data-source/aws_iam_policy: Adds validation for path_prefix attribute (#44703)
• data-source/aws_organizations_organization: Add state, joined_method, and joined_timestamp attributes to the accounts and non_master_accounts blocks (#44327)
• data-source/aws_organizations_organizational_unit_child_accounts: Add state, joined_method, and joined_timestamp attributes to the accounts block (#44327)
• data-source/aws_organizations_organizational_unit_descendant_accounts: Add state, joined_method, and joined_timestamp attributes to the accounts block (#44327)
• resource/aws_appstream_directory_config: Add certificate_based_auth_properties argument (#44679)
• resource/aws_iam_policy: Adds List support (#44703)
• resource/aws_iam_policy: Adds validation for path attribute (#44703)
• resource/aws_iam_role_policy_attachment: Adds List support (#44739)
• resource/aws_odb_network: Add delete_associated_resources attribute to enable practitioner to delete associated oci resource. (#44754)
• resource/aws_organizations_account: Add state attribute (#44327)
• resource/aws_organizations_organization: Add state, joined_method, and joined_timestamp attributes to the accounts and non_master_accounts blocks (#44327)

BUG FIXES:

• data-source/aws_vpn_connection: Properly set tags attribute (#44761)
• resource/aws_rds_cluster: Fix "When modifying Provisioned IOPS storage, specify a value for both allocated storage and iops" error when updating RDS clusters with Provisioned IOPS storage (#44706)
• resource/guardduty_detector_feature: Fix additional_configuration block to ignore ordering (#44627)

v6.17.0

6.17.0 (October 16, 2025)

NOTES:

• resource/aws_quicksight_account_subscription: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#44638)

FEATURES:

• New Data Source: aws_rds_global_cluster (#37286)
• New Data Source: aws_vpn_connection (#44622)
• New Resource: aws_bedrockagentcore_agent_runtime (#44301)
• New Resource: aws_bedrockagentcore_agent_runtime_endpoint (#44301)
• New Resource: aws_bedrockagentcore_api_key_credential_provider (#44302)
• New Resource: aws_bedrockagentcore_browser (#44303)
• New Resource: aws_bedrockagentcore_code_interpreter (#44304)
• New Resource: aws_bedrockagentcore_gateway (#44305)
• New Resource: aws_bedrockagentcore_gateway_target (#44305)

ENHANCEMENTS:

• resource/aws_imagebuilder_container_recipe: Update EBS throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#44604)
• resource/aws_imagebuilder_image_recipe: Update EBS throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#44604)
• resource/aws_launch_template: Update EBS throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#44604)
• resource/aws_quicksight_account_subscription: Add admin_pro_group, author_pro_group, and reader_pro_group arguments (#44638)
• resource/aws_subnet: Adds List support (#44671)
• resource/aws_vpc: Adds List support (#44609)

BUG FIXES:

• resource/aws_ec2_transit_gateway_route_table_propagation.test: Fix bug causing inconsistent final plan errors (#44542)
• resource/aws_lambda_function: Reset non-API attributes (source_code_hash, s3_bucket, s3_key, s3_object_version and filename) to their previous values when an update operation fails (#42829)

v6.16.0

6.16.0 (October 9, 2025)

FEATURES:

• New Action: aws_transcribe_start_transcription_job (#44445)
• New Data Source: aws_odb_cloud_autonomous_vm_clusters (#44336)
• New Data Source: aws_odb_cloud_exadata_infrastructures (#44336)
• New Data Source: aws_odb_cloud_vm_clusters (#44336)
• New Data Source: aws_odb_network_peering_connections (#44336)
• New Data Source: aws_odb_networks (#44336)
• New Resource: aws_prometheus_resource_policy (#44256)
• New Resource: aws_transfer_host_key (#44559)
• New Resource: aws_transfer_web_app (#42708)
• New Resource: aws_transfer_web_app_customization (#42708)

ENHANCEMENTS:

• resource/aws_codebuild_project: Add auto_retry_limit argument (#40035)
• resource/aws_emrserverless_application: Add scheduler_configuration block (#44589)
• resource/aws_lambda_event_source_mapping: Add schema_registry_config configuration blocks to amazon_managed_kafka_event_source_config and self_managed_kafka_event_source_config blocks (#44540)
• resource/aws_ssmcontacts_contact: Add resource identity support (#44548)
• resource/aws_vpclattice_resource_gateway: Add ipv4_addresses_per_eni argument (#44560)

BUG FIXES:

• provider: Correctly validate AWS European Sovereign Cloud Regions in ARNs (#44573)
• provider: Fix Missing Resource Identity After Update errors for non-refreshed and failed updates of Plugin Framework based resources (#44518)
• provider: Fix Unexpected Identity Change errors when fully-null identity values in state are updated to valid values for Plugin Framework based resources (#44518)
• resource/aws_datazone_environment: Correctly updates glossary_terms. (#44491)
• resource/aws_datazone_environment: Prevents unknown value error when optional account_identifier is not specified. (#44491)
• resource/aws_datazone_environment: Prevents unknown value error when optional account_region is not specified. (#44491)
• resource/aws_datazone_environment: Prevents error when updating. (#44491)
• resource/aws_datazone_environment: Prevents occasional unexpected state error when deleting. (#44491)
• resource/aws_datazone_environment: Properly passes blueprint_identifier on creation. (#44491)
• resource/aws_datazone_environment: Sets values for user_parameters when importing. (#44491)
• resource/aws_datazone_environment: Values in user_parameters should not be updateable. (#44491)
• resource/aws_datazone_project: No longer ignores errors when deleting. (#44491)
• resource/aws_datazone_project: No longer returns error when already deleting. (#44491)
• resource/aws_dynamodb_table: Do not retry on LimitExceededException (#44576)
• resource/aws_ivschat_room: Set maximum_message_rate_per_second validation maximum to 100 (#44572)
• resource/aws_launch_template: kms_key_id validation now accepts key ID, alias, and alias ARN in addition to key ARN (#44505)
• resource/aws_servicecatalog_portfolio_share: Add global mutex lock around create and delete operations to prevent ThrottlingException errors (#24730)

v6.15.0

6.15.0 (October 2, 2025)

BREAKING CHANGES:

• resource/aws_ecs_service: Fix behavior when updating capacity_provider_strategy to avoid ECS service recreation after recent AWS changes (#43533)

FEATURES:

• New Action: aws_codebuild_start_build (#44444)
• New Action: aws_events_put_events (#44487)
• New Action: aws_sfn_start_execution (#44464)
• New Data Source: aws_appconfig_application (#44168)
• New Data Source: aws_odb_db_node (#43792)
• New Data Source: aws_odb_db_nodes (#43792)
• New Data Source: aws_odb_db_server (#43792)
• New Data Source: aws_odb_db_servers (#43792)
• New Data Source: aws_odb_db_system_shapes (#43825)
• New Data Source: aws_odb_gi_versions (#43825)
• New Resource: aws_lakeformation_lf_tag_expression (#43883)

ENHANCEMENTS:

• data-source/aws_dms_endpoint: Add mysql_settings attribute (#44516)
• data-source/aws_ec2_instance_type_offering: Add location attribute (#44328)
• data-source/aws_rds_proxy: Add default_auth_scheme attribute (#44309)
• resource/aws_cleanrooms_configured_table: Add resource identity support (#44435)
• resource/aws_cloudfront_distribution: Add ip_address_type argument to origin.custom_origin_config block (#44463)
• resource/aws_connect_instance: Add resource identity support (#44346)
• resource/aws_connect_phone_number: Add resource identity support (#44365)
• resource/aws_dms_endpoint: Add mysql_settings configuration block (#44516)
• resource/aws_dsql_cluster: Adds attribute force_destroy. (#44406)
• resource/aws_ebs_volume: Update throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#44514)
• resource/aws_ecs_capacity_provider: Add cluster and managed_instances_provider arguments (#44509)
• resource/aws_ecs_capacity_provider: Make auto_scaling_group_provider optional (#44509)
• resource/aws_iam_service_specific_credential: Add support for Bedrock API keys with credential_age_days, service_credential_alias, service_credential_secret, create_date, and expiration_date attributes (#44299)
• resource/aws_networkfirewall_logging_configuration: Add enable_monitoring_dashboard argument (#44515)
• resource/aws_opensearch_domain: Add aiml_options argument (#44417)
• resource/aws_pinpointsmsvoicev2_phone_number: Update two_way_channel_arn argument to accept connect.[region].amazonaws.com in addition to ARNs (#44372)
• resource/aws_rds_proxy: Add default_auth_scheme argument (#44309)
• resource/aws_rds_proxy: Make auth configuration block optional (#44309)
• resource/aws_route53recoverycontrolconfig_cluster: Add network_type argument (#44377)
• resource/aws_route53recoverycontrolconfig_cluster: Add tagging support (#44473)
• resource/aws_route53recoverycontrolconfig_control_panel: Add tagging support (#44473)
• resource/aws_route53recoverycontrolconfig_safety_rule: Add tagging support (#44473)
• resource/aws_s3control_bucket: Add resource identity support (#44379)
• resource/aws_sfn_activity: Add arn argument (#44408)
• resource/aws_sfn_activity: Add resource identity support (#44408)
• resource/aws_sfn_alias: Add resource identity support (#44408)
• resource/aws_ssmcontacts_contact_channel: Add resource identity support (#44369)

BUG FIXES:

• data-source/aws_lb: Fix Invalid address to set: []string{"secondary_ips_auto_assigned_per_subnet"} errors (#44485)
• data-source/aws_networkfirewall_firewall_policy: Fix failure to retrieve multiple firewall_policy.stateful_rule_group_reference attributes (#44482)
• data-source/aws_servicequotas_service_quota: Fixed a panic that occurred when a non-existing quota_name was provided (#44449)
• resource/aws_bedrock_provisioned_model_throughput: Fix AttributeName("arn") still remains in the path: could not find attribute or block "arn" in schema errors when upgrading from a pre-v6.0.0 provider version (#44434)
• resource/aws_chatbot_slack_channel_configuration: Force resource replacement when configuration_name is modified (#43996)
• resource/aws_cloudwatch_event_rule: Do not retry on LimitExceededException (#44489)
• resource/aws_cloudwatch_log_resource_policy: Do not retry on LimitExceededException (#44522)
• resource/aws_default_vpc: Correctly set ipv6_cidr_block when the VPC has multiple associated IPv6 CIDRs (#44362)
• resource/aws_dms_endpoint: Ensure that postgres_settings are updated (#44389)
• resource/aws_dsql_cluster: Prevents error when optional attribute deletion_protection_enabled not set. (#44406)
• resource/aws_eks_cluster: Change compute_config, kubernetes_network_config.elastic_load_balancing, and storage_config. to Optional and Computed, allowing EKS Auto Mode settings to be enabled, disabled, and removed from configuration (#44334)
• resource/aws_elastic_beanstalk_configuration_template: Fix inconsistent final plan error in some cases with setting elements. (#44461)
• resource/aws_elastic_beanstalk_environment: Fix inconsistent final plan error in some cases with setting elements. (#44461)
• resource/aws_elasticache_cluster: Fix provider produced unexpected value for cache_usage_limits argument. (#43841)
• resource/aws_fsx_lustre_file_system: Fixed to update metadata_configuration first to allow simultaneous increase of metadata_configuration.iops and storage_capacity (#44456)
• resource/aws_instance: Fix interface conversion: interface {} is nil, not map[string]interface {} panics when capacity_reservation_target is empty (#44459)
• resource/aws_kinesisanalyticsv2_application: Ensure that configured application_configuration.run_configuration values are respected during update (#43490)
• resource/aws_odb_cloud_autonomous_vm_cluster : Fixed planmodifier for computed attribute. (#44401)
• resource/aws_odb_cloud_vm_cluster : Fixed planmodifier for computed attribute. Fixed planmodifier from display_name attribute. (#44401)
• resource/aws_odb_cloud_vm_cluster : Fixed planmodifier for data_storage_size_in_tbs. Marked it mandatory. Fixed gi-version issue during creati...

v6.14.1

6.14.1 (September 22, 2025)

NOTES:

• provider: This release contains both internal provider fixes and a Terraform Plugin SDK V2 update related to a regression which may impact resources that support resource identity (#44375)

BUG FIXES:

• provider: Fix Missing Resource Identity After Update errors for non-refreshed and failed updates (#44375)
• provider: Fix Unexpected Identity Change errors when fully-null identity values in state are updated to valid values (#44375)

v6.14.0

6.14.0 (September 18, 2025)

FEATURES:

• New Data Source: aws_billing_views (#44272)
• New Data Source: aws_odb_cloud_autonomous_vm_cluster (#43809)
• New Data Source: aws_odb_cloud_exadata_infrastructure (#43650)
• New Data Source: aws_odb_cloud_vm_cluster (#43790)
• New Data Source: aws_odb_network (#43715)
• New Data Source: aws_odb_network_peering_connection (#43757)
• New Resource: aws_controltower_baseline (#42397)
• New Resource: aws_odb_cloud_autonomous_vm_cluster (#43809)
• New Resource: aws_odb_cloud_exadata_infrastructure (#43650)
• New Resource: aws_odb_cloud_vm_cluster (#43790)
• New Resource: aws_odb_network (#43715)
• New Resource: aws_odb_network_peering_connection (#43757)

ENHANCEMENTS:

• resource/aws_batch_job_queue: Adds List support (#43960)
• resource/aws_cloudwatch_log_group: Adds List support (#44129)
• resource/aws_ecs_service: Add deployment_configuration.lifecycle_hook.hook_details argument (#44289)
• resource/aws_iam_role: Adds List support (#44129)
• resource/aws_instance: Adds List support (#44129)
• resource/aws_rds_global_cluster: Remove provider-side conflict between source_db_cluster_identifier and engine arguments (#44252)
• resource/aws_scheduler_schedule: Add action_after_completion argument (#44264)
• resource/aws_sfn_state_machine: Add resource identity support (#44286)

BUG FIXES:

• resource/aws_elasticache_user_group: Ignore InvalidParameterValue: User xxx is not a member of user group xxx errors during group modification (#43520)
• resource/aws_sagemaker_endpoint_configuration: Fix panic when empty async_inference_config.output_config.notification_config block is specified (#44310)

v6.13.0

6.13.0 (September 11, 2025)

ENHANCEMENTS:

• data-source/aws_budgets_budget: Add billing_view_arn attribute (#44241)
• data-source/aws_dynamodb_table: Add warm_throughput and global_secondary_index.warm_throughput attributes (#41308)
• data-source/aws_elastic_beanstalk_hosted_zone: Add hosted zone IDs for ap-southeast-5, ap-southeast-7, eu-south-2, and me-central-1 AWS Regions (#44132)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-southeast-6 AWS Region (#44132)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-southeast-6 AWS Region (#44132)
• data-source/aws_s3_bucket: Add hosted zone ID for ap-southeast-6 AWS Region (#44132)
• resource/aws_appautoscaling_policy: Add predictive_scaling_policy_configuration argument (#44211)
• resource/aws_appautoscaling_policy: Add plan-time validation of policy_type (#44211)
• resource/aws_appautoscaling_policy: Add plan-time validation of step_scaling_policy_configuration.adjustment_type and step_scaling_policy_configuration.metric_aggregation_type (#44211)
• resource/aws_bedrock_guardrail: Add input_action, output_action, input_enabled, and output_enabled arguments to word_policy_config.managed_word_lists_config and word_policy_config.words_config configuration blocks (#44224)
• resource/aws_budgets_budget: Add billing_view_arn argument (#44241)
• resource/aws_cloudfront_distribution: Add origin.response_completion_timeout argument (#44163)
• resource/aws_codebuild_webhook: Add pull_request_build_policy configuration block (#44201)
• resource/aws_dynamodb_table: Add warm_throughput and global_secondary_index.warm_throughput arguments (#41308)
• resource/aws_ecs_account_setting_default: Support dualStackIPv6 as a valid value for name (#44165)
• resource/aws_glue_catalog_table_optimizer: Add iceberg_configuration.run_rate_in_hours argument to retention_configuration and orphan_file_deletion_configuration blocks (#44207)
• resource/aws_networkfirewall_rule_group: Add IPv6 CIDR block support to address_definition arguments in source and destination blocks within rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rule.rule_definition.match_attributes (#44215)
• resource/aws_networkmanager_vpc_attachment: Add options.dns_support and options.security_group_referencing_support arguments (#43742)
• resource/aws_networkmanager_vpc_attachment: Change options to Optional and Computed (#43742)
• resource/aws_opensearch_package: Add engine_version argument (#44155)
• resource/aws_opensearch_package: Add waiter to ensure package validation completes (#44155)
• resource/aws_synthetics_canary: Add schedule.retry_config configuration block (#44244)
• resource/aws_vpc_endpoint: Add resource identity support (#44194)
• resource/aws_vpc_security_group_egress_rule: Add resource identity support (#44198)
• resource/aws_vpc_security_group_ingress_rule: Add resource identity support (#44198)

BUG FIXES:

• resource/aws_appautoscaling_policy: Fix interface conversion: interface {} is nil, not map[string]interface {} panics when step_scaling_policy_configuration is empty (#44211)
• resource/aws_cognito_managed_login_branding: Fix reading Cognito Managed Login Branding by client ... couldn't find resource errors when a user pool contains multiple client apps (#44204)
• resource/aws_eks_cluster: Supports null compute_config.node_role_arn when disabling auto mode or built-in node pools (#42483)
• resource/aws_flow_log: Fix Error decoding ... from prior state: unsupported attribute "log_group_name" errors when upgrading from a pre-v6.0.0 provider version (#44191)
• resource/aws_launch_template: Fix Error decoding ... from prior state: unsupported attribute "elastic_gpu_specifications" errors when upgrading from a pre-v6.0.0 provider version (#44195)
• resource/aws_rds_cluster_role_association: Make feature_name optional (#44143)
• resource/aws_s3_bucket_lifecycle_configuration: Ignore MethodNotAllowed errors when deleting non-existent lifecycle configurations (#44189)
• resource/aws_secretsmanager_secret: Return diagnostic warning when remote policy is invalid (#44228)
• resource/aws_servicecatalog_provisioned_product: Restore timeouts.read arguments removed in v6.12.0 (#44238)

v6.12.0

6.12.0 (September 4, 2025)

NOTES:

• resource/aws_s3_bucket_acl: The access_control_policy.grant.grantee.display_name attribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)
• resource/aws_s3_bucket_acl: The access_control_policy.owner.display_name attribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)
• resource/aws_s3_bucket_logging: The target_grant.grantee.display_name attribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)

FEATURES:

• New Resource: aws_cognito_managed_login_branding (#43817)

ENHANCEMENTS:

• data-source/aws_efs_mount_target: Add ip_address_type and ipv6_address attributes (#44079)
• data-source/aws_instance: Add placement_group_id attribute (#38527)
• data-source/aws_lambda_function: Add source_kms_key_arn attribute (#44080)
• data-source/aws_launch_template: Add placement.group_id attribute (#44097)
• provider: Support ap-southeast-6 as a valid AWS Region (#44127)
• resource/aws_ecs_service: Remove Terraform default for availability_zone_rebalancing and change the attribute to Optional and Computed. This allow ECS to default to ENABLED for new resources compatible with AvailabilityZoneRebalancing and maintain an existing service's availability_zone_rebalancing value during update when not configured. If an existing service never had an availability_zone_rebalancing value configured and is updated, ECS will treat this as DISABLED (#43241)
• resource/aws_efs_mount_target: Add ip_address_type and ipv6_address arguments to support IPv6 connectivity (#44079)
• resource/aws_fsx_openzfs_file_system: Remove maximum items limit on the user_and_group_quotas argument (#44120)
• resource/aws_fsx_openzfs_volume: Remove maximum items limit on the user_and_group_quotas argument (#44118)
• resource/aws_instance: Add placement_group_id argument (#38527)
• resource/aws_instance: Add resource identity support (#44068)
• resource/aws_lambda_function: Add source_kms_key_arn argument (#44080)
• resource/aws_launch_template: Add placement.group_id argument (#44097)
• resource/aws_ssm_association: Add resource identity support (#44075)
• resource/aws_ssm_document: Add resource identity support (#44075)
• resource/aws_ssm_maintenance_window: Add resource identity support (#44075)
• resource/aws_ssm_maintenance_window_target: Add resource identity support (#44075)
• resource/aws_ssm_maintenance_window_task: Add resource identity support (#44075)
• resource/aws_ssm_patch_baseline: Add resource identity support (#44075)
• resource/aws_synthetics_canary: Add run_config.ephemeral_storage argument. (#44105)

BUG FIXES:

• resource/aws_s3tables_table_policy: Remove plan-time validation of name and namespace (#44072)
• resource/aws_servicecatalog_provisioned_product: Set provisioning_parameters and provisioning_artifact_id to the values from the last successful deployment when update fails (#43956)
• resource/aws_wafv2_web_acl: Fix performance of update when the WebACL has a large number of rules (#42740)

v6.11.0

6.11.0 (August 28, 2025)

FEATURES:

• New Resource: aws_timestreaminfluxdb_db_cluster (#42382)
• New Resource: aws_workspacesweb_browser_settings_association (#43735)
• New Resource: aws_workspacesweb_data_protection_settings_association (#43773)
• New Resource: aws_workspacesweb_identity_provider (#43729)
• New Resource: aws_workspacesweb_ip_access_settings_association (#43774)
• New Resource: aws_workspacesweb_network_settings_association (#43775)
• New Resource: aws_workspacesweb_portal (#43444)
• New Resource: aws_workspacesweb_session_logger (#43863)
• New Resource: aws_workspacesweb_session_logger_association (#43866)
• New Resource: aws_workspacesweb_trust_store (#43408)
• New Resource: aws_workspacesweb_trust_store_association (#43778)
• New Resource: aws_workspacesweb_user_access_logging_settings_association (#43776)
• New Resource: aws_workspacesweb_user_settings_association (#43777)

ENHANCEMENTS:

• data-source/aws_ec2_client_vpn_endpoint: Add endpoint_ip_address_type and traffic_ip_address_type attributes (#44059)
• data-source/aws_network_interface: Add attachment.network_card_index attribute (#42188)
• data-source/aws_sesv2_email_identity: Add verification_status attribute (#44045)
• data-source/aws_signer_signing_profile: Add signing_material and signing_parameters attributes (#43921)
• data-source/aws_vpc_ipam: Add metered_account attribute (#43967)
• resource/aws_datazone_domain: Add domain_version and service_role arguments to support V2 domains (#44042)
• resource/aws_dlm_lifecycle_policy: Add copy_tags, create_interval, exclusions, extend_deletion, policy_language, resource_type and retain_interval attributes to policy_details configuration block (#41055)
• resource/aws_dlm_lifecycle_policy: Add default_policy argument (#41055)
• resource/aws_dlm_lifecycle_policy: Add policy_details.create_rule.scripts argument (#41055)
• resource/aws_dlm_lifecycle_policy: Add policy_details.schedule.cross_region_copy_rule.target_region argument (#33796)
• resource/aws_dlm_lifecycle_policy: Make policy_details.schedule.cross_region_copy_rule.target optional (#33796)
• resource/aws_dlm_lifecycle_policy:Add policy_details.schedule.archive_rule argument (#41055)
• resource/aws_dynamodb_contributor_insights: Add mode argument in support of CloudWatch contributor insights modes (#43914)
• resource/aws_ec2_client_vpn_endpoint: Add endpoint_ip_address_type and traffic_ip_address_type arguments to support IPv6 connectivity in Client VPN (#44059)
• resource/aws_ec2_client_vpn_endpoint: Make client_cidr_block optional (#44059)
• resource/aws_ecr_lifecycle_policy: Add resource identity support (#44041)
• resource/aws_ecr_repository: Add resource identity support (#44041)
• resource/aws_ecr_repository_policy: Add resource identity support (#44041)
• resource/aws_ecs_service: Add sigint_rollback argument (#43986)
• resource/aws_ecs_service: Change deployment_configuration to Optional and Computed (#43986)
• resource/aws_eks_cluster: Allow remote_network_config to be updated in-place, enabling support for EKS hybrid nodes on existing clusters (#42928)
• resource/aws_elasticache_global_replication_group: Change engine to Optional and Computed (#42636)
• resource/aws_inspector2_filter: Support code_repository_project_name, code_repository_provider_type, ecr_image_in_use_count, and ecr_image_last_in_use_at in filter_criteria (#43950)
• resource/aws_iot_thing_principal_attachment: Add thing_principal_type argument (#43916)
• resource/aws_kms_alias: Add resource identity support (#44025)
• resource/aws_kms_external_key: Add key_spec argument (#44011)
• resource/aws_kms_external_key: Change key_usage to Optional and Computed (#44011)
• resource/aws_kms_key: Add resource identity support (#44025)
• resource/aws_lb: Add secondary_ips_auto_assigned_per_subnet argument for Network Load Balancers (#43699)
• resource/aws_mwaa_environment: Add worker_replacement_strategy argument (#43946)
• resource/aws_network_interface: Add attachment.network_card_index argument (#42188)
• resource/aws_network_interface_attachment: Add network_card_index argument (#42188)
• resource/aws_route53_resolver_rule: Add resource identity support (#44048)
• resource/aws_route53_resolver_rule_association: Add resource identity support (#44048)
• resource/aws_route: Add resource identity support (#43910)
• resource/aws_route_table: Add resource identity support (#43990)
• resource/aws_s3_bucket_acl: Add resource identity support (#44043)
• resource/aws_s3_bucket_cors_configuration: Add resource identity support (#43976)
• resource/aws_s3_bucket_logging: Add resource identity support (#43976)
• resource/aws_s3_bucket_notification: Add resource identity support (#43976)
• resource/aws_s3_bucket_ownership_controls: Add resource identity support (#43976)
• resource/aws_s3_bucket_policy: Add resource identity support (#43976)
• resource/aws_s3_bucket_public_access_block: Add resource identity support (#43976)
• resource/aws_s3_bucket_server_side_encryption_configuration: Add resource identity support (#43976)
• resource/aws_s3_bucket_versioning: Add resource identity support (#43976)
• resource/aws_s3_bucket_website_configuration: Add resource identity support (#43976)
• resource/aws_s3tables_table_bucket: Add force_destroy argument (#43922)
• resource/aws_secretsmanager_secret_version: Add resource identity support (#44031)
• resource/aws_sesv2_email_identity: Add verification_status attribute (#44045)
• resource/aws_s...