Skip to content

chore(deps): update terraform aws to v6 #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update terraform aws to v6 #6

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 22, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
aws (source) required_provider major 3.62.0 -> 6.3.0

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.3.0

Compare Source

FEATURES:

  • New Resource: aws_prometheus_query_logging_configuration (#​43222)

ENHANCEMENTS:

  • data-source/aws_cloudfront_distribution: Add anycast_ip_list_id attribute (#​43196)
  • data-source/aws_networkmanager_core_network_policy_document: Add core_network_configuration.dns_support and core_network_configuration.security_group_referencing_support arguments (#​43277)
  • resource/aws_cloudfront_distribution: Add anycast_ip_list_id argument (#​43196)
  • resource/aws_dynamodb_table: Add replica.consistency_mode argument in support of multi-Region strong consistency for Amazon DynamoDB global tables (#​43236)

BUG FIXES:

  • provider: Fix runtime error: invalid memory address or nil pointer dereference panics for numerous resource types when modifying tags (#​43324)
  • resource/aws_bedrockagent_agent_action_group: Add missing prepare agent call when deleting an action group (#​43232)
  • resource/aws_bedrockagent_agent_action_group: Retry operation can't be performed on Agent when it is in Preparing state. errors during agent action group base creation, update, and deletion. (#​43232)
  • resource/aws_bedrockagent_agent_knowledge_base_association: Add missing prepare agent call when deleting a knowledge base association (#​43232)
  • resource/aws_bedrockagent_agent_knowledge_base_association: Retry operation can't be performed on Agent when it is in Preparing state. errors during agent knowledge base creation and disassociation (#​43232)
  • resource/aws_cloudfrontkeyvaluestore_keys_exclusive: Fix errant deletion of key value pairs when a value is changed (#​43208)
  • resource/aws_cognito_user_pool_domain: Correctly update managed_login_version for custom Cognito domains (#​43252)
  • resource/aws_db_instance_role_association: Retry InvalidDBInstanceState errors on delete (#​43303)
  • resource/aws_medialive_channel: Fix interface conversion: interface {} is nil, not map[string]interface {} panics when configuration blocks are empty (#​43308)
  • resource/aws_rds_cluster_role_association: Retry InvalidDBClusterStateFault errors on delete (#​43303)
  • resource/aws_redshift_cluster: Correctly set availability_zone_relocation_enabled (#​43270)
  • resource/aws_route53profiles_resource_association: Change resource_properties to Computed to enable vpc_endpoint associations (#​42562)
  • resource/aws_ssoadmin_application: Updates value of arn when refreshing state. (#​43273)

v6.2.0

Compare Source

ENHANCEMENTS:

  • data-source/aws_kinesis_stream_consumer: Add tags attribute. This functionality requires the kinesis:ListTagsForResource IAM permission (#​43173)
  • data-source/aws_networkfirewall_firewall_policy: Add firewall_policy.stateful_rule_group_reference.deep_threat_inspection attribute (#​43137)
  • resource/aws_accessanalyzer_analyzer: Add configuration.internal_access argument (#​43138)
  • resource/aws_amplify_app: Add job_config argument (#​43136)
  • resource/aws_amplify_branch: Add enable_skew_protection argument (#​43218)
  • resource/aws_cloudtrail: Support errorCode, eventType, sessionCredentialFromConsole, and vpcEndpointId as valid values for advanced_event_selector.field_selector.field (#​43091)
  • resource/aws_cloudtrail_event_data_store: Support errorCode, eventType, sessionCredentialFromConsole, and vpcEndpointId as valid values for advanced_event_selector.field_selector.field (#​43091)
  • resource/aws_cloudwatch_event_archive: Add kms_key_identifier argument (#​43139)
  • resource/aws_cloudwatch_log_group: Support DELIVERY as a valid value for log_group_class (#​42658)
  • resource/aws_codebuild_project: Add environment.docker_server configuration block (#​42982)
  • resource/aws_eks_pod_identity_association: Add disable_session_tags and target_role_arn arguments and external_id attribute (#​42979)
  • resource/aws_emr_cluster: Add os_release_label argument (#​43018)
  • resource/aws_fms_policy: Add resource_tag_logical_operator argument (#​43031)
  • resource/aws_glue_job: Support job_mode argument (#​42607)
  • resource/aws_kinesis_stream_consumer: Add tags argument and tags_all attribute. This functionality requires the kinesis:ListTagsForResource, kinesis:TagResource, and kinesis:UntagResource IAM permissions (#​43173)
  • resource/aws_kms_key: Support HMAC_224, HMAC_384, HMAC_512, ML_DSA_44, ML_DSA_65, and ML_DSA_87 as valid values for customer_master_key_spec (#​43128)
  • resource/aws_lightsail_instance_public_ports: -1 is now a valid value for port_info.from_port and port_info.to_port (#​37703)
  • resource/aws_networkfirewall_firewall_policy: Add firewall_policy.stateful_rule_group_reference.deep_threat_inspection argument (#​43137)
  • resource/aws_rbin_rule: Add exclude_resource_tags argument (#​43189)
  • resource/aws_s3_directory_bucket: Add tags argument and tags_all attribute. This functionality requires the s3express:ListTagsForResource, s3express:TagResource, and s3express:UntagResource IAM permissions (#​43256)
  • resource/aws_s3tables_table: Add metadata argument (#​43112)
  • resource/aws_wafv2_web_acl: Add aws_managed_rules_anti_ddos_rule_set to managed_rule_group_configs configuration block in support of L7 DDoS protection (#​43149)

BUG FIXES:

  • provider: Fix Unexpected Identity Change errors for numerous resource types when refreshing resources created or refreshed by Terraform AWS Provider v6.0.0 (#​43221)
  • resource/aws_appflow_connector_profile: Fixes error refreshing resource state (#​43221)
  • resource/aws_bcmdataexports_export: Fixes error when refreshing state with resources created before v6.0.0 (#​43090)
  • resource/aws_bedrockagent_agent: Retry Exceeded the number of retries on OptLock failure. Too many concurrent requests. errors during update (#​43179)
  • resource/aws_bedrockagent_agent: Retry Prepare operation can't be performed on Agent when it is in Preparing state. errors during prepare (#​43179)
  • resource/aws_bedrockagent_agent: Retry Update operation can't be performed on Agent when it is in Preparing state. errors during update (#​43179)
  • resource/aws_bedrockagent_agent_collaborator: Retry operation can't be performed on Agent when it is in Preparing state. errors during agent collaborator update and disassociation (#​43179)
  • resource/aws_cloudwatch_query_definition: Support ARNs as valid values for log_group_names (#​43183)
  • resource/aws_cur_report_definition: Allow an empty ("") value for s3_prefix. This fixes a regression introduced in v6.0.0 (#​43159)
  • resource/aws_elasticsearch_domain: Disable publishing for log_publishing_options removed on Update. This prevents a perpetual diff (#​43033)
  • resource/aws_elasticsearch_domain: Fix ValidationException: The Resource Access Policy specified for the CloudWatch Logs log group ... does not grant sufficient permissions for Amazon Elasticsearch Service to create a log stream IAM eventual consistency errors on Create (#​43033)
  • resource/aws_lambda_function: Fix perpetual logging_config diffs when log_format is set to JSON and publish = true (#​42660)
  • resource/aws_lexv2models_intent: Add semantic equality check for confirmation_setting.prompt_specification.prompt_attempts_specification defaults (#​43147)
  • resource/aws_opensearch_domain: Disable publishing for log_publishing_options removed on Update. This prevents a perpetual diff (#​43033)
  • resource/aws_opensearch_domain: Fix ValidationException: The Resource Access Policy specified for the CloudWatch Logs log group ... does not grant sufficient permissions for Amazon Elasticsearch Service to create a log stream IAM eventual consistency errors on Create (#​43033)
  • resource/aws_quicksight_analysis: WHOLE is now a valid value for definition.sheets.visuals.pie_chart_visual.chart_configuration.donut_options.arc_options.arc_thickness (#​37116)
  • resource/aws_quicksight_dashboard: WHOLE is now a valid value for definition.sheets.visuals.pie_chart_visual.chart_configuration.donut_options.arc_options.arc_thickness (#​37116)
  • resource/aws_quicksight_template: WHOLE is now a valid value for definition.sheets.visuals.pie_chart_visual.chart_configuration.donut_options.arc_options.arc_thickness (#​37116)
  • resource/aws_quicksight_user: Remove ForceNew from email (#​43014)
  • resource/aws_verifiedpermissions_schema: Fix Value Conversion Error errors when upgrading existing resources to Terraform AWS Provider v6.0.0 (#​43116)

v6.0.0

Compare Source

BREAKING CHANGES:

  • data-source/aws_ami: The severity of the diagnostic returned when most_recent is true and owner and image ID filter criteria has been increased to an error. Existing configurations which were previously receiving a warning diagnostic will now fail to apply. To prevent this error, set the owner argument or include a filter block with an image-id or owner-id name/value pair. To continue using unsafe filter values with most_recent set to true, set the new allow_unsafe_filter argument to true. This is not recommended. (#​42114)
  • data-source/aws_ecs_task_definition: Remove inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • data-source/aws_ecs_task_execution: Remove inference_accelerator_overrides attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • data-source/aws_elbv2_listener_rule: The action.authenticate_cognito, action.authenticate_oidc, action.fixed_response, action.forward, action.forward.stickiness, action.redirect, condition.host_header, condition.http_header, condition.http_request_method, condition.path_pattern, condition.query_string, and condition.source_ip attributes are now list nested blocks instead of single nested blocks (#​42283)
  • data-source/aws_identitystore_user: filter has been removed (#​42325)
  • data-source/aws_launch_template: Remove elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • data-source/aws_launch_template: elastic_gpu_specifications has been removed (#​42312)
  • data-source/aws_opensearch_domain: kibana_endpoint has been removed (#​42268)
  • data-source/aws_opensearchserverless_security_config: saml_options is now a list nested block instead of a single nested block (#​42270)
  • data-source/aws_service_discovery_service: Remove tags_all attribute (#​42136)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_application resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_custom_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ecs_cluster_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ganglia_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_haproxy_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_instance resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_java_app_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_memcached_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_mysql_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_nodejs_app_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_permission resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_php_app_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rails_app_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rds_db_instance resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_stack resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_static_web_layer resource has been removed (#​41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_user_profile resource has been removed (#​41948)
  • provider: As the AWS SDK for Go v2 does not support Amazon SimpleDB the aws_simpledb_domain resource has been removed. Add a constraint to v5 of the Terraform AWS Provider for continued use of this resource (#​41775)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_fleet resource has been removed (#​42059)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_website_certificate_authority_association resource has been removed (#​42059)
  • provider: The aws_redshift_service_account resource has been removed. AWS recommends that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#​41941)
  • provider: The endpoints.iotanalytics and endpoints.iotevents configuration arguments have been removed (#​42703)
  • provider: The endpoints.opsworks configuration argument has been removed (#​41948)
  • provider: The endpoints.simpledb and endpoints.sdb configuration arguments have been removed (#​41775)
  • provider: The endpoints.worklink configuration argument has been removed (#​42059)
  • resource/aws_accessanalyzer_archive_rule: filter.exists now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_alb_target_group: preserve_client_ip now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_api_gateway_account: The reset_on_delete argument has been removed (#​42226)
  • resource/aws_api_gateway_deployment: Remove canary_settings, execution_arn, invoke_url, stage_description, and stage_name arguments. Instead, use the aws_api_gateway_stage resource to manage stages. (#​42249)
  • resource/aws_batch_compute_environment: Rename compute_environment_name to name
    resource/aws_batch_compute_environment: Rename compute_environment_name_prefix to name_prefix (#​38050)
  • resource/aws_batch_compute_environment_data_source: Rename compute_environment_name to name (#​38050)
  • resource/aws_batch_job_queue: Remove deprecated parameter compute_environments in place of compute_environment_order (#​40751)
  • resource/aws_bedrock_model_invocation_logging_configuration: logging_config, logging_config.cloudwatch_config, logging_config.cloudwatch_config.large_data_delivery_s3_config, and logging_config.s3_config are now list nested blocks instead of single nested blocks (#​42307)
  • resource/aws_cloudfront_key_value_store: Attribute id is now set to remote object's Id instead of name (#​42230)
  • resource/aws_cloudfront_response_headers_policy: The etag argument is now computed only (#​38448)
  • resource/aws_cloudtrail_event_data_store: suspend now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_cognito_user_in_group: The id attribute is now a comma-delimited string concatenating the user_pool_id, group_name, and username arguments (#​34082)
  • resource/aws_cur_report_definition: The s3_prefix argument is now required (#​38446)
  • resource/aws_db_instance: character_set_name now cannot be set with replicate_source_db, restore_to_point_in_time, s3_import, or snapshot_identifier. (#​42348)
  • resource/aws_dms_endpoint: Remove s3_settings attribute. Use aws_dms_s3_endpoint instead (#​42379)
  • resource/aws_dx_gateway_association: vpn_gateway_id has been removed (#​42323)
  • resource/aws_ec2_spot_instance_fleet: terminate_instances_on_delete now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_ec2_spot_instance_request: Remove block_duration_minutes attribute (#​42060)
  • resource/aws_ecs_task_definition: Remove inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • resource/aws_eip: vpc has been removed. Use domain instead. (#​42340)
  • resource/aws_eks_addon: resolve_conflicts has been removed. Use resolve_conflicts_on_create and resolve_conflicts_on_update instead. (#​42318)
  • resource/aws_elasticache_cluster: auto_minor_version_upgrade now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_elasticache_replication_group: at_rest_encryption_enabled and auto_minor_version_upgrade now only accept one of "" (empty string), true, or false (#​42434)
  • resource/aws_elasticache_replication_group: auth_token_update_strategy no longer has a default value. If auth_token is set, auth_token_update_strategy must also be explicitly configured. (#​42336)
  • resource/aws_evidently_feature: variations.value.bool_value now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_flow_log: log_group_name has been removed. Use log_destination instead. (#​42333)
  • resource/aws_globalaccelerator_accelerator: The id attribute is now computed only (#​42097)
  • resource/aws_guardduty_detector: Deprecates datasources. Use aws_guardduty_detector_feature resources instead. (#​42436)
  • resource/aws_guardduty_organization_configuration: The auto_enable attribute has been removed (#​42251)
  • resource/aws_identitystore_group: filter has been removed (#​42325)
  • resource/aws_imagebuilder_container_recipe: instance_configuration.block_device_mapping.ebs.delete_on_termination and instance_configuration.block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#​42434)
  • resource/aws_imagebuilder_image_recipe: block_device_mapping.ebs.delete_on_termination and block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#​42434)
  • resource/aws_instance: Remove cpu_core_count and cpu_threads_per_core. Instead, use cpu_options. (#​42280)
  • resource/aws_instance: user_data now displays cleartext instead of a hash. Base64 encoded content should use user_data_base64 instead. (#​42078)
  • resource/aws_launch_template: block_device_mappings.ebs.delete_on_termination, block_device_mappings.ebs.encrypted, ebs_optimized, network_interfaces.associate_carrier_ip_address, network_interfaces.associate_public_ip_address, network_interfaces.delete_on_termination, and network_interfaces.primary_ipv6 now only accept one of "" (empty string), true, or false (#​42434)
  • resource/aws_launch_template: Remove elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#​42137)
  • resource/aws_launch_template: elastic_gpu_specifications has been removed (#​42312)
  • resource/aws_lb_listener: mutual_authentication attributes advertise_trust_store_ca_names, ignore_client_certificate_expiry, and trust_store_arn are only valid if mode is verify (#​42326)
  • resource/aws_lb_target_group: preserve_client_ip now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_mq_broker: logs.audit now only accepts one of "" (empty string), true, or false (#​42434)
  • resource/aws_networkmanager_core_network: The base_policy_region argument has been removed. Use base_policy_regions instead. (#​38398)
  • resource/aws_opensearch_domain: kibana_endpoint has been removed (#​42268)
  • resource/aws_opensearchserverless_security_config: saml_options is now a list nested block instead of a single nested block (#​42270)
  • resource/aws_paymentcryptography_key: key_attributes and key_attributes.key_modes_of_use are now list nested blocks instead of single nested blocks. (#​42264)
  • resource/aws_quicksight_data_set: tags_all has been removed (#​42260)
  • resource/aws_redshift_cluster: Attributes cluster_public_key, cluster_revision_number, and endpoint are now read only and should not be set (#​42119)
  • resource/aws_redshift_cluster: The logging attribute has been removed (#​42013)
  • resource/aws_redshift_cluster: The publicly_accessible attribute now defaults to false (#​41978)
  • resource/aws_redshift_cluster: The snapshot_copy attribute has been removed (#​41995)
  • resource/aws_rekognition_stream_processor: regions_of_interest.bounding_box is now a list nested block instead of a single nested block (#​41380)
  • resource/aws_resiliencehub_resiliency_policy: policy, policy.az, policy.hardware, policy.software, and policy.region are now list nested blocks instead of single nested blocks (#​42297)
  • resource/aws_sagemaker_app_image_config: Exactly one code_editor_app_image_config, jupyter_lab_image_config, or kernel_gateway_image_config block must be configured (#​42753)
  • resource/aws_sagemaker_image_version: id is now a comma-delimited string concatenating image_name and version (#​42536)
  • resource/aws_sagemaker_notebook_instance: Remove accelerator_types from your configuration—it no longer exists. Instead, use instance_type to use Inferentia. (#​42099)
  • resource/aws_ssm_association: Remove instance_id argument (#​42224)
  • resource/aws_verifiedpermissions_schema: definition is now a list nested block instead of a single nested block (#​42305)
  • resource/aws_wafv2_web_acl: rule.statement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_bot_control_rule_set.enable_machine_learning now defaults to false (#​39858)

NOTES:

  • data-source/aws_cloudtrail_service_account: This data source is deprecated. AWS recommends using a service principal name instead of an AWS account ID in any relevant IAM policy. (#​42320)
  • data-source/aws_kms_secret: This data source will be removed in a future version (#​42524)
  • data-source/aws_region: The name attribute has been deprecated. All configurations using name should be updated to use the region attribute instead (#​42131)
  • data-source/aws_s3_bucket: Add bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#​42014)
  • data-source/aws_servicequotas_templates: The region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#​42131)
  • data-source/aws_ssmincidents_replication_set: The region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#​42014)
  • data-source/aws_vpc_endpoint_service: The region attribute has been deprecated. All configurations using region should be updated to use the service_region attribute instead (#​42014)
  • data-source/aws_vpc_peering_connection: The region attribute has been deprecated. All configurations using region should be updated to use the requester_region attribute instead (#​42014)
  • provider: Support for the global S3 endpoint is deprecated, along with the s3_us_east_1_regional_endpoint argument. The ability to use the global S3 endpoint will be removed in v7.0.0. (#​42375)
  • resource/aws_cloudformation_stack_set_instance: The region attribute has been deprecated. All configurations using region should be updated to use the stack_set_instance_region attribute instead (#​42014)
  • resource/aws_codeconnections_host: Deprecates id in favor of arn (#​42232)
  • resource/aws_config_aggregate_authorization: The region attribute has been deprecated. All configurations using region should be updated to use the authorized_aws_region attribute instead (#​42014)
  • resource/aws_dx_hosted_connection: The region attribute has been deprecated. All configurations using region should be updated to use the connection_region attribute instead (#​42014)
  • resource/aws_elasticache_replication_group: The ability to provide an uppercase engine value is deprecated (#​42419)
  • resource/aws_elasticache_user: The ability to provide an uppercase engine value is deprecated (#​42419)
  • resource/aws_elasticache_user_group: The ability to provide an uppercase engine value is deprecated (#​42419)
  • resource/aws_elastictranscoder_pipeline: This resource is deprecated. Use AWS Elemental MediaConvert instead. (#​42313)
  • resource/aws_elastictranscoder_preset: This resource is deprecated. Use AWS Elemental MediaConvert instead. (#​42313)
  • resource/aws_evidently_feature: This resource is deprecated. Use AWS AppConfig feature flags instead. (#​42227)
  • resource/aws_evidently_launch: This resource is deprecated. Use AWS AppConfig feature flags instead. (#​42227)
  • resource/aws_evidently_project: This resource is deprecated. Use AWS AppConfig feature flags instead. (#​42227)
  • resource/aws_evidently_segment: This resource is deprecated. Use AWS AppConfig feature flags instead. (#​42227)
  • resource/aws_guardduty_organization_configuration: datasources now returns a deprecation warning (#​42251)
  • resource/aws_kinesis_analytics_application: Effective January 27, 2026, AWS will no longer support Kinesis Data Analytics for SQL. This resource is deprecated and will be removed in a future version. Use the aws_kinesisanalyticsv2_application resource instead (#​42102)
  • resource/aws_media_store_container: This resource is deprecated. It will be removed in a future version. Use S3, AWS MediaPackage, or other storage solution instead. (#​42265)
  • resource/aws_media_store_container_policy: This resource is deprecated. It will be removed in a future version. Use S3, AWS MediaPackage, or other storage solution instead. (#​42265)
  • resource/aws_redshift_cluster: The default value of encrypted is now true to match the AWS API. (#​42631)
  • resource/aws_s3_bucket: Add bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#​42014)
  • resource/aws_service_discovery_service: health_check_custom_config.failure_threshold is deprecated. The argument is no longer supported by AWS and is always set to 1 (#​40777)
  • resource/aws_servicequotas_template: The region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#​42131)
  • resource/aws_ssmincidents_replication_set: The region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#​42014)

ENHANCEMENTS:

  • data-source/aws_ami: Add allow_unsafe_filter argument (#​42114)
  • data-source/aws_availability_zone: Add group_long_name attribute (#​42014)
  • data-source/aws_availability_zone: Mark region as Optional, allowing a value to be configured (#​42014)
  • resource/aws_auditmanager_assessment: Add plan-time validation of roles.role_arn and roles.role_type (#​42131)
  • provider: Add enhanced region support to most resources, data sources, and ephemeral resources, allowing per-resource Region targeting without requiring multiple provider configurations. See the Enhanced Region Support guide for more information. (#​43075)
  • resource/aws_auditmanager_control: Add plan-time validation of control_mapping_sources.source_frequency, control_mapping_sources.source_set_up_option, and control_mapping_sources.source_type (#​42131)
  • resource/aws_auditmanager_framework_share: Add plan-time validation of destination_account (#​42741)
  • resource/aws_auditmanager_organization_admin_account_registration: Add plan-time validation of admin_account_id (#​42741)
  • resource/aws_cognito_user_in_group: Add import support (#​34082)
  • resource/aws_ecs_service: Add arn attribute (#​42733)
  • resource/aws_guardduty_detector: Adds validation to finding_publishing_frequency. (#​42436)
  • resource/aws_lb_listener: mutual_authentication attribute trust_store_arn is required if mode is verify (#​42326)
  • resource/aws_quicksight_iam_policy_assignment: Add plan-time validation of policy_arn (#​42131)
  • resource/aws_sagemaker_image_version: Add aliases argument (#​42610)
  • resource/aws_securitylake_subscriber: Add plan-time validation of access_type source.aws_log_source_resource.source_name, and subscriber_identity.external_id (#​42131)

BUG FIXES:

  • resource/aws_auditmanager_control: Fix Provider produced inconsistent result after apply errors (#​42131)
  • resource/aws_redshift_cluster: Fixes permanent diff when encrypted is not explicitly set to true. (#​42631)
  • resource/aws_rekognition_stream_processor: Fix regions_of_interest.bounding_box and regions_of_interest.polygon argument validation (#​41380)
  • resource/aws_sagemaker_image_version: Read the correct image version after creation rather than always fetching the latest (#​42536)
  • resource/aws_securitylake_subscriber: Change access_type to ForceNew (#​42131)

v5.100.0

Compare Source

NOTES:

  • resource/aws_route53_vpc_association_authorization: Because we cannot easily replicate the highly concurrent environments in which these errors have been observed, this fix is best effort and we ask for community help in verifying the reported issues are resolved by this change (#​42948)

FEATURES:

  • New Resource: aws_dsql_cluster (#​41868)
  • New Resource: aws_dsql_cluster_peering (#​41868)
  • New Resource: aws_prometheus_workspace_configuration (#​42478)
  • New Resource: aws_s3control_directory_bucket_access_point_scope (#​42338)
  • New Resource: aws_vpc_route_server (#​42392)
  • New Resource: aws_vpc_route_server_endpoint (#​42392)
  • New Resource: aws_vpc_route_server_peer (#​42392)
  • New Resource: aws_vpc_route_server_propagation (#​42392)
  • New Resource: aws_vpc_route_server_vpc_association (#​42392)
  • New Resource: aws_workspacesweb_data_protection_settings (#​42852)
  • New Resource: aws_workspacesweb_ip_access_settings (#​42863)
  • New Resource: aws_workspacesweb_user_access_logging_settings (#​42868)

ENHANCEMENTS:

  • data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-east-2 AWS Region (#​42915)
  • data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-east-2 AWS Region (#​42915)
  • data-source/aws_neptune_engine_version: Add several arguments and attributes to support dynamic selection of versions including latest, has_major_target, preferred_major_targets, and preferred_upgrade_targets (#​42854)
  • data-source/aws_s3_bucket: Add hosted zone ID for ap-east-2 AWS Region (#​42915)
  • provider: Support ap-east-2 as a valid AWS Region (#​42906)
  • resource/aws_fsx_lustre_file_system: Add data_read_cache_configuration and throughput_capacity arguments in support of the Intelligent-Tiering storage class (#​42839)
  • resource/aws_pinpointsmsvoicev2_phone_number: Add two_way_channel_role argument (#​42950)
  • resource/aws_route53_vpc_association_authorization: Add configurable timeouts for create, read, and delete (#​42948)
  • resource/aws_s3_access_point: Add support for S3 Directory Buckets (#​42338)
  • resource/aws_s3control_access_point_policy: Add support for S3 Directory Buckets (#​42338)
  • resource/aws_vpn_connection: Add preshared_key_storage argument and preshared_key_arn attribute (#​42819)
  • resource/aws_wafv2_rule_group: Add statement.asn_match_statement configuration block (#​42965)
  • resource/aws_wafv2_web_acl: Add statement.asn_match_statement configuration block (#​42965)

BUG FIXES:

  • resource/aws_cloudfrontkeyvaluestore_keys_exclusive: Batch update operations to stay under the Key Value Store Service Quota. The max_batch_size argument can be used to override the default value of 50 items. (#​42795)
  • resource/aws_cloudwatch_log_destination: Fix to return the first matched destination name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_group: Fix to return the first matched group name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_metric_filter: Fix to return the first matched filter name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_query_definition: Fix to return the first matched query definition ID during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_resource_policy: Fix to return the first matched policy name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_cloudwatch_log_subscription_filter: Fix to return the first matched filter name during the read operation. This fixes a regression introduced in v5.83.0 (#​42896)
  • resource/aws_dynamodb_table: Set new computed value for stream_arn attribute when changing stream_view_type (#​42561)
  • resource/aws_neptune_cluster: Enable minor and major version upgrades by fixing various issues preventing them (#​42854)
  • resource/aws_neptune_global_cluster: Enable minor and major version upgrades by fixing various issues preventing them (#​42854)
  • resource/aws_route53_vpc_association_authorization: Retry InvalidPaginationToken errors on read (#​42948)
  • resource/aws_verifiedaccess_endpoint: Fix `InvalidParameterValue: The value of loadBalancerOptions.port yo

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/aws-6.x branch from 920ed12 to 6ec36dd Compare July 6, 2025 19:50
@renovate renovate bot force-pushed the renovate/aws-6.x branch from 6ec36dd to 8215b12 Compare July 14, 2025 00:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants