The AWS Provider enables Terraform to manage AWS resources.
NOTES:
template_body
of aws_cloudformation_stack
, CRLF was previously treated as different from LF but these are now treated as equivalent in many situations (#14270)FEATURES:
aws_eip_domain_name
(#36963)ENHANCEMENTS:
client_keep_alive
argument (#36969)ptr_record
attribute (#36963)attachment_count
attribute (#36759)client_keep_alive
argument (#36969)master_account_name
attribute (#36797)ipv6_address_preferred_lease_time
attribute (#36934)client_keep_alive
argument (#36969)alarm_specification
to the instance_refresh.preferences
configuration block (#36954)lambda
and mediapackagev2
as valid values for origin_access_control_origin_type
(#34362)force_destroy
attribute (#34905)report_build_status
and build_status_config
arguments (#36942)ipv6_address_preferred_lease_time
as Computed attribute (#36934)resource_identifier
argument (#36901)ptr_record
attribute (#36963)minimum
attribute in cache_usage_limits.data_storage
and cache_usage_limits.ecpu_per_second
(#36766)endpoint_ip_address
attribute (#36767)attachment_count
attribute (#36759)execution_role
and workflow
arguments (#36953)client_keep_alive
argument (#36969)database_vpc_endpoint_service
and webserver_vpc_endpoint_service
attributes (#36903)master_account_name
attribute (#36797)security_policy_name
argument (#36893)ipv6_address_preferred_lease_time
attribute (#36934)cascade
argument (#36898)BUG FIXES:
ConflictException
errors on resource Create (#36980)monitor_dimension
to ForceNew (#36773)account_id
to ForceNew (#36773)template_body
no longer cause erroneous diffs (#14270)interface conversion: interface {} is nil, not map[string]interface {}
panic when auth
is empty ({}
) (#36967)replication_settings
to disallow Logging.CloudWatchLogGroup
and Logging.CloudWatchLogStream
. (#36936)replication_settings
JSON documents. (#36936)replication_task_settings
to disallow Logging.CloudWatchLogGroup
and Logging.CloudWatchLogStream
. (#36936)replication_task_settings
unset to use default settings. (#36936)replication_task_settings
JSON documents. (#36936)BadRequest: AuditLogDestination must not be provided when auditing is disabled
when updating audit_log_configuration.0.file_access_audit_log_level
and audit_log_configuration.0.file_share_access_audit_log_level
to "DISABLED"
(#36928)number_of_workers
and worker_type
as optional/computed, preventing persistent differences when max_capacity
is set. (#36770)password_reset_required
is true
and initial password reset is completed (#36926)certificate_name
on create and update (#36888)NotFound
error handling on delete (#36933)NOTES:
logging
argument is now deprecated. Use the aws_redshift_logging
resource instead. (#36862)snapshot_copy
argument is now deprecated. Use the aws_redshift_snapshot_copy
resource instead. (#36810)FEATURES:
ENHANCEMENTS:
registry_id
for af-south-1
AWS Region (#36803)documentation_part_id
attribute (#36445)resource_arn
(#36445)BUG FIXES:
MaxBackoff
value to 300 seconds so that services migrated to AWS SDK for Go v2 maintain behavioral compatibility with AWS SDK for Go v1 (#36855)agent_arns
(#36819)filters.message_types
or filters.severities
contains multiple elements (#36804)configuration_policy.enabled_standard_arns
as Optional, fixing InvalidInputException: Invalid semantics: Enabled standards and security control configurations must be configured when Security Hub is enabled
errors (#36740)FEATURES:
aws_devopsguru_notification_channel
(#36656)aws_devopsguru_resource_collection
(#36657)aws_ecr_lifecycle_policy_document
(#6133)trim_iam_role_path
(#36723)aws_devopsguru_service_integration
(#36694)ENHANCEMENTS:
application_tag
attribute (#36647)data_catalog_encryption_settings.encryption_at_rest.catalog_encryption_service_role
attribute (#35978)desired_sessions
argument to the compute_capacity
block. (#34266)max_sessions_per_instance
argument. (#34266)deregister_on_new_revision
to allow keeping prior versions ACTIVE when a new revision is published. (#35149)character_set_name
when replicate_source_db
, restore_to_point_in_time
, or snapshot_identifier
is set (#36518)unhealthy_node_replacement
argument (#36523)data_catalog_encryption_settings.encryption_at_rest.catalog_encryption_service_role
argument (#35978)application_tag
attribute (#36647)s3_storage_options
configuration block (#36664)address_fields
and phone_number_fields
to statement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_acfp_rule_set.request_inspection
(#36685)BUG FIXES:
TF_APPEND_USER_AGENT
which contain /
, (
, )
, or space. (#36738)email_verification_message
, email_verification_subject
, admin_create_user_config.invite_message_template.email_message
, admin_create_user_config.invite_message_template.email_subject
, admin_create_user_config.invite_message_template.sms_message
, sms_authentication_message
, sms_verification_message
, verification_message_template.email_message
, verification_message_template.email_message_by_link
, verification_message_template.email_subject
, verification_message_template.email_subject_by_link
, and verification_message_template.sms_message
to count UTF-8 characters properly (#36661)tagPatternList
change detection in policy JSON (#35231)alarms.rollback
on resource Create and Update (#36691)force_destroy
is used and there are inline or attached policies, allow resource to be destroyed (#36640)ami_distribution_configuration.name
(#36659)snapshot_copy
block (#36655)FEATURES:
aws_resourceexplorer2_search
(#36560)aws_servicecatalogappregistry_application
(#36596)aws_cloudfrontkeyvaluestore_key
(#36534)aws_devopsguru_notification_channel
(#36557)aws_ec2_instance_metadata_defaults
(#36589)aws_lakeformation_resource_lf_tag
(#36537)aws_m2_application
(#35399)aws_m2_deployment
(#35408)aws_m2_environment
(#35311)aws_redshiftserverless_custom_domain_association
(#35865)aws_servicecatalogappregistry_application
(#36277)ENHANCEMENTS:
key_value_store_associations
attribute (#36585)original_snapshot_create_time
attribute (#36544)key_value_store_associations
argument (#36585)policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)assume_role_policy
and inline_policy.*.policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)FLINK-1_18
runtime_environment
value (#36562)policy
to have leading whitespace (#36597)inline_policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)tier
argument (#36504)BUG FIXES:
us-east-1
endpoint as this is the only Region in which AWS Cost and Usage Reports is available (#36540)ACTIVE
a valid create target status (#36615)us-east-1
endpoint as this is the only Region in which AWS Cost and Usage Reports is available (#36540)ValidationException
. (#36592)role
no longer exists (#34099)instance_type
change also requires an architecture change, such as x86_64 to arm64 (#36590)ValidationException
. (#36592)InvalidParameterCombination
errors when updating only skip_final_snapshot
(#36635)name
casing changes (#36563)InvalidRequestException
(#36609)data_type
is updated. (#35960)FEATURES:
aws_redshift_producer_data_shares
(#36481)aws_devopsguru_event_sources_config
(#36485)aws_devopsguru_resource_collection
(#36489)aws_dynamodb_table_export
(#30399)ENHANCEMENTS:
ipv6_cidr_block_set
and peer_ipv6_cidr_block_set
attributes (#36391)kerberos_keytab_base64
and kerberos_krb5_conf_base64
arguments (#36072)read_write
and segment_configuration.on_demand
arguments (#36486)enable_local_write_forwarding
argument to support Aurora MySQL local write forwarding (#34370)BUG FIXES:
RateLimiter
to ratelimit.None
so that services migrated to AWS SDK for Go v2 maintain behavioral compatibility with AWS SDK for Go v1 (#36467)start_time
and end_time
values on update when configured (#33713)scalable_dimension
as an additional filter (#34382)container_url
attribute value and bad subdirectory
attribute value from state read/refresh (#36072)efs_file_system_arn
attribute value from state read/refresh (#36072)qop_configuration
as Computed (#36072)server_hostname
attribute value from state read/refresh (#36072)s3_bucket_arn
attribute value from state read/refresh (#36072)server_hostname
attribute value from state read/refresh (#36072)replication_settings
(#35670)replication_task_settings
(#35670)kubernetes_groups
and user_name
values on update when configured (#36484)number_of_workers
minimum value to 1
(#36458)local_ipv6_network_cidr
, remote_ipv6_network_cidr
, tunnel1_inside_ipv6_cidr
, and tunnel2_inside_ipv6_cidr
no longer require transit_gateway_id
to be specified (#36405)FEATURES:
aws_apprunner_hosted_zone_id
(#36288)aws_medialive_input
(#36307)aws_lakeformation_data_cells_filter
(#36264)aws_securityhub_configuration_policy
(#35752)aws_securityhub_configuration_policy_association
(#35752)aws_securitylake_subscriber_notification
(#36323)ENHANCEMENTS:
state
attribute (#36304)data_cells_filter
attribute (#36264)name
is Optional (#36062)pre_token_generation_config
configuration block (#35236)state
attribute (#36304)DEFAULT
) for configuration.execute_command_configuration.logging
(#36341)data_cells_filter
attribute (#36264)resource_arn
and resource_share_arn
(#36062)billing_contact
and billing_privacy
arguments (#36285)organization_configuration
configuration block to support central configuration (#35752)auto_enable
to false
, auto_enable_standards
to NONE
, and organization_configuration.configuration_type
to LOCAL
on resource Delete (#35752)BUG FIXES:
Failed to marshal state to json: unsupported attribute "override_json"
and Failed to marshal state to json: unsupported attribute "source_json"
errors when running terraform show -json
or terraform state rm
(#36383)auto_tune_options.use_off_peak_window
attribute. This fixes a regression introduced in v5.40.0 causing Invalid address to set
errors (#36298)InvalidParameterException: ActiveEncryptionCertificate is not a valid key for SAML identity provider details
errors on resource Update (#36311)ipv6_address_count
(#36308)panic: interface conversion: interface {} is nil, not map[string]interface {}
when configuration
, configuration.execute_command_configuration
, or configuration.execute_command_configuration.log_configuration
are empty (#36341)panic: interface conversion: interface {} is nil, not map[string]interface {}
when service_connect_configuration.service.timeout
is empty (#36309)service_connect_configuration.service.tls.issuer_cert_authority.aws_pca_authority_arn
is Required (#36309)InvalidReplicationGroupState: Cluster not in available state to perform tagging operations.
(#36310)command_line_arguments
and initialization_script
updates from overwriting one another (#36361)InvalidNetworkAclID.NotFound
errors on resource Delete (#36326)principal
is disassociated outside of Terraform (#36062)couldn't find resource
errors on resource Delete (#36326)tunnel1_inside_ipv6_cidr
and tunnel2_inside_ipv6_cidr
(#36236)FEATURES:
arn_build
(#34952)arn_parse
(#34952)aws_account_region
(#35739)aws_securitylake_subscriber
(#35981)ENHANCEMENTS:
has_major_target
and has_minor_target
optional arguments and valid_major_targets
and valid_minor_targets
attributes (#36246)compute_environment_order
which conflicts with compute_environments
but aligns with AWS API. compute_environments
has been deprecated. (#34750)origin.custom_origin_config.origin_read_timeout
(#36088)io2
as a valid value for storage_type
(#36252)cache_usage_limits.ecpu_per_second.maximum
(#35927)use_off_peak_window
argument to the auto_tune_options
configuration block (#36067)io2
as a valid value for storage_type
(#36252)arn
. (#35710)arn
. (#35710)arn
. (#35710)evaluation_window_sec
argument to the rate_based_statement
configuration block (#36045)evaluation_window_sec
argument to the rate_based_statement
configuration block (#36045)BUG FIXES:
parameter_group_name
when replicate_source_db
is in different region. (#36080)InvalidParameterValue: Environment named ... is in an invalid state for this operation. Must be Ready
errors when tags
are updated along with other attributes (#36074)cache_usage_limits.data_storage.maximum
and cache_usage_limits.ecpu_per_second.maximum
to ForceNew (#35927)encoder_settings.audio_descriptions
arguments (#36097)action.forward.target_groups
maximum item limit (#36095)BUG FIXES:
panic: Invalid address to set
related to root_block_device.0.tags_all
(#36054)FEATURES:
aws_redshift_data_shares
(#35937)aws_apprunner_deployment
(#35758)aws_config_retention_configuration
(#15136)aws_securityhub_automation_rule
(#34781)aws_shield_proactive_engagement
(#34667)ENHANCEMENTS:
custom_time_zone
and file_extension
arguments to the extended_S3_configuration
configuration block (#35969)task.source_fields
to be a null
value (#35993)trigger
configuration block (#35475)aws_config_organization_custom_rule.lambda_function_arn
(#15136)read
timeout (#35955)aws_instance
, add ebs_block_device.*.tags_all
and root_block_device.*.tags_all
attributes which include default tags (#33769)data_replication_mode
and data_replication_primary_broker_arn
arguments, enabling support for cross-region data replication (#35990)endpoint_management
attribute (#35961)admin_password_secret_kms_key_id
and manage_admin_password
(#35965)read
timeout (#35955)application_integration_url
attribute (#35974)BUG FIXES:
iam_roles
attribute on read (#35965)task.task_type
is set to Map_all
(#35993)panic: interface conversion: interface {} is nil, not map[string]interface {}
when recording_group.exclusion_by_resource_types
is empty (#15136)name
to ForceNew (#15136)InvalidParameterValueException: PolicyText is required when Owner is CUSTOM_POLICY
errors on resource Update (#15136)container_definitions
diffs when Name
s are ordered differently (#36029)detect_and_copy_new_topics
attribute value from state read/refresh (#35966)max_capacity
removal (#36032)base_capacity
and max_capacity
(#36032)log_bucket
and role_arn_association_id
to ForceNew (#34667)FEATURES:
aws_batch_job_definition
(#34663)aws_cognito_user_group
(#34046)aws_cognito_user_groups
(#34046)ENHANCEMENTS:
load_balancer_arns
attribute (#34364)maximum_network_cards
attribute (#35840)vpc_id
attribute (#35887)load_balancer_arns
attribute (#34364)token_bucket_rate_limiter_capacity
parameter (#35926)load_balancer_arns
attribute (#34364)arn
attribute (#35888)execution_mode
argument (#35875)recording_mode
configuration block (#35527)performance_insights_retention_period
(#35870)vpc_id
attribute (#35887)load_balancer_arns
attribute (#34364)max_capacity
argument (#35720)TransferSecurityPolicy-2024-01
and TransferSecurityPolicy-FIPS-2024-01
as valid values for security_policy_name
(#35879)BUG FIXES:
sts_region
is specified (#35860)cluster_name
plan-time validation, allowing single-character names (#35874)cluster_name
plan-time validation, allowing single-character names (#35874)name
plan-time validation, allowing single-character names (#35874)index_field
options response values (#35900)cluster_name
plan-time validation, allowing single-character names (#35874)cluster_name
plan-time validation, allowing single-character names (#35874)cluster_name
plan-time validation, allowing single-character names (#35874)name
plan-time validation, allowing single-character names (#35874)cluster_name
plan-time validation, allowing single-character names (#35874)cluster_name
plan-time validation, allowing single-character names (#35874)