The AWS Provider enables Terraform to manage AWS resources.
FEATURES:
aws_datazone_environment_blueprint
(#36600)aws_bedrockagent_data_source
(#37158)aws_datazone_domain
(#36600)aws_datazone_environment_blueprint_configuration
(#36600)ENHANCEMENTS:
minified_json
attribute (#35677)table_arn
(#37288)rotation_period_in_days
argument (#37140)endpoint_id
in favor of subscriber_endpoint
(#37332)configuration.https_notification_configuration.authorization_api_key_value
as sensitive value (#37332)BUG FIXES:
tags
on Read (#37353)InvalidParameterValue: Invalid value 3412 for MaxRecords. Must be between 20 and 1000
errors (#37251)view_arn
in the AWS API request (#36778)prepare_agent
value (or default value of true
when omitted) for all create and update operations (#37405)auto_tune_options.rollback_on_disable
argument (#37394)tags
and tags_all
on resource Read (#37353)tags
and tags_all
on resource Read (#37353)trust_anchor_certificate
to ForceNew (#37092)auto_tune_options.rollback_on_disable
argument (#37394)auto_tune_options
to be applied during creation (#37394)source_version
(#36268)source_name
parameter (#36268)access_type
(#36268)source_version
parameter for aws_log_source_resource
and custom_log_source_resource
(#36268)source_name
parameter for aws_log_source_resource
and custom_log_source_resource
(#36268)configuration.https_notification_configuration.endpoint
(#37332)BackoffDelayer
to maintain behavioral compatibility with AWS SDK for Go v1 (#37404)FEATURES:
aws_bedrockagent_agent_knowledge_base_association
(#37185)ENHANCEMENTS:
force_destroy
argument (#37130)SINGLE_AZ_1
and MULTI_AZ_1
deployment types (#36511)storage_capacity
maximum to 1PiB (#36511)ha_pairs
(#36511)throughput_capacity_per_ha_pair
to support all values from throughput_capacity
(#36511)aggregate_configuration
configuration block (#36511)size_in_bytes
and volume_style
arguments (#36511)BUG FIXES:
table_configurations
expand/flatten (#37205)auth_parameters.oauth.oauth_http_parameters
or auth_parameters.invocation_http_parameters
body
, header
and query_string
configuration blocks (#26755)unexpected state 'snapshotting'
errors when increasing or decreasing replica count (#30493)NOTES:
FEATURES:
aws_identitystore_groups
(#36993)aws_bcmdataexports_export
(#36847)aws_bedrockagent_agent
(#36851)aws_bedrockagent_agent_action_group
(#36935)aws_bedrockagent_agent_alias
(#36905)aws_bedrockagent_knowledge_base
(#36783)aws_globalaccelerator_cross_account_attachment
(#35991)aws_verifiedpermissions_policy
(#35413)ENHANCEMENTS:
arn
attribute (#35991)root_resource_id
on resource Read (#37040)spec.service_discovery
argument (#37042)dedicated_log_volume
argument (#36503)arn
attribute (#35991)transit_encryption_mode
argument (#30403)transit_encryption_enabled
argument can now be done in-place for engine versions > 7.0.5
(#30403)snowflake_configuration
argument (#36646)code_editor_app_image_config
and jupyter_lab_image_config.jupyter_lab_image_config
arguments (#37059)kernel_gateway_image_config.kernel_spec
MaxItems to 5 (#37059)sftp_authentication_methods
argument (#37015)BUG FIXES:
revision
do not trigger changes in dependent resources and/or cause an error, "Provider produced inconsistent final plan" (#37111)and
, not
and or
operand nesting for the rule
argument (#30862)NOTES:
template_body
of aws_cloudformation_stack
, CRLF was previously treated as different from LF but these are now treated as equivalent in many situations (#14270)FEATURES:
aws_eip_domain_name
(#36963)ENHANCEMENTS:
client_keep_alive
argument (#36969)ptr_record
attribute (#36963)attachment_count
attribute (#36759)client_keep_alive
argument (#36969)master_account_name
attribute (#36797)ipv6_address_preferred_lease_time
attribute (#36934)client_keep_alive
argument (#36969)alarm_specification
to the instance_refresh.preferences
configuration block (#36954)lambda
and mediapackagev2
as valid values for origin_access_control_origin_type
(#34362)force_destroy
attribute (#34905)report_build_status
and build_status_config
arguments (#36942)ipv6_address_preferred_lease_time
as Computed attribute (#36934)resource_identifier
argument (#36901)ptr_record
attribute (#36963)minimum
attribute in cache_usage_limits.data_storage
and cache_usage_limits.ecpu_per_second
(#36766)endpoint_ip_address
attribute (#36767)attachment_count
attribute (#36759)execution_role
and workflow
arguments (#36953)client_keep_alive
argument (#36969)database_vpc_endpoint_service
and webserver_vpc_endpoint_service
attributes (#36903)master_account_name
attribute (#36797)security_policy_name
argument (#36893)ipv6_address_preferred_lease_time
attribute (#36934)cascade
argument (#36898)BUG FIXES:
ConflictException
errors on resource Create (#36980)monitor_dimension
to ForceNew (#36773)account_id
to ForceNew (#36773)template_body
no longer cause erroneous diffs (#14270)interface conversion: interface {} is nil, not map[string]interface {}
panic when auth
is empty ({}
) (#36967)replication_settings
to disallow Logging.CloudWatchLogGroup
and Logging.CloudWatchLogStream
. (#36936)replication_settings
JSON documents. (#36936)replication_task_settings
to disallow Logging.CloudWatchLogGroup
and Logging.CloudWatchLogStream
. (#36936)replication_task_settings
unset to use default settings. (#36936)replication_task_settings
JSON documents. (#36936)BadRequest: AuditLogDestination must not be provided when auditing is disabled
when updating audit_log_configuration.0.file_access_audit_log_level
and audit_log_configuration.0.file_share_access_audit_log_level
to "DISABLED"
(#36928)number_of_workers
and worker_type
as optional/computed, preventing persistent differences when max_capacity
is set. (#36770)password_reset_required
is true
and initial password reset is completed (#36926)certificate_name
on create and update (#36888)NotFound
error handling on delete (#36933)NOTES:
logging
argument is now deprecated. Use the aws_redshift_logging
resource instead. (#36862)snapshot_copy
argument is now deprecated. Use the aws_redshift_snapshot_copy
resource instead. (#36810)FEATURES:
ENHANCEMENTS:
registry_id
for af-south-1
AWS Region (#36803)documentation_part_id
attribute (#36445)resource_arn
(#36445)BUG FIXES:
MaxBackoff
value to 300 seconds so that services migrated to AWS SDK for Go v2 maintain behavioral compatibility with AWS SDK for Go v1 (#36855)agent_arns
(#36819)filters.message_types
or filters.severities
contains multiple elements (#36804)configuration_policy.enabled_standard_arns
as Optional, fixing InvalidInputException: Invalid semantics: Enabled standards and security control configurations must be configured when Security Hub is enabled
errors (#36740)FEATURES:
aws_devopsguru_notification_channel
(#36656)aws_devopsguru_resource_collection
(#36657)aws_ecr_lifecycle_policy_document
(#6133)trim_iam_role_path
(#36723)aws_devopsguru_service_integration
(#36694)ENHANCEMENTS:
application_tag
attribute (#36647)data_catalog_encryption_settings.encryption_at_rest.catalog_encryption_service_role
attribute (#35978)desired_sessions
argument to the compute_capacity
block. (#34266)max_sessions_per_instance
argument. (#34266)deregister_on_new_revision
to allow keeping prior versions ACTIVE when a new revision is published. (#35149)character_set_name
when replicate_source_db
, restore_to_point_in_time
, or snapshot_identifier
is set (#36518)unhealthy_node_replacement
argument (#36523)data_catalog_encryption_settings.encryption_at_rest.catalog_encryption_service_role
argument (#35978)application_tag
attribute (#36647)s3_storage_options
configuration block (#36664)address_fields
and phone_number_fields
to statement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_acfp_rule_set.request_inspection
(#36685)BUG FIXES:
TF_APPEND_USER_AGENT
which contain /
, (
, )
, or space. (#36738)email_verification_message
, email_verification_subject
, admin_create_user_config.invite_message_template.email_message
, admin_create_user_config.invite_message_template.email_subject
, admin_create_user_config.invite_message_template.sms_message
, sms_authentication_message
, sms_verification_message
, verification_message_template.email_message
, verification_message_template.email_message_by_link
, verification_message_template.email_subject
, verification_message_template.email_subject_by_link
, and verification_message_template.sms_message
to count UTF-8 characters properly (#36661)tagPatternList
change detection in policy JSON (#35231)alarms.rollback
on resource Create and Update (#36691)force_destroy
is used and there are inline or attached policies, allow resource to be destroyed (#36640)ami_distribution_configuration.name
(#36659)snapshot_copy
block (#36655)FEATURES:
aws_resourceexplorer2_search
(#36560)aws_servicecatalogappregistry_application
(#36596)aws_cloudfrontkeyvaluestore_key
(#36534)aws_devopsguru_notification_channel
(#36557)aws_ec2_instance_metadata_defaults
(#36589)aws_lakeformation_resource_lf_tag
(#36537)aws_m2_application
(#35399)aws_m2_deployment
(#35408)aws_m2_environment
(#35311)aws_redshiftserverless_custom_domain_association
(#35865)aws_servicecatalogappregistry_application
(#36277)ENHANCEMENTS:
key_value_store_associations
attribute (#36585)original_snapshot_create_time
attribute (#36544)key_value_store_associations
argument (#36585)policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)assume_role_policy
and inline_policy.*.policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)FLINK-1_18
runtime_environment
value (#36562)policy
to have leading whitespace (#36597)inline_policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)policy
to have leading whitespace (#36597)tier
argument (#36504)BUG FIXES:
us-east-1
endpoint as this is the only Region in which AWS Cost and Usage Reports is available (#36540)ACTIVE
a valid create target status (#36615)us-east-1
endpoint as this is the only Region in which AWS Cost and Usage Reports is available (#36540)ValidationException
. (#36592)role
no longer exists (#34099)instance_type
change also requires an architecture change, such as x86_64 to arm64 (#36590)ValidationException
. (#36592)InvalidParameterCombination
errors when updating only skip_final_snapshot
(#36635)name
casing changes (#36563)InvalidRequestException
(#36609)data_type
is updated. (#35960)FEATURES:
aws_redshift_producer_data_shares
(#36481)aws_devopsguru_event_sources_config
(#36485)aws_devopsguru_resource_collection
(#36489)aws_dynamodb_table_export
(#30399)ENHANCEMENTS:
ipv6_cidr_block_set
and peer_ipv6_cidr_block_set
attributes (#36391)kerberos_keytab_base64
and kerberos_krb5_conf_base64
arguments (#36072)read_write
and segment_configuration.on_demand
arguments (#36486)enable_local_write_forwarding
argument to support Aurora MySQL local write forwarding (#34370)BUG FIXES:
RateLimiter
to ratelimit.None
so that services migrated to AWS SDK for Go v2 maintain behavioral compatibility with AWS SDK for Go v1 (#36467)start_time
and end_time
values on update when configured (#33713)scalable_dimension
as an additional filter (#34382)container_url
attribute value and bad subdirectory
attribute value from state read/refresh (#36072)efs_file_system_arn
attribute value from state read/refresh (#36072)qop_configuration
as Computed (#36072)server_hostname
attribute value from state read/refresh (#36072)s3_bucket_arn
attribute value from state read/refresh (#36072)server_hostname
attribute value from state read/refresh (#36072)replication_settings
(#35670)replication_task_settings
(#35670)kubernetes_groups
and user_name
values on update when configured (#36484)number_of_workers
minimum value to 1
(#36458)local_ipv6_network_cidr
, remote_ipv6_network_cidr
, tunnel1_inside_ipv6_cidr
, and tunnel2_inside_ipv6_cidr
no longer require transit_gateway_id
to be specified (#36405)FEATURES:
aws_apprunner_hosted_zone_id
(#36288)aws_medialive_input
(#36307)aws_lakeformation_data_cells_filter
(#36264)aws_securityhub_configuration_policy
(#35752)aws_securityhub_configuration_policy_association
(#35752)aws_securitylake_subscriber_notification
(#36323)ENHANCEMENTS:
state
attribute (#36304)data_cells_filter
attribute (#36264)name
is Optional (#36062)pre_token_generation_config
configuration block (#35236)state
attribute (#36304)DEFAULT
) for configuration.execute_command_configuration.logging
(#36341)data_cells_filter
attribute (#36264)resource_arn
and resource_share_arn
(#36062)billing_contact
and billing_privacy
arguments (#36285)organization_configuration
configuration block to support central configuration (#35752)auto_enable
to false
, auto_enable_standards
to NONE
, and organization_configuration.configuration_type
to LOCAL
on resource Delete (#35752)BUG FIXES:
Failed to marshal state to json: unsupported attribute "override_json"
and Failed to marshal state to json: unsupported attribute "source_json"
errors when running terraform show -json
or terraform state rm
(#36383)auto_tune_options.use_off_peak_window
attribute. This fixes a regression introduced in v5.40.0 causing Invalid address to set
errors (#36298)InvalidParameterException: ActiveEncryptionCertificate is not a valid key for SAML identity provider details
errors on resource Update (#36311)ipv6_address_count
(#36308)panic: interface conversion: interface {} is nil, not map[string]interface {}
when configuration
, configuration.execute_command_configuration
, or configuration.execute_command_configuration.log_configuration
are empty (#36341)panic: interface conversion: interface {} is nil, not map[string]interface {}
when service_connect_configuration.service.timeout
is empty (#36309)service_connect_configuration.service.tls.issuer_cert_authority.aws_pca_authority_arn
is Required (#36309)InvalidReplicationGroupState: Cluster not in available state to perform tagging operations.
(#36310)command_line_arguments
and initialization_script
updates from overwriting one another (#36361)InvalidNetworkAclID.NotFound
errors on resource Delete (#36326)principal
is disassociated outside of Terraform (#36062)couldn't find resource
errors on resource Delete (#36326)tunnel1_inside_ipv6_cidr
and tunnel2_inside_ipv6_cidr
(#36236)FEATURES:
arn_build
(#34952)arn_parse
(#34952)aws_account_region
(#35739)aws_securitylake_subscriber
(#35981)ENHANCEMENTS:
has_major_target
and has_minor_target
optional arguments and valid_major_targets
and valid_minor_targets
attributes (#36246)compute_environment_order
which conflicts with compute_environments
but aligns with AWS API. compute_environments
has been deprecated. (#34750)origin.custom_origin_config.origin_read_timeout
(#36088)io2
as a valid value for storage_type
(#36252)cache_usage_limits.ecpu_per_second.maximum
(#35927)use_off_peak_window
argument to the auto_tune_options
configuration block (#36067)io2
as a valid value for storage_type
(#36252)arn
. (#35710)arn
. (#35710)arn
. (#35710)evaluation_window_sec
argument to the rate_based_statement
configuration block (#36045)evaluation_window_sec
argument to the rate_based_statement
configuration block (#36045)BUG FIXES:
parameter_group_name
when replicate_source_db
is in different region. (#36080)InvalidParameterValue: Environment named ... is in an invalid state for this operation. Must be Ready
errors when tags
are updated along with other attributes (#36074)cache_usage_limits.data_storage.maximum
and cache_usage_limits.ecpu_per_second.maximum
to ForceNew (#35927)encoder_settings.audio_descriptions
arguments (#36097)action.forward.target_groups
maximum item limit (#36095)