cloudposse/terraform-aws-vpc (cloudposse/vpc/aws)
Compare Source
🤖 Automatic Updates
chore(deps): update terraform aws to v6 (main) @[renovate[bot]](https://redirect.github.com/apps/renovate) (#159)
This PR contains the following updates:
| Package |
Type |
Update |
Change |
| aws (source) |
required_provider |
major |
>= 4.9.0, < 6.0 -> < 6.13 |
Release Notes
hashicorp/terraform-provider-aws (aws)
Compare Source
NOTES:
- resource/aws_s3_bucket_acl: The
access_control_policy.grant.grantee.display_name attribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)
- resource/aws_s3_bucket_acl: The
access_control_policy.owner.display_name attribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)
- resource/aws_s3_bucket_logging: The
target_grant.grantee.display_name attribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)
FEATURES:
- New Resource:
aws_cognito_managed_login_branding (#43817)
ENHANCEMENTS:
- data-source/aws_efs_mount_target: Add
ip_address_type and ipv6_address attributes (#44079)
- data-source/aws_instance: Add
placement_group_id attribute (#38527)
- data-source/aws_lambda_function: Add
source_kms_key_arn attribute (#44080)
- data-source/aws_launch_template: Add
placement.group_id attribute (#44097)
- provider: Support
ap-southeast-6 as a valid AWS Region (#44127)
- resource/aws_ecs_service: Remove Terraform default for
availability_zone_rebalancing and change the attribute to Optional and Computed. This allow ECS to default to ENABLED for new resources compatible with AvailabilityZoneRebalancing and maintain an existing service's availability_zone_rebalancing value during update when not configured. If an existing service never had an availability_zone_rebalancing value configured and is updated, ECS will treat this as DISABLED (#43241)
- resource/aws_efs_mount_target: Add
ip_address_type and ipv6_address arguments to support IPv6 connectivity (#44079)
- resource/aws_fsx_openzfs_file_system: Remove maximum items limit on the
user_and_group_quotas argument (#44120)
- resource/aws_fsx_openzfs_volume: Remove maximum items limit on the
user_and_group_quotas argument (#44118)
- resource/aws_instance: Add
placement_group_id argument (#38527)
- resource/aws_instance: Add resource identity support (#44068)
- resource/aws_lambda_function: Add
source_kms_key_arn argument (#44080)
- resource/aws_launch_template: Add
placement.group_id argument (#44097)
- resource/aws_ssm_association: Add resource identity support (#44075)
- resource/aws_ssm_document: Add resource identity support (#44075)
- resource/aws_ssm_maintenance_window: Add resource identity support (#44075)
- resource/aws_ssm_maintenance_window_target: Add resource identity support (#44075)
- resource/aws_ssm_maintenance_window_task: Add resource identity support (#44075)
- resource/aws_ssm_patch_baseline: Add resource identity support (#44075)
- resource/aws_synthetics_canary: Add
run_config.ephemeral_storage argument. (#44105)
BUG FIXES:
- resource/aws_s3tables_table_policy: Remove plan-time validation of
name and namespace (#44072)
- resource/aws_servicecatalog_provisioned_product: Set
provisioning_parameters and provisioning_artifact_id to the values from the last successful deployment when update fails (#43956)
- resource/aws_wafv2_web_acl: Fix performance of update when the WebACL has a large number of rules (#42740)
Compare Source
FEATURES:
- New Resource:
aws_timestreaminfluxdb_db_cluster (#42382)
- New Resource:
aws_workspacesweb_browser_settings_association (#43735)
- New Resource:
aws_workspacesweb_data_protection_settings_association (#43773)
- New Resource:
aws_workspacesweb_identity_provider (#43729)
- New Resource:
aws_workspacesweb_ip_access_settings_association (#43774)
- New Resource:
aws_workspacesweb_network_settings_association (#43775)
- New Resource:
aws_workspacesweb_portal (#43444)
- New Resource:
aws_workspacesweb_session_logger (#43863)
- New Resource:
aws_workspacesweb_session_logger_association (#43866)
- New Resource:
aws_workspacesweb_trust_store (#43408)
- New Resource:
aws_workspacesweb_trust_store_association (#43778)
- New Resource:
aws_workspacesweb_user_access_logging_settings_association (#43776)
- New Resource:
aws_workspacesweb_user_settings_association (#43777)
ENHANCEMENTS:
- data-source/aws_ec2_client_vpn_endpoint: Add
endpoint_ip_address_type and traffic_ip_address_type attributes (#44059)
- data-source/aws_network_interface: Add
attachment.network_card_index attribute (#42188)
- data-source/aws_sesv2_email_identity: Add
verification_status attribute (#44045)
- data-source/aws_signer_signing_profile: Add
signing_material and signing_parameters attributes (#43921)
- data-source/aws_vpc_ipam: Add
metered_account attribute (#43967)
- resource/aws_datazone_domain: Add
domain_version and service_role arguments to support V2 domains (#44042)
- resource/aws_dlm_lifecycle_policy: Add
copy_tags, create_interval, exclusions, extend_deletion, policy_language, resource_type and retain_interval attributes to policy_details configuration block (#41055)
- resource/aws_dlm_lifecycle_policy: Add
default_policy argument (#41055)
- resource/aws_dlm_lifecycle_policy: Add
policy_details.create_rule.scripts argument (#41055)
- resource/aws_dlm_lifecycle_policy: Add
policy_details.schedule.cross_region_copy_rule.target_region argument (#33796)
- resource/aws_dlm_lifecycle_policy: Make
policy_details.schedule.cross_region_copy_rule.target optional (#33796)
- resource/aws_dlm_lifecycle_policy:Add
policy_details.schedule.archive_rule argument (#41055)
- resource/aws_dynamodb_contributor_insights: Add
mode argument in support of CloudWatch contributor insights modes (#43914)
- resource/aws_ec2_client_vpn_endpoint: Add
endpoint_ip_address_type and traffic_ip_address_type arguments to support IPv6 connectivity in Client VPN (#44059)
- resource/aws_ec2_client_vpn_endpoint: Make
client_cidr_block optional (#44059)
- resource/aws_ecr_lifecycle_policy: Add resource identity support (#44041)
- resource/aws_ecr_repository: Add resource identity support (#44041)
- resource/aws_ecr_repository_policy: Add resource identity support (#44041)
- resource/aws_ecs_service: Add
sigint_rollback argument (#43986)
- resource/aws_ecs_service: Change
deployment_configuration to Optional and Computed (#43986)
- resource/aws_eks_cluster: Allow
remote_network_config to be updated in-place, enabling support for EKS hybrid nodes on existing clusters (#42928)
- resource/aws_elasticache_global_replication_group: Change
engine to Optional and Computed (#42636)
- resource/aws_inspector2_filter: Support
code_repository_project_name, code_repository_provider_type, ecr_image_in_use_count, and ecr_image_last_in_use_at in filter_criteria (#43950)
- resource/aws_iot_thing_principal_attachment: Add
thing_principal_type argument (#43916)
- resource/aws_kms_alias: Add resource identity support (#44025)
- resource/aws_kms_external_key: Add
key_spec argument (#44011)
- resource/aws_kms_external_key: Change
key_usage to Optional and Computed (#44011)
- resource/aws_kms_key: Add resource identity support (#44025)
- resource/aws_lb: Add
secondary_ips_auto_assigned_per_subnet argument for Network Load Balancers (#43699)
- resource/aws_mwaa_environment: Add
worker_replacement_strategy argument (#43946)
- resource/aws_network_interface: Add
attachment.network_card_index argument (#42188)
- resource/aws_network_interface_attachment: Add
network_card_index argument (#42188)
- resource/aws_route53_resolver_rule: Add resource identity support (#44048)
- resource/aws_route53_resolver_rule_association: Add resource identity support (#44048)
- resource/aws_route: Add resource identity support (#43910)
- resource/aws_route_table: Add resource identity support (#43990)
- resource/aws_s3_bucket_acl: Add resource identity support (#44043)
- resource/aws_s3_bucket_cors_configuration: Add resource identity support (#43976)
- resource/aws_s3_bucket_logging: Add resource identity support (#43976)
- resource/aws_s3_bucket_notification: Add resource identity support (#43976)
- resource/aws_s3_bucket_ownership_controls: Add resource identity support (#43976)
- resource/aws_s3_bucket_policy: Add resource identity support (#43976)
- resource/aws_s3_bucket_public_access_block: Add resource identity support (#43976)
- resource/aws_s3_bucket_server_side_encryption_configuration: Add resource identity support (#43976)
- resource/aws_s3_bucket_versioning: Add resource identity support (#43976)
- resource/aws_s3_bucket_website_configuration: Add resource identity support (#43976)
- resource/aws_s3tables_table_bucket: Add
force_destroy argument (#43922)
- resource/aws_secretsmanager_secret_version: Add resource identity support (#44031)
- resource/aws_sesv2_email_identity: Add
verification_status attribute (#44045)
- resource/aws_signer_signing_profile: Add
signing_parameters argument (#43921)
- resource/aws_synthetics_canary: Add
vpc_config.ipv6_allowed_for_dual_stack argument (#43989)
- resource/aws_vpc_ipam: Add
metered_account argument (#43967)
BUG FIXES:
- data-source/aws_glue_catalog_table: Add
partition_keys.parameters attribute (#26702)
- resource/aws_cognito_user_pool: Fixed to accept an empty
email_mfa_configuration block (#43926)
- resource/aws_db_instance: Fixes the behavior when modifying
database_insights_mode when using custom KMS key (#44050)
- resource/aws_dx_hosted_connection: Fix
DescribeHostedConnections failed for connection dxcon-xxxx doesn't exist by pointing to the correct connection ID when doing the describe. (#43499)
- resource/aws_glue_catalog_table: Add
partition_keys.parameters argument, fixing Invalid address to set: []string{"partition_keys", "0", "parameters"} errors (#26702)
- resource/aws_imagebuilder_image_recipe: Increase upper limit of
block_device_mapping.ebs.iops from 10000 to 100000 (#43981)
- resource/aws_nat_gateway: Fix inconsistent final plan for
secondary_private_ip_addresses (#43708)
- resource/aws_spot_instance_request: Change
network_interface.network_card_index to Computed (#38336)
- resource/aws_timestreaminfluxdb_db_instance: Fix tag-only update errors (#42382)
- resource/aws_wafv2_web_acl: Add missing flattening of
name in response_inspection.header blocks for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet to avoid persistent plan diffs (#44032)
Compare Source
NOTES:
- resource/aws_instance: The
network_interface block has been deprecated. Use primary_network_interface for the primary network interface and aws_network_interface_attachment resources for other network interfaces. (#43953)
- resource/aws_spot_instance_request: The
network_interface block has been deprecated. Use primary_network_interface for the primary network interface and aws_network_interface_attachment resources for other network interfaces. (#43953)
ENHANCEMENTS:
- data-source/aws_ecr_repository: Add
image_tag_mutability_exclusion_filter attribute (#43886)
- data-source/aws_ecr_repository_creation_template: Add
image_tag_mutability_exclusion_filter attribute (#43886)
- resource/aws_cloudwatch_event_target: Add resource identity support (#43984)
- resource/aws_ecr_repository_creation_template: Add
image_tag_mutability_exclusion_filter configuration block (#43886)
- resource/aws_glue_job: Support
G.12X, G.16X, R.1X, R.2X, R.4X, and R.8X as valid values for worker_type (#43988)
- resource/aws_lambda_permission: Add resource identity support (#43954)
- resource/aws_lightsail_static_ip_attachment: Support resource import (#43874)
- resource/aws_s3_bucket_cors_configuration: Add resource identity support (#43976)
- resource/aws_s3_bucket_logging: Add resource identity support (#43976)
- resource/aws_s3_bucket_notification: Add resource identity support (#43976)
- resource/aws_s3_bucket_ownership_controls: Add resource identity support (#43976)
- resource/aws_s3_bucket_policy: Add resource identity support (#43976)
- resource/aws_s3_bucket_public_access_block: Add resource identity support (#43976)
- resource/aws_s3_bucket_server_side_encryption_configuration: Add resource identity support (#43976)
- resource/aws_s3_bucket_versioning: Add resource identity support (#43976)
- resource/aws_s3_bucket_website_configuration: Add resource identity support (#43976)
- resource/aws_secretsmanager_secret: Add resource identity support (#43872)
- resource/aws_secretsmanager_secret_policy: Add resource identity support (#43872)
- resource/aws_secretsmanager_secret_rotation: Add resource identity support (#43872)
- resource/aws_sqs_queue: Add resource identity support (#43918)
- resource/aws_sqs_queue_policy: Add resource identity support (#43918)
- resource/aws_sqs_queue_redrive_allow_policy: Add resource identity support (#43918)
- resource/aws_sqs_queue_redrive_policy: Add resource identity support (#43918)
BUG FIXES:
- resource/aws_batch_compute_environment: Allow in-place updates of compute environments that have the
SPOT_PRICE_CAPACITY_OPTIMIZED strategy (#40148)
- resource/aws_imagebuilder_lifecycle_policy: Fix
Provider produced inconsistent result after apply error when policy_detail.exclusion_rules.amis.is_public is omitted (#43925)
- resource/aws_instance: Adds
primary_network_interface to allow importing resources with custom primary network interface. (#43953)
- resource/aws_rds_cluster: Fixes the behavior when enabling database_insights_mode="advanced" without changing performance insights retention window (#43919)
- resource/aws_rds_cluster: Fixes the behavior when modifying
database_insights_mode when using custom KMS key (#43942)
- resource/aws_spot_instance_request: Adds
primary_network_interface to allow importing resources with custom primary network interface. (#43953)
Compare Source
FEATURES:
- New Resource:
aws_appsync_api (#43787)
- New Resource:
aws_appsync_channel_namespace (#43787)
ENHANCEMENTS:
- data-source/aws_eks_cluster: Add
deletion_protection attribute (#43779)
- resource/aws_cloudwatch_event_rule: Add resource identity support (#43758)
- resource/aws_cloudwatch_metric_alarm: Add resource identity support (#43759)
- resource/aws_dynamodb_table: Add
replica.deletion_protection_enabled argument (#43240)
- resource/aws_eks_cluster: Add
deletion_protection argument (#43779)
- resource/aws_lambda_function: Add resource identity support (#43821)
- resource/aws_sns_topic_data_protection_policy: Add resource identity support (#43830)
- resource/aws_sns_topic_policy: Add resource identity support (#43830)
- resource/aws_sns_topic_subscription: Add resource identity support (#43830)
- resource/aws_subnet: Add resource identity support (#43833)
BUG FIXES:
- data-source/aws_lambda_function: Fix missing value for
reserved_concurrent_executions attribute when a published version exists. This functionality requires the lambda:GetFunctionConcurrency IAM permission (#43753)
- data-source/aws_networkfirewall_firewall_policy: Add missing schema definition for
firewall_policy.stateful_engine_options.flow_timeouts (#43852)
- resource/aws_cognito_risk_configuration: Make
account_takeover_risk_configuration.notify_configuration optional (#33624)
- resource/aws_ecs_service: Fix tagging failure after upgrading to v6 provider (#43816)
- resource/aws_ecs_service: Fix refreshing
service_connect_configuration when deleted outside of Terraform (#43871)
- resource/aws_lambda_function: Fix missing value for
reserved_concurrent_executions attribute when a published version exists. This functionality requires the lambda:GetFunctionConcurrency IAM permission (#43753)
- resource/aws_s3tables_table: Fix
runtime error: invalid memory address or nil pointer dereference panics when GetTableMaintenanceConfiguration returns an error (#43764)
- resource/aws_sagemaker_user_profile: Fix incomplete regex for
user_profile_name (#43807)
- resource/aws_servicequotas_service_quota: Add validation, during
create, to check if new value is less than current value of quota (#43545)
- resource/aws_storagegateway_gateway: Handle
InvalidGatewayRequestException: The specified gateway is not connected errors during Read by using the ListGateways API to return minimal information about a disconnected gateway. This functionality requires the storagegateway:ListGateways IAM permission (#43819)
- resource/aws_vpc_ipam_pool_cidr: Fix
netmask_length not being saved and diffed correctly (#43262)
Compare Source
FEATURES:
- New Resource:
aws_networkfirewall_vpc_endpoint_association (#43675)
- New Resource:
aws_quicksight_custom_permissions (#43613)
- New Resource:
aws_quicksight_role_custom_permission (#43613)
- New Resource:
aws_quicksight_user_custom_permission (#43613)
- New Resource:
aws_wafv2_web_acl_rule_group_association (#43561)
ENHANCEMENTS:
- data-source/aws_quicksight_user: Add
custom_permissions_name attribute (#43613)
- data-source/aws_wafv2_web_acl: Add
resource_arn argument to enable finding web ACLs by resource ARN (#43597)
- data-source/aws_wafv2_web_acl: Add support for
CLOUDFRONT scope web ACLs using resource_arn (#43597)
- resource/aws_bedrock_guardrail: Add
input_action, output_action, input_enabled, and output_enabled attributes to sensitive_information_policy_config.pii_entities_config and sensitive_information_policy_config.regexes_config configuration blocks (#43702)
- resource/aws_cloudwatch_log_group: Add resource identity support (#43719)
- resource/aws_computeoptimizer_recommendation_preferences: Add
AuroraDBClusterStorage as a valid resource_type (#43677)
- resource/aws_docdb_cluster: Add
serverless_v2_scaling_configuration argument in support of Amazon DocumentDB serverless (#43667)
- resource/aws_ecr_repository: Add
image_tag_mutability_exclusion_filter argument (#43642)
- resource/aws_ecr_repository: Support
IMMUTABLE_WITH_EXCLUSION and MUTABLE_WITH_EXCLUSION as valid values for image_tag_mutability (#43642)
- resource/aws_inspector2_enabler: Support resource import (#43673)
- resource/aws_instance: Adds
force_destroy argument that allows destruction even when disable_api_termination and disable_api_stop are true (#43722)
- resource/aws_ivs_channel: Add resource identity support (#43704)
- resource/aws_ivs_playback_key_pair: Add resource identity support (#43704)
- resource/aws_ivs_recording_configuration: Add resource identity support (#43704)
- resource/aws_ivschat_logging_configuration: Add resource identity support (#43697)
- resource/aws_ivschat_room: Add resource identity support (#43697)
- resource/aws_kinesis_firehose_delivery_stream: Add
iceberg_configuration.append_only argument (#43647)
- resource/aws_lightsail_static_ip: Support resource import (#43672)
- resource/aws_opensearch_domain_policy: Support resource import (#43674)
- resource/aws_quicksight_user: Add plan-time validation of
iam_arn (#43613)
- resource/aws_quicksight_user: Change
user_name to Optional and Computed (#43613)
- resource/aws_quicksight_user: Support
IAM_IDENTITY_CENTER as a valid value for identity_type (#43613)
- resource/aws_quicksight_user: Support
RESTRICTED_AUTHOR and RESTRICTED_READER as valid values for user_role (#43613)
- resource/aws_security_group: Add parameterized resource identity support (#43744)
- resource/aws_sqs_queue: Increase upper limit of
max_message_size from 256 KiB to 1024 KiB (#43710)
- resource/aws_ssm_parameter: Add resource identity support (#43736)
BUG FIXES:
- ephemeral-resource/aws_lambda_invocation: Fix plan inconsistency issue due to improperly assigned payload values (#43676)
- provider: Fix failure to detect resources deleted outside of Terraform as missing for numerous resource types (#43659)
- resource/aws_batch_compute_environment: Fix
inconsistent final plan error when compute_resource.launch_template.version is unknown during an update (#43337)
- resource/aws_bedrockagent_flow: Prevent
created_at becoming null on Update (#43654)
- resource/aws_ec2_managed_prefix_list: Fix
PrefixListVersionMismatch: The prefix list has the incorrect version number errors when updating entry description (#43661)
- resource/aws_fsx_lustre_file_system: Fix validation of SSD read cache size for file systems using the Intelligent-Tiering storage class (#43605)
- resource/aws_instance: Prevent destruction of resource when
disable_api_termination is true (#43722)
- resource/aws_kms_key: Restore pre-v6.3.0 retry delay behavior when waiting for continuous target state occurrences. This fixes certain tag update timeouts (#43716)
- resource/aws_s3tables_table_bucket: Fix crash on
maintenance_configuration read failure (#43707)
- resource/aws_sagemaker_image: Fix
image_name regular expression validation (#43751)
- resource/aws_timestreaminfluxdb_db_instance: Don't mark
network_type as ForceNew if the value is not configured. This fixes a problem with terraform apply -refresh=false after upgrade from v5.90.0 and below (#43534)
- resource/aws_wafv2_regex_pattern_set: Remove maximum items limit on the
regular_expression argument (#43693)
Compare Source
FEATURES:
- New Resource:
aws_quicksight_ip_restriction (#43596)
- New Resource:
aws_quicksight_key_registration (#43587)
ENHANCEMENTS:
- data-source/aws_codebuild_fleet: Add
instance_type attribute in compute_configuration block (#43449)
- data-source/aws_ebs_volume: Add
volume_initialization_rate attribute (#43565)
- data-source/aws_ecs_service: Support
load_balancer attribute (#43582)
- data-source/aws_s3_access_point: Add
tags attribute. This functionality requires the s3:ListTagsForResource IAM permission with S3 Access Points for general purpose buckets and the s3express:ListTagsForResource IAM permission with S3 Access Points for directory buckets (#43630)
- data-source/aws_verifiedpermissions_policy_store: Add
deletion_protection attribute (#43452)
- resource/aws_athena_workgroup: Add
configuration.identity_center_configuration argument (#38717)
- resource/aws_cleanrooms_collaboration: Add
analytics_engine argument (#43614)
- resource/aws_codebuild_fleet: Add
instance_type argument in compute_configuration block to support custom instance types (#43449)
- resource/aws_ebs_volume: Add
volume_initialization_rate argument (#43565)
- resource/aws_s3_access_point: Add
tags argument and tags_all attribute. This functionality requires the s3:ListTagsForResource, s3:TagResource, and s3:UntagResource IAM permissions with S3 Access Points for general purpose buckets and the s3express:ListTagsForResource, s3express:TagResource, and s3express:UntagResource IAM permissions with S3 Access Points for directory buckets (#43630)
- resource/aws_verifiedpermissions_policy_store: Add
deletion_protection argument (#43452)
BUG FIXES:
- resource/aws_bedrockagent_flow: Fix
missing required field, CreateFlowInput.Definition.Nodes[0].Configuration[prompt].SourceConfiguration[resource].PromptArn errors on Create (#43595)
- resource/aws_s3_bucket: Accept
NoSuchTagSetError responses from S3-compatible services (#43589)
- resource/aws_s3_object: Accept
NoSuchTagSetError responses from S3-compatible services (#43589)
- resource/aws_servicequotas_service_quota: Fix error when updating a pending service quota request (#43606)
- resource/aws_ssm_parameter: Fix
Provider produced inconsistent final plan errors when changing from using value to using value_wo (#42877)
- resource/aws_ssm_parameter: Fix
version not being updated when description changes (#42595)
Compare Source
FEATURES:
- New Resource:
aws_connect_phone_number_contact_flow_association (#43557)
- New Resource:
aws_nat_gateway_eip_association (#42591)
ENHANCEMENTS:
- data-source/aws_cloudwatch_event_bus: Add
log_config attribute (#43453)
- data-source/aws_ssm_patch_baseline: Add
available_security_updates_compliance_status argument (#43560)
- feature/aws_bedrock_guardrail: Add
cross_region_config, content_policy_config.tier_config, and topic_policy_config.tier_config arguments (#43517)
- resource/aws_athena_database: Add
workgroup argument (#36628)
- resource/aws_batch_compute_environment: Add
compute_resources.ec2_configuration.image_kubernetes_version argument (#43454)
- resource/aws_cloudwatch_event_bus: Add
log_config argument (#43453)
- resource/aws_cognito_resource_server: Allow
name to be updated in-place (#41702)
- resource/aws_cognito_user_pool: Allow
name to be updated in-place (#42639)
- resource/aws_globalaccelerator_custom_routing_endpoint_group: Add resource identity support (#43539)
- resource/aws_globalaccelerator_custom_routing_listener: Add resource identity support (#43539)
- resource/aws_globalaccelerator_endpoint_group: Add resource identity support (#43539)
- resource/aws_globalaccelerator_listener: Add resource identity support (#43539)
- resource/aws_imagebuilder_container_recipe: Add resource identity support (#43540)
- resource/aws_imagebuilder_distribution_configuration: Add resource identity support (#43540)
- resource/aws_imagebuilder_image: Add resource identity support (#43540)
- resource/aws_imagebuilder_image_pipeline: Add resource identity support (#43540)
- resource/aws_imagebuilder_image_recipe: Add resource identity support (#43540)
- resource/aws_imagebuilder_infrastructure_configuration: Add resource identity support (#43540)
- resource/aws_imagebuilder_workflow: Add resource identity support (#43540)
- resource/aws_inspector_assessment_target: Add resource identity support (#43542)
- resource/aws_inspector_assessment_template: Add resource identity support (#43542)
- resource/aws_inspector_resource_group: Add resource identity support (#43542)
- resource/aws_nat_gateway: Change
secondary_allocation_ids to Optional and Computed (#42591)
- resource/aws_ssm_patch_baseline: Add
available_security_updates_compliance_status argument (#43560)
- resource/aws_ssm_service_setting: Support short format (with
/ssm/ prefix) for setting_id (#43562)
BUG FIXES:
- resource/aws_appsync_api_cache: Fix "missing required field" error during update (#43523)
- resource/aws_cloudwatch_log_delivery_destination: Fix update failure when tags are set (#43576)
- resource/aws_ecs_service: Fix unspecified
test_listener_rule incorrectly being set as empty string in load_balancer.advanced_configuration block (#43558)
Compare Source
NOTES:
- resource/aws_cognito_log_delivery_configuration: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#43396)
- resource/aws_ecs_service: Acceptance tests cannot fully reproduce scenarios with deployments older than 3 months. Community feedback on this fix is appreciated, particularly for long-running ECS services with in-place updates (#43502)
FEATURES:
- New Data Source:
aws_ecr_images (#42577)
- New Resource:
aws_cognito_log_delivery_configuration (#43396)
- New Resource:
aws_networkfirewall_firewall_transit_gateway_attachment_accepter (#43430)
- New Resource:
aws_s3_bucket_metadata_configuration (#41364)
ENHANCEMENTS:
- data-source/aws_dms_endpoint: Add
postgres_settings.authentication_method and postgres_settings.service_access_role_arn attributes (#43440)
- data-source/aws_networkfirewall_firewall: Add
availability_zone_change_protection, availability_zone_mapping, firewall_status.sync_states.attachment.status_message, firewall_status.transit_gateway_attachment_sync_states, transit_gateway_id, and transit_gateway_owner_account_id attributes (#43430)
- resource/aws_alb_listener: Add resource identity support (#43161)
- resource/aws_alb_listener_rule: Add resource identity support (#43155)
- resource/aws_alb_target_group: Add resource identity support (#43171)
- resource/aws_dms_endpoint: Add
oracle_settings configuration block for authentication method (#43125)
- resource/aws_dms_endpoint: Add
postgres_settings.authentication_method and postgres_settings.service_access_role_arn arguments (#43440)
- resource/aws_dms_endpoint: Add plan-time validation of
postgres_settings.database_mode, postgres_settings.map_long_varchar_as, and postgres_settings.plugin_name arguments (#43440)
- resource/aws_dms_replication_instance: Add
dns_name_servers attribute and kerberos_authentication_settings configuration block for Kerberos authentication settings (#43125)
- resource/aws_dx_gateway_association: Add
transit_gateway_attachment_id attribute. This functionality requires the ec2:DescribeTransitGatewayAttachments IAM permission (#43436)
- resource/aws_globalaccelerator_accelerator: Add resource identity support (#43200)
- resource/aws_globalaccelerator_custom_routing_accelerator: Add resource identity support (#43423)
- resource/aws_glue_registry: Add resource identity support (#43450)
- resource/aws_glue_schema: Add resource identity support (#43450)
- resource/aws_iam_openid_connect_provider: Add resource identity support (#43503)
- resource/aws_iam_policy: Add resource identity support (#43503)
- resource/aws_iam_saml_provider: Add resource identity support (#43503)
- resource/aws_iam_service_linked_role: Add resource identity support (#43503)
- resource/aws_inspector2_enabler: Support
CODE_REPOSITORY as a valid value for resource_types (#43525)
- resource/aws_inspector2_organization_configuration: Add
auto_enable.code_repository argument (#43525)
- resource/aws_lb_listener: Add resource identity support (#43161)
- resource/aws_lb_listener_rule: Add resource identity support (#43155)
- resource/aws_lb_target_group: Add resource identity support (#43171)
- resource/aws_lb_trust_store: Add resource identity support (#43186)
- resource/aws_networkfirewall_firewall: Add
availability_zone_change_protection, availability_zone_mapping, and transit_gateway_id arguments and firewall_status.transit_gateway_attachment_sync_states and transit_gateway_owner_account_id attributes ([#43430](https://redirect.githu
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whe
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
Uh oh!
There was an error while loading. Please reload this page.
Note
Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to
mend[bot].This notice will be removed on 2025年10月07日.
This PR contains the following updates:
2.2.0->3.0.0Release Notes
cloudposse/terraform-aws-vpc (cloudposse/vpc/aws)
v3.0.0Compare Source
🤖 Automatic Updates
chore(deps): update terraform aws to v6 (main) @[renovate[bot]](https://redirect.github.com/apps/renovate) (#159)
This PR contains the following updates:>= 4.9.0, < 6.0->< 6.13Release Notes
hashicorp/terraform-provider-aws (aws)
v6.12.0Compare Source
NOTES:
access_control_policy.grant.grantee.display_nameattribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)access_control_policy.owner.display_nameattribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)target_grant.grantee.display_nameattribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)FEATURES:
aws_cognito_managed_login_branding(#43817)ENHANCEMENTS:
ip_address_typeandipv6_addressattributes (#44079)placement_group_idattribute (#38527)source_kms_key_arnattribute (#44080)placement.group_idattribute (#44097)ap-southeast-6as a valid AWS Region (#44127)availability_zone_rebalancingand change the attribute to Optional and Computed. This allow ECS to default toENABLEDfor new resources compatible with AvailabilityZoneRebalancing and maintain an existing service'savailability_zone_rebalancingvalue during update when not configured. If an existing service never had anavailability_zone_rebalancingvalue configured and is updated, ECS will treat this asDISABLED(#43241)ip_address_typeandipv6_addressarguments to support IPv6 connectivity (#44079)user_and_group_quotasargument (#44120)user_and_group_quotasargument (#44118)placement_group_idargument (#38527)source_kms_key_arnargument (#44080)placement.group_idargument (#44097)run_config.ephemeral_storageargument. (#44105)BUG FIXES:
nameandnamespace(#44072)provisioning_parametersandprovisioning_artifact_idto the values from the last successful deployment when update fails (#43956)v6.11.0Compare Source
FEATURES:
aws_timestreaminfluxdb_db_cluster(#42382)aws_workspacesweb_browser_settings_association(#43735)aws_workspacesweb_data_protection_settings_association(#43773)aws_workspacesweb_identity_provider(#43729)aws_workspacesweb_ip_access_settings_association(#43774)aws_workspacesweb_network_settings_association(#43775)aws_workspacesweb_portal(#43444)aws_workspacesweb_session_logger(#43863)aws_workspacesweb_session_logger_association(#43866)aws_workspacesweb_trust_store(#43408)aws_workspacesweb_trust_store_association(#43778)aws_workspacesweb_user_access_logging_settings_association(#43776)aws_workspacesweb_user_settings_association(#43777)ENHANCEMENTS:
endpoint_ip_address_typeandtraffic_ip_address_typeattributes (#44059)attachment.network_card_indexattribute (#42188)verification_statusattribute (#44045)signing_materialandsigning_parametersattributes (#43921)metered_accountattribute (#43967)domain_versionandservice_rolearguments to support V2 domains (#44042)copy_tags,create_interval,exclusions,extend_deletion,policy_language,resource_typeandretain_intervalattributes topolicy_detailsconfiguration block (#41055)default_policyargument (#41055)policy_details.create_rule.scriptsargument (#41055)policy_details.schedule.cross_region_copy_rule.target_regionargument (#33796)policy_details.schedule.cross_region_copy_rule.targetoptional (#33796)policy_details.schedule.archive_ruleargument (#41055)modeargument in support of CloudWatch contributor insights modes (#43914)endpoint_ip_address_typeandtraffic_ip_address_typearguments to support IPv6 connectivity in Client VPN (#44059)client_cidr_blockoptional (#44059)sigint_rollbackargument (#43986)deployment_configurationto Optional and Computed (#43986)remote_network_configto be updated in-place, enabling support for EKS hybrid nodes on existing clusters (#42928)engineto Optional and Computed (#42636)code_repository_project_name,code_repository_provider_type,ecr_image_in_use_count, andecr_image_last_in_use_atinfilter_criteria(#43950)thing_principal_typeargument (#43916)key_specargument (#44011)key_usageto Optional and Computed (#44011)secondary_ips_auto_assigned_per_subnetargument for Network Load Balancers (#43699)worker_replacement_strategyargument (#43946)attachment.network_card_indexargument (#42188)network_card_indexargument (#42188)force_destroyargument (#43922)verification_statusattribute (#44045)signing_parametersargument (#43921)vpc_config.ipv6_allowed_for_dual_stackargument (#43989)metered_accountargument (#43967)BUG FIXES:
partition_keys.parametersattribute (#26702)email_mfa_configurationblock (#43926)database_insights_modewhen using custom KMS key (#44050)DescribeHostedConnections failed for connection dxcon-xxxx doesn't existby pointing to the correct connection ID when doing the describe. (#43499)partition_keys.parametersargument, fixingInvalid address to set: []string{"partition_keys", "0", "parameters"}errors (#26702)block_device_mapping.ebs.iopsfrom10000to100000(#43981)secondary_private_ip_addresses(#43708)network_interface.network_card_indexto Computed (#38336)nameinresponse_inspection.headerblocks forAWSManagedRulesATPRuleSetandAWSManagedRulesACFPRuleSetto avoid persistent plan diffs (#44032)v6.10.0Compare Source
NOTES:
network_interfaceblock has been deprecated. Useprimary_network_interfacefor the primary network interface andaws_network_interface_attachmentresources for other network interfaces. (#43953)network_interfaceblock has been deprecated. Useprimary_network_interfacefor the primary network interface andaws_network_interface_attachmentresources for other network interfaces. (#43953)ENHANCEMENTS:
image_tag_mutability_exclusion_filterattribute (#43886)image_tag_mutability_exclusion_filterattribute (#43886)image_tag_mutability_exclusion_filterconfiguration block (#43886)G.12X,G.16X,R.1X,R.2X,R.4X, andR.8Xas valid values forworker_type(#43988)BUG FIXES:
SPOT_PRICE_CAPACITY_OPTIMIZEDstrategy (#40148)Provider produced inconsistent result after applyerror whenpolicy_detail.exclusion_rules.amis.is_publicis omitted (#43925)primary_network_interfaceto allow importing resources with custom primary network interface. (#43953)database_insights_modewhen using custom KMS key (#43942)primary_network_interfaceto allow importing resources with custom primary network interface. (#43953)v6.9.0Compare Source
FEATURES:
aws_appsync_api(#43787)aws_appsync_channel_namespace(#43787)ENHANCEMENTS:
deletion_protectionattribute (#43779)replica.deletion_protection_enabledargument (#43240)deletion_protectionargument (#43779)BUG FIXES:
reserved_concurrent_executionsattribute when a published version exists. This functionality requires thelambda:GetFunctionConcurrencyIAM permission (#43753)firewall_policy.stateful_engine_options.flow_timeouts(#43852)account_takeover_risk_configuration.notify_configurationoptional (#33624)service_connect_configurationwhen deleted outside of Terraform (#43871)reserved_concurrent_executionsattribute when a published version exists. This functionality requires thelambda:GetFunctionConcurrencyIAM permission (#43753)runtime error: invalid memory address or nil pointer dereferencepanics whenGetTableMaintenanceConfigurationreturns an error (#43764)user_profile_name(#43807)create, to check if new value is less than current value of quota (#43545)InvalidGatewayRequestException: The specified gateway is not connectederrors during Read by using theListGatewaysAPI to return minimal information about a disconnected gateway. This functionality requires thestoragegateway:ListGatewaysIAM permission (#43819)netmask_lengthnot being saved and diffed correctly (#43262)v6.8.0Compare Source
FEATURES:
aws_networkfirewall_vpc_endpoint_association(#43675)aws_quicksight_custom_permissions(#43613)aws_quicksight_role_custom_permission(#43613)aws_quicksight_user_custom_permission(#43613)aws_wafv2_web_acl_rule_group_association(#43561)ENHANCEMENTS:
custom_permissions_nameattribute (#43613)resource_arnargument to enable finding web ACLs by resource ARN (#43597)CLOUDFRONTscopeweb ACLs usingresource_arn(#43597)input_action,output_action,input_enabled, andoutput_enabledattributes tosensitive_information_policy_config.pii_entities_configandsensitive_information_policy_config.regexes_configconfiguration blocks (#43702)AuroraDBClusterStorageas a validresource_type(#43677)serverless_v2_scaling_configurationargument in support of Amazon DocumentDB serverless (#43667)image_tag_mutability_exclusion_filterargument (#43642)IMMUTABLE_WITH_EXCLUSIONandMUTABLE_WITH_EXCLUSIONas valid values forimage_tag_mutability(#43642)force_destroyargument that allows destruction even whendisable_api_terminationanddisable_api_stoparetrue(#43722)iceberg_configuration.append_onlyargument (#43647)iam_arn(#43613)user_nameto Optional and Computed (#43613)IAM_IDENTITY_CENTERas a valid value foridentity_type(#43613)RESTRICTED_AUTHORandRESTRICTED_READERas valid values foruser_role(#43613)max_message_sizefrom 256 KiB to 1024 KiB (#43710)BUG FIXES:
inconsistent final planerror whencompute_resource.launch_template.versionis unknown during an update (#43337)created_atbecomingnullon Update (#43654)PrefixListVersionMismatch: The prefix list has the incorrect version numbererrors when updating entry description (#43661)disable_api_terminationistrue(#43722)maintenance_configurationread failure (#43707)image_nameregular expression validation (#43751)network_typeas ForceNew if the value is not configured. This fixes a problem withterraform apply -refresh=falseafter upgrade fromv5.90.0and below (#43534)regular_expressionargument (#43693)v6.7.0Compare Source
FEATURES:
aws_quicksight_ip_restriction(#43596)aws_quicksight_key_registration(#43587)ENHANCEMENTS:
instance_typeattribute incompute_configurationblock (#43449)volume_initialization_rateattribute (#43565)load_balancerattribute (#43582)tagsattribute. This functionality requires thes3:ListTagsForResourceIAM permission with S3 Access Points for general purpose buckets and thes3express:ListTagsForResourceIAM permission with S3 Access Points for directory buckets (#43630)deletion_protectionattribute (#43452)configuration.identity_center_configurationargument (#38717)analytics_engineargument (#43614)instance_typeargument incompute_configurationblock to support custom instance types (#43449)volume_initialization_rateargument (#43565)tagsargument andtags_allattribute. This functionality requires thes3:ListTagsForResource,s3:TagResource, ands3:UntagResourceIAM permissions with S3 Access Points for general purpose buckets and thes3express:ListTagsForResource,s3express:TagResource, ands3express:UntagResourceIAM permissions with S3 Access Points for directory buckets (#43630)deletion_protectionargument (#43452)BUG FIXES:
missing required field, CreateFlowInput.Definition.Nodes[0].Configuration[prompt].SourceConfiguration[resource].PromptArnerrors on Create (#43595)NoSuchTagSetErrorresponses from S3-compatible services (#43589)NoSuchTagSetErrorresponses from S3-compatible services (#43589)Provider produced inconsistent final planerrors when changing from usingvalueto usingvalue_wo(#42877)versionnot being updated whendescriptionchanges (#42595)v6.6.0Compare Source
FEATURES:
aws_connect_phone_number_contact_flow_association(#43557)aws_nat_gateway_eip_association(#42591)ENHANCEMENTS:
log_configattribute (#43453)available_security_updates_compliance_statusargument (#43560)cross_region_config,content_policy_config.tier_config, andtopic_policy_config.tier_configarguments (#43517)workgroupargument (#36628)compute_resources.ec2_configuration.image_kubernetes_versionargument (#43454)log_configargument (#43453)nameto be updated in-place (#41702)nameto be updated in-place (#42639)secondary_allocation_idsto Optional and Computed (#42591)available_security_updates_compliance_statusargument (#43560)/ssm/prefix) forsetting_id(#43562)BUG FIXES:
test_listener_ruleincorrectly being set as empty string inload_balancer.advanced_configurationblock (#43558)v6.5.0Compare Source
NOTES:
FEATURES:
aws_ecr_images(#42577)aws_cognito_log_delivery_configuration(#43396)aws_networkfirewall_firewall_transit_gateway_attachment_accepter(#43430)aws_s3_bucket_metadata_configuration(#41364)ENHANCEMENTS:
postgres_settings.authentication_methodandpostgres_settings.service_access_role_arnattributes (#43440)availability_zone_change_protection,availability_zone_mapping,firewall_status.sync_states.attachment.status_message,firewall_status.transit_gateway_attachment_sync_states,transit_gateway_id, andtransit_gateway_owner_account_idattributes (#43430)oracle_settingsconfiguration block for authentication method (#43125)postgres_settings.authentication_methodandpostgres_settings.service_access_role_arnarguments (#43440)postgres_settings.database_mode,postgres_settings.map_long_varchar_as, andpostgres_settings.plugin_namearguments (#43440)dns_name_serversattribute andkerberos_authentication_settingsconfiguration block for Kerberos authentication settings (#43125)transit_gateway_attachment_idattribute. This functionality requires theec2:DescribeTransitGatewayAttachmentsIAM permission (#43436)CODE_REPOSITORYas a valid value forresource_types(#43525)auto_enable.code_repositoryargument (#43525)availability_zone_change_protection,availability_zone_mapping, andtransit_gateway_idarguments andfirewall_status.transit_gateway_attachment_sync_statesandtransit_gateway_owner_account_idattributes ([#43430](https://redirect.githuConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whe
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.