NOTES:
blocked_encryption_types argument to manage this behavior for specific buckets. (#45105)FEATURES:
aws_ecr_authorization_token (#44949)Tag Policy Compliance (#45143)aws_billing_view (#45097)aws_vpclattice_domain_verification (#45085)ENHANCEMENTS:
default_action.jwt_validation attribute (#45089)action.jwt_validation attribute (#45089)tags only or by vpc_id only (#39671)tag_policy_compliance provider argument, or the TF_AWS_TAG_POLICY_COMPLIANCE environment variable. When enabled, the principal executing Terraform must have the tags:ListRequiredTags IAM permission. (#45143)encryption_key_arn argument (#45020)input_action, input_enabled, input_modalities, output_action, output_enabled, and output_modalities arguments to the content_policy_config.filters_config block (#45104)storage_configuration.rds_configuration.field_mapping.custom_metadata_field argument (#45075)agent_runtime_artifact.code_configuration block (#45091)agent_runtime_artifact.container_configuration block optional (#45091)global_table_witness argument (#43908)scaling_strategy and utilization_performance_index arguments (#45132)log_configuration.cloudwatch_logs_configuration.log_group_arn (#35941)Functions to action.*.target (#41209)jwt-validation as a valid default_action.type and add default_action.jwt_validation configuration block (#45089)jwt-validation as a valid action.type and add action.jwt_validation configuration block (#45089)SECURITYHUB_POLICY as a valid value for enabled_policy_types argument (#45135)destination.cloudwatch_logs.log_group_arn (#35941)logging_configuration.log_group_arn (#35941)rule.blocked_encryption_types argument (#45105)container.additional_model_data_source and primary_container.additional_model_data_source arguments (#44407)logging_configuration.log_destination (#35941)engine_type attribute (#44899)timestream-influxdb:GetDbParameterGroup IAM permission (#44899)custom_domain_name and domain_verification_id arguments and domain_verification_arn and domain_verification_status attributes to support custom domain names for resource configurations (#45085)tunnel_bandwidth argument to support higher bandwidth tunnels (#45070)BUG FIXES:
storage-config-upgrade and storage-initialization statuses (#41275)ResourceName for option settings and preventing duplicate add/remove operations (#45077)region argument (#45083)AWS resource not found during refresh warnings causing resource replacement when ReadOnly s3express:SessionMode is enforced (#45086)target_type argument to required (#45092)allocated_storage, bucket, organization, username, and password optional to support InfluxDB V3 clusters (#44899)BREAKING CHANGES:
network_configuration.network_mode_config to network_configuration.vpc_config (#44828)FEATURES:
aws_dynamodb_create_backup (#45001)aws_networkflowmonitor_monitor (#44782)aws_networkflowmonitor_scope (#44782)aws_observabilityadmin_centralization_rule_for_organization (#44806)ENHANCEMENTS:
capacity_provider_strategy, created_at, created_by, deployment_configuration, deployment_controller, deployments, enable_ecs_managed_tags, enable_execute_command, events, health_check_grace_period_seconds, iam_role, network_configuration, ordered_placement_strategy, pending_count, placement_constraints, platform_family, platform_version, propagate_tags, running_count, service_connect_configuration, service_registries, status, and task_sets attributes (#44842)target_configuration.mcp.mcp_server block (#44991)credential_provider_configuration block optional (#44991)delivery_destination_type and delivery_destination_configuration optional to support AWS X-Ray as a destination (#44995)LINEAR and CANARY deployment strategies with deployment_configuration.linear_configuration and deployment_configuration.canary_configuration blocks (#44842)java25 runtime value (#45024)nodejs24.x runtime value (#45024)python3.14 runtime value (#45024)java25 compatible_runtimes value (#45024)nodejs24.x compatible_runtimes value (#45024)python3.14 compatible_runtimes value (#45024)execution_role_arn argument and make model_name optional in production_variants and shadow_production_variants blocks to support Inference Components (#44977)AuthorizationError ... is not authorized to perform: iam:PassRole on resource ... IAM eventual consistency errors on Create and Update (#45018)BUG FIXES:
region argument (#45023)region argument (#45064)ValidationException: Value null at 'jobTemplateData.configurationOverrides.monitoringConfiguration.cloudWatchMonitoringConfiguration.logGroupName' failed to satisfy constraint: Member must not be null error (#45029)setting job_template_data: job_template_data.0.configuration_overrides.0.application_configuration.0: '' expected a map, got 'slice' error (#45029)job_template_data.job_driver.configuration_overrides.monitoring_configuration.persistent_app_ui argument as computed (#45029)Provider returned invalid result object after apply error occurred when updating the resource (#45030)domain_name to domain_name and account separated by a comma (#44982)endpoint_config_name was not correctly updated, causing the endpoint to retain the old configuration (#42843)redacted_fields.single_header.name (#44987)FEATURES:
aws_ec2_allowed_images_settings (#44800)aws_fis_target_account_configuration (#44875)aws_invoicing_invoice_unit (#44892)ENHANCEMENTS:
media_concurrencies.cross_channel_behavior attribute (#44934)node_group_configuration attribute to expose node group details including availability zones, replica counts, and slot ranges (#44879)max_record_size_in_kib attribute (#44915)identity_center_options attribute (#44626)us-isob-west-1 as a valid AWS Region (#44944)logging_v1_enabled attribute (#44838)media_concurrencies.cross_channel_behavior argument (#44934)destination_cidr_block (#44926)ip_address_type argument (#44616)max_parallel_nodes_repaired_count, max_parallel_nodes_repaired_percentage, max_unhealthy_node_threshold_count, max_unhealthy_node_threshold_percentage, and node_repair_config_overrides to the node_repair_config schema (#44894)node_group_configuration block to support availability zone specification and snapshot restoration for cluster mode enabled replication groups (#44879)timeout is unconfigured for Ray jobs (#35012)max_record_size_in_kib argument to support for Kinesis 10MiB payloads. This functionality requires the kinesis:UpdateMaxRecordSize IAM permission (#44915)identity_center_options configuration block (#44626)TransferSecurityPolicy-AS2Restricted-2025-07 security_policy_name value (#44865)TransferSecurityPolicy-AS2Restricted-2025-07 as a valid value for security_policy_name (#44652)BUG FIXES:
Source type "...cloudfront.stagingDistributionDNSNamesModel" does not implement attr.Value error. This fixes a regression introduced in v6.17.0 (#44972)logging_config.bucket argument from Required to Optional (#44838)logging_config.include_cookies argument while keeping V1 logging disabled (#44838)Source type "...cloudfront.originSSLProtocolsModel" does not implement attr.Value and missing required field, CreateVpcOriginInput.VpcOriginEndpointConfig errors. This fixes a regression introduced in v6.17.0 (#44861)0) value for timeout for Apache Spark streaming ETL jobs. This allows the job to be configured with no timeout (#44920)catalog_id, database.catalog_id, table.catalog_id, and table_with_columns.catalog_id arguments (#44890)"") value for block_device_mappings.ebs.kms_key_id. This fixes a regression introduced in v6.16.0 (#44708)FEATURES:
aws_ecrpublic_images (#44795)aws_lakeformation_identity_center_configuration (#44867)ENHANCEMENTS:
log_type is Tail (#44843)ami_tags attribute (#44731)regex_values attribute to condition.host_header, condition.http_header and condition.path_pattern blocks (#44741)transform attribute (#44702)authorizer_configuration and authorizer_type config (#44826)monitoring_configuration argument (#43317)runtime_configuration argument (#43302)arn attribute. (#44867)ami_tags argument (#44731)regex_values argument to condition.host_header, condition.http_header and condition.path_pattern blocks (#44741)transform configuration block (#44702)values argument in condition.host_header, condition.http_header and condition.path_pattern is now optional (#44741)physical_table_map.relational_table.name from 64 to 256 characters (#44807)notebook-al2023-v1 to valid platform_identifier values (#44570)account_id and region from Resource Identity schema (#44846)account_id and region from Resource Identity schema (#44846)account_id and region from Resource Identity schema (#44846)account_id and region from Resource Identity schema (#44846)BUG FIXES:
principal. (#44867)authorizer_configuration block from Required to Optional (#44812)authorizer_type argument as ForceNew (#44812)principal. (#44867)NOTES:
accounts.status and non_master_accounts.status attributes are deprecated. Use the accounts.state and non_master_accounts.state attributes instead. (#44327)accounts.status attribute is deprecated. Use accounts.state instead. (#44327)accounts.status attribute is deprecated. Use accounts.state instead. (#44327)status attribute is deprecated. Use state instead. (#44327)accounts.status and non_master_accounts.status attributes are deprecated. Use the accounts.state and non_master_accounts.state attributes instead. (#44327)FEATURES:
aws_bedrockagentcore_memory (#44306)aws_bedrockagentcore_memory_strategy (#44306)aws_bedrockagentcore_oauth2_credential_provider (#44307)aws_bedrockagentcore_token_vault_cmk (#44606)aws_bedrockagentcore_workload_identity (#44308)ENHANCEMENTS:
path_prefix attribute (#44703)state, joined_method, and joined_timestamp attributes to the accounts and non_master_accounts blocks (#44327)state, joined_method, and joined_timestamp attributes to the accounts block (#44327)state, joined_method, and joined_timestamp attributes to the accounts block (#44327)certificate_based_auth_properties argument (#44679)path attribute (#44703)delete_associated_resources attribute to enable practitioner to delete associated oci resource. (#44754)state attribute (#44327)state, joined_method, and joined_timestamp attributes to the accounts and non_master_accounts blocks (#44327)BUG FIXES:
tags attribute (#44761)additional_configuration block to ignore ordering (#44627)NOTES:
FEATURES:
aws_rds_global_cluster (#37286)aws_vpn_connection (#44622)aws_bedrockagentcore_agent_runtime (#44301)aws_bedrockagentcore_agent_runtime_endpoint (#44301)aws_bedrockagentcore_api_key_credential_provider (#44302)aws_bedrockagentcore_browser (#44303)aws_bedrockagentcore_code_interpreter (#44304)aws_bedrockagentcore_gateway (#44305)aws_bedrockagentcore_gateway_target (#44305)ENHANCEMENTS:
throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#44604)throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#44604)throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#44604)admin_pro_group, author_pro_group, and reader_pro_group arguments (#44638)BUG FIXES:
inconsistent final plan errors (#44542)source_code_hash, s3_bucket, s3_key, s3_object_version and filename) to their previous values when an update operation fails (#42829)FEATURES:
aws_transcribe_start_transcription_job (#44445)aws_odb_cloud_autonomous_vm_clusters (#44336)aws_odb_cloud_exadata_infrastructures (#44336)aws_odb_cloud_vm_clusters (#44336)aws_odb_network_peering_connections (#44336)aws_odb_networks (#44336)aws_prometheus_resource_policy (#44256)aws_transfer_host_key (#44559)aws_transfer_web_app (#42708)aws_transfer_web_app_customization (#42708)ENHANCEMENTS:
auto_retry_limit argument (#40035)scheduler_configuration block (#44589)schema_registry_config configuration blocks to amazon_managed_kafka_event_source_config and self_managed_kafka_event_source_config blocks (#44540)ipv4_addresses_per_eni argument (#44560)BUG FIXES:
Missing Resource Identity After Update errors for non-refreshed and failed updates of Plugin Framework based resources (#44518)Unexpected Identity Change errors when fully-null identity values in state are updated to valid values for Plugin Framework based resources (#44518)glossary_terms. (#44491)unknown value error when optional account_identifier is not specified. (#44491)unknown value error when optional account_region is not specified. (#44491)unexpected state error when deleting. (#44491)blueprint_identifier on creation. (#44491)user_parameters when importing. (#44491)user_parameters should not be updateable. (#44491)LimitExceededException (#44576)maximum_message_rate_per_second validation maximum to 100 (#44572)kms_key_id validation now accepts key ID, alias, and alias ARN in addition to key ARN (#44505)ThrottlingException errors (#24730)BREAKING CHANGES:
capacity_provider_strategy to avoid ECS service recreation after recent AWS changes (#43533)FEATURES:
aws_codebuild_start_build (#44444)aws_events_put_events (#44487)aws_sfn_start_execution (#44464)aws_appconfig_application (#44168)aws_odb_db_node (#43792)aws_odb_db_nodes (#43792)aws_odb_db_server (#43792)aws_odb_db_servers (#43792)aws_odb_db_system_shapes (#43825)aws_odb_gi_versions (#43825)aws_lakeformation_lf_tag_expression (#43883)ENHANCEMENTS:
mysql_settings attribute (#44516)location attribute (#44328)default_auth_scheme attribute (#44309)ip_address_type argument to origin.custom_origin_config block (#44463)mysql_settings configuration block (#44516)force_destroy. (#44406)throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#44514)cluster and managed_instances_provider arguments (#44509)auto_scaling_group_provider optional (#44509)credential_age_days, service_credential_alias, service_credential_secret, create_date, and expiration_date attributes (#44299)enable_monitoring_dashboard argument (#44515)aiml_options argument (#44417)two_way_channel_arn argument to accept connect.[region].amazonaws.com in addition to ARNs (#44372)default_auth_scheme argument (#44309)auth configuration block optional (#44309)network_type argument (#44377)arn argument (#44408)BUG FIXES:
Invalid address to set: []string{"secondary_ips_auto_assigned_per_subnet"} errors (#44485)firewall_policy.stateful_rule_group_reference attributes (#44482)quota_name was provided (#44449)AttributeName("arn") still remains in the path: could not find attribute or block "arn" in schema errors when upgrading from a pre-v6.0.0 provider version (#44434)configuration_name is modified (#43996)LimitExceededException (#44489)LimitExceededException (#44522)ipv6_cidr_block when the VPC has multiple associated IPv6 CIDRs (#44362)postgres_settings are updated (#44389)deletion_protection_enabled not set. (#44406)compute_config, kubernetes_network_config.elastic_load_balancing, and storage_config. to Optional and Computed, allowing EKS Auto Mode settings to be enabled, disabled, and removed from configuration (#44334)inconsistent final plan error in some cases with setting elements. (#44461)inconsistent final plan error in some cases with setting elements. (#44461)provider produced unexpected value for cache_usage_limits argument. (#43841)metadata_configuration first to allow simultaneous increase of metadata_configuration.iops and storage_capacity (#44456)interface conversion: interface {} is nil, not map[string]interface {} panics when capacity_reservation_target is empty (#44459)application_configuration.run_configuration values are respected during update (#43490)database_insights_mode with global_cluster_identifier. (#44404)child_health_threshold to properly accept explicitly specified zero value (#44006)noncurrent_version_expiration.newer_noncurrent_versions and noncurrent_version_transition.newer_noncurrent_versions. (#44442)ipv6_cidr_block when the VPC has multiple associated IPv6 CIDRs (#44362)NOTES:
BUG FIXES:
FEATURES:
aws_billing_views (#44272)aws_odb_cloud_autonomous_vm_cluster (#43809)aws_odb_cloud_exadata_infrastructure (#43650)aws_odb_cloud_vm_cluster (#43790)aws_odb_network (#43715)aws_odb_network_peering_connection (#43757)aws_controltower_baseline (#42397)aws_odb_cloud_autonomous_vm_cluster (#43809)aws_odb_cloud_exadata_infrastructure (#43650)aws_odb_cloud_vm_cluster (#43790)aws_odb_network (#43715)aws_odb_network_peering_connection (#43757)ENHANCEMENTS:
deployment_configuration.lifecycle_hook.hook_details argument (#44289)source_db_cluster_identifier and engine arguments (#44252)action_after_completion argument (#44264)BUG FIXES:
InvalidParameterValue: User xxx is not a member of user group xxx errors during group modification (#43520)async_inference_config.output_config.notification_config block is specified (#44310)ENHANCEMENTS:
billing_view_arn attribute (#44241)warm_throughput and global_secondary_index.warm_throughput attributes (#41308)ap-southeast-5, ap-southeast-7, eu-south-2, and me-central-1 AWS Regions (#44132)ap-southeast-6 AWS Region (#44132)ap-southeast-6 AWS Region (#44132)ap-southeast-6 AWS Region (#44132)predictive_scaling_policy_configuration argument (#44211)policy_type (#44211)step_scaling_policy_configuration.adjustment_type and step_scaling_policy_configuration.metric_aggregation_type (#44211)input_action, output_action, input_enabled, and output_enabled arguments to word_policy_config.managed_word_lists_config and word_policy_config.words_config configuration blocks (#44224)billing_view_arn argument (#44241)origin.response_completion_timeout argument (#44163)pull_request_build_policy configuration block (#44201)warm_throughput and global_secondary_index.warm_throughput arguments (#41308)dualStackIPv6 as a valid value for name (#44165)iceberg_configuration.run_rate_in_hours argument to retention_configuration and orphan_file_deletion_configuration blocks (#44207)address_definition arguments in source and destination blocks within rule_group.rules_source.stateless_rules_and_custom_actions.stateless_rule.rule_definition.match_attributes (#44215)options.dns_support and options.security_group_referencing_support arguments (#43742)options to Optional and Computed (#43742)engine_version argument (#44155)schedule.retry_config configuration block (#44244)BUG FIXES:
interface conversion: interface {} is nil, not map[string]interface {} panics when step_scaling_policy_configuration is empty (#44211)reading Cognito Managed Login Branding by client ... couldn't find resource errors when a user pool contains multiple client apps (#44204)compute_config.node_role_arn when disabling auto mode or built-in node pools (#42483)Error decoding ... from prior state: unsupported attribute "log_group_name" errors when upgrading from a pre-v6.0.0 provider version (#44191)Error decoding ... from prior state: unsupported attribute "elastic_gpu_specifications" errors when upgrading from a pre-v6.0.0 provider version (#44195)feature_name optional (#44143)MethodNotAllowed errors when deleting non-existent lifecycle configurations (#44189)warning when remote policy is invalid (#44228)timeouts.read arguments removed in v6.12.0 (#44238)NOTES:
access_control_policy.grant.grantee.display_name attribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)access_control_policy.owner.display_name attribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)target_grant.grantee.display_name attribute is deprecated. AWS has ended support for this attribute. API responses began inconsistently returning it on July 15, 2025, and will stop returning it entirely on November 21, 2025. This attribute will be removed in a future major version. (#44090)FEATURES:
aws_cognito_managed_login_branding (#43817)ENHANCEMENTS:
ip_address_type and ipv6_address attributes (#44079)placement_group_id attribute (#38527)source_kms_key_arn attribute (#44080)placement.group_id attribute (#44097)ap-southeast-6 as a valid AWS Region (#44127)availability_zone_rebalancing and change the attribute to Optional and Computed. This allow ECS to default to ENABLED for new resources compatible with AvailabilityZoneRebalancing and maintain an existing service's availability_zone_rebalancing value during update when not configured. If an existing service never had an availability_zone_rebalancing value configured and is updated, ECS will treat this as DISABLED (#43241)ip_address_type and ipv6_address arguments to support IPv6 connectivity (#44079)user_and_group_quotas argument (#44120)user_and_group_quotas argument (#44118)placement_group_id argument (#38527)source_kms_key_arn argument (#44080)placement.group_id argument (#44097)run_config.ephemeral_storage argument. (#44105)BUG FIXES:
name and namespace (#44072)provisioning_parameters and provisioning_artifact_id to the values from the last successful deployment when update fails (#43956)FEATURES:
aws_timestreaminfluxdb_db_cluster (#42382)aws_workspacesweb_browser_settings_association (#43735)aws_workspacesweb_data_protection_settings_association (#43773)aws_workspacesweb_identity_provider (#43729)aws_workspacesweb_ip_access_settings_association (#43774)aws_workspacesweb_network_settings_association (#43775)aws_workspacesweb_portal (#43444)aws_workspacesweb_session_logger (#43863)aws_workspacesweb_session_logger_association (#43866)aws_workspacesweb_trust_store (#43408)aws_workspacesweb_trust_store_association (#43778)aws_workspacesweb_user_access_logging_settings_association (#43776)aws_workspacesweb_user_settings_association (#43777)ENHANCEMENTS:
endpoint_ip_address_type and traffic_ip_address_type attributes (#44059)attachment.network_card_index attribute (#42188)verification_status attribute (#44045)signing_material and signing_parameters attributes (#43921)metered_account attribute (#43967)domain_version and service_role arguments to support V2 domains (#44042)copy_tags, create_interval, exclusions, extend_deletion, policy_language, resource_type and retain_interval attributes to policy_details configuration block (#41055)default_policy argument (#41055)policy_details.create_rule.scripts argument (#41055)policy_details.schedule.cross_region_copy_rule.target_region argument (#33796)policy_details.schedule.cross_region_copy_rule.target optional (#33796)policy_details.schedule.archive_rule argument (#41055)mode argument in support of CloudWatch contributor insights modes (#43914)endpoint_ip_address_type and traffic_ip_address_type arguments to support IPv6 connectivity in Client VPN (#44059)client_cidr_block optional (#44059)sigint_rollback argument (#43986)deployment_configuration to Optional and Computed (#43986)remote_network_config to be updated in-place, enabling support for EKS hybrid nodes on existing clusters (#42928)engine to Optional and Computed (#42636)code_repository_project_name, code_repository_provider_type, ecr_image_in_use_count, and ecr_image_last_in_use_at in filter_criteria (#43950)thing_principal_type argument (#43916)key_spec argument (#44011)key_usage to Optional and Computed (#44011)secondary_ips_auto_assigned_per_subnet argument for Network Load Balancers (#43699)worker_replacement_strategy argument (#43946)attachment.network_card_index argument (#42188)network_card_index argument (#42188)force_destroy argument (#43922)verification_status attribute (#44045)signing_parameters argument (#43921)vpc_config.ipv6_allowed_for_dual_stack argument (#43989)metered_account argument (#43967)BUG FIXES:
partition_keys.parameters attribute (#26702)email_mfa_configuration block (#43926)database_insights_mode when using custom KMS key (#44050)DescribeHostedConnections failed for connection dxcon-xxxx doesn't exist by pointing to the correct connection ID when doing the describe. (#43499)partition_keys.parameters argument, fixing Invalid address to set: []string{"partition_keys", "0", "parameters"} errors (#26702)block_device_mapping.ebs.iops from 10000 to 100000 (#43981)secondary_private_ip_addresses (#43708)network_interface.network_card_index to Computed (#38336)name in response_inspection.header blocks for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet to avoid persistent plan diffs (#44032)NOTES:
network_interface block has been deprecated. Use primary_network_interface for the primary network interface and aws_network_interface_attachment resources for other network interfaces. (#43953)network_interface block has been deprecated. Use primary_network_interface for the primary network interface and aws_network_interface_attachment resources for other network interfaces. (#43953)ENHANCEMENTS:
image_tag_mutability_exclusion_filter attribute (#43886)image_tag_mutability_exclusion_filter attribute (#43886)image_tag_mutability_exclusion_filter configuration block (#43886)G.12X, G.16X, R.1X, R.2X, R.4X, and R.8X as valid values for worker_type (#43988)BUG FIXES:
SPOT_PRICE_CAPACITY_OPTIMIZED strategy (#40148)Provider produced inconsistent result after apply error when policy_detail.exclusion_rules.amis.is_public is omitted (#43925)primary_network_interface to allow importing resources with custom primary network interface. (#43953)database_insights_mode when using custom KMS key (#43942)primary_network_interface to allow importing resources with custom primary network interface. (#43953)FEATURES:
ENHANCEMENTS:
deletion_protection attribute (#43779)replica.deletion_protection_enabled argument (#43240)deletion_protection argument (#43779)BUG FIXES:
reserved_concurrent_executions attribute when a published version exists. This functionality requires the lambda:GetFunctionConcurrency IAM permission (#43753)firewall_policy.stateful_engine_options.flow_timeouts (#43852)account_takeover_risk_configuration.notify_configuration optional (#33624)service_connect_configuration when deleted outside of Terraform (#43871)reserved_concurrent_executions attribute when a published version exists. This functionality requires the lambda:GetFunctionConcurrency IAM permission (#43753)runtime error: invalid memory address or nil pointer dereference panics when GetTableMaintenanceConfiguration returns an error (#43764)user_profile_name (#43807)create, to check if new value is less than current value of quota (#43545)InvalidGatewayRequestException: The specified gateway is not connected errors during Read by using the ListGateways API to return minimal information about a disconnected gateway. This functionality requires the storagegateway:ListGateways IAM permission (#43819)netmask_length not being saved and diffed correctly (#43262)FEATURES:
aws_networkfirewall_vpc_endpoint_association (#43675)aws_quicksight_custom_permissions (#43613)aws_quicksight_role_custom_permission (#43613)aws_quicksight_user_custom_permission (#43613)aws_wafv2_web_acl_rule_group_association (#43561)ENHANCEMENTS:
custom_permissions_name attribute (#43613)resource_arn argument to enable finding web ACLs by resource ARN (#43597)CLOUDFRONT scope web ACLs using resource_arn (#43597)input_action, output_action, input_enabled, and output_enabled attributes to sensitive_information_policy_config.pii_entities_config and sensitive_information_policy_config.regexes_config configuration blocks (#43702)AuroraDBClusterStorage as a valid resource_type (#43677)serverless_v2_scaling_configuration argument in support of Amazon DocumentDB serverless (#43667)image_tag_mutability_exclusion_filter argument (#43642)IMMUTABLE_WITH_EXCLUSION and MUTABLE_WITH_EXCLUSION as valid values for image_tag_mutability (#43642)force_destroy argument that allows destruction even when disable_api_termination and disable_api_stop are true (#43722)iceberg_configuration.append_only argument (#43647)iam_arn (#43613)user_name to Optional and Computed (#43613)IAM_IDENTITY_CENTER as a valid value for identity_type (#43613)RESTRICTED_AUTHOR and RESTRICTED_READER as valid values for user_role (#43613)max_message_size from 256 KiB to 1024 KiB (#43710)BUG FIXES:
inconsistent final plan error when compute_resource.launch_template.version is unknown during an update (#43337)created_at becoming null on Update (#43654)PrefixListVersionMismatch: The prefix list has the incorrect version number errors when updating entry description (#43661)disable_api_termination is true (#43722)maintenance_configuration read failure (#43707)image_name regular expression validation (#43751)network_type as ForceNew if the value is not configured. This fixes a problem with terraform apply -refresh=false after upgrade from v5.90.0 and below (#43534)regular_expression argument (#43693)FEATURES:
aws_quicksight_ip_restriction (#43596)aws_quicksight_key_registration (#43587)ENHANCEMENTS:
instance_type attribute in compute_configuration block (#43449)volume_initialization_rate attribute (#43565)load_balancer attribute (#43582)tags attribute. This functionality requires the s3:ListTagsForResource IAM permission (#43630)deletion_protection attribute (#43452)configuration.identity_center_configuration argument (#38717)analytics_engine argument (#43614)instance_type argument in compute_configuration block to support custom instance types (#43449)volume_initialization_rate argument (#43565)tags argument and tags_all attribute. This functionality requires the s3:ListTagsForResource, s3:TagResource, and s3:UntagResource IAM permissions (#43630)deletion_protection argument (#43452)BUG FIXES:
missing required field, CreateFlowInput.Definition.Nodes[0].Configuration[prompt].SourceConfiguration[resource].PromptArn errors on Create (#43595)NoSuchTagSetError responses from S3-compatible services (#43589)NoSuchTagSetError responses from S3-compatible services (#43589)Provider produced inconsistent final plan errors when changing from using value to using value_wo (#42877)version not being updated when description changes (#42595)FEATURES:
aws_connect_phone_number_contact_flow_association (#43557)aws_nat_gateway_eip_association (#42591)ENHANCEMENTS:
log_config attribute (#43453)available_security_updates_compliance_status argument (#43560)cross_region_config, content_policy_config.tier_config, and topic_policy_config.tier_config arguments (#43517)workgroup argument (#36628)compute_resources.ec2_configuration.image_kubernetes_version argument (#43454)log_config argument (#43453)name to be updated in-place (#41702)name to be updated in-place (#42639)secondary_allocation_ids to Optional and Computed (#42591)available_security_updates_compliance_status argument (#43560)/ssm/ prefix) for setting_id (#43562)BUG FIXES:
test_listener_rule incorrectly being set as empty string in load_balancer.advanced_configuration block (#43558)NOTES:
FEATURES:
aws_ecr_images (#42577)aws_cognito_log_delivery_configuration (#43396)aws_networkfirewall_firewall_transit_gateway_attachment_accepter (#43430)aws_s3_bucket_metadata_configuration (#41364)ENHANCEMENTS:
postgres_settings.authentication_method and postgres_settings.service_access_role_arn attributes (#43440)availability_zone_change_protection, availability_zone_mapping, firewall_status.sync_states.attachment.status_message, firewall_status.transit_gateway_attachment_sync_states, transit_gateway_id, and transit_gateway_owner_account_id attributes (#43430)oracle_settings configuration block for authentication method (#43125)postgres_settings.authentication_method and postgres_settings.service_access_role_arn arguments (#43440)postgres_settings.database_mode, postgres_settings.map_long_varchar_as, and postgres_settings.plugin_name arguments (#43440)dns_name_servers attribute and kerberos_authentication_settings configuration block for Kerberos authentication settings (#43125)transit_gateway_attachment_id attribute. This functionality requires the ec2:DescribeTransitGatewayAttachments IAM permission (#43436)CODE_REPOSITORY as a valid value for resource_types (#43525)auto_enable.code_repository argument (#43525)availability_zone_change_protection, availability_zone_mapping, and transit_gateway_id arguments and firewall_status.transit_gateway_attachment_sync_states and transit_gateway_owner_account_id attributes (#43430)subnet_mapping and vpc_id as Optional (#43430)aws_account_id argument. (#43501)rules_json argument (#43397)statement.rate_based_statement.custom_key.asn argument (#43506)BUG FIXES:
forces replacement on region for numerous resource types when upgrading from a pre-v6.0.0 provider version and -refresh=false is in effect (#43516)path when path_part is updated (#43215)definition.connection and definition.node list length limits (#43471)ipv6_addresses when ipv6_address_count is updated (#43158)FEATURES:
aws_s3_access_point (#43391)aws_bedrockagent_flow (#42201)aws_fsx_s3_access_point_attachment (#43391)ENHANCEMENTS:
type argument (#43150)hybrid_access_enabled, with_federation and with_privileged_access attributes (#43377)options.export argument to issue an exportable certificate (#43207)apply_on_transformed_logs argument (#43381)agent_arns optional (#43400)deployment_configuration argument (#43434)load_balancer.advanced_configuration argument (#43434)service.client_alias.test_traffic_rules argument (#43434)deployment_controller.type changes no longer force a replacement (#43434)with_privileged_access argument (#43377)skip_destroy argument (#43415)BUG FIXES:
parent_action_group_signature on Read (#43355)Inappropriate value for attribute "regional_parameters" errors during planning. This fixes a regression introduced in v6.0.0 (#43382)transit_gateway_attachment_id as ForceNew if the value is known not to change (#43405)waiting for Lambda Function (...) version publish: unexpected state '', wanted target 'Successful' errors on Update. This fixes a regression introduced in v6.2.0 (#43416)sub_slot_setting.slot_specification.value_elicitation_setting.prompt_specification.prompt_attempts_specification and value_elicitation_setting.prompt_specification.prompt_attempts_specification have default values (#43358)meta_store_role_arn to be updated in-place (#36874)