FEATURES:
aws_prometheus_query_logging_configuration (#43222)ENHANCEMENTS:
anycast_ip_list_id attribute (#43196)core_network_configuration.dns_support and core_network_configuration.security_group_referencing_support arguments (#43277)anycast_ip_list_id argument (#43196)replica.consistency_mode argument in support of multi-Region strong consistency for Amazon DynamoDB global tables (#43236)BUG FIXES:
runtime error: invalid memory address or nil pointer dereference panics for numerous resource types when modifying tags (#43324)operation can't be performed on Agent when it is in Preparing state. errors during agent action group base creation, update, and deletion. (#43232)operation can't be performed on Agent when it is in Preparing state. errors during agent knowledge base creation and disassociation (#43232)managed_login_version for custom Cognito domains (#43252)InvalidDBInstanceState errors on delete (#43303)interface conversion: interface {} is nil, not map[string]interface {} panics when configuration blocks are empty (#43308)InvalidDBClusterStateFault errors on delete (#43303)availability_zone_relocation_enabled (#43270)resource_properties to Computed to enable vpc_endpoint associations (#42562)arn when refreshing state. (#43273)NOTES:
id attribute has changed from key to bucket/key. All configurations using id should be updated to use the key attribute instead (#43119)id attribute has changed from key to bucket/key. All configurations using id should be updated to use the key attribute instead (#43119)ENHANCEMENTS:
tags attribute. This functionality requires the kinesis:ListTagsForResource IAM permission (#43173)firewall_policy.stateful_rule_group_reference.deep_threat_inspection attribute (#43137)configuration.internal_access argument (#43138)job_config argument (#43136)enable_skew_protection argument (#43218)errorCode, eventType, sessionCredentialFromConsole, and vpcEndpointId as valid values for advanced_event_selector.field_selector.field (#43091)errorCode, eventType, sessionCredentialFromConsole, and vpcEndpointId as valid values for advanced_event_selector.field_selector.field (#43091)kms_key_identifier argument (#43139)DELIVERY as a valid value for log_group_class (#42658)environment.docker_server configuration block (#42982)disable_session_tags and target_role_arn arguments and external_id attribute (#42979)os_release_label argument (#43018)resource_tag_logical_operator argument (#43031)job_mode argument (#42607)tags argument and tags_all attribute. This functionality requires the kinesis:ListTagsForResource, kinesis:TagResource, and kinesis:UntagResource IAM permissions (#43173)HMAC_224, HMAC_384, HMAC_512, ML_DSA_44, ML_DSA_65, and ML_DSA_87 as valid values for customer_master_key_spec (#43128)-1 is now a valid value for port_info.from_port and port_info.to_port (#37703)firewall_policy.stateful_rule_group_reference.deep_threat_inspection argument (#43137)exclude_resource_tags argument (#43189)tags argument and tags_all attribute. This functionality requires the s3express:ListTagsForResource, s3express:TagResource, and s3express:UntagResource IAM permissions (#43256)metadata argument (#43112)aws_managed_rules_anti_ddos_rule_set to managed_rule_group_configs configuration block in support of L7 DDoS protection (#43149)BUG FIXES:
Unexpected Identity Change errors for numerous resource types when refreshing resources created or refreshed by Terraform AWS Provider v6.0.0 (#43221)Exceeded the number of retries on OptLock failure. Too many concurrent requests. errors during update (#43179)Prepare operation can't be performed on Agent when it is in Preparing state. errors during prepare (#43179)Update operation can't be performed on Agent when it is in Preparing state. errors during update (#43179)operation can't be performed on Agent when it is in Preparing state. errors during agent collaborator update and disassociation (#43179)log_group_names (#43183)"") value for s3_prefix. This fixes a regression introduced in v6.0.0 (#43159)log_publishing_options removed on Update. This prevents a perpetual diff (#43033)ValidationException: The Resource Access Policy specified for the CloudWatch Logs log group ... does not grant sufficient permissions for Amazon Elasticsearch Service to create a log stream IAM eventual consistency errors on Create (#43033)logging_config diffs when log_format is set to JSON and publish = true (#42660)confirmation_setting.prompt_specification.prompt_attempts_specification defaults (#43147)log_publishing_options removed on Update. This prevents a perpetual diff (#43033)ValidationException: The Resource Access Policy specified for the CloudWatch Logs log group ... does not grant sufficient permissions for Amazon Elasticsearch Service to create a log stream IAM eventual consistency errors on Create (#43033)WHOLE is now a valid value for definition.sheets.visuals.pie_chart_visual.chart_configuration.donut_options.arc_options.arc_thickness (#37116)WHOLE is now a valid value for definition.sheets.visuals.pie_chart_visual.chart_configuration.donut_options.arc_options.arc_thickness (#37116)WHOLE is now a valid value for definition.sheets.visuals.pie_chart_visual.chart_configuration.donut_options.arc_options.arc_thickness (#37116)email (#43014)Value Conversion Error errors when upgrading existing resources to Terraform AWS Provider v6.0.0 (#43116)BREAKING CHANGES:
most_recent is true and owner and image ID filter criteria has been increased to an error. Existing configurations which were previously receiving a warning diagnostic will now fail to apply. To prevent this error, set the owner argument or include a filter block with an image-id or owner-id name/value pair. To continue using unsafe filter values with most_recent set to true, set the new allow_unsafe_filter argument to true. This is not recommended. (#42114)inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)inference_accelerator_overrides attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)action.authenticate_cognito, action.authenticate_oidc, action.fixed_response, action.forward, action.forward.stickiness, action.redirect, condition.host_header, condition.http_header, condition.http_request_method, condition.path_pattern, condition.query_string, and condition.source_ip attributes are now list nested blocks instead of single nested blocks (#42283)filter has been removed (#42325)elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)elastic_gpu_specifications has been removed (#42312)kibana_endpoint has been removed (#42268)saml_options is now a list nested block instead of a single nested block (#42270)tags_all attribute (#42136)aws_opsworks_application resource has been removed (#41948)aws_opsworks_custom_layer resource has been removed (#41948)aws_opsworks_ecs_cluster_layer resource has been removed (#41948)aws_opsworks_ganglia_layer resource has been removed (#41948)aws_opsworks_haproxy_layer resource has been removed (#41948)aws_opsworks_instance resource has been removed (#41948)aws_opsworks_java_app_layer resource has been removed (#41948)aws_opsworks_memcached_layer resource has been removed (#41948)aws_opsworks_mysql_layer resource has been removed (#41948)aws_opsworks_nodejs_app_layer resource has been removed (#41948)aws_opsworks_permission resource has been removed (#41948)aws_opsworks_php_app_layer resource has been removed (#41948)aws_opsworks_rails_app_layer resource has been removed (#41948)aws_opsworks_rds_db_instance resource has been removed (#41948)aws_opsworks_stack resource has been removed (#41948)aws_opsworks_static_web_layer resource has been removed (#41948)aws_opsworks_user_profile resource has been removed (#41948)aws_simpledb_domain resource has been removed. Add a constraint to v5 of the Terraform AWS Provider for continued use of this resource (#41775)aws_worklink_fleet resource has been removed (#42059)aws_worklink_website_certificate_authority_association resource has been removed (#42059)aws_redshift_service_account resource has been removed. AWS recommends that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#41941)endpoints.iotanalytics and endpoints.iotevents configuration arguments have been removed (#42703)endpoints.opsworks configuration argument has been removed (#41948)endpoints.simpledb and endpoints.sdb configuration arguments have been removed (#41775)endpoints.worklink configuration argument has been removed (#42059)filter.exists now only accepts one of "" (empty string), true, or false (#42434)preserve_client_ip now only accepts one of "" (empty string), true, or false (#42434)reset_on_delete argument has been removed (#42226)canary_settings, execution_arn, invoke_url, stage_description, and stage_name arguments. Instead, use the aws_api_gateway_stage resource to manage stages. (#42249)compute_environment_name to name
resource/aws_batch_compute_environment: Rename compute_environment_name_prefix to name_prefix (#38050)compute_environment_name to name (#38050)compute_environments in place of compute_environment_order (#40751)logging_config, logging_config.cloudwatch_config, logging_config.cloudwatch_config.large_data_delivery_s3_config, and logging_config.s3_config are now list nested blocks instead of single nested blocks (#42307)id is now set to remote object's Id instead of name (#42230)etag argument is now computed only (#38448)suspend now only accepts one of "" (empty string), true, or false (#42434)id attribute is now a comma-delimited string concatenating the user_pool_id, group_name, and username arguments (#34082)s3_prefix argument is now required (#38446)character_set_name now cannot be set with replicate_source_db, restore_to_point_in_time, s3_import, or snapshot_identifier. (#42348)s3_settings attribute. Use aws_dms_s3_endpoint instead (#42379)vpn_gateway_id has been removed (#42323)terminate_instances_on_delete now only accepts one of "" (empty string), true, or false (#42434)block_duration_minutes attribute (#42060)inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)vpc has been removed. Use domain instead. (#42340)resolve_conflicts has been removed. Use resolve_conflicts_on_create and resolve_conflicts_on_update instead. (#42318)auto_minor_version_upgrade now only accepts one of "" (empty string), true, or false (#42434)at_rest_encryption_enabled and auto_minor_version_upgrade now only accept one of "" (empty string), true, or false (#42434)auth_token_update_strategy no longer has a default value. If auth_token is set, auth_token_update_strategy must also be explicitly configured. (#42336)variations.value.bool_value now only accepts one of "" (empty string), true, or false (#42434)log_group_name has been removed. Use log_destination instead. (#42333)id attribute is now computed only (#42097)datasources. Use aws_guardduty_detector_feature resources instead. (#42436)auto_enable attribute has been removed (#42251)filter has been removed (#42325)instance_configuration.block_device_mapping.ebs.delete_on_termination and instance_configuration.block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#42434)block_device_mapping.ebs.delete_on_termination and block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#42434)cpu_core_count and cpu_threads_per_core. Instead, use cpu_options. (#42280)user_data now displays cleartext instead of a hash. Base64 encoded content should use user_data_base64 instead. (#42078)block_device_mappings.ebs.delete_on_termination, block_device_mappings.ebs.encrypted, ebs_optimized, network_interfaces.associate_carrier_ip_address, network_interfaces.associate_public_ip_address, network_interfaces.delete_on_termination, and network_interfaces.primary_ipv6 now only accept one of "" (empty string), true, or false (#42434)elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)elastic_gpu_specifications has been removed (#42312)mutual_authentication attributes advertise_trust_store_ca_names, ignore_client_certificate_expiry, and trust_store_arn are only valid if mode is verify (#42326)preserve_client_ip now only accepts one of "" (empty string), true, or false (#42434)logs.audit now only accepts one of "" (empty string), true, or false (#42434)base_policy_region argument has been removed. Use base_policy_regions instead. (#38398)kibana_endpoint has been removed (#42268)saml_options is now a list nested block instead of a single nested block (#42270)key_attributes and key_attributes.key_modes_of_use are now list nested blocks instead of single nested blocks. (#42264)tags_all has been removed (#42260)cluster_public_key, cluster_revision_number, and endpoint are now read only and should not be set (#42119)logging attribute has been removed (#42013)publicly_accessible attribute now defaults to false (#41978)snapshot_copy attribute has been removed (#41995)regions_of_interest.bounding_box is now a list nested block instead of a single nested block (#41380)policy, policy.az, policy.hardware, policy.software, and policy.region are now list nested blocks instead of single nested blocks (#42297)code_editor_app_image_config, jupyter_lab_image_config, or kernel_gateway_image_config block must be configured (#42753)id is now a comma-delimited string concatenating image_name and version (#42536)accelerator_types from your configuration—it no longer exists. Instead, use instance_type to use Inferentia. (#42099)instance_id argument (#42224)definition is now a list nested block instead of a single nested block (#42305)rule.statement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_bot_control_rule_set.enable_machine_learning now defaults to false (#39858)NOTES:
name attribute has been deprecated. All configurations using name should be updated to use the region attribute instead (#42131)bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#42014)region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#42131)region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#42014)region attribute has been deprecated. All configurations using region should be updated to use the service_region attribute instead (#42014)region attribute has been deprecated. All configurations using region should be updated to use the requester_region attribute instead (#42014)s3_us_east_1_regional_endpoint argument. The ability to use the global S3 endpoint will be removed in v7.0.0. (#42375)region attribute has been deprecated. All configurations using region should be updated to use the stack_set_instance_region attribute instead (#42014)id in favor of arn (#42232)region attribute has been deprecated. All configurations using region should be updated to use the authorized_aws_region attribute instead (#42014)region attribute has been deprecated. All configurations using region should be updated to use the connection_region attribute instead (#42014)engine value is deprecated (#42419)engine value is deprecated (#42419)engine value is deprecated (#42419)datasources now returns a deprecation warning (#42251)aws_kinesisanalyticsv2_application resource instead (#42102)encrypted is now true to match the AWS API. (#42631)bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#42014)health_check_custom_config.failure_threshold is deprecated. The argument is no longer supported by AWS and is always set to 1 (#40777)region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#42131)region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#42014)ENHANCEMENTS:
allow_unsafe_filter argument (#42114)group_long_name attribute (#42014)region as Optional, allowing a value to be configured (#42014)roles.role_arn and roles.role_type (#42131)region support to most resources, data sources, and ephemeral resources, allowing per-resource Region targeting without requiring multiple provider configurations. See the Enhanced Region Support guide for more information. (#43075)control_mapping_sources.source_frequency, control_mapping_sources.source_set_up_option, and control_mapping_sources.source_type (#42131)destination_account (#42741)admin_account_id (#42741)arn attribute (#42733)finding_publishing_frequency. (#42436)mutual_authentication attribute trust_store_arn is required if mode is verify (#42326)policy_arn (#42131)aliases argument (#42610)access_type source.aws_log_source_resource.source_name, and subscriber_identity.external_id (#42131)BUG FIXES:
Provider produced inconsistent result after apply errors (#42131)encrypted is not explicitly set to true. (#42631)regions_of_interest.bounding_box and regions_of_interest.polygon argument validation (#41380)access_type to ForceNew (#42131)NOTES:
FEATURES:
aws_dsql_cluster (#41868)aws_dsql_cluster_peering (#41868)aws_prometheus_workspace_configuration (#42478)aws_s3control_directory_bucket_access_point_scope (#42338)aws_vpc_route_server (#42392)aws_vpc_route_server_endpoint (#42392)aws_vpc_route_server_peer (#42392)aws_vpc_route_server_propagation (#42392)aws_vpc_route_server_vpc_association (#42392)aws_workspacesweb_data_protection_settings (#42852)aws_workspacesweb_ip_access_settings (#42863)aws_workspacesweb_user_access_logging_settings (#42868)ENHANCEMENTS:
ap-east-2 AWS Region (#42915)ap-east-2 AWS Region (#42915)latest, has_major_target, preferred_major_targets, and preferred_upgrade_targets (#42854)ap-east-2 AWS Region (#42915)ap-east-2 as a valid AWS Region (#42906)data_read_cache_configuration and throughput_capacity arguments in support of the Intelligent-Tiering storage class (#42839)two_way_channel_role argument (#42950)preshared_key_storage argument and preshared_key_arn attribute (#42819)statement.asn_match_statement configuration block (#42965)statement.asn_match_statement configuration block (#42965)BUG FIXES:
max_batch_size argument can be used to override the default value of 50 items. (#42795)stream_arn attribute when changing stream_view_type (#42561)InvalidPaginationToken errors on read (#42948)InvalidParameterValue: The value of loadBalancerOptions.port you provided is not valid errors when creating TCP load balancer endpoints (#42736)OperationInProgress: VpcEndpoint modify operation in progress errors when deleting multiple associations in parallel (#42884)BUG FIXES:
panic: runtime error: invalid memory address or nil pointer dereference (#42813)InvalidAction exceptions for DescribeCapacityReservation operations. This fixes a regression introduced in v5.99.0 (#42812)rule.filter. (#42655)FEATURES:
aws_notifications_channel_association (#42575)aws_notifications_event_rule (#42575)aws_notifications_notification_configuration (#42575)aws_notifications_notification_hub (#42544)aws_notificationscontacts_email_contact (#42575)aws_quicksight_account_settings (#42185)aws_workspacesweb_browser_settings (#42681)aws_workspacesweb_network_settings (#42722)aws_workspacesweb_user_settings (#42783)ENHANCEMENTS:
block_device_mappings.ebs["volume_initialization_rate"] attribute (#42684)block_device_mappings.ebs.volume_initialization_rate attribute (#42684)tags attribute. This functionality requires the verifiedpermissions:ListTagsForResource IAM permission (#42663)volume_configuration.managed_ebs_volume.volume_initialization_rate argument (#42750)block_device_mappings.ebs.volume_initialization_rate argument (#42684)minimum_load_balancer_capacity configuration block. This functionality requires the elasticloadbalancing:DescribeCapacityReservations and elasticloadbalancing:ModifyCapacityReservation IAM permissions (#42685)name to be updated in-place. This functionality requires the account:PutAccountName IAM permission (#42350)tags argument and tags_all attribute. This functionality requires the verifiedpermissions:ListTagsForResource, verifiedpermissions:TagResource, and verifiedpermissions:UntagResource IAM permissions (#42663)BUG FIXES:
prefix can now be up to 256 characters (#42723)user_pool_add_ons.advanced_security_additional_flows block is non-empty, but contains only a single nil value. (#42793)prefix can now be up to 256 characters (#42723)HeadBucket S3 API calls are made using configured credentials. This fixes a regression introduced in v5.98.0 (#42786)rule.filter. (#42624)dns_options were not being updated correctly when private_dns_enabled was set to true (#42746)BREAKING CHANGES:
endpoints.iotanalytics and endpoints.iotevents configuration arguments have been removed (#42703)id is now a comma-delimited string concatenating image_name and version (#42536)NOTES:
encrypted is now true to match the AWS API. (#42631)ENHANCEMENTS:
aliases argument (#42610)BUG FIXES:
FEATURES:
aws_account_primary_contact (#42526)aws_dynamodb_tables (#42339)aws_bedrockagent_prompt (#42211)aws_cloudfrontkeyvaluestore_keys_exclusive (#42246)aws_dataexchange_revision_assets (#42272)aws_inspector2_filter (#42374)aws_wafv2_api_key (#42525)ENHANCEMENTS:
dead_letter_config attribute (#42471)kms_key_identifier attribute (#42385)refresh_token_rotation attribute (#42430)user_pool_add_ons attribute (#42470)point_in_time_recovery.recovery_period_in_days attribute (#41484)client_route_enforcement_options attribute (#42424)distribution.ssm_parameter_configuration attribute (#42604)track_name attribute (#42451)active_directory_config, user_identity_type, workspace_directory_description, workspace_directory_name, and workspace_type attributes (#42330)destination_flow_config.destination_connector_properties.salesforce.data_transfer_api argument (#42479)capacity_reservation_specification argument (#42380)prepared_at attribute. (#42586)instruction max length for validation to 20000 (#42596)dead_letter_config argument (#42471)kms_key_identifier argument (#42385)refresh_token_rotation argument (#42430)refresh_token_rotation argument (#42430)user_pool_add_ons.advanced_security_additional_flows argument (#42470)manage_master_user_password argument and master_user_secret attribute (#42563)point_in_time_recovery.recovery_period_in_days argument (#41484)client_route_enforcement_options argument (#42424)defaultLogDriverMode value in Name argument (#42418)distribution.ssm_parameter_configuration argument (#42604)application_protocol and authentication_type arguments (#42534)bootstrap_brokers_sasl_iam attribute. This functionality requires the kafka:GetBootstrapBrokers IAM permission (#42148)track_name argument (#42451)domain_list argument (#42456)domain as Optional (#42456)encryption_configuration argument. This functionality requires the s3tables:GetTableEncryption IAM permission (#42356)encryption_configuration argument. This functionality requires the s3tables:GetTableBucketEncryption IAM permission (#42356)NO_REGIONS as a valid value for linking_mode (#42574)fifo_throughput_scope argument (#42508)uri_fragment to field_to_match configuration blocks (#42407)data_protection_config argument (#42404)uri_fragment to field_to_match configuration blocks (#42407)active_directory_config, user_identity_type, workspace_directory_description, workspace_directory_name, and workspace_type arguments in support of WorkSpaces Pools (#42330)directory_id as Optional (#42330)BUG FIXES:
ValidationException: The provided MLflow version is not supported errors (#42435)firewall_policy.policy_variables configuration block (#42473)routing_configuration so we only send it on update when explicility configured. This allows updates to aliases to create new versions. (#42603)20 as a valid value for metric_query.metric.period, metric_query.period, and period (#42390)ResourceNotFound exceptions during delete (#42494)parameters block removal (#42494)filter_at_source.source_address is unspecified. (#42369)InvalidNetworkInterface.InUse errors on Create (#42623)false, 0 or "") for unconfigured listener attributes on Create (#41846)InvalidParameterValue: collation_server '..' is not valid for character_set '...' errors on Create (#42559)BREAKING CHANGES:
most_recent is true and owner and image ID filter criteria has been increased to an error. Existing configurations which were previously receiving a warning diagnostic will now fail to apply. To prevent this error, set the owner argument or include a filter block with an image-id or owner-id name/value pair. To continue using unsafe filter values with most_recent set to true, set the new allow_unsafe_filter argument to true. This is not recommended. (#42114)inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)inference_accelerator_overrides attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)action.authenticate_cognito, action.authenticate_oidc, action.fixed_response, action.forward, action.forward.stickiness, action.redirect, condition.host_header, condition.http_header, condition.http_request_method, condition.path_pattern, condition.query_string, and condition.source_ip attributes are now list nested blocks instead of single nested blocks (#42283)filter has been removed (#42325)elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)elastic_gpu_specifications has been removed (#42312)kibana_endpoint has been removed (#42268)saml_options is now a list nested block instead of a single nested block (#42270)tags_all attribute (#42136)aws_opsworks_application resource has been removed (#41948)aws_opsworks_custom_layer resource has been removed (#41948)aws_opsworks_ecs_cluster_layer resource has been removed (#41948)aws_opsworks_ganglia_layer resource has been removed (#41948)aws_opsworks_haproxy_layer resource has been removed (#41948)aws_opsworks_instance resource has been removed (#41948)aws_opsworks_java_app_layer resource has been removed (#41948)aws_opsworks_memcached_layer resource has been removed (#41948)aws_opsworks_mysql_layer resource has been removed (#41948)aws_opsworks_nodejs_app_layer resource has been removed (#41948)aws_opsworks_permission resource has been removed (#41948)aws_opsworks_php_app_layer resource has been removed (#41948)aws_opsworks_rails_app_layer resource has been removed (#41948)aws_opsworks_rds_db_instance resource has been removed (#41948)aws_opsworks_stack resource has been removed (#41948)aws_opsworks_static_web_layer resource has been removed (#41948)aws_opsworks_user_profile resource has been removed (#41948)aws_simpledb_domain resource has been removed. Add a constraint to v5 of the Terraform AWS Provider for continued use of this resource (#41775)aws_worklink_fleet resource has been removed (#42059)aws_worklink_website_certificate_authority_association resource has been removed (#42059)aws_redshift_service_account resource has been removed. AWS recommends that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#41941)endpoints.opsworks configuration argument has been removed (#41948)endpoints.simpledb and endpoints.sdb configuration arguments have been removed (#41775)endpoints.worklink configuration argument has been removed (#42059)filter.exists now only accepts one of "" (empty string), true, or false (#42434)preserve_client_ip now only accepts one of "" (empty string), true, or false (#42434)reset_on_delete argument has been removed (#42226)canary_settings, execution_arn, invoke_url, stage_description, and stage_name arguments. Instead, use the aws_api_gateway_stage resource to manage stages. (#42249)compute_environment_name to name
resource/aws_batch_compute_environment: Rename compute_environment_name_prefix to name_prefix (#38050)compute_environment_name to name (#38050)compute_environments in place of compute_environment_order (#40751)logging_config, logging_config.cloudwatch_config, logging_config.cloudwatch_config.large_data_delivery_s3_config, and logging_config.s3_config are now list nested blocks instead of single nested blocks (#42307)id is now set to remote object's Id instead of name (#42230)etag argument is now computed only (#38448)suspend now only accepts one of "" (empty string), true, or false (#42434)id attribute is now a comma-delimited string concatenating the user_pool_id, group_name, and username arguments (#34082)character_set_name now cannot be set with replicate_source_db, restore_to_point_in_time, s3_import, or snapshot_identifier. (#42348)s3_settings attribute. Use aws_dms_s3_endpoint instead (#42379)vpn_gateway_id has been removed (#42323)terminate_instances_on_delete now only accepts one of "" (empty string), true, or false (#42434)block_duration_minutes attribute (#42060)inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)vpc has been removed. Use domain instead. (#42340)resolve_conflicts has been removed. Use resolve_conflicts_on_create and resolve_conflicts_on_update instead. (#42318)auto_minor_version_upgrade now only accepts one of "" (empty string), true, or false (#42434)at_rest_encryption_enabled and auto_minor_version_upgrade now only accept one of "" (empty string), true, or false (#42434)auth_token_update_strategy no longer has a default value. If auth_token is set, auth_token_update_strategy must also be explicitly configured. (#42336)variations.value.bool_value now only accepts one of "" (empty string), true, or false (#42434)log_group_name has been removed. Use log_destination instead. (#42333)id attribute is now computed only (#42097)datasources. Use aws_guardduty_detector_feature resources instead. (#42436)auto_enable attribute has been removed (#42251)filter has been removed (#42325)instance_configuration.block_device_mapping.ebs.delete_on_termination and instance_configuration.block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#42434)block_device_mapping.ebs.delete_on_termination and block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#42434)cpu_core_count and cpu_threads_per_core. Instead, use cpu_options. (#42280)user_data now displays cleartext instead of a hash. Base64 encoded content should use user_data_base64 instead. (#42078)block_device_mappings.ebs.delete_on_termination, block_device_mappings.ebs.encrypted, ebs_optimized, network_interfaces.associate_carrier_ip_address, network_interfaces.associate_public_ip_address, network_interfaces.delete_on_termination, and network_interfaces.primary_ipv6 now only accept one of "" (empty string), true, or false (#42434)elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)elastic_gpu_specifications has been removed (#42312)mutual_authentication attributes advertise_trust_store_ca_names, ignore_client_certificate_expiry, and trust_store_arn are only valid if mode is verify (#42326)preserve_client_ip now only accepts one of "" (empty string), true, or false (#42434)logs.audit now only accepts one of "" (empty string), true, or false (#42434)base_policy_region argument has been removed. Use base_policy_regions instead. (#38398)kibana_endpoint has been removed (#42268)saml_options is now a list nested block instead of a single nested block (#42270)key_attributes and key_attributes.key_modes_of_use are now list nested blocks instead of single nested blocks. (#42264)tags_all has been removed (#42260)cluster_public_key, cluster_revision_number, and endpoint are now read only and should not be set (#42119)logging attribute has been removed (#42013)publicly_accessible attribute now defaults to false (#41978)snapshot_copy attribute has been removed (#41995)regions_of_interest.bounding_box is now a list nested block instead of a single nested block (#41380)policy, policy.az, policy.hardware, policy.software, and policy.region are now list nested blocks instead of single nested blocks (#42297)accelerator_types from your configuration—it no longer exists. Instead, use instance_type to use Inferentia. (#42099)instance_id argument (#42224)definition is now a list nested block instead of a single nested block (#42305)rule.statement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_bot_control_rule_set.enable_machine_learning now defaults to false (#39858)NOTES:
name attribute has been deprecated. All configurations using name should be updated to use the region attribute instead (#42131)bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#42014)region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#42131)region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#42014)region attribute has been deprecated. All configurations using region should be updated to use the service_region attribute instead (#42014)region attribute has been deprecated. All configurations using region should be updated to use the requester_region attribute instead (#42014)s3_us_east_1_regional_endpoint argument. The ability to use the global S3 endpoint will be removed in v7.0.0. (#42375)region attribute has been deprecated. All configurations using region should be updated to use the stack_set_instance_region attribute instead (#42014)id in favor of arn (#42232)region attribute has been deprecated. All configurations using region should be updated to use the authorized_aws_region attribute instead (#42014)region attribute has been deprecated. All configurations using region should be updated to use the connection_region attribute instead (#42014)engine value is deprecated (#42419)engine value is deprecated (#42419)engine value is deprecated (#42419)datasources now returns a deprecation warning (#42251)aws_kinesisanalyticsv2_application resource instead (#42102)bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#42014)health_check_custom_config.failure_threshold is deprecated. The argument is no longer supported by AWS and is always set to 1 (#40777)region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#42131)region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#42014)ENHANCEMENTS:
allow_unsafe_filter argument (#42114)group_long_name attribute (#42014)region as Optional, allowing a value to be configured (#42014)roles.role_arn and roles.role_type (#42131)control_mapping_sources.source_frequency, control_mapping_sources.source_set_up_option, and control_mapping_sources.source_type (#42131)finding_publishing_frequency. (#42436)mutual_authentication attribute trust_store_arn is required if mode is verify (#42326)policy_arn (#42131)access_type source.aws_log_source_resource.source_name, and subscriber_identity.external_id (#42131)BUG FIXES:
Provider produced inconsistent result after apply errors (#42131)regions_of_interest.bounding_box and regions_of_interest.polygon argument validation (#41380)access_type to ForceNew (#42131)FEATURES:
aws_ec2_default_credit_specification (#42345)ENHANCEMENTS:
athena_properties attribute (#42262)placement attribute (#42347)enabled_analysis_types attribute (#42160)certificate_based_auth_properties attribute (#42269)configuration.unused_access.analysis_rule argument (#42332)ManagedResources to action.*.target (#42376)athena_properties argument and allow DYNAMODB connection type. (#42262)DYNAMODB as a valid value for connection_type (#42262)placement argument (#42347)enabled_analysis_types argument (#42160)certificate_based_auth_properties configuration block (#42269)BUG FIXES:
listener_identifier to ARN. (#42215)service_identifier to ARN. (#42215)match.http_match. (#42215)action.fixed_response or action.forward. (#42215)FEATURES:
aws_fis_experiment_templates (#37060)aws_vpc_endpoint_associations (#41918)ENHANCEMENTS:
endpoint_configuration.ip_address_type attribute (#42146)endpoint_configuration.ip_address_type attribute (#42146)ip_address_type attribute (#42145)kinesis_settings.use_large_integer_value attribute (#42300)arn attribute (#42344)tags attribute (#42344)endpoint_configuration.ip_address_type argument to support dual-stack (IPv4 and IPv6) endpoints (#42146)endpoint_configuration.ip_address_type argument to support dual-stack (IPv4 and IPv6) endpoints (#42146)ip_address_type argument to support dual-stack (IPv4 and IPv6) endpoints (#42145)domain_name_configuration.ip_address_type argument to support dual-stack (IPv4 and IPv6) endpoints (#42145)kinesis_settings.use_large_integer_value argument (#42300)experiment_report_configuration argument (#41120)BUG FIXES:
malformed version error when parsing 7.x redis engine versions (#42346)ConcurrentModificationExceptions during user creation (#42081)InvalidParameterValue: SecondsUntilAutoPause can only be specified when minimum capacity is 0 errors when removing serverlessv2_scaling_configuration.seconds_until_auto_pause (#41180)NOTES:
invoke_url and execution_arn are deprecated. Use the invoke_url and execution_arn attributes of the aws_api_gateway_stage resource instead. (#42244)FEATURES:
aws_redshift_integration (#42105)ENHANCEMENTS:
filter_at_destination and filter_at_source attributes (#42214)compute_role_arn argument (#41650)manual_creation argument (#40155)managed_login_version argument (#40855)filter_at_destination and filter_at_source configuration blocks (#42214)force_update_version argument (#42134)alias, destination, role_configuration, and scrape_configuration to be updated in-place (#42109)price_performance_target argument (#40946)horovod, job_type, ml_framework, processor, programming_lang, release_notes, and vendor_guidance arguments (#42143)tags argument and tags_all attribute (#42141)TransferSecurityPolicy-2025-03, TransferSecurityPolicy-FIPS-2025-03, and TransferSecurityPolicy-SshAuditCompliant-2025-02 as valid values for security_policy_name (#42164)BUG FIXES:
engine is changed from redis to valkey (#42208)panic: runtime error: invalid memory address or nil pointer dereference when no XksProxyConfiguration is returned (#42241)rule from top of list (#42228)rule.filter.and.tags (#42041)default_user_settings.custom_file_system_config and default_space_settings.custom_file_system_config to be removed on Update (#42144)user_settings.custom_file_system_config to be removed on Update (#42144)NOTES:
overwrite argument is no longer deprecated (#42030)ENHANCEMENTS:
last_launched_time attribute (#42049)last_launched_time attribute (#42049)last_launched_time attribute (#42049)last_launched_time attribute (#42049)source_control_details argument (#42046)ruby3.4 runtime value (#42052)ruby3.4 compatible_runtimes value (#42052)role_configuration argument (#42039)rule.expiration are set (#42036)rule.prefix nor rule.filter is set (#42036)rule.transition.date nor rule.transition.days is set and error if both are set (#42036)BUG FIXES:
CFNRegistryException: Version '...' is the default version and cannot be deregistered errors when deregistering an extension and the create_before_destroy meta-argument is true (#38855)volume_configuration and service_connect_configurations values from state read/refresh (#41998)service_connect_configuration.service.discovery_name and service_connect_configuration.service.client_alias.dns_name as Computed (#41998)Provider produced inconsistent final plan errors when configuration_info.revision is unknown (#42037)refresh_properties is not configured (#42076)rule.filter (#42036)waiting for SQS Queue... attributes create: timeout while waiting errors when sqs_managed_sse_enabled = false or omitted and kms_master_key_id is not set but kms_data_key_reuse_period_seconds is set to a non-default value. (#42062)workspace_properties.running_mode_auto_stop_timeout_in_minutes when modified (#40953)FEATURES:
aws_api_gateway_rest_api_put (#41375)ENHANCEMENTS:
custom_role_arn and upstream_repository_prefix attributes (#41933)memory_configuration configuration block (#39970)trigger_all attribute (#42008)trigger argument now properly removes custom trigger definitions (#42008)username_configuration and username_configuration.case_sensitive arguments as optional and computed. This will future proof the provider against upstream API changes which may return a default value for the block when omitted during create operations. (#35439)task_mode argument (#39979)custom_role_arn and upstream_repository_prefix arguments (#41933)ecr_repository_prefix to support a value of "ROOT" (#41933)runtime_environment to be updated in-place (#41935)cidr_options, load_balancer.port_range, network_interface_options.port_range, and rds_options arguments (#41957)application_domain, domain_certificate_arn and endpoint_domain_prefix as Optional (#41957)cidr and rds as valid values for endpoint_type (#41957)cidr_endpoint_custom_subdomain argument and name_servers attribute (#41957)native_application_oidc_options and sse_specification arguments (#41957)BUG FIXES:
InvalidParameterCombination: To enable the Advanced mode of Database Insights, modify your cluster to enable Performance Insights and set the retention period for Performance Insights to at least 465 days errors when enabling database_insights_mode on existing instances (#41960)InvalidReplicationGroupState exceptions during tagging operations (#41954)domain_name to Computed (#41985)resource_data.table_wildcard attribute (#41939)NOTES:
configuration.s3_configuration argument is deprecated. Use configuration.template_configuration instead, which supports the upgraded Amazon S3 connector. Amazon has ended support for the older architecture as of June 2024, and resources created with this argument cannot be edited or updated. See the Amazon Kendra documentation for additional details. (#35437)configuration.web_crawler_configuration argument is deprecated. Use configuration.template_configuration instead, which supports the Amazon Kendra Web Crawler connector v2.0. See the Amazon Kendra documentation for additional details. (#35437)FEATURES:
aws_api_gateway_api_keys (#39335)aws_eks_cluster_versions (#40741)aws_identitystore_group_memberships (#31589)aws_identitystore_users (#31688)aws_athena_capacity_reservation (#41858)ENHANCEMENTS:
identity_info.secondary_email attribute (#41001)database_insights_mode attribute (#41607)create_time attribute (#41839)ipam_pools attribute (#41822)aws-marketplace as a valid account ID in ARNs (#41867)extension_arn and resource_arn (#41907)identity_info.secondary_email attribute (#41001)database_insights_mode argument (#41607)create_time attribute (#41839)configuration.template_configuration argument (#35437)ipam_pools configuration block (#41822)BUG FIXES:
vpc_endpoint_ids (#41836)instruction validator to consider multi-byte chars so not to artificially limit instruction length (#41921)compute_config.node_role_arn to update in place when previously unset (#41925)performance_insights_enabled takes effect when creating a cluster that is a member of a global cluster (#41737)InvalidParameterCombination: To enable the Advanced mode of Database Insights, modify your cluster to enable Performance Insights and set the retention period for Performance Insights to at least 465 days errors when enabling database_insights_mode on existing clusters (#41737)secondary_availability_zone attribute when changing deployment_type (#41849)NOTES:
FEATURES:
aws_network_interface_permission (#40797)aws_route53_records_exclusive (#41741)ENHANCEMENTS:
secondary_sources.auth configuration block (#40191)msk_source_configuration.read_from_timestamp argument (#41794)network_type and port attributes. The following can now be updated in place: allocated_storage, db_instance_type, db_storage_type and deployment_type (#40661)ipv4_ipam_pool_id and ipv4_netmask_length attributes (#41779)ipv6_ipam_pool_id and ipv6_netmask_length attributes (#41779)name_prefix argument and plan-time validation of name (#40889)name_prefix argument and plan-time validation of name (#40889)name_prefix argument (#40889)rule.challenge_config argument (#40123)BUG FIXES:
storage_mode updates are actually applied to the cluster (#41773)NOTES:
godebug tlskyber=0 directive in go.mod. This disables the experimental the post-quantum key exchange mechanism X25519Kyber768Draft00, fixing failed or hanging network connections to various AWS services. This fixes a regression introduced in v5.90.0 (#41740)FEATURES:
aws_datazone_domain (#41480)ENHANCEMENTS:
stage.before_entry, stage.on_success and stage.on_failure configuration blocks (#41663)connector_configuration to be updated in-place (#41685)ja3_fingerprint and ja4_fingerprint to custom_key configuration blocks (#41719)ja4_fingerprint to field_to_match configuration blocks (#41719)ja3_fingerprint and ja4_fingerprint to custom_key configuration blocks (#41719)ja4_fingerprint to field_to_match configuration blocks (#41719)BREAKING CHANGES:
rule.noncurrent_version_expiration.noncurrent_days and rule.noncurrent_version_transition.noncurrent_days are Required (#40796)NOTES:
elastic_gpu_specifications and elastic_inference_accelerator are deprecated. AWS no longer supports Elastic Graphics or Elastic Inference. (#41677)X25519Kyber768Draft00. Previously, in environments using AWS Network Firewall, the Provider would hang due to a handshake issue between Go 1.23 and Network Firewall, which supported Suricata 6.0.9. We had disabled the post-quantum key exchange to resolve the issue. Since November 2024, AWS Network Firewall has upgraded to Suricata 7.0, which no longer has this issue. However, if you use AWS Network Firewall, we’d appreciate your help in identifying any remaining issues related to this change. (#41655)overrides.inference_accelerator_overrides is deprecated. AWS no longer provides the Elastic Inference service. (#41676)elastic_gpu_specifications and elastic_inference_accelerator are deprecated. AWS no longer supports Elastic Graphics or Elastic Inference. (#41677)accelerator_types is deprecated and will be removed in a future version. Use instance_type instead. (#41673)FEATURES:
aws_dataexchange_event_action (#40552)aws_lakeformation_opt_in (#41611)ENHANCEMENTS:
arn attribute (#41660)arn attribute (#41660)arn attribute (#41660)arn attribute (#41660)arn attribute (#41660)state attribute (#41575)cluster_config.node_options attribute (#40181)arn attribute (#41660)arn attribute (#41660)arn attribute (#41660)arn attribute (#41660)arn attribute (#41660)arn attribute (#41660)arn attribute (#41660)arn attribute (#41660)disconnect_on_session_timeout attribute (#41621)max_webservers and min_webservers arguments from 2 to 1 in support of Amazon MWAA micro environments (#40244)cluster_config.node_options configuration block in support of dedicated coordinator nodes (#40181)vpc_options.vpc_endpoint_management argument (#38001)arn attribute (#41645)tags argument and tags_all attribute (#41645)arn attribute (#41660)arn attribute (#41660)rule.filter (#41662)rule.noncurrent_version_expiration.noncurrent_days and rule.noncurrent_version_transition.noncurrent_days are Required. Technically this is a breaking change, but failure to configure this attribute would have led to InvalidArgument or MalformedXML errors (#40796)arn attribute (#41660)arn attribute (#41660)BUG FIXES:
exclude_characters from Bool to String (#41546)vpc_lattice_configurations blocks (#41594)rule configuration from filter.prefix to filter.and.prefix (#41662)rule configuration from prefix to filter.prefix or filter.and.prefix (#41662)ConflictException errors on delete (#41594)