chore(deps): update major and minor dependencies

[my-renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
aws (source)	required_provider	major	4.67.0 -> 5.36.0
aws/aws-cli		minor	2.11.27 -> 2.15.19
fluxcd/flux2		major	0.41.2 -> 2.2.3
github (source)	required_provider	minor	5.25.1 -> 5.45.0
helm/helm		minor	3.12.3 -> 3.14.0
http (source)	required_provider	minor	3.3.0 -> 3.4.1
kubernetes (source)	required_provider	minor	2.20.0 -> 2.25.2
kubernetes-sigs/kustomize		minor	5.0.3 -> 5.3.0
kubernetes/kubectl		minor	1.27.4 -> 1.29.1
		lockFileMaintenance	All locks refreshed
random (source)	required_provider	minor	3.5.1 -> 3.6.0
terraform-aws-modules/eks/aws (source)	module	major	19.13.1 -> 20.2.1
terraform-aws-modules/iam/aws (source)	module	minor	5.18.0 -> 5.34.0
time (source)	required_provider	minor	0.9.2 -> 0.10.0
terraform-aws-modules/vpc/aws (source)	module	major	4.0.2 -> 5.5.2

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.36.0

Compare Source

NOTES:

• data-source/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#​35615)
• resource/aws_controltower_landing_zone: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​34595)
• resource/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#​35615)

FEATURES:

• New Resource: aws_controltower_landing_zone (#​34595)
• New Resource: aws_osis_pipeline (#​35582)
• New Resource: aws_redshift_data_share_authorization (#​35703)
• New Resource: aws_securitylake_custom_log_source (#​35354)

ENHANCEMENTS:

• resource/aws_cloudwatch_metric_stream: Add plan-time validation of output_format (#​35569)
• resource/aws_db_instance: Add diag.log and notify.log as valid values for enabled_cloudwatch_logs_exports (#​35626)
• resource/aws_db_instance: Add domain_auth_secret_arn, domain_dns_ips, domain_fqdn, and domain_ou arguments to support self-managed Active Directory (#​35500)
• resource/aws_s3_bucket_metric: Add filter.access_point argument (#​35590)
• resource/aws_verifiedaccess_group: Add sse_configuration argument (#​34055)

BUG FIXES:

• resource/aws_db_instance: Creating resource from point-in-time recovery now handles password attribute correctly (#​35589)
• resource/aws_dynamodb_table: Ensure that replicas are always set on Read (#​35630)
• resource/aws_emr_cluster: Properly normalize launch_specifications.on_demand_specification.allocation_strategy and launch_specifications.spot_specification.allocation_strategy values to fix perpetual state differences (#​34367)
• resource/aws_kinesis_firehose_delivery_stream: Change extended_s3_configuration.processing_configuration.processors.parameters from TypeList to TypeSet as order is not significant (#​35672)
• resource/aws_lambda_function: Resolve consecutive diff issue in logging_config when values for application_log_level or system_log_level are not specified (#​35694)
• resource/aws_lb_listener: Fixes unexpected diff when using default_action parameters which don't match the type. (#​35678)
• resource/aws_lb_listener: Was incorrectly reporting conflicting default_action[].target_group_arn when ignore_changes was set. (#​35671)
• resource/aws_lb_listener: Was not storing default_action[].forward in state if only a single target_group was set. (#​35671)
• resource/aws_lb_listener_rule: Fixes unexpected diff when using action parameters which don't match the type. (#​35678)
• resource/aws_lb_listener_rule: Was incorrectly reporting conflicting action[].target_group_arn when ignore_changes was set. (#​35671)
• resource/aws_lb_listener_rule: Was not storing action[].forward in state if only a single target_group was set. (#​35671)
• resource/aws_ssm_patch_baseline: Mark json as Computed if there are content changes (#​35606)

v5.35.0

Compare Source

FEATURES:

• New Data Source: aws_bedrock_custom_model (#​34310)
• New Data Source: aws_bedrock_custom_models (#​34310)
• New Data Source: aws_ssmcontacts_rotation (#​32710)
• New Resource: aws_bedrock_custom_model (#​34310)
• New Resource: aws_lexv2models_slot (#​34617)
• New Resource: aws_lexv2models_slot_type (#​35555)
• New Resource: aws_rekognition_collection (#​35407)
• New Resource: aws_sesv2_email_identity_policy (#​35486)
• New Resource: aws_ssmcontacts_rotation (#​32710)

ENHANCEMENTS:

• data-source/aws_redshift_cluster: Add multi_az attribute (#​35508)
• resource/aws_lakeformation_resource: Add hybrid_access_enabled argument (#​35571)
• resource/aws_lakeformation_resource: Add with_federation argument (#​35154)
• resource/aws_redshift_cluster: Add multi_az argument (#​35508)
• resource/aws_redshiftserverless_endpoint_access: Add owner_account argument (#​35509)
• resource/aws_wafv2_rule_group: Add header_order to field_to_match configuration blocks (#​35521)
• resource/aws_wafv2_web_acl: Add header_orderto field_to_match configuration blocks (#​35521)

BUG FIXES:

• data-source/aws_networkmanager_core_network_policy_document: Remove core_network_configuration.edge_locations maximum item limit (#​35585)
• resource/aws_backup_plan: Fix InvalidParameterValueException: Invalid lifecycle. EBS Cold Tier is not yet supported errors on resource Create in AWS GovCloud (US) (#​35560)
• resource/aws_cognito_user_group: Allow import of user groups with names containing / (#​35501)
• resource/aws_dms_event_subscription: Mark source_ids as Optional. This fixes a regression introduced in v5.31.0 (#​35541)
• resource/aws_efs_file_system: Increase lifecycle_policy maximum item limit to 3 (#​35522)
• resource/aws_eks_access_entry: Retry IAM eventual consistency errors on create (#​35535)
• resource/aws_finspace_kx_cluster: Increase command_line_arguments max length restriction from 50 to 1024. (#​35581)

v5.34.0

Compare Source

FEATURES:

• New Resource: aws_rekognition_project (#​35429)
• New Resource: aws_route53domains_delegation_signer_record (#​33596)

ENHANCEMENTS:

• data-source/aws_codecommit_repository: Add kms_key_id attribute (#​35095)
• data-source/aws_imagebuilder_components: Add support for ThirdParty owner value (#​35286)
• data-source/aws_imagebuilder_container_recipes: Add support for ThirdParty owner value (#​35286)
• data-source/aws_imagebuilder_image_recipes: Add support for ThirdParty owner value (#​35286)
• data-source/aws_ssm_patch_baseline: Add json attribute to facilitate use with S3 buckets (#​33402)
• resource/aws_accessanalyzer_analyzer: Add configuration configuration block (#​35310)
• resource/aws_appflow_flow: Add flow_status attribute (#​34948)
• resource/aws_codecommit_repository: Add kms_key_id argument (#​35095)
• resource/aws_codecommit_trigger: Add plan-time validation of trigger.destination_arn and trigger.events (#​35095)
• resource/aws_ecs_capacity_provider: Add auto_scaling_group_provider.managed_draining argument (#​35421)
• resource/aws_fis_experiment_template: Add support for AutoScalingGroups, Buckets, ReplicationGroups, Tables and TransitGateways to action.*.target (#​35300)
• resource/aws_fsx_openzfs_file_system: Add skip_final_backup argument (#​35320)
• resource/aws_network_interface_sg_attachment: Increase default timeouts to 3 minutes and allow them to be configured (#​35435)
• resource/aws_prometheus_scraper: Add role_arn attribute (#​35453)
• resource/aws_route53domains_registered_domain: Support resource import (#​33596)
• resource/aws_ssm_patch_baseline: Add json attribute to facilitate use with S3 buckets (#​33402)
• resource/aws_wafv2_web_acl: Add challenge_config argument (#​35367)

BUG FIXES:

• resource/aws_codebuild_project: Allow build_batch_config to be removed on Update (#​34121)
• resource/aws_eks_access_entry: Mark kubernetes_groups as Computed (#​35391)
• resource/aws_eks_access_entry: Mark type and user_name as Optional, allowing values to be configured (#​35391)
• resource/aws_grafana_license_association: Fix missing workspace_id attribute after import (#​35290)
• resource/aws_security_group_rule: Fix UnsupportedOperation: The functionality you requested is not available in this region errors on Read in certain partitions (#​33484)

v5.33.0

Compare Source

FEATURES:

• New Data Source: aws_eks_access_entry (#​35037)
• New Resource: aws_eks_access_entry (#​35037)
• New Resource: aws_eks_access_policy_association (#​35037)
• New Resource: aws_lexv2models_intent (#​34891)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add access_config attribute (#​35037)
• data-source/aws_secretsmanager_secret: Add created_date and last_changed_date attributes (#​35117)
• data-source/aws_secretsmanager_secret_version: Add created_date attribute (#​35117)
• resource/aws_backup_plan: Add rule.lifecycle.opt_in_to_archive_for_supported_resources and rule.copy_action.lifecycle.opt_in_to_archive_for_supported_resources and arguments (#​34994)
• resource/aws_eks_cluster: Add access_config configuration block (#​35037)
• resource/aws_lakeformation_resource: Add use_service_linked_role argument (#​35284)
• resource/aws_secretsmanager_secret_rotation: Add rotate_immediately argument (#​35105)

BUG FIXES:

• resource/aws_datasync_task: Allow schedule to be removed successfully (#​35282)
• resource/aws_fis_experiment_template: Fix validation error when not using target.resource_arns or target.resource_tag attributes. (#​35254)
• resource/aws_lb_listener: Fix ValidationError: Mutual Authentication mode passthrough does not support ignoring certificate expiry errors when mutual_authentication.mode is set to passthrough (#​35289)
• resource/aws_secretsmanager_secret_version: Fix InvalidParameterException: The parameter RemoveFromVersionId can't be empty. Staging label AWSCURRENT is currently attached to version ..., so you must explicitly reference that version in RemoveFromVersionId errors when a secret is updated outside Terraform (#​19943)

v5.32.1

Compare Source

BUG FIXES:

• data-source/aws_ecr_image: Fix error when most_recent is not also latest (#​35269)
• resource/aws_iot_ca_certificate: Change registration_config.role_arn from TypeBool to TypeString, fixing Inappropriate value for attribute "role_arn": a bool is required errors (#​35234)
• resource/aws_mq_broker: Fix interface conversion: interface {} is *schema.Set, not []string panic (#​35265)

v5.32.0

Compare Source

FEATURES:

• New Data Source: aws_mq_broker_engine_types (#​34232)
• New Data Source: aws_msk_bootstrap_brokers (#​32484)
• New Data Source: aws_verifiedpermissions_policy_store (#​32204)
• New Resource: aws_ebs_fast_snapshot_restore (#​35211)
• New Resource: aws_elasticache_serverless_cache (#​34951)
• New Resource: aws_imagebuilder_workflow (#​35097)
• New Resource: aws_kinesis_resource_policy (#​35167)
• New Resource: aws_prometheus_scraper (#​34749)
• New Resource: aws_securitylake_aws_log_source (#​34974)
• New Resource: aws_ssoadmin_application_access_scope (#​34811)
• New Resource: aws_verifiedpermissions_policy_store (#​32204)
• New Resource: aws_verifiedpermissions_policy_template (#​32205)
• New Resource: aws_verifiedpermissions_schema (#​32204)

ENHANCEMENTS:

• data-source/aws_batch_compute_environment: Add update_policy attribute (#​34353)
• data-source/aws_ecr_image: Add image_uri attribute (#​24526)
• data-source/aws_efs_file_system: Add lifecycle_policy.transition_to_archive attribute (#​35096)
• data-source/aws_efs_file_system: Add protection attribute (#​35029)
• data-source/aws_elastic_beanstalk_hosted_zone: Add hosted zone ID for il-central-1 AWS Region (#​35131)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ca-west-1 AWS Region (#​35131)
• data-source/aws_fsx_ontap_file_system: Add ha_pairs and throughput_capacity_per_ha_pair attributes (#​34993)
• data-source/aws_glue_catalog_table: Add region attribute to target_table block. (#​34817)
• data-source/aws_lambda_function: Add logging_config attribute (#​35050)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ca-west-1 AWS Region (#​35131)
• data-source/aws_lb_target_group: Add load_balancing_anomaly_mitigation attribute (#​35083)
• data-source/aws_msk_configuration: Remove name length validation (#​34399)
• data-source/aws_networkfirewall_firewall_policy: Add firewall_policy.tls_inspection_configuration_arn attribute (#​35094)
• data-source/aws_prometheus_workspace: Add kms_key_arn attribute (#​35062)
• data-source/aws_route53_resolver_endpoint: Add protocols attribute (#​35098)
• data-source/aws_route53_resolver_endpoint: Add resolver_endpoint_type attribute (#​34798)
• data-source/aws_s3_bucket: Add hosted zone ID for ca-west-1 AWS Region (#​35131)
• provider: Support ca-west-1 as a valid AWS Region (#​35131)
• resource/aws_appflow_flow: Add destination_connector_properties.s3.s3_output_format_config.target_file_size argument (#​35215)
• resource/aws_appstream_fleet: Increase idle_disconnect_timeout_in_seconds max value for validation to 360000 (#​35173)
• resource/aws_autoscaling_group: Add instance_refresh.preferences.max_healthy_percentage attribute (#​34929)
• resource/aws_autoscaling_group: Fix ValidationError: The instance ... is not part of Auto Scaling group ... errors on resource Delete when disabling scale-in protection for instances that are already fully terminated (#​35071)
• resource/aws_batch_compute_environment: Add update_policy parameter (#​34353)
• resource/aws_batch_job_definition: Add scheduling_priority argument and arn_prefix attribute (#​34997)
• resource/aws_cloud9_environment_ec2: Add amazonlinux-2023-x86_64 and resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64 as valid values for image_id (#​35020)
• resource/aws_codepipeline: Add pipeline_type argument and variable configuration block (#​34841)
• resource/aws_dms_replication_task: Allow cdc_start_time to use RFC3339 formatted dates in addition to UNIX timestamps (#​31917)
• resource/aws_dms_replication_task: Remove ForceNew from replication_instance_arn, allowing in-place migration between DMS instances (#​30721)
• resource/aws_efs_file_system: Add lifecycle_policy.transition_to_archive argument (#​35096)
• resource/aws_efs_file_system: Add protection configuration block (#​35029)
• resource/aws_efs_replication_configuration: Increase Create timeout to 20 minutes (#​34955)
• resource/aws_efs_replication_configuration: Mark destination.file_system_id as Optional, enabling EFS replication fallback (#​34955)
• resource/aws_finspace_kx_dataview: Increase default create, update, and delete timeouts to 4 hours (#​35207)
• resource/aws_finspace_kx_scaling_group: Increase default create, delete timeouts to 4 hours (#​35206)
• resource/aws_fsx_lustre_file_system: Allow per_unit_storage_throughput to be updated in-place (#​34932)
• resource/aws_fsx_ontap_file_system: Add ha_pairs and throughput_capacity_per_ha_pair arguments (#​34993)
• resource/aws_fsx_ontap_file_system: Increase maximum value of disk_iops_configuration.iops to 2400000 (#​34993)
• resource/aws_fsx_ontap_file_system: throughput_capacity is Optional (#​34993)
• resource/aws_glue_catalog_table: Add region attribute to target_table block. (#​34817)
• resource/aws_glue_classifier: Add csv_classifier.serde argument (#​34251)
• resource/aws_kinesis_firehose_delivery_stream: Add opensearch_configuration.document_id_options configuration block (#​35137)
• resource/aws_kinesis_firehose_delivery_stream: Add splunk_configuration.buffering_interval and splunk_configuration.buffering_size arguments (#​35137)
• resource/aws_kinesis_firehose_delivery_stream: Adjust elasticsearch_configuration.buffering_interval, http_endpoint_configuration.buffering_interval, opensearch_configuration.buffering_interval, opensearchserverless_configuration.buffering_interval, redshift_configuration.s3_backup_configuration.buffering_interval,extended_s3_configuration.s3_backup_configuration.buffering_interval, elasticsearch_configuration.s3_configuration.buffering_interval, http_endpoint_configuration.s3_configuration.buffering_interval, opensearch_configuration.s3_configuration.buffering_interval, opensearchserverless_configuration.s3_configuration.buffering_interval, redshift_configuration.s3_configuration.buffering_interval and splunk_configuration.s3_configuration.buffering_interval minimum values to 0 to support zero buffering (#​35137)
• resource/aws_kms_key: Add xks_key_id attribute (#​31216)
• resource/aws_lambda_function: Add logging_config configuration block in support of advanced logging controls (#​35050)
• resource/aws_lambda_function: Add support for python3.12 runtime value (#​35049)
• resource/aws_lambda_layer_version: Add support for python3.12 compatible_runtimes value (#​35049)
• resource/aws_lb_target_group: Add load_balancing_anomaly_mitigation argument (#​35083)
• resource/aws_lb_target_group: Add weighted_random as a valid value for load_balancing_algorithm_type (#​35083)
• resource/aws_neptune_cluster: Add storage_type argument (#​34985)
• resource/aws_neptune_cluster_instance: Add storage_type attribute (#​34985)
• resource/aws_networkfirewall_firewall: Add configurable timeouts (#​34918)
• resource/aws_networkfirewall_firewall_policy: Add firewall_policy.tls_inspection_configuration_arn argument (#​35094)
• resource/aws_prometheus_workspace: Add kms_key_arn argument, enabling encryption at-rest using AWS KMS Customer Managed Keys (CMK) (#​35062)
• resource/aws_redshiftserverless_workgroup: Add port argument (#​34925)
• resource/aws_route53_resolver_endpoint: Add protocols argument (#​35098)
• resource/aws_route53_resolver_endpoint: Add resolver_endpoint_type argument (#​34798)
• resource/aws_s3_bucket: Modify resource Read to support third-party S3 API implementations. Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​35035)
• resource/aws_s3_bucket: Modify server-side encryption configuration error handling, enabling support for NetApp StorageGRID (#​34890)
• resource/aws_transfer_server: Add TransferSecurityPolicy-PQ-SSH-Experimental-2023-04 and TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04 as valid values for security_policy_name (#​35129)
• resource/aws_verifiedaccess_endpoint: Add policy_document argument (#​34264)

BUG FIXES:

• data-source/aws_lb_target_group: Change deregistration_delay from TypeInt to TypeString (#​31436)
• data-source/aws_s3_bucket_object: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• data-source/aws_s3_object: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• resource/aws_cloud9_environment_ec2: image_id is Required (#​35020)
• resource/aws_codebuild_project: Prevent erroneous diffs on build_timeout and queued_timeout for Lambda compute types (#​35043)
• resource/aws_datasync_agent: Fix import of agents created with activation_key by removing requirement for one of ip_address or activation_key to be set (#​35150)
• resource/aws_dms_replication_config: Prevent erroneous diffs on replication_settings (#​34356)
• resource/aws_dms_replication_task: Prevent erroneous diffs on replication_task_settings (#​34356)
• resource/aws_dynamodb_table: Fix error when waiting for snapshot to be created (#​34848)
• resource/aws_finspace_kx_dataview: Properly set arn attribute on read, resolving persistent differences when tags are configured (#​34998)
• resource/aws_glue_catalog_database: Properly handle out-of-band resource deletion (#​35195)
• resource/aws_iot_indexing_configuration: Correct plan-time validation of thing_indexing_configuration.filter.named_shadow_names (#​35225)
• resource/aws_kinesis_firehose_delivery_stream: Fix InvalidArgumentException: Both BufferSizeInMBs and BufferIntervalInSeconds are required to configure buffering for lambda processor errors on resource Update (#​26964)
• resource/aws_kinesis_firehose_delivery_stream: Fix perpetual extended_s3_configuration.processing_configuration.processors.parameters diffs when processor type is Lambda (#​35137)
• resource/aws_lambda_function: Ensure lambda does not get deployed if source_code_hash does not change. (#​29921)
• resource/aws_lb: Fix ValidationError: Attributes cannot be empty errors (#​35228)
• resource/aws_lb_target_group: Fix diff on stickiness.cookie_name when stickiness.type is lb_cookie (#​31436)
• resource/aws_memorydb_cluster: Treat snapshotting status as pending when creating cluster (#​31077)
• resource/aws_ram_principal_association: Fix reading RAM Resource Share (...) Principal Association (...): couldn't find resource (21 retries) errors when a high number of principals are associated with a resource share (#​34738)
• resource/aws_s3_bucket_object: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• resource/aws_s3_object: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• resource/aws_s3_object_copy: Remove any leading ./ from key to maintain AWS SDK for Go v1 (pre-v5.17.0) compatibility (#​35223)
• resource/aws_secretsmanager_secret_rotation: No longer ignores changes to rotation_rules.automatically_after_days when rotation_rules.schedule_expression is set. (#​35024)
• resource/aws_ses_configuration_set: Fix tracking_options being omitted from state and resulting in persistent diff (#​35056)
• resource/aws_ssoadmin_application: Fix portal_options.sign_in_options.application_url triggering ValidationError when unset (#​34967)

v5.31.0

Compare Source

FEATURES:

• New Data Source: aws_polly_voices (#​34916)
• New Data Source: aws_ssoadmin_application_assignments (#​34796)
• New Data Source: aws_ssoadmin_principal_application_assignments (#​34815)
• New Resource: aws_finspace_kx_dataview (#​34828)
• New Resource: aws_finspace_kx_scaling_group (#​34832)
• New Resource: aws_finspace_kx_volume (#​34833)
• New Resource: aws_ssoadmin_trusted_token_issuer (#​34839)

ENHANCEMENTS:

• data-source/aws_cloudwatch_log_group: Add log_group_class attribute (#​34812)
• data-source/aws_dms_endpoint: Add postgres_settings attribute (#​34724)
• data-source/aws_lb: Add connection_logs attribute (#​34864)
• data-source/aws_lb: Add dns_record_client_routing_policy attribute (#​34135)
• data-source/aws_opensearchserverless_collection: Add standby_replicas attribute (#​34677)
• resource/aws_db_instance: Add support for IBM Db2 databases (#​34834)
• resource/aws_dms_endpoint: Add elasticsearch_settings.use_new_mapping_type argument (#​29470)
• resource/aws_dms_endpoint: Add postgres_settings configuration block (#​34724)
• resource/aws_finspace_kx_cluster: Add database.dataview_name, scaling_group_configuration, and tickerplant_log_configuration arguments. (#​34831)
• resource/aws_finspace_kx_cluster: The capacity_configuration argument is now optional. (#​34831)
• resource/aws_lb: Add connection_logs configuration block (#​34864)
• resource/aws_lb: Add plan-time validation that exactly one of either subnets or subnet_mapping is configured (#​33205)
• resource/aws_lb: Allow the number of subnet_mappings for Application Load Balancers to be changed without recreating the resource (#​33205)
• resource/aws_lb: Allow the number of subnet_mappings for Network Load Balancers to be increased without recreating the resource (#​33205)
• resource/aws_lb: Allow the number of subnets for Network Load Balancers to be increased without recreating the resource (#​33205)
• resource/aws_opensearchserverless_collection: Add standby_replicas attribute (#​34677)

BUG FIXES:

• data-source/aws_ecr_pull_through_cache_rule: Fix plan time validation for ecr_repository_prefix (#​34716)
• provider: Always use the S3 regional endpoint in us-east-1 for S3 directory bucket operations. This fixes no such host errors (#​34893)
• resource/aws_appmesh_virtual_node: Remove limit of 50 backends per virtual node (#​34774)
• resource/aws_cloudwatch_log_group: Fix invalid new value for .skip_destroy: was cty.False, but now null errors (#​30354)
• resource/aws_cloudwatch_log_group: Remove default value (STANDARD) for log_group_class argument and mark as Computed. This fixes InvalidParameterException: Only Standard log class is supported errors in AWS Regions other than AWS Commercial (#​34812)
• resource/aws_db_instance: Fix error where Terraform loses track of resource if Blue/Green Deployment is applied outside of Terraform (#​34728)
• resource/aws_dms_event_subscription: source_ids and source_type are Required (#​33731)
• resource/aws_ecr_pull_through_cache_rule: Fix plan time validation for ecr_repository_prefix (#​34716)
• resource/aws_lb: Correct in-place update of security_groups for Network Load Balancers when the new value is Computed (#​33205)
• resource/aws_lb: Fix InvalidConfigurationRequest: Load balancer attribute key 'dns_record.client_routing_policy' is not supported on load balancers with type 'network' errors on resource Create in AWS GovCloud (US) (#​34135)
• resource/aws_medialive_channel: Fixed errors related to setting the failover_condition argument (#​33410)
• resource/aws_securitylake_data_lake: Fix reflect.Set: value of type basetypes.StringValue is not assignable to type types.ARN panic when importing resources with nil ARN fields (#​34820)
• resource/aws_vpc: Increase IPAM pool allocation deletion timeout from 20 minutes to 35 minutes (#​34859)

v5.30.0

Compare Source

FEATURES:

• New Data Source: aws_codeguruprofiler_profiling_group (#​34672)
• New Data Source: aws_ecr_repositories (#​34446)
• New Data Source: aws_lb_trust_store (#​34584)
• New Data Source: aws_ssoadmin_application (#​34773)
• New Data Source: aws_ssoadmin_application_providers (#​34670)
• New Resource: aws_codeguruprofiler_profiling_group (#​34672)
• New Resource: aws_customerprofiles_domain (#​34622)
• New Resource: aws_customerprofiles_profile (#​34622)
• New Resource: aws_lb_trust_store (#​34584)
• New Resource: aws_lb_trust_store_revocation (#​34584)
• New Resource: aws_securitylake_data_lake (#​34521)
• New Resource: aws_ssoadmin_application (#​34723)
• New Resource: aws_ssoadmin_application_assignment (#​34741)
• New Resource: aws_ssoadmin_application_assignment_configuration (#​34752)

ENHANCEMENTS:

• data-source/aws_appconfig_configuration_profile: Add kms_key_identifier attribute (#​34725)
• data-source/aws_lb: Add enforce_security_group_inbound_rules_on_private_link_traffic attribute (#​33767)
• data-source/aws_lb_listener: Add mutual_authentication attribute (#​34584)
• resource/aws_appconfig_configuration_profile: Add kms_key_identifier attribute (#​34725)
• resource/aws_appconfig_deployment: Add kms_key_identifier attribute (#​34739)
• resource/aws_cloudwatch_log_group: Add log_group_class argument (#​34679)
• resource/aws_lb: Add enforce_security_group_inbound_rules_on_private_link_traffic argument (#​33767)
• resource/aws_lb_listener: Add mutual_authentication configuration block (#​34584)
• resource/aws_s3_bucket: Fix stack overflow fatal errors on resource Delete when force_destroy is true and the bucket contains delete markers (#​34712)
• resource/aws_sagemaker_app: Add resource_spec.sagemaker_image_version_alias argument (#​34729)
• resource/aws_sagemaker_app_image_config: Add jupyter_lab_image_config configuration block (#​34696)
• resource/aws_sagemaker_domain: Add default_user_settings.code_editor_app_settings, default_user_settings.custom_file_system_config, default_user_settings.custom_posix_user_config, default_user_settings.default_landing_uri, default_user_settings.jupyter_lab_app_settings, default_user_settings.space_storage_settings, default_user_settings.studio_web_portal arguments (#​34729)
• resource/aws_sagemaker_domain: Add sagemaker_image_version_alias argument under all default_resource_spec blocks (#​34729)
• resource/aws_sagemaker_domain: Add single_sign_on_application_arn attribute (#​34729)
• resource/aws_sagemaker_space: Add sagemaker_image_version_alias argument under all default_resource_spec blocks (#​34729)
• resource/aws_sagemaker_space: Add space_display_name argument (#​34729)
• resource/aws_sagemaker_space: Add url attribute (#​34729)
• resource/aws_sagemaker_user_profile: Add sagemaker_image_version_alias argument under all default_resource_spec blocks (#​34729)
• resource/aws_sagemaker_user_profile: Add user_settings.code_editor_app_settings, user_settings.custom_file_system_config, user_settings.custom_posix_user_config, user_settings.default_landing_uri, user_settings.jupyter_lab_app_settings, user_settings.space_storage_settings, user_settings.studio_web_portal arguments (#​34729)
• resource/aws_transfer_server: Add support for TransferSecurityPolicy-FIPS-2023-05 security_policy_name value (#​34709)

BUG FIXES:

• resource/aws_ami: Correctly sets deprecation_time on creation and update due to eventual consistency (#​34691)
• resource/aws_ami: Correctly sets description on update due to eventual consistency (#​34691)
• resource/aws_ami: Now allows removing deprecation_time (#​34691)
• resource/aws_appflow_flow: Fix perpetual diff on destination_flow_config (#​34770)
• resource/aws_backup_vault_policy: Fix eventual consistency error when waiting for IAM (#​34671)
• resource/aws_eks_pod_identity_association: Retry IAM eventual consistency errors on create and update (#​34717)
• resource/aws_glue_connection: Fix crash while creating resource with empty physical_connection_requirements configuration block (#​34737)

v5.29.0

Compare Source

FEATURES:

• New Resource: aws_docdbelastic_cluster (#​31033)
• New Resource: aws_eks_pod_identity_association (#​34566)

ENHANCEMENTS:

• resource/aws_docdb_cluster: Add storage_type argument (#​34637)
• resource/aws_neptune_parameter_group: Add name_prefix argument (#​34500)

BUG FIXES:

• resource/aws_networkmanager_attachment_accepter: Now revokes attachment on deletion for VPC Attachments (#​34547)
• resource/aws_networkmanager_vpc_attachment: Fixes error when modifying options fields while waiting for acceptance (#​34547)
• resource/aws_networkmanager_vpc_attachment: Fixes error where VPC Attachments waiting for acceptance could not be deleted (#​34547)
• resource/aws_s3_directory_bucket: Fix NotImplemented: This bucket does not support Object Versioning errors on resource Delete when force_destroy is true (#​34647)

v5.28.0

Compare Source

FEATURES:

• New Data Source: aws_s3_directory_buckets (#​34612)
• New Resource: aws_s3_directory_bucket (#​34612)

ENHANCEMENTS:

• resource/aws_s3control_