chore(deps): update terraform aws to v5 (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	major	>= 3.34, < 5.0 -> < 5.44

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.43.0

Compare Source

FEATURES:

• New Data Source: aws_resourceexplorer2_search (#​36560)
• New Data Source: aws_servicecatalogappregistry_application (#​36596)
• New Resource: aws_cloudfrontkeyvaluestore_key (#​36534)
• New Resource: aws_devopsguru_notification_channel (#​36557)
• New Resource: aws_ec2_instance_metadata_defaults (#​36589)
• New Resource: aws_lakeformation_resource_lf_tag (#​36537)
• New Resource: aws_m2_application (#​35399)
• New Resource: aws_m2_deployment (#​35408)
• New Resource: aws_m2_environment (#​35311)
• New Resource: aws_redshiftserverless_custom_domain_association (#​35865)
• New Resource: aws_servicecatalogappregistry_application (#​36277)

ENHANCEMENTS:

• data-source/aws_cloudfront_function: Add key_value_store_associations attribute (#​36585)
• data-source/aws_db_snapshot: Add original_snapshot_create_time attribute (#​36544)
• resource/aws_cloudfront_function: Add key_value_store_associations argument (#​36585)
• resource/aws_ec2_host: Add user configurable timeouts (#​36538)
• resource/aws_glacier_vault_lock: Allow policy to have leading whitespace (#​36597)
• resource/aws_iam_group_policy: Allow policy to have leading whitespace (#​36597)
• resource/aws_iam_policy: Allow policy to have leading whitespace (#​36597)
• resource/aws_iam_role: Allow assume_role_policy and inline_policy.*.policy to have leading whitespace (#​36597)
• resource/aws_iam_role_policy: Allow policy to have leading whitespace (#​36597)
• resource/aws_iam_user_policy: Allow policy to have leading whitespace (#​36597)
• resource/aws_kinesisanalyticsv2_application: Add support for FLINK-1_18 runtime_environment value (#​36562)
• resource/aws_media_store_container_policy: Allow policy to have leading whitespace (#​36597)
• resource/aws_ssoadmin_permission_set_inline_policy: Allow inline_policy to have leading whitespace (#​36597)
• resource/aws_transfer_access: Allow policy to have leading whitespace (#​36597)
• resource/aws_transfer_user: Allow policy to have leading whitespace (#​36597)
• resource/aws_vpc_ipam: Add tier argument (#​36504)

BUG FIXES:

• data-source/aws_cur_report_definition: Direct all API calls to the us-east-1 endpoint as this is the only Region in which AWS Cost and Usage Reports is available (#​36540)
• resource/aws_applicationinsights_application: Make ACTIVE a valid create target status (#​36615)
• resource/aws_autoscaling_group: Don't attempt to remove scale-in protection from instances that don't have the feature enabled (#​36586)
• resource/aws_cur_report_definition: Direct all API calls to the us-east-1 endpoint as this is the only Region in which AWS Cost and Usage Reports is available (#​36540)
• resource/aws_elasticsearch_domain_policy: Handle delayed domain status propagation, preventing a ValidationException. (#​36592)
• resource/aws_iam_instance_profile: Detect when the associated role no longer exists (#​34099)
• resource/aws_instance: Replace an instance when an instance_type change also requires an architecture change, such as x86_64 to arm64 (#​36590)
• resource/aws_opensearch_domain_policy: Handle delayed domain status propagation, preventing a ValidationException. (#​36592)
• resource/aws_quicksight_dashboard: Fix failure when updating a dashboard takes a while (#​34227)
• resource/aws_quicksight_template: Fix "Invalid address to set" errors (#​34227)
• resource/aws_quicksight_template: Fix "a number is required" errors when state contains an empty string (#​34227)
• resource/aws_redshift_cluster: Fix InvalidParameterCombination errors when updating only skip_final_snapshot (#​36635)
• resource/aws_route53_zone: Prevent re-creation when name casing changes (#​36563)
• resource/aws_secretsmanager_secret_version: Fix to handle versions deleted out-of-band without raising an InvalidRequestException (#​36609)
• resource/aws_ssm_parameter: force create a new SSM parameter when data_type is updated. (#​35960)

v5.42.0

Compare Source

FEATURES:

• New Data Source: aws_redshift_producer_data_shares (#​36481)
• New Resource: aws_devopsguru_event_sources_config (#​36485)
• New Resource: aws_devopsguru_resource_collection (#​36489)
• New Resource: aws_dynamodb_table_export (#​30399)

ENHANCEMENTS:

• data-source/aws_vpc_peering_connection: Add ipv6_cidr_block_set and peer_ipv6_cidr_block_set attributes (#​36391)
• resource/aws_datasync_location_hdfs: Add kerberos_keytab_base64 and kerberos_krb5_conf_base64 arguments (#​36072)
• resource/aws_finspace_kx_dataview: Add read_write and segment_configuration.on_demand arguments (#​36486)
• resource/aws_rds_cluster: Add enable_local_write_forwarding argument to support Aurora MySQL local write forwarding (#​34370)

BUG FIXES:

• provider: Change the default AWS SDK for Go v2 API client RateLimiter to ratelimit.None so that services migrated to AWS SDK for Go v2 maintain behavioral compatibility with AWS SDK for Go v1 (#​36467)
• resource/aws_appautoscaling_policy: Fix errors when importing an MSK storage autoscaling policy (#​34934)
• resource/aws_appautoscaling_scheduled_action: Always send start_time and end_time values on update when configured (#​33713)
• resource/aws_appautoscaling_scheduled_action: Read correct resource by using scalable_dimension as an additional filter (#​34382)
• resource/aws_datasync_location_azure_blob: Fix missing container_url attribute value and bad subdirectory attribute value from state read/refresh (#​36072)
• resource/aws_datasync_location_efs: Fix missing efs_file_system_arn attribute value from state read/refresh (#​36072)
• resource/aws_datasync_location_hdfs: Mark qop_configuration as Computed (#​36072)
• resource/aws_datasync_location_nfs: Fix missing server_hostname attribute value from state read/refresh (#​36072)
• resource/aws_datasync_location_s3: Fix missing s3_bucket_arn attribute value from state read/refresh (#​36072)
• resource/aws_datasync_location_smb: Fix missing server_hostname attribute value from state read/refresh (#​36072)
• resource/aws_dms_replication_config: Fix persistent change in replication_settings (#​35670)
• resource/aws_dms_replication_task: Fix persistent change in replication_task_settings (#​35670)
• resource/aws_eks_access_entry: Always send kubernetes_groups and user_name values on update when configured (#​36484)
• resource/aws_glue_job: Adjust number_of_workers minimum value to 1 (#​36458)
• resource/aws_lexv2models_slot: Fix custom_payload typo (#​36488)
• resource/aws_route: Allow resource creation if a propagated route to the same destination exists (#​36512)
• resource/aws_vpn_connection: local_ipv6_network_cidr, remote_ipv6_network_cidr, tunnel1_inside_ipv6_cidr, and tunnel2_inside_ipv6_cidr no longer require transit_gateway_id to be specified (#​36405)

v5.41.0

Compare Source

FEATURES:

• New Data Source: aws_apprunner_hosted_zone_id (#​36288)
• New Data Source: aws_medialive_input (#​36307)
• New Resource: aws_lakeformation_data_cells_filter (#​36264)
• New Resource: aws_securityhub_configuration_policy (#​35752)
• New Resource: aws_securityhub_configuration_policy_association (#​35752)
• New Resource: aws_securitylake_subscriber_notification (#​36323)

ENHANCEMENTS:

• data-source/aws_ec2_transit_gateway_peering_attachment: Add state attribute (#​36304)
• data-source/aws_lakeformation_permissions: Add data_cells_filter attribute (#​36264)
• data-source/aws_ram_resource_share: name is Optional (#​36062)
• resource/aws_cognito_user_pool: Add pre_token_generation_config configuration block (#​35236)
• resource/aws_ec2_transit_gateway_peering_attachment: Add state attribute (#​36304)
• resource/aws_ecs_cluster: Add default value (DEFAULT) for configuration.execute_command_configuration.logging (#​36341)
• resource/aws_lakeformation_permissions: Add data_cells_filter attribute (#​36264)
• resource/aws_ram_resource_association: Add plan-time validation of resource_arn and resource_share_arn (#​36062)
• resource/aws_route53domains_registered_domain: Add billing_contact and billing_privacy arguments (#​36285)
• resource/aws_securityhub_organization_configuration: Add organization_configuration configuration block to support central configuration (#​35752)
• resource/aws_securityhub_organization_configuration: Set auto_enable to false, auto_enable_standards to NONE, and organization_configuration.configuration_type to LOCAL on resource Delete (#​35752)

BUG FIXES:

• data-source/aws_iam_policy_document: Fix Failed to marshal state to json: unsupported attribute "override_json" and Failed to marshal state to json: unsupported attribute "source_json" errors when running terraform show -json or terraform state rm (#​36383)
• data-source/aws_opensearch_domain : Add auto_tune_options.use_off_peak_window attribute. This fixes a regression introduced in v5.40.0 causing Invalid address to set errors (#​36298)
• resource/aws_cognito_identity_pool: Fix handling of resources deleted out of band (#​36100)
• resource/aws_cognito_identity_provider: Fix InvalidParameterException: ActiveEncryptionCertificate is not a valid key for SAML identity provider details errors on resource Update (#​36311)
• resource/aws_ec2_instance: Remove ForceNew from ipv6_address_count (#​36308)
• resource/aws_ecs_cluster: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when configuration, configuration.execute_command_configuration, or configuration.execute_command_configuration.log_configuration are empty (#​36341)
• resource/aws_ecs_service: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when service_connect_configuration.service.timeout is empty (#​36309)
• resource/aws_ecs_service: service_connect_configuration.service.tls.issuer_cert_authority.aws_pca_authority_arn is Required (#​36309)
• resource/aws_elasticache_replication_group: Fix bugs causing errors like InvalidReplicationGroupState: Cluster not in available state to perform tagging operations. (#​36310)
• resource/aws_finspace_kx_cluster: Prevent command_line_arguments and initialization_script updates from overwriting one another (#​36361)
• resource/aws_network_acl_rule: Fix InvalidNetworkAclID.NotFound errors on resource Delete (#​36326)
• resource/aws_network_acl_rule: Prevent creation of duplicate Terraform resources (#​36326)
• resource/aws_ram_principal_association: Prevent creation of duplicate Terraform resources (#​36062)
• resource/aws_ram_principal_association: Remove from state on resource Read if principal is disassociated outside of Terraform (#​36062)
• resource/aws_ram_resource_association: Prevent creation of duplicate Terraform resources (#​36062)
• resource/aws_route: Prevent creation of duplicate Terraform resources (#​36326)
• resource/aws_route_table: Fix couldn't find resource errors on resource Delete (#​36326)
• resource/aws_vpn_connection: Correct plan-time validation of tunnel1_inside_ipv6_cidr and tunnel2_inside_ipv6_cidr (#​36236)

v5.40.0

Compare Source

FEATURES:

• New Function: arn_build (#​34952)
• New Function: arn_parse (#​34952)
• New Resource: aws_account_region (#​35739)
• New Resource: aws_securitylake_subscriber (#​35981)

ENHANCEMENTS:

• data-source/aws_rds_engine_version: Add has_major_target and has_minor_target optional arguments and valid_major_targets and valid_minor_targets attributes (#​36246)
• resource/aws_batch_job_queue: added parameter compute_environment_order which conflicts with compute_environments but aligns with AWS API. compute_environments has been deprecated. (#​34750)
• resource/aws_cloudfront_distribution: Remove the upper limit on origin.custom_origin_config.origin_read_timeout (#​36088)
• resource/aws_db_instance: Add io2 as a valid value for storage_type (#​36252)
• resource/aws_elasticache_serverless_cache: Add plan-time validation of cache_usage_limits.ecpu_per_second.maximum (#​35927)
• resource/aws_iot_policy: Add tagging support (#​36102)
• resource/aws_iot_role_alias: Add tagging support (#​36255)
• resource/aws_opensearch_domain: Add use_off_peak_window argument to the auto_tune_options configuration block (#​36067)
• resource/aws_rds_cluster: Add io2 as a valid value for storage_type (#​36252)
• resource/aws_s3_bucket_object: Adds attribute arn. (#​35710)
• resource/aws_s3_object: Adds attribute arn. (#​35710)
• resource/aws_s3_object_copy: Adds attribute arn. (#​35710)
• resource/aws_wafv2_rule_group: Add evaluation_window_sec argument to the rate_based_statement configuration block (#​36045)
• resource/aws_wafv2_web_acl: Add evaluation_window_sec argument to the rate_based_statement configuration block (#​36045)

BUG FIXES:

• data-source/aws_rds_engine_version: Fix bugs that could limit engine version to a default version even when not appropriate (#​36246)
• resource/aws_db_instance: Correctly sets parameter_group_name when replicate_source_db is in different region. (#​36080)
• resource/aws_elastic_beanstalk_environment: Fix InvalidParameterValue: Environment named ... is in an invalid state for this operation. Must be Ready errors when tags are updated along with other attributes (#​36074)
• resource/aws_elasticache_serverless_cache: Change cache_usage_limits.data_storage.maximum and cache_usage_limits.ecpu_per_second.maximum to ForceNew (#​35927)
• resource/aws_medialive_channel: Fix handling of optional encoder_settings.audio_descriptions arguments (#​36097)
• resource/aws_rds_global_cluster: Fix bugs and delays that could occur when performing major or minor version upgrades (#​36246)
• resource/aws_s3_bucket: Tags with empty values no longer remove all tags. (#​35710)
• resource/aws_s3_bucket_object: Tags with empty values no longer remove all tags. (#​35710)
• resource/aws_s3_object: Tags with empty values no longer remove all tags. (#​35710)
• resource/aws_s3_object_copy: Tags with empty values no longer remove all tags. (#​35710)
• resource/aws_vpclattice_listener_rule: Remove action.forward.target_groups maximum item limit (#​36095)

v5.39.1

Compare Source

BUG FIXES:

• data-source/aws_instance: Fix panic: Invalid address to set related to root_block_device.0.tags_all (#​36054)

v5.39.0

Compare Source

FEATURES:

• New Data Source: aws_redshift_data_shares (#​35937)
• New Resource: aws_apprunner_deployment (#​35758)
• New Resource: aws_config_retention_configuration (#​15136)
• New Resource: aws_securityhub_automation_rule (#​34781)
• New Resource: aws_shield_proactive_engagement (#​34667)

ENHANCEMENTS:

• aws_kinesis_firehose_delivery_stream: Add custom_time_zone and file_extension arguments to the extended_S3_configuration configuration block (#​35969)
• resource/aws_appflow_flow: Allow task.source_fields to be a null value (#​35993)
• resource/aws_codepipeline: Add trigger configuration block (#​35475)
• resource/aws_config_configuration_recorder: Add plan-time validation of aws_config_organization_custom_rule.lambda_function_arn (#​15136)
• resource/aws_instance: Add configurable read timeout (#​35955)
• resource/aws_instance: Apply default tags to volumes/block devices managed through an aws_instance, add ebs_block_device.*.tags_all and root_block_device.*.tags_all attributes which include default tags (#​33769)
• resource/aws_mq_broker: Add data_replication_mode and data_replication_primary_broker_arn arguments, enabling support for cross-region data replication (#​35990)
• resource/aws_mwaa_environment: Add endpoint_management attribute (#​35961)
• resource/aws_redshiftserverless_namespace:
  Add attributes admin_password_secret_kms_key_id and manage_admin_password (#​35965)
• resource/aws_shield_drt_access_log_bucket_association: Support resource import (#​34667)
• resource/aws_shield_drt_access_role_arn_association: Support resource import (#​34667)
• resource/aws_spot_instance_request: Add configurable read timeout (#​35955)
• resource/aws_wafv2_web_acl: Add application_integration_url attribute (#​35974)

BUG FIXES:

• data/aws_redshiftserverless_namespace: Properly set iam_roles attribute on read (#​35965)
• resource/aws_appflow_flow: Fix perpetual diff when task.task_type is set to Map_all (#​35993)
• resource/aws_config_configuration_recorder: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when recording_group.exclusion_by_resource_types is empty (#​15136)
• resource/aws_config_rule: Change name to ForceNew (#​15136)
• resource/aws_config_rule: Fix InvalidParameterValueException: PolicyText is required when Owner is CUSTOM_POLICY errors on resource Update (#​15136)
• resource/aws_ecs_task_definition: Fix perpetual container_definitions diffs when Names are ordered differently (#​36029)
• resource/aws_msk_replicator: Fix incorrect detect_and_copy_new_topics attribute value from state read/refresh (#​35966)
• resource/aws_redshiftserverless_workgroup: Fix max_capacity removal (#​36032)
• resource/aws_redshiftserverless_workgroup: Fix updating both base_capacity and max_capacity (#​36032)
• resource/aws_shield_drt_access_log_bucket_association: Change log_bucket and role_arn_association_id to ForceNew (#​34667)

v5.38.0

Compare Source

FEATURES:

• New Data Source: aws_batch_job_definition (#​34663)
• New Data Source: aws_cognito_user_group (#​34046)
• New Data Source: aws_cognito_user_groups (#​34046)

ENHANCEMENTS:

• data-source/aws_alb_target_group: Add load_balancer_arns attribute (#​34364)
• data-source/aws_ec2_instance_type: Add maximum_network_cards attribute (#​35840)
• data-source/aws_elasticache_subnet_group: Add vpc_id attribute (#​35887)
• data-source/aws_lb_target_group: Add load_balancer_arns attribute (#​34364)
• provider: Add token_bucket_rate_limiter_capacity parameter (#​35926)
• resource/aws_alb_target_group: Add load_balancer_arns attribute (#​34364)
• resource/aws_codedeploy_deployment_config: Add arn attribute (#​35888)
• resource/aws_codepipeline: Add execution_mode argument (#​35875)
• resource/aws_config_configuration_recorder: Add recording_mode configuration block (#​35527)
• resource/aws_db_instance: Add plan-time validation of performance_insights_retention_period (#​35870)
• resource/aws_elasticache_subnet_group: Add vpc_id attribute (#​35887)
• resource/aws_lb_target_group: Add load_balancer_arns attribute (#​34364)
• resource/aws_redshiftserverless_workgroup: Add max_capacity argument (#​35720)
• resource/aws_transfer_server: Add TransferSecurityPolicy-2024-01 and TransferSecurityPolicy-FIPS-2024-01 as valid values for security_policy_name (#​35879)

BUG FIXES:

• data-source/aws_caller_identity: Fix authentication signature error when alternate sts_region is specified (#​35860)
• data-source/aws_eks_access_entry: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• data-source/aws_eks_addon: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• data-source/aws_eks_cluster: Fix name plan-time validation, allowing single-character names (#​35874)
• resource/aws_cloudsearch_domain: Prevent panic when reading nil index_field options response values (#​35900)
• resource/aws_eks_access_entry: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_access_policy_association: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_addon: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_cluster: Fix name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_fargate_profile: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_eks_node_group: Fix cluster_name plan-time validation, allowing single-character names (#​35874)
• resource/aws_prometheus_scraper: Fixes invalid result after apply error. (#​35844)
• resource/aws_sqs_queue_policy: Retry IAM eventual consistency errors (#​35861)

v5.37.0

Compare Source

NOTES:

• provider: Updates to Go 1.21 (used by Terraform starting with v1.6.0), which, for Windows, requires at least Windows 10 or Windows Server 2016--support for previous versions has been discontinued--and, for macOS, requires macOS 10.15 Catalina or later--support for previous versions has been discontinued. (#​35832)
• resource/aws_bedrock_provisioned_model_throughput: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​35689)

FEATURES:

• New Data Source: aws_db_parameter_group (#​35698)
• New Resource: aws_bedrock_provisioned_model_throughput (#​35689)
• New Resource: aws_cloudfront_key_value_store (#​35663)
• New Resource: aws_redshift_data_share_consumer_association (#​35771)

ENHANCEMENTS:

• data-source/aws_ecr_pull_through_cache_rule: Add credential_arn attribute (#​34475)
• data-source/aws_ecs_task_execution: Add client_token argument (#​34402)
• data-source/aws_neptune_cluster_instance: Add skip_final_snapshot argument (#​35698)
• data-source/aws_rds_engine_version: Improve search functionality and options by adding latest, preferred_major_targets, and preferred_upgrade_targets. Add version_actual attribute (#​35698)
• data-source/aws_rds_orderable_db_instance: Improve search functionality and options by adding engine_latest_version and supports_clusters arguments and converting read_replica_capable, supported_engine_modes, supported_network_types, and supports_multi_az to arguments for use as search criteria (#​35698)
• resource/aws_appsync_graphql_api: Add introspection_config, query_depth_limit, and resolver_count_limit arguments (#​35631)
• resource/aws_codeartifact_domain: Add s3_bucket_arn attribute (#​35760)
• resource/aws_ecr_pull_through_cache_rule: Add credential_arn argument (#​34475)
• resource/aws_ecs_service: Add service_connect_configuration.service.timeout and service_connect_configuration.service.tls configuration blocks (#​35684)
• resource/aws_ecs_task_definition: Add track_latest argument (#​30154)
• resource/aws_glue_catalog_database: Add federated_database argument (#​35799)
• resource/aws_glue_trigger: Add configurable timeouts (#​35542)
• resource/aws_rds_cluster: Add domain and domain_iam_role_name arguments to support Kerberos authentication (#​35753)
• resource/aws_route53_record: Add geoproximity_routing_policy configuration block to support geoproximity routing (#​35565)
• resource/aws_route53_resolver_rule: Add target_ip.protocol argument (#​35744)
• resource/aws_sagemaker_endpoint_configuration: Add routing_config argument. Enables the specification of a routing_strategy. (#​34777)
• resource/aws_sagemaker_space: Add ownership_settings, space_sharing_settings, space_settings.app_type, space_settings.code_editor_app_settings, space_settings.custom_file_system, space_settings.jupyter_lab_app_settings, and space_settings.space_storage_settings arguments (#​35116)

BUG FIXES:

• provider: Fix failed to get rate limit token, retry quota exceeded errors (#​35817)
• resource/aws_apigateway_domain_name: Properly send changes to ownership_verification_certificate_arn on update (#​35777)
• resource/aws_apigatewayv2_route: Fix BadRequestException: Unable to update route. Authorizer type is invalid or null errors when updating authorizer_id (#​35821)
• resource/aws_autoscaling_group: Fix version to computed for inconsistent final plan issue (#​35774)
• resource/aws_datasync_task: Fix crash when reading empty report_override values (#​35778)
• resource/aws_datasync_task: Prevent ValidationErrors when empty values are sent with report_override arguments (#​35778)
• resource/aws_db_proxy: Change auth from TypeList to TypeSet as order is not significant (#​35819)
• resource/aws_ecs_account_setting_default: Remove plan-time validation of value (#​33393)
• resource/aws_ecs_task_definition: Fix perpetual container_definitions diffs when Secrets are ordered differently (#​35792)
• resource/aws_eks_access_policy_association: Retry IAM eventual consistency errors on create (#​35736)
• resource/aws_instance: Fix ReservationCapacityExceeded errors when updating instance_type and capacity_reservation_specification.capacity_reservation_target.capacity_reservation_id (#​33412)
• resource/aws_lakeformation_resource: Properly handle configured false values for use_service_linked_role (#​35799)
• resource/aws_medialive_channel: Added client_cache to hls_group_settings. (#​35738)
• resource/aws_ram_resource_share_accepter: Fix handling of out-of-band resource share deletion (#​35800)
• resource/aws_redshift_data_share_authorization: Fix read operation to properly handle shares in ACTIVE status (#​35771)
• resource/aws_s3_bucket_acl: Correctly updates access_control_policy when switching configuration to acl. (#​35775)
• resource/resource_share_acceptor: Wait until RAM resource share available after accepting the invitation (#​34753)

v5.36.0

Compare Source

NOTES:

• data-source/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#​35615)
• resource/aws_controltower_landing_zone: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​34595)
• resource/aws_media_convert_queue: The AWS Elemental MediaConvert service has been converted to use standard Regional endpoints instead of deprecated per-account endpoints (#​35615)

FEATURES:

• New Resource: aws_controltower_landing_zone (#​34595)
• New Resource: aws_osis_pipeline (#​35582)
• New Resource: aws_redshift_data_share_authorization (#​35703)
• New Resource: aws_securitylake_custom_log_source (#​35354)

ENHANCEMENTS:

• resource/aws_cloudwatch_metric_stream: Add plan-time validation of output_format (#​35569)
• resource/aws_db_instance: Add diag.log and notify.log as valid values for enabled_cloudwatch_logs_exports (#​35626)
• resource/aws_db_instance: Add domain_auth_secret_arn, domain_dns_ips, domain_fqdn, and domain_ou arguments to support self-managed Active Directory (#​35500)
• resource/aws_s3_bucket_metric: Add filter.access_point argument (#​35590)
• resource/aws_verifiedaccess_group: Add sse_configuration argument (#​34055)

BUG FIXES:

• resource/aws_db_instance: Creating resource from point-in-time recovery now handles password attribute correctly (#​35589)
• resource/aws_dynamodb_table: Ensure that replicas are always set on Read (#​35630)
• resource/aws_emr_cluster: Properly normalize launch_specifications.on_demand_specification.allocation_strategy and launch_specifications.spot_specification.allocation_strategy values to fix perpetual state differences (#​34367)
• resource/aws_kinesis_firehose_delivery_stream: Change extended_s3_configuration.processing_configuration.processors.parameters from TypeList to TypeSet as order is not significant (#​35672)
• resource/aws_lambda_function: Resolve consecutive diff issue in logging_config when values for application_log_level or system_log_level are not specified (#​35694)
• resource/aws_lb_listener: Fixes unexpected diff when using default_action parameters which don't match the type. (#​35678)
• resource/aws_lb_listener: Was incorrectly reporting conflicting default_action[].target_group_arn when ignore_changes was set. (#​35671)
• resource/aws_lb_listener: Was not storing default_action[].forward in state if only a single target_group was set. (#​35671)
• resource/aws_lb_listener_rule: Fixes unexpected diff when using action parameters which don't match the type. (#​35678)
• resource/aws_lb_listener_rule: Was incorrectly reporting conflicting action[].target_group_arn when ignore_changes was set. (#​35671)
• resource/aws_lb_listener_rule: Was not storing action[].forward in state if only a single target_group was set. (#​35671)
• resource/aws_ssm_patch_baseline: Mark json as Computed if there are content changes (#​35606)

v5.35.0

Compare Source

FEATURES:

• New Data Source: aws_bedrock_custom_model (#​34310)
• New Data Source: aws_bedrock_custom_models (#​34310)
• New Data Source: aws_ssmcontacts_rotation (#​32710)
• New Resource: aws_bedrock_custom_model (#​34310)
• New Resource: aws_lexv2models_slot (#​34617)
• New Resource: aws_lexv2models_slot_type (#​35555)
• New Resource: aws_rekognition_collection (#​35407)
• New Resource: aws_sesv2_email_identity_policy (#​35486)
• New Resource: aws_ssmcontacts_rotation (#​32710)

ENHANCEMENTS:

• data-source/aws_redshift_cluster: Add multi_az attribute (#​35508)
• resource/aws_lakeformation_resource: Add hybrid_access_enabled argument (#​35571)
• resource/aws_lakeformation_resource: Add with_federation argument (#​35154)
• resource/aws_redshift_cluster: Add multi_az argument (#​35508)
• resource/aws_redshiftserverless_endpoint_access: Add owner_account argument (#​35509)
• resource/aws_wafv2_rule_group: Add header_order to field_to_match configuration blocks (#​35521)
• resource/aws_wafv2_web_acl: Add header_orderto field_to_match configuration blocks (#​35521)

BUG FIXES:

• data-source/aws_networkmanager_core_network_policy_document: Remove core_network_configuration.edge_locations maximum item limit (#​35585)
• resource/aws_backup_plan: Fix InvalidParameterValueException: Invalid lifecycle. EBS Cold Tier is not yet supported errors on resource Create in AWS GovCloud (US) (#​35560)
• resource/aws_cognito_user_group: Allow import of user groups with names containing / (#​35501)
• resource/aws_dms_event_subscription: Mark source_ids as Optional. This fixes a regression introduced in v5.31.0 (#​35541)
• resource/aws_efs_file_system: Increase lifecycle_policy maximum item limit to 3 (#​35522)
• resource/aws_eks_access_entry: Retry IAM eventual consistency errors on create (#​35535)
• resource/aws_finspace_kx_cluster: Increase command_line_arguments max length restriction from 50 to 1024. (#​35581)

v5.34.0

Compare Source

FEATURES:

• New Resource: aws_rekognition_project (#​35429)
• New Resource: aws_route53domains_delegation_signer_record (#​33596)

ENHANCEMENTS:

• data-source/aws_codecommit_repository: Add kms_key_id attribute (#​35095)
• data-source/aws_imagebuilder_components: Add support for ThirdParty owner value (#​35286)
• data-source/aws_imagebuilder_container_recipes: Add support for ThirdParty owner value (#​35286)
• data-source/aws_imagebuilder_image_recipes: Add support for ThirdParty owner value (#​35286)
• data-source/aws_ssm_patch_baseline: Add json attribute to facilitate use with S3 buckets (#​33402)
• resource/aws_accessanalyzer_analyzer: Add configuration configuration block (#​35310)
• resource/aws_appflow_flow: Add flow_status attribute (#​34948)
• resource/aws_codecommit_repository: Add kms_key_id argument (#​35095)
• resource/aws_codecommit_trigger: Add plan-time validation of trigger.destination_arn and trigger.events (#​35095)
• resource/aws_ecs_capacity_provider: Add auto_scaling_group_provider.managed_draining argument (#​35421)
• resource/aws_fis_experiment_template: Add support for AutoScalingGroups, Buckets, ReplicationGroups, Tables and TransitGateways to action.*.target (#​35300)
• resource/aws_fsx_openzfs_file_system: Add skip_final_backup argument (#​35320)
• resource/aws_network_interface_sg_attachment: Increase default timeouts to 3 minutes and allow them to be configured (#​35435)
• resource/aws_prometheus_scraper: Add role_arn attribute (#​35453)
• resource/aws_route53domains_registered_domain: Support resource import (#​33596)
• resource/aws_ssm_patch_baseli

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[mergify]

/terratest

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[kevcube]

/terratest

[lelitzer-tp]

Can we get this merged?

[osterman]

Please check the test failures.

[goruha]

/terratest

[osterman]

/terratest

[goruha]

/terratest

[github-actions]

These changes were released in v2.1.1.