Update Terraform aws to v4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	major	>= 3.76.1 -> >= 4.53.0

---

Release Notes

hashicorp/terraform-provider-aws

v4.53.0

Compare Source

ENHANCEMENTS:

• provider: Adds structured fields in logging (#​29223)
• provider: Masks authentication fields in HTTP header logging (#​29223)

v4.52.0

Compare Source

NOTES:

• resource/aws_dynamodb_table: In the past, in certain situations, kms_key_arn could be populated with the default DynamoDB key alias/aws/dynamodb. This was an error because it would then be sent back to AWS and should not be. (#​29102)
• resource/aws_dynamodb_table: In the past, in certain situations, server_side_encryption.0.kms_key_arn or replica.*.kms_key_arn could be populated with the default DynamoDB key alias/aws/dynamodb. This was an error because it would then be sent back to AWS and should not be. (#​29102)
• resource/aws_dynamodb_table: Updating replica.*.kms_key_arn or replica.*.point_in_time_recovery, when the replica's kms_key_arn is set, requires recreating the replica. (#​29102)
• resource/aws_dynamodb_table_replica: Updating kms_key_arn forces replacement of the replica now as required to re-encrypt the replica (#​29102)

FEATURES:

• New Data Source: aws_auditmanager_framework (#​28989)
• New Resource: aws_auditmanager_assessment_delegation (#​29099)
• New Resource: aws_auditmanager_framework_share (#​29049)
• New Resource: aws_auditmanager_organization_admin_account_registration (#​29018)

ENHANCEMENTS:

• resource/aws_wafv2_rule_group: Add oversize_handling argument to body block of the field_to_match block (#​29082)

BUG FIXES:

• resource/aws_api_gateway_integration: Prevent drift of connection_type attribute when aws_api_gateway_deployment triggers are used (#​29016)
• resource/aws_dynamodb_table: Fix perpetual diffs when using default AWS-managed keys (#​29102)
• resource/aws_dynamodb_table: Fix to allow updating of replica.*.kms_key_arn (#​29102)
• resource/aws_dynamodb_table: Fix to allow updating of replica.*.point_in_time_recovery when a replica has kms_key_arn set (#​29102)
• resource/aws_dynamodb_table: Fix unexpected state 'DISABLED' error when waiting for PITR to update (#​29086)
• resource/aws_dynamodb_table_replica: Fix to allow creation of the replica without errors when kms_key_arn is set (#​29102)
• resource/aws_dynamodb_table_replica: Fix to allow updating of kms_key_arn (#​29102)
• resource/aws_medialive_channel: Add missing rate_control_mode in acc_settings for audio_descriptions (#​29051)
• resource/aws_medialive_input: Fix eventual consistency error when updating (#​29051)
• resource/aws_vpc_ipam_pool_cidr_allocation: Added support for eventual consistency on read operations after create. (#​29022)
• resource/aws_wafv2_web_acl: Fix error when setting aws_managed_rules_bot_control_rule_set in manage_rule_group_config (#​28810)

v4.51.0

Compare Source

NOTES:

• resource/aws_ce_anomaly_subscription: Deprecate threshold argument in favour of threshold_expression (#​28573)

FEATURES:

• New Data Source: aws_auditmanager_control (#​28967)
• New Resource: aws_datasync_location_object_storage (#​23154)
• New Resource: aws_rds_export_task (#​28831)
• New Resource: aws_resourceexplorer2_view (#​28841)

ENHANCEMENTS:

• resource/aws_appmesh_gateway_route: Add port on the match attribute for routes (#​27799)
• resource/aws_appmesh_route: Add port on the weighted_target attribute (#​27799)
• resource/aws_appmesh_virtual_gateway: Add the functionality to be able specify multi listeners (#​27799)
• resource/aws_appmesh_virtual_node: Add the functionality to be able specify multi listeners (#​27799)
• resource/aws_appmesh_virtual_router: Add the functionality to be able specify multi listeners (#​27799)
• resource/aws_apprunner_service: Add source_configuration.code_repository.code_configuration.runtime_environment_secrets and source_configuration.image_repository.image_configuration.runtime_environment_secrets argument (#​28871)
• resource/aws_ce_anomaly_subscription: Add threshold_expression argument (#​28573)
• resource/aws_grafana_workspace: Add configuration argument (#​28569)
• resource/aws_imagbuilder_component: Add skip_destroy argument (#​28905)
• resource/aws_lambda_event_source_mapping: Add scaling_config argument (#​28876)
• resource/aws_lambda_function: Add configurable timeout for Update (#​28963)
• resource/aws_rum_app_monitor: Add custom_events argument (#​28431)
• resource/aws_servicecatalog_portfolio_share: Add share_principals argument (#​28619)

BUG FIXES:

• data-source/aws_eks_cluster: Add outpost_config.control_plane_placement attribute (#​28924)
• data-source/aws_identitystore_group: Restore use of ListGroups API when filter is specified (#​28937)
• data-source/aws_identitystore_user: Restore use of ListUsers API when filter is specified (#​28937)
• data-source/aws_lambda_function: Fix AccessDeniedException errors in AWS Regions where AWS Signer is not supported (#​28963)
• data-source/aws_lambda_function: Remove any qualifier from invoke_arn (#​28963)
• resource/aws_appstream_image_builder: Fix IAM eventual consistency error for optional role (#​26677)
• resource/aws_appstream_image_builder: Fix refresh error when domain_join_info and vpc_config are not empty (#​26677)
• resource/aws_elasticsearch_domain: Prevent persistent iops diff (#​28901)
• resource/aws_grafana_workspace: Fix updating vpc_configuration (#​28569)
• resource/aws_iam_server_certificate: Avoid errors on delete when no error occurred (#​28968)
• resource/aws_lambda_function: Don't persist invalid filename, s3_bucket, s3_key or s3_object_version values on resource Update (#​28963)
• resource/aws_lambda_function: Retry ResourceNotFoundException errors on resource Create (#​28963)
• resource/aws_lb_listener_certificate: Show errors in certain cases where they were previously only logged and resource was removed from state (#​28968)
• resource/aws_opensearch_domain: Omit throughput and iops for unsupported volume types (#​28862)
• resource/aws_sagemaker_app: Correctly list all apps so as not to lose track in an environment where there are many apps (#​28561)

v4.50.0

Compare Source

FEATURES:

• New Data Source: aws_lbs (#​27161)
• New Resource: aws_sesv2_configuration_set_event_destination (#​27565)

ENHANCEMENTS:

• data-source/aws_lb_target_group: Support querying by tags (#​27261)
• resource/aws_redshiftdata_statement: Add workgroup_name argument (#​28751)
• resource/aws_service_discovery_service: Add type argument (#​28778)

BUG FIXES:

• resource/aws_acmpca_policy: Improve refresh to avoid unnecessary diffs in policy (#​28788)
• resource/aws_api_gateway_rest_api: Improve refresh to avoid unnecessary diffs in policy (#​28789)
• resource/aws_api_gateway_rest_api_policy: Improve refresh to avoid unnecessary diffs in policy (#​28789)
• resource/aws_apprunner_service: observability_configuration_arn is optional (#​28620)
• resource/aws_apprunner_vpc_connector: Fix default_tags not handled correctly (#​28736)
• resource/aws_appstream_stack: Fix panic on user_settings update (#​28766)
• resource/aws_appstream_stack: Prevent unnecessary replacements on update (#​28766)
• resource/aws_backup_vault_policy: Improve refresh to avoid unnecessary diffs in policy (#​28791)
• resource/aws_cloudsearch_domain_service_access_policy: Improve refresh to avoid unnecessary diffs in access_policy (#​28792)
• resource/aws_cloudwatch_event_bus_policy: Improve refresh to avoid unnecessary diffs in policy (#​28802)
• resource/aws_codeartifact_domain_permissions_policy: Improve refresh to avoid unnecessary diffs in policy_document (#​28794)
• resource/aws_codeartifact_repository_permissions_policy: Improve refresh to avoid unnecessary diffs in policy_document (#​28794)
• resource/aws_codebuild_resource_policy: Improve refresh to avoid unnecessary diffs in policy (#​28796)
• resource/aws_dms_replication_subnet_group: Fix error ("Provider produced inconsistent result") when an error is encountered during creation (#​28748)
• resource/aws_dms_replication_task: Allow updates to aws_dms_replication_task even when migration_type and table_mappings have not changed (#​28047)
• resource/aws_dms_replication_task: Fix error with cdc_path when used with aws_dms_s3_endpoint (#​28704)
• resource/aws_dms_s3_endpoint: Fix error with cdc_path when used with aws_dms_replication_task (#​28704)
• resource/aws_ecr_registry_policy: Improve refresh to avoid unnecessary diffs in policy (#​28799)
• resource/aws_ecr_repository_policy: Improve refresh to avoid unnecessary diffs in policy (#​28799)
• resource/aws_ecrpublic_repository_policy: Improve refresh to avoid unnecessary diffs in policy (#​28799)
• resource/aws_efs_file_system_policy: Improve refresh to avoid unnecessary diffs in policy (#​28800)
• resource/aws_elasticsearch_domain: Improve refresh to avoid unnecessary diffs in access_policies (#​28801)
• resource/aws_elasticsearch_domain_policy: Improve refresh to avoid unnecessary diffs in access_policies (#​28801)
• resource/aws_glacier_vault: Improve refresh to avoid unnecessary diffs in access_policy (#​28804)
• resource/aws_glacier_vault_lock: Improve refresh to avoid unnecessary diffs in policy (#​28804)
• resource/aws_glue_resource_policy: Improve refresh to avoid unnecessary diffs in policy (#​28807)
• resource/aws_iam_group_policy: Fixed issue that could result in "inconsistent final plan" errors (#​28868)
• resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in policy (#​28777)
• resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in policy (#​28836)
• resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in policy (#​28777)
• resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in policy, tags (#​28836)
• resource/aws_iam_role: Fixed issue that could result in "inconsistent final plan" errors (#​28868)
• resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in assume_role_policy and inline_policy policy (#​28777)
• resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in inline_policy.*.policy, tags (#​28836)
• resource/aws_iam_role_policy: Fixed issue that could result in "inconsistent final plan" errors (#​28868)
• resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in policy (#​28777)
• resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in policy (#​28836)
• resource/aws_iam_user_policy: Fixed issue that could result in "inconsistent final plan" errors (#​28868)
• resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in policy (#​28777)
• resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in policy (#​28836)
• resource/aws_iot_policy: Improve refresh to avoid unnecessary diffs in policy (#​28838)
• resource/aws_kms_external_key: Improve refresh to avoid unnecessary diffs in policy (#​28853)
• resource/aws_kms_key: Improve refresh to avoid unnecessary diffs in policy (#​28853)
• resource/aws_lb_target_group: Change protocol_version to ForceNew (#​17845)
• resource/aws_lb_target_group: When creating a new target group, return an error if there is an existing target group with the same name. Use terraform import for existing target groups (#​26977)
• resource/aws_mq_configuration: Improve refresh to avoid unnecessary diffs in data (#​28837)
• resource/aws_s3_access_point: Improve refresh to avoid unnecessary diffs in policy (#​28866)
• resource/aws_s3_bucket: Improve refresh to avoid unnecessary diffs in policy (#​28855)
• resource/aws_s3_bucket_policy: Improve refresh to avoid unnecessary diffs in policy (#​28855)
• resource/aws_s3control_access_point_policy: Improve refresh to avoid unnecessary diffs in policy (#​28866)
• resource/aws_s3control_bucket_policy: Improve refresh to avoid unnecessary diffs in policy (#​28866)
• resource/aws_s3control_multi_region_access_point_policy: Improve refresh to avoid unnecessary diffs in details policy (#​28866)
• resource/aws_s3control_object_lambda_access_point_policy: Improve refresh to avoid unnecessary diffs in policy (#​28866)
• resource/aws_sagemaker_model_package_group_policy: Improve refresh to avoid unnecessary diffs in resource_policy (#​28865)
• resource/aws_schemas_registry_policy: Improve refresh to avoid unnecessary diffs in policy (#​28864)
• resource/aws_secretsmanager_secret: Improve refresh to avoid unnecessary diffs in policy (#​28863)
• resource/aws_secretsmanager_secret_policy: Improve refresh to avoid unnecessary diffs in policy (#​28863)
• resource/aws_ses_identity_policy: Improve refresh to avoid unnecessary diffs in policy (#​28861)
• resource/aws_sns_topic: Improve refresh to avoid unnecessary diffs in policy (#​28860)
• resource/aws_sns_topic_policy: Improve refresh to avoid unnecessary diffs in policy (#​28860)
• resource/aws_sqs_queue: Improve refresh to avoid unnecessary diffs in policy (#​28840)
• resource/aws_sqs_queue_policy: Improve refresh to avoid unnecessary diffs in policy (#​28840)
• resource/aws_transfer_access: Improve refresh to avoid unnecessary diffs in policy (#​28859)
• resource/aws_transfer_user: Improve refresh to avoid unnecessary diffs in policy (#​28859)
• resource/aws_vpc_endpoint: Improve refresh to avoid unnecessary diffs in policy (#​28798)
• resource/aws_vpc_endpoint_policy: Improve refresh to avoid unnecessary diffs in policy (#​28798)

v4.49.0

Compare Source

NOTES:

• resource/aws_dms_endpoint: For s3_settings cdc_min_file_size, AWS changed the multiplier to kilobytes instead of megabytes. In other words, prior to the change, a value of 32 represented 32 MiB. After the change, a value of 32 represents 32 KB. Change your configuration accordingly. (#​28578)
• resource/aws_fsx_ontap_storage_virtual_machine: The subtype attribute is no longer deprecated (#​28567)

FEATURES:

• New Data Source: aws_s3control_multi_region_access_point (#​28373)
• New Resource: aws_appsync_type (#​28437)
• New Resource: aws_auditmanager_assessment (#​28643)
• New Resource: aws_auditmanager_assessment_report (#​28663)
• New Resource: aws_ec2_instance_state (#​28639)
• New Resource: aws_lightsail_bucket (#​28585)
• New Resource: aws_ssoadmin_instance_access_control_attributes (#​23317)

ENHANCEMENTS:

• data-source/aws_autoscaling_group: Add desired_capacity_type attribute (#​28658)
• data-source/aws_kms_secrets: Add encryption_algorithm and key_id arguments in support of asymmetric keys (#​21054)
• resource/aws_appflow_connector_profile: Add support for connector_type CustomConnector. Add cluster_identifier, database_name, and data_api_role_arn attributes for redshift connection_profile_properties (#​26766)
• resource/aws_appsync_resolver: Add runtime and code arguments (#​28436)
• resource/aws_appsync_resolver: Add plan time validation for caching_config.ttl (#​28436)
• resource/aws_athena_workgroup: Add configuration.execution_role argument (#​28420)
• resource/aws_autoscaling_group: Add desired_capacity_type argument (#​28658)
• resource/aws_dms_endpoint: Change s3_settings cdc_min_file_size default to 32000 in order to align with AWS's change from megabytes to kilobytes for this setting (#​28578)
• resource/aws_ecs_service: Add alarms argument (#​28521)
• resource/aws_lightsail_instance: Add add_on configuration block. (#​28602)
• resource/aws_lightsail_instance_public_ports: Add cidr_list_aliases argument (#​28376)
• resource/aws_s3_access_point: Add bucket_account_id argument (#​28564)
• resource/aws_s3control_storage_lens_configuration: Add advanced_cost_optimization_metrics, advanced_data_protection_metrics, and detailed_status_code_metrics arguments to the storage_lens_configuration.account_level and storage_lens_configuration.account_level.bucket_level configuration blocks (#​28564)
• resource/aws_wafv2_rule_group: Add rule.action.captcha argument (#​28435)
• resource/aws_wafv2_web_acl: Add rule.action.challenge argument (#​28305)
• resource/aws_wafv2_web_acl: Add support for ManagedRuleGroupConfig (#​28594)

BUG FIXES:

• data-source/aws_cloudwatch_log_group: Restore use of ListTagsLogGroup API (#​28492)
• resource/aws_cloudwatch_log_group: Restore use of ListTagsLogGroup, TagLogGroup and UntagLogGroup APIs (#​28492)
• resource/aws_dms_endpoint: Add s3 setting ignore_header_rows and deprecate misspelled ignore_headers_row. (#​28579)
• resource/aws_elasticache_user_group_association: Retry on InvalidUserGroupState errors to handle concurrent updates (#​28689)
• resource/aws_lambda_function_url: Fix removal of cors configuration block (#​28439)
• resource/aws_lightsail_database: The availability_zone attribute is now optional/computed to support HA bundle_ids (#​28590)
• resource/aws_lightsail_disk_attachment: Resolves a panic when an attachment fails and attempts to display the error returned by AWS. (#​28593)

v4.48.0

Compare Source

FEATURES:

• New Resource: aws_dx_macsec_key_association (#​26274)

ENHANCEMENTS:

• resource/aws_dx_connection: Add encryption_mode and request_macsec arguments and macsec_capable and port_encryption_status attributes in support of MACsec (#​26274)
• resource/aws_dx_connection: Add skip_destroy argument (#​26274)
• resource/aws_eks_node_group: Add support for WINDOWS_CORE_2019_x86_64, WINDOWS_FULL_2019_x86_64, WINDOWS_CORE_2022_x86_64, and WINDOWS_FULL_2022_x86_64 ami_type values (#​28445)
• resource/aws_networkfirewall_rule_group: Add reference_sets configuration block (#​28335)
• resource/aws_networkmanager_vpc_attachment: Add options.appliance_mode_support argument (#​28450)

BUG FIXES:

• resource/aws_networkfirewall_rule_group: Change rule_group.rules_source.stateful_rule from TypeSet to TypeList to preserve rule order (#​27102)

v4.47.0

Compare Source

FEATURES:

• New Data Source: aws_cloudwatch_log_data_protection_policy_document (#​28272)
• New Data Source: aws_db_instances (#​28303)
• New Resource: aws_auditmanager_account_registration (#​28314)
• New Resource: aws_auditmanager_framework (#​28257)
• New Resource: aws_lambda_functions (#​28254)
• New Resource: aws_sagemaker_space (#​28154)
• New Resource: aws_ssoadmin_permissions_boundary_attachment (#​28241)

ENHANCEMENTS:

• data-source/aws_cloudwatch_log_group: Use resource tagging APIs that are not on a path to deprecation (#​28359)
• data-source/aws_eks_addon: Add configuration_values attribute (#​28295)
• resource/aws_appsync_function: Add runtime and code arguments (#​28057)
• resource/aws_appsync_function: Make request_mapping_template and response_mapping_template Optional (#​28057)
• resource/aws_cloudwatch_log_destination: Add tags argument and tags_all attribute to support resource tagging (#​28359)
• resource/aws_cloudwatch_log_group: Use resource tagging APIs that are not on a path to deprecation (#​28359)
• resource/aws_eks_addon: Add configuration_values argument (#​28295)
• resource/aws_grafana_workspace: Add vpc_configuration argument. (#​28308)
• resource/aws_networkmanager_core_network: Increase Create, Update, and Delete timeouts to 30 minutes (#​28363)
• resource/aws_sagemaker_app: Add space_name argument (#​28154)
• resource/aws_sagemaker_app: Make user_profile_name optional (#​28154)
• resource/aws_sagemaker_domain: Add default_space_settings and default_user_settings.jupyter_server_app_settings.code_repository arguments (#​28154)
• resource/aws_sagemaker_endpoint_configuration: Add shadow_production_variants, production_variants.container_startup_health_check_timeout_in_seconds, production_variants.core_dump_config, production_variants.model_data_download_timeout_in_seconds, and production_variants.volume_size_in_gb arguments (#​28159)
• resource/aws_sagemaker_user_profile: Add user_settings.jupyter_server_app_settings.code_repository argument (#​28154)

BUG FIXES:

• resource/aws_cloudwatch_metric_stream: Correctly update tags (#​28310)
• resource/aws_db_instance: Ensure that apply_immediately default value is applied (#​25768)
• resource/aws_ecs_service: Fix missing required field, UpdateServiceInput.ServiceConnectConfiguration.Enabled error when removing service_connect_configuration configuration block (#​28338)
• resource/aws_ecs_service: Fix service_connect_configuration.service.ingress_port_override being set to 0 (InvalidParameterException: IngressPortOverride cannot use ports <= 1024 error) when not configured (#​28338)

v4.46.0

Compare Source

FEATURES:

• New Data Source: aws_glue_catalog_table (#​23256)
• New Resource: aws_auditmanager_control (#​27857)
• New Resource: aws_networkmanager_core_network (#​28155)
• New Resource: aws_resourceexplorer2_index (#​28144)
• New Resource: aws_rum_metrics_destination (#​28143)
• New Resource: aws_vpc_network_performance_metric_subscription (#​28150)

ENHANCEMENTS:

• resource/aws_glue_crawler: Add catalog_target.dlq_event_queue_arn, catalog_target.event_queue_arn, catalog_target.connection_name, lake_formation_configuration, and jdbc_target.enable_additional_metadata arguments (#​28156)
• resource/aws_glue_crawler: Make delta_target.connection_name optional (#​28156)
• resource/aws_networkfirewall_firewall: Add encryption_configuration attribute (#​28242)
• resource/aws_networkfirewall_firewall_policy: Add encryption_configuration attribute (#​28242)
• resource/aws_networkfirewall_rule_group: Add encryption_configuration attribute (#​28242)

BUG FIXES:

• resource/aws_db_instance: Fix error modifying allocated_storage when storage_type is "gp3" (#​28243)
• resource/aws_dms_s3_endpoint: Fix disparate handling of endpoint attributes in different regions (#​28220)
• resource/aws_evidently_feature: Fix description attribute to accept strings between 0 and 160 in length (#​27948)
• resource/aws_lb_target_group: Allow healthy_threshold and unhealthy_threshold to be set to different values for TCP health checks. (#​28018)
• resource/aws_lb_target_group: Allow interval to be updated for TCP health checks (#​28018)
• resource/aws_lb_target_group: Allow timeout to be set for TCP health checks (#​28018)
• resource/aws_lb_target_group: Don't force recreation on health_check attribute changes (#​28018)
• resource/aws_sns_topic_subscription: Fix unsupported FilterPolicyScope attribute error in the aws-cn partition (#​28253)

v4.45.0

Compare Source

NOTES:

• provider: With AWS's retirement of EC2-Classic the skip_get_ec2_platforms attribute has been deprecated and will be removed in a future version (#​28084)
• resource/aws_fsx_ontap_storage_virtual_machine: The subtype attribute has been deprecated and will be removed in a future version (#​28127)

FEATURES:

• New Resource: aws_dms_s3_endpoint (#​28130)

ENHANCEMENTS:

• data-source/aws_db_instance: Add storage_throughput attribute (#​27670)
• data-source/aws_eks_cluster: Add cluster_id attribute (#​28112)
• resource/aws_db_instance: Add storage_throughput argument (#​27670)
• resource/aws_db_instance: Add support for gp3 storage_type value (#​27670)
• resource/aws_db_instance: Change iops to Computed (#​27670)
• resource/aws_eks_cluster: Add cluster_id attribute and outpost_config.control_plane_placement argument (#​28112)
• resource/aws_redshiftserverless_workgroup: Wait on MODIFYING status on resource Delete (#​28114)

BUG FIXES:

• resource/aws_redshiftserverless_namespace: Fix updating admin_username and admin_user_password (#​28125)

v4.44.0

Compare Source

NOTES:

• resource/aws_fsx_ontap_storage_virtual_machine: The subtype attribute will always have the value "DEFAULT" (#​28085)
• resource/aws_wafv2_web_acl: excluded_rule on managed_rule_group_statement has been deprecated. All configurations using excluded_rule should be updated to use the new rule_action_override attribute instead (#​27954)

ENHANCEMENTS:

• resource/aws_api_gateway_deployment: Add import support (#​28030)
• resource/aws_kinesisanalyticsv2_application: Add support for FLINK-1_15 runtime_environment value (#​28099)
• resource/aws_lambda_function: Add snap_start attribute (#​28097)
• resource/aws_wafv2_web_acl: Support rule_action_override on managed_rule_group_statement (#​27954)

BUG FIXES:

• resource/aws_instance: Change iam_instance_profile to Computed as the value may be configured via a launch template (#​27972)

v4.43.0

Compare Source

FEATURES:

• New Resource: aws_neptune_global_cluster (#​26133)

ENHANCEMENTS:

• data-source/aws_ecs_cluster: Add service_connect_defaults attribute (#​28052)
• resource/aws_ce_cost_category: Allow configuration of effective_start value (#​28055)
• resource/aws_ecs_cluster: Add service_connect_defaults argument (#​28052)
• resource/aws_ecs_service: Add service_connect_configuration argument in support of ECS Service Connect (#​28052)
• resource/aws_glue_classifier: Add custom_datatypes and custom_datatype_configured arguments (#​28048)
• resource/aws_neptune_cluster: Add global_cluster_identifier argument (#​26133)

v4.42.0

Compare Source

FEATURES:

• New Data Source: aws_redshiftserverless_credentials (#​28026)
• New Resource: aws_cloudwatch_log_data_protection_policy (#​28049)

ENHANCEMENTS:

• data-source/aws_memorydb_cluster: Add data_tiering attribute (#​28022)
• resource/aws_db_instance: Add blue_green_update argument in support of RDS Blue/Green Deployments (#​28046)
• resource/aws_efs_file_system: Add support for AFTER_1_DAY lifecycle_policy.transition_to_ia argument (#​28054)
• resource/aws_efs_file_system: Add support for elastic throughput_mode argument (#​28054)
• resource/aws_emrserverless_application: Add architecture argument (#​28027)
• resource/aws_emrserverless_application: Mark maximum_capacity and maximum_capacity.disk as Computed, preventing spurious resource diffs (#​28027)
• resource/aws_memorydb_cluster: Add data_tiering attribute (#​28022)
• resource/aws_sns_topic_subscription: Add filter_policy_scope argument in support of SNS message filtering (#​28004)

BUG FIXES:

• resource/aws_lambda_function: Don't fail resource Create if AWS Signer service is not available in the configured Region (#​28008)
• resource/aws_memorydb_cluster: Allow more than one element in snapshot_arns (#​28022)
• resource/aws_sagemaker_user_profile: user_settings.jupyter_server_app_settings, user_settings.kernel_gateway_app_settings, and user_settings.tensor_board_app_settings are updateable (#​28025)

v4.41.0

Compare Source

FEATURES:

• New Data Source: aws_sqs_queues (#​27890)
• New Resource: aws_ivschat_logging_configuration (#​27924)
• New Resource: aws_ivschat_room (#​27974)
• New Resource: aws_rds_clusters (#​27891)
• New Resource: aws_redshiftserverless_resource_policy (#​27920)
• New Resource: aws_scheduler_schedule (#​27975)

ENHANCEMENTS:

• data-source/aws_cloudtrail_service_account: Add service account ID for ap-south-2 AWS Region (#​27983)
• data-source/aws_elasticache_cluster: Add cache_nodes.outpost_arn and preferred_outpost_arn attributes (#​27934)
• data-source/aws_elasticache_cluster: Add ip_discovery and network_type attributes (#​27856)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-south-2 AWS Region (#​27983)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-south-2 AWS Region (#​27983)
• data-source/aws_rds_cluster: Add engine_mode attribute (#​27892)
• provider: Support ap-south-2 as a valid AWS Region (#​27950)
• resource/aws_amplify_app: Add support for WEB_COMPUTE platform value in support of Next.js web apps (#​27925)
• resource/aws_elasticache_cluster: Add ip_discovery and network_type arguments in support of IPv6 clusters (#​27856)
• resource/aws_elasticache_cluster: Add outpost_mode and preferred_outpost_arn arguments and cache_nodes.outpost_arn attribute. NOTE: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​27934)
• resource/aws_lambda_function: Add support for nodejs18.x runtime value (#​27923)
• resource/aws_lambda_layer_version: Add support for nodejs18.x compatible_runtimes value (#​27923)
• resource/aws_medialive_channel: Add start_channel attribute (#​27882)
• resource/aws_nat_gateway: Update private_ip attribute to be configurable (#​27953)

BUG FIXES:

• resource/aws_cloudcontrolapi_resource: Remove invalid regular expressions from CloudFormation resource schema (#​27935)
• resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the sybase engine (#​27949)
• resource/aws_resourcegroups_group: Properly set configuration.parameters as optional (#​27985)

v4.40.0

Compare Source

NOTES:

• data-source/aws_identitystore_group: The filter argument has been deprecated. Use the alternate_identifier argument instead (#​27762)

FEATURES:

• New Data Source: aws_controltower_controls (#​26978)
• New Data Source: aws_ivs_stream_key (#​27789)
• New Resource: aws_appconfig_extension (#​27860)
• New Resource: aws_appconfig_extension_association (#​27860)
• New Resource: aws_controltower_control (#​26990)
• New Resource: aws_evidently_feature (#​27395)
• New Resource: aws_ivs_channel (#​27726)
• New Resource: aws_networkmanager_connect_attachment (#​27787)
• New Resource: aws_opensearch_inbound_connection_accepter (#​22988)
• New Resource: aws_opensearch_outbound_connection (#​22988)
• New Resource: aws_scheduler_schedule_group (#​27800)
• New Resource: aws_schemas_registry_policy (#​27705)
• New Resource: aws_sesv2_email_identity_mail_from_attributes (#​27672)

ENHANCEMENTS:

• data-source/aws_cloudtrail_service_account: Add service account ID for eu-central-2 AWS Region (#​27814)
• data-source/aws_cloudtrail_service_account: Add service account ID for eu-south-2 AWS Region (#​27855)
• data-source/aws_connect_instance: Add multi_party_conference_enabled attribute (#​27734)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for eu-central-2 AWS Region (#​27814)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for eu-south-2 AWS Region (#​27855)
• data-source/aws_identitystore_group: Add alternate_identifier argument and description attribute (#​27762)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for eu-central-2 AWS Region (#​27814)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for eu-south-2 AWS Region (#​27855)
• data-source/aws_s3_bucket: Add hosted zone ID for eu-central-2 AWS Region (#​27814)
• data-source/aws_s3_bucket: Add hosted zone ID for eu-south-2 AWS Region (#​27855)
• provider: Support eu-central-2 as a valid AWS Region (#​27812)
• provider: Support eu-south-2 as a valid AWS Region (#​27847)
• resource/aws_acm_certificate: Add key_algorithm argument in support of ECDSA TLS certificates (#​27781)
• resource/aws_autoscaling_group: Add support for price-capacity-optimized spot_allocation_strategy value (#​27795)
• resource/aws_cloudwatch_logs_group: Add skip_destroy argument (#​26775)
• resource/aws_cognito_user_pool: Add sns_region attribute to sms_configuration block (#​26684)
• resource/aws_connect_instance: Add multi_party_conference_enabled a

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[Tansito]

Tested and working! 🚀