Update Terraform aws to v5.19.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	5.17.0 -> 5.19.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.19.0

Compare Source

BREAKING CHANGES:

• data-source/aws_s3_bucket_object: Following migration to AWS SDK for Go v2, the metadata attribute's keys are always returned in lowercase (#​33660)
• data-source/aws_s3_object: Following migration to AWS SDK for Go v2, the metadata attribute's keys are always returned in lowercase (#​33660)

NOTES:

• data-source/aws_s3_bucket_object: The metadata attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#​33660)
• data-source/aws_s3_object: The metadata attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#​33660)
• resource/aws_iam_*: This release introduces additional validation of IAM policy JSON arguments to detect duplicate keys. Previously, arguments with duplicated keys resulted in all but one of the key values being overwritten. Since this results in unexpected IAM policies being submitted to AWS, we have updated the validation logic to error in these cases. This may cause existing IAM policy arguments to fail validation, however, those policies are likely not what was originally intended. (#​33570)

FEATURES:

• New Resource: aws_cleanrooms_configured_table (#​33602)
• New Resource: aws_dms_replication_config (#​32908)
• New Resource: aws_lexv2models_bot (#​33475)
• New Resource: aws_rds_custom_db_engine_version (#​33285)
• New Resource: aws_vpclattice_service_network (#​30482)

ENHANCEMENTS:

• data-source/aws_opensearch_domain: Add off_peak_window_options attribute (#​30965)
• resource/aws_cloud9_environment_ec2: Add ubuntu-22.04-x86_64 and resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64 as valid values for image_id (#​33662)
• resource/aws_fsx_ontap_volume: Add bypass_snaplock_enterprise_retention argument and snaplock_configuration configuration block to support SnapLock (#​32530)
• resource/aws_fsx_ontap_volume: Add copy_tags_to_backups and snapshot_policy arguments (#​32530)
• resource/aws_fsx_openzfs_volume: Add delete_volume_options argument (#​32530)
• resource/aws_lightsail_bucket: Add force_delete argument (#​33586)
• resource/aws_opensearch_domain: Add off_peak_window_options configuration block (#​30965)
• resource/aws_opensearch_outbound_connection: Add connection_properties, connection_mode and accept_connection arguments (#​32990)
• resource/aws_schemas_schema: Add JSONSchemaDraft4 schema type support (#​33442)
• resource/aws_wafv2_rule_group: Add rate_based_statement.custom_key configuration block (#​33594)
• resource/aws_wafv2_web_acl: Add rate_based_statement.custom_key configuration block (#​33594)

BUG FIXES:

• resource/aws_batch_job_queue: Correctly validates elements of compute_environments as ARNs (#​33577)
• resource/aws_cloudfront_continuous_deployment_policy: Fix IllegalUpdate errors when updating a staging aws_cloudfront_distribution that is part of continuous deployment (#​33578)
• resource/aws_cloudfront_distribution: Fix IllegalUpdate errors when updating a staging distribution associated with an aws_cloudfront_continuous_deployment_policy (#​33578)
• resource/aws_cloudfront_distribution: Fix PreconditionFailed errors when destroying a distribution associated with an aws_cloudfront_continuous_deployment_policy (#​33578)
• resource/aws_cloudfront_distribution: Fix StagingDistributionInUse errors when destroying a distribution associated with an aws_cloudfront_continuous_deployment_policy (#​33578)
• resource/aws_datasync_location_fsx_ontap_file_system: Correct handling of protocol.smb.domain, protocol.smb.user and protocol.smb.password (#​33641)
• resource/aws_glacier_vault_lock: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_iam_group_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_iam_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_iam_role: Fail validation if duplicated keys are found in assume_role_policy (#​33570)
• resource/aws_iam_role_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_iam_user_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_mediastore_container_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_s3_bucket_policy: Fix intermittent couldn't find resource errors on resource Create (#​33537)
• resource/aws_ssoadmin_permission_set_inline_policy: Fail validation if duplicated keys are found in inline_policy (#​33570)
• resource/aws_transfer_access: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_transfer_user: Fail validation if duplicated keys are found in policy (#​33570)

v5.18.1

Compare Source

NOTES:

• documentation: Duplicate CDKTF guides with differing file extensions have been removed to resolve failures in the provider release workflow. (#​33630)

v5.18.0

Compare Source

FEATURES:

• New Data Source: aws_fsx_ontap_file_system (#​32503)
• New Data Source: aws_fsx_ontap_storage_virtual_machine (#​32621)
• New Data Source: aws_fsx_ontap_storage_virtual_machines (#​32624)
• New Data Source: aws_organizations_organizational_unit (#​33408)
• New Resource: aws_opensearch_package (#​33227)
• New Resource: aws_opensearch_package_association (#​33227)

ENHANCEMENTS:

• resource/aws_fsx_ontap_storage_virtual_machine: Remove ForceNew from active_directory_configuration.self_managed_active_directory_configuration.domain_name, active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group and active_directory_configuration.self_managed_active_directory_configuration.organizational_unit_distinguished_name allowing an SVM to join AD after creation (#​33466)

BUG FIXES:

• data-source/aws_sesv2_email_identity: Mark dkim_signing_attributes.domain_signing_private_key as sensitive (#​33477)
• resource/aws_db_instance: Fix so that storage_throughput can be changed when iops and allocated_storage are not changed (#​33529)
• resource/aws_db_option_group: Avoid erroneous differences being reported when an option port and/or version is not set (#​33511)
• resource/aws_fsx_ontap_storage_virtual_machine: Avoid recreating resource when active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group is configured (#​33466)
• resource/aws_fsx_ontap_storage_virtual_machine: Change file_system_id to ForceNew (#​32621)
• resource/aws_s3_bucket_accelerate_configuration: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#​33531)
• resource/aws_s3_bucket_policy: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#​33531)
• resource/aws_s3_bucket_versioning: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#​33531)
• resource/aws_sesv2_email_identity: Mark dkim_signing_attributes.domain_signing_private_key as sensitive (#​33477)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[infracost]

💰 Infracost estimate: monthly cost will not change

✅ Policies passed

✅ Guardrails passed

_{View in Infracost Cloud. This comment will be updated when the cost estimate changes.}