v3.38.0

NOTES:

• provider: default_tags support generally available to all provider resources that support tags with the exception of aws_autoscaling_group (#19084)

FEATURES:

• New Data Source: aws_cloudformation_type (#18579)
• New Data Source: aws_kms_public_key (#18873)
• New Data Source: aws_resourcegroupstaggingapi_resources (#17804)
• New Resource: aws_cloudformation_type (#18579)
• New Resource: aws_codestarconnections_host (#16918)
• New Resource: aws_macie2_account (#19069)
• New Resource: aws_rds_proxy_endpoint (#18881)
• New Resource: aws_route53_resolver_firewall_rule (#18712)
• New Resource: aws_route53_resolver_firewall_rule_group_association (#19164)
• New Resource: aws_servicecatalog_product (#19122)

ENHANCEMENTS:

• data-source/aws_efs_mount_target: Add access_point_id, file_system_id arguments (#18918)
• data-source/aws_iam_policy: Add support for lookup by arn, name, and/or path_prefix (#6084)
• data-source/aws_launch_template: Add placement host_resource_group_arn attribute (#15785)
• data/source_aws_eks_addon: added validation for cluster_name (#19078)
• data/source_aws_eks_cluster: added validation for cluster_name (#19078)
• resource/aws_appsync_resolver: Mark request_template and response_template as optional (support Lambda) (#14710)
• resource/aws_batch_compute_environment: Additional supported value FARGATE and FARGATE_SPOT for the type argument in the compute_resources configuration block (#16819)
• resource/aws_batch_compute_environment: The instance_role, instance_type and min_vcpus arguments in the compute_resources configuration block are now optional (#16819)
• resource/aws_batch_compute_environment: The security_group_ids and subnets arguments in the compute_resources configuration block can now be updated in-place for Fargate compute resources (#16819)
• resource/aws_batch_job_definition: Add propagate_tags argument (#18336)
• resource/aws_codebuild_project: Add build_batch_config argument (#14534)
• resource/aws_codebuild_project: Add build_status_config attribute to source and secondary_sources configuration blocks (#15442)
• resource/aws_codebuild_project: Add concurrent_build_limit argument to specify build concurrency. (#18320)
• resource/aws_codebuild_project: Add plan time validation for secondary_artifacts, secondary_sources, service_role (#18843)
• resource/aws_eip: Add address argument to recover or an IPv4 address from an address pool, supporting BYOIP (#8876)
• resource/aws_eks_addon: added validation for cluster_name (#19078)
• resource/aws_eks_cluster: added validation for name (#19078)
• resource/aws_eks_fargate_profile: added validation for cluster_name (#19078)
• resource/aws_eks_node_group: added validation for cluster_name (#19078)
• resource/aws_elasticache_global_replication_group: Adds parameter engine_version_actual to match other ElastiCache resources (#18920)
• resource/aws_elasticache_subnet_group: Add tags argument (#19119)
• resource/aws_instance: Make instance_initiated_shutdown_behavior also computed, allowing value to be read (#18880)
• resource/aws_lambda_event_source_mapping: Don't incorrectly update unspecified maximum_batching_window_in_seconds, maximum_record_age_in_seconds and maximum_retry_attempts arguments from their default values (#17933)
• resource/aws_lambda_event_source_mapping: Fix update of batch_size for MSK event source mappings (#17933)
• resource/aws_launch_template: Add placement host_resource_group_arn argument (#15785)
• resource/aws_organizations_organizational_unit: Add tags argument (#18861)
• resource/aws_rds_global_cluster: Allow engine_version to be upgraded in place. (#18598)
• resource/aws_s3outposts_endpoint: Extends creation timeout to 20 minutes (#18454)
• resource/aws_ses_configuration_set: Adds reputation_metrics_enabled and sending_enabled arguments and last_fresh_start attribute (#17608)
• resource/aws_ses_receipt_rule: Add encoding argument to sns_action configuration block. (#17654)
• resource/aws_sns_topic_policy: Add owner attribute (#14123)
• resource/aws_sns_topic_policy: Add plan time validation to arn (#14123)
• resource/aws_wafv2_web_acl_logging_configuration: Add logging_filter argument (#19051)

BUG FIXES:

• provider: Prevent Provider produced inconsistent final plan errors when resource tags are not known until apply (#18958)
• resource/aws_batch_job_definition: Treat empty container_properties.logConfiguration.secretOptions array as null to prevent continual diffs (#16120)
• resource/aws_batch_job_queue: Recreate batch job queue if the name changes (#19121)
• resource/aws_codebuild_project: Allow fetching submodules for bitbucket source types (#18843)
• resource/aws_codebuild_project: Fix removing secondary_sources and secondary_artifacts (#18843)
• resource/aws_ec2_managed_prefix_list: Prevent entry description update errors (#19095)
• resource/aws_elasticache_cluster: Allows specifying Redis 6.x (#18920)
• resource/aws_elasticache_replication_group: Allows specifying Redis 6.x (#18920)
• resource/aws_glue_crawler: Allow '/' in name argument (#19160)
• resource/aws_lambda_event_source_mapping: Support -1 (forever) as a valid value for maximum_record_age_in_seconds (#16113)
• resource/aws_lambda_event_source_mapping: Support -1 (forever) as a valid value for maximum_retry_attempts (#16113)
• resource/aws_ram_principal_association: Improve handling of eventual consistency (#17032)
• resource/aws_ram_resource_share: Improve handling of eventual consistency (#17032)
• resource/aws_ram_resource_share_accepter: Improve handling of eventual consistency (#17032)
• resource/aws_storagegateway_gateway: Correctly handle additional error message returned in some regions (#19116)
• resource/aws_vpc_endpoint: Fix auto_accept failing while waiting for the VPC Endpoint Connection acceptance (#19059)
• resource/aws_vpn_connection: Prevent flipped tunnel1_* and tunnel2_* ordering when tunnel1_inside_cidr, tunnel1_inside_ipv6_cidr, or tunnel1_preshared_key is configured (#19077)