v2.49.0

FEATURES:

• New Resource: aws_codestarnotifications_notification_rule (#10991)
• New Resource: aws_s3_bucket_analytics_configuration (#11874)

ENHANCEMENTS:

• data-source/aws_api_gateway_rest_api: Add api_key_source, arn, binary_media_types, description, endpoint_configuration, execution_arn, minimum_compression_size, policy, and tags attributes (#10971)
• resource/aws_db_instance: Support agent value in enable_cloudwatch_logs_exports argument plan-time validation (Support MSSQL agent log) (#11472)
• resource/aws_db_instance: Add delete_automated_backups argument (#8461)
• resource/aws_gamelift_fleet: Add tags argument (#11559)
• resource/aws_instance: Add hibernation argument (#6961)
• resource/aws_launch_template: Add cpu_options configuration block (support disabling multithreading) (#6552)
• resource/aws_neptune_cluster: Add enable_cloudwatch_logs_exports argument (support audit logging) (#11949)
• resource/aws_neptune_cluster: Add deletion_protection argument (#11731)
• resource/aws_rds_global_database: Support aurora-mysql value in engine argument plan-time validation (Support Aurora MySQL 5.7) (#11790)

BUG FIXES:

• data-source/aws_route53_zone: Fixes regression from version 2.48.0 when filtering using tags (#11953)
• resource/aws_batch_job_definition: Prevent extraneous differences with container_properties argument missing environment, mountPoints, ulimits, and volumes configuration (#12000)
• resource/aws_cognito_user_pool: Allow admin_create_user_config configuration block unused_account_validity_days argument to be omitted (#12001)
• resource/aws_launch_configuration: Fixes regression from version 2.23.0 with instance store AMIs returning an unexpected error (#9810)
• resource/aws_launch_configuration: Fixes regression from version 2.23.0 to allow missing EC2 Image during root block device lookup (#12009)
• resource/aws_route53_record: The artificial, hardcoded five minute timeouts for creation and deletions have been removed in preference of the default AWS Go SDK retrying logic (#11895)

v2.48.0

NOTES:

• resource/aws_organizations_policy_attachment: The underlying API calls have switched from ListPoliciesForTarget to ListTargetsForPolicy. Restrictive IAM Policies for Terraform execution may require updates. (#11612)

FEATURES:

• New Data Source: aws_ssm_patch_baseline (#9486)
• New Resource: aws_datasync_location_smb (#10381)

ENHANCEMENTS:

• resource/aws_batch_job_definition: Support resource import (#11407)
• resource/aws_codebuild_project: Add source and secondary_source configuration block git_submodules_config configuration block (#10952)
• resource/aws_codebuild_project: Add source configuration block source_version argument (#9877)
• resource/aws_elasticache_cluster: Add computed flag for port property and set to true (#10017)
• resource/aws_fsx_lustre_file_system: Lower minimum storage_capacity argument validation to 1200 to match API updates (#11847)
• resource/aws_organizations_policy: Support type argument TAG_POLICY value in plan-time validation (#11612)
• resource/aws_organizations_policy_attachment: Support tag policies (#11612)

BUG FIXES:

• resource/aws_appautoscaling_target: Prevent state removal of resource immediately after creation due to eventual consistency (#11819)
• resource/aws_appautoscaling_target: Automatically retry creation on ValidationException: ECS service doesn't exist for ECS eventual consistency (#11693)
• resource/aws_batch_job_definition: Properly set container_properties and name into Terraform state and perform drift detection (#11488)
• resource/aws_cloudformation_stack_set: Wait for update operation completion (default timeout of 30 minutes) and report any errors (#11726)
• resource/aws_cloudwatch_log_stream: Prevent state removal of resource immediately after creation due to eventual consistency (#11617)
• resource/aws_codedeploy_deployment_group: Fixes unexpected behaviour when removing block attributes (#11648)
• resource/aws_default_security_group: Ensure description attribute is written into Terraform state (#11650)
• resource/aws_dynamodb_table: Skip ResourceNotFoundException error during deletion (#11692)
• resource/aws_ec2_client_vpn_endpoint: Ensure dns_servers attribute is refreshed in Terraform state (#11889)
• resource/aws_ecs_cluster: Delay check of ECS Cluster status during creation for ECS eventual consistency (#11701)
• resource/aws_kinesis_firehose_delivery_stream: Allow processors to be cleared from extended S3 configuration (#11649)
• resource/aws_network_acl_rule: Trigger resource recreation instead of error when same number rule (but opposite ingress/egress) is removed (#11544)
• resource/aws_placement_group: Additional handling for creation and deletion eventual consistency (#11671)
• resource/aws_s3_bucket: Retry read after creation for 404 status code and prevent 2 minute delay for triggering recreation on existing resources deleted outside Terraform (#11894)

v2.47.0

NOTES:

• resource/aws_efs_file_system: Tagging API calls have been refactored to the AWS standardized TagResource and UntagResource API calls (from CreateTags and DeleteTags respectively). Restrictive IAM Policies for Terraform execution may require updates. (#11654)

ENHANCEMENTS:

• data-source/aws_api_gateway_vpc_link: Add description, status, status_message, tags, and target_arns attributes (#10822)
• data-source/aws_dynamodb_table: Add server_side_encryption kms_key_arn attribute (#11081)
• data-source/aws_efs_file_system: Add lifecycle_policy, provisioned_throughput_in_mibps, and throughput_mode attributes (#11647)
• data-source/aws_kms_key: Add customer_master_key_spec attribute (#11062)
• resource/aws_dynamodb_table: Add server_side_encryption configuration block kms_key_arn argument (support customer managed CMKs for server-side encryption) (#11081)
• resource/aws_dynamodb_table: Support in-place updates for server_side_encryption configurations (#11081)
• resource/aws_elasticsearch_domain: Add domain_endpoint_options configuration block (support enforcing HTTPS) (#10430)
• resource/aws_gamelift_fleet: Add fleet_type argument (support Spot Fleets) (#8234)
• resource/aws_kms_key: Add customer_master_key_spec argument and plan-time validation support for key_usage value SIGN_VERIFY (support asymmetric keys) (#11062)
• resource/aws_sagemaker_notebook_instance: Add direct_internet_access argument (#8618)
• resource/aws_ssm_activation: Add automation_target_parameter_name argument (#11755)
• resource/aws_ssm_document: Add target_type argument (#11479)
• resource/aws_ssm_maintenance_window: Add description argument (#11478)
• resource/aws_storagegateway_gateway: Add cloudwatch_log_group_arn argument (#10939)

BUG FIXES:

• data-source/aws_api_gateway_rest_api: Fixes root_resource_id not being set on correctly when REST API contains more than 25 resources (#11705)
• resource/aws_cloudwatch_log_subscription_filter: Perform eventual consistency retries on update (#11739)
• resource/aws_cognito_user_pool: Deprecate unused_account_validity_days argument and add support for temporary_password_validity_days argument (#10890)
• resource/aws_elasticsearch_domain: Automatically retry resource creation on additional error messages relating to eventual consistency (#11663)
• resource/aws_elasticsearch_domain: Ensure in-place version upgrade is fully successful before returning (#11793)
• resource/aws_emr_instance_group: Wait for RUNNING status on creation (#11688)
• resource/aws_ssm_activation: Properly trigger resource recreation when deleted outside Terraform (#11658)
• resource/aws_ssm_parameter: Prevent KeyId error when switching type value from SecureString to String (#10819)
• service/efs: Generate proper dns_name attribute hostname suffix in AWS China, AWS C2S, and AWS SC2S partitions (#11746)

v2.46.0

NOTES:

• provider: Terraform AWS Provider version 2.45.0 included AWS Go SDK version 1.28.0, which contained a regression in error handling behavior across many services that either prevented or incorrectly modified error messages from being surfaced by the API. Other than confusing errors in certain cases, this also affected automatic retry logic in a few resources. This release contains an AWS Go SDK update which should resolve these issues.

ENHANCEMENTS:

• data-source/aws_api_gateway_api_key: Add created_date, description, enabled, last_updated_date, and tags attributes (#10821)
• data-source/aws_cloudwatch_log_group: Add kms_key_id, retention_in_days, and tags attributes (#10755)
• data-source/aws_db_instance: Add multi_az attribute (#10795)
• data-source/aws_sqs_queue: Add tags attribute (#10820)
• resource/aws_acm_certificate: Support tag-on-create (#11073)
• resource/aws_api_gateway_rest_api: Add endpoint_configuration configuration block vpc_endpoint_ids argument (#10627)
• resource/aws_cloudfront_distribution: Validate origin_group configuration block member argument contains max 2 items (#10357)
• resource/aws_cognito_user_pool_client: Support plan-time validation values of ALLOW_* variations for explicit_auth_flows argument (#10976)
• resource/aws_ecs_task_definition: Add volume configuration block efs_volume_configuration configuration block (support preview EFS volume configuration) (#11707)
• resource/aws_ecs_task_definition: Add plan-time validation for execution_role_arn argument, placement_constraints configuration block type argument, and task_role_arn argument (#11707)
• resource/aws_egress_only_internet_gateway: Support resource import (#11071)
• resource/aws_key_pair: Add tags argument and key_pair_id attribute (#11481)
• resource/aws_network_interface: Add mac_address attribute (#10633)
• resource/aws_organization_organization: Support plan-time validation value of TAG_POLICY in enabled_policy_types argument (#11535)
• resource/aws_placement_group: Add tags argument and placement_group_id attribute (#11482)
• resource/aws_rds_cluster_endpoint: Add tags argument (#11074)

BUG FIXES:

• data-source/aws_acmpca_certificate_authority: Properly set not_after and not_before values into the Terraform state (#11491)
• provider: Upgrade AWS Go SDK dependency to fix missing/incorrect API error messages and missing retries regression introduced in Terraform AWS Provider version 2.45.0 (#11727)
• resource/aws_acmpca_certificate_authority: Properly set not_after and not_before values into the Terraform state (#11491)
• resource/aws_api_gateway_account: Update retryable error message handling for recent API update (#11735)
• resource_aws_cognito_resource_server: Increase scope max limit to match API (#10505)
• resource_aws_cognito_user_pool_client: Increase allowed_oauth_scopes max limit to match API (#10505)
• resource/aws_dms_certificate: Properly set certificate_wallet value into Terraform state (#11496)
• resource/aws_ec2_client_vpn_endpoint: Properly set status value into Terraform state (#11497)
• resource/aws_ecs_task_definition: Properly refresh ipc_mode and pid_mode attributes in Terraform state for drift detection (#11707)
• resource/aws_emr_security_configuration: Properly set creation_date value into the Terraform state (#11491)
• resource/aws_iam_service_linked_role: Properly set create_date value into the Terraform state (#11491)
• resource/aws_iot_topic_rule: Trigger resource recreation on name argument updates (#10366)
• resource/aws_lambda_event_source_mapping: Properly set last_modified value into the Terraform state (#11491)
• resource/aws_organizations_account: Properly set joined_timestamp value into the Terraform state (#11491)
• resource/aws_redshift_cluster: Handle available, prep-for-resize pending status during creation and update (#10530)
• resource/aws_ssm_activation: Properly set expiration_date value into the Terraform state and perform drift detection when configured (#11491)
• resource/aws_ssm_document: Properly set created_date value into the Terraform state (#11491)
• resource/aws_waf_sql_injection_match_set: Properly set sql_injection_match_tuples value into Terraform state (#11498)

v2.45.0

ENHANCEMENTS:

• resource/aws_codepipeline_webhook: Support in-place tags updates (#11387)
• resource/aws_db_parameter_group: Support resetting parameter group values (#11540)
• resource/aws_docdb_cluster: Support profiler CloudWatch export type (#11051)
• resource/aws_gamelift_alias: Add tags argument (#11486)
• resource/aws_gamelift_build: Add tags argument and arn attribute (#11486)
• resource/aws_gamelift_fleet - Add support for instance_role_arn (#11553)
• resource/aws_gamelift_game_session_queue: Add tags argument (#11486)
• resource/aws_neptune_parameter_group: Support tag-on-create (#11245)
• resource/aws_pinpoint_app: Add plan-time validation for limit configuration block daily, maximum_duration, messages_per_second and total arguments (#11368)
• resource/aws_rds_cluster: Allow enabling Aurora Serverless HTTP endpoint (Data API) with enable_http_endpoint (#11048)
• resource/aws_rds_cluster_parameter_group: Support resetting parameter group values (#11540)
• resource/aws_ssm_document: Add support for "Package" document type (#11492)
• resource/aws_vpc_peering_connection_accepter: Support resource import (#4486)

BUG FIXES:

• resource/aws_autoscaling_group: Prevent indefinite wait for desired capacity to be available when instance_weight specified and >=1 (#11357)
• resource/aws_cloudwatch_event_rule: Retry deletion on CloudWatch Events Target deletion eventual consistency (#11475)
• resource/aws_cloudwatch_event_target: Return failed entry error code and message if provided in RemoveTargets response (#11475)
• resource/aws_codepipeline_webhook: Properly trigger resource recreation when authentication_configuration configuration block allowed_ip_range and secret_token arguments change (#11387)
• resource/aws_emr_cluster: Prevent perpetual difference with ec2_attributes configuration block emr_managed_master_security_group, emr_managed_slave_security_group, and service_access_security_groups arguments when omitted (support EMR Managed Security Groups) (#5493)
• resource/aws_opsworks_permission: Prevent Unable to change own permission level error during self updates (#11379)

v2.44.0

FEATURES:

• New Data Source: aws_directory_service_directory (#11282)
• New Resource: aws_workspaces_directory (#11023)

ENHANCEMENTS:

• data-source/aws_launch_configuration: Add arn attribute (#11416)
• data-source/aws_eks_cluster: Add vpc_config list public_access_cidrs attribute (#11442)
• resource/aws_ami_launch_permission: Support resource import (#11437)
• resource/aws_api_gateway_authorizer: Support resource import (#11436)
• resource/aws_api_gateway_authorizer: Add plan time validation for provider_arns argument (#11436)
• resource/aws_api_gateway_usage_plan_key: Support resource import (#11439)
• resource/aws_batch_compute_environment: Add compute_environment_name_prefix argument and make compute_enviroment_name argument optional (support full name generation) (#10682)
• resource/aws_batch_compute_environment: Add compute_resources configuration block allocation_strategy argument (#10894)
• resource/aws_batch_job_queue: Support resource import (#11406)
• resource/aws_cloudformation_stack: Prevent difference with Transform templates showing processed template (support SAM templates) (#9006)
• resource/aws_cloudwatch_event_rule: Support tag-on-create (#11346)
• resource/aws_db_instance: Remove identifier_prefix 16 character truncation for sqlserver engine (#9040)
• resource/aws_ecs_service: Add plan time validation for launch_type, load_balancer configuration block target_group_arn and container_port, and placement_constraints configuration block type arguments (#11423)
• resource/aws_eks_cluster: Add vpc_config configuration block public_access_cidrs argument (#11442)
• resource/aws_elasticache_cluster: Add arn attribute (#11243)
• resource/aws_launch_configuration: Add arn attribute (#11416)
• resource/aws_lb: Add plan-time validation for ip_address_type and load_balancer_type arguments (#11419)
• resource/aws_rds_cluster_instance: Allow updating ca_cert_identifier for aws_rds_cluster_instance (#10954)
• resource/aws_wafregional_xss_match_set: Support resource import (#11432)

BUG FIXES:

• provider: Allow aws account ID in ARN validation (support ARNs such as AWS Managed IAM Policies) (#11450)
• provider: Support AWS C2S/SC2S Regional ARNs in ARN validation (#11471)
• resource/aws_api_gateway_usage_plan_key: Ensure Terraform performs drift detection of key_type argument (#11439)
• resource/aws_appautoscaling_policy: Prevent potential state removal of resource immediately after creation due to eventual consistency (#11222)
• resource/aws_cloudwatch_dashboard: Trigger resource recreation on dashboard_name updates (prevent dangling resource) (#9784)
• resource/aws_cloudwatch_event_rule: Improved handling of is_enabled argument (#11346)
• resource/aws_ecs_service: Automatically retry IAM Service Linked Role assume role error on creation due to asynchronous creation of role on first usage and IAM eventual consistency (#11423)
• resource/aws_iam_instance: Allows for instance profiles to be changed when instances are in stopped state (#11104)
• resource/aws_opsworks_stack: Ensure tags are refreshed in Terraform state during read for drift detection (#11373)
• resource/aws_rds_cluster_instance: Prevent is already being deleted error on deletion and wait for deletion completion (#11468)

v2.43.0

NOTES:

• This will be the last planned release until early January. Enjoy the rest of your year!

FEATURES:

• New Data Source: aws_organizations_organizational_units (#10395)
• New Resource: aws_accessanalyzer_analyzer (#11169)
• New Resource: aws_lambda_function_event_invoke_config (#11165)

ENHANCEMENTS:

• data-source/aws_elb: Add arn attribute (#11345)
• resource/aws_batch_compute_environment: Support resource import (#11299)
• resource/aws_codebuild_project: Add queued_timeout argument (#11261)
• resource/aws_fsx_windows_file_system: Support storage_capacity minimum value of 32 in validation to match recent updates to the API (#11272)
• resource/aws_opsworks_custom_layer: Add encrypted ebs_volume configuration (#7110)

BUG FIXES:

• resource/aws_datasync_agent: Trigger resource recreation on updated InvalidRequestException error for agents deleted outside Terraform (#11005)
• resource/aws_ecs_cluster: Fixes intermittent failures on update when cluster dependencies are updating (#11310)
• resource/aws_ecs_cluster: Fixes bug where ECS cluster capacity providers are updated but default provider strategy is not changed (#11316)
• resource/aws_globalaccelerator_endpoint_group: Allow traffic_dial_percentage to be set to 0 (#11253)
• resource/aws_lb_listener_rule: Fixes regression from version 2.42.0 when updating a rule without modifying condition (#11364)
• resource/aws_ssm_activation: Ensure tags are refreshed into Terraform state during read for drift detection (#11290)

v2.42.0

FEATURES:

• New Resource: aws_ecs_capacity_provider [GH-11151]
• New Resource: aws_media_convert_queue [GH-10041]
• New Resource: aws_workspaces_ip_group [GH-10904]

ENHANCEMENTS:

• resource/aws_apigateway_usage_plan: Add tags argument and arn attribute [GH-10566]
• resource/aws_codebuild_project: Add ARM_CONTAINER as valid environment configuration block compute_type argument value [GH-11206]
• resource/aws_ecs_cluster: Add capacity_providers argument and default_capacity_provider_strategy configuration block (support ECS Capacity Providers) [GH-11151]
• resource/aws_ecs_service: Add capacity_provider_strategy configuration block (support ECS Capacity Providers) [GH-11151]
• resource/aws_emr_cluster: Add step_concurrency_level argument [GH-11196]
• resource/aws_lb_listener_rule: Support ALB advanced routing rules [GH-8268]

BUG FIXES:

• provider: Prevent crash in planning IAM Policy equivalency checking with invalid Resource declarations (e.g. a list of list of strings) [GH-11107]
• resource/aws_eks_cluster: Handle additional InvalidParameterException: Error in role params error during creation for IAM eventual consistency [GH-11127]
• resource/aws_iam_role: Ignore additional NoSuchEntity errors on deletion [GH-11125]
• resource/aws_network_interface: Prevent extraneous ModifyNetworkInterfaceAttribute API call during update [GH-11277]
• resource/aws_security_group: Support ampersand (&) in ingress and egress configuration block description argument value validation [GH-9528]
• resource/aws_security_group_rule: Support ampersand (&) in description argument value validation [GH-9528]

v2.41.0

FEATURES:

• New Resource: aws_eks_fargate_profile (#11111)
• New Resource: aws_lambda_provisioned_concurrency_config (#11129)

ENHANCEMENTS:

• data-source/aws_route_table: adds attributes gateway_id and associations.gateway_id (#11122)
• resource/aws_autoscaling_group: Add max_instance_lifetime argument (#10951)
• resource/aws_autoscaling_group: Add mixed_instances_policy launch_template override configuration block weighted_capacity argument (#11004)
• resource/aws_codebuild_project: Add Linux GPU worker (#11035)
• resource/aws_docdb_cluster_instance: Add support for ca_cert_identifier parameter (#11041)
• resource/aws_emr_cluster: Outputs EMR cluster ARN (#11078)
• resource/aws_iam_access_key: Remove deprecation from secret and mark secret and ses_smtp_password to sensitive (#10908)
• resource/aws_iam_user: Delete a user's virtual MFA devices when force_destroy is enabled (#11040)
• resource/aws_route_table_association: adds attribute gateway_id (#11122)

BUG FIXES:

• resource/aws_batch_compute_environment: Forces new resource when launch_template contents are changed (#11057)
• resource/aws_datasync_location_s3: Automatically retry creation for IAM errors due to eventual consistency (#10984)
• resource/aws_launch_template: Only set associate_public_ip_address on network interfaces if it's explicitly set to avoid problems with multiple network interfaces (#10157)

v2.40.0

NOTES:

• resource/aws_datasync_task: The DataSync API and SDK have removed BEST_EFFORT as a valid value for the options configuration block posix_permissions argument. The value has been removed from the validation in this resource to match those changes. (#10985)

FEATURES:

• New Resource: aws_dx_hosted_transit_virtual_interface (#8523)
• New Resource: aws_dx_hosted_transit_virtual_interface_accepter (#8523)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add vpc_config nested block cluster_security_group_id attribute (#11002)
• resource/aws_cloudwatch_metric_alarm: Add threshold_metric_id argument (support Anomaly Detection metrics) (#9828)
• resource/aws_codebuild_project: Add support for BUILD_GENERAL1_2XLARGE CodeBuild compute type [GH11015]
• resource/aws_dx_private_virtual_interface: Support tagging-on-create (#9572)
• resource/aws_dx_private_virtual_interface: Validate Virtual Interface type on import (#9572)
• resource/aws_dx_public_virtual_interface: Validate Virtual Interface type on import (#9572)
• resource/aws_ebs_snapshot: Support tagging-on-create and in-place tags updates (#10935)
• resource/aws_ebs_snapshot_copy: Support tagging-on-create and in-place tags updates (#10936)
• resource/aws_eks_cluster: Add vpc_config configuration block cluster_security_group_id attribute (#11002)
• resource/aws_lambda_function: Support waiting for function creation and configuration updates (#11016)

BUG FIXES:

• data-source/aws_iam_group: Ensure users attribute populates fully when group contains more than 100 users (#10993)
• resource/aws_default_route_table: Return helpful not found error on resource creation instead of generic Provider produced inconsistent result after apply error when given invalid default_route_table_id argument value (#10981)
• resource/aws_default_route_table: Propose resource recreation for missing Default Route Table on refresh instead of returning an error (#10981)