Update Terraform aws to v5.68.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	5.67.0 -> 5.68.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.68.0

Compare Source

NOTES:

• resource/aws_iam_role: The inline_policy argument is deprecated. Use the aws_iam_role_policy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws_iam_role_policies_exclusive resource as well. (#​39203)
• resource/aws_lexv2models_slot_type: Within the composite_slot_type_setting block, the subslots argument has been renamed sub_slots. See the linked pull request for additional justification on this change. The previous misnaming effectively made this argument unusable, therefore a breaking change in a minor version was deemed acceptable. (#​39353)

FEATURES:

• New Data Source: aws_elasticache_reserved_cache_node_offering (#​29832)
• New Data Source: aws_securityhub_standards_control_associations (#​39334)
• New Data Source: aws_synthetics_runtime_version (#​39180)
• New Data Source: aws_synthetics_runtime_versions (#​39180)
• New Resource: aws_appsync_source_api_association (#​39323)
• New Resource: aws_elasticache_reserved_cache_node (#​29832)
• New Resource: aws_iam_role_policies_exclusive (#​39203)
• New Resource: aws_pinpointsmsvoicev2_opt_out_list (#​25036)
• New Resource: aws_pinpointsmsvoicev2_phone_number (#​25036)
• New Resource: aws_sesv2_account_suppression_attributes (#​39325)

ENHANCEMENTS:

• resource/aws_s3_bucket_server_side_encryption_configuration: S3 directory buckets now support SSE-KMS (#​39366)
• resource/aws_ses_receipt_rule: Add iam_role_arn argument to s3_action configuration block (#​39364)
• resource/aws_synthetics_canary: Increase maximum name length to 255 characters (#​39315)

BUG FIXES:

• provider: Allows assume_role.role_arn to be an empty string when there is a single assume_role entry. (#​39328)
• resource/aws_amplify_app: Fix failure when unsetting the environment_variables argument (#​39397)
• resource/aws_dynamodb_table: Fix changing replicas to the default Managed by DynamoDB encryption setting (#​31284)
• resource/aws_dynamodb_table: Handle eventual consistency of tag creation and removal (#​39326)
• resource/aws_dynamodb_table_replica: Handle eventual consistency of tag creation and removal (#​39326)
• resource/aws_dynamodb_tag: Handle eventual consistency of tag creation and removal (#​39326)
• resource/aws_mq_broker: Fix engine_version mismatch with RabbitMQ 3.13 and ActiveMQ 5.18 and above (#​39024)
• resource/aws_mwaa_environment: Fix creating environments with endpoint_management = "CUSTOMER" (#​39394)
• resource/aws_opensearchserverless_access_policy: Fix incompatible type error when setting policy (#​39322)

---

Configuration

📅 Schedule: Branch creation - "before 4pm on friday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.