v5.18.1

NOTES:

• documentation: Duplicate CDKTF guides with differing file extensions have been removed to resolve failures in the provider release workflow. (#33630)

v5.18.0

FEATURES:

• New Data Source: aws_fsx_ontap_file_system (#32503)
• New Data Source: aws_fsx_ontap_storage_virtual_machine (#32621)
• New Data Source: aws_fsx_ontap_storage_virtual_machines (#32624)
• New Data Source: aws_organizations_organizational_unit (#33408)
• New Resource: aws_opensearch_package (#33227)
• New Resource: aws_opensearch_package_association (#33227)

ENHANCEMENTS:

• resource/aws_fsx_ontap_storage_virtual_machine: Remove ForceNew from active_directory_configuration.self_managed_active_directory_configuration.domain_name, active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group and active_directory_configuration.self_managed_active_directory_configuration.organizational_unit_distinguished_name allowing an SVM to join AD after creation (#33466)

BUG FIXES:

• data-source/aws_sesv2_email_identity: Mark dkim_signing_attributes.domain_signing_private_key as sensitive (#33477)
• resource/aws_db_instance: Fix so that storage_throughput can be changed when iops and allocated_storage are not changed (#33529)
• resource/aws_db_option_group: Avoid erroneous differences being reported when an option port and/or version is not set (#33511)
• resource/aws_fsx_ontap_storage_virtual_machine: Avoid recreating resource when active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group is configured (#33466)
• resource/aws_fsx_ontap_storage_virtual_machine: Change file_system_id to ForceNew (#32621)
• resource/aws_s3_bucket_accelerate_configuration: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#33531)
• resource/aws_s3_bucket_policy: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#33531)
• resource/aws_s3_bucket_versioning: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#33531)
• resource/aws_sesv2_email_identity: Mark dkim_signing_attributes.domain_signing_private_key as sensitive (#33477)

v5.17.0

NOTES:

• data-source/aws_s3_object: Migration to AWS SDK for Go v2 means that the edge case of specifying a single / as the value for key is no longer supported (#33358)

FEATURES:

• New Resource: aws_shield_application_layer_automatic_response (#33432)
• New Resource: aws_verifiedaccess_instance (#33459)

ENHANCEMENTS:

• data-source/aws_s3_object: Add checksum_mode argument and checksum_crc32, checksum_crc32c, checksum_sha1 and checksum_sha256 attributes (#33358)
• data-source/aws_s3control_multi_region_access_point: Add details.region.bucket_account_id attribute (#33416)
• resource/aws_s3_object: Add checksum_algorithm argument and checksum_crc32, checksum_crc32c, checksum_sha1 and checksum_sha256 attributes (#33358)
• resource/aws_s3_object_copy: Add checksum_algorithm argument and checksum_crc32, checksum_crc32c, checksum_sha1 and checksum_sha256 attributes (#33358)
• resource/aws_s3control_multi_region_access_point: Add details.region.bucket_account_id argument to support cross-account Multi-Region Access Points (#33416)
• resource/aws_s3control_multi_region_access_point: Add details.region.region attribute (#33416)
• resource/aws_schemas_schema: Add JSONSchemaDraft4 schema type support (#35971)
• resource/aws_transfer_connector: Add sftp_config argument and make as2_config optional (#32741)
• resource/aws_wafv2_web_acl: Retry resource Update on WAFOptimisticLockException errors (#33432)

BUG FIXES:

• resource/aws_dms_replication_task: Fix error when replication_task_settings is nil (#33456)
• resource/aws_elasticache_cluster: Fix regression for redis engine types caused by the new transit_encryption_enabled argument (#33451)
• resource/aws_neptune_cluster: Fix ignored kms_key_arn on restore from DB cluster snapshot (#33413)
• resource/aws_servicecatalog_product: Allow import on provisioning_artifact_parameters attribute (#33448)
• resource/aws_subnet: Fix destroy error when there is a lingering ENI for DMS (#33375)

v5.16.2

FEATURES:

• New Data Source: aws_cognito_identity_pool (#33053)
• New Resource: aws_verifiedaccess_trust_provider (#33195)

ENHANCEMENTS:

• resource/aws_autoscaling_group: Change the default values of instance_refresh.preferences.scale_in_protected_instances and instance_refresh.preferences.standby_instances from Wait to the Amazon EC2 Auto Scaling console recommended value of Ignore (#33382)
• resource/aws_s3control_object_lambda_access_point: Add alias attribute (#33388)

BUG FIXES:

• resource/aws_autoscaling_group: Fix ValidationError errors when starting Auto Scaling group instance refresh (#33382)
• resource/aws_iot_topic_rule: Fix InvalidParameter errors on Update with Kafka destinations (#33360)
• resource/aws_lightsail_certificate: Fix validation of name (#33405)
• resource/aws_lightsail_database: Fix validation of name (#33405)
• resource/aws_lightsail_disk: Fix validation of name (#33405)
• resource/aws_lightsail_instance: Fix validation of name (#33405)
• resource/aws_lightsail_lb: Fix validation of lb_name (#33405)
• resource/aws_lightsail_lb_attachment: Fix validation of lb_name (#33405)
• resource/aws_lightsail_lb_certificate: Fix validation of lb_name (#33405)
• resource/aws_lightsail_lb_certificate_attachment: Fix validation of lb_name (#33405)
• resource/aws_lightsail_lb_https_redirection_policy: Fix validation of lb_name (#33405)
• resource/aws_lightsail_lb_stickiness_policy: Fix validation of lb_name (#33405)

v5.16.1

BUG FIXES:

• data-source/aws_efs_file_system: Fix Search returned 0 results errors when there are more than 101 file systems in the configured Region (#33336)
• resource/aws_db_instance_automated_backups_replication: Fix unexpected state errors on resource Create (#33369)
• resource/aws_glue_catalog_table: Fix removal of metadata_location and table_type parameters when updating Iceberg tables (#33374)
• resource/aws_service_discovery_instance: Fix validation error "expected to match regular expression" (#33371)

v5.16.0

NOTES:

• provider: Performance regression introduced in v5.14.0 should be largely mitigated (#33317)

FEATURES:

• New Resource: aws_shield_drt_access_log_bucket_association (#33328)
• New Resource: aws_shield_drt_access_role_arn_association (#33328)

ENHANCEMENTS:

• data-source/aws_api_gateway_api_key: Add customer_id attribute (#33281)
• data-source/aws_fsx_windows_file_system: Add disk_iops_configuration attribute (#33303)
• data-source/aws_opensearch_domain: Add software_update_options attribute (#32234)
• data-source/aws_s3_objects: Add request_payer argument and request_charged attribute (#33304)
• data-source/aws_s3_objects: Add plan-time validation of encoding_type (#33304)
• resource/aws_api_gateway_account: Add api_key_version and features attributes (#33279)
• resource/aws_api_gateway_api_key: Add customer_id argument (#33281)
• resource/aws_api_gateway_api_key: Allow updating name (#33281)
• resource/aws_autoscaling_group: Add scale_in_protected_instances and standby_instances attributes to instance_refresh.preferences configuration block (#33310)
• resource/aws_dms_endpoint: Add redshift-serverless as valid value for engine_name (#33316)
• resource/aws_elasticache_cluster: Add transit_encryption_enabled argument, enabling in-transit encryption for Memcached clusters inside a VPC (#26987)
• resource/aws_fsx_windows_file_system: Add disk_iops_configuration configuration block (#33303)
• resource/aws_glue_catalog_table: Add open_table_format_input configuration block to support open table formats such as Apache Iceberg (#33274)
• resource/aws_medialive_channel: Implement expand/flatten functions for automatic_input_failover_settings in input_attachments (#33129)
• resource/aws_opensearch_domain: Add software_update_options attribute (#32234)
• resource/aws_ssm_association: Add sync_compliance attribute (#23515)

BUG FIXES:

• data-source/aws_identitystore_group: Restore filter argument to prevent UnknownOperationException errors in certain Regions (#33311)
• data-source/aws_identitystore_user: Restore filter argument to prevent UnknownOperationException errors in certain Regions (#33311)
• data-source/aws_s3_objects: Respect configured max_keys value if it's greater than 1000 (#33304)
• resource/aws_api_gateway_account: Allow setting cloudwatch_role_arn to an empty value and set it correctly on Read, allowing its value to be determined on import (#33279)
• resource/aws_fsx_ontap_file_system: Increase maximum value of disk_iops_configuration.iops to 160000 (#33263)
• resource/aws_servicecatalog_principal_portfolio_association: Fix ResourceNotFoundException errors on resource Delete when configured principal_type is IAM_PATTERN (#32243)

v5.15.0

ENHANCEMENTS:

• data-source/aws_efs_file_system: Add name attribute (#33243)
• data-source/aws_lakeformation_data_lake_settings: Add read_only_admins attribute (#33189)
• data-source/aws_opensearch_domain: Add cluster_config.multi_az_with_standby_enabled attribute (#33031)
• resource/aws_cloudformation_stack_set: Support resource import with call_as = "DELEGATED_ADMIN" via StackSetName,CallAs syntax for import block or terraform import command (#19092)
• resource/aws_cloudformation_stack_set_instance: Support resource import with call_as = "DELEGATED_ADMIN" via StackSetName,AccountID,Region,CallAs syntax for import block or terraform import command (#19092)
• resource/aws_datasync_location_fsx_openzfs_file_system: Fix setting protocol: Invalid address to set errors (#33225)
• resource/aws_efs_file_system: Add name attribute (#33243)
• resource/aws_fsx_openzfs_file_system: Add endpoint_ip_address_range, preferred_subnet_id and route_table_ids arguments to support the Multi-AZ deployment type (#33245)
• resource/aws_lakeformation_data_lake_settings: Add read_only_admins argument (#33189)
• resource/aws_opensearch_domain: Add cluster_config.multi_az_with_standby_enabled argument (#33031)
• resource/aws_wafv2_rule_group: Add name_prefix argument (#33206)
• resource/aws_wafv2_web_acl: Add statement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_atp_rule_set.enable_regex_in_path argument (#33217)

BUG FIXES:

• provider: Correctly use old and new tag values when updating tags that are computed (#33226)
• resource/aws_appflow_connector_profile: Fix validation on oauth2 in custom_connector_profile (#33192)
• resource/aws_cloudformation_stack_set: Fix Can only set RetainStacksOnAccountRemoval if AutoDeployment is enabled errors (#19092)
• resource/aws_cloudwatch_event_bus_policy: Fix error during plan when the associated aws_cloudwatch_event_bus resource is manually deleted (#33203)
• resource/aws_codeartifact_domain: Change the type of asset_size_bytes to TypeString instead of TypeInt to prevent value out of range panic (#33220)
• resource/aws_efs_file_system_policy: Retry IAM eventual consistency errors (#21734)
• resource/aws_fsx_openzfs_file_system: Wait for administrative action completion when updating root volume (#33245)
• resource/aws_iot_thing_type: Fix error during plan when resource is manually deleted (#33203)
• resource/aws_kms_key: Fix tag propagation: timeout while waiting for state to become 'TRUE' errors when any tag value is empty ("") (#33226)
• resource/aws_wafv2_web_acl: Prevent deletion of the AWS-managed ShieldMitigationRuleGroup rule on resource Update (#33216)

v5.14.0

NOTES:

• data-source/aws_iam_policy_document: In some cases, statement.*.condition blocks with the same test and variable arguments were incorrectly handled by the provider. Since this results in unexpected IAM Policies being submitted to AWS, we have updated the logic to merge values lists in this case. This may cause existing IAM Policy documents to report a difference. However, those policies are likely not what was originally intended. (#33093)

FEATURES:

• New Resource: aws_datasync_location_azure_blob (#32632)
• New Resource: aws_datasync_location_fsx_ontap_file_system (#32632)

ENHANCEMENTS:

• data-source/aws_dms_endpoint: Fix crash when specified endpoint not found (#33158)
• data-source/aws_dms_replication_instance: Add network_type attribute (#33158)
• data-source/aws_ec2_network_insights_path: Add destination_arn and source_arn attributes (#33168)
• resource/aws_dms_replication_instance: Add network_type argument (#33158)
• resource/aws_ec2_network_insights_path: Add destination_arn and source_arn attributes (#33168)
• resource/aws_finspace_kx_environment: Add transit_gateway_configuration.*.attachment_network_acl_configuration argument. (#33123)
• resource/aws_medialive_channel: Updates schemas for selector_settings for audio_selector and selector_settings for caption_selector (#32714)
• resource/aws_ssoadmin_account_assignment: Add configurable timeouts (#33121)
• resource/aws_ssoadmin_customer_managed_policy_attachment: Add configurable timeouts (#33121)
• resource/aws_ssoadmin_managed_policy_attachment: Add configurable timeouts (#33121)
• resource/aws_ssoadmin_permission_set: Add configurable timeouts (#33121)
• resource/aws_ssoadmin_permission_set_inline_policy: Add configurable timeouts (#33121)
• resource/aws_ssoadmin_permissions_boundary_attachment: Add configurable timeouts (#33121)

BUG FIXES:

• data-source/aws_iam_policy_document: Fix inconsistent handling of condition blocks with duplicated test and variable arguments (#33093)
• resource/aws_ec2_host: Fixed a bug that caused resource recreation when specifying an outpost_arn without an asset_id (#33142)
• resource/aws_ec2_network_insights_analysis: Fix setting forward_path_components: Invalid address to set errors (#33168)
• resource/aws_ec2_network_insights_path: Avoid recreating resource when passing an ARN as source or destination (#33168)
• resource/aws_ec2_network_insights_path: Retry AnalysisExistsForNetworkInsightsPath errors on resource Delete (#33168)
• resource/aws_kms_key: Fix tag propagation: timeout while waiting for state to become 'TRUE' errors when ignore_tags has been configured (#33167)
• resource/aws_licensemanager_license_configuration: Surface InvalidParameterValueException errors during resource Delete (#32845)
• resource/aws_msk_cluster_policy: Fix Current cluster policy version needed for Update errors (#33118)
• resource/aws_quicksight_analysis: Change definition.*.parameter_declarations to a set type, preventing persistent differences (#33120)
• resource/aws_quicksight_analysis: Fixed a bug that caused errors related to the word_orientation argument when using word cloud visuals. (#33122)
• resource/aws_quicksight_analysis: Skip setting definition.*.parameter_declarations.*.*_parameter_declaration.static_values when empty, preventing persistent differences. (#33161)
• resource/aws_quicksight_dashboard: Change definition.*.parameter_declarations to a set type, preventing persistent differences (#33120)
• resource/aws_quicksight_dashboard: Fixed a bug that caused errors related to the word_orientation argument when using word cloud visuals. (#33122)
• resource/aws_quicksight_dashboard: Skip setting definition.*.parameter_declarations.*.*_parameter_declaration.static_values when empty, preventing persistent differences. (#33161)
• resource/aws_quicksight_template: Change definition.*.parameter_declarations to a set type, preventing persistent differences (#33120)
• resource/aws_quicksight_template: Fixed a bug that caused errors related to the word_orientation argument when using word cloud visuals. (#33122)
• resource/aws_quicksight_template: Skip setting definition.*.parameter_declarations.*.*_parameter_declaration.static_values when empty, preventing persistent differences. (#33161)
• resource/aws_route53_zone: Skip disabling DNS SEC in unsupported partitions (#33103)
• resource/aws_s3_object: Mark acl as Computed. This suppresses the diffs shown when migrating resources with no configured acl attribute value from v4.67.0 (or earlier) (#33138)
• resource/aws_s3_object_copy: Mark acl as Computed. This suppresses the diffs shown when migrating resources with no configured acl attribute value from v4.67.0 (or earlier) (#33138)
• resource/aws_securityhub_account: Remove default value (SECURITY_CONTROL) for control_finding_generator argument and mark as Computed (#33095)

v5.13.1

BUG FIXES:

• resource/aws_lambda_layer_version: Change source_code_hash back to ForceNew. This fixes doesn't support update errors (#33097)
• resource/aws_organizations_organization: Fix current Organization ID (o-xxxxxxxxxx) does not match errors on resource Read (#33091)

v5.13.0

FEATURES:

• New Resource: aws_msk_cluster_policy (#32848)
• New Resource: aws_opensearch_vpc_endpoint (#32435)
• New Resource: aws_ram_sharing_with_organization (#25433)

ENHANCEMENTS:

• data-source/aws_imagebuilder_image_pipeline: Add image_scanning_configuration attribute (#33005)
• data-source/aws_ram_resource_share: Add resource_arns attribute (#22591)
• provider: Adds the s3_us_east_1_regional_endpoint attribute to support using the regional S3 API endpoint in us-east-1. (#33024)
• resource/aws_appstream_fleet: Retry ConcurrentModificationException errors during creation (#32958)
• resource/aws_dms_endpoint: Add babelfish as an engine_name option (#32975)
• resource/aws_imagebuilder_image_pipeline: Add image_scanning_configuration configuration block (#33005)
• resource/aws_lb: Changes to security_groups for Network Load Balancers force a new resource if either the old or new set of security group IDs is empty (#32987)
• resource/aws_rds_global_cluster: Add plan-time validation of global_cluster_identifier (#30996)

BUG FIXES:

• data-source/aws_ecr_repository: Correctly set most_recent_image_tags when only a single image is found (#31757)
• resource/aws_budgets_budget_action: No longer times out when creating a non-triggered action (#33015)
• resource/aws_cloudformation_stack: Marks outputs as Computed when there are potential changes. (#33059)
• resource/aws_cloudwatch_event_rule: Fix ARN-based partner event bus rule ID parsing error (#30293)
• resource/aws_ecr_registry_scanning_configuration: Correctly delete rules on resource Update (#31449)
• resource/aws_lambda_layer_version: Fix bug causing new version to be created on every apply when source_code_hash is used but not changed (#32535)
• resource/aws_lb_listener_certificate: Remove from state when listener not found (#32412)
• resource/aws_organizations_organization: Ensure that the Organization ID specified in terraform import is the current Organization (#31796)
• resource/aws_quicksight_analysis: Adjust max length of definition.*.calculated_fields.*.expression to 32000 characters (#33012)
• resource/aws_quicksight_analysis: Convert definition.*.calculated_fields to a set type, preventing persistent differences (#33040)
• resource/aws_quicksight_analysis: Convert permissions argument to TypeSet, preventing persistent differences (#33023)
• resource/aws_quicksight_analysis: Enable font_configuration to be set for table header styles (#33018)
• resource/aws_quicksight_analysis: Enable font_configuration to be set for table header styles (#33018)
• resource/aws_quicksight_analysis: Enable font_configuration to be set for table header styles (#33018)
• resource/aws_quicksight_analysis: Raise limit for maximum allowed visuals blocks per sheet to 50 (#32856)
• resource/aws_quicksight_dashboard: Adjust max length of definition.*.calculated_fields.*.expression to 32000 characters (#33012)
• resource/aws_quicksight_dashboard: Convert definition.*.calculated_fields to a set type, preventing persistent differences (#33040)
• resource/aws_quicksight_dashboard: Convert permissions argument to TypeSet, preventing persistent differences (#33023)
• resource/aws_quicksight_data_set: Change permission attribute type from TypeList to TypeSet (#32984)
• resource/aws_quicksight_template: Adjust max items of definition.*.calculated_fields to 500 (#33012)
• resource/aws_quicksight_template: Adjust max length of definition.*.calculated_fields.*.expression to 32000 characters (#33012)
• resource/aws_quicksight_template: Convert definition.*.calculated_fields to a set type, preventing persistent differences (#33040)
• resource/aws_quicksight_template: Convert permissions argument to TypeSet, preventing persistent differences (#33023)
• resource/aws_s3_bucket_logging: Fix perpetual drift when expected_bucket_owner is configured (#32989)
• resource/aws_sagemaker_domain: Fix validation on s3_kms_key_id in sharing_settings and kms_key_id (#32661)
• resource/aws_subnet: Fix allowing IPv6 to be enabled in an update after initial creation with IPv4 only (#32896)
• resource/aws_wafv2_web_acl: Adds rule_group_reference_statement.rule_action_override.action_to_use.challenge argument (#31127)