Log Message:
terraform-provider-aws: updated to 2.26.0

v2.62.0

FEATURES:
New Resource: aws_workspaces_workspace

ENHANCEMENTS:
resource/aws_appsync_resolver: Add cache_config configuration block
resource/aws_codebuild_project: Support git_submodules_config with GITHUB and \ 
GITHUB_ENTERPRISE source types
resource/aws_codebuild_project: Support SECRETS_MANAGER environment variable type
resource/aws_datasync_task: Support ONLY_FILES_TRANSFERRED value in verify_mode \ 
argument
resource/aws_iot_topic_rule: Add dynamodbv2 configuration block
resource/aws_iot_topic_rule: Add iot_analytics configuration block
resource/aws_iot_topic_rule: Add iot_events configuration block
resource/aws_iot_topic_rule: Add operation argument to dynamodb configuration block
resource/aws_iot_topic_rule: Add qos argument republish configuration block

BUG FIXES:
resource/aws_codebuild_project: Allow empty value ("") environment \ 
variables
resource/aws_security_group_rule: Prevent recreation when \ 
source_security_group_id refers to a security group across accounts

v2.61.0

FEATURES:
New Data Source: aws_ec2_coip_pool
New Data Source: aws_ec2_coip_pools
New Data Source: aws_ec2_local_gateway
New Data Source: aws_ec2_local_gateways
New Data Source: aws_ec2_local_gateway_route_table
New Data Source: aws_ec2_local_gateway_route_tables
New Resource: aws_ec2_transit_gateway_peering_attachment_accepter

ENHANCEMENTS:
data-source/aws_ebs_volume: Add multi_attach_enabled attribute
data-source/aws_efs_file_system: Add size_in_bytes attribute
data-source/aws_eip: Add customer_owned_ip and customer_owned_ipv4_pool attributes
data-source/aws_launch_template: add partition_number attribute
resource/aws_api_gateway_deployment: Add triggers argument
resource/aws_apigatewayv2_deployment: Add triggers argument
resource/aws_ebs_volume: Add multi_attach_enabled attribute
resource/aws_eip: Add customer_owned_ip attribute and customer_owned_ipv4_pool \ 
argument
resource/aws_glue_connection: Support KAFKA for connection_type argument
resource/aws_launch_template: add partition_number attribute
resource/aws_launch_template: add plan time validation to volume_type, \ 
spot_instance_type, ipv6_addresses, ipv4_addresses, private_ip_address`
resource/aws_workspaces_directory: Add output attributes for \ 
workspace_security_group_id, iam_role_id, registration_code, directory_name, \ 
directory_type, customer_user_name, alias, ip_group_ids and dns_ip_addresses

BUG FIXES:
resource/aws_workspaces_directory: Fixes error when removing tags

v2.60.0

NOTES:
provider: Region validation now automatically supports the new eu-south-1 \ 
(Europe (Milan)) region. For AWS operations to work in the new region, the \ 
region must be explicitly enabled as outlined in the AWS Documentation. When the \ 
region is not enabled, the Terraform AWS Provider will return errors during \ 
credential validation (e.g. error validating provider credentials: error calling \ 
sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the \ 
request is invalid) or AWS operations will throw their own errors (e.g. \ 
data.aws_availability_zones.current: Error fetching Availability Zones: \ 
AuthFailure: AWS was not able to validate the provided access credentials).
provider: Ignore tags functionality across all data sources and resources \ 
(except aws_autoscaling_group) via the provider-level ignore_tags configuration \ 
block has been enabled and this functionality is no longer considered in \ 
preview.

FEATURES:
New Data Source: aws_backup_plan
New Data Source: aws_backup_selection
New Data Source: aws_backup_vault
New Data Source: aws_ec2_transit_gateway_peering_attachment
New Resource: aws_ec2_transit_gateway_peering_attachment
New Resource: aws_guardduty_organization_admin_account
New Resource: aws_guardduty_organization_configuration

ENHANCEMENTS:
data-source/aws_cloudtrail_service_account: Support eu-south-1 region
data-source/aws_ebs_volume: Add outpost_arn attribute
data-source/aws_elastic_beanstalk_hosted_zone: Support eu-south-1 region
data-source/aws_elb_hosted_zone_id: Add us-gov-east-1 and us-gov-west-1 region values
data-source/aws_elb_hosted_zone_id: Support eu-south-1 region
data-source/aws_elb_service_account: Support eu-south-1 region
data-source/aws_instance: Add outpost_arn attribute
data-source/aws_network_interface: Add outpost_arn attribute
data-source/aws_s3_bucket: Support eu-south-1 region for hosted_zone_id attribute
data-source/aws_subnet: Add outposts_arn attribute
provider: Support automatic region validation for eu-south-1
provider: Implement ignore tags functionality across all data sources and \ 
resources (except aws_autoscaling_group)
resource/aws_api_gateway_stage: Ignore NotFoundException error on destroy
resource/aws_db_snapshot: Support import
resource/aws_default_route_table: Add plan-time validation to cidr_block and \ 
ipv6_cidr_block arguments
resource/aws_default_route_table: Support import
resource/aws_dms_endpoint: Add kafka_settings configuration block and kafka to \ 
engine_name argument validation
resource/aws_ebs_volume: Add outpost_arn argument
resource/aws_elasticsearch_domain: Support customizable update timeout
resource/aws_glue_connection: Support MONGODB for connection_type argument
resource/aws_key_pair: Support tag-on-create
resource/aws_instance: Add outpost_arn attribute
resource/aws_mq_broker: Support import
resource/aws_network_interface: Add outpost_arn attribute
resource/aws_placement_group: Support tag-on-create
resource/aws_route_table: Add plan-time validation to cidr_block and \ 
ipv6_cidr_block arguments
resource/aws_route53_health_check: Support plan-time validation for \ 
reference_name argument
resource/aws_s3_bucket: Support eu-south-1 region for hosted_zone_id attribute
resource/aws_spot_fleet_request: Add launch_template_config configuration block \ 
(Support EC2 Launch Templates)
resource/aws_spot_fleet_request: Support import
resource/aws_storagegateway_gateway: Add gateway_vpc_endpoint argument
resource/aws_storagegateway_smb_file_share: Add path attribute
resource/aws_subnet: Add outposts_arn argument
resource/aws_wafregional_xss_match_set: Add plan-time validation for \ 
xss_match_tuple configuration block arguments

BUG FIXES:
data-source/aws_api_gateway_rest_api: Prevent error with VPC Endpoint configured APIs
resource/aws_appautoscaling_scheduled_action: Prevent error on refresh with \ 
multiple resources using the same scheduled action name
resource/aws_batch_job_queue: Prevent panic when ComputeEnvironmentOrder is \ 
updated outside Terraform
resource/aws_default_route_table: Proper tag on resource creation
resource/aws_efs_file_system: Prevent panic with empty lifecycle_policy \ 
configuration block
resource/aws_fsx_windows_file_system: Prevent panic when update includes \ 
self_managed_active_directory settings
resource/aws_glue_catalog_table: Prevent various panics with empty configuration \ 
blocks
resource/aws_kinesis_firehose_delivery_stream: Prevent panic with empty \ 
processing_configuration configuration block
resource/aws_kms_external_key: Prevent MalformedPolicyDocumentException errors \ 
on creation by retrying for up to 2 minutes to wait for IAM change propagation
resource/aws_kms_key: Prevent MalformedPolicyDocumentException errors on \ 
creation by retrying for up to 2 minutes to wait for IAM change propagation
resource/aws_lb_listener: Prevent panics on creation and refresh when API throttled
resource/aws_route53_zone: Prevent panic with APIs missing ChangeInfo during \ 
creation (best effort fix for LocalStack)
resource/aws_storagegateway_gateway: Perform multiple connectivity checks after \ 
activation to wait if the underlying server (e.g. EC2 Instance) is automatically \ 
rebooted
resource/aws_storagegateway_gateway: Retry 504 status code on activation
resource/aws_wafregional_xss_match_set: Prevent crash with xss_match_tuple \ 
configuration block since version 2.59.0

v2.59.0
@breathingdust breathingdust released this 24 days ago · 470 commits to master \ 
since this release

NOTES:

provider: Region validation now automatically supports the new af-south-1 \ 
(Africa (Cape Town)) region. For AWS operations to work in the new region, the \ 
region must be explicitly enabled as outlined in the AWS Documentation. When the \ 
region is not enabled, the Terraform AWS Provider will return errors during \ 
credential validation (e.g. error validating provider credentials: error calling \ 
sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the \ 
request is invalid) or AWS operations will throw their own errors (e.g. \ 
data.aws_availability_zones.current: Error fetching Availability Zones: \ 
AuthFailure: AWS was not able to validate the provided access credentials). \ 
(#12715)
resource/aws_iam_user: The additional force_destroy behavior for handling \ 
signing certificates requires two additional IAM permissions \ 
(iam:ListSigningCertificates and iam:DeleteSigningCertificate). Restrictive IAM \ 
permissions for Terraform runs may require updates. (#10542)
resource/aws_rds_cluster: Due to recent API support for Aurora MySQL 5.7 and \ 
PostgreSQL Global Clusters which implemented the engine mode as provisioned \ 
instead of the previous global for Aurora MySQL 5.6, the resource now requires \ 
the DescribeGlobalClusters API call. Restrictive IAM permissions may require \ 
updates. (#12867)
FEATURES:

New Resource: aws_apigatewayv2_api_mapping (#9461)
New Resource: aws_apigatewayv2_vpc_link (#12577)
ENHANCEMENTS:

data_source/aws_acm_certificate: Add tags output (#11659)
data-source/aws_cloudtrail_service_account: Support af-south-1 region (#12967)
data-source/aws_elastic_beanstalk_hosted_zone: Support af-south-1 region (#12967)
data-source/aws_elb_hosted_zone_id: Support af-south-1 region (#12967)
data-source/aws_elb_service_account: Support af-south-1 region (#12967)
data-source/aws_s3_bucket: Support af-south-1 region for hosted_zone_id \ 
attribute (#12967)
provider: Support automatic region validation for af-south-1 (#12715)
resource/aws_apigatewayv2_api: Add cors_configuration, credentials_arn, \ 
route_key and target attributes (#12452)
resource/aws_appsync_graphql_api: Add log_config configuration block \ 
exclude_verbose_content argument (#12884)
resource/aws_config_configuration_recorder: Prevent error during deletion \ 
operation when resource is missing (#12734)
resource/aws_default_network_acl: Support import (#12924)
resource/aws_lambda_alias: Suppress differences for equivalent function_name \ 
argument values of name versus ARN (#12902)
resource/aws_network_acl_rule: Support import (#12921)
resource/aws_route: Add plan-time validation for destination_cidr_block and \ 
destination_ipv6_cidr_block arguments (#12890)
resource/aws_s3_bucket: Support af-south-1 region for hosted_zone_id attribute \ 
(#12967)
resource/aws_service_discovery_private_dns_namespace: Support import (#12929)
resource/aws_ssm_activation: Support import (#12933)
resource/aws_ssm_maintenance_window_target: Add plan-time validation to \ 
resource_type argument (#11783)
resource/aws_ssm_maintenance_window_target: Support import (#12935)
resource/aws_volume_attachment: Support import (#12948)
resource/aws_waf_ipset: Add plan-time validation for ip_set_descriptors \ 
configuration block arguments (#12775)
resource/aws_waf_sql_injection_match_set: Support import (#11657)
resource/aws_waf_xss_match_set: Add plan-time validation for xss_match_tuples \ 
configuration block arguments (#12777)
resource/aws_wafregional_web_acl: Add plan-time validation to various arguments \ 
(#12793)
BUG FIXES:

data-source/aws_launch_template: Prevent type error with network_interfaces \ 
associate_public_ip_address attribute (#12936)
resource/aws_glue_security_configuration: Prevent empty string KMS Key ARN in S3 \ 
Encryption settings (#12898)
resource/aws_iam_user: Ensure force_destroy argument removes signing \ 
certificates when enabled (#10542)
resource/aws_rds_cluster: Prevent unexpected global_cluster_identifier \ 
differences and deletion error with aurora-mysql and aurora-postgresql Global \ 
Cluster members (#12867)
resource/aws_route: Prevent not found after creation error with \ 
destination_ipv6_cidr_block set to ::0/0 (#12890)
Assets
2
 v2.58.0
 94d0642
Unverified
Compare
v2.58.0
@breathingdust breathingdust released this on 17 Apr · 589 commits to master \ 
since this release

FEATURES:

New Data Source: aws_regions (#12269)
New Resource: aws_apigatewayv2_deployment (#9245)
New Resource: aws_apigatewayv2_domain_name (#9391)
New Resource: aws_apigatewayv2_integration_response (#9365)
New Resource: aws_apigatewayv2_route (#8881)
New Resource: aws_apigatewayv2_route_response (#9373)
New Resource: aws_apigatewayv2_stage (#9232)
New Resource: aws_dms_event_subscription (#7170)
ENHANCEMENTS:

data-source/aws_dynamodb_table: Add replica attribute (initial support for \ 
Global Tables V2 (version 2019.11.21)) (#12342)
data-source/aws_instance: Exports volume_name for root_block_device (#12620)
resource/aws_backup_plan: Add rule configuration block copy_action configuration \ 
block (support cross region copy) (#11923)
resource/aws_cognito_identity_provider: Support plan-time validation for \ 
idp_identifiers, provider_name, and provider_type arguments (#10705)
resource/aws_dms_endpoint: Add elasticsearch_settings configuration block and \ 
elasticsearch to engine_name validation (support Elasticsearch endpoints) \ 
(#11792)
resource/aws_dms_endpoint: Add kinesis_settings configuration block and kinesis \ 
to engine_name validation (support Kinesis endpoints) (#8633)
resource/aws_dynamodb_table: Add replica configuration block (initial support \ 
for Global Tables V2 (version 2019.11.21)) (#12342)
resource/aws_ec2_client_vpn_endpoint: Allow two authentication_options \ 
configuration blocks (#12819)
resource/aws_instance: Allow changing root volume size without re-creating \ 
resource (#12620)
resource/aws_instance: Exports volume_name for root_block_device (#12620)
BUG FIXES:

resource/aws_dlm_lifecycle_policy: Ensure plan-time validation for times \ 
argument only allows 24 hour format (#12800)
Assets
2
 v2.57.0
 8c46f5f
Unverified
Compare
v2.57.0
@breathingdust breathingdust released this on 10 Apr · 712 commits to master \ 
since this release

BREAKING CHANGES:

provider: The configuration for the preview ignore tags functionality has been \ 
updated to include a wrapping configuration block. For example:
provider "aws" {
  ignore_tags {
    keys = ["TagKey1"]
  }
}
FEATURES:

New Data Source: aws_cloudfront_distribution (#6468)
New Resource: aws_apigatewayv2_authorizer (#9228)
New Resource: aws_apigatewayv2_integration (#8949)
New Resource: aws_apigatewayv2_model (#8912)
ENHANCEMENTS:

data-source/aws_lambda_layer_version: Support plan-time validation for \ 
compatible_runtime argument dotnetcore3.1 value (support .NET Core 3.1) (#12712)
resource/aws_cloudhsm_v2_cluster: Support tag-on-create (#11683)
resource/aws_docdb_cluster: Add deletion_protection argument (#12650)
resource/aws_egress_only_internet_gateway: Add tags argument (#11568)
resource/aws_lambda_function: Support plan-time validation for runtime argument \ 
dotnetcore3.1 value (support .NET Core 3.1) (#12712)
resource/aws_lambda_layer_version: Support plan-time validation for \ 
compatible_runtimes argument dotnetcore3.1 value (support .NET Core 3.1) \ 
(#12712)
resource/aws_rds_global_cluster: Add aurora-postgresql to engine argument \ 
plan-time validation (#12401)
resource/aws_redshift_snapshot_copy_grant: Support resource import (#10350)
resource/aws_spot_fleet_request: Add tags argument (support tagging of Spot \ 
Fleet Request itself) (#12295)
resource/aws_spot_fleet_request: Support plan-time validation for \ 
launch_specification configuration block ebs_block_device volume_type, \ 
iam_instance_profile_arn, placement_tenancy, and root_block_device volume_type \ 
arguments (#12295)
resource/aws_spot_fleet_request: Support plan-time validation for \ 
allocation_strategy, instance_interruption_behaviour, and target_group_arns \ 
arguments (#12295)
service/ec2: Prevent eventual consistency errors tagging resources on creation \ 
(#12735)
BUG FIXES:

resource/aws_appautoscaling_policy: Fix error when importing DynamoDB Table \ 
Index policy (#11232)
resource/aws_db_instance: Allow creating read replica into RAM shared Subnet \ 
with VPC Security Group (#12700)
resource/aws_kms_key: Prevent eventual consistency related errors on creation \ 
(#12738)
resource/aws_lb_target_group: Automatically propose resource recreation for TCP \ 
protocol Target Groups when health_check configuration block interval, protocol, \ 
or timeout argument values are updated (#4568)
Assets
2
 v2.56.0
 02afaa6
Unverified
Compare
v2.56.0
@bflad bflad released this on 3 Apr · 813 commits to master since this release

NOTES:

resource/aws_emr_cluster: The bug fix in this release will potentially re-create \ 
EMR Clusters with multiple bootstrap actions, since bootstrap actions cannot be \ 
modified in place. To avoid re-creation, temporarily add the ignore_changes \ 
lifecycle configuration argument and/or update the order in your Terraform \ 
configuration.
ENHANCEMENTS:

data-source/aws_launch_template: Add hibernation_options attribute (#12492)
resource/aws_codepipeline: Adds cross-region action support (#12549)
resource/aws_dx_connection: Support 2Gbps and 5Gbps values in plan-time \ 
validation for bandwidth argument (#12559)
resource/aws_dx_lag: Support 2Gbps and 5Gbps values in plan-time validation for \ 
bandwidth argument (#12559)
resource/aws_elastic_transcoder_preset: Support plan-time validation for role \ 
argument (#12575)
resource/aws_kms_grant: Support resource import (#11991)
resource/aws_launch_template: Add hibernation_options configuration block (#12492)
BUG FIXES:

resource/aws_codedeploy_deployment_group: Fix blue_green_deployment_config \ 
updates for ECS (#11885)
resource/aws_emr_cluster: Now properly sets the order when multiple bootstrap \ 
actions are defined
resource/aws_kms_grant: Remove resource from Terraform state instead of error if \ 
removed outside Terraform (#12560)
resource/aws_s3_bucket: Prevent various panics with empty configuration blocks \ 
(#12614)
resource/aws_volume_attachment: Ensure any error is shown while waiting for \ 
volume to detach (#12596)
Assets
2
 v2.55.0
 3bef4e2
Unverified
Compare
v2.55.0
@gdavison gdavison released this on 27 Mar · 899 commits to master since this \ 
release

FEATURES:

New Resource: aws_ec2_availability_zone_group (#12400)
ENHANCEMENTS:

data-source/aws_availability_zone: Add all_availability_zones and filter \ 
arguments (#12400)
data-source/aws_availability_zone: Add group_name, network_border_group, and \ 
opt_in_status attributes (#12400)
data-source/aws_availability_zones: Add all_availability_zones and filter \ 
arguments (#12400)
data-source/aws_availability_zones: Add group_names attribute (#12400)
data-source/aws_ec2_transit_gateway_dx_gateway_attachement: Add filter and tags \ 
arguments (#12516)
data-source/aws_ec2_transit_gateway_vpn_attachment: Add filter and tags \ 
arguments (#12415)
data-source/aws_instance: Add metadata_options attribute (#12491)
data-source/aws_launch_template: Add filter and tags arguments (#12403)
data-source/aws_launch_template: Add metadata_options attribute (#12491)
data-source/aws_prefix_list: Add filter argument (#12416)
data-source/aws_vpc_endpoint_service: Add filter and tags arguments (#12404)
resource/aws_athena_workgroup: Add force_destroy argument (#12254)
resource/aws_cloudwatch_log_metric_filter: Support resource import (#11992)
resource/aws_flow_log: Add max_aggregation_interval argument (#12483)
resource/aws_instance: Add metadata_options configuration block (support IMDSv2) \ 
(#12491)
resource/aws_launch_template: Add metadata_options configuration block (support \ 
IMDSv2) (#12491)
resource/aws_msk_cluster: Add logging_info configuration block (support \ 
CloudWatch, Firehose, and S3 logging) (#12215)
resource/aws_mq_configuration: Support plan-time validation for engine_type \ 
argument (#11843)
resource/aws_route53_health_check: A dd plan-time validation to \ 
insufficient_data_health_status (#12305)
resource/aws_storagegateway_nfs_file_share: Add path attribute (#12530)
BUG FIXES:

resource/aws_db_instance: Allow restoring from snapshot into RAM shared Subnet \ 
with VPC Security Group (#12447)
resource/aws_mq_configuration: Remove extraneous ListTags API call during \ 
refresh (#11843)
resource/aws_neptune_cluster_instance: Add missing configuring-log-exports as \ 
allowed pending state (#12079)
resource/aws_route53_health_check: Do not recreate health check when using \ 
compressed ipv6 address