v2.56.0

NOTES:

• resource/aws_emr_cluster: The bug fix in this release will potentially re-create EMR Clusters with multiple bootstrap actions, since bootstrap actions cannot be modified in place. To avoid re-creation, temporarily add the ignore_changes lifecycle configuration argument and/or update the order in your Terraform configuration.

ENHANCEMENTS:

• data-source/aws_launch_template: Add hibernation_options attribute (#12492)
• resource/aws_codepipeline: Adds cross-region action support (#12549)
• resource/aws_dx_connection: Support 2Gbps and 5Gbps values in plan-time validation for bandwidth argument (#12559)
• resource/aws_dx_lag: Support 2Gbps and 5Gbps values in plan-time validation for bandwidth argument (#12559)
• resource/aws_elastic_transcoder_preset: Support plan-time validation for role argument (#12575)
• resource/aws_kms_grant: Support resource import (#11991)
• resource/aws_launch_template: Add hibernation_options configuration block (#12492)

BUG FIXES:

• resource/aws_codedeploy_deployment_group: Fix blue_green_deployment_config updates for ECS (#11885)
• resource/aws_emr_cluster: Now properly sets the order when multiple bootstrap actions are defined
• resource/aws_kms_grant: Remove resource from Terraform state instead of error if removed outside Terraform (#12560)
• resource/aws_s3_bucket: Prevent various panics with empty configuration blocks (#12614)
• resource/aws_volume_attachment: Ensure any error is shown while waiting for volume to detach (#12596)

v2.55.0

FEATURES:

• New Resource: aws_ec2_availability_zone_group (#12400)

ENHANCEMENTS:

• data-source/aws_availability_zone: Add all_availability_zones and filter arguments (#12400)
• data-source/aws_availability_zone: Add group_name, network_border_group, and opt_in_status attributes (#12400)
• data-source/aws_availability_zones: Add all_availability_zones and filter arguments (#12400)
• data-source/aws_availability_zones: Add group_names attribute (#12400)
• data-source/aws_ec2_transit_gateway_dx_gateway_attachement: Add filter and tags arguments (#12516)
• data-source/aws_ec2_transit_gateway_vpn_attachment: Add filter and tags arguments (#12415)
• data-source/aws_instance: Add metadata_options attribute (#12491)
• data-source/aws_launch_template: Add filter and tags arguments (#12403)
• data-source/aws_launch_template: Add metadata_options attribute (#12491)
• data-source/aws_prefix_list: Add filter argument (#12416)
• data-source/aws_vpc_endpoint_service: Add filter and tags arguments (#12404)
• resource/aws_athena_workgroup: Add force_destroy argument (#12254)
• resource/aws_cloudwatch_log_metric_filter: Support resource import (#11992)
• resource/aws_flow_log: Add max_aggregation_interval argument (#12483)
• resource/aws_instance: Add metadata_options configuration block (support IMDSv2) (#12491)
• resource/aws_launch_template: Add metadata_options configuration block (support IMDSv2) (#12491)
• resource/aws_msk_cluster: Add logging_info configuration block (support CloudWatch, Firehose, and S3 logging) (#12215)
• resource/aws_mq_configuration: Support plan-time validation for engine_type argument (#11843)
• resource/aws_route53_health_check: A dd plan-time validation to insufficient_data_health_status (#12305)
• resource/aws_storagegateway_nfs_file_share: Add path attribute (#12530)

BUG FIXES:

• resource/aws_db_instance: Allow restoring from snapshot into RAM shared Subnet with VPC Security Group (#12447)
• resource/aws_mq_configuration: Remove extraneous ListTags API call during refresh (#11843)
• resource/aws_neptune_cluster_instance: Add missing configuring-log-exports as allowed pending state (#12079)
• resource/aws_route53_health_check: Do not recreate health check when using compressed ipv6 address (#12305)

v2.54.0

FEATURES:

• New Resource: aws_kinesis_video_stream (#8291)
• New Resource: aws_securityhub_member (#6975)

ENHANCEMENTS:

• data-source/aws_iam_role: Add tags attribute (#12349)
• data-source/aws_lb: Add drop_invalid_header_fields attribute (#11257)
• provider: Support AWS shared configuration file duration_seconds setting for assume role (#12359)
• resource/aws_backup_plan: Support resource import (#12381)
• resource/aws_cognito_user_pool: Add email_configuration configuration block from_email_address argument (#11607)
• resource/aws_cognito_user_pool: Add username_configuration configuration block (Support case insensitive usernames) (#12317)
• resource/aws_cognito_user_pool_client: Add analytics_configuration configuration block (Support Pinpoint analytics) (#11762)
• resource/aws_cognito_user_pool_client: Add prevent_user_existence_errors argument (#11604)
• resource/aws_dlm_lifecycle_policy: Support plan-time validation for 1 hour schedules in policy_details schedule create_rule interval argument (#12327)
• resource/aws_inspector_assessment_template: Add tags argument (#12375)
• resource/aws_inspector_assessment_template: Support resource import (#12375)
• resource/aws_lambda_function: Support plan-time validation for handler argument (#12411)
• resource/aws_lb: Add drop_invalid_header_fields argument (#11257)
• resource/aws_nat_gateway: Support tag-on-create (#12347)
• resource/aws_opsworks_application: Support resource import (#12383)
• resource/aws_opsworks_application: Add plan-time validation to data_source_arn and data_source_type arguments and app_source configuration block type argument (#12383)
• resource/aws_opsworks_custom_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_opsworks_ganglia_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_opsworks_haproxy_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_opsworks_java_app_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_opsworks_memcached_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_opsworks_mysql_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_opsworks_nodejs_app_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_opsworks_php_app_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_opsworks_rails_app_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_opsworks_static_web_layer: Add tags argument, arn attribute, and plan-time validation to custom_instance_profile_arn argument (#11667)
• resource/aws_vpc_dhcp_options_association: Support resource import (#7252)

BUG FIXES:

• resource/aws_api_gateway_rest_api: Ignore ordering differences for endpoint_configuration configuration block vpc_endpoint_ids argument (#12350)
• resource/aws_backup_selection: Automatically retry on additional IAM Role eventual consistency error (#10687)
• resource/aws_backup_vault: Remove resource from Terraform state when deleted outside Terraform (#11845)
• resource/aws_cognito_user_pool_client: Ignore ordering differences for callback_urls, logout_urls, and supported_identity_providers arguments (#12388)
• resource/aws_ebs_snapshot_copy: Return API errors instead of panic if unable to read snapshot (#12283)
• resource/aws_kinesis_stream: Ensure kms_key_id argument in-place updates complete successfully (#12008)
• resource/aws_lambda_alias: Propose resource recreation for function_name argument updates (#11170)
• resource/aws_opsworks_application: Mark app_source configuration block ssh_key argument as sensitive (#11984)
• resource/aws_opsworks_stack: Mark custom_cookbooks_source configuration block ssh_key argument as sensitive (#11984)
• resource/aws_s3_bucket: Retry NoSuchBucket error when setting tags during resource creation (#12418)

v2.53.0

NOTES:

• resource/aws_cognito_user_pool: The addition of Software Token MFA support required the use of new GetUserPoolMfaConfig and SetUserPoolMfaConfig API calls. Restrictive IAM permissions for Terraform may require updates. (#12358)

FEATURES:

• New Resource: aws_apigatewayv2_api (#8842)

ENHANCEMENTS:

• resource/aws_appsync_graphql_api: Add xray_enabled argument (#11972)
• resource/aws_cloud9_environment_ec2: Add tags argument (#12132)
• resource/aws_cognito_user_pool: Add software_token_mfa_configuration configuration block (Support Time-based One-Time Password (TOTP) Multi-Factor Authentication) (#12358)
• resource/aws_ec2_traffic_mirror_filter: Add tags argument (#12133)
• resource/aws_ec2_traffic_mirror_session: Add tags argument (#12134)
• resource/aws_ec2_traffic_mirror_target: Add tags argument and network_load_balancer_arn plan-time validation (#12135)
• resource/aws_flow_log: Add tags argument (#12273)
• resource/aws_flow_log: Add iam_role_arn and log_destination plan-time validation (#12273)
• resource/aws_globalaccelerator_accelerator: Add tags argument (#12309)
• resource/aws_vpc_endpoint: Support tag-on-create (#12288)
• resource/aws_vpc_endpoint_service: Support tag-on-create and add network_load_balancer_arns plan-time validation (#12290)

BUG FIXES:

• resource/aws_vpn_gateway: Automatically retry on DetachVpnGateway calls receiving InvalidParameterValue: This call cannot be completed because there are pending VPNs or Virtual Interfaces (#11720)
• resource/aws_vpn_gateway_attachment: Automatically retry on DetachVpnGateway calls receiving InvalidParameterValue: This call cannot be completed because there are pending VPNs or Virtual Interfaces (#11720)

v2.52.0

FEATURES:

• New Data Source: aws_ec2_instance_type_offering (#12139)
• New Data Source: aws_ec2_instance_type_offerings (#12139)

ENHANCEMENTS:

• resource/aws_eks_cluster: Add encryption_config configuration block (#12280)
• resource/aws_globalaccelerator_accelerator: Add dns_name and hosted_zone_id attributes (#11670)
• resource/aws_lb_target_group: Add load_balancing_algorithm_type argument (support Least Outstanding Requests algorithm for Application Load Balancers) (#11141)
• resource/aws_s3_bucket: Add grant to implement ACL policy grants (#3728)

BUG FIXES:

• resource/aws_iam_service_linked_role: Allow aws_service_name argument validation to accept values in AWS partitions outside AWS Commercial and AWS GovCloud (US) (#11919)
• resource/aws_lambda_function_event_invoke_config: Retry on additional IAM eventual consistency error with SNS Topic destinations (#12171)
• resource/aws_media_store_container: Prevent ValidationException error on creation when no tags are configured (#12170)

v2.51.0

FEATURES:

• New Data Source: aws_sfn_activity (#11080)
• New Data Source: aws_sfn_state_machine (#10932)
• New Resource: aws_ec2_traffic_mirror_filter (#9372)
• New Resource: aws_ec2_traffic_mirror_filter_rule (#9372)
• New Resource: aws_ec2_traffic_mirror_session (#9372)
• New Resource: aws_ec2_traffic_mirror_target (#9372)
• New Resource: aws_s3_access_point (#11276)

ENHANCEMENTS:

• data-source/aws_lambda_layer_version: Support plan-time validation for compatible_runtime argument ruby2.7 value (#12116)
• resource/aws_dx_hosted_private_virtual_interface: Add amazon_side_asn attribute (#11415)
• resource/aws_dx_hosted_public_virtual_interface: Add amazon_side_asn attribute (#11415)
• resource/aws_dx_hosted_transit_virtual_interface: Add amazon_side_asn attribute (#11415)
• resource/aws_dx_private_virtual_interface: Add amazon_side_asn attribute (#11415)
• resource/aws_dx_public_virtual_interface: Add amazon_side_asn attribute (#11415)
• resource/aws_dx_transit_virtual_interface: Add amazon_side_asn attribute (#11415)
• resource/aws_glub_job: Add notification_property configuration block (#12115)
• resource/aws_lambda_event_source_mapping: Add bisect_batch_on_function_error, maximum_record_age_in_seconds, maximum_retry_attempts, and parallelization_factor arguments (#11100)
• resource/aws_lambda_event_source_mapping: Add destination_config configuration block (#11100)
• resource/aws_lambda_function: Support plan-time validation for runtime argument ruby2.7 value (#12116)
• resource/aws_lambda_layer_version: Support plan-time validation for compatible_runtimes argument ruby2.7 value (#12116)
• resource/aws_msk_cluster: Support in-place updates to enhanced_monitoring and number_of_broker_nodes arguments (#11451)
• resource/aws_msk_cluster: Add open_monitoring configuration block (support Prometheus monitoring configuration) (#11451)

BUG FIXES:

• resource/aws_workspaces_directory: Prevent panic and remove resource from Terraform state if removed outside Terraform (#11837)

v2.50.0

NOTES:

• resource/aws_lambda_function: The publish argument now will also publish versions for configuration updates. This is accomplished via a separate PublishVersion API call, where before the publishing only occured via the Publish parameter of the UpdateFunctionCode API call. Restrictive IAM permissions for Terraform may require updates. (#11211)
• resource/aws_ram_resource_share_accepter: The status attribute now reflects the status of the RAM Resource Share and not the RAM Resource Share Invitation (which expires after 7 days). (#11562)

FEATURES:

• New Data Source: aws_lambda_alias (#9490)

ENHANCEMENTS:

• resource/aws_appmesh_route: Add priority and header attributes to support route priorities and HTTP header-based routing (#10402)
• resource/aws_iam_access_key: Add ses_smtp_password_v4 attribute (add per-region SigV4 support) (#11144)
• resource/aws_security_group: Support import of name_prefix argument (#12052)
• resource/aws_transfer_server: Add host_key argument and host_key_fingerprint attribute (#8913)

BUG FIXES:

• resource/aws_lambda_function: If publish argument is enabled, also publish new versions on function configuration-only updates in addition to function code updates (#11211)
• resource/aws_lambda_permission: Fix error when Lambda permission is deleted out-of-band (#11924)
• resource/aws_ram_resource_share_accepter: Fix read operations after the RAM Resource Share Invitation is no longer present after 7 days (#11562)

v2.49.0

FEATURES:

• New Resource: aws_codestarnotifications_notification_rule (#10991)
• New Resource: aws_s3_bucket_analytics_configuration (#11874)

ENHANCEMENTS:

• data-source/aws_api_gateway_rest_api: Add api_key_source, arn, binary_media_types, description, endpoint_configuration, execution_arn, minimum_compression_size, policy, and tags attributes (#10971)
• resource/aws_db_instance: Support agent value in enable_cloudwatch_logs_exports argument plan-time validation (Support MSSQL agent log) (#11472)
• resource/aws_db_instance: Add delete_automated_backups argument (#8461)
• resource/aws_gamelift_fleet: Add tags argument (#11559)
• resource/aws_instance: Add hibernation argument (#6961)
• resource/aws_launch_template: Add cpu_options configuration block (support disabling multithreading) (#6552)
• resource/aws_neptune_cluster: Add enable_cloudwatch_logs_exports argument (support audit logging) (#11949)
• resource/aws_neptune_cluster: Add deletion_protection argument (#11731)
• resource/aws_rds_global_database: Support aurora-mysql value in engine argument plan-time validation (Support Aurora MySQL 5.7) (#11790)

BUG FIXES:

• data-source/aws_route53_zone: Fixes regression from version 2.48.0 when filtering using tags (#11953)
• resource/aws_batch_job_definition: Prevent extraneous differences with container_properties argument missing environment, mountPoints, ulimits, and volumes configuration (#12000)
• resource/aws_cognito_user_pool: Allow admin_create_user_config configuration block unused_account_validity_days argument to be omitted (#12001)
• resource/aws_launch_configuration: Fixes regression from version 2.23.0 with instance store AMIs returning an unexpected error (#9810)
• resource/aws_launch_configuration: Fixes regression from version 2.23.0 to allow missing EC2 Image during root block device lookup (#12009)
• resource/aws_route53_record: The artificial, hardcoded five minute timeouts for creation and deletions have been removed in preference of the default AWS Go SDK retrying logic (#11895)

v2.48.0

NOTES:

• resource/aws_organizations_policy_attachment: The underlying API calls have switched from ListPoliciesForTarget to ListTargetsForPolicy. Restrictive IAM Policies for Terraform execution may require updates. (#11612)

FEATURES:

• New Data Source: aws_ssm_patch_baseline (#9486)
• New Resource: aws_datasync_location_smb (#10381)

ENHANCEMENTS:

• resource/aws_batch_job_definition: Support resource import (#11407)
• resource/aws_codebuild_project: Add source and secondary_source configuration block git_submodules_config configuration block (#10952)
• resource/aws_codebuild_project: Add source configuration block source_version argument (#9877)
• resource/aws_elasticache_cluster: Add computed flag for port property and set to true (#10017)
• resource/aws_fsx_lustre_file_system: Lower minimum storage_capacity argument validation to 1200 to match API updates (#11847)
• resource/aws_organizations_policy: Support type argument TAG_POLICY value in plan-time validation (#11612)
• resource/aws_organizations_policy_attachment: Support tag policies (#11612)

BUG FIXES:

• resource/aws_appautoscaling_target: Prevent state removal of resource immediately after creation due to eventual consistency (#11819)
• resource/aws_appautoscaling_target: Automatically retry creation on ValidationException: ECS service doesn't exist for ECS eventual consistency (#11693)
• resource/aws_batch_job_definition: Properly set container_properties and name into Terraform state and perform drift detection (#11488)
• resource/aws_cloudformation_stack_set: Wait for update operation completion (default timeout of 30 minutes) and report any errors (#11726)
• resource/aws_cloudwatch_log_stream: Prevent state removal of resource immediately after creation due to eventual consistency (#11617)
• resource/aws_codedeploy_deployment_group: Fixes unexpected behaviour when removing block attributes (#11648)
• resource/aws_default_security_group: Ensure description attribute is written into Terraform state (#11650)
• resource/aws_dynamodb_table: Skip ResourceNotFoundException error during deletion (#11692)
• resource/aws_ec2_client_vpn_endpoint: Ensure dns_servers attribute is refreshed in Terraform state (#11889)
• resource/aws_ecs_cluster: Delay check of ECS Cluster status during creation for ECS eventual consistency (#11701)
• resource/aws_kinesis_firehose_delivery_stream: Allow processors to be cleared from extended S3 configuration (#11649)
• resource/aws_network_acl_rule: Trigger resource recreation instead of error when same number rule (but opposite ingress/egress) is removed (#11544)
• resource/aws_placement_group: Additional handling for creation and deletion eventual consistency (#11671)
• resource/aws_s3_bucket: Retry read after creation for 404 status code and prevent 2 minute delay for triggering recreation on existing resources deleted outside Terraform (#11894)

v2.47.0

NOTES:

• resource/aws_efs_file_system: Tagging API calls have been refactored to the AWS standardized TagResource and UntagResource API calls (from CreateTags and DeleteTags respectively). Restrictive IAM Policies for Terraform execution may require updates. (#11654)

ENHANCEMENTS:

• data-source/aws_api_gateway_vpc_link: Add description, status, status_message, tags, and target_arns attributes (#10822)
• data-source/aws_dynamodb_table: Add server_side_encryption kms_key_arn attribute (#11081)
• data-source/aws_efs_file_system: Add lifecycle_policy, provisioned_throughput_in_mibps, and throughput_mode attributes (#11647)
• data-source/aws_kms_key: Add customer_master_key_spec attribute (#11062)
• resource/aws_dynamodb_table: Add server_side_encryption configuration block kms_key_arn argument (support customer managed CMKs for server-side encryption) (#11081)
• resource/aws_dynamodb_table: Support in-place updates for server_side_encryption configurations (#11081)
• resource/aws_elasticsearch_domain: Add domain_endpoint_options configuration block (support enforcing HTTPS) (#10430)
• resource/aws_gamelift_fleet: Add fleet_type argument (support Spot Fleets) (#8234)
• resource/aws_kms_key: Add customer_master_key_spec argument and plan-time validation support for key_usage value SIGN_VERIFY (support asymmetric keys) (#11062)
• resource/aws_sagemaker_notebook_instance: Add direct_internet_access argument (#8618)
• resource/aws_ssm_activation: Add automation_target_parameter_name argument (#11755)
• resource/aws_ssm_document: Add target_type argument (#11479)
• resource/aws_ssm_maintenance_window: Add description argument (#11478)
• resource/aws_storagegateway_gateway: Add cloudwatch_log_group_arn argument (#10939)

BUG FIXES:

• data-source/aws_api_gateway_rest_api: Fixes root_resource_id not being set on correctly when REST API contains more than 25 resources (#11705)
• resource/aws_cloudwatch_log_subscription_filter: Perform eventual consistency retries on update (#11739)
• resource/aws_cognito_user_pool: Deprecate unused_account_validity_days argument and add support for temporary_password_validity_days argument (#10890)
• resource/aws_elasticsearch_domain: Automatically retry resource creation on additional error messages relating to eventual consistency (#11663)
• resource/aws_elasticsearch_domain: Ensure in-place version upgrade is fully successful before returning (#11793)
• resource/aws_emr_instance_group: Wait for RUNNING status on creation (#11688)
• resource/aws_ssm_activation: Properly trigger resource recreation when deleted outside Terraform (#11658)
• resource/aws_ssm_parameter: Prevent KeyId error when switching type value from SecureString to String (#10819)
• service/efs: Generate proper dns_name attribute hostname suffix in AWS China, AWS C2S, and AWS SC2S partitions (#11746)