Skip to content

Releases: hashicorp/terraform-provider-aws

v2.32.0

10 Oct 20:42
Compare
Choose a tag to compare

NOTES:

  • provider: The underlying Terraform codebase dependency for the provider SDK and acceptance testing framework has been migrated from github.com/hashicorp/terraform to github.com/hashicorp/terraform-plugin-sdk. They are functionality equivalent and this should only impact codebase development to switch imports. For more information see the Terraform Plugin SDK page in the Extending Terraform documentation. (#10367)

ENHANCEMENTS:

  • resource/aws_emr_instance_group: Add configurations_json argument (#10426)

BUG FIXES:

  • provider: Fix session handling to correctly validate and use assume_role credentials (#10379)
  • resource/aws_autoscaling_group: Batch ALB/NLB attachments and detachments by 10 to prevent API and rate limiting errors (#10435)
  • resource/aws_emr_instance_group: Remove terminated instance groups from the Terraform state (#10425)
  • resource/aws_s3_bucket: Prevent infinite deletion recursion with force_destroy argument and object keys with empty "directory" prefixes present since version 2.29.0 (#10388)
  • resource/aws_vpc_endpoint_route_table_association: Fix resource import support (#10454)

v2.31.0

03 Oct 15:42
Compare
Choose a tag to compare

NOTES:

  • resource/aws_lambda_function: Environments using Lambda functions with VPC configurations should upgrade their Terraform AWS Provider to this version or later to appropriately handle the networking changes introduced by the improved VPC networking for AWS Lambda functions deployment. These changes prevent proper deletion of EC2 Subnets and Security Groups for accounts and regions updated to the new Lambda networking infrastructure in older versions of the Terraform AWS Provider. Additional information and configuration workarounds for prior versions can be found in this GitHub issue.

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add tags attribute (#10307)
  • resource/aws_efs_filesystem: Support tag-on-create (#10254)
  • resource/aws_eks_cluster: Add tags argument (#10307)
  • resource/aws_mq_broker: Add encryption_options configuration block (support AWS and customer managed KMS CMKs) (#10276)

BUG FIXES:

  • resource/aws_lb_listener_certificate: Retry CertificateNotFound errors on creation for eventual consistency (#10294)
  • resource/aws_s3_bucket_object: Fix object deletion for non-versioned objects (#10352)
  • resource/aws_security_group: Handle updated ENI description and longer deletion timeframe for new Lambda Hyperplane ENIs (#10114] / [#10347)
  • resource/aws_subnet: Handle updated ENI description and longer deletion timeframe for new Lambda Hyperplane ENIs (#10114] / [#10347)
  • resource/aws_vpc_peering_connection: Ensure allow_remote_vpc_dns_resolution usage works with inter-region peering (#7627)
  • resource/aws_vpc_peering_connection_accepter: Ensure allow_remote_vpc_dns_resolution usage works with inter-region peering (#7627)
  • resource/aws_vpc_peering_connection_options: Ensure allow_remote_vpc_dns_resolution usage works with inter-region peering (#7627)
  • resource/aws_wafregional_web_acl_association: Ensure missing resource triggers state removal (#10216)
  • service/waf: Prevent incorrect Error getting WAF change token errors for API calls that should be retried or specially handled (#10242)
  • service/wafregional: Prevent incorrect Error getting WAF regional change token errors for API calls that should be retried or specially handled (#10242)

v2.30.0

26 Sep 22:57
Compare
Choose a tag to compare

NOTES:

  • provider: The default development, testing, and building of the Terraform AWS Provider binary is now done with Go 1.13. This version of Go now requires macOS 10.11 El Capitan or later and FreeBSD 11.2 or later. Support for previous versions of those operating systems has been discontinued. (#10206)
  • provider: The actual Terraform version running the provider will now be included the AWS Go SDK User-Agent headers for Terraform 0.12 and later. Terraform 0.11 and earlier will use Terraform/0.11+compatible as this information was not accessible in those versions. Previously, the Terraform version in the User-Agent header was based on the github.com/hashicorp/terraform dependency in the provider codebase. (#9570)

ENHANCEMENTS:

  • data-source/aws_cloudtrail_service_account: Support cn-north-1 region (#10134)
  • data-source/aws_elastic_beanstalk_hosted_zone: Support ap-east-1, ap-northeast-3, us-gov-east-1 and us-gov-west-1 regions (#10134)
  • data-source/aws_elb_hosted_zone_id: Support cn-northwest-1 region (#10134)
  • data-source/aws_redshift_service_account: Support ap-northeast-3, cn-north-1, eu-north-1 and me-south-1 regions (#10134)
  • provider: Use real Terraform version in User-Agent header (#9570)
  • resource/aws_appsync_graphql_api: Add additional_authentication_providers configuration blocks (#8587)
  • resource/aws_elastic_beanstalk_environment: Add endpoint_url attribute (#10015)
  • resource/aws_lightsail_static_ip_attachment: Add ip_address attribute (#10109)
  • resource/aws_opsworks_stack: Switch legacy Opsworks client User-Agent to real Terraform version (#10246)
  • resource/aws_sns_topic_policy: Support resource import (#10163)
  • resource/aws_sqs_queue: Support tag-on-create in AWS Commercial regions (#10156)

BUG FIXES:

  • data-source/aws_elb_hosted_zone_id: Correct value for cn-north-1 region (#10134)
  • resource/aws_ec2_client_vpn_endpoint: Ensure missing resource triggers state removal (#10187)
  • resource/aws_instance: Prevent panic when updating credit_specification to empty configuration block (#10212)
  • resource/aws_security_group: Ensure deletion errors are properly raised (#10165)
  • resource/aws_spot_fleet_request: Ensure launch_specification configuration block placement_group argument is passed through to the API when it is specified (#10103)

v2.29.0

20 Sep 17:58
Compare
Choose a tag to compare

ENHANCEMENTS:

  • data-source/aws_s3_bucket_object: Add object_lock_legal_hold_status, object_lock_mode and object_lock_retain_until_date attributes (#9942)
  • resource/aws_glue_job: Add ability to specify python version for pythonshell in glue jobs (#9409)
  • resource/aws_s3_bucket_object: Add force_destroy, object_lock_legal_hold_status, object_lock_mode and object_lock_retain_until_date attributes (#9942)
  • resource/aws_ssm_association: Add import support (#10055)
  • resource/aws_waf_rate_based_rule: Update rate based rule limit for WAF (#9946)
  • resource/aws_wafregional_rate_based_rule: Update rate based rule limit for WAF (#9946)

BUG FIXES:

  • ecs_task_definition_equivalency: Fix a crash if environment name is missing (#10074)

v2.28.1

12 Sep 21:59
Compare
Choose a tag to compare

BUG FIXES:

  • Revert "resource/aws_cloudfront_distribution: Fix active_trusted_signers attribute for Terraform 0.12" (#10093)

v2.28.0

12 Sep 15:20
Compare
Choose a tag to compare

NOTES:

  • resource/aws_cloudfront_distribution: This attribute implemented a legacy Terraform library (flatmap), which does not work with Terraform 0.12's data types and whose only usage was on this single attribute across all Terraform Providers. The attribute now implements (in the closest approximation to the previous implementation) the nested object data into the Terraform state in all Terraform versions. Any references to nested attributes such as active_trusted_signers.enabled will need to be updated to active_trusted_signers.0.enabled. (#10013)

FEATURES:

  • New Data Source: aws_route53_resolver_rule (#9805)
  • New Data Source: aws_route53_resolver_rules (#9805)

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add identity attribute (support getting OIDC issuer URL) (#10006)
  • resource/aws_eks_cluster: Add identity attribute (support getting OIDC issuer URL) (#10006)
  • resource/aws_elasticache_cluster: Support cluster_id validation up to 50 characters (#9941)
  • resource/aws_elasticache_replication_group: Support replication_group_id validation up to 40 characters (#9941)

BUG FIXES:

  • resource/aws_instance: Final retries after timeouts creating and updating instance and getting instance password data
  • resource/aws_cloudfront_distribution: Support accessing active_trusted_signers attribute items in Terraform 0.12 (#10013)
  • resource/aws_cognito_user_pool: Fix perpetual diffs on sms_verification_message (#9758)
  • resource/aws_elasticsearch_domain: Final retries after timeouts creating, updating, and deleting domains (#9892)
  • resource/aws_elasticsearch_domain_policy: Final retries after timeouts upserting and deleting domain policies (#9892)
  • resource/aws_iam_policy_attachment: Revert a change causing errors with policies not being found during attachment (#10063)
  • resource/aws_lightsail_instance: Fixes an issue where 2-character lightsail instance names didn't get validated properly (#10046)

v2.27.0

05 Sep 20:39
Compare
Choose a tag to compare

ENHANCEMENTS:

  • data-source/aws_ecs_cluster: Add setting attribute (#9720)
  • provider: Support AWS C2S and SC2S endpoints (#9998)
  • resource/aws_ecs_cluster: Add setting configuration blocks (support enabling Container Insights) (#9720)
  • resource/aws_kinesis_firehose_delivery_stream: Add server_side_encryption configuration block (support Server Side Encryption) (#6523)

BUG FIXES:

  • resource/aws_s3_bucket: Include any system tags that Terraform ignores when setting S3 bucket tags (#7342)

v2.26.0

29 Aug 20:36
Compare
Choose a tag to compare

FEATURES:

  • New Data Source: aws_elasticsearch_domain (#1867)

BUG FIXES:

  • resource/aws_ec2_capacity_reservation: Fixes error handling when an EC2 Capacity Reservation is deleted manually but is still in state (#9862)
  • resource/aws_s3_bucket: Final retries after timeouts creating, updating and updating replication configuration for s3 buckets (#9861)
  • resource/aws_s3_bucket_inventory: Final retries after timeous reading and putting bucket inventories (#9861)
  • resource/aws_s3_bucket_metric: Final retry after timeout putting bucket metric (#9861)
  • resource/aws_s3_bucket_notification: Final retry after timeout putting notification (#9861)
  • resource/aws_s3_bucket_policy: Final retry after timeout putting policy (#9861)
  • resource/aws_s3_bucket_public_access_block: Final retries after timeouts creating and reading blocks (#9861)

v2.25.0

23 Aug 01:07
Compare
Choose a tag to compare

ENHANCEMENTS:

  • resource/aws_rds_cluster: Support postgresql in plan time validation for enabled_cloudwatch_logs_exports argument (#9740)

BUG FIXES:

  • resource/aws_cloudwatch_event_target: Add default setting for ecs_target task_count (#9773)
  • resource/aws_cloudwatch_log_subscription_filter: Prevent difference when omitting default distribution argument value of ByLogStream (#9265)
  • resource/aws_db_instance: Fix enabling Enhanced Monitoring on update to handle IAM eventual consistency (#9747)
  • resource/aws_elb: Final retries after timeouts creating and updating ELBs (#9765)
  • resource/aws_elb_attachment: Final retry after timout creating ELB attachment (#9765)
  • resource/aws_iam_instance_profile: Final retry after timeout adding role to profile (#9766)
  • resource/aws_iam_policy: Final retry after timeout reading policy (#9766)
  • resource/aws_iam_role: Final retries after timeouts creating and deleting IAM roles (#9766)
  • resource/aws_iam_user: Final retry after timeout deleting user login profile (#9766)
  • resource/aws_inspector_assessment_target: Final retry after timeout deleting target (#9767)
  • resource/aws_internet_gateway: Final retries after timeouts creating, attaching, and deleting gateways (#9779)
  • resource/aws_iot_thing_type: Final retry after timeout deleting IOT thing type (#9780)
  • resource/aws_kinesis_firehose_delivery_stream: Prevent differences with disabled data_format_conversion_configuration and processing_configuration after changes outside Terraform (#9103)
  • resource/aws_launch_configuration: Final retry after timeout creating launch configuration (#9781)
  • resource/aws_lb: Final retry after timeout waiting for network interfaces to detach (#9787)
  • resource/aws_lb_listener_certificate: Final retry after timeout reading listener certificate (#9787)
  • resource/aws_lb_listener_rule: Final retries after timeout reading and creating listener rules (#9787)
  • resource/aws_msk_cluster: Final retries after timeouts creating and deleting clusters (#9793)
  • resource/aws_network_acl: Final retry after timeout deleting ACLs (#9830)
  • resource/aws_network_acl_rule: Final retry after timeout creating ACL rules (#9830)
  • resource/aws_network_acl_rule: Remove resource from Terraform state on InvalidNetworkAclID.NotFound errors (#9710)
  • resource/aws_opsworks_stack: Final retry after timeout creating stack (#9818)
  • resource/aws_rds_cluster_instance: Ensure monitoring_interval and monitoring_role_arn attributes are always written to the Terraform state (#9748)
  • resource/aws_redshift_cluster: Final retry after timeout deleting cluster (#9796)
  • resource/aws_redshift_snapshot_copy_grant: Final retries after timeouts finding and deleting grants (#9796)
  • resource/aws_route: Final retry after timeout creating route (#9797)
  • resource/aws_route_table: Final retry after timeout updating route table (#9797)
  • resource/aws_route_table_association: Final retry after timeout creating route table association (#9797)
  • resource/aws_s3_bucket_object: Allow using SSE-S3 encryption with etag argument (#9442)
  • resource/aws_sagemaker_model: Final retry after timeout deleting model (#9799)
  • resource/aws_sagemaker_notebook_instance: Final retry after timeout updating instance (#9799)
  • resource/aws_security_group: Final retry after timeout deleting security group (#9812)
  • resource/aws_security_group_rule: Final retry after timeout creating security group rule (#9812)
  • resource/aws_sqs_queue: Final retry after timeout creating queue (#9813)
  • resource/aws_sqs_queue_policy: Final retru after timeout updating queue policy (#9813)
  • resource/aws_transfer_server: Final retry after timeout waiting for transfer server deletion (#9815)
  • resource/aws_wafregional_web_acl_association: Final retry after timeout creating association (#9820)
  • service/dynamodb: Final retries after timeouts setting dynamodb tags (#9821)
  • service/sagemaker: Final retries after timeouts setting sagemaker tags (#9821)
  • service/waf: Final retry after timeout getting change token (#9826)
  • service/wafregional: Final retry after timeout getting change token (#9826)

v2.24.0

15 Aug 18:58
Compare
Choose a tag to compare

2.24.0 (August 15, 2019)

FEATURES:

  • New Resource: aws_config_organization_custom_rule (#9716)
  • New Resource: aws_config_organization_managed_rule (#9716)
  • New Resource: aws_fsx_lustre_file_system (#7074] / [#9761)
  • New Resource: aws_fsx_windows_file_system (#7074] / [#9761)
  • New Resource: aws_ram_resource_share_accepter (#8259)

ENHANCEMENTS:

  • resource/aws_codebuild_project: Add artifacts configuration block artifact_identifier argument (#9652)
  • resource/aws_codebuild_project: Add plan time validation for artifacts and secondary_artifacts configuration blocks packaging argument (#9652)
  • resource/aws_rds_cluster: Add multimaster to engine_mode argument validation (support Aurora Multi-Master Clusters) (#9691)
  • resource/aws_rds_cluster_instance: Allow aurora-mysql (MySQL 5.7) engine to enable Performance Insights (#9635)
  • resource/aws_wafregional_regex_match_set: Support resource import (#9699)
  • resource/aws_wafregional_regex_pattern_set: Support resource import (#9712)
  • resource/aws_wafregional_size_constraint_set: Support resource import (#9713)
  • resource/aws_wafregional_sql_injection_match_set: Support resource import (#9717)

BUG FIXES:

  • resource/aws_acm_certificate_validation: Final retries after timeouts creating and checking validation for ACM certificates (#9661)
  • resource/aws_ami: Final retry after timeout reading AMI (#9674)
  • resource/aws_cloudhsm2_cluster: Final retries after timeouts creating, updating, and deleting CloudHSM clusters (#9675)
  • resource/aws_cloudhsm2_hsm: Final retries after timeouts creating and deleting CloudHSM modules (#9675)
  • resource/aws_cloudtrail: Final retries after timeouts creating and updating cloudtrails (#9678)
  • resource/aws_codebuild_project: Final retries after timeouts creating and updating codebuild projects (#9682)
  • resource/aws_codebuild_project: Properly perform drift detection and updates for secondary_artifacts configuration block arguments (except name which will require a separate fix) (#9652)
  • resource/aws_codedeploy_deployment_group: Final retries after timeouts creating and updating deployment groups (#9682)
  • resource/aws_codepipeline: Final retry after timeout creating codepipeline (#9682)
  • resource/aws_cognito_user_pool: Final retries after timeouts creating and updating Cognito user pools (#9684)
  • resource/aws_db_instance: Fix enabling Performance Insights on update without Performance Insights KMS Key ID (#9745)
  • resource/aws_dms_endpoint: Final retry after timeout creating DMS endpoint (#9695)
  • resource/aws_docdb_cluster_instance: Final retries after timeouts creating and updating DocDB cluster instances (#9696)
  • resource/aws_docdb_cluster_parameter_group: Final retry after timeout deleting DocDB cluster parameter groups (#9696)
  • resource/aws_docdb_subnet_group: Final retry after timeout deleting DocDB subnet groups (#9696)
  • resource/aws_dynamodb_table: Final retries after timeouts creating, updating, and deleting DynamoDB tables (#9697)
  • resource/aws_ebs_snapshot: Final retries after timeouts creating, deleting or waiting for available EBS snapshots (#9698)
  • resource/aws_ebs_snapshot_copy: Final retry after timeout deleting EBS snapshot copies (#9698)
  • resource/aws_ecs_cluster: Final retries after timeouts reading and deleting ECS cluster (#9704)
  • resource/aws_ecs_service: Final retries after timeouts creating, updating, and deleting ECS service (#9704)
  • resource/aws_eip: Final retries after timeouts reading, updating, and deleting EIPs (#9728)
  • resource/aws_eip_association: Final retry after timeout creating EIP association (#9728)
  • resource/aws_eks_cluster: Final retry after timeout creating EKS cluster (#9729)
  • resource/aws_elastic_beanstalk_application: Final retries after timeouts reading and deleting beanstalk applications (#9731)
  • resource/aws_gamelift_build: Final retry after timeout creating gamelift build (#9752)
  • resource/aws_gamelift fleet: Final retry after timeout deleting gamelift fleet (#9752)
  • resource/aws_glue_crawler: Final retry after timeout creating glue crawler (#9753)
  • resource/aws_guardduty_member: Final retry after timeout waiting for email invitation (#9757)
  • resource/aws_lb_target_group_attachment: Perform drift detection on attachments using target health description (trigger resource recreation for manually deregistered attachments) (#9610)
  • resource/aws_vpn_gateway: Retry after timeouts attaching and deleting VPN gateways, and retrying attachment after pending VPN errors (#9641)