Releases: hashicorp/terraform-provider-aws
Releases · hashicorp/terraform-provider-aws
v2.32.0
NOTES:
- provider: The underlying Terraform codebase dependency for the provider SDK and acceptance testing framework has been migrated from
github.com/hashicorp/terraform
togithub.com/hashicorp/terraform-plugin-sdk
. They are functionality equivalent and this should only impact codebase development to switch imports. For more information see the Terraform Plugin SDK page in the Extending Terraform documentation. (#10367)
ENHANCEMENTS:
- resource/aws_emr_instance_group: Add
configurations_json
argument (#10426)
BUG FIXES:
- provider: Fix session handling to correctly validate and use assume_role credentials (#10379)
- resource/aws_autoscaling_group: Batch ALB/NLB attachments and detachments by 10 to prevent API and rate limiting errors (#10435)
- resource/aws_emr_instance_group: Remove terminated instance groups from the Terraform state (#10425)
- resource/aws_s3_bucket: Prevent infinite deletion recursion with
force_destroy
argument and object keys with empty "directory" prefixes present since version 2.29.0 (#10388) - resource/aws_vpc_endpoint_route_table_association: Fix resource import support (#10454)
v2.31.0
NOTES:
- resource/aws_lambda_function: Environments using Lambda functions with VPC configurations should upgrade their Terraform AWS Provider to this version or later to appropriately handle the networking changes introduced by the improved VPC networking for AWS Lambda functions deployment. These changes prevent proper deletion of EC2 Subnets and Security Groups for accounts and regions updated to the new Lambda networking infrastructure in older versions of the Terraform AWS Provider. Additional information and configuration workarounds for prior versions can be found in this GitHub issue.
ENHANCEMENTS:
- data-source/aws_eks_cluster: Add
tags
attribute (#10307) - resource/aws_efs_filesystem: Support tag-on-create (#10254)
- resource/aws_eks_cluster: Add
tags
argument (#10307) - resource/aws_mq_broker: Add
encryption_options
configuration block (support AWS and customer managed KMS CMKs) (#10276)
BUG FIXES:
- resource/aws_lb_listener_certificate: Retry
CertificateNotFound
errors on creation for eventual consistency (#10294) - resource/aws_s3_bucket_object: Fix object deletion for non-versioned objects (#10352)
- resource/aws_security_group: Handle updated ENI description and longer deletion timeframe for new Lambda Hyperplane ENIs (#10114] / [#10347)
- resource/aws_subnet: Handle updated ENI description and longer deletion timeframe for new Lambda Hyperplane ENIs (#10114] / [#10347)
- resource/aws_vpc_peering_connection: Ensure
allow_remote_vpc_dns_resolution
usage works with inter-region peering (#7627) - resource/aws_vpc_peering_connection_accepter: Ensure
allow_remote_vpc_dns_resolution
usage works with inter-region peering (#7627) - resource/aws_vpc_peering_connection_options: Ensure
allow_remote_vpc_dns_resolution
usage works with inter-region peering (#7627) - resource/aws_wafregional_web_acl_association: Ensure missing resource triggers state removal (#10216)
- service/waf: Prevent incorrect
Error getting WAF change token
errors for API calls that should be retried or specially handled (#10242) - service/wafregional: Prevent incorrect
Error getting WAF regional change token
errors for API calls that should be retried or specially handled (#10242)
v2.30.0
NOTES:
- provider: The default development, testing, and building of the Terraform AWS Provider binary is now done with Go 1.13. This version of Go now requires macOS 10.11 El Capitan or later and FreeBSD 11.2 or later. Support for previous versions of those operating systems has been discontinued. (#10206)
- provider: The actual Terraform version running the provider will now be included the AWS Go SDK
User-Agent
headers for Terraform 0.12 and later. Terraform 0.11 and earlier will useTerraform/0.11+compatible
as this information was not accessible in those versions. Previously, the Terraform version in theUser-Agent
header was based on the github.com/hashicorp/terraform dependency in the provider codebase. (#9570)
ENHANCEMENTS:
- data-source/aws_cloudtrail_service_account: Support
cn-north-1
region (#10134) - data-source/aws_elastic_beanstalk_hosted_zone: Support
ap-east-1
,ap-northeast-3
,us-gov-east-1
andus-gov-west-1
regions (#10134) - data-source/aws_elb_hosted_zone_id: Support
cn-northwest-1
region (#10134) - data-source/aws_redshift_service_account: Support
ap-northeast-3
,cn-north-1
,eu-north-1
andme-south-1
regions (#10134) - provider: Use real Terraform version in User-Agent header (#9570)
- resource/aws_appsync_graphql_api: Add
additional_authentication_providers
configuration blocks (#8587) - resource/aws_elastic_beanstalk_environment: Add
endpoint_url
attribute (#10015) - resource/aws_lightsail_static_ip_attachment: Add
ip_address
attribute (#10109) - resource/aws_opsworks_stack: Switch legacy Opsworks client User-Agent to real Terraform version (#10246)
- resource/aws_sns_topic_policy: Support resource import (#10163)
- resource/aws_sqs_queue: Support tag-on-create in AWS Commercial regions (#10156)
BUG FIXES:
- data-source/aws_elb_hosted_zone_id: Correct value for
cn-north-1
region (#10134) - resource/aws_ec2_client_vpn_endpoint: Ensure missing resource triggers state removal (#10187)
- resource/aws_instance: Prevent panic when updating
credit_specification
to empty configuration block (#10212) - resource/aws_security_group: Ensure deletion errors are properly raised (#10165)
- resource/aws_spot_fleet_request: Ensure
launch_specification
configuration blockplacement_group
argument is passed through to the API when it is specified (#10103)
v2.29.0
ENHANCEMENTS:
- data-source/aws_s3_bucket_object: Add
object_lock_legal_hold_status
,object_lock_mode
andobject_lock_retain_until_date
attributes (#9942) - resource/aws_glue_job: Add ability to specify python version for pythonshell in glue jobs (#9409)
- resource/aws_s3_bucket_object: Add
force_destroy
,object_lock_legal_hold_status
,object_lock_mode
andobject_lock_retain_until_date
attributes (#9942) - resource/aws_ssm_association: Add import support (#10055)
- resource/aws_waf_rate_based_rule: Update rate based rule limit for WAF (#9946)
- resource/aws_wafregional_rate_based_rule: Update rate based rule limit for WAF (#9946)
BUG FIXES:
- ecs_task_definition_equivalency: Fix a crash if environment name is missing (#10074)
v2.28.1
v2.28.0
NOTES:
- resource/aws_cloudfront_distribution: This attribute implemented a legacy Terraform library (flatmap), which does not work with Terraform 0.12's data types and whose only usage was on this single attribute across all Terraform Providers. The attribute now implements (in the closest approximation to the previous implementation) the nested object data into the Terraform state in all Terraform versions. Any references to nested attributes such as
active_trusted_signers.enabled
will need to be updated toactive_trusted_signers.0.enabled
. (#10013)
FEATURES:
- New Data Source:
aws_route53_resolver_rule
(#9805) - New Data Source:
aws_route53_resolver_rules
(#9805)
ENHANCEMENTS:
- data-source/aws_eks_cluster: Add
identity
attribute (support getting OIDC issuer URL) (#10006) - resource/aws_eks_cluster: Add
identity
attribute (support getting OIDC issuer URL) (#10006) - resource/aws_elasticache_cluster: Support
cluster_id
validation up to 50 characters (#9941) - resource/aws_elasticache_replication_group: Support
replication_group_id
validation up to 40 characters (#9941)
BUG FIXES:
- resource/aws_instance: Final retries after timeouts creating and updating instance and getting instance password data
- resource/aws_cloudfront_distribution: Support accessing
active_trusted_signers
attributeitems
in Terraform 0.12 (#10013) - resource/aws_cognito_user_pool: Fix perpetual diffs on
sms_verification_message
(#9758) - resource/aws_elasticsearch_domain: Final retries after timeouts creating, updating, and deleting domains (#9892)
- resource/aws_elasticsearch_domain_policy: Final retries after timeouts upserting and deleting domain policies (#9892)
- resource/aws_iam_policy_attachment: Revert a change causing errors with policies not being found during attachment (#10063)
- resource/aws_lightsail_instance: Fixes an issue where 2-character lightsail instance names didn't get validated properly (#10046)
v2.27.0
ENHANCEMENTS:
- data-source/aws_ecs_cluster: Add
setting
attribute (#9720) - provider: Support AWS C2S and SC2S endpoints (#9998)
- resource/aws_ecs_cluster: Add
setting
configuration blocks (support enabling Container Insights) (#9720) - resource/aws_kinesis_firehose_delivery_stream: Add
server_side_encryption
configuration block (support Server Side Encryption) (#6523)
BUG FIXES:
- resource/aws_s3_bucket: Include any system tags that Terraform ignores when setting S3 bucket tags (#7342)
v2.26.0
FEATURES:
- New Data Source:
aws_elasticsearch_domain
(#1867)
BUG FIXES:
- resource/aws_ec2_capacity_reservation: Fixes error handling when an EC2 Capacity Reservation is deleted manually but is still in state (#9862)
- resource/aws_s3_bucket: Final retries after timeouts creating, updating and updating replication configuration for s3 buckets (#9861)
- resource/aws_s3_bucket_inventory: Final retries after timeous reading and putting bucket inventories (#9861)
- resource/aws_s3_bucket_metric: Final retry after timeout putting bucket metric (#9861)
- resource/aws_s3_bucket_notification: Final retry after timeout putting notification (#9861)
- resource/aws_s3_bucket_policy: Final retry after timeout putting policy (#9861)
- resource/aws_s3_bucket_public_access_block: Final retries after timeouts creating and reading blocks (#9861)
v2.25.0
ENHANCEMENTS:
- resource/aws_rds_cluster: Support
postgresql
in plan time validation forenabled_cloudwatch_logs_exports
argument (#9740)
BUG FIXES:
- resource/aws_cloudwatch_event_target: Add default setting for ecs_target task_count (#9773)
- resource/aws_cloudwatch_log_subscription_filter: Prevent difference when omitting default
distribution
argument value ofByLogStream
(#9265) - resource/aws_db_instance: Fix enabling Enhanced Monitoring on update to handle IAM eventual consistency (#9747)
- resource/aws_elb: Final retries after timeouts creating and updating ELBs (#9765)
- resource/aws_elb_attachment: Final retry after timout creating ELB attachment (#9765)
- resource/aws_iam_instance_profile: Final retry after timeout adding role to profile (#9766)
- resource/aws_iam_policy: Final retry after timeout reading policy (#9766)
- resource/aws_iam_role: Final retries after timeouts creating and deleting IAM roles (#9766)
- resource/aws_iam_user: Final retry after timeout deleting user login profile (#9766)
- resource/aws_inspector_assessment_target: Final retry after timeout deleting target (#9767)
- resource/aws_internet_gateway: Final retries after timeouts creating, attaching, and deleting gateways (#9779)
- resource/aws_iot_thing_type: Final retry after timeout deleting IOT thing type (#9780)
- resource/aws_kinesis_firehose_delivery_stream: Prevent differences with disabled
data_format_conversion_configuration
andprocessing_configuration
after changes outside Terraform (#9103) - resource/aws_launch_configuration: Final retry after timeout creating launch configuration (#9781)
- resource/aws_lb: Final retry after timeout waiting for network interfaces to detach (#9787)
- resource/aws_lb_listener_certificate: Final retry after timeout reading listener certificate (#9787)
- resource/aws_lb_listener_rule: Final retries after timeout reading and creating listener rules (#9787)
- resource/aws_msk_cluster: Final retries after timeouts creating and deleting clusters (#9793)
- resource/aws_network_acl: Final retry after timeout deleting ACLs (#9830)
- resource/aws_network_acl_rule: Final retry after timeout creating ACL rules (#9830)
- resource/aws_network_acl_rule: Remove resource from Terraform state on
InvalidNetworkAclID.NotFound
errors (#9710) - resource/aws_opsworks_stack: Final retry after timeout creating stack (#9818)
- resource/aws_rds_cluster_instance: Ensure
monitoring_interval
andmonitoring_role_arn
attributes are always written to the Terraform state (#9748) - resource/aws_redshift_cluster: Final retry after timeout deleting cluster (#9796)
- resource/aws_redshift_snapshot_copy_grant: Final retries after timeouts finding and deleting grants (#9796)
- resource/aws_route: Final retry after timeout creating route (#9797)
- resource/aws_route_table: Final retry after timeout updating route table (#9797)
- resource/aws_route_table_association: Final retry after timeout creating route table association (#9797)
- resource/aws_s3_bucket_object: Allow using SSE-S3 encryption with
etag
argument (#9442) - resource/aws_sagemaker_model: Final retry after timeout deleting model (#9799)
- resource/aws_sagemaker_notebook_instance: Final retry after timeout updating instance (#9799)
- resource/aws_security_group: Final retry after timeout deleting security group (#9812)
- resource/aws_security_group_rule: Final retry after timeout creating security group rule (#9812)
- resource/aws_sqs_queue: Final retry after timeout creating queue (#9813)
- resource/aws_sqs_queue_policy: Final retru after timeout updating queue policy (#9813)
- resource/aws_transfer_server: Final retry after timeout waiting for transfer server deletion (#9815)
- resource/aws_wafregional_web_acl_association: Final retry after timeout creating association (#9820)
- service/dynamodb: Final retries after timeouts setting dynamodb tags (#9821)
- service/sagemaker: Final retries after timeouts setting sagemaker tags (#9821)
- service/waf: Final retry after timeout getting change token (#9826)
- service/wafregional: Final retry after timeout getting change token (#9826)
v2.24.0
2.24.0 (August 15, 2019)
FEATURES:
- New Resource:
aws_config_organization_custom_rule
(#9716) - New Resource:
aws_config_organization_managed_rule
(#9716) - New Resource:
aws_fsx_lustre_file_system
(#7074] / [#9761) - New Resource:
aws_fsx_windows_file_system
(#7074] / [#9761) - New Resource:
aws_ram_resource_share_accepter
(#8259)
ENHANCEMENTS:
- resource/aws_codebuild_project: Add
artifacts
configuration blockartifact_identifier
argument (#9652) - resource/aws_codebuild_project: Add plan time validation for
artifacts
andsecondary_artifacts
configuration blockspackaging
argument (#9652) - resource/aws_rds_cluster: Add
multimaster
toengine_mode
argument validation (support Aurora Multi-Master Clusters) (#9691) - resource/aws_rds_cluster_instance: Allow
aurora-mysql
(MySQL 5.7) engine to enable Performance Insights (#9635) - resource/aws_wafregional_regex_match_set: Support resource import (#9699)
- resource/aws_wafregional_regex_pattern_set: Support resource import (#9712)
- resource/aws_wafregional_size_constraint_set: Support resource import (#9713)
- resource/aws_wafregional_sql_injection_match_set: Support resource import (#9717)
BUG FIXES:
- resource/aws_acm_certificate_validation: Final retries after timeouts creating and checking validation for ACM certificates (#9661)
- resource/aws_ami: Final retry after timeout reading AMI (#9674)
- resource/aws_cloudhsm2_cluster: Final retries after timeouts creating, updating, and deleting CloudHSM clusters (#9675)
- resource/aws_cloudhsm2_hsm: Final retries after timeouts creating and deleting CloudHSM modules (#9675)
- resource/aws_cloudtrail: Final retries after timeouts creating and updating cloudtrails (#9678)
- resource/aws_codebuild_project: Final retries after timeouts creating and updating codebuild projects (#9682)
- resource/aws_codebuild_project: Properly perform drift detection and updates for
secondary_artifacts
configuration block arguments (exceptname
which will require a separate fix) (#9652) - resource/aws_codedeploy_deployment_group: Final retries after timeouts creating and updating deployment groups (#9682)
- resource/aws_codepipeline: Final retry after timeout creating codepipeline (#9682)
- resource/aws_cognito_user_pool: Final retries after timeouts creating and updating Cognito user pools (#9684)
- resource/aws_db_instance: Fix enabling Performance Insights on update without Performance Insights KMS Key ID (#9745)
- resource/aws_dms_endpoint: Final retry after timeout creating DMS endpoint (#9695)
- resource/aws_docdb_cluster_instance: Final retries after timeouts creating and updating DocDB cluster instances (#9696)
- resource/aws_docdb_cluster_parameter_group: Final retry after timeout deleting DocDB cluster parameter groups (#9696)
- resource/aws_docdb_subnet_group: Final retry after timeout deleting DocDB subnet groups (#9696)
- resource/aws_dynamodb_table: Final retries after timeouts creating, updating, and deleting DynamoDB tables (#9697)
- resource/aws_ebs_snapshot: Final retries after timeouts creating, deleting or waiting for available EBS snapshots (#9698)
- resource/aws_ebs_snapshot_copy: Final retry after timeout deleting EBS snapshot copies (#9698)
- resource/aws_ecs_cluster: Final retries after timeouts reading and deleting ECS cluster (#9704)
- resource/aws_ecs_service: Final retries after timeouts creating, updating, and deleting ECS service (#9704)
- resource/aws_eip: Final retries after timeouts reading, updating, and deleting EIPs (#9728)
- resource/aws_eip_association: Final retry after timeout creating EIP association (#9728)
- resource/aws_eks_cluster: Final retry after timeout creating EKS cluster (#9729)
- resource/aws_elastic_beanstalk_application: Final retries after timeouts reading and deleting beanstalk applications (#9731)
- resource/aws_gamelift_build: Final retry after timeout creating gamelift build (#9752)
- resource/aws_gamelift fleet: Final retry after timeout deleting gamelift fleet (#9752)
- resource/aws_glue_crawler: Final retry after timeout creating glue crawler (#9753)
- resource/aws_guardduty_member: Final retry after timeout waiting for email invitation (#9757)
- resource/aws_lb_target_group_attachment: Perform drift detection on attachments using target health description (trigger resource recreation for manually deregistered attachments) (#9610)
- resource/aws_vpn_gateway: Retry after timeouts attaching and deleting VPN gateways, and retrying attachment after pending VPN errors (#9641)