chore(deps): update terraform aws to v5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	major	3.62.0 -> 5.31.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.31.0

Compare Source

FEATURES:

• New Data Source: aws_polly_voices (#​34916)
• New Data Source: aws_ssoadmin_application_assignments (#​34796)
• New Data Source: aws_ssoadmin_principal_application_assignments (#​34815)
• New Resource: aws_finspace_kx_dataview (#​34828)
• New Resource: aws_finspace_kx_scaling_group (#​34832)
• New Resource: aws_finspace_kx_volume (#​34833)
• New Resource: aws_ssoadmin_trusted_token_issuer (#​34839)

ENHANCEMENTS:

• data-source/aws_cloudwatch_log_group: Add log_group_class attribute (#​34812)
• data-source/aws_dms_endpoint: Add postgres_settings attribute (#​34724)
• data-source/aws_lb: Add connection_logs attribute (#​34864)
• data-source/aws_lb: Add dns_record_client_routing_policy attribute (#​34135)
• data-source/aws_opensearchserverless_collection: Add standby_replicas attribute (#​34677)
• resource/aws_db_instance: Add support for IBM Db2 databases (#​34834)
• resource/aws_dms_endpoint: Add elasticsearch_settings.use_new_mapping_type argument (#​29470)
• resource/aws_dms_endpoint: Add postgres_settings configuration block (#​34724)
• resource/aws_finspace_kx_cluster: Add database.dataview_name, scaling_group_configuration, and tickerplant_log_configuration arguments. (#​34831)
• resource/aws_finspace_kx_cluster: The capacity_configuration argument is now optional. (#​34831)
• resource/aws_lb: Add connection_logs configuration block (#​34864)
• resource/aws_lb: Add plan-time validation that exactly one of either subnets or subnet_mapping is configured (#​33205)
• resource/aws_lb: Allow the number of subnet_mappings for Application Load Balancers to be changed without recreating the resource (#​33205)
• resource/aws_lb: Allow the number of subnet_mappings for Network Load Balancers to be increased without recreating the resource (#​33205)
• resource/aws_lb: Allow the number of subnets for Network Load Balancers to be increased without recreating the resource (#​33205)
• resource/aws_opensearchserverless_collection: Add standby_replicas attribute (#​34677)

BUG FIXES:

• data-source/aws_ecr_pull_through_cache_rule: Fix plan time validation for ecr_repository_prefix (#​34716)
• provider: Always use the S3 regional endpoint in us-east-1 for S3 directory bucket operations. This fixes no such host errors (#​34893)
• resource/aws_appmesh_virtual_node: Remove limit of 50 backends per virtual node (#​34774)
• resource/aws_cloudwatch_log_group: Fix invalid new value for .skip_destroy: was cty.False, but now null errors (#​30354)
• resource/aws_cloudwatch_log_group: Remove default value (STANDARD) for log_group_class argument and mark as Computed. This fixes InvalidParameterException: Only Standard log class is supported errors in AWS Regions other than AWS Commercial (#​34812)
• resource/aws_db_instance: Fix error where Terraform loses track of resource if Blue/Green Deployment is applied outside of Terraform (#​34728)
• resource/aws_dms_event_subscription: source_ids and source_type are Required (#​33731)
• resource/aws_ecr_pull_through_cache_rule: Fix plan time validation for ecr_repository_prefix (#​34716)
• resource/aws_lb: Correct in-place update of security_groups for Network Load Balancers when the new value is Computed (#​33205)
• resource/aws_lb: Fix InvalidConfigurationRequest: Load balancer attribute key 'dns_record.client_routing_policy' is not supported on load balancers with type 'network' errors on resource Create in AWS GovCloud (US) (#​34135)
• resource/aws_medialive_channel: Fixed errors related to setting the failover_condition argument (#​33410)
• resource/aws_securitylake_data_lake: Fix reflect.Set: value of type basetypes.StringValue is not assignable to type types.ARN panic when importing resources with nil ARN fields (#​34820)
• resource/aws_vpc: Increase IPAM pool allocation deletion timeout from 20 minutes to 35 minutes (#​34859)

v5.30.0

Compare Source

FEATURES:

• New Data Source: aws_codeguruprofiler_profiling_group (#​34672)
• New Data Source: aws_ecr_repositories (#​34446)
• New Data Source: aws_lb_trust_store (#​34584)
• New Data Source: aws_ssoadmin_application (#​34773)
• New Data Source: aws_ssoadmin_application_providers (#​34670)
• New Resource: aws_codeguruprofiler_profiling_group (#​34672)
• New Resource: aws_customerprofiles_domain (#​34622)
• New Resource: aws_customerprofiles_profile (#​34622)
• New Resource: aws_lb_trust_store (#​34584)
• New Resource: aws_lb_trust_store_revocation (#​34584)
• New Resource: aws_securitylake_data_lake (#​34521)
• New Resource: aws_ssoadmin_application (#​34723)
• New Resource: aws_ssoadmin_application_assignment (#​34741)
• New Resource: aws_ssoadmin_application_assignment_configuration (#​34752)

ENHANCEMENTS:

• data-source/aws_appconfig_configuration_profile: Add kms_key_identifier attribute (#​34725)
• data-source/aws_lb: Add enforce_security_group_inbound_rules_on_private_link_traffic attribute (#​33767)
• data-source/aws_lb_listener: Add mutual_authentication attribute (#​34584)
• resource/aws_appconfig_configuration_profile: Add kms_key_identifier attribute (#​34725)
• resource/aws_appconfig_deployment: Add kms_key_identifier attribute (#​34739)
• resource/aws_cloudwatch_log_group: Add log_group_class argument (#​34679)
• resource/aws_lb: Add enforce_security_group_inbound_rules_on_private_link_traffic argument (#​33767)
• resource/aws_lb_listener: Add mutual_authentication configuration block (#​34584)
• resource/aws_s3_bucket: Fix stack overflow fatal errors on resource Delete when force_destroy is true and the bucket contains delete markers (#​34712)
• resource/aws_sagemaker_app: Add resource_spec.sagemaker_image_version_alias argument (#​34729)
• resource/aws_sagemaker_app_image_config: Add jupyter_lab_image_config configuration block (#​34696)
• resource/aws_sagemaker_domain: Add default_user_settings.code_editor_app_settings, default_user_settings.custom_file_system_config, default_user_settings.custom_posix_user_config, default_user_settings.default_landing_uri, default_user_settings.jupyter_lab_app_settings, default_user_settings.space_storage_settings, default_user_settings.studio_web_portal arguments (#​34729)
• resource/aws_sagemaker_domain: Add sagemaker_image_version_alias argument under all default_resource_spec blocks (#​34729)
• resource/aws_sagemaker_domain: Add single_sign_on_application_arn attribute (#​34729)
• resource/aws_sagemaker_space: Add sagemaker_image_version_alias argument under all default_resource_spec blocks (#​34729)
• resource/aws_sagemaker_space: Add space_display_name argument (#​34729)
• resource/aws_sagemaker_space: Add url attribute (#​34729)
• resource/aws_sagemaker_user_profile: Add sagemaker_image_version_alias argument under all default_resource_spec blocks (#​34729)
• resource/aws_sagemaker_user_profile: Add user_settings.code_editor_app_settings, user_settings.custom_file_system_config, user_settings.custom_posix_user_config, user_settings.default_landing_uri, user_settings.jupyter_lab_app_settings, user_settings.space_storage_settings, user_settings.studio_web_portal arguments (#​34729)
• resource/aws_transfer_server: Add support for TransferSecurityPolicy-FIPS-2023-05 security_policy_name value (#​34709)

BUG FIXES:

• resource/aws_ami: Correctly sets deprecation_time on creation and update due to eventual consistency (#​34691)
• resource/aws_ami: Correctly sets description on update due to eventual consistency (#​34691)
• resource/aws_ami: Now allows removing deprecation_time (#​34691)
• resource/aws_appflow_flow: Fix perpetual diff on destination_flow_config (#​34770)
• resource/aws_backup_vault_policy: Fix eventual consistency error when waiting for IAM (#​34671)
• resource/aws_eks_pod_identity_association: Retry IAM eventual consistency errors on create and update (#​34717)
• resource/aws_glue_connection: Fix crash while creating resource with empty physical_connection_requirements configuration block (#​34737)

v5.29.0

Compare Source

FEATURES:

• New Resource: aws_docdbelastic_cluster (#​31033)
• New Resource: aws_eks_pod_identity_association (#​34566)

ENHANCEMENTS:

• resource/aws_docdb_cluster: Add storage_type argument (#​34637)
• resource/aws_neptune_parameter_group: Add name_prefix argument (#​34500)

BUG FIXES:

• resource/aws_networkmanager_attachment_accepter: Now revokes attachment on deletion for VPC Attachments (#​34547)
• resource/aws_networkmanager_vpc_attachment: Fixes error when modifying options fields while waiting for acceptance (#​34547)
• resource/aws_networkmanager_vpc_attachment: Fixes error where VPC Attachments waiting for acceptance could not be deleted (#​34547)
• resource/aws_s3_directory_bucket: Fix NotImplemented: This bucket does not support Object Versioning errors on resource Delete when force_destroy is true (#​34647)

v5.28.0

Compare Source

FEATURES:

• New Data Source: aws_s3_directory_buckets (#​34612)
• New Resource: aws_s3_directory_bucket (#​34612)

ENHANCEMENTS:

• resource/aws_s3control_access_grants_instance: Add identity_center_arn argument and identity_center_application_arn attribute (#​34582)

BUG FIXES:

• resource/aws_elaticache_replication_group: Fix regression caused by the introduction of the auth_token_update_strategy argument with a default value (#​34600)

v5.27.0

Compare Source

NOTES:

• provider: This release includes an update to the AWS SDK for Go v2 with breaking type changes to several services: internetmonitor, ivschat, pipes, and s3. These changes primarily affect how arguments with default values are serialized for outbound requests, changing scalar types to pointers. See this AWS SDK for Go V2 issue for additional context. The corresponding provider changes should make this breakfix transparent to users, but as with any breaking change there is the potential for missed edge cases. If errors are observed in the impacted resources, please link to this dependency update pull request in the bug report (#​34476)

FEATURES:

• New Data Source: aws_emr_supported_instance_types (#​34481)
• New Resource: aws_apprunner_default_auto_scaling_configuration_version (#​34292)
• New Resource: aws_lexv2models_bot_version (#​33858)
• New Resource: aws_s3control_access_grant (#​34564)
• New Resource: aws_s3control_access_grants_instance (#​34564)
• New Resource: aws_s3control_access_grants_instance_resource_policy (#​34564)
• New Resource: aws_s3control_access_grants_location (#​34564)

ENHANCEMENTS:

• resource/aws_apprunner_auto_scaling_configuration_version: Add has_associated_service and is_default attributes (#​34292)
• resource/aws_apprunner_service: Add network_configuration.ip_address_type argument (#​34292)
• resource/aws_apprunner_service: Add source_configuration.code_repository.source_directory argument to support monorepos (#​34292)
• resource/aws_apprunner_service: Allow health_check_configuration to be updated in-place (#​34292)
• resource/aws_cloudwatch_event_rule: Add state parameter and deprecate is_enabled parameter (#​34510)
• resource/aws_elaticache_replication_group: Add auth_token_update_strategy argument (#​34460)
• resource/aws_lambda_function: Add support for java21 runtime value (#​34476)
• resource/aws_lambda_function: Add support for python3.12 runtime value (#​34533)
• resource/aws_lambda_layer_version: Add support for java21 compatible_runtimes value (#​34476)
• resource/aws_lambda_layer_version: Add support for python3.12 compatible_runtimes value (#​34533)
• resource/aws_s3_bucket_logging: Add target_object_key_format configuration block to support automatic date-based partitioning (#​34504)

BUG FIXES:

• resource/aws_appflow_flow: Fix InvalidParameter: 2 validation error(s) found error when destination_flow_config or task is updated (#​34456)
• resource/aws_appflow_flow: Fix interface conversion: interface {} is nil, not map[string]interface {} panic (#​34456)
• resource/aws_apprunner_service: Correctly set service_url for private services (#​34292)
• resource/aws_glue_trigger: Fix ConcurrentModificationException: Workflow <workflowName> was modified while adding trigger <triggerName> errors (#​34530)
• resource/aws_lb_target_group: Adds plan- and apply-time validation for invalid parameter combinations (#​34488)
• resource/aws_lexv2_bot_locale: Fix voice_settings.engine validation, value conversion errors (#​34532)
• resource/aws_lexv2models_bot: Properly send type argument on create and update when configured (#​34524)
• resource/aws_pipes_pipe: Fix error when zero value is sent to source_parameters on update (#​34487)

v5.26.0

Compare Source

FEATURES:

• New Data Source: aws_iot_registration_code (#​15098)
• New Resource: aws_bedrock_model_invocation_logging_configuration (#​34303)
• New Resource: aws_iot_billing_group (#​31237)
• New Resource: aws_iot_ca_certificate (#​15098)
• New Resource: aws_iot_event_configurations (#​31237)

ENHANCEMENTS:

• data-source/aws_autoscaling_group: Add instance_maintenance_policy attribute (#​34430)
• provider: Adds https_proxy and no_proxy parameters. (#​34243)
• resource/aws_autoscaling_group: Add instance_maintenance_policy configuration block (#​34430)
• resource/aws_finspace_kx_cluster: Increase default create and update timeouts to 4 hours to allow for increased startup times with large volumes of cached data (#​34398)
• resource/aws_finspace_kx_environment: Increase default delete timeout to 75 minutes (#​34398)
• resource/aws_iam_group_policy_attachment: Add plan-time validation of policy_arn (#​34378)
• resource/aws_iam_policy_attachment: Add plan-time validation of policy_arn (#​34378)
• resource/aws_iam_role_policy_attachment: Add plan-time validation of policy_arn (#​34378)
• resource/aws_iam_user_policy_attachment: Add plan-time validation of policy_arn (#​34378)
• resource/aws_iot_ca_certificate: Add ca_certificate_id attribute (#​15098)
• resource/aws_iot_policy: Add configurable timeouts (#​34329)
• resource/aws_iot_policy: When updating the resource, delete the oldest non-default version of the policy if creating a new version would exceed the maximum number of versions (5) (#​34329)
• resource/aws_lambda_function: Add support for nodejs20.x and provided.al2023 runtime values (#​34401)
• resource/aws_lambda_layer_version: Add support for nodejs20.x and provided.al2023 compatible_runtimes values (#​34401)
• resource/aws_quicksight_analysis: Add definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.sparkline attribute (#​33931)
• resource/aws_quicksight_analysis: Add definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.visual_layout_options attribute (#​33931)
• resource/aws_quicksight_analysis: Add number_display_format_configuration and percentage_display_format_configuration to nested numeric_format_configuration argument (#​33931)
• resource/aws_quicksight_dashboard: Add definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.sparkline attribute (#​33931)
• resource/aws_quicksight_dashboard: Add definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.visual_layout_options attribute (#​33931)
• resource/aws_quicksight_dashboard: Add number_display_format_configuration and percentage_display_format_configuration to nested numeric_format_configuration argument (#​33931)
• resource/aws_quicksight_template: Add definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.sparkline attribute (#​33931)
• resource/aws_quicksight_template: Add definition.sheets.visuals.kpi_visual.chart_configuration.kpi_options.visual_layout_options attribute (#​33931)
• resource/aws_quicksight_template: Add number_display_format_configuration and percentage_display_format_configuration to nested numeric_format_configuration argument (#​33931)
• resource/aws_rds_cluster: Add delete_automated_backups argument (#​34309)

BUG FIXES:

• resource/aws_chime_voice_connector: Fix read error when resource is not created in us-east-1 (#​34334)
• resource/aws_chime_voice_connector_group: Fix read error when resource is not created in us-east-1 (#​34334)
• resource/aws_chime_voice_connector_logging: Fix read error when resource is not created in us-east-1 (#​34334)
• resource/aws_chime_voice_connector_origination: Fix read error when resource is not created in us-east-1 (#​34334)
• resource/aws_chime_voice_connector_termination: Fix read error when resource is not created in us-east-1 (#​34334)
• resource/aws_chime_voice_connector_termination_credentials: Fix read error when resource is not created in us-east-1 (#​34334)
• resource/aws_chimesdkmediapipelines_media_insights_pipeline_configuration: Fix eventual consistency error when resource is not created in us-east-1 (#​34334)
• resource/aws_chimesdkvoice_sip_media_application: Fix eventual consistency errors when not using us-east-1 (#​34426)
• resource/aws_chimesdkvoice_sip_rule: Fix eventual consistency errors when not using us-east-1 (#​34426)
• resource/aws_elasticache_user: Fix UserNotFound: ... is not available for tagging errors on resource Read when there is a concurrent update to the user (#​34396)
• resource/aws_grafana_workspace_api_key: Change key to Sensitive (#​34105)
• resource/aws_iam_group_policy_attachment: Retry ConcurrentModificationException errors on create and delete (#​34378)
• resource/aws_iam_policy_attachment: Retry ConcurrentModificationException errors on create and delete (#​34378)
• resource/aws_iam_role_policy_attachment: Retry ConcurrentModificationException errors on create and delete (#​34378)
• resource/aws_iam_user_policy_attachment: Retry ConcurrentModificationException errors on create and delete (#​34378)
• resource/aws_inspector2_delegated_admin_account: Fix errors: *target must be interface or implement error panic (#​34424)
• resource/aws_inspector2_enabler: Fix interface conversion: interface {} is nil, not map[string]inspector2.AccountResourceStatus panic (#​34424)
• resource/aws_iot_ca_certificate: Change ca_pem and certificate_pem to ForceNew (#​15098)
• resource/aws_iot_policy: Retry DeleteConflictException errors on delete (#​34329)
• resource/aws_quicksight_analysis: Fix handling of the nested number_scale, prefix, and suffix integer arguments (#​33931)
• resource/aws_quicksight_analysis: Fix handling of the nested rolling_date argument (#​33931)
• resource/aws_quicksight_analysis: Fix handling of the nested select_all_options argument (#​33931)
• resource/aws_quicksight_analysis: Fix handling of the nested visual_ids argument (#​33931)
• resource/aws_quicksight_analysis: Fixes to various optional blocks utilizing the shared column schema definition (#​33931)
• resource/aws_quicksight_analysis: Nested column_index and row_index arguments now properly handle zero values (#​33931)
• resource/aws_quicksight_dashboard: Fix handling of the nested number_scale, prefix, and suffix integer arguments (#​33931)
• resource/aws_quicksight_dashboard: Fix handling of the nested rolling_date argument (#​33931)
• resource/aws_quicksight_dashboard: Fix handling of the nested select_all_options argument (#​33931)
• resource/aws_quicksight_dashboard: Fix handling of the nested visual_ids argument (#​33931)
• resource/aws_quicksight_dashboard: Fixes to various optional blocks utilizing the shared column schema definition (#​33931)
• resource/aws_quicksight_dashboard: Nested column_index and row_index arguments now properly handle zero values (#​33931)
• resource/aws_quicksight_data_set: Increase permissions.actions maximum item limit to 20, aligning with the AWS API limits (#​33931)
• resource/aws_quicksight_data_source: Set all parameters to update aws_quicksight_data_source (#​33061)
• resource/aws_quicksight_template: Fix handling of the nested number_scale, prefix, and suffix integer arguments (#​33931)
• resource/aws_quicksight_template: Fix handling of the nested rolling_date argument (#​33931)
• resource/aws_quicksight_template: Fix handling of the nested select_all_options argument (#​33931)
• resource/aws_quicksight_template: Fix handling of the nested visual_ids argument (#​33931)
• resource/aws_quicksight_template: Fixes to various optional blocks utilizing the shared column schema definition (#​33931)
• resource/aws_quicksight_template: Nested column_index and row_index arguments now properly handle zero values (#​33931)
• resource/aws_sagemaker_user_profile: Change default_user_settings.canvas_app_settings.identity_provider_oauth_settings from TypeSet to TypeList, preventing interface conversion: interface {} is *schema.Set, not []interface {} panics (#​34418)
• resource/aws_synthetics_canary: Fix to properly suppress differences when expression is rate(0 minutes) (#​34084)
• resource/aws_vpn_connection: Fix UnsupportedOperation: The tunnel inside ip version parameter is not currently supported in this region error when creating connections in certain partitions and Regions (#​34420)

v5.25.0

Compare Source

NOTES:

• resource/aws_cloudtrail: The resource's import ID has changed from name to arn (#​30758)

FEATURES:

• New Data Source: aws_apigatewayv2_vpc_link (#​33974)
• New Data Source: aws_athena_named_query (#​24815)
• New Data Source: aws_bedrock_foundation_model (#​34148)
• New Data Source: aws_bedrock_foundation_models (#​34148)
• New Resource: aws_athena_prepared_statement (#​33417)
• New Resource: aws_lexv2models_bot_locale (#​33949)

ENHANCEMENTS:

• provider: Adds SSO API endpoint override parameter endpoints.sso (#​34302)
• resource/aws_appflow_connector_profile: Add jwt_token and oauth2_grant_type arguments to the connector_profile_config.connector_profile_credentials.salesforce block. (#​34248)
• resource/aws_autoscaling_group: Add plan-time validation of initial_lifecycle_hook.default_result, initial_lifecycle_hook.heartbeat_timeout, initial_lifecycle_hook.lifecycle_transition, initial_lifecycle_hook.name, initial_lifecycle_hook.notification_target_arn and initial_lifecycle_hook.role_arn (#​12145)
• resource/aws_autoscaling_lifecycle_hook: Add plan-time validation of default_result, heartbeat_timeout, lifecycle_transition, name, notification_target_arn and role_arn (#​12145)
• resource/aws_datasync_task: Add task_report_config argument (#​33861)
• resource/aws_db_instance: Add postgres as a valid engine value for blue/green deployments (#​34216)
• resource/aws_dms_endpoint: Add pause_replication_tasks, which when set to true, pauses associated running replication tasks, regardless if they are managed by Terraform, prior to modifying the endpoint (only tasks paused by the resource will be restarted after the modification completes) (#​34316)
• resource/aws_eks_cluster: Allow vpc_config.security_group_ids and vpc_config.subnet_ids to be updated in-place (#​32409)
• resource/aws_inspector2_organization_configuration: Add lambda_code argument to the auto_enable configuration block (#​34261)
• resource/aws_route53_record: Allow import of records with an empty record name. (#​34212)
• resource/aws_sagemaker_domain: Add default_user_settings.canvas_app_settings.direct_deploy_settings, default_user_settings.canvas_app_settings.identity_provider_oauth_settings and default_user_settings.canvas_app_settings.kendra_settings arguments (#​34265)
• resource/aws_sagemaker_domain: Change default_space_settings.kernel_gateway_app_settings.custom_image, default_user_settings.kernel_gateway_app_settings.custom_image and default_user_settings.r_session_app_settings.custom_image MaxItems from 30 to 200 (#​34265)
• resource/aws_sagemaker_feature_group: Add offline_store_config.s3_storage_config.resolved_output_s3_uri, online_store_config.storage_type and online_store_config.ttl_duration arguments (#​34283)
• resource/aws_sagemaker_feature_group: Allow online_store_config.ttl_duration to be updated in-place (#​34283)
• resource/aws_sagemaker_model: Add container.model_data_source and primary_container.model_data_source configuration blocks (#​34158)
• resource/aws_sagemaker_space: Change space_settings.kernel_gateway_app_settings.custom_image MaxItems from 30 to 200 (#​34265)
• resource/aws_sagemaker_user_profile: Add default_user_settings.canvas_app_settings.direct_deploy_settings, default_user_settings.canvas_app_settings.identity_provider_oauth_settings and default_user_settings.canvas_app_settings.kendra_settings arguments (#​34265)
• resource/aws_sns_topic: Add archive_policy argument and beginning_archive_time attribute to support message archiving (#​34252)
• resource/aws_sns_topic: Add replay_policy argument (#​34252)

BUG FIXES:

• provider: Fix Value Conversion Error panic for certain resources when null tag values are specified (#​34319)
• provider: Fixes parsing error in AWS shared config files with extra whitespace (#​34300)
• provider: Fixes poor performance when parsing AWS shared config files (#​34300)
• resource/aws_autoscaling_group: Change all initial_lifecycle_hook configuration block attributes to ForceNew (#​34260)
• resource/aws_cloudtrail: Change the id attribute from the trail's name to its ARN to support organization trails (#​30758)
• resource/aws_cloudwatch_event_rule: Increase event_pattern max length for validation to 4096 (#​34270)
• resource/aws_sagemaker_domain: Fix updating default_space_settings.r_studio_server_pro_app_settings.access_status from ENABLED to DISABLED (#​34265)

v5.24.0

Compare Source

NOTES:

• resource/aws_detective_organization_admin_account: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​25237)
• resource/aws_detective_organization_configuration: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​25237)

FEATURES:

• New Data Source: aws_opensearchserverless_lifecycle_policy (#​34144)
• New Resource: aws_detective_organization_admin_account (#​25237)
• New Resource: aws_detective_organization_configuration (#​25237)
• New Resource: aws_opensearchserverless_lifecycle_policy (#​34144)
• New Resource: aws_redshift_resource_policy (#​34149)
• New Resource: aws_verifiedaccess_endpoint (#​30763)

ENHANCEMENTS:

• resource/aws_amplify_app: Add custom_headers argument (#​31561)
• resource/aws_batch_job_definition: Add node_properties argument (#​34153)
• resource/aws_finspace_kx_cluster: In-place updates are now supported for the code, database, and initialization_script arguments. The update timeout has been increased to 30 minutes. (#​34220)
• resource/aws_iot_topic_rule: Add kafka.header and error_action.kafka.header arguments (#​34191)
• resource/aws_networkmanager_connect_attachment: Add NO_ENCAP as a valid options.protocol value (#​34109)
• resource/aws_networkmanager_connect_peer: Add subnet_arn argument to support Tunnel-less Connect attachments (#​34109)
• resource/aws_networkmanager_connect_peer: inside_cidr_blocks is Optional (#​34109)
• resource/aws_rds_cluster: Remove the provider default (previously, "1") and use the AWS default for backup_retention_period (also, "1") to allow integration with AWS Backup (#​34187)
• resource/aws_redshift_cluster: Add snapshot_arn argument (#​34181)
• resource/aws_redshift_cluster: Add the manage_master_password and master_password_secret_kms_key_id arguments to support managed admin credentials (#​34182)
• resource/aws_s3_object: Add override_provider configuration block, allowing tags inherited from the provider default_tags configuration block to be ignored (#​33262)
• resource/aws_secretsmanager_secret_rotation: The rotation_lambda_arn argument is now optional to support modifying the rotation schedule of AWS-managed secrets. (#​34180)

BUG FIXES:

• data-source/aws_vpc_ipam_pools: Add id attribute for individual IPAM pools (#​32133)
• resource/aws_alb_listener_rule: Fixed the action.forward.target_group argument minimum item requirement. Previously this was set to 2, but the AWS API allows specifying a single target group. (#​33727)
• resource/aws_amplify_branch: Remove ForceNew from enable_performance_mode (#​34141)
• resource/aws_lb_listener_rule: Fixed the action.forward.target_group argument minimum item requirement. Previously this was set to 2, but the AWS API allows specifying a single target group. (#​33727)
• resource/aws_quicksight_analysis: Fix "expected type to be integer" errors in window_options.bounds.* argument validatation functions (#​34230)
• resource/aws_quicksight_dashboard: Fix "expected type to be integer" errors in window_options.bounds.* argument validatation functions (#​34230)
• resource/aws_quicksight_template: Fix "expected type to be integer" errors in window_options.bounds.* argument validatation functions (#​34230)
• resource/aws_rds_cluster: Avoid an error on delete related to unexpected state 'scaling-compute' (#​34187)

v5.23.1

Compare Source

BUG FIXES:

• data-source/aws_lambda_function: Add vpc_config.ipv6_allowed_for_dual_stack attribute, fixing Invalid address to set: []string{"vpc_config", "0", "ipv6_allowed_for_dual_stack"} errors (#​34134)

v5.23.0

Compare Source

NOTES:

• provider: This release includes an update to the AWS SDK for Go v2 with breaking type changes to several services: finspace, kafka, medialive, rds, s3control, timestreamwrite, and xray. These changes primarily affect how arguments with default values are serialized for outbound requests, changing scalar types to pointers. See this AWS SDK for Go V2 issue for additional context. The corresponding provider changes should make this breakfix transparent to users, but as with any breaking change there is the potential for missed edge cases. If errors are observed in the impacted resources, please link to this dependency update pull request in the bug report. (#​34096)

FEATURES:

• New Resource: aws_iot_domain_configuration (#​24765)

ENHANCEMENTS:

• data-source/aws_imagebuilder_image: Add image_scanning_configuration attribute (#​34049)
• resource/aws_config_config_rule: Add evaluation_mode attribute (#​34033)
• resource/aws_elasticache_replication_group: Add ip_discovery and network_type arguments (#​34019)
• resource/aws_imagebuilder_image: Add image_scanning_configuration configuration block (#​34049)
• resource/aws_kms_key: Add configurable timeouts (#​34112)
• resource/aws_lambda_function: Add vpc_config.ipv6_allowed_for_dual_stack argument (#​34045)
• resource/aws_lb: Add dns_record_client_routing_policy attribute to configure Availability Zonal DNS affinity on Network Load Balancer (NLB) (#​33992)
• resource/aws_lb_target_group: Add target_health_state configuration block (#​34070)
• resource/aws_lb_target_group: Remove default value (false) for connection_termination argument and mark as Computed, to support new default behavior for UDP/TCP_UDP target groups (#​34070)
• resource/aws_neptune_cluster: Add slowquery as a valid enable_cloudwatch_logs_exports value (#​34053)

BUG FIXES:

• provider/tags: Prevent crash when tags_all is null (#​34073)
• resource/aws_autoscaling_group: Fix error when launch_template name is updated. (#​34086)
• resource/aws_dms_s3_endpoint: Don't send the default value of false for add_trailing_padding_character, maintaining compatibility with older (pre-3.4.7) DMS engine versions (#​34048)
• resource/aws_ecs_task_definition: Add 0 as a valid value for volume.efs_volume_configuration.transit_encryption_port, preventing unexpected drift (#​34020)
• resource/aws_identitystore_group: Fix updating description attribute when it is changed (#​34037)
• resource/aws_iot_indexing_configuration: Add thing_indexing_configuration.filter attribute, resolving InvalidRequestException: NamedShadowNames Filter must not be empty for enabling NamedShadowIndexingMode errors (#​26859)
• resource/aws_storagegateway_gateway: Support the value 0 (representing Sunday) for maintenance_start_time.day_of_week (#​34015)
• resource/aws_verifiedaccess_group: Fix InvalidParameterValue: Policy Document cannot be provided when Policy Enabled is false or missing errors when updating policy_document (#​34054)

v5.22.0

Compare Source

FEATURES:

• New Data Source: aws_media_convert_queue (#​27075)
• New Resource: aws_elasticsearch_vpc_endpoint (#​33925)
• New Resource: aws_msk_replicator (#​33973)

ENHANCEMENTS:

• data-source/aws_ec2_client_vpn_endpoint: Add self_service_portal_url attribute (#​34007)
• resource/aws_alb: Support import of name_prefix argument (#​33852)
• resource/aws_alb_target_group: Support import of name_prefix argument (#​33852)
• resource/aws_cloudfront_public_key: Support import of name_prefix argument (#​33852)
• resource/aws_db_option_group: Support import of name_prefix argument (#​33852)
• resource/aws_docdb_cluster: Support import of cluster_identifier_prefix argument (#​33852)
• resource/aws_docdb_cluster_instance: Support import of identifier_prefix argument (#​33852)
• resource/aws_doc

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[netlify]

✅ Deploy Preview for k8gb-preview ready!

Name	Link
🔨 Latest commit	86eec87
🔍 Latest deploy log	https://app.netlify.com/sites/k8gb-preview/deploys/658e9c63c39dd700081563b6
😎 Deploy Preview	https://deploy-preview-1357--k8gb-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.