v6.22.1

Compare Source

ENHANCEMENTS:

• resource/aws_fsx_openzfs_file_system: Support INTELLIGENT_TIERING storage type and add read_cache_configuration argument (#​45159)
• resource/aws_msk_cluster: Add rebalancing configuration block to support intelligent rebalancing for Express broker clusters (#​45073)

BUG FIXES:

• provider: Fix crash in required tag validation interceptor when tag values are unknown. This addresses a regression introduced in v6.22.0. (#​45201)
• provider: Fix early return logic in the required tag validation interceptor. This addresses a performance regression introduced in v6.22.0. (#​45201)
• resource/aws_accessanalyzer_analyzer: Fix interface conversion: interface {} is nil, not map[string]interface {} panics when configuration.unused_access.analysis_rule.exclusion.resource_tags contains null values (#​45202)
• resource/aws_odb_cloud_vm_cluster: Fix incorrect validation error when arguments are configured using variables. This addresses a regression introduced in v6.22.0 (#​45205)

v6.22.0

Compare Source

NOTES:

• resource/aws_s3_bucket_server_side_encryption_configuration: Starting in March 2026, Amazon S3 will introduce a new default bucket security setting by automatically disabling server-side encryption with customer-provided keys (SSE-C) for all new buckets. Use the blocked_encryption_types argument to manage this behavior for specific buckets. (#​45105)

FEATURES:

• New Ephemeral Resource: aws_ecr_authorization_token (#​44949)
• New Guide: Tag Policy Compliance (#​45143)
• New Resource: aws_billing_view (#​45097)
• New Resource: aws_vpclattice_domain_verification (#​45085)

ENHANCEMENTS:

• data-source/aws_lb_listener: Add default_action.jwt_validation attribute (#​45089)
• data-source/aws_lb_listener_rule: Add action.jwt_validation attribute (#​45089)
• data-source/aws_route53_zone: Support filtering by tags only or by vpc_id only (#​39671)
• provider: Add support for enforcing tag policy compliance. This opt-in feature can be enabled via the new tag_policy_compliance provider argument, or the TF_AWS_TAG_POLICY_COMPLIANCE environment variable. When enabled, the principal executing Terraform must have the tags:ListRequiredTags IAM permission. (#​45143)
• resource/aws_backup_logically_air_gapped_vault: Add encryption_key_arn argument (#​45020)
• resource/aws_bedrock_guardrail: Add input_action, input_enabled, input_modalities, output_action, output_enabled, and output_modalities arguments to the content_policy_config.filters_config block (#​45104)
• resource/aws_bedrockagent_knowledge_base: Add storage_configuration.rds_configuration.field_mapping.custom_metadata_field argument (#​45075)
• resource/aws_bedrockagentcore_agent_runtime: Add agent_runtime_artifact.code_configuration block (#​45091)
• resource/aws_bedrockagentcore_agent_runtime: Make agent_runtime_artifact.container_configuration block optional (#​45091)
• resource/aws_dynamodb_table: Add global_table_witness argument (#​43908)
• resource/aws_emr_managed_scaling_policy: Add scaling_strategy and utilization_performance_index arguments (#​45132)
• resource/aws_fis_experiment_template: Add plan-time validation of log_configuration.cloudwatch_logs_configuration.log_group_arn (#​35941)
• resource/aws_fis_experiment_template: Add support for Functions to action.*.target (#​41209)
• resource/aws_lambda_invocation: Add import support (#​41240)
• resource/aws_lb_listener: Support jwt-validation as a valid default_action.type and add default_action.jwt_validation configuration block (#​45089)
• resource/aws_lb_listener_rule: Support jwt-validation as a valid action.type and add action.jwt_validation configuration block (#​45089)
• resource/aws_odb_cloud_vm_cluster: vm cluster creation using odb network ARN and exadata infrastructure ARN for resource sharing model. (#​45003)
• resource/aws_organizations_organization: Add SECURITYHUB_POLICY as a valid value for enabled_policy_types argument (#​45135)
• resource/aws_prometheus_query_logging_configuration: Add plan-time validation of destination.cloudwatch_logs.log_group_arn (#​35941)
• resource/aws_prometheus_workspace: Add plan-time validation of logging_configuration.log_group_arn (#​35941)
• resource/aws_s3_bucket_server_side_encryption_configuration: Add rule.blocked_encryption_types argument (#​45105)
• resource/aws_sagemaker_model: Add container.additional_model_data_source and primary_container.additional_model_data_source arguments (#​44407)
• resource/aws_sfn_state_machine: Add plan-time validation of logging_configuration.log_destination (#​35941)
• resource/aws_timestreaminfluxdb_db_cluster: Add engine_type attribute (#​44899)
• resource/aws_timestreaminfluxdb_db_cluster: Add validation to ensure InfluxDB V2 clusters have required fields and InfluxDB V3 clusters (when using V3 parameter groups) do not have forbidden V2 fields. This functionality requires the timestream-influxdb:GetDbParameterGroup IAM permission (#​44899)
• resource/aws_vpclattice_resource_configuration: Add custom_domain_name and domain_verification_id arguments and domain_verification_arn and domain_verification_status attributes to support custom domain names for resource configurations (#​45085)
• resource/aws_vpn_connection: Add tunnel_bandwidth argument to support higher bandwidth tunnels (#​45070)

BUG FIXES:

• resource/aws_db_instance: Fix blue/green deployments failing with "not in available state" by improving stability and handling storage-config-upgrade and storage-initialization statuses (#​41275)
• resource/aws_elastic_beanstalk_configuration_template: Fix updates not applying by including ResourceName for option settings and preventing duplicate add/remove operations (#​45077)
• resource/aws_odb_cloud_vm_cluster: support for hyphen in odb cloud vm cluster hostname prefix. (#​45003)
• resource/aws_quicksight_account_settings: Add region argument (#​45083)
• resource/aws_s3_directory_bucket: Fix plan-time AWS resource not found during refresh warnings causing resource replacement when ReadOnly s3express:SessionMode is enforced (#​45086)
• resource/aws_ssoadmin_account_assignment: Correct target_type argument to required (#​45092)
• resource/aws_timestreaminfluxdb_db_cluster: Make allocated_storage, bucket, organization, username, and password optional to support InfluxDB V3 clusters (#​44899)

v6.21.0

Compare Source

BREAKING CHANGES:

• resource/aws_bedrockagentcore_browser: Rename network_configuration.network_mode_config to network_configuration.vpc_config (#​44828)

FEATURES:

• New Action: aws_dynamodb_create_backup (#​45001)
• New Resource: aws_networkflowmonitor_monitor (#​44782)
• New Resource: aws_networkflowmonitor_scope (#​44782)
• New Resource: aws_observabilityadmin_centralization_rule_for_organization (#​44806)

ENHANCEMENTS:

• data-source/aws_ecs_service: Add capacity_provider_strategy, created_at, created_by, deployment_configuration, deployment_controller, deployments, enable_ecs_managed_tags, enable_execute_command, events, health_check_grace_period_seconds, iam_role, network_configuration, ordered_placement_strategy, pending_count, placement_constraints, platform_family, platform_version, propagate_tags, running_count, service_connect_configuration, service_registries, status, and task_sets attributes (#​44842)
• resource/aws_bedrockagentcore_gateway_target: Add target_configuration.mcp.mcp_server block (#​44991)
• resource/aws_bedrockagentcore_gateway_target: Make credential_provider_configuration block optional (#​44991)
• resource/aws_cloudwatch_log_delivery_destination: Make delivery_destination_type and delivery_destination_configuration optional to support AWS X-Ray as a destination (#​44995)
• resource/aws_ecs_service: Add support for LINEAR and CANARY deployment strategies with deployment_configuration.linear_configuration and deployment_configuration.canary_configuration blocks (#​44842)
• resource/aws_lambda_function: Add support for java25 runtime value (#​45024)
• resource/aws_lambda_function: Add support for nodejs24.x runtime value (#​45024)
• resource/aws_lambda_function: Add support for python3.14 runtime value (#​45024)
• resource/aws_lambda_layer_version: Add support for java25 compatible_runtimes value (#​45024)
• resource/aws_lambda_layer_version: Add support for nodejs24.x compatible_runtimes value (#​45024)
• resource/aws_lambda_layer_version: Add support for python3.14 compatible_runtimes value (#​45024)
• resource/aws_s3tables_table: Add tagging support (#​44996)
• resource/aws_s3tables_table_bucket: Add tagging support (#​44996)
• resource/aws_sagemaker_endpoint_configuration: Add execution_role_arn argument and make model_name optional in production_variants and shadow_production_variants blocks to support Inference Components (#​44977)
• resource/aws_sns_topic: Fix AuthorizationError ... is not authorized to perform: iam:PassRole on resource ... IAM eventual consistency errors on Create and Update (#​45018)

BUG FIXES:

• provider: Fix situation where refreshes of removed infrastructure appear as errors rather than warnings (#​45022)
• resource/aws_acmpca_certificate_authority: Prevents error when upgrading from provider pre-v6.0 without refreshing (#​45050)
• resource/aws_apprunner_service: Prevents error when upgrading from provider pre-v6.0 without refreshing (#​45051)
• resource/aws_ec2_image_block_public_access: Add region argument (#​45023)
• resource/aws_ec2_serial_console_access: Add region argument (#​45064)
• resource/aws_emrcontainers_job_template: Fix ValidationException: Value null at 'jobTemplateData.configurationOverrides.monitoringConfiguration.cloudWatchMonitoringConfiguration.logGroupName' failed to satisfy constraint: Member must not be null error (#​45029)
• resource/aws_emrcontainers_job_template: Fix setting job_template_data: job_template_data.0.configuration_overrides.0.application_configuration.0: '' expected a map, got 'slice' error (#​45029)
• resource/aws_emrcontainers_job_template: Mark job_template_data.job_driver.configuration_overrides.monitoring_configuration.persistent_app_ui argument as computed (#​45029)
• resource/aws_invoicing_invoice_unit: Fix Provider returned invalid result object after apply error occurred when updating the resource (#​45030)
• resource/aws_opensearch_authorize_vpc_endpoint_access: Fix reading the resource when more than one principal is authorized. The import ID has changed from domain_name to domain_name and account separated by a comma (#​44982)
• resource/aws_redshift_cluster: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_cluster_snapshot: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_event_subscription: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_hsm_client_certificate: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_hsm_configuration: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_integration: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_parameter_group: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_snapshot_copy_grant: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_snapshot_schedule: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_subnet_group: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_usage_limit: Prevents errors with empty tag values. (#​44952)
• resource/aws_sagemaker_endpoint: Fix bug where endpoint_config_name was not correctly updated, causing the endpoint to retain the old configuration (#​42843)
• resource/aws_wafv2_web_acl_logging_configuration: Fix the validation for redacted_fields.single_header.name (#​44987)

v6.20.0

Compare Source

FEATURES:

• New Resource: aws_ec2_allowed_images_settings (#​44800)
• New Resource: aws_fis_target_account_configuration (#​44875)
• New Resource: aws_invoicing_invoice_unit (#​44892)

ENHANCEMENTS:

• data-source/aws_connect_routing_profile: Add media_concurrencies.cross_channel_behavior attribute (#​44934)
• data-source/aws_elasticache_replication_group: Add node_group_configuration attribute to expose node group details including availability zones, replica counts, and slot ranges (#​44879)
• data-source/aws_kinesis_stream: Add max_record_size_in_kib attribute (#​44915)
• data-source/aws_opensearch_domain: Add identity_center_options attribute (#​44626)
• provider: Support us-isob-west-1 as a valid AWS Region (#​44944)
• resource/aws_cloudfront_distribution: Add logging_v1_enabled attribute (#​44838)
• resource/aws_connect_routing_profile: Add media_concurrencies.cross_channel_behavior argument (#​44934)
• resource/aws_ec2_client_vpn_route: Allow IPv6 address ranges for destination_cidr_block (#​44926)
• resource/aws_ec2_instance_connect_endpoint: Add ip_address_type argument (#​44616)
• resource/aws_eks_node_group: Add max_parallel_nodes_repaired_count, max_parallel_nodes_repaired_percentage, max_unhealthy_node_threshold_count, max_unhealthy_node_threshold_percentage, and node_repair_config_overrides to the node_repair_config schema (#​44894)
• resource/aws_elasticache_replication_group: Add node_group_configuration block to support availability zone specification and snapshot restoration for cluster mode enabled replication groups (#​44879)
• resource/aws_glue_job: Ensure that timeout is unconfigured for Ray jobs (#​35012)
• resource/aws_kinesis_stream: Add max_record_size_in_kib argument to support for Kinesis 10MiB payloads. This functionality requires the kinesis:UpdateMaxRecordSize IAM permission (#​44915)
• resource/aws_opensearch_domain: Add identity_center_options configuration block (#​44626)
• resource/aws_transfer_server: Add support for TransferSecurityPolicy-AS2Restricted-2025-07 security_policy_name value (#​44865)
• resource/aws_transfer_server: Support TransferSecurityPolicy-AS2Restricted-2025-07 as a valid value for security_policy_name (#​44652)

BUG FIXES:

• resource/aws_cloudfront_continuous_deployment_policy: Fix Source type "...cloudfront.stagingDistributionDNSNamesModel" does not implement attr.Value error. This fixes a regression introduced in v6.17.0 (#​44972)
• resource/aws_cloudfront_distribution: Change logging_config.bucket argument from Required to Optional (#​44838)
• resource/aws_cloudfront_distribution: Fix inability to configure logging_config.include_cookies argument while keeping V1 logging disabled (#​44838)
• resource/aws_cloudfront_vpc_origin: Fix Source type "...cloudfront.originSSLProtocolsModel" does not implement attr.Value and missing required field, CreateVpcOriginInput.VpcOriginEndpointConfig errors. This fixes a regression introduced in v6.17.0 (#​44861)
• resource/aws_glue_job: Allow Ray jobs to be updated (#​35012)
• resource/aws_glue_job: Allow a zero (0) value for timeout for Apache Spark streaming ETL jobs. This allows the job to be configured with no timeout (#​44920)
• resource/aws_lakeformation_lf_tags: Remove incorrect validation from catalog_id, database.catalog_id, table.catalog_id, and table_with_columns.catalog_id arguments (#​44890)
• resource/aws_launch_template: Allow an empty ("") value for block_device_mappings.ebs.kms_key_id. This fixes a regression introduced in v6.16.0 (#​44708)
• resource/aws_redshift_cluster: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_cluster_snapshot: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_event_subscription: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_hsm_client_certificate: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_hsm_configuration: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_integration: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_parameter_group: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_snapshot_copy_grant: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_snapshot_schedule: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_subnet_group: Prevents errors with empty tag values. (#​44952)
• resource/aws_redshift_usage_limit: Prevents errors with empty tag values. (#​44952)

v6.19.0

Compare Source

FEATURES:

• New Data Source: aws_ecrpublic_images (#​44795)
• New Resource: aws_lakeformation_identity_center_configuration (#​44867)

ENHANCEMENTS:

• action/aws_lambda_invoke: Output logs in a progress message when log_type is Tail (#​44843)
• data-source/aws_imagebuilder_image_recipe: Add ami_tags attribute (#​44731)
• data-source/aws_lb_listener_rule: Add regex_values attribute to condition.host_header, condition.http_header and condition.path_pattern blocks (#​44741)
• data-source/aws_lb_listener_rule: Add transform attribute (#​44702)
• resource/aws_bedrockagentcore_gateway: Add validator to ensure correct authorizer_configuration and authorizer_type config (#​44826)
• resource/aws_emrserverless_application: Add monitoring_configuration argument (#​43317)
• resource/aws_emrserverless_application: Add runtime_configuration argument (#​43302)
• resource/aws_identitystore_group: Adds arn attribute. (#​44867)
• resource/aws_imagebuilder_image_recipe: Add ami_tags argument (#​44731)
• resource/aws_lb_listener_rule: Add regex_values argument to condition.host_header, condition.http_header and condition.path_pattern blocks (#​44741)
• resource/aws_lb_listener_rule: Add transform configuration block (#​44702)
• resource/aws_lb_listener_rule: The values argument in condition.host_header, condition.http_header and condition.path_pattern is now optional (#​44741)
• resource/aws_quicksight_data_set: Increase upper limit of physical_table_map.relational_table.name from 64 to 256 characters (#​44807)
• resource/aws_sagemaker_notebook_instance: Add notebook-al2023-v1 to valid platform_identifier values (#​44570)
• resource/aws_sqs_queue: Remove account_id and region from Resource Identity schema (#​44846)
• resource/aws_sqs_queue_policy: Remove account_id and region from Resource Identity schema (#​44846)
• resource/aws_sqs_queue_redrive_allow_policy: Remove account_id and region from Resource Identity schema (#​44846)
• resource/aws_sqs_queue_redrive_policy: Remove account_id and region from Resource Identity schema (#​44846)

BUG FIXES:

• data-source/aws_lakeformation_permissions: Allows IAM Identity Center Groups as principal. (#​44867)
• provider: Fix crash when setting override region during provider initialization (#​44860)
• resource/aws_bedrockagentcore_gateway: Change authorizer_configuration block from Required to Optional (#​44812)
• resource/aws_bedrockagentcore_gateway: Mark authorizer_type argument as ForceNew (#​44812)
• resource/aws_lakeformation_permissions: Allows IAM Identity Center Groups as principal. (#​44867)

v6.18.0

Compare Source

NOTES:

• data-source/aws_organizations_organization: The accounts.status and non_master_accounts.status attributes are deprecated. Use the accounts.state and non_master_accounts.state attributes instead. (#​44327)
• data-source/aws_organizations_organizational_unit_child_accounts: The accounts.status attribute is deprecated. Use accounts.state instead. (#​44327)
• data-source/aws_organizations_organizational_unit_descendant_accounts: The accounts.status attribute is deprecated. Use accounts.state instead. (#​44327)
• resource/aws_organizations_account: The status attribute is deprecated. Use state instead. (#​44327)
• resource/aws_organizations_organization: The accounts.status and non_master_accounts.status attributes are deprecated. Use the accounts.state and non_master_accounts.state attributes instead. (#​44327)

FEATURES:

• New Resource: aws_bedrockagentcore_memory (#​44306)
• New Resource: aws_bedrockagentcore_memory_strategy (#​44306)
• New Resource: aws_bedrockagentcore_oauth2_credential_provider (#​44307)
• New Resource: aws_bedrockagentcore_token_vault_cmk (#​44606)
• New Resource: aws_bedrockagentcore_workload_identity (#​44308)

ENHANCEMENTS:

• data-source/aws_iam_policy: Adds validation for path_prefix attribute (#​44703)
• data-source/aws_organizations_organization: Add state, joined_method, and joined_timestamp attributes to the accounts and non_master_accounts blocks (#​44327)
• data-source/aws_organizations_organizational_unit_child_accounts: Add state, joined_method, and joined_timestamp attributes to the accounts block (#​44327)
• data-source/aws_organizations_organizational_unit_descendant_accounts: Add state, joined_method, and joined_timestamp attributes to the accounts block (#​44327)
• resource/aws_appstream_directory_config: Add certificate_based_auth_properties argument (#​44679)
• resource/aws_iam_policy: Adds List support (#​44703)
• resource/aws_iam_policy: Adds validation for path attribute (#​44703)
• resource/aws_iam_role_policy_attachment: Adds List support (#​44739)
• resource/aws_odb_network: Add delete_associated_resources attribute to enable practitioner to delete associated oci resource. (#​44754)
• resource/aws_organizations_account: Add state attribute (#​44327)
• resource/aws_organizations_organization: Add state, joined_method, and joined_timestamp attributes to the accounts and non_master_accounts blocks (#​44327)

BUG FIXES:

• data-source/aws_vpn_connection: Properly set tags attribute (#​44761)
• resource/aws_rds_cluster: Fix "When modifying Provisioned IOPS storage, specify a value for both allocated storage and iops" error when updating RDS clusters with Provisioned IOPS storage (#​44706)
• resource/guardduty_detector_feature: Fix additional_configuration block to ignore ordering (#​44627)

v6.17.0

Compare Source

NOTES:

• resource/aws_quicksight_account_subscription: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#​44638)

FEATURES:

• New Data Source: aws_rds_global_cluster (#​37286)
• New Data Source: aws_vpn_connection (#​44622)
• New Resource: aws_bedrockagentcore_agent_runtime (#​44301)
• New Resource: aws_bedrockagentcore_agent_runtime_endpoint (#​44301)
• New Resource: aws_bedrockagentcore_api_key_credential_provider (#​44302)
• New Resource: aws_bedrockagentcore_browser (#​44303)
• New Resource: aws_bedrockagentcore_code_interpreter (#​44304)
• New Resource: aws_bedrockagentcore_gateway (#​44305)
• New Resource: aws_bedrockagentcore_gateway_target (#​44305)

ENHANCEMENTS:

• resource/aws_imagebuilder_container_recipe: Update EBS throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#​44604)
• resource/aws_imagebuilder_image_recipe: Update EBS throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#​44604)
• resource/aws_launch_template: Update EBS throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#​44604)
• resource/aws_quicksight_account_subscription: Add admin_pro_group, author_pro_group, and reader_pro_group arguments (#​44638)
• resource/aws_subnet: Adds List support (#​44671)
• resource/aws_vpc: Adds List support (#​44609)

BUG FIXES:

• resource/aws_ec2_transit_gateway_route_table_propagation.test: Fix bug causing inconsistent final plan errors (#​44542)
• resource/aws_lambda_function: Reset non-API attributes (source_code_hash, s3_bucket, s3_key, s3_object_version and filename) to their previous values when an update operation fails (#​42829)

v6.16.0

Compare Source

FEATURES:

• New Action: aws_transcribe_start_transcription_job (#​44445)
• New Data Source: aws_odb_cloud_autonomous_vm_clusters (#​44336)
• New Data Source: aws_odb_cloud_exadata_infrastructures (#​44336)
• New Data Source: aws_odb_cloud_vm_clusters (#​44336)
• New Data Source: aws_odb_network_peering_connections (#​44336)
• New Data Source: aws_odb_networks (#​44336)
• New Resource: aws_prometheus_resource_policy (#​44256)
• New Resource: aws_transfer_host_key (#​44559)
• New Resource: aws_transfer_web_app (#​42708)
• New Resource: aws_transfer_web_app_customization (#​42708)

ENHANCEMENTS:

• resource/aws_codebuild_project: Add auto_retry_limit argument (#​40035)
• resource/aws_emrserverless_application: Add scheduler_configuration block (#​44589)
• resource/aws_lambda_event_source_mapping: Add schema_registry_config configuration blocks to amazon_managed_kafka_event_source_config and self_managed_kafka_event_source_config blocks (#​44540)
• resource/aws_ssmcontacts_contact: Add resource identity support (#​44548)
• resource/aws_vpclattice_resource_gateway: Add ipv4_addresses_per_eni argument (#​44560)

BUG FIXES:

• provider: Correctly validate AWS European Sovereign Cloud Regions in ARNs (#​44573)
• provider: Fix Missing Resource Identity After Update errors for non-refreshed and failed updates of Plugin Framework based resources (#​44518)
• provider: Fix Unexpected Identity Change errors when fully-null identity values in state are updated to valid values for Plugin Framework based resources (#​44518)
• resource/aws_datazone_environment: Correctly updates glossary_terms. (#​44491)
• resource/aws_datazone_environment: Prevents unknown value error when optional account_identifier is not specified. (#​44491)
• resource/aws_datazone_environment: Prevents unknown value error when optional account_region is not specified. (#​44491)
• resource/aws_datazone_environment: Prevents error when updating. (#​44491)
• resource/aws_datazone_environment: Prevents occasional unexpected state error when deleting. (#​44491)
• resource/aws_datazone_environment: Properly passes blueprint_identifier on creation. (#​44491)
• resource/aws_datazone_environment: Sets values for user_parameters when importing. (#​44491)
• resource/aws_datazone_environment: Values in user_parameters should not be updateable. (#​44491)
• resource/aws_datazone_project: No longer ignores errors when deleting. (#​44491)
• resource/aws_datazone_project: No longer returns error when already deleting. (#​44491)
• resource/aws_dynamodb_table: Do not retry on LimitExceededException (#​44576)
• resource/aws_ivschat_room: Set maximum_message_rate_per_second validation maximum to 100 (#​44572)
• resource/aws_launch_template: kms_key_id validation now accepts key ID, alias, and alias ARN in addition to key ARN (#​44505)
• resource/aws_servicecatalog_portfolio_share: Add global mutex lock around create and delete operations to prevent ThrottlingException errors (#​24730)

v6.15.0

Compare Source

BREAKING CHANGES:

• resource/aws_ecs_service: Fix behavior when updating capacity_provider_strategy to avoid ECS service recreation after recent AWS changes (#​43533)

FEATURES:

• New Action: aws_codebuild_start_build (#​44444)
• New Action: aws_events_put_events (#​44487)
• New Action: aws_sfn_start_execution (#​44464)
• New Data Source: aws_appconfig_application (#​44168)
• New Data Source: aws_odb_db_node (#​43792)
• New Data Source: aws_odb_db_nodes (#​43792)
• New Data Source: aws_odb_db_server (#​43792)
• New Data Source: aws_odb_db_servers (#​43792)
• New Data Source: aws_odb_db_system_shapes (#​43825)
• New Data Source: aws_odb_gi_versions (#​43825)
• New Resource: aws_lakeformation_lf_tag_expression (#​43883)

ENHANCEMENTS:

• data-source/aws_dms_endpoint: Add mysql_settings attribute (#​44516)
• data-source/aws_ec2_instance_type_offering: Add location attribute (#​44328)
• data-source/aws_rds_proxy: Add default_auth_scheme attribute (#​44309)
• resource/aws_cleanrooms_configured_table: Add resource identity support (#​44435)
• resource/aws_cloudfront_distribution: Add ip_address_type argument to origin.custom_origin_config block (#​44463)
• resource/aws_connect_instance: Add resource identity support (#​44346)
• resource/aws_connect_phone_number: Add resource identity support (#​44365)
• resource/aws_dms_endpoint: Add mysql_settings configuration block (#​44516)
• resource/aws_dsql_cluster: Adds attribute force_destroy. (#​44406)
• resource/aws_ebs_volume: Update throughput maximum validation from 1000 to 2000 MiB/s for gp3 volumes (#​44514)
• resource/aws_ecs_capacity_provider: Add cluster and managed_instances_provider arguments (#​44509)
• resource/aws_ecs_capacity_provider: Make auto_scaling_group_provider optional (#​44509)
• resource/aws_iam_service_specific_credential: Add support for Bedrock API keys with credential_age_days, service_credential_alias, service_credential_secret, create_date, and expiration_date attributes (#​44299)
• resource/aws_networkfirewall_logging_configuration: Add enable_monitoring_dashboard argument (#​44515)
• resource/aws_opensearch_domain: Add aiml_options argument (#​44417)
• resource/aws_pinpointsmsvoicev2_phone_number: Update two_way_channel_arn argument to accept connect.[region].amazonaws.com in addition to ARNs (#​44372)
• resource/aws_rds_proxy: Add default_auth_scheme argument (#​44309)
• resource/aws_rds_proxy: Make auth configuration block optional (#​44309)
• resource/aws_route53recoverycontrolconfig_cluster: Add network_type argument (#​44377)
• resource/aws_route53recoverycontrolconfig_cluster: Add tagging support (#​44473)
• resource/aws_route53recoverycontrolconfig_control_panel: Add tagging support (#​44473)
• resource/aws_route53recoverycontrolconfig_safety_rule: Add tagging support (#​44473)
• resource/aws_s3control_bucket: Add resource identity support (#​44379)
• resource/aws_sfn_activity: Add arn argument (#​44408)
• resource/aws_sfn_activity: Add resource identity support (#​44408)
• resource/aws_sfn_alias: Add resource identity support (#​44408)
• resource/aws_ssmcontacts_contact_channel: Add resource identity support (#​44369)

BUG FIXES:

• data-source/aws_lb: Fix Invalid address to set: []string{"secondary_ips_auto_assigned_per_subnet"} errors (#​44485)
• data-source/aws_networkfirewall_firewall_policy: Fix failure to retrieve multiple firewall_policy.stateful_rule_group_reference attributes (#​44482)
• data-source/aws_servicequotas_service_quota: Fixed a panic that occurred when a non-existing quota_name was provided (#​44449)
• resource/aws_bedrock_provisioned_model_throughput: Fix AttributeName("arn") still remains in the path: could not find attribute or block "arn" in schema errors when upgrading from a pre-v6.0.0 provider version (#​44434)
• resource/aws_chatbot_slack_channel_configuration: Force resource replacement when configuration_name is modified (#​43996)
• resource/aws_cloudwatch_event_ru