chore(deps): update terraform aws to v6

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	major	~> 5.94.0 → ~> 6.33.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.33.0

Compare Source

FEATURES:

• New Resource: aws_networkmanager_attachment_routing_policy_label (#​46489)

ENHANCEMENTS:

• data-source/aws_launch_template: Add cpu_options.nested_virtualization and network_performance_options attributes (#​46540)
• data/aws_acmpca_certificate_authority: Add custom_path argument to revocation_configuration.crl_configuration configuration block (#​46487)
• resource/aws_acmpca_certificate_authority: Add custom_path argument to revocation_configuration.crl_configuration configuration block (#​46487)
• resource/aws_budgets_budget: Add filter_expression attribute (#​46501)
• resource/aws_dms_endpoint: Add access_alternate_directly, add_supplemental_logging, additional_archived_log_dest_id, allow_selected_nested_tables, archived_log_dest_id, archived_logs_only, asm_password, asm_server, asm_user, authentication_method, char_length_semantics, convert_timestamp_with_zone_to_utc, direct_path_no_log, direct_path_parallel_load, enable_homogenous_tablespace, extra_archived_log_dest_ids, fail_task_on_lob_truncation, number_datatype_scale, open_transaction_window, oracle_path_prefix, parallel_asm_read_threads, read_ahead_blocks, read_table_space_name, replace_path_prefix, retry_interval, secrets_manager_oracle_asm_access_role_arn, secrets_manager_oracle_asm_secret_id, security_db_encryption, security_db_encryption_name, spatial_data_option_to_geo_json_function_name, standby_delay_time, trim_space_in_char, use_alternate_folder_for_online, use_bfile, use_direct_path_full_load, use_logminer_reader, and use_path_prefixarguments to theoracle_settings` configuration block (#​46516)
• resource/aws_dms_endpoint: Add use_update_lookup argument to mongodb_settings configuration block (#​46253)
• resource/aws_ecs_task_definition: Add resource identity support (#​46411)
• resource/aws_instance: Add nested_virtualization attribute to cpu_options configuration block (#​46533)
• resource/aws_launch_template: Add nested_virtualization attribute to cpu_options configuration block (#​46533)
• resource/aws_launch_template: Add secondary_interfaces configuration block (#​46540)
• resource/aws_lexv2models_intent: Add qna_intent_configuration attribute (#​46419)
• resource/aws_sagemaker_domain: Add domain_settings.trusted_identity_propagation_settings argument (#​44965)

BUG FIXES:

• data-source/aws_route53_records: Fix runtime error: invalid memory address or nil pointer dereference panics when name_regex is an invalid regular expression (#​46478)
• resource/aws_cur_report_definition: Support ap-southeast-5 and eusc-de-east-1 as valid values for s3_region (#​46475)
• resource/aws_docdb_cluster: Allow adding and modifying serverless_v2_scaling_configuration without forcing cluster replacement (#​45049)
• resource/aws_lb: Fix ValidationError ... Member must have length less than or equal to 20 errors when more than 20 load balancer attributes are being modified (#​46496)
• resource/aws_sagemaker_image_version: Fix race condition when creating multiple versions concurrently (#​44960)
• resource/aws_subnet: Allows providing a cidr_block when allocating a subnet from an IPAM resource pool. (#​46453)
• resource/aws_subnet: Fix expected ipv6_netmask_length to be one of [44 48 52 56 60], got 64 validation error (#​46515)

v6.32.1

Compare Source

BUG FIXES:

• resource/aws_autoscaling_group: Fix couldn't find resource error during creation when waiting for capacity to be satisfied (#​46452)
• resource/aws_cloudwatch_log_delivery: Fix s3_delivery_configuration.suffix_path losing AWS-added prefix on update (#​46455)
• resource/aws_dynamodb_table: Fix perpetual diff when using key_schema with a single range key on a global secondary index (#​46442)
• resource/aws_elasticache_replication_group: Fix false validation error when auth_token references another resource (#​46454)

v6.32.0

Compare Source

FEATURES:

• New List Resource: aws_ecr_repository (#​46344)
• New List Resource: aws_lambda_permission (#​46341)
• New List Resource: aws_route (#​46370)
• New List Resource: aws_route53_resolver_rule_association (#​46349)
• New List Resource: aws_route_table (#​46337)
• New List Resource: aws_s3_directory_bucket (#​46373)
• New List Resource: aws_secretsmanager_secret (#​46318)
• New List Resource: aws_secretsmanager_secret_version (#​46342)
• New List Resource: aws_vpc_security_group_egress_rule (#​46368)
• New List Resource: aws_vpc_security_group_ingress_rule (#​46367)
• New Resource: aws_ec2_secondary_network (#​46408)
• New Resource: aws_ec2_secondary_subnet (#​46408)

ENHANCEMENTS:

• resource/aws_instance: Add secondary_network_interface argument (#​46408)
• resource/aws_quicksight_data_set: Support use_as property to create special RLS rules dataset (#​42687)

BUG FIXES:

• data-source/aws_odb_network_peering_connections: Fix plan phase failure of listing. (#​46384)
• list-resource/aws_s3_bucket_policy: Now supports listing Bucket Policies for S3 Directory Buckets (#​46401)
• resource/aws_athena_workgroup: Allows unsetting configuration.result_configuration or child attributes. (#​46427)
• resource/aws_cloudfront_multitenant_distribution: Fix the "inconsistent result" error when custom_error_response is configured and custom_error_response.response_code and custom_error_response.response_page_path are omitted (#​46375)
• resource/aws_grafana_workspace: Fix perpetual diff when network_access_control is configured with empty prefix_list_ids and vpce_ids (#​45637)

v6.31.0

Compare Source

NOTES:

• resource/aws_s3_bucket_abac: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_abac: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_accelerate_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_accelerate_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_acl: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_acl: Removes expected_bucket_owner and acl attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_cors_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_cors_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_lifecycle_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_lifecycle_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_logging: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_logging: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_metadata_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_metadata_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_object_lock_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_object_lock_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_request_payment_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_request_payment_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_server_side_encryption_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_server_side_encryption_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_versioning: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_versioning: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_website_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_website_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)

FEATURES:

• New Data Source: aws_account_regions (#​41746)
• New Ephemeral Resource: aws_ecrpublic_authorization_token (#​45841)
• New List Resource: aws_cloudwatch_event_rule (#​46304)
• New List Resource: aws_cloudwatch_event_target (#​46297)
• New List Resource: aws_cloudwatch_metric_alarm (#​46268)
• New List Resource: aws_iam_role_policy (#​46293)
• New List Resource: aws_lambda_function (#​46295)
• New List Resource: aws_s3_bucket_acl (#​46305)
• New List Resource: aws_s3_bucket_policy (#​46312)
• New List Resource: aws_s3_bucket_public_access_block (#​46309)
• New Resource: aws_ssoadmin_customer_managed_policy_attachments_exclusive (#​46191)

ENHANCEMENTS:

• resource/aws_odb_cloud_autonomous_vm_cluster: autonomous vm cluster creation using odb network ARN and exadata infrastructure ARN for resource sharing model. (#​45583)
• resource/aws_opensearch_domain: Add serverless_vector_acceleration to aiml_options (#​45882)

BUG FIXES:

• list-resource/aws_s3_bucket: Restricts listed buckets to expected region. (#​46305)
• resource/aws_elasticache_replication_group: Fixed AUTH to RBAC migration. Previously, auth_token_update_strategy always required auth_token, which caused an error when migrating from AUTH to RBAC. Now, auth_token_update_strategy still requires auth_token except when auth_token_update_strategy is DELETE. (#​45518)
• resource/aws_elasticache_replication_group: Fixed an issue with downscaling aws_elasticache_replication_group when cluster_mode="enabled" and num_node_groups is reduced. Previously, downscaling could fail in certain scenarios; for example, if nodes 0001, 0002, 0003, 0004, and 0005 exist, and a user manually removes 0003 and 0005, then sets num_node_groups = 2, terraform would attempt to delete 0003, 0004, and 0005. This is now fixed, after this fix terraform will retrieve the current node groups before resizing. (#​45893)
• resource/aws_elasticache_serverless_cache: Fix user_group_id removal during modification. (#​45571)
• resource/aws_elasticache_serverless_cache: Fix forced replacement when upgrading Valkey major version or switching engine between redis and valkey (#​45087)
• resource/aws_network_interface: Fix UnauthorizedOperation error when detaching resource that does not have an attachment (#​46211)

v6.30.0

Compare Source

FEATURES:

• New Resource: aws_ssoadmin_managed_policy_attachments_exclusive (#​46176)

BUG FIXES:

• resource/aws_dynamodb_table: Fix panic when global_secondary_index or global_secondary_index.key_schema are dynamic (#​46195)

v6.29.0

Compare Source

NOTES:

• data-source/aws_organizations_organization: Add return_organization_only argument to return only the results of the DescribeOrganization API and avoid API limits (#​40884)
• resource/aws_cloudfront_anycast_ip_list: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#​43331)
• resource/aws_invoicing_invoice_unit: Deprecates region attribute, as the resource is global. (#​46185)
• resource/aws_organizations_organization: Add return_organization_only argument to return only the results of the DescribeOrganization API and avoid API limits (#​40884)
• resource/aws_savingsplans_savings_plan: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​45834)

FEATURES:

• New Data Source: aws_arcregionswitch_plan (#​43781)
• New Data Source: aws_arcregionswitch_route53_health_checks (#​43781)
• New Data Source: aws_organizations_entity_path (#​45890)
• New Data Source: aws_resourcegroupstaggingapi_required_tags (#​45994)
• New Data Source: aws_s3_bucket_object_lock_configuration (#​45990)
• New Data Source: aws_s3_bucket_replication_configuration (#​42662)
• New Data Source: aws_s3control_access_points (#​45949)
• New Data Source: aws_s3control_multi_region_access_points (#​45974)
• New Data Source: aws_savingsplans_savings_plan (#​45834)
• New Data Source: aws_wafv2_managed_rule_group (#​45899)
• New List Resource: aws_appflow_connector_profile (#​45983)
• New List Resource: aws_appflow_flow (#​45980)
• New List Resource: aws_cleanrooms_collaboration (#​45953)
• New List Resource: aws_cleanrooms_configured_table (#​45956)
• New List Resource: aws_cloudfront_key_value_store (#​45957)
• New List Resource: aws_opensearchserverless_collection (#​46001)
• New List Resource: aws_route53_record (#​46059)
• New List Resource: aws_s3_bucket (#​46004)
• New List Resource: aws_s3_object (#​46002)
• New List Resource: aws_security_group (#​46062)
• New Resource: aws_apigatewayv2_routing_rule (#​42961)
• New Resource: aws_arcregionswitch_plan (#​43781)
• New Resource: aws_cloudfront_anycast_ip_list (#​43331)
• New Resource: aws_notifications_managed_notification_account_contact_association (#​45185)
• New Resource: aws_notifications_managed_notification_additional_channel_association (#​45186)
• New Resource: aws_notifications_organizational_unit_association (#​45197)
• New Resource: aws_notifications_organizations_access (#​45273)
• New Resource: aws_opensearch_application (#​43822)
• New Resource: aws_ram_permission (#​44114)
• New Resource: aws_ram_resource_associations_exclusive (#​45883)
• New Resource: aws_sagemaker_labeling_job (#​46041)
• New Resource: aws_sagemaker_model_card (#​45993)
• New Resource: aws_sagemaker_model_card_export_job (#​46009)
• New Resource: aws_savingsplans_savings_plan (#​45834)
• New Resource: aws_sesv2_tenant_resource_association (#​45904)
• New Resource: aws_vpc_security_group_rules_exclusive (#​45876)

ENHANCEMENTS:

• aws_api_gateway_domain_name: Add routing_mode argument to support dynamic routing via routing rules (#​42961)
• aws_apigatewayv2_domain_name: Add routing_mode argument to support dynamic routing via routing rules (#​42961)
• data-source/aws_batch_job_definition: Add allow_privilege_escalation attribute to eks_properties.pod_properties.containers.security_context (#​45896)
• data-source/aws_dynamodb_table: Add global_secondary_index.key_schema attribute (#​46157)
• data-source/aws_networkmanager_core_network_policy_document: Add segment_actions.routing_policy_names argument (#​45928)
• data-source/aws_s3_object: Add body_base64 and download_body attributes. For improved performance, set download_body = false to ensure bodies are never downloaded (#​46163)
• data-source/aws_vpc_ipam_pool: Add source_resource attribute (#​44705)
• resource/aws_batch_job_definition: Add allow_privilege_escalation attribute to eks_properties.pod_properties.containers.security_context (#​45896)
• resource/aws_bedrockagent_data_source: Add vector_ingestion_configuration.parsing_configuration.bedrock_data_automation_configuration block (#​45966)
• resource/aws_bedrockagent_data_source: Add vector_ingestion_configuration.parsing_configuration.bedrock_foundation_model_configuration.parsing_modality argument (#​46056)
• resource/aws_docdb_cluster_instance: Add certificate_rotation_restart argument (#​45984)
• resource/aws_dynamodb_table: Add support for multi-attribute keys in global secondary indexes. Introduces hash_keys and range_keys to the gsi block and makes hash_key optional for backwards compatibility. (#​45357)
• resource/aws_dynamodb_table: Adds warning when stream_view_type is set and stream_enabled is either false or unset. (#​45934)
• resource/aws_ecr_account_setting: Add support for BLOB_MOUNTING account setting name with ENABLED and DISABLED values (#​46092)
• resource/aws_fsx_windows_file_system: Add domain_join_service_account_secret argument to self_managed_active_directory configuration block (#​45852)
• resource/aws_fsx_windows_file_system: Change self_managed_active_directory.password to Optional and self_managed_active_directory.username to Optional and Computed (#​45852)
• resource/aws_invoicing_invoice_unit: Adds resource identity support. (#​46185)
• resource/aws_invoicing_invoice_unit: Adds validation to restrict rules to a single element. (#​46185)
• resource/aws_lambda_function: Increase upper limit of memory_size from 10240 MB to 32768 MB (#​46065)
• resource/aws_launch_template: Add network_performance_options argument (#​46071)
• resource/aws_odb_network: Enhancements to support KMS and STS parameters in CreateOdbNetwork and UpdateOdbNetwork. (#​45636)
• resource/aws_opensearchserverless_collection: Add resource identity support (#​45981)
• resource/aws_osis_pipeline: Updates pipeline_configuration_body maximum length validation to 2,621,440 bytes to align with AWS API specification. (#​44881)
• resource/aws_sagemaker_endpoint: Retry IAM eventual consistency errors on Create (#​45951)
• resource/aws_sagemaker_monitoring_schedule: Add monitoring_schedule_config.monitoring_job_definition argument (#​45951)
• resource/aws_sagemaker_monitoring_schedule: Make monitoring_schedule_config.monitoring_job_definition_name argument optional (#​45951)
• resource/aws_vpc_ipam_pool: Add source_resource argument in support of provisioning of VPC Resource Planning Pools (#​44705)
• resource/aws_vpc_ipam_resource_discovery: Add organizational_unit_exclusion argument (#​45890)
• resource/aws_vpc_subnet: Add ipv4_ipam_pool_id, ipv4_netmask_length, ipv6_ipam_pool_id, and ipv6_netmask_length arguments in support of provisioning of subnets using IPAM (#​44705)
• resource/aws_vpc_subnet: Change ipv6_cidr_block to Optional and Computed (#​44705)

BUG FIXES:

• data-source/aws_ecr_lifecycle_policy_document: Add rule.action.target_storage_class and rule.selection.storage_class to JSON serialization (#​45909)
• data-source/aws_lakeformation_permissions: Remove incorrect validation from catalog_id, data_location.catalog_id, database.catalog_id, lf_tag_policy.catalog_id, table.catalog_id, and table_with_columns.catalog_id arguments (#​43931)
• data-source/aws_networkmanager_core_network_policy_document: Fix panic when attachment_routing_policy_rules.action.associate_routing_policies is empty (#​46160)
• provider: Fix crash when using custom S3 endpoints with non-standard region strings (e.g., S3-compatible storage like Ceph or MinIO) (#​46000)
• provider: When importing resources with region defined, in AWS European Sovereign Cloud, prevent failing due to region validation requiring region names to start with "[a-z]{2}-" (#​45895)
• resource/aws_athena_workgroup: Fix error when removing configuration.result_configuration.encryption_configuration argument (#​46159)
• resource/aws_bcmdataexports_export: Fix Provider produced inconsistent result after apply error when querying CARBON_EMISSIONS table without table_configurations (#​45972)
• resource/aws_bedrock_inference_profile: Fixed forced replacement following import when model_source is set (#​45713)
• resource/aws_billing_view: Fix handling of data_filter_expression (#​45293)
• resource/aws_cloudformation_stack_set: Fix perpetual diff when using auto_deployment with permission_model set to SERVICE_MANAGED (#​45992)
• resource/aws_cloudfront_distribution: Fix runtime error: invalid memory address or nil pointer dereference panic when mistakenly importing a multi-tenant distribution (#​45873)
• resource/aws_cloudfront_distribution: Prevent mistakenly importing a multi-tenant distribution (#​45873)
• resource/aws_cloudfront_multitenant_distribution: Fix "specified origin server does not exist or is not valid" errors when attempting to use Origin Access Control (OAC) (#​45977)
• resource/aws_cloudfront_multitenant_distribution: Fix origin_group to use correct id attribute name and fix field mapping to resolve missing required field errors (#​45921)
• resource/aws_cloudwatch_event_rule: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#​45895)
• resource/aws_config_configuration_recorder: Fix InvalidRecordingGroupException: The recording group provided is not valid errors when the recording_group.exclusion_by_resource_type or recording_group.recording_strategy argument is removed during update (#​46110)
• resource/aws_datazone_environment_profile: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#​45895)
• resource/aws_dynamodb_table: Fix perpetual diff for warm_throughput in global_secondary_index when not set in configuration. (#​46094)
• resource/aws_dynamodb_table: Fixes error when name is known after apply (#​45917)
• resource/aws_eks_cluster: Fix kubernetes_network_config argument name in EKS Auto Mode validation error message (#​45997)
• resource/aws_emrserverless_application: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#​45895)
• resource/aws_lakeformation_permissions: Remove incorrect validation from catalog_id, data_location.catalog_id, database.catalog_id, lf_tag_policy.catalog_id, table.catalog_id, and table_with_columns.catalog_id arguments (#​43931)
• resource/aws_lambda_event_source_mapping: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#​45895)
• resource/aws_lambda_invocation: Fix panic when deleting or replacing resource with empty input in CRUD lifecycle scope (#​45967)
• resource/aws_lambda_permission: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#​45895)
• resource/aws_lb_target_group: Fix update error when switching health_check.protocol from HTTP to TCP when protocol is TCP (#​46036)
• resource/aws_multitenant_cloudfront_distribution: Prevent mistakenly importing a standard distribution (#​45873)
• resource/aws_networkfirewall_firewall_policy: Support partner-managed rule groups via firewall_policy.stateful_rule_group_reference.resource_arn (#​46124)
• resource/aws_odb_network: Fix delete_associated_resources being set when value is unknown (#​45636)
• resource/aws_pipes_pipe: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#​45895)
• resource/aws_placement_group: Correct validation of partition_count (#​45042)
• resource/aws_rds_cluster: Properly set iam_database_authentication_enabled when restored from snapshot (#​39461)
• resource/aws_redshift_cluster: Changing port now works. (#​45870)
• resource/aws_redshiftserverless_workgroup: Fix ValidationException: Base capacity cannot be updated when PerformanceTarget is Enabled error when updating price_performance_target and base_capacity (#​46137)
• resource/aws_route53_health_check: Mark regions argument as Computed to fix an unexpected regions diff when it is not specified (#​45829)
• resource/aws_route53_zone: Fix InvalidChangeBatch errors during ForceNew operations when zone name changes (#​45242)
• resource/aws_route53_zone: Fixes error where Delete would fail if the remote resource had already been deleted. (#​45985)
• resource/aws_route53profiles_resource_association: Fix Invalid JSON String Value error on initial apply and ConflictException on subsequent apply when associating Route53 Resolver Query Log Configs (#​45958)
• resource/aws_route53recoverycontrolconfig_control_panel: Fix crash when create returns an error (#​45954)
• resource/aws_s3_bucket: Fix bucket creation with tags in non-commercial AWS regions by handling UnsupportedArgument errors during tag-on-create operations (#​46122)
• resource/aws_s3_bucket: Fix tag read and update operations in non-commercial AWS regions by handling MethodNotAllowed errors when S3 Control APIs are unavailable (#​46122)
• resource/aws_servicecatalog_portfolio_share: Support organization and OU IDs in addition to ARNs for GovCloud compatibility (#​39863)
• resource/aws_subnet: Mark ipv6_cidr_block as ForceNew when the existing IPv6 subnet was created with assign_ipv6_address_on_create = true (#​46043)
• resource/aws_vpc_endpoint: Fix persistent diffs caused by case differences in ip_address_type (#​45947)

v6.28.0

Compare Source

NOTES:

• resource/aws_dynamodb_global_secondary_index: This resource type is experimental. The schema or behavior may change without notice, and it is not subject to the backwards compatibility guarantee of the provider. (#​44999)

FEATURES:

• New Data Source: aws_cloudfront_connection_group (#​44885)
• New Data Source: aws_cloudfront_distribution_tenant (#​45088)
• New List Resource: aws_kms_alias (#​45700)
• New List Resource: aws_sqs_queue (#​45691)
• New Resource: aws_cloudfront_connection_function (#​45664)
• New Resource: aws_cloudfront_connection_group (#​44885)
• New Resource: aws_cloudfront_distribution_tenant (#​45088)
• New Resource: aws_cloudfront_multitenant_distribution (#​45535)
• New Resource: aws_dynamodb_global_secondary_index (#​44999)
• New Resource: aws_ecr_pull_time_update_exclusion (#​45765)
• New Resource: aws_organizations_tag (#​45730)
• New Resource: aws_redshift_idc_application (#​37345)
• New Resource: aws_secretsmanager_tag (#​45825)
• New Resource: aws_sesv2_tenant (#​45706)

ENHANCEMENTS:

• data-source/aws_apigateway_domain_name : Add endpoint_access_mode attribute (#​45741)
• data-source/aws_db_proxy: Add endpoint_network_type and target_connection_network_type attributes (#​45634)
• data-source/aws_dx_gateway: Add tags attribute (#​45766)
• data-source/aws_ecr_lifecycle_policy_document: Add rule.action.target_storage_class and rule.selection.storage_class arguments, and new valid values for rule.action.type and rule.selection.count_type arguments (#​45752)
• data-source/aws_iam_saml_provider: Add saml_provider_uuid attribute (#​45707)
• data-source/aws_lambda_function: Add response_streaming_invoke_arn attribute (#​45652)
• data-source/aws_lambda_function: Support code_signing_config_arn in AWS GovCloud (US) Regions (#​45652)
• data-source/aws_route53_resolver_firewall_rules: Add dns_threat_protection, confidence_threshold, firewall_threat_protection_id, firewall_domain_redirection_action, and q_type attributes (#​45711)
• data-source/aws_route53_resolver_rule: Add target_ips attribute (#​45492)
• data-source/aws_vpc_endpoint: Add dns_options.private_dns_preference and dns_options.private_dns_specified_domains attributes (#​45679)
• data-source/aws_vpc_endpoint: Promote service_region and vpc_endpoint_type from attributes to arguments for filtering (#​45679)
• resource/aws_alb: Enforce tag policy compliance for the elasticloadbalancing:loadbalancer tag type (#​45671)
• resource/aws_alb_listener: Enforce tag policy compliance for the elasticloadbalancing:listener tag type (#​45671)
• resource/aws_alb_listener_rule: Enforce tag policy compliance for the elasticloadbalancing:listener-rule tag type (#​45671)
• resource/aws_alb_target_group: Enforce tag policy compliance for the elasticloadbalancing:targetgroup tag type (#​45671)
• resource/aws_apigateway_domain_name: Add endpoint_access_mode argument and configurable timeout for create and update (#​45741)
• resource/aws_athena_workgroup: Add customer_content_encryption_configuration argument (#​45744)
• resource/aws_athena_workgroup: Add enable_minimum_encryption_configuration argument (#​45744)
• resource/aws_athena_workgroup: Add monitoring_configuration argument (#​45744)
• resource/aws_cleanrooms_collaboration: Add resource identity support (#​45548)
• resource/aws_cloudfront_distribution: Add connection_function_association and viewer_mtls_config arguments (#​45847)
• resource/aws_cloudfront_distribution: Add owner_account_id argument to vpc_origin_config for cross-account VPC origin support (#​45011)
• resource/aws_cloudwatch_log_subscription_filter: Add apply_on_transformed_logs argument (#​45826)
• resource/aws_cloudwatch_log_subscription_filter: Add emit_system_fields argument (#​45760)
• resource/aws_db_proxy: Add endpoint_network_type and target_connection_network_type arguments (#​45634)
• resource/aws_docdb_cluster_instance: Enforce tag policy compliance for the rds:db tag type (#​45671)
• resource/aws_docdb_global_cluster: Enforce tag policy compliance for the rds:global-cluster tag type (#​45671)
• resource/aws_dx_gateway: Add tags argument and tags_all attribute. This functionality requires the directconnect:TagResource and directconnect:UntagResource IAM permissions (#​45766)
• resource/aws_ecr_repository_creation_template: Support CREATE_ON_PUSH as a valid value for applied_for (#​45720)
• resource/aws_ecs_capacity_provider: Add managed_instances_provider.instance_launch_template.capacity_option_type argument (#​45667)
• resource/aws_fsx_lustre_file_system: Enforce tag policy compliance for the fsx:file-system tag type (#​45671)
• resource/aws_fsx_ontap_file_system: Enforce tag policy compliance for the fsx:file-system tag type (#​45671)
• resource/aws_fsx_openzfs_file_system: Enforce tag policy compliance for the fsx:file-system tag type (#​45671)
• resource/aws_fsx_openzfs_snapshot: Enforce tag policy compliance for the fsx:snapshot tag type (#​45671)
• resource/aws_fsx_openzfs_volume: Enforce tag policy compliance for the fsx:volume tag type (#​45671)
• resource/aws_fsx_windows_file_system: Enforce tag policy compliance for the fsx:file-system tag type (#​45671)
• resource/aws_guardduty_filter: Add finding_criteria.criterion.matches and finding_criteria.criterion.not_matches arguments (#​45758)
• resource/aws_iam_policy: Add delay_after_policy_creation_in_ms argument. This functionality requires the iam:SetDefaultPolicyVersion IAM permission (#​42054)
• resource/aws_iam_saml_provider: Add saml_provider_uuid attribute (#​45707)
• resource/aws_iam_virtual_mfa_device: Add serial_number attribute (#​45751)
• resource/aws_imagebuilder_image: Add logging_configuration argument (#​45749)
• resource/aws_imagebuilder_image_pipeline: Add logging_configuration argument (#​45749)
• resource/aws_inspector_assessment_target: Add plan-time validation of resource_group_arn (#​45688)
• resource/aws_inspector_assessment_template: Add plan-time validation of rules_package_arns and target_arn (#​45688)
• resource/aws_lambda_event_source_mapping: Add provisioned_poller_config.poller_group_name argument (#​45313)
• resource/aws_lambda_event_source_mapping: Support Amazon MSK and self-managed Apache Kafka destinations (kafka://topic-name) for destination_config.on_failure.destination_arn argument (#​45802)
• resource/aws_lambda_function: Add response_streaming_invoke_arn attribute (#​45652)
• resource/aws_lambda_function: Support code_signing_config_arn in AWS GovCloud (US) Regions (#​45652)
• resource/aws_lambda_function_url: Automatically add the lambda:InvokeFunction permission, with the InvokedViaFunctionUrl flag set to true, to the function on creation when authorization_type is NONE (#​44858)
• resource/aws_lambda_permission: Add invoked_via_function_url argument (#​44858)
• resource/aws_lb_target_group_attachment: Add quic_server_id argument (#​45666)
• resource/aws_lb_targ

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🏷️ [bumpr] Next version:v1.13.11 Changes:v1.13.10...reviewdog:renovate/aws-6.x