chore(deps): update terraform aws to v3.76.1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	3.72.0 → 3.76.1

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v3.76.1

Compare Source

ENHANCEMENTS:

• resource/aws_s3_bucket: Mark server_side_encryption_configuration as Computed in support of S3 object encryption by default (#​28702)

v3.76.0

Compare Source

NOTES:

• provider: Add OpenBSD to list of OSes which the provider is built on (#​28300)
• resource/aws_fsx_ontap_storage_virtual_machine: The subtype attribute will always have the value "DEFAULT" (#​28082)

ENHANCEMENTS:

• resource/aws_lambda_function: Add support for nodejs18.x runtime value (#​28082)
• resource/aws_lambda_layer_version: Add support for nodejs18.x compatible_runtimes value (#​28082)
• resource/aws_security_group: Do not pass from_port or to_port values to the AWS API if a rule's protocol value is -1 or all (#​27685)

BUG FIXES:

• resource/aws_api_gateway_stage: Fixed issue with providing cache_cluster_size without cache_cluster_enabled resulted in waiter error (#​27541)
• resource/aws_db_instance: Ensure that apply_immediately default value is applied (#​28298)
• resource/aws_s3_bucket_server_side_encryption_configuration: Retry on ServerSideEncryptionConfigurationNotFoundError errors due to eventual consistency (#​26091)
• resource/aws_security_group: Return an error if a rule's protocol value is all and from_port or to_port are not 0 (#​27685)
• resource/aws_sqs_queue: Change sqs_managed_sse_enabled to Computed as newly created SQS queues use SSE-SQS encryption by default. This means that Terraform will only perform drift detection of the attribute's value when present in a configuration (#​27313)
• resource/aws_sqs_queue: Respect configured sqs_managed_sse_enabled value on resource Create. In particular a configured false value is sent to the AWS API, which overrides the new service default value of true (#​27338)

v3.75.2

Compare Source

ENHANCEMENTS:

• resource/aws_lambda_function: Add support for nodejs16.x runtime value (#​24874)
• resource/aws_lambda_layer_version: Add support for nodejs16.x compatible_runtimes value (#​24874)
• resource/aws_s3_bucket_website_configuration: Add routing_rules parameter to be used instead of routing_rule to support configurations with empty String values (#​24199)

v3.75.1

Compare Source

BUG FIXES:

• resource/aws_route_table_association: Retry resource Read for EC2 eventual consistency (#​23806)

v3.75.0

Compare Source

NOTES:

• resource/aws_s3_bucket: The acceleration_status argument has been deprecated. Use the aws_s3_bucket_accelerate_configuration resource instead. (#​23471)
• resource/aws_s3_bucket: The acl and grant arguments have been deprecated. Use the aws_s3_bucket_acl resource instead. (#​23419)
• resource/aws_s3_bucket: The cors_rule argument has been deprecated. Use the aws_s3_bucket_cors_configuration resource instead. (#​23434)
• resource/aws_s3_bucket: The lifecycle_rule argument has been deprecated. Use the aws_s3_bucket_lifecycle_configuration resource instead. (#​23445)
• resource/aws_s3_bucket: The logging argument has been deprecated. Use the aws_s3_bucket_logging resource instead. (#​23430)
• resource/aws_s3_bucket: The object_lock_configuration.object_lock_enabled argument has been deprecated. Use the top-level argument object_lock_enabled instead. (#​23449)
• resource/aws_s3_bucket: The object_lock_configuration.rule argument has been deprecated. Use the aws_s3_bucket_object_lock_configuration resource instead. (#​23449)
• resource/aws_s3_bucket: The replication_configuration argument has been deprecated. Use the aws_s3_bucket_replication_configuration resource instead. (#​23716)
• resource/aws_s3_bucket: The request_payer argument has been deprecated. Use the aws_s3_bucket_request_payment_configuration resource instead. (#​23473)
• resource/aws_s3_bucket: The server_side_encryption_configuration argument has been deprecated. Use the aws_s3_bucket_server_side_encryption_configuration resource instead. (#​23476)
• resource/aws_s3_bucket: The versioning argument has been deprecated. Use the aws_s3_bucket_versioning resource instead. (#​23432)
• resource/aws_s3_bucket: The website, website_domain, and website_endpoint arguments have been deprecated. Use the aws_s3_bucket_website_configuration resource instead. (#​23435)

FEATURES:

• New Resource: aws_s3_bucket_accelerate_configuration (#​23471)
• New Resource: aws_s3_bucket_acl (#​23419)
• New Resource: aws_s3_bucket_cors_configuration (#​23434)
• New Resource: aws_s3_bucket_lifecycle_configuration (#​23445)
• New Resource: aws_s3_bucket_logging (#​23430)
• New Resource: aws_s3_bucket_object_lock_configuration (#​23449)
• New Resource: aws_s3_bucket_request_payment_configuration (#​23473)
• New Resource: aws_s3_bucket_server_side_encryption_configuration (#​23476)
• New Resource: aws_s3_bucket_versioning (#​23432)
• New Resource: aws_s3_bucket_website_configuration (#​23435)

ENHANCEMENTS:

• resource/aws_lambda_function: Add support for dotnet6 runtime value (#​23670)
• resource/aws_lambda_layer_version: Add support for dotnet6 compatible_runtimes value (#​23670)
• resource/aws_s3_bucket: Add top-level object_lock_enabled parameter (#​23449)
• resource/aws_s3_bucket_acl: Support resource import for S3 bucket names consisting of uppercase letters, underscores, and a maximum of 255 characters (#​23679)
• resource/aws_s3_bucket_lifecycle_configuration: Support empty string filtering (default behavior of the aws_s3_bucket.lifecycle_rule parameter in provider versions prior to v4.0) (#​23750)
• resource/aws_s3_bucket_replication_configuration: Add token field to specify
  x-amz-bucket-object-lock-token for enabling replication on object lock enabled
  buckets or enabling object lock on an existing bucket. (#​23716)
• resource/aws_s3_bucket_versioning: Add missing support for Disabled bucket versioning (#​23731)

BUG FIXES:

• resource/aws_s3_bucket: Prevent panic when expanding the bucket's list of cors_rule (#​7547)
• resource/aws_s3_bucket_replication_configuration: Change rule configuration block to list instead of set (#​23737)
• resource/aws_s3_bucket_replication_configuration: Correctly configure empty rule.filter configuration block in API requests (#​23716)
• resource/aws_s3_bucket_replication_configuration: Ensure both key and value arguments of the rule.filter.tag configuration block are correctly populated in the outgoing API request and terraform state. (#​23716)
• resource/aws_s3_bucket_replication_configuration: Prevent inconsistent final plan when rule.filter.prefix is an empty string (#​23716)
• resource/aws_s3_bucket_replication_configuration: Set rule.id as Computed to prevent drift when the value is not configured (#​23737)

v3.74.3

Compare Source

BUG FIXES:

• resource/aws_ecs_capacity_provider: Fix tagging error preventing use in ISO partitions (#​23030)
• resource/aws_ecs_cluster: Fix tagging error preventing use in ISO partitions (#​23030)
• resource/aws_ecs_service: Fix tagging error preventing use in ISO partitions (#​23030)
• resource/aws_ecs_task_definition: Fix tagging error preventing use in ISO partitions (#​23030)
• resource/aws_ecs_task_set: Fix tagging error preventing use in ISO partitions (#​23030)
• resource/aws_waf_rule_group: Prevent panic when expanding the rule group's set of activated_rule (#​22978)
• resource/aws_wafregional_rule_group: Prevent panic when expanding the rule group's set of activated_rule (#​22978)

v3.74.2

Compare Source

BUG FIXES:

• resource/aws_rds_cluster: Fix crash when configured engine_version string is shorter than the EngineVersion string returned from the AWS API (#​23039)
• resource/aws_vpn_connection: Add support for ipsec.1-aes256 connection type (#​23127)

v3.74.1

Compare Source

BUG FIXES:

• resource/aws_backup_selection: Fix permanent diffs for condition and not_resources arguments causing resource recreation (#​22882)

v3.74.0

Compare Source

FEATURES:

• New Data Source: aws_api_gateway_export (#​22731)
• New Data Source: aws_api_gateway_sdk (#​22731)
• New Data Source: aws_apigatewayv2_export (#​22732)
• New Data Source: aws_connect_contact_flow_module (#​22518)
• New Data Source: aws_connect_prompt (#​22636)
• New Data Source: aws_connect_quick_connect (#​22527)
• New Data Source: aws_datapipeline_pipeline (#​22597)
• New Data Source: aws_datapipeline_pipeline_definition (#​22597)
• New Data Source: aws_imagebuilder_components (#​21881)
• New Data Source: aws_imagebuilder_distribution_configurations (#​22733)
• New Data Source: aws_imagebuilder_infrastructure_configurations (#​22723)
• New Resource: aws_connect_queue (#​22566)
• New Resource: aws_connect_security_profile (#​22369)
• New Resource: aws_dataexchange_data_set (#​22697)
• New Resource: aws_datapipeline_pipeline_definition (#​22597)
• New Resource: aws_devicefarm_test_grid_project (#​22688)
• New Resource: aws_ecs_cluster_capacity_providers (#​22672)
• New Resource: aws_sagemaker_project (#​21534)

ENHANCEMENTS:

• resource/aws_api_gateway_stage: Add web_acl_arn attribute (#​18561)
• resource/aws_elasticache_replication_group: Add user_group_ids to associate aws_elasticache_user_group with aws_elasticache_replication_group (#​20406)
• resource/aws_imagebuilder_distribution_configuration: Add container_distribution_configuration argument (#​22758)
• resource/aws_iot_role_alias: Increase the maximum allowed value of the credential_duration argument to 43200 (12 hours) (#​22757)
• resource/aws_network_interface: Add private_ip_list, private_ip_list_enabled, ipv6_address_list, and ipv6_address_list_enabled attributes (#​17846)
• resource/aws_s3_bucket_notification: Add eventbridge argument (#​22045)
• resource/aws_vpc_endpoint_subnet_association: Fix resource importing (#​22796)

BUG FIXES:

• data-source/aws_ecr_repository: Further refine tag error handling in ISO partitions (#​22780)
• data-source/aws_lb: Further refine tag error handling for ISO regions (#​22717)
• data-source/aws_lb: Further refine tag error handling for ISO regions (#​22717)
• data-source/aws_lb_listener: Further refine tag error handling for ISO regions (#​22717)
• data-source/aws_lb_target_group: Further refine tag error handling for ISO regions (#​22717)
• data-source/aws_sqs_queue: Further refine tag error handling in ISO partitions (#​22780)
• data-source/aws_vpc: Suppress errors if main route table cannot be found (#​22724)
• resource/aws_cloudfront_distribution: Increase the maximum valid origin_keepalive_timeout value to 180 (#​22632)
• resource/aws_cloudwatch_composite_alarm: Further refine tag error handling for ISO regions (#​22717)
• resource/aws_cloudwatch_event_bus: Further refine tag error handling for ISO regions (#​22717)
• resource/aws_cloudwatch_event_rule: Further refine tag error handling for ISO regions (#​22717)
• resource/aws_cloudwatch_metric_alarm: Further refine tag error handling for ISO regions (#​22717)
• resource/aws_cloudwatch_metric_stream: Further refine tag error handling for ISO regions (#​22717)
• resource/aws_ecr_repository: Further refine tag error handling in ISO partitions (#​22780)
• resource/aws_ecs_capacity_provider: Further refine tag error handling in ISO partitions (#​22780)
• resource/aws_ecs_cluster: Further refine tag error handling in ISO partitions (#​22780)
• resource/aws_ecs_cluster: Provide new resource aws_ecs_cluster_capacity_providers to avoid bugs using capacity_providers and default_capacity_provider_strategy, which arguments will be deprecated in a future version (#​22672)
• resource/aws_ecs_service: Further refine tag error handling in ISO partitions (#​22780)
• resource/aws_ecs_task_definition: Further refine tag error handling in ISO partitions (#​22780)
• resource/aws_ecs_task_set: Further refine tag error handling in ISO partitions (#​22780)
• resource/aws_instance: Prevent panic when reading the instance's block device mappings (#​22719)
• resource/aws_internet_gateway: No longer give up before the attachment timeout (4m) is exceeded (previously it was giving up after 20 not found checks). (#​22713)
• resource/aws_lambda_function: Prevent errors when attempting to configure code signing in the ap-southeast-3 AWS Region (#​22693)
• resource/aws_lb: Further refine tag error handling for ISO regions (#​22717)
• resource/aws_lb_listener: Further refine tag error handling for ISO regions (#​22717)
• resource/aws_lb_listener_rule: Further refine tag error handling for ISO regions (#​22717)
• resource/aws_lb_target_group: Further refine tag error handling for ISO regions (#​22717)
• resource/aws_sns_topic: Further refine tag error handling in ISO partitions (#​22780)
• resource/aws_sqs_queue: Further refine tag error handling in ISO partitions (#​22780)
• resource/aws_vpc: Suppress errors if main route table, default NACL or default security group cannot be found (#​22724)
• resource/aws_vpc_dhcp_options_association: Support default DHCP Options ID (#​22722)

v3.73.0

Compare Source

FEATURES:

• New Data Source: aws_cloudfront_origin_access_identity (#​22572)
• New Data Source: aws_vpc_ipam_preview_next_cidr (#​22643)
• New Resource: aws_appsync_api_cache (#​22578)
• New Resource: aws_appsync_domain_name (#​22487)
• New Resource: aws_appsync_domain_name_api_association (#​22487)
• New Resource: aws_cloudsearch_domain (#​17723)
• New Resource: aws_cloudsearch_domain_service_access_policy (#​17723)
• New Resource: aws_detective_invitation_accepter (#​22163)
• New Resource: aws_detective_member (#​22163)
• New Resource: aws_fsx_data_repository_association (#​22291)
• New Resource: aws_lambda_invocation (#​19488)

ENHANCEMENTS:

• data-source/aws_cognito_user_pool_clients: Add client_names attribute (#​22615)
• data-source/aws_imagebuilder_image_recipe: Add user_data_base64 attribute (#​21763)
• resource/aws_dynamodb_table: Add special case handling when switching billing_mode from PAY_PER_REQUEST to PROVISIONED and provisioned throughput is ignored. (#​22630)
• resource/aws_fsx_lustre_file_system: Add file_system_type_version argument (#​22291)
• resource/aws_imagebuilder_image_recipe: Add user_data_base64 argument (#​21763)
• resource/aws_opsworks_custom_layer: Add plan time validation for ebs_volume.type and custom_json. (#​12433)
• resource/aws_opsworks_custom_layer: Add support for cloudwatch_configuration (#​12433)
• resource/aws_security_group: Ensure that the Security Group is found 3 times in a row before declaring that it has been created (#​22420)

BUG FIXES:

• resource/aws_apprunner_custom_domain_association: Add the status binding_certificate as a valid target when waiting for creation. (#​20222)
• resource/aws_cloudfront_distribution: Increase the maximum valid origin_keepalive_timeout value to 180 (#​22632)
• resource/aws_ecr_lifecycle_policy: Fix diffs in policy when no changes are detected (#​22665)
• resource/aws_load_balancer_policy: Suppress policy_attribute differences (#​21776)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coveralls]

coverage: 88.739% (+0.02%) from 88.716%
when pulling 99e2bda on renovate/aws-3.x-lockfile
into 803ccd8 on master.