v2.46.0

NOTES:

• provider: Terraform AWS Provider version 2.45.0 included AWS Go SDK version 1.28.0, which contained a regression in error handling behavior across many services that either prevented or incorrectly modified error messages from being surfaced by the API. Other than confusing errors in certain cases, this also affected automatic retry logic in a few resources. This release contains an AWS Go SDK update which should resolve these issues.

ENHANCEMENTS:

• data-source/aws_api_gateway_api_key: Add created_date, description, enabled, last_updated_date, and tags attributes (#10821)
• data-source/aws_cloudwatch_log_group: Add kms_key_id, retention_in_days, and tags attributes (#10755)
• data-source/aws_db_instance: Add multi_az attribute (#10795)
• data-source/aws_sqs_queue: Add tags attribute (#10820)
• resource/aws_acm_certificate: Support tag-on-create (#11073)
• resource/aws_api_gateway_rest_api: Add endpoint_configuration configuration block vpc_endpoint_ids argument (#10627)
• resource/aws_cloudfront_distribution: Validate origin_group configuration block member argument contains max 2 items (#10357)
• resource/aws_cognito_user_pool_client: Support plan-time validation values of ALLOW_* variations for explicit_auth_flows argument (#10976)
• resource/aws_ecs_task_definition: Add volume configuration block efs_volume_configuration configuration block (support preview EFS volume configuration) (#11707)
• resource/aws_ecs_task_definition: Add plan-time validation for execution_role_arn argument, placement_constraints configuration block type argument, and task_role_arn argument (#11707)
• resource/aws_egress_only_internet_gateway: Support resource import (#11071)
• resource/aws_key_pair: Add tags argument and key_pair_id attribute (#11481)
• resource/aws_network_interface: Add mac_address attribute (#10633)
• resource/aws_organization_organization: Support plan-time validation value of TAG_POLICY in enabled_policy_types argument (#11535)
• resource/aws_placement_group: Add tags argument and placement_group_id attribute (#11482)
• resource/aws_rds_cluster_endpoint: Add tags argument (#11074)

BUG FIXES:

• data-source/aws_acmpca_certificate_authority: Properly set not_after and not_before values into the Terraform state (#11491)
• provider: Upgrade AWS Go SDK dependency to fix missing/incorrect API error messages and missing retries regression introduced in Terraform AWS Provider version 2.45.0 (#11727)
• resource/aws_acmpca_certificate_authority: Properly set not_after and not_before values into the Terraform state (#11491)
• resource/aws_api_gateway_account: Update retryable error message handling for recent API update (#11735)
• resource_aws_cognito_resource_server: Increase scope max limit to match API (#10505)
• resource_aws_cognito_user_pool_client: Increase allowed_oauth_scopes max limit to match API (#10505)
• resource/aws_dms_certificate: Properly set certificate_wallet value into Terraform state (#11496)
• resource/aws_ec2_client_vpn_endpoint: Properly set status value into Terraform state (#11497)
• resource/aws_ecs_task_definition: Properly refresh ipc_mode and pid_mode attributes in Terraform state for drift detection (#11707)
• resource/aws_emr_security_configuration: Properly set creation_date value into the Terraform state (#11491)
• resource/aws_iam_service_linked_role: Properly set create_date value into the Terraform state (#11491)
• resource/aws_iot_topic_rule: Trigger resource recreation on name argument updates (#10366)
• resource/aws_lambda_event_source_mapping: Properly set last_modified value into the Terraform state (#11491)
• resource/aws_organizations_account: Properly set joined_timestamp value into the Terraform state (#11491)
• resource/aws_redshift_cluster: Handle available, prep-for-resize pending status during creation and update (#10530)
• resource/aws_ssm_activation: Properly set expiration_date value into the Terraform state and perform drift detection when configured (#11491)
• resource/aws_ssm_document: Properly set created_date value into the Terraform state (#11491)
• resource/aws_waf_sql_injection_match_set: Properly set sql_injection_match_tuples value into Terraform state (#11498)

v2.45.0

ENHANCEMENTS:

• resource/aws_codepipeline_webhook: Support in-place tags updates (#11387)
• resource/aws_db_parameter_group: Support resetting parameter group values (#11540)
• resource/aws_docdb_cluster: Support profiler CloudWatch export type (#11051)
• resource/aws_gamelift_alias: Add tags argument (#11486)
• resource/aws_gamelift_build: Add tags argument and arn attribute (#11486)
• resource/aws_gamelift_fleet - Add support for instance_role_arn (#11553)
• resource/aws_gamelift_game_session_queue: Add tags argument (#11486)
• resource/aws_neptune_parameter_group: Support tag-on-create (#11245)
• resource/aws_pinpoint_app: Add plan-time validation for limit configuration block daily, maximum_duration, messages_per_second and total arguments (#11368)
• resource/aws_rds_cluster: Allow enabling Aurora Serverless HTTP endpoint (Data API) with enable_http_endpoint (#11048)
• resource/aws_rds_cluster_parameter_group: Support resetting parameter group values (#11540)
• resource/aws_ssm_document: Add support for "Package" document type (#11492)
• resource/aws_vpc_peering_connection_accepter: Support resource import (#4486)

BUG FIXES:

• resource/aws_autoscaling_group: Prevent indefinite wait for desired capacity to be available when instance_weight specified and >=1 (#11357)
• resource/aws_cloudwatch_event_rule: Retry deletion on CloudWatch Events Target deletion eventual consistency (#11475)
• resource/aws_cloudwatch_event_target: Return failed entry error code and message if provided in RemoveTargets response (#11475)
• resource/aws_codepipeline_webhook: Properly trigger resource recreation when authentication_configuration configuration block allowed_ip_range and secret_token arguments change (#11387)
• resource/aws_emr_cluster: Prevent perpetual difference with ec2_attributes configuration block emr_managed_master_security_group, emr_managed_slave_security_group, and service_access_security_groups arguments when omitted (support EMR Managed Security Groups) (#5493)
• resource/aws_opsworks_permission: Prevent Unable to change own permission level error during self updates (#11379)

v2.44.0

FEATURES:

• New Data Source: aws_directory_service_directory (#11282)
• New Resource: aws_workspaces_directory (#11023)

ENHANCEMENTS:

• data-source/aws_launch_configuration: Add arn attribute (#11416)
• data-source/aws_eks_cluster: Add vpc_config list public_access_cidrs attribute (#11442)
• resource/aws_ami_launch_permission: Support resource import (#11437)
• resource/aws_api_gateway_authorizer: Support resource import (#11436)
• resource/aws_api_gateway_authorizer: Add plan time validation for provider_arns argument (#11436)
• resource/aws_api_gateway_usage_plan_key: Support resource import (#11439)
• resource/aws_batch_compute_environment: Add compute_environment_name_prefix argument and make compute_enviroment_name argument optional (support full name generation) (#10682)
• resource/aws_batch_compute_environment: Add compute_resources configuration block allocation_strategy argument (#10894)
• resource/aws_batch_job_queue: Support resource import (#11406)
• resource/aws_cloudformation_stack: Prevent difference with Transform templates showing processed template (support SAM templates) (#9006)
• resource/aws_cloudwatch_event_rule: Support tag-on-create (#11346)
• resource/aws_db_instance: Remove identifier_prefix 16 character truncation for sqlserver engine (#9040)
• resource/aws_ecs_service: Add plan time validation for launch_type, load_balancer configuration block target_group_arn and container_port, and placement_constraints configuration block type arguments (#11423)
• resource/aws_eks_cluster: Add vpc_config configuration block public_access_cidrs argument (#11442)
• resource/aws_elasticache_cluster: Add arn attribute (#11243)
• resource/aws_launch_configuration: Add arn attribute (#11416)
• resource/aws_lb: Add plan-time validation for ip_address_type and load_balancer_type arguments (#11419)
• resource/aws_rds_cluster_instance: Allow updating ca_cert_identifier for aws_rds_cluster_instance (#10954)
• resource/aws_wafregional_xss_match_set: Support resource import (#11432)

BUG FIXES:

• provider: Allow aws account ID in ARN validation (support ARNs such as AWS Managed IAM Policies) (#11450)
• provider: Support AWS C2S/SC2S Regional ARNs in ARN validation (#11471)
• resource/aws_api_gateway_usage_plan_key: Ensure Terraform performs drift detection of key_type argument (#11439)
• resource/aws_appautoscaling_policy: Prevent potential state removal of resource immediately after creation due to eventual consistency (#11222)
• resource/aws_cloudwatch_dashboard: Trigger resource recreation on dashboard_name updates (prevent dangling resource) (#9784)
• resource/aws_cloudwatch_event_rule: Improved handling of is_enabled argument (#11346)
• resource/aws_ecs_service: Automatically retry IAM Service Linked Role assume role error on creation due to asynchronous creation of role on first usage and IAM eventual consistency (#11423)
• resource/aws_iam_instance: Allows for instance profiles to be changed when instances are in stopped state (#11104)
• resource/aws_opsworks_stack: Ensure tags are refreshed in Terraform state during read for drift detection (#11373)
• resource/aws_rds_cluster_instance: Prevent is already being deleted error on deletion and wait for deletion completion (#11468)

v2.43.0

NOTES:

• This will be the last planned release until early January. Enjoy the rest of your year!

FEATURES:

• New Data Source: aws_organizations_organizational_units (#10395)
• New Resource: aws_accessanalyzer_analyzer (#11169)
• New Resource: aws_lambda_function_event_invoke_config (#11165)

ENHANCEMENTS:

• data-source/aws_elb: Add arn attribute (#11345)
• resource/aws_batch_compute_environment: Support resource import (#11299)
• resource/aws_codebuild_project: Add queued_timeout argument (#11261)
• resource/aws_fsx_windows_file_system: Support storage_capacity minimum value of 32 in validation to match recent updates to the API (#11272)
• resource/aws_opsworks_custom_layer: Add encrypted ebs_volume configuration (#7110)

BUG FIXES:

• resource/aws_datasync_agent: Trigger resource recreation on updated InvalidRequestException error for agents deleted outside Terraform (#11005)
• resource/aws_ecs_cluster: Fixes intermittent failures on update when cluster dependencies are updating (#11310)
• resource/aws_ecs_cluster: Fixes bug where ECS cluster capacity providers are updated but default provider strategy is not changed (#11316)
• resource/aws_globalaccelerator_endpoint_group: Allow traffic_dial_percentage to be set to 0 (#11253)
• resource/aws_lb_listener_rule: Fixes regression from version 2.42.0 when updating a rule without modifying condition (#11364)
• resource/aws_ssm_activation: Ensure tags are refreshed into Terraform state during read for drift detection (#11290)

v2.42.0

FEATURES:

• New Resource: aws_ecs_capacity_provider [GH-11151]
• New Resource: aws_media_convert_queue [GH-10041]
• New Resource: aws_workspaces_ip_group [GH-10904]

ENHANCEMENTS:

• resource/aws_apigateway_usage_plan: Add tags argument and arn attribute [GH-10566]
• resource/aws_codebuild_project: Add ARM_CONTAINER as valid environment configuration block compute_type argument value [GH-11206]
• resource/aws_ecs_cluster: Add capacity_providers argument and default_capacity_provider_strategy configuration block (support ECS Capacity Providers) [GH-11151]
• resource/aws_ecs_service: Add capacity_provider_strategy configuration block (support ECS Capacity Providers) [GH-11151]
• resource/aws_emr_cluster: Add step_concurrency_level argument [GH-11196]
• resource/aws_lb_listener_rule: Support ALB advanced routing rules [GH-8268]

BUG FIXES:

• provider: Prevent crash in planning IAM Policy equivalency checking with invalid Resource declarations (e.g. a list of list of strings) [GH-11107]
• resource/aws_eks_cluster: Handle additional InvalidParameterException: Error in role params error during creation for IAM eventual consistency [GH-11127]
• resource/aws_iam_role: Ignore additional NoSuchEntity errors on deletion [GH-11125]
• resource/aws_network_interface: Prevent extraneous ModifyNetworkInterfaceAttribute API call during update [GH-11277]
• resource/aws_security_group: Support ampersand (&) in ingress and egress configuration block description argument value validation [GH-9528]
• resource/aws_security_group_rule: Support ampersand (&) in description argument value validation [GH-9528]

v2.41.0

FEATURES:

• New Resource: aws_eks_fargate_profile (#11111)
• New Resource: aws_lambda_provisioned_concurrency_config (#11129)

ENHANCEMENTS:

• data-source/aws_route_table: adds attributes gateway_id and associations.gateway_id (#11122)
• resource/aws_autoscaling_group: Add max_instance_lifetime argument (#10951)
• resource/aws_autoscaling_group: Add mixed_instances_policy launch_template override configuration block weighted_capacity argument (#11004)
• resource/aws_codebuild_project: Add Linux GPU worker (#11035)
• resource/aws_docdb_cluster_instance: Add support for ca_cert_identifier parameter (#11041)
• resource/aws_emr_cluster: Outputs EMR cluster ARN (#11078)
• resource/aws_iam_access_key: Remove deprecation from secret and mark secret and ses_smtp_password to sensitive (#10908)
• resource/aws_iam_user: Delete a user's virtual MFA devices when force_destroy is enabled (#11040)
• resource/aws_route_table_association: adds attribute gateway_id (#11122)

BUG FIXES:

• resource/aws_batch_compute_environment: Forces new resource when launch_template contents are changed (#11057)
• resource/aws_datasync_location_s3: Automatically retry creation for IAM errors due to eventual consistency (#10984)
• resource/aws_launch_template: Only set associate_public_ip_address on network interfaces if it's explicitly set to avoid problems with multiple network interfaces (#10157)

v2.40.0

NOTES:

• resource/aws_datasync_task: The DataSync API and SDK have removed BEST_EFFORT as a valid value for the options configuration block posix_permissions argument. The value has been removed from the validation in this resource to match those changes. (#10985)

FEATURES:

• New Resource: aws_dx_hosted_transit_virtual_interface (#8523)
• New Resource: aws_dx_hosted_transit_virtual_interface_accepter (#8523)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add vpc_config nested block cluster_security_group_id attribute (#11002)
• resource/aws_cloudwatch_metric_alarm: Add threshold_metric_id argument (support Anomaly Detection metrics) (#9828)
• resource/aws_codebuild_project: Add support for BUILD_GENERAL1_2XLARGE CodeBuild compute type [GH11015]
• resource/aws_dx_private_virtual_interface: Support tagging-on-create (#9572)
• resource/aws_dx_private_virtual_interface: Validate Virtual Interface type on import (#9572)
• resource/aws_dx_public_virtual_interface: Validate Virtual Interface type on import (#9572)
• resource/aws_ebs_snapshot: Support tagging-on-create and in-place tags updates (#10935)
• resource/aws_ebs_snapshot_copy: Support tagging-on-create and in-place tags updates (#10936)
• resource/aws_eks_cluster: Add vpc_config configuration block cluster_security_group_id attribute (#11002)
• resource/aws_lambda_function: Support waiting for function creation and configuration updates (#11016)

BUG FIXES:

• data-source/aws_iam_group: Ensure users attribute populates fully when group contains more than 100 users (#10993)
• resource/aws_default_route_table: Return helpful not found error on resource creation instead of generic Provider produced inconsistent result after apply error when given invalid default_route_table_id argument value (#10981)
• resource/aws_default_route_table: Propose resource recreation for missing Default Route Table on refresh instead of returning an error (#10981)

v2.39.0

FEATURES:

• New Data Source: aws_guardduty_detector (#10463)
• New Resource: aws_glue_workflow (#10891)

ENHANCEMENTS:

• provider: Support for EC2 Metadata secure tokens (#10940)
• resource/aws_glue_job: Add number_of_workers and worker_type arguments (#9115)
• resource/aws_glue_job: Add tags argument and arn attribute (#10968)
• resource/aws_glue_trigger: Add workflow_name argument (#9762)
• resource/aws_glue_trigger: Add actions configuration block crawler_name argument (#10190)
• resource/aws_glue_trigger: Add predicate conditions configuration block crawler_name and crawl_state arguments (#10190)
• resource/aws_glue_trigger: Add tags argument and arn attribute (#10967)
• resource/aws_iam_group_policy: Add IAM Policy JSON difference suppression and validation to policy argument (#9660)
• resource/aws_lambda_event_source_mapping: Add maximum_batching_window_in_seconds argument (#10051)
• resource/aws_lambda_function: Support java11, nodejs12.x, and python3.8 as valid runtime argument values in validation (#10938)
• resource/aws_lambda_layer_version: Support java11, nodejs12.x, and python3.8 as valid compatible_runtimes argument values in validation (#10938)
• resource/aws_resourcegroups_group: Add tags argument (#10640)

BUG FIXES:

• data_source/aws_instance: Fixes a bug where multiple EBS volumes would get collapsed and only one would return (#10045)
• resource/aws_appmesh_virtual_node: Allow FQDN values in service_discovery aws_cloud_map configuration block namespace_name and service_name argument validations (#9788)
• resource/aws_batch_compute_environment: Propose resource recreation when updating compute_resources configuration block tags argument (#10937)
• resource/aws_iam_instance_profile: Remove requirement to specify a role, as it is not required by the API (#10525)
• resource/aws_opsworks_application: Fixes issue where terraform apply continuously suggests applying changes to ssh_key or password in app_source property (#10175)
• resource/aws_opsworks_stack: Fixes issue where terraform apply continuously suggests applying changes to ssh_key or password in custom_cookbooks_source property (#10175)

v2.38.0

FEATURES:

• New Resource: aws_eks_node_group (#10916)

v2.37.0

ENHANCEMENTS:

• resource/aws_api_gateway_rest_api: Add tags argument and arn attribute (#10581)
• resource/aws_cloudtrail: support Tag on create (#10818)
• resource/aws_db_instance: Add ca_cert_identifier argument (#10490)
• resource/aws_dlm_lifecycle_policy: Add tags argument and arn attribute (#10864)
• resource/aws_efs_file_system: Add AFTER_7_DAYS as a valid lifecycle_policy configuratio block transition_to_ia argument value (#10825)
• resource/aws_glue_crawler: Add tags argument (#10805)
• resource/aws_s3_bucket_inventory: Add IntelligentTieringAccessTier as valid value for optional_fields argument (#10746)
• resource/aws_waf_geo_match_set: Support resource import and add arn attribute (#10480)
• resource/aws_waf_regex_match_set: Support resource import and add arn attribute (#10481)
• resource/aws_waf_regex_pattern_set: Support resource import and add arn attribute (#10482)
• resource/aws_waf_size_constraint_set: Support resource import and add arn attribute (#10484)
• resource/aws_waf_xss_match_set: Support resource import and add arn attribute (#10485)
• resource/aws_wafregional_rate_based_rule: Add tags argument and arn attribute (#10897)
• resource/aws_wafregional_rule_group: Add tags argument and arn attribute (#10896)
• resource/aws_wafregional_rule: Add tags argument and arn attribute (#10895)
• resource/aws_wafregional_web_acl: Add tags argument (#10889)
• resource/aws_wafregional_web_acl_association: Support resource import (#10538)

BUG FIXES:

• data-source/aws_iam_policy_document: Prevent panic when combining single principal identifier with multiple principal identifiers (#10780)
• data-source/aws_iam_policy_document: Prevent losing identifier elements when combining single and multiple principals identifiers (#10844)
• resource/aws_servicequotas_service_quota: Remove resource from Terraform state on NoSuchResourceException error (#10735)