github hashicorp/terraform-provider-aws v3.0.0

latest releases: v5.76.0, v5.75.1, v5.75.0...
4 years ago

NOTES:

  • provider: This version is built using Go 1.14.5, including security fixes to the crypto/x509 and net/http packages.

BREAKING CHANGES

  • provider: New versions of the provider can only be automatically installed on Terraform 0.12 and later (#14143)
  • provider: All "removed" attributes are cut, using them would result in a Terraform Core level error (#14001)
  • provider: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) to static, environment, shared credentials, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) (#14077)
  • provider: The AWS_METADATA_TIMEOUT environment variable no longer has any effect as we now depend on the default AWS Go SDK EC2 Metadata client timeout of one second with two retries (#14077)
  • provider: Remove deprecated kinesis_analytics and r53 custom service endpoint arguments (#14238)
  • data-source/aws_availability_zones: Remove deprecated blacklisted_names and blacklisted_zone_ids arguments (#14134)
  • data-source/aws_directory_service_directory: Return an error when a single result is not found (#14006)
  • data-source/aws_ecr_repository: Return an error when a single result is not found (#10520)
  • data-source/aws_efs_file_system: Return an error when a single result is not found (#14005)
  • data-source/aws_launch_template: Return an error when a single result is not found (#10521)
  • data-source/aws_route53_resolver_rule: Trailing period removed from domain_name argument set in data-source (#14220)
  • data-source/aws_route53_zone: Trailing period removed from name argument set in data-source (#14220)
  • resource/aws_acm_certificate: certificate_body, certificate_chain, and private_key attributes are no longer stored in the Terraform state with hash values (#9685)
  • resource/aws_acm_certificate: domain_validation_options attribute changed from list to set (#14199)
  • resource/aws_acm_certificate: Plan-time validation added to domain_name and subject_alternative_names arguments to prevent usage of strings with trailing periods (#14220)
  • resource/aws_api_gateway_method_settings: Remove Computed property from throttling_burst_limit and throttling_rate_limit arguments, enabling drift detection (#14266)
  • resource/aws_api_gateway_method_settings: Update throttling_burst_limit and throttling_rate_limit argument defaults to match API default of -1 to keep throttling disabled (#14266)
  • resource/aws_autoscaling_group: availability_zones and vpc_zone_identifier argument conflict now reported at plan-time (#12927)
  • resource/aws_autoscaling_group: Remove Computed property from load_balancers and target_group_arns arguments, enabling drift detection (#14064)
  • resource/aws_cloudfront_distribution: active_trusted_signers argument renamed to trusted_signers to support accessing items in Terraform 0.12 (#14339)
  • resource/aws_cloudwatch_log_group: Automatically trim :* suffix from arn attribute (#14214)
  • resource/aws_codepipeline: Removes GITHUB_TOKEN environment variable (#14175)
  • resource/aws_cognito_user_pool: Remove deprecated admin_create_user_config configuration block unused_account_validity_days argument (#14294)
  • resource/aws_dx_gateway: Remove automatic aws_dx_gateway_association resource import (#14124)
  • resource/aws_dx_gateway_association: Remove deprecated vpn_gateway_id argument (#14144)
  • resource/aws_dx_gateway_association_proposal: Remove deprecated vpn_gateway_id argument (#14144)
  • resource/aws_ebs_volume: Return an error when iops argument set to a value greater than 0 for volume types other than io1 (#14310)
  • resource/aws_elastic_transcoder_preset: Remove video configuration block max_frame_rate argument default value (#7141)
  • resource/aws_emr_cluster: Remove deprecated instance_group configuration block, core_instance_count, core_instance_type, and master_instance_type arguments (#14137)
  • resource/aws_glue_job: Remove deprecated allocated_capacity argument (#14296)
  • resource/aws_iam_access_key: Remove deprecated ses_smtp_password attribute (#14299)
  • resource/aws_iam_instance_profile: Remove deprecated roles argument (#14303)
  • resource/aws_iam_server_certificate: Remove state hashing from certificate_body, certificate_chain, and private_key arguments for new or recreated resources (#14187)
  • resource/aws_instance: Return an error when ebs_block_device iops or root_block_device iops argument set to a value greater than 0 for volume types other than io1 (#14310)
  • resource/aws_lambda_alias: Resource import no longer converts Lambda Function name to ARN (#12876)
  • resource/aws_launch_template: network_interfaces delete_on_termination argument changed from bool to string type (#8612)
  • resource/aws_lb_listener_rule: Remove deprecated condition configuration block field and values arguments (#14309)
  • resource/aws_msk_cluster: Update encryption_info encryption_in_transit client_broker argument default to match API default of TLS (#14132)
  • resource/aws_rds_cluster: Update scaling_configuration min_capacity argument default to match API default of 1 (#14268)
  • resource/aws_route53_resolver_rule: Trailing period removed from domain_name argument set in resource (#14220)
  • resource/aws_route53_zone: Trailing period removed from name argument set in resource (#14220)
  • resource/aws_s3_bucket: Remove automatic aws_s3_bucket_policy resource import (#14121)
  • resource/aws_s3_bucket: Convert region to read-only attribute (#14127)
  • resource/aws_s3_bucket_metric: Update filter argument to require at least one of the prefix or tags nested arguments (#14230)
  • resource/aws_security_group: Remove automatic aws_security_group_rule resource import (#12616)
  • resource/aws_ses_domain_identity: Plan-time validation added to domain argument to prevent usage of strings with trailing periods (#14220)
  • resource/aws_ses_domain_identity_verification: Plan-time validation added to domain argument to prevent usage of strings with trailing periods (#14220)
  • resource/aws_sns_platform_application: platform_credential and platform_principal attributes are no longer stored in the Terraform state with hash values (#3894)
  • resource/aws_spot_fleet_request: Remove 24 hour default for valid_until argument (#9718)
  • resource/aws_ssm_maintenance_window_task: Remove deprecated logging_info and task_parameters configuration blocks (#14311)

FEATURES

  • New Data Source: aws_workspaces_directory (#13529)

ENHANCEMENTS

  • provider: Always enable shared configuration file support (no longer require AWS_SDK_LOAD_CONFIG environment variable) (#14077)
  • provider: Add assume_role configuration block duration_seconds, policy_arns, tags, and transitive_tag_keys arguments (#14077)
  • data-source/aws_instance: Add secondary_private_ips attribute (#14079)
  • data-source/aws_s3_bucket: Replace GetBucketLocation API call with custom HTTP call for FIPS endpoint support (#14221)
  • resource/aws_acm_certificate: Enable domain_validation_options usage in downstream resource count and for_each references (#14199)
  • resource/aws_api_gateway_authorizer: Add plan-time validation to authorizer_credentials argument (#12643)
  • resource/aws_api_gateway_method_settings: Add import support (#14266)
  • resource/aws_apigatewayv2_integration: Add request_parameters attribute (#14080)
  • resource/aws_apigatewayv2_integration: Add tls_config attribute (#13013)
  • resource/aws_apigatewayv2_route: Support for updating route key (#13833)
  • resource/aws_apigatewayv2_stage: Make deployment_id a Computed attribute (#13644)
  • resource/aws_fsx_lustre_file_system: Add deployment_type and per_unit_storage_throughput attributes (#13639)
  • resource_aws_fsx_windows_file_system - add storage_type argument. (#14316)
  • resource_aws_fsx_windows_file_system: add support for multi-az (#12676)
  • resource_aws_fsx_windows_file_system: add SINGLE_AZ_2 deployment type (#12676)
  • resource_aws_fsx_windows_file_system: adds preferred_file_server_ip, remote_administration_endpoint attributes (#12676)
  • resource/aws_instance: Add secondary_private_ips argument (conflicts with network_interface configuration block) (#14079)

BUG FIXES

  • provider: Ensure nil is not passed to RetryError helpers, may result in some bug fixes (#14104)
  • provider: Ensure configured STS endpoint is used during AssumeRole API calls (#14077)
  • provider: Prefer AWS shared configuration over EC2 metadata credentials by default (#14077)
  • provider: Prefer CodeBuild, ECS, EKS credentials over EC2 metadata credentials by default (#14077)
  • data-source/aws_lb: enable_http2 now properly set (#14167)
  • resource/aws_acm_certificate: Prevent unexpected ordering differences with domain_validation_options attribute (#14199)
  • resource/aws_api_gateway_authorizer: Allow authorizer_result_ttl_in_seconds to be set to 0 (#12643)
  • resource/aws_apigatewayv2_integration: Correctly handle the integration_method attribute for AWS Lambda integrations(#13266)
  • resource/aws_apigatewayv2_integration: Correctly handle the passthrough_behavior attribute for HTTP APIs (#13062)
  • resource/aws_apigatewayv2_stage: Correctly handle default_route_setting and route_setting data_trace_enabled and logging_level for HTTP APIs. logging_level is now Computed, meaning Terraform will only perform drift detection of its value when present in a configuration. (#13809)
  • resource/aws_appautoscaling_target: Only retry DeregisterScalableTarget retries on all errors on deletion (#14259)
  • resource/aws_dx_gateway_association: Increase default create/update/delete timeouts to 30 minutes (#14144)
  • resource/aws_codepipeline: Only retry CreatePipeline errors for IAM eventual consistency errors (#14264)
  • resource/aws_elasticsearch_domain: Update method to properly set advanced_security_options (#14167)
  • resource/aws_lambda_function: Increase IAM retry timeout for creation to standard 2 minute timeout (#14291)
  • resource/aws_lb_cookie_stickiness_policy: lb_port now properly set (#14167)
  • resource/aws_network_acl_rule: Immediately return DescribeNetworkAcls errors on creation (#14261)
  • resource/aws_s3_bucket: Replace GetBucketLocation API call with custom HTTP call for FIPS endpoint support (#14221)
  • resource/aws_sns_topic_subscription: Immediately return ListSubscriptionsByTopic errors (#14262)
  • resource/aws_spot_fleet_request: Only retry RequestSpotFleet on IAM eventual consistency errors and use standard 2 minute timeout (#14265)
  • resource/aws_spot_instance_request: primary_network_interface_id now properly set (#14167)
  • resource/aws_ssm_activation: Only retry CreateActivation on IAM eventual consistency errors and use standard 2 minute timeout (#14263)
  • resource/aws_ssm_association: parameters now properly set (#14167)

Don't miss a new terraform-provider-aws release

NewReleases is sending notifications on new releases.