github hashicorp/terraform-provider-aws v4.0.0
on GitHub

latest releases: v5.74.0, v5.73.0, v5.72.1...
2 years ago

BREAKING CHANGES:

  • data-source/aws_connect_hours_of_operation: The hours_of_operation_arn attribute is renamed to arn (#22375)
  • resource/aws_batch_compute_environment: No compute_resources configuration block can be specified when type is UNMANAGED (#22805)
  • resource/aws_cloudwatch_event_target: The ecs_target launch_type argument no longer has a default value (previously was EC2) (#22803)
  • resource/aws_cloudwatch_event_target: ecs_target.0.launch_type can no longer be set to ""; instead, remove or set to null (#22954)
  • resource/aws_connect_hours_of_operation: The hours_of_operation_arn attribute is renamed to arn (#22375)
  • resource/aws_default_network_acl: These arguments can no longer be set to "": egress.*.cidr_block, egress.*.ipv6_cidr_block, ingress.*.cidr_block, or ingress.*.ipv6_cidr_block (#22928)
  • resource/aws_default_route_table: These arguments can no longer be set to "": route.*.cidr_block, route.*.ipv6_cidr_block (#22931)
  • resource/aws_default_vpc: ipv6_cidr_block can no longer be set to ""; remove or set to null (#22948)
  • resource/aws_efs_mount_target: ip_address can no longer be set to ""; instead, remove or set to null (#22954)
  • resource/aws_elasticache_cluster: Either engine or replication_group_id must be specified (#20482)
  • resource/aws_elasticsearch_domain: ebs_options.0.volume_type can no longer be set to ""; instead, remove or set to null (#22954)
  • resource/aws_fsx_ontap_storage_virtual_machine: Remove deprecated active_directory_configuration.0.self_managed_active_directory_configuration.0.organizational_unit_distinguidshed_name, migrating value to active_directory_configuration.0.self_managed_active_directory_configuration.0.organizational_unit_distinguished_name (#22915)
  • resource/aws_instance: private_ip can no longer be set to ""; remove or set to null (#22948)
  • resource/aws_lb_target_group: For protocol = "TCP", stickiness can no longer be type set to lb_cookie even when enabled = false; instead use type source_ip (#22996)
  • resource/aws_network_acl: These arguments can no longer be set to "": egress.*.cidr_block, egress.*.ipv6_cidr_block, ingress.*.cidr_block, or ingress.*.ipv6_cidr_block (#22928)
  • resource/aws_route: Exactly one of these can be set: destination_cidr_block, destination_ipv6_cidr_block, destination_prefix_list_id. These arguments can no longer be set to "": destination_cidr_block, destination_ipv6_cidr_block. (#22931)
  • resource/aws_route_table: These arguments can no longer be set to "": route.*.cidr_block, route.*.ipv6_cidr_block (#22931)
  • resource/aws_s3_bucket: The acceleration_status argument has been deprecated and is now read-only. Use the aws_s3_bucket_accelerate_configuration resource instead. (#22610)
  • resource/aws_s3_bucket: The acl and grant arguments have been deprecated and are now read-only. Use the aws_s3_bucket_acl resource instead. (#22537)
  • resource/aws_s3_bucket: The cors_rule argument has been deprecated and is now read-only. Use the aws_s3_bucket_cors_configuration resource instead. (#22611)
  • resource/aws_s3_bucket: The lifecycle_rule argument has been deprecated and is now read-only. Use the aws_s3_bucket_lifecycle_configuration resource instead. (#22581)
  • resource/aws_s3_bucket: The logging argument has been deprecated and is now read-only. Use the aws_s3_bucket_logging resource instead. (#22599)
  • resource/aws_s3_bucket: The object_lock_configuration rule argument has been deprecated and is now read-only. Use the aws_s3_bucket_object_lock_configuration resource instead. (#22612)
  • resource/aws_s3_bucket: The policy argument has been deprecated and is now read-only. Use the aws_s3_bucket_policy resource instead. (#22538)
  • resource/aws_s3_bucket: The replication_configuration argument has been deprecated and is now read-only. Use the aws_s3_bucket_replication_configuration resource instead. (#22604)
  • resource/aws_s3_bucket: The request_payer argument has been deprecated and is now read-only. Use the aws_s3_bucket_request_payment_configuration resource instead. (#22613)
  • resource/aws_s3_bucket: The server_side_encryption_configuration argument has been deprecated and is now read-only. Use the aws_s3_bucket_server_side_encryption_configuration resource instead. (#22605)
  • resource/aws_s3_bucket: The versioning argument has been deprecated and is now read-only. Use the aws_s3_bucket_versioning resource instead. (#22606)
  • resource/aws_s3_bucket: The website, website_domain, and website_endpoint arguments have been deprecated and are now read-only. Use the aws_s3_bucket_website_configuration resource instead. (#22614)
  • resource/aws_vpc: ipv6_cidr_block can no longer be set to ""; remove or set to null (#22948)
  • resource/aws_vpc_ipv6_cidr_block_association: ipv6_cidr_block can no longer be set to ""; remove or set to null (#22948)

NOTES:

  • data-source/aws_cognito_user_pools: The type of the ids and arns attributes has changed from Set to List. If no volumes match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_db_event_categories: The type of the ids attribute has changed from Set to List. If no event categories match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_ebs_volumes: The type of the ids attribute has changed from Set to List. If no volumes match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_ec2_coip_pools: The type of the pool_ids attribute has changed from Set to List. If no COIP pools match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_ec2_local_gateway_route_tables: The type of the ids attribute has changed from Set to List. If no local gateway route tables match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_ec2_local_gateway_virtual_interface_groups: The type of the ids and local_gateway_virtual_interface_ids attributes has changed from Set to List. If no local gateway virtual interface groups match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_ec2_local_gateways: The type of the ids attribute has changed from Set to List. If no local gateways match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_ec2_transit_gateway_route_tables: The type of the ids attribute has changed from Set to List. If no transit gateway route tables match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_efs_access_points: The type of the ids and arns attributes has changed from Set to List. If no access points match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_elasticache_replication_group: The number_cache_clusters attribute has been deprecated. All configurations using number_cache_clusters should be updated to use the num_cache_clusters attribute instead (#22667)
  • data-source/aws_elasticache_replication_group: The replication_group_description attribute has been deprecated. All configurations using replication_group_description should be updated to use the description attribute instead (#22667)
  • data-source/aws_emr_release_labels: The type of the ids attribute has changed from Set to List. If no release labels match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_iam_policy_document: The source_json and override_json attributes have been deprecated. Use the source_policy_documents and override_policy_documents attributes respectively instead. (#22890)
  • data-source/aws_inspector_rules_packages: If no rules packages match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_instances: If no instances match the specified criteria an empty list is returned (previously an error was raised) (#5055)
  • data-source/aws_ip_ranges: If no ranges match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_network_acls: The type of the ids attribute has changed from Set to List. If no NACLs match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_network_interfaces: The type of the ids attribute has changed from Set to List. If no network interfaces match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_route_tables: The type of the ids attribute has changed from Set to List. If no route tables match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_s3_bucket_object: The data source is deprecated; use aws_s3_object instead (#22877)
  • data-source/aws_s3_bucket_objects: The data source is deprecated; use aws_s3_objects instead (#22877)
  • data-source/aws_security_groups: If no security groups match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_ssoadmin_instances: The type of the identity_store_ids and arns attributes has changed from Set to List. If no instances match the specified criteria an empty list is returned (previously an error was raised) (#21219)
  • data-source/aws_subnet_ids: The aws_subnet_ids data source has been deprecated and will be removed in a future version. Use the aws_subnets data source instead (#22743)
  • data-source/aws_vpcs: The type of the ids attributes has changed from Set to List. If no VPCs match the specified criteria an empty list is returned (previously an error was raised) (#22253)
  • provider: The assume_role.duration_seconds argument has been deprecated. All configurations using assume_role.duration_seconds should be updated to use the new assume_role.duration argument instead. (#23077)
  • resource/aws_acmpca_certificate_authority: The status attribute has been deprecated. Use the enabled attribute instead. (#22878)
  • resource/aws_autoscaling_attachment: The alb_target_group_arn argument has been deprecated. All configurations using alb_target_group_arn should be updated to use the new lb_target_group_arn argument instead (#22662)
  • resource/aws_autoscaling_group: The tags argument has been deprecated. All configurations using tags should be updated to use the tag argument instead (#22663)
  • resource/aws_budgets_budget: The cost_filters attribute has been deprecated. Use the cost_filter attribute instead. (#22888)
  • resource/aws_connect_hours_of_operation: Timeout support has been removed as it is not needed for this resource (#22375)
  • resource/aws_customer_gateway: ip_address can no longer be set to "" (#22926)
  • resource/aws_db_instance The name argument has been deprecated. All configurations using name should be updated to use the db_name argument instead (#22668)
  • resource/aws_default_subnet: If no default subnet exists in the specified Availability Zone one is now created. The force_destroy destroy argument has been added (defaults to false). Setting this argument to true deletes the default subnet on terraform destroy (#22253)
  • resource/aws_default_vpc: If no default VPC exists in the current AWS Region one is now created. The force_destroy destroy argument has been added (defaults to false). Setting this argument to true deletes the default VPC on terraform destroy (#22253)
  • resource/aws_ec2_client_vpn_endpoint: The status attribute has been deprecated (#22887)
  • resource/aws_ec2_client_vpn_endpoint: The type of the dns_servers argument has changed from Set to List (#22889)
  • resource/aws_ec2_client_vpn_network_association: The security_groups argument has been deprecated. Use the security_group_ids argument of the aws_ec2_client_vpn_endpoint resource instead (#22911)
  • resource/aws_ec2_client_vpn_network_association: The status attribute has been deprecated (#22887)
  • resource/aws_ec2_client_vpn_route: Add custom timeouts block (#22911)
  • resource/aws_ecs_cluster: The capacity_providers and default_capacity_provider_strategy arguments have been deprecated. Use the aws_ecs_cluster_capacity_providers resource instead. (#22783)
  • resource/aws_elasticache_replication_group: The cluster_mode argument has been deprecated. All configurations using cluster_mode should be updated to use the root-level num_node_groups and replicas_per_node_group arguments instead (#22666)
  • resource/aws_elasticache_replication_group: The number_cache_clusters argument has been deprecated. All configurations using number_cache_clusters should be updated to use the num_cache_clusters argument instead (#22666)
  • resource/aws_elasticache_replication_group: The replication_group_description argument has been deprecated. All configurations using replication_group_description should be updated to use the description argument instead (#22666)
  • resource/aws_route: The instance_id argument has been deprecated. All configurations using instance_id should be updated to use the network_interface_id argument instead (#22664)
  • resource/aws_route_table: The instance_id argument of the route configuration block has been deprecated. All configurations using route instance_id should be updated to use the route network_interface_id argument instead (#22664)
  • resource/aws_s3_bucket_object: The resource is deprecated; use aws_s3_object instead (#22877)

FEATURES:

  • New Data Source: aws_cloudfront_realtime_log_config (#22620)
  • New Data Source: aws_ec2_client_vpn_endpoint (#14218)
  • New Data Source: aws_eips (#7537)
  • New Data Source: aws_s3_object (#22850)
  • New Data Source: aws_s3_objects (#22850)
  • New Resource: aws_cognito_user (#19919)
  • New Resource: aws_dataexchange_revision (#22933)
  • New Resource: aws_network_acl_association (#18807)
  • New Resource: aws_s3_bucket_accelerate_configuration (#22617)
  • New Resource: aws_s3_bucket_acl (#22853)
  • New Resource: aws_s3_bucket_cors_configuration (#12141)
  • New Resource: aws_s3_bucket_lifecycle_configuration (#22579)
  • New Resource: aws_s3_bucket_logging (#22608)
  • New Resource: aws_s3_bucket_object_lock_configuration (#22644)
  • New Resource: aws_s3_bucket_request_payment_configuration (#22649)
  • New Resource: aws_s3_bucket_server_side_encryption_configuration (#22609)
  • New Resource: aws_s3_bucket_versioning (#5132)
  • New Resource: aws_s3_bucket_website_configuration (#22648)
  • New Resource: aws_s3_object (#22850)

ENHANCEMENTS:

  • data-source/aws_ami: Add boot_mode attribute. (#22939)
  • data-source/aws_cloudwatch_log_group: Automatically trim :* suffix from arn attribute (#22043)
  • data-source/aws_ec2_client_vpn_endpoint: Add security_group_ids and vpc_id attributes (#22911)
  • data-source/aws_elasticache_replication_group: Add description, num_cache_clusters, num_node_groups, and replicas_per_node_group attributes (#22667)
  • data-source/aws_imagebuilder_distribution_configuration: Add container_distribution_configuration attribute to the distribution configuration block (#22838)
  • data-source/aws_imagebuilder_distribution_configuration: Add launch_template_configuration attribute to the distribution configuration block (#22884)
  • data-source/aws_imagebuilder_image_recipe: Add parameter attribute to the component configuration block (#22856)
  • provider: Add duration argument to the assume_role configuration block (#23077)
  • provider: Add ec2_metadata_service_endpoint, ec2_metadata_service_endpoint_mode, use_dualstack_endpoint, use_fips_endpoint arguments (#22804)
  • provider: Add environment variables TF_AWS_DYNAMODB_ENDPOINT, TF_AWS_IAM_ENDPOINT, TF_AWS_S3_ENDPOINT, and TF_AWS_STS_ENDPOINT. (#23052)
  • provider: Add support for shared_config_file parameter (#20587)
  • provider: Add support for shared_credentials_files parameter and deprecates shared_credentials_file (#23080)
  • provider: Adds s3_use_path_style parameter and deprecates s3_force_path_style. (#23055)
  • provider: Changes shared_config_file parameter to shared_config_files (#23080)
  • provider: Updates AWS authentication to use AWS SDK for Go v2 https://aws.github.io/aws-sdk-go-v2/docs/ (#20587)
  • resource/aws_ami: Add boot_mode and ebs_block_device.outpost_arn arguments. (#22939)
  • resource/aws_ami_copy: Add boot_mode and ebs_block_device.outpost_arn attributes (#22972)
  • resource/aws_ami_from_instance: Add boot_mode and ebs_block_device.outpost_arn attributes (#22972)
  • resource/aws_api_gateway_domain_name: Add ownership_verification_certificate_arn argument. (#21076)
  • resource/aws_apigatewayv2_domain_name: Add domain_name_configuration.ownership_verification_certificate_arn argument. (#21076)
  • resource/aws_autoscaling_attachment: Add lb_target_group_arn argument (#22662)
  • resource/aws_cloudwatch_event_target: Add plan time validation for input, input_path, run_command_targets.values, http_target.header_parameters, http_target.query_string_parameters, redshift_target.database, redshift_target.db_user, redshift_target.secrets_manager_arn, redshift_target.sql, redshift_target.statement_name, retry_policy.maximum_event_age_in_seconds, retry_policy.maximum_retry_attempts. (#22946)
  • resource/aws_db_instance: Add db_name argument (#22668)
  • resource/aws_ec2_client_vpn_authorization_rule: Configurable Create and Delete timeouts (#20688)
  • resource/aws_ec2_client_vpn_endpoint: Add client_connect_options argument (#22793)
  • resource/aws_ec2_client_vpn_endpoint: Add client_login_banner_options argument (#22793)
  • resource/aws_ec2_client_vpn_endpoint: Add security_group_ids and vpc_id arguments (#22911)
  • resource/aws_ec2_client_vpn_endpoint: Add session_timeout_hours argument (#22793)
  • resource/aws_ec2_client_vpn_endpoint: Add vpn_port argument (#22793)
  • resource/aws_ec2_client_vpn_network_association: Configurable Create and Delete timeouts (#20689)
  • resource/aws_elasticache_replication_group: Add description argument (#22666)
  • resource/aws_elasticache_replication_group: Add num_cache_clusters argument (#22666)
  • resource/aws_elasticache_replication_group: Add num_node_groups and replicas_per_node_group arguments (#22666)
  • resource/aws_fsx_lustre_file_system: Add log_configuration argument. (#22935)
  • resource/aws_fsx_ontap_file_system: Reduce the minimum valid value of the throughput_capacity argument to 128 (128 MB/s) (#22898)
  • resource/aws_glue_partition_index: Add support for custom timeouts. (#22941)
  • resource/aws_imagebuilder_distribution_configuration: Add launch_template_configuration argument to the distribution configuration block (#22842)
  • resource/aws_imagebuilder_image_recipe: Add parameter argument to the component configuration block (#22837)
  • resource/aws_mq_broker: auto_minor_version_upgrade and host_instance_type can be changed without recreating broker (#20661)
  • resource/aws_s3_bucket_cors_configuration: Retry when NoSuchCORSConfiguration errors are returned from the AWS API (#22977)
  • resource/aws_s3_bucket_versioning: Add eventual consistency handling to help ensure bucket versioning is stabilized. (#21076)
  • resource/aws_vpn_connection: Add the ability to revert changes to unconfigured tunnel options made outside of Terraform to their documented default values (#17031)
  • resource/aws_vpn_connection: Mark customer_gateway_configuration as Sensitive (#15806)
  • resource/aws_wafv2_web_acl: Support version on managed_rule_group_statement (#21732)

BUG FIXES:

  • data-source/aws_vpc_peering_connections: Return empty array instead of error when no connections found. (#17382)
  • resource/aws_cloudformation_stack: Retry resource Create and Update for IAM eventual consistency (#22840)
  • resource/aws_cloudwatch_event_target: Preserve order of http_target.path_parameter_values. (#22946)
  • resource/aws_db_instance: Fix error with reboot of replica (#22178)
  • resource/aws_ec2_client_vpn_authorization_rule: Don't raise an error when InvalidClientVpnEndpointId.NotFound is returned during refresh (#20688)
  • resource/aws_ec2_client_vpn_endpoint: connection_log_options.cloudwatch_log_stream argument is Computed, preventing spurious resource diffs (#22891)
  • resource/aws_ecs_capacity_provider: Fix tagging error preventing use in ISO partitions (#23030)
  • resource/aws_ecs_cluster: Fix tagging error preventing use in ISO partitions (#23030)
  • resource/aws_ecs_service: Fix tagging error preventing use in ISO partitions (#23030)
  • resource/aws_ecs_task_definition: Fix tagging error preventing use in ISO partitions (#23030)
  • resource/aws_ecs_task_set: Fix tagging error preventing use in ISO partitions (#23030)
  • resource/aws_route_table_association: Handle nil 'AssociationState' in ISO regions (#22806)
  • resource/aws_route_table_association: Retry resource Read for EC2 eventual consistency (#22927)
  • resource/aws_vpc_ipam: Correct update of description (#22863)
  • resource/aws_waf_rule_group: Prevent panic when expanding the rule group's set of activated_rule (#22978)
  • resource/aws_wafregional_rule_group: Prevent panic when expanding the rule group's set of activated_rule (#22978)
Check out latest releases or
releases around hashicorp/terraform-provider-aws v4.0.0

Don't miss a new terraform-provider-aws release

NewReleases is sending notifications on new releases.

Get notifications