github hashicorp/terraform-provider-aws v5.0.0
on GitHub

latest releases: v5.48.0, v5.47.0, v5.46.0...
11 months ago

BREAKING CHANGES:

  • data-source/aws_api_gateway_rest_api: minimum_compression_size is now a string type to allow values set via the body attribute to be properly computed. (#30969)
  • data-source/aws_connect_hours_of_operation: The hours_of_operation_arn attribute has been removed (#31484)
  • data-source/aws_db_instance: With the retirement of EC2-Classic the db_security_groups attribute has been removed (#30966)
  • data-source/aws_elasticache_cluster: With the retirement of EC2-Classic the security_group_names attribute has been removed (#30966)
  • data-source/aws_elasticache_replication_group: Remove number_cache_clusters, replication_group_description arguments -- use num_cache_clusters, and description, respectively, instead (#31008)
  • data-source/aws_iam_policy_document: Don't add empty statement.sid values to json attribute value (#28539)
  • data-source/aws_iam_policy_document: source_json and override_json have been removed -- use source_policy_documents and override_policy_documents, respectively, instead (#30829)
  • data-source/aws_identitystore_group: The filter argument has been removed (#31312)
  • data-source/aws_identitystore_user: The filter argument has been removed (#31312)
  • data-source/aws_launch_configuration: With the retirement of EC2-Classic the vpc_classic_link_id and vpc_classic_link_security_groups attributes have been removed (#30966)
  • data-source/aws_redshift_cluster: With the retirement of EC2-Classic the cluster_security_groups attribute has been removed (#30966)
  • data-source/aws_secretsmanager_secret: The rotation_enabled, rotation_lambda_arn and rotation_rules attributes have been removed (#31487)
  • data-source/aws_vpc_peering_connection: With the retirement of EC2-Classic the allow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been removed (#30966)
  • provider: The assume_role.duration_seconds, assume_role_with_web_identity.duration_seconds, s3_force_path_style, shared_credentials_file and skip_get_ec2_platforms attributes have been removed (#31155)
  • provider: The aws_subnet_ids data source has been removed (#31140)
  • provider: With the retirement of EC2-Classic the aws_db_security_group resource has been removed (#30966)
  • provider: With the retirement of EC2-Classic the aws_elasticache_security_group resource has been removed (#30966)
  • provider: With the retirement of EC2-Classic the aws_redshift_security_group resource has been removed (#30966)
  • provider: With the retirement of Macie Classic the aws_macie_member_account_association resource has been removed (#31058)
  • provider: With the retirement of Macie Classic the aws_macie_s3_bucket_association resource has been removed (#31058)
  • resource/aws_acmpca_certificate_authority: The status attribute has been removed (#31084)
  • resource/aws_api_gateway_rest_api: minimum_compression_size is now a string type to allow values set via the body attribute to be properly computed. (#30969)
  • resource/aws_autoscaling_attachment: alb_target_group_arn has been removed -- use lb_target_group_arn instead (#30828)
  • resource/aws_autoscaling_group: Remove deprecated tags attribute (#30842)
  • resource/aws_budgets_budget: The cost_filters attribute has been removed (#31395)
  • resource/aws_ce_anomaly_subscription: The threshold attribute has been removed (#30374)
  • resource/aws_cloudwatch_event_target: The ecs_target.propagate_tags attribute now has no default value (#25233)
  • resource/aws_codebuild_project: The secondary_sources.auth and source.auth attributes have been removed (#31483)
  • resource/aws_connect_hours_of_operation: The hours_of_operation_arn attribute has been removed (#31484)
  • resource/aws_connect_queue: The quick_connect_ids_associated attribute has been removed (#31376)
  • resource/aws_connect_routing_profile: The queue_configs_associated attribute has been removed (#31376)
  • resource/aws_db_instance: Remove name - use db_name instead (#31232)
  • resource/aws_db_instance: With the retirement of EC2-Classic the security_group_names attribute has been removed (#30966)
  • resource/aws_db_instance: id is no longer the AWS database identifier - id is now the dbi-resource-id. Refer to identifier instead of id to use the database's identifier (#31232)
  • resource/aws_default_vpc: With the retirement of EC2-Classic the enable_classiclink and enable_classiclink_dns_support attributes have been removed (#30966)
  • resource/aws_dms_endpoint: s3_settings.ignore_headers_row has been removed (#30452)
  • resource/aws_docdb_cluster: snapshot_identifier change now properly forces replacement (#29409)
  • resource/aws_ec2_client_vpn_endpoint: The status attribute has been removed (#31223)
  • resource/aws_ec2_client_vpn_network_association: The security_groups attribute has been removed (#31396)
  • resource/aws_ec2_client_vpn_network_association: The status attribute has been removed (#31223)
  • resource/aws_ecs_cluster: The capacity_providers and default_capacity_provider_strategy attributes have been removed (#31346)
  • resource/aws_eip: With the retirement of EC2-Classic the standard domain is no longer supported (#30966)
  • resource/aws_eip_association: With the retirement of EC2-Classic the standard domain is no longer supported (#30966)
  • resource/aws_elasticache_cluster: With the retirement of EC2-Classic the security_group_names attribute has been removed (#30966)
  • resource/aws_elasticache_replication_group: Remove availability_zones, number_cache_clusters, replication_group_description arguments -- use preferred_cache_cluster_azs, num_cache_clusters, and description, respectively, instead (#31008)
  • resource/aws_elasticache_replication_group: Remove cluster_mode configuration block -- use top-level num_node_groups and replicas_per_node_group instead (#31008)
  • resource/aws_kinesis_firehose_delivery_stream: Remove s3_configuration attribute from the root of the resource. s3_configuration is now a part of the following blocks: elasticsearch_configuration, opensearch_configuration, redshift_configuration, splunk_configuration, and http_endpoint_configuration (#31138)
  • resource/aws_kinesis_firehose_delivery_stream: Remove s3 as an option for destination. Use extended_s3 instead (#31138)
  • resource/aws_kinesis_firehose_delivery_stream: Rename extended_s3_configuration.0.s3_backup_configuration.0.buffer_size and extended_s3_configuration.0.s3_backup_configuration.0.buffer_interval to extended_s3_configuration.0.s3_backup_configuration.0.buffering_size and extended_s3_configuration.0.s3_backup_configuration.0.buffering_interval, respectively (#31141)
  • resource/aws_kinesis_firehose_delivery_stream: Rename redshift_configuration.0.s3_backup_configuration.0.buffer_size and redshift_configuration.0.s3_backup_configuration.0.buffer_interval to redshift_configuration.0.s3_backup_configuration.0.buffering_size and redshift_configuration.0.s3_backup_configuration.0.buffering_interval, respectively (#31141)
  • resource/aws_kinesis_firehose_delivery_stream: Rename s3_configuration.0.buffer_size and s3_configuration.0.buffer_internval to s3_configuration.0.buffering_size and s3_configuration.0.buffering_internval, respectively (#31141)
  • resource/aws_launch_configuration: With the retirement of EC2-Classic the vpc_classic_link_id and vpc_classic_link_security_groups attributes have been removed (#30966)
  • resource/aws_lightsail_instance: The ipv6_address attribute has been removed (#31489)
  • resource/aws_medialive_multiplex_program: The statemux_settings attribute has been removed. Use statmux_settings argument instead (#31034)
  • resource/aws_msk_cluster: The broker_node_group_info.ebs_volume_size attribute has been removed (#31324)
  • resource/aws_neptune_cluster: snapshot_identifier change now properly forces replacement (#29409)
  • resource/aws_networkmanager_core_network: Removed policy_document argument -- use aws_networkmanager_core_network_policy_attachment resource instead (#30875)
  • resource/aws_rds_cluster: The engine argument is now required and has no default (#31112)
  • resource/aws_rds_cluster: snapshot_identifier change now properly forces replacement (#29409)
  • resource/aws_rds_cluster_instance: The engine argument is now required and has no default (#31112)
  • resource/aws_redshift_cluster: With the retirement of EC2-Classic the cluster_security_groups attribute has been removed (#30966)
  • resource/aws_route: instance_id can no longer be set in configurations. Use network_interface_id instead, for example, setting network_interface_id to aws_instance.test.primary_network_interface_id. (#30804)
  • resource/aws_route_table: route.*.instance_id can no longer be set in configurations. Use route.*.network_interface_id instead, for example, setting network_interface_id to aws_instance.test.primary_network_interface_id. (#30804)
  • resource/aws_secretsmanager_secret: The rotation_enabled, rotation_lambda_arn and rotation_rules attributes have been removed (#31487)
  • resource/aws_security_group: With the retirement of EC2-Classic non-VPC security groups are no longer supported (#30966)
  • resource/aws_security_group_rule: With the retirement of EC2-Classic non-VPC security groups are no longer supported (#30966)
  • resource/aws_servicecatalog_product: Changes to any provisioning_artifact_parameters arguments now properly trigger a replacement. This fixes incorrect behavior, but may technically be breaking for configurations expecting non-functional in-place updates. (#31061)
  • resource/aws_vpc: With the retirement of EC2-Classic the enable_classiclink and enable_classiclink_dns_support attributes have been removed (#30966)
  • resource/aws_vpc_peering_connection: With the retirement of EC2-Classic the allow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been removed (#30966)
  • resource/aws_vpc_peering_connection_accepter: With the retirement of EC2-Classic the allow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been removed (#30966)
  • resource/aws_vpc_peering_connection_options: With the retirement of EC2-Classic the allow_classic_link_to_remote_vpc and allow_vpc_to_remote_classic_link attributes have been removed (#30966)
  • resource/aws_wafv2_web_acl: The statement.managed_rule_group_statement.excluded_rule and statement.rule_group_reference_statement.excluded_rule attributes have been removed (#31374)
  • resource/aws_wafv2_web_acl_logging_configuration: The redacted_fields.all_query_arguments, redacted_fields.body and redacted_fields.single_query_argument attributes have been removed (#31486)

NOTES:

  • data-source/aws_elasticache_replication_group: Update configurations to use description instead of the replication_group_description argument (#31008)
  • data-source/aws_elasticache_replication_group: Update configurations to use num_cache_clusters instead of the number_cache_clusters argument (#31008)
  • data-source/aws_opensearch_domain: The kibana_endpoint attribute has been deprecated. All configurations using kibana_endpoint should be updated to use the dashboard_endpoint attribute instead (#31490)
  • data-source/aws_quicksight_data_set: The tags_all attribute has been deprecated and will be removed in a future version (#31162)
  • data-source/aws_redshift_service_account: The aws_redshift_service_account data source has been deprecated and will be removed in a future version. AWS documentation states that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#31006)
  • data-source/aws_service_discovery_service: The tags_all attribute has been deprecated and will be removed in a future version (#31162)
  • resource/aws_api_gateway_rest_api: Update configurations with minimum_compression_size set to pass the value as a string. Valid values remain the same. (#30969)
  • resource/aws_autoscaling_attachment: Update configurations to use lb_target_group_arn instead of alb_target_group_arn which has been removed (#30828)
  • resource/aws_db_event_subscription: Configurations that define source_ids using the id attribute of aws_db_instance must be updated to use identifier instead - for example, source_ids = [aws_db_instance.example.id] must be updated to source_ids = [aws_db_instance.example.identifier] (#31232)
  • resource/aws_db_instance: Configurations that define replicate_source_db using the id attribute of aws_db_instance must be updated to use identifier instead - for example, replicate_source_db = aws_db_instance.example.id must be updated to replicate_source_db = aws_db_instance.example.identifier (#31232)
  • resource/aws_db_instance: The change of what id is, namely, a DBI Resource ID now versus DB Identifier previously, has far-reaching consequences. Configurations that refer to, for example, aws_db_instance.example.id will now have errors and must be changed to use identifier instead, for example, aws_db_instance.example.identifier (#31232)
  • resource/aws_db_instance_role_association: Configurations that define db_instance_identifier using the id attribute of aws_db_instance must be updated to use identifier instead - for example, db_instance_identifier = aws_db_instance.example.id must be updated to db_instance_identifier = aws_db_instance.example.identifier (#31232)
  • resource/aws_db_proxy_target: Configurations that define db_instance_identifier using the id attribute of aws_db_instance must be updated to use identifier instead - for example, db_instance_identifier = aws_db_instance.example.id must be updated to db_instance_identifier = aws_db_instance.example.identifier (#31232)
  • resource/aws_db_snapshot: Configurations that define db_instance_identifier using the id attribute of aws_db_instance must be updated to use identifier instead - for example, db_instance_identifier = aws_db_instance.example.id must be updated to db_instance_identifier = aws_db_instance.example.identifier (#31232)
  • resource/aws_docdb_cluster: Changes to the snapshot_identifier attribute will now trigger a replacement, rather than an in-place update. This corrects the previous behavior which resulted in a successful apply, but did not actually restore the cluster from the designated snapshot. (#29409)
  • resource/aws_dx_gateway_association: The vpn_gateway_id attribute has been deprecated. All configurations using vpn_gateway_id should be updated to use the associated_gateway_id attribute instead (#31384)
  • resource/aws_elasticache_replication_group: Update configurations to use description instead of the replication_group_description argument (#31008)
  • resource/aws_elasticache_replication_group: Update configurations to use num_cache_clusters instead of the number_cache_clusters argument (#31008)
  • resource/aws_elasticache_replication_group: Update configurations to use preferred_cache_cluster_azs instead of the availability_zones argument (#31008)
  • resource/aws_elasticache_replication_group: Update configurations to use top-level num_node_groups and replicas_per_node_group instead of cluster_mode.0.num_node_groups and cluster_mode.0.replicas_per_node_group, respectively (#31008)
  • resource/aws_flow_log: The log_group_name attribute has been deprecated. All configurations using log_group_name should be updated to use the log_destination attribute instead (#31382)
  • resource/aws_guardduty_organization_configuration: The auto_enable argument has been deprecated. Use the auto_enable_organization_members argument instead. (#30736)
  • resource/aws_neptune_cluster: Changes to the snapshot_identifier attribute will now trigger a replacement, rather than an in-place update. This corrects the previous behavior which resulted in a successful apply, but did not actually restore the cluster from the designated snapshot. (#29409)
  • resource/aws_networkmanager_core_network: Update configurations to use the aws_networkmanager_core_network_policy_attachment resource instead of the policy_document argument (#30875)
  • resource/aws_opensearch_domain: The engine_version attribute no longer has a default value. When omitted, the underlying AWS API will use the latest OpenSearch engine version. (#31568)
  • resource/aws_opensearch_domain: The kibana_endpoint attribute has been deprecated. All configurations using kibana_endpoint should be updated to use the dashboard_endpoint attribute instead (#31490)
  • resource/aws_rds_cluster: Changes to the snapshot_identifier attribute will now trigger a replacement, rather than an in-place update. This corrects the previous behavior which resulted in a successful apply, but did not actually restore the cluster from the designated snapshot. (#29409)
  • resource/aws_rds_cluster: Configurations not including the engine argument must be updated to include engine as it is now required. Previously, not including engine was equivalent to engine = "aurora" and created a MySQL-5.6-compatible cluster (#31112)
  • resource/aws_rds_cluster_instance: Configurations not including the engine argument must be updated to include engine as it is now required. Previously, not including engine was equivalent to engine = "aurora" and created a MySQL-5.6-compatible cluster instance (#31112)
  • resource/aws_route: Since instance_id can no longer be set in configurations, use network_interface_id instead. For example, set network_interface_id to aws_instance.test.primary_network_interface_id. (#30804)
  • resource/aws_route_table: Since route.*.instance_id can no longer be set in configurations, use route.*.network_interface_id instead. For example, set network_interface_id to aws_instance.test.primary_network_interface_id. (#30804)
  • resource/aws_ssm_association: The instance_id attribute has been deprecated. All configurations using instance_id should be updated to use the targets attribute instead (#31380)

ENHANCEMENTS:

  • provider: Allow computed tags on resources (#30793)
  • provider: Allow default_tags and resource tags to include zero values "" (#30793)
  • provider: Duplicate default_tags can now be included and will be overwritten by resource tags (#30793)
  • resource/aws_db_instance: Updates to identifier and identifier_prefix will no longer cause the database instance to be destroyed and recreated (#31232)
  • resource/aws_eip: Deprecate vpc attribute. Use domain instead (#31567)
  • resource/aws_guardduty_organization_configuration: Add auto_enable_organization_members attribute (#30736)
  • resource/aws_kinesis_firehose_delivery_stream: Add s3_configuration to elasticsearch_configuration, opensearch_configuration, redshift_configuration, splunk_configuration, and http_endpoint_configuration (#31138)
  • resource/aws_opensearch_domain: Removed engine_version default value (#31568)
  • resource/aws_wafv2_web_acl: Support rule_action_override on rule_group_reference_statement (#31374)

BUG FIXES:

  • resource/aws_ecs_capacity_provider: Allow an instance_warmup_period of 0 in the auto_scaling_group_provider.managed_scaling configuration block (#24005)
  • resource/aws_launch_template: Remove default values in metadata_options to allow default condition (#30545)
  • resource/aws_s3_bucket: Fix bucket_regional_domain_name not including region for buckets in us-east-1 (#25724)
  • resource/aws_s3_object: Remove acl default in order to work with S3 buckets that have ACL disabled (#27197)
  • resource/aws_s3_object_copy: Remove acl default in order to work with S3 buckets that have ACL disabled (#27197)
  • resource/aws_servicecatalog_product: Changes to provisioning_artifact_parameters arguments now properly trigger a replacement (#31061)
  • resource/aws_vpc_peering_connection: Fix crash in vpcPeeringConnectionOptionsEqual (#30966)
Check out latest releases or
releases around hashicorp/terraform-provider-aws v5.0.0

Don't miss a new terraform-provider-aws release

NewReleases is sending notifications on new releases.

Get notifications