github hashicorp/terraform-provider-aws v6.0.0
on GitHub

latest releases: v6.12.0, v6.11.0, v6.10.0...
2 months ago

BREAKING CHANGES:

  • data-source/aws_ami: The severity of the diagnostic returned when most_recent is true and owner and image ID filter criteria has been increased to an error. Existing configurations which were previously receiving a warning diagnostic will now fail to apply. To prevent this error, set the owner argument or include a filter block with an image-id or owner-id name/value pair. To continue using unsafe filter values with most_recent set to true, set the new allow_unsafe_filter argument to true. This is not recommended. (#42114)
  • data-source/aws_ecs_task_definition: Remove inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • data-source/aws_ecs_task_execution: Remove inference_accelerator_overrides attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • data-source/aws_elbv2_listener_rule: The action.authenticate_cognito, action.authenticate_oidc, action.fixed_response, action.forward, action.forward.stickiness, action.redirect, condition.host_header, condition.http_header, condition.http_request_method, condition.path_pattern, condition.query_string, and condition.source_ip attributes are now list nested blocks instead of single nested blocks (#42283)
  • data-source/aws_identitystore_user: filter has been removed (#42325)
  • data-source/aws_launch_template: Remove elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • data-source/aws_launch_template: elastic_gpu_specifications has been removed (#42312)
  • data-source/aws_opensearch_domain: kibana_endpoint has been removed (#42268)
  • data-source/aws_opensearchserverless_security_config: saml_options is now a list nested block instead of a single nested block (#42270)
  • data-source/aws_service_discovery_service: Remove tags_all attribute (#42136)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_application resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_custom_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ecs_cluster_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ganglia_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_haproxy_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_instance resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_java_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_memcached_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_mysql_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_nodejs_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_permission resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_php_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rails_app_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rds_db_instance resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_stack resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_static_web_layer resource has been removed (#41948)
  • provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_user_profile resource has been removed (#41948)
  • provider: As the AWS SDK for Go v2 does not support Amazon SimpleDB the aws_simpledb_domain resource has been removed. Add a constraint to v5 of the Terraform AWS Provider for continued use of this resource (#41775)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_fleet resource has been removed (#42059)
  • provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_website_certificate_authority_association resource has been removed (#42059)
  • provider: The aws_redshift_service_account resource has been removed. AWS recommends that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#41941)
  • provider: The endpoints.iotanalytics and endpoints.iotevents configuration arguments have been removed (#42703)
  • provider: The endpoints.opsworks configuration argument has been removed (#41948)
  • provider: The endpoints.simpledb and endpoints.sdb configuration arguments have been removed (#41775)
  • provider: The endpoints.worklink configuration argument has been removed (#42059)
  • resource/aws_accessanalyzer_archive_rule: filter.exists now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_alb_target_group: preserve_client_ip now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_api_gateway_account: The reset_on_delete argument has been removed (#42226)
  • resource/aws_api_gateway_deployment: Remove canary_settings, execution_arn, invoke_url, stage_description, and stage_name arguments. Instead, use the aws_api_gateway_stage resource to manage stages. (#42249)
  • resource/aws_batch_compute_environment: Rename compute_environment_name to name
    resource/aws_batch_compute_environment: Rename compute_environment_name_prefix to name_prefix (#38050)
  • resource/aws_batch_compute_environment_data_source: Rename compute_environment_name to name (#38050)
  • resource/aws_batch_job_queue: Remove deprecated parameter compute_environments in place of compute_environment_order (#40751)
  • resource/aws_bedrock_model_invocation_logging_configuration: logging_config, logging_config.cloudwatch_config, logging_config.cloudwatch_config.large_data_delivery_s3_config, and logging_config.s3_config are now list nested blocks instead of single nested blocks (#42307)
  • resource/aws_cloudfront_key_value_store: Attribute id is now set to remote object's Id instead of name (#42230)
  • resource/aws_cloudfront_response_headers_policy: The etag argument is now computed only (#38448)
  • resource/aws_cloudtrail_event_data_store: suspend now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_cognito_user_in_group: The id attribute is now a comma-delimited string concatenating the user_pool_id, group_name, and username arguments (#34082)
  • resource/aws_cur_report_definition: The s3_prefix argument is now required (#38446)
  • resource/aws_db_instance: character_set_name now cannot be set with replicate_source_db, restore_to_point_in_time, s3_import, or snapshot_identifier. (#42348)
  • resource/aws_dms_endpoint: Remove s3_settings attribute. Use aws_dms_s3_endpoint instead (#42379)
  • resource/aws_dx_gateway_association: vpn_gateway_id has been removed (#42323)
  • resource/aws_ec2_spot_instance_fleet: terminate_instances_on_delete now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_ec2_spot_instance_request: Remove block_duration_minutes attribute (#42060)
  • resource/aws_ecs_task_definition: Remove inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • resource/aws_eip: vpc has been removed. Use domain instead. (#42340)
  • resource/aws_eks_addon: resolve_conflicts has been removed. Use resolve_conflicts_on_create and resolve_conflicts_on_update instead. (#42318)
  • resource/aws_elasticache_cluster: auto_minor_version_upgrade now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_elasticache_replication_group: at_rest_encryption_enabled and auto_minor_version_upgrade now only accept one of "" (empty string), true, or false (#42434)
  • resource/aws_elasticache_replication_group: auth_token_update_strategy no longer has a default value. If auth_token is set, auth_token_update_strategy must also be explicitly configured. (#42336)
  • resource/aws_evidently_feature: variations.value.bool_value now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_flow_log: log_group_name has been removed. Use log_destination instead. (#42333)
  • resource/aws_globalaccelerator_accelerator: The id attribute is now computed only (#42097)
  • resource/aws_guardduty_detector: Deprecates datasources. Use aws_guardduty_detector_feature resources instead. (#42436)
  • resource/aws_guardduty_organization_configuration: The auto_enable attribute has been removed (#42251)
  • resource/aws_identitystore_group: filter has been removed (#42325)
  • resource/aws_imagebuilder_container_recipe: instance_configuration.block_device_mapping.ebs.delete_on_termination and instance_configuration.block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#42434)
  • resource/aws_imagebuilder_image_recipe: block_device_mapping.ebs.delete_on_termination and block_device_mapping.ebs.encrypted now only accept one of "" (empty string), true, or false (#42434)
  • resource/aws_instance: Remove cpu_core_count and cpu_threads_per_core. Instead, use cpu_options. (#42280)
  • resource/aws_instance: user_data now displays cleartext instead of a hash. Base64 encoded content should use user_data_base64 instead. (#42078)
  • resource/aws_launch_template: block_device_mappings.ebs.delete_on_termination, block_device_mappings.ebs.encrypted, ebs_optimized, network_interfaces.associate_carrier_ip_address, network_interfaces.associate_public_ip_address, network_interfaces.delete_on_termination, and network_interfaces.primary_ipv6 now only accept one of "" (empty string), true, or false (#42434)
  • resource/aws_launch_template: Remove elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
  • resource/aws_launch_template: elastic_gpu_specifications has been removed (#42312)
  • resource/aws_lb_listener: mutual_authentication attributes advertise_trust_store_ca_names, ignore_client_certificate_expiry, and trust_store_arn are only valid if mode is verify (#42326)
  • resource/aws_lb_target_group: preserve_client_ip now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_mq_broker: logs.audit now only accepts one of "" (empty string), true, or false (#42434)
  • resource/aws_networkmanager_core_network: The base_policy_region argument has been removed. Use base_policy_regions instead. (#38398)
  • resource/aws_opensearch_domain: kibana_endpoint has been removed (#42268)
  • resource/aws_opensearchserverless_security_config: saml_options is now a list nested block instead of a single nested block (#42270)
  • resource/aws_paymentcryptography_key: key_attributes and key_attributes.key_modes_of_use are now list nested blocks instead of single nested blocks. (#42264)
  • resource/aws_quicksight_data_set: tags_all has been removed (#42260)
  • resource/aws_redshift_cluster: Attributes cluster_public_key, cluster_revision_number, and endpoint are now read only and should not be set (#42119)
  • resource/aws_redshift_cluster: The logging attribute has been removed (#42013)
  • resource/aws_redshift_cluster: The publicly_accessible attribute now defaults to false (#41978)
  • resource/aws_redshift_cluster: The snapshot_copy attribute has been removed (#41995)
  • resource/aws_rekognition_stream_processor: regions_of_interest.bounding_box is now a list nested block instead of a single nested block (#41380)
  • resource/aws_resiliencehub_resiliency_policy: policy, policy.az, policy.hardware, policy.software, and policy.region are now list nested blocks instead of single nested blocks (#42297)
  • resource/aws_sagemaker_app_image_config: Exactly one code_editor_app_image_config, jupyter_lab_image_config, or kernel_gateway_image_config block must be configured (#42753)
  • resource/aws_sagemaker_image_version: id is now a comma-delimited string concatenating image_name and version (#42536)
  • resource/aws_sagemaker_notebook_instance: Remove accelerator_types from your configuration—it no longer exists. Instead, use instance_type to use Inferentia. (#42099)
  • resource/aws_ssm_association: Remove instance_id argument (#42224)
  • resource/aws_verifiedpermissions_schema: definition is now a list nested block instead of a single nested block (#42305)
  • resource/aws_wafv2_web_acl: rule.statement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_bot_control_rule_set.enable_machine_learning now defaults to false (#39858)

NOTES:

  • data-source/aws_cloudtrail_service_account: This data source is deprecated. AWS recommends using a service principal name instead of an AWS account ID in any relevant IAM policy. (#42320)
  • data-source/aws_kms_secret: This data source will be removed in a future version (#42524)
  • data-source/aws_region: The name attribute has been deprecated. All configurations using name should be updated to use the region attribute instead (#42131)
  • data-source/aws_s3_bucket: Add bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#42014)
  • data-source/aws_servicequotas_templates: The region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#42131)
  • data-source/aws_ssmincidents_replication_set: The region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#42014)
  • data-source/aws_vpc_endpoint_service: The region attribute has been deprecated. All configurations using region should be updated to use the service_region attribute instead (#42014)
  • data-source/aws_vpc_peering_connection: The region attribute has been deprecated. All configurations using region should be updated to use the requester_region attribute instead (#42014)
  • provider: Support for the global S3 endpoint is deprecated, along with the s3_us_east_1_regional_endpoint argument. The ability to use the global S3 endpoint will be removed in v7.0.0. (#42375)
  • resource/aws_cloudformation_stack_set_instance: The region attribute has been deprecated. All configurations using region should be updated to use the stack_set_instance_region attribute instead (#42014)
  • resource/aws_codeconnections_host: Deprecates id in favor of arn (#42232)
  • resource/aws_config_aggregate_authorization: The region attribute has been deprecated. All configurations using region should be updated to use the authorized_aws_region attribute instead (#42014)
  • resource/aws_dx_hosted_connection: The region attribute has been deprecated. All configurations using region should be updated to use the connection_region attribute instead (#42014)
  • resource/aws_elasticache_replication_group: The ability to provide an uppercase engine value is deprecated (#42419)
  • resource/aws_elasticache_user: The ability to provide an uppercase engine value is deprecated (#42419)
  • resource/aws_elasticache_user_group: The ability to provide an uppercase engine value is deprecated (#42419)
  • resource/aws_elastictranscoder_pipeline: This resource is deprecated. Use AWS Elemental MediaConvert instead. (#42313)
  • resource/aws_elastictranscoder_preset: This resource is deprecated. Use AWS Elemental MediaConvert instead. (#42313)
  • resource/aws_evidently_feature: This resource is deprecated. Use AWS AppConfig feature flags instead. (#42227)
  • resource/aws_evidently_launch: This resource is deprecated. Use AWS AppConfig feature flags instead. (#42227)
  • resource/aws_evidently_project: This resource is deprecated. Use AWS AppConfig feature flags instead. (#42227)
  • resource/aws_evidently_segment: This resource is deprecated. Use AWS AppConfig feature flags instead. (#42227)
  • resource/aws_guardduty_organization_configuration: datasources now returns a deprecation warning (#42251)
  • resource/aws_kinesis_analytics_application: Effective January 27, 2026, AWS will no longer support Kinesis Data Analytics for SQL. This resource is deprecated and will be removed in a future version. Use the aws_kinesisanalyticsv2_application resource instead (#42102)
  • resource/aws_media_store_container: This resource is deprecated. It will be removed in a future version. Use S3, AWS MediaPackage, or other storage solution instead. (#42265)
  • resource/aws_media_store_container_policy: This resource is deprecated. It will be removed in a future version. Use S3, AWS MediaPackage, or other storage solution instead. (#42265)
  • resource/aws_redshift_cluster: The default value of encrypted is now true to match the AWS API. (#42631)
  • resource/aws_s3_bucket: Add bucket_region attribute. Use of the bucket_region attribute instead of the region attribute is encouraged (#42014)
  • resource/aws_service_discovery_service: health_check_custom_config.failure_threshold is deprecated. The argument is no longer supported by AWS and is always set to 1 (#40777)
  • resource/aws_servicequotas_template: The region attribute has been deprecated. All configurations using region should be updated to use the aws_region attribute instead (#42131)
  • resource/aws_ssmincidents_replication_set: The region attribute has been deprecated. All configurations using region should be updated to use the regions attribute instead (#42014)

ENHANCEMENTS:

  • data-source/aws_ami: Add allow_unsafe_filter argument (#42114)
  • data-source/aws_availability_zone: Add group_long_name attribute (#42014)
  • data-source/aws_availability_zone: Mark region as Optional, allowing a value to be configured (#42014)
  • resource/aws_auditmanager_assessment: Add plan-time validation of roles.role_arn and roles.role_type (#42131)
  • provider: Add enhanced region support to most resources, data sources, and ephemeral resources, allowing per-resource Region targeting without requiring multiple provider configurations. See the Enhanced Region Support guide for more information. (#43075)
  • resource/aws_auditmanager_control: Add plan-time validation of control_mapping_sources.source_frequency, control_mapping_sources.source_set_up_option, and control_mapping_sources.source_type (#42131)
  • resource/aws_auditmanager_framework_share: Add plan-time validation of destination_account (#42741)
  • resource/aws_auditmanager_organization_admin_account_registration: Add plan-time validation of admin_account_id (#42741)
  • resource/aws_cognito_user_in_group: Add import support (#34082)
  • resource/aws_ecs_service: Add arn attribute (#42733)
  • resource/aws_guardduty_detector: Adds validation to finding_publishing_frequency. (#42436)
  • resource/aws_lb_listener: mutual_authentication attribute trust_store_arn is required if mode is verify (#42326)
  • resource/aws_quicksight_iam_policy_assignment: Add plan-time validation of policy_arn (#42131)
  • resource/aws_sagemaker_image_version: Add aliases argument (#42610)
  • resource/aws_securitylake_subscriber: Add plan-time validation of access_type source.aws_log_source_resource.source_name, and subscriber_identity.external_id (#42131)

BUG FIXES:

  • resource/aws_auditmanager_control: Fix Provider produced inconsistent result after apply errors (#42131)
  • resource/aws_redshift_cluster: Fixes permanent diff when encrypted is not explicitly set to true. (#42631)
  • resource/aws_rekognition_stream_processor: Fix regions_of_interest.bounding_box and regions_of_interest.polygon argument validation (#41380)
  • resource/aws_sagemaker_image_version: Read the correct image version after creation rather than always fetching the latest (#42536)
  • resource/aws_securitylake_subscriber: Change access_type to ForceNew (#42131)
Check out latest releases or
releases around hashicorp/terraform-provider-aws v6.0.0

Don't miss a new terraform-provider-aws release

NewReleases is sending notifications on new releases.

Get notifications