github hashicorp/terraform-provider-aws v6.21.0
on GitHub

13 hours ago

6.21.0 (November 13, 2025)

BREAKING CHANGES:

  • resource/aws_bedrockagentcore_browser: Rename network_configuration.network_mode_config to network_configuration.vpc_config (#44828)

FEATURES:

  • New Action: aws_dynamodb_create_backup (#45001)
  • New Resource: aws_networkflowmonitor_monitor (#44782)
  • New Resource: aws_networkflowmonitor_scope (#44782)
  • New Resource: aws_observabilityadmin_centralization_rule_for_organization (#44806)

ENHANCEMENTS:

  • data-source/aws_ecs_service: Add capacity_provider_strategy, created_at, created_by, deployment_configuration, deployment_controller, deployments, enable_ecs_managed_tags, enable_execute_command, events, health_check_grace_period_seconds, iam_role, network_configuration, ordered_placement_strategy, pending_count, placement_constraints, platform_family, platform_version, propagate_tags, running_count, service_connect_configuration, service_registries, status, and task_sets attributes (#44842)
  • resource/aws_bedrockagentcore_gateway_target: Add target_configuration.mcp.mcp_server block (#44991)
  • resource/aws_bedrockagentcore_gateway_target: Make credential_provider_configuration block optional (#44991)
  • resource/aws_cloudwatch_log_delivery_destination: Make delivery_destination_type and delivery_destination_configuration optional to support AWS X-Ray as a destination (#44995)
  • resource/aws_ecs_service: Add support for LINEAR and CANARY deployment strategies with deployment_configuration.linear_configuration and deployment_configuration.canary_configuration blocks (#44842)
  • resource/aws_lambda_function: Add support for java25 runtime value (#45024)
  • resource/aws_lambda_function: Add support for nodejs24.x runtime value (#45024)
  • resource/aws_lambda_function: Add support for python3.14 runtime value (#45024)
  • resource/aws_lambda_layer_version: Add support for java25 compatible_runtimes value (#45024)
  • resource/aws_lambda_layer_version: Add support for nodejs24.x compatible_runtimes value (#45024)
  • resource/aws_lambda_layer_version: Add support for python3.14 compatible_runtimes value (#45024)
  • resource/aws_s3tables_table: Add tagging support (#44996)
  • resource/aws_s3tables_table_bucket: Add tagging support (#44996)
  • resource/aws_sagemaker_endpoint_configuration: Add execution_role_arn argument and make model_name optional in production_variants and shadow_production_variants blocks to support Inference Components (#44977)
  • resource/aws_sns_topic: Fix AuthorizationError ... is not authorized to perform: iam:PassRole on resource ... IAM eventual consistency errors on Create and Update (#45018)

BUG FIXES:

  • provider: Fix situation where refreshes of removed infrastructure appear as errors rather than warnings (#45022)
  • resource/aws_apprunner_service: Prevents error when upgrading from provider pre-v6.0 without refreshing (#45050)
  • resource/aws_apprunner_service: Prevents error when upgrading from provider pre-v6.0 without refreshing (#45051)
  • resource/aws_ec2_image_block_public_access: Add region argument (#45023)
  • resource/aws_ec2_serial_console_access: Add region argument (#45064)
  • resource/aws_emrcontainers_job_template: Fix ValidationException: Value null at 'jobTemplateData.configurationOverrides.monitoringConfiguration.cloudWatchMonitoringConfiguration.logGroupName' failed to satisfy constraint: Member must not be null error (#45029)
  • resource/aws_emrcontainers_job_template: Fix setting job_template_data: job_template_data.0.configuration_overrides.0.application_configuration.0: '' expected a map, got 'slice' error (#45029)
  • resource/aws_emrcontainers_job_template: Mark job_template_data.job_driver.configuration_overrides.monitoring_configuration.persistent_app_ui argument as computed (#45029)
  • resource/aws_invoicing_invoice_unit: Fix Provider returned invalid result object after apply error occurred when updating the resource (#45030)
  • resource/aws_opensearch_authorize_vpc_endpoint_access: Fix reading the resource when more than one principal is authorized. The import ID has changed from domain_name to domain_name and account separated by a comma (#44982)
  • resource/aws_redshift_cluster: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_cluster_snapshot: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_event_subscription: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_hsm_client_certificate: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_hsm_configuration: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_integration: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_parameter_group: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_snapshot_copy_grant: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_snapshot_schedule: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_subnet_group: Prevents errors with empty tag values. (#44952)
  • resource/aws_redshift_usage_limit: Prevents errors with empty tag values. (#44952)
  • resource/aws_sagemaker_endpoint: Fix bug where endpoint_config_name was not correctly updated, causing the endpoint to retain the old configuration (#42843)
  • resource/aws_wafv2_web_acl_logging_configuration: Fix the validation for redacted_fields.single_header.name (#44987)
Check out latest releases or
releases around hashicorp/terraform-provider-aws v6.21.0

Don't miss a new terraform-provider-aws release

NewReleases is sending notifications on new releases.

Get notifications