github hashicorp/terraform-provider-aws v6.22.0
on GitHub

14 hours ago

6.22.0 (November 20, 2025)

NOTES:

  • resource/aws_s3_bucket_server_side_encryption_configuration: Starting in March 2026, Amazon S3 will introduce a new default bucket security setting by automatically disabling server-side encryption with customer-provided keys (SSE-C) for all new buckets. Use the blocked_encryption_types argument to manage this behavior for specific buckets. (#45105)

FEATURES:

  • New Ephemeral Resource: aws_ecr_authorization_token (#44949)
  • New Guide: Tag Policy Compliance (#45143)
  • New Resource: aws_billing_view (#45097)
  • New Resource: aws_vpclattice_domain_verification (#45085)

ENHANCEMENTS:

  • data-source/aws_lb_listener: Add default_action.jwt_validation attribute (#45089)
  • data-source/aws_lb_listener_rule: Add action.jwt_validation attribute (#45089)
  • data-source/aws_route53_zone: Support filtering by tags only or by vpc_id only (#39671)
  • provider: Add support for enforcing tag policy compliance. This opt-in feature can be enabled via the new tag_policy_compliance provider argument, or the TF_AWS_TAG_POLICY_COMPLIANCE environment variable. When enabled, the principal executing Terraform must have the tags:ListRequiredTags IAM permission. (#45143)
  • resource/aws_backup_logically_air_gapped_vault: Add encryption_key_arn argument (#45020)
  • resource/aws_bedrock_guardrail: Add input_action, input_enabled, input_modalities, output_action, output_enabled, and output_modalities arguments to the content_policy_config.filters_config block (#45104)
  • resource/aws_bedrockagent_knowledge_base: Add storage_configuration.rds_configuration.field_mapping.custom_metadata_field argument (#45075)
  • resource/aws_bedrockagentcore_agent_runtime: Add agent_runtime_artifact.code_configuration block (#45091)
  • resource/aws_bedrockagentcore_agent_runtime: Make agent_runtime_artifact.container_configuration block optional (#45091)
  • resource/aws_dynamodb_table: Add global_table_witness argument (#43908)
  • resource/aws_emr_managed_scaling_policy: Add scaling_strategy and utilization_performance_index arguments (#45132)
  • resource/aws_fis_experiment_template: Add plan-time validation of log_configuration.cloudwatch_logs_configuration.log_group_arn (#35941)
  • resource/aws_fis_experiment_template: Add support for Functions to action.*.target (#41209)
  • resource/aws_lambda_invocation: Add import support (#41240)
  • resource/aws_lb_listener: Support jwt-validation as a valid default_action.type and add default_action.jwt_validation configuration block (#45089)
  • resource/aws_lb_listener_rule: Support jwt-validation as a valid action.type and add action.jwt_validation configuration block (#45089)
  • resource/aws_odb_cloud_vm_cluster: vm cluster creation using odb network ARN and exadata infrastructure ARN for resource sharing model. (#45003)
  • resource/aws_organizations_organization: Add SECURITYHUB_POLICY as a valid value for enabled_policy_types argument (#45135)
  • resource/aws_prometheus_query_logging_configuration: Add plan-time validation of destination.cloudwatch_logs.log_group_arn (#35941)
  • resource/aws_prometheus_workspace: Add plan-time validation of logging_configuration.log_group_arn (#35941)
  • resource/aws_s3_bucket_server_side_encryption_configuration: Add rule.blocked_encryption_types argument (#45105)
  • resource/aws_sagemaker_model: Add container.additional_model_data_source and primary_container.additional_model_data_source arguments (#44407)
  • resource/aws_sfn_state_machine: Add plan-time validation of logging_configuration.log_destination (#35941)
  • resource/aws_timestreaminfluxdb_db_cluster: Add engine_type attribute (#44899)
  • resource/aws_timestreaminfluxdb_db_cluster: Add validation to ensure InfluxDB V2 clusters have required fields and InfluxDB V3 clusters (when using V3 parameter groups) do not have forbidden V2 fields. This functionality requires the timestream-influxdb:GetDbParameterGroup IAM permission (#44899)
  • resource/aws_vpclattice_resource_configuration: Add custom_domain_name and domain_verification_id arguments and domain_verification_arn and domain_verification_status attributes to support custom domain names for resource configurations (#45085)
  • resource/aws_vpn_connection: Add tunnel_bandwidth argument to support higher bandwidth tunnels (#45070)

BUG FIXES:

  • resource/aws_db_instance: Fix blue/green deployments failing with "not in available state" by improving stability and handling storage-config-upgrade and storage-initialization statuses (#41275)
  • resource/aws_elastic_beanstalk_configuration_template: Fix updates not applying by including ResourceName for option settings and preventing duplicate add/remove operations (#45077)
  • resource/aws_odb_cloud_vm_cluster: support for hyphen in odb cloud vm cluster hostname prefix. (#45003)
  • resource/aws_quicksight_account_settings: Add region argument (#45083)
  • resource/aws_s3_directory_bucket: Fix plan-time AWS resource not found during refresh warnings causing resource replacement when ReadOnly s3express:SessionMode is enforced (#45086)
  • resource/aws_ssoadmin_account_assignment: Correct target_type argument to required (#45092)
  • resource/aws_timestreaminfluxdb_db_cluster: Make allocated_storage, bucket, organization, username, and password optional to support InfluxDB V3 clusters (#44899)
Check out latest releases or
releases around hashicorp/terraform-provider-aws v6.22.0

Don't miss a new terraform-provider-aws release

NewReleases is sending notifications on new releases.

Get notifications