github hashicorp/terraform-provider-aws v6.29.0
on GitHub

latest release: v6.30.0
11 hours ago

6.29.0 (January 28, 2026)

NOTES:

  • data-source/aws_organizations_organization: Add return_organization_only argument to return only the results of the DescribeOrganization API and avoid API limits (#40884)
  • resource/aws_cloudfront_anycast_ip_list: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#43331)
  • resource/aws_invoicing_invoice_unit: Deprecates region attribute, as the resource is global. (#46185)
  • resource/aws_organizations_organization: Add return_organization_only argument to return only the results of the DescribeOrganization API and avoid API limits (#40884)
  • resource/aws_savingsplans_savings_plan: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#45834)

FEATURES:

  • New Data Source: aws_arcregionswitch_plan (#43781)
  • New Data Source: aws_arcregionswitch_route53_health_checks (#43781)
  • New Data Source: aws_organizations_entity_path (#45890)
  • New Data Source: aws_resourcegroupstaggingapi_required_tags (#45994)
  • New Data Source: aws_s3_bucket_object_lock_configuration (#45990)
  • New Data Source: aws_s3_bucket_replication_configuration (#42662)
  • New Data Source: aws_s3control_access_points (#45949)
  • New Data Source: aws_s3control_multi_region_access_points (#45974)
  • New Data Source: aws_savingsplans_savings_plan (#45834)
  • New Data Source: aws_wafv2_managed_rule_group (#45899)
  • New List Resource: aws_appflow_connector_profile (#45983)
  • New List Resource: aws_appflow_flow (#45980)
  • New List Resource: aws_cleanrooms_collaboration (#45953)
  • New List Resource: aws_cleanrooms_configured_table (#45956)
  • New List Resource: aws_cloudfront_key_value_store (#45957)
  • New List Resource: aws_opensearchserverless_collection (#46001)
  • New List Resource: aws_route53_record (#46059)
  • New List Resource: aws_s3_bucket (#46004)
  • New List Resource: aws_s3_object (#46002)
  • New List Resource: aws_security_group (#46062)
  • New Resource: aws_apigatewayv2_routing_rule (#42961)
  • New Resource: aws_arcregionswitch_plan (#43781)
  • New Resource: aws_cloudfront_anycast_ip_list (#43331)
  • New Resource: aws_notifications_managed_notification_account_contact_association (#45185)
  • New Resource: aws_notifications_managed_notification_additional_channel_association (#45186)
  • New Resource: aws_notifications_organizational_unit_association (#45197)
  • New Resource: aws_notifications_organizations_access (#45273)
  • New Resource: aws_opensearch_application (#43822)
  • New Resource: aws_ram_permission (#44114)
  • New Resource: aws_ram_resource_associations_exclusive (#45883)
  • New Resource: aws_sagemaker_labeling_job (#46041)
  • New Resource: aws_sagemaker_model_card (#45993)
  • New Resource: aws_sagemaker_model_card_export_job (#46009)
  • New Resource: aws_savingsplans_savings_plan (#45834)
  • New Resource: aws_sesv2_tenant_resource_association (#45904)
  • New Resource: aws_vpc_security_group_rules_exclusive (#45876)

ENHANCEMENTS:

  • aws_api_gateway_domain_name: Add routing_mode argument to support dynamic routing via routing rules (#42961)
  • aws_apigatewayv2_domain_name: Add routing_mode argument to support dynamic routing via routing rules (#42961)
  • data-source/aws_batch_job_definition: Add allow_privilege_escalation attribute to eks_properties.pod_properties.containers.security_context (#45896)
  • data-source/aws_dynamodb_table: Add global_secondary_index.key_schema attribute (#46157)
  • data-source/aws_networkmanager_core_network_policy_document: Add segment_actions.routing_policy_names argument (#45928)
  • data-source/aws_s3_object: Add body_base64 and download_body attributes. For improved performance, set download_body = false to ensure bodies are never downloaded (#46163)
  • data-source/aws_vpc_ipam_pool: Add source_resource attribute (#44705)
  • resource/aws_batch_job_definition: Add allow_privilege_escalation attribute to eks_properties.pod_properties.containers.security_context (#45896)
  • resource/aws_bedrockagent_data_source: Add vector_ingestion_configuration.parsing_configuration.bedrock_data_automation_configuration block (#45966)
  • resource/aws_bedrockagent_data_source: Add vector_ingestion_configuration.parsing_configuration.bedrock_foundation_model_configuration.parsing_modality argument (#46056)
  • resource/aws_docdb_cluster_instance: Add certificate_rotation_restart argument (#45984)
  • resource/aws_dynamodb_table: Add support for multi-attribute keys in global secondary indexes. Introduces hash_keys and range_keys to the gsi block and makes hash_key optional for backwards compatibility. (#45357)
  • resource/aws_dynamodb_table: Adds warning when stream_view_type is set and stream_enabled is either false or unset. (#45934)
  • resource/aws_ecr_account_setting: Add support for BLOB_MOUNTING account setting name with ENABLED and DISABLED values (#46092)
  • resource/aws_fsx_windows_file_system: Add domain_join_service_account_secret argument to self_managed_active_directory configuration block (#45852)
  • resource/aws_fsx_windows_file_system: Change self_managed_active_directory.password to Optional and self_managed_active_directory.username to Optional and Computed (#45852)
  • resource/aws_invoicing_invoice_unit: Adds resource identity support. (#46185)
  • resource/aws_invoicing_invoice_unit: Adds validation to restrict rules to a single element. (#46185)
  • resource/aws_lambda_function: Increase upper limit of memory_size from 10240 MB to 32768 MB (#46065)
  • resource/aws_launch_template: Add network_performance_options argument (#46071)
  • resource/aws_odb_network: Enhancements to support KMS and STS parameters in CreateOdbNetwork and UpdateOdbNetwork. (#45636)
  • resource/aws_opensearchserverless_collection: Add resource identity support (#45981)
  • resource/aws_osis_pipeline: Updates pipeline_configuration_body maximum length validation to 2,621,440 bytes to align with AWS API specification. (#44881)
  • resource/aws_sagemaker_endpoint: Retry IAM eventual consistency errors on Create (#45951)
  • resource/aws_sagemaker_monitoring_schedule: Add monitoring_schedule_config.monitoring_job_definition argument (#45951)
  • resource/aws_sagemaker_monitoring_schedule: Make monitoring_schedule_config.monitoring_job_definition_name argument optional (#45951)
  • resource/aws_vpc_ipam_pool: Add source_resource argument in support of provisioning of VPC Resource Planning Pools (#44705)
  • resource/aws_vpc_ipam_resource_discovery: Add organizational_unit_exclusion argument (#45890)
  • resource/aws_vpc_subnet: Add ipv4_ipam_pool_id, ipv4_netmask_length, ipv6_ipam_pool_id, and ipv6_netmask_length arguments in support of provisioning of subnets using IPAM (#44705)
  • resource/aws_vpc_subnet: Change ipv6_cidr_block to Optional and Computed (#44705)

BUG FIXES:

  • data-source/aws_ecr_lifecycle_policy_document: Add rule.action.target_storage_class and rule.selection.storage_class to JSON serialization (#45909)
  • data-source/aws_lakeformation_permissions: Remove incorrect validation from catalog_id, data_location.catalog_id, database.catalog_id, lf_tag_policy.catalog_id, table.catalog_id, and table_with_columns.catalog_id arguments (#43931)
  • data-source/aws_networkmanager_core_network_policy_document: Fix panic when attachment_routing_policy_rules.action.associate_routing_policies is empty (#46160)
  • provider: Fix crash when using custom S3 endpoints with non-standard region strings (e.g., S3-compatible storage like Ceph or MinIO) (#46000)
  • provider: When importing resources with region defined, in AWS European Sovereign Cloud, prevent failing due to region validation requiring region names to start with "[a-z]{2}-" (#45895)
  • resource/aws_athena_workgroup: Fix error when removing configuration.result_configuration.encryption_configuration argument (#46159)
  • resource/aws_bcmdataexports_export: Fix Provider produced inconsistent result after apply error when querying CARBON_EMISSIONS table without table_configurations (#45972)
  • resource/aws_bedrock_inference_profile: Fixed forced replacement following import when model_source is set (#45713)
  • resource/aws_billing_view: Fix handling of data_filter_expression (#45293)
  • resource/aws_cloudformation_stack_set: Fix perpetual diff when using auto_deployment with permission_model set to SERVICE_MANAGED (#45992)
  • resource/aws_cloudfront_distribution: Fix runtime error: invalid memory address or nil pointer dereference panic when mistakenly importing a multi-tenant distribution (#45873)
  • resource/aws_cloudfront_distribution: Prevent mistakenly importing a multi-tenant distribution (#45873)
  • resource/aws_cloudfront_multitenant_distribution: Fix "specified origin server does not exist or is not valid" errors when attempting to use Origin Access Control (OAC) (#45977)
  • resource/aws_cloudfront_multitenant_distribution: Fix origin_group to use correct id attribute name and fix field mapping to resolve missing required field errors (#45921)
  • resource/aws_cloudwatch_event_rule: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#45895)
  • resource/aws_config_configuration_recorder: Fix InvalidRecordingGroupException: The recording group provided is not valid errors when the recording_group.exclusion_by_resource_type or recording_group.recording_strategy argument is removed during update (#46110)
  • resource/aws_datazone_environment_profile: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#45895)
  • resource/aws_dynamodb_table: Fix perpetual diff for warm_throughput in global_secondary_index when not set in configuration. (#46094)
  • resource/aws_dynamodb_table: Fixes error when name is known after apply (#45917)
  • resource/aws_eks_cluster: Fix kubernetes_network_config argument name in EKS Auto Mode validation error message (#45997)
  • resource/aws_emrserverless_application: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#45895)
  • resource/aws_lakeformation_permissions: Remove incorrect validation from catalog_id, data_location.catalog_id, database.catalog_id, lf_tag_policy.catalog_id, table.catalog_id, and table_with_columns.catalog_id arguments (#43931)
  • resource/aws_lambda_event_source_mapping: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#45895)
  • resource/aws_lambda_invocation: Fix panic when deleting or replacing resource with empty input in CRUD lifecycle scope (#45967)
  • resource/aws_lambda_permission: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#45895)
  • resource/aws_lb_target_group: Fix update error when switching health_check.protocol from HTTP to TCP when protocol is TCP (#46036)
  • resource/aws_multitenant_cloudfront_distribution: Prevent mistakenly importing a standard distribution (#45873)
  • resource/aws_networkfirewall_firewall_policy: Support partner-managed rule groups via firewall_policy.stateful_rule_group_reference.resource_arn (#46124)
  • resource/aws_odb_network: Fix delete_associated_resources being set when value is unknown (#45636)
  • resource/aws_pipes_pipe: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "[a-z]{2}-" (#45895)
  • resource/aws_placement_group: Correct validation of partition_count (#45042)
  • resource/aws_rds_cluster: Properly set iam_database_authentication_enabled when restored from snapshot (#39461)
  • resource/aws_redshift_cluster: Changing port now works. (#45870)
  • resource/aws_redshiftserverless_workgroup: Fix ValidationException: Base capacity cannot be updated when PerformanceTarget is Enabled error when updating price_performance_target and base_capacity (#46137)
  • resource/aws_route53_health_check: Mark regions argument as Computed to fix an unexpected regions diff when it is not specified (#45829)
  • resource/aws_route53_zone: Fix InvalidChangeBatch errors during ForceNew operations when zone name changes (#45242)
  • resource/aws_route53_zone: Fixes error where Delete would fail if the remote resource had already been deleted. (#45985)
  • resource/aws_route53profiles_resource_association: Fix Invalid JSON String Value error on initial apply and ConflictException on subsequent apply when associating Route53 Resolver Query Log Configs (#45958)
  • resource/aws_route53recoverycontrolconfig_control_panel: Fix crash when create returns an error (#45954)
  • resource/aws_s3_bucket: Fix bucket creation with tags in non-commercial AWS regions by handling UnsupportedArgument errors during tag-on-create operations (#46122)
  • resource/aws_s3_bucket: Fix tag read and update operations in non-commercial AWS regions by handling MethodNotAllowed errors when S3 Control APIs are unavailable (#46122)
  • resource/aws_servicecatalog_portfolio_share: Support organization and OU IDs in addition to ARNs for GovCloud compatibility (#39863)
  • resource/aws_subnet: Mark ipv6_cidr_block as ForceNew when the existing IPv6 subnet was created with assign_ipv6_address_on_create = true (#46043)
  • resource/aws_vpc_endpoint: Fix persistent diffs caused by case differences in ip_address_type (#45947)
Check out latest releases or
releases around hashicorp/terraform-provider-aws v6.29.0

Don't miss a new terraform-provider-aws release

NewReleases is sending notifications on new releases.

Get notifications