hashicorp/terraform-provider-aws v6.37.0

on GitHub

6.37.0 (March 18, 2026)

BREAKING CHANGES:

• resource/aws_lakeformation_opt_in: Rename resource_data.lf_tag.value to resource_data.lf_tag.values and change to a set of string values (#46788)

NOTES:

• data-source/aws_savingsplan_savingsplan: The offering_id attribute is deprecated. Use savings_plan_offering_id instead. (#46959)
• resource/aws_savingsplan_savingsplan: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#46959)
• resource/aws_savingsplan_savingsplan: The offering_id attribute is deprecated. Use savings_plan_offering_id instead. (#46959)

FEATURES:

• New List Resource: aws_ec2_transit_gateway_metering_policy (#46812)
• New List Resource: aws_iam_user (#46869)
• New List Resource: aws_s3_bucket_ownership_controls (#46832)
• New List Resource: aws_wafv2_web_acl_rule (#46682)
• New List Resource: aws_workmail_organization (#46692)
• New Resource: aws_ec2_transit_gateway_metering_policy (#46812)
• New Resource: aws_ec2_transit_gateway_metering_policy_entry (#46812)
• New Resource: aws_wafv2_web_acl_rule (#46682)
• New Resource: aws_workmail_organization (#46692)

ENHANCEMENTS:

• resource/aws_datasync_task: Add schedule.status argument (#46037)
• resource/aws_docdbelastic_cluster: Add shard_instance_count argument (#46938)
• resource/aws_iam_user: Add resource identity support (#46869)
• resource/aws_s3_bucket: Add bucket_namespace argument in support of account regional namespaces for general purpose buckets (#46917)

BUG FIXES:

• data-source/aws_savingsplan_savingsplan: Properly set savings_plan_offering_id during read (#46959)
• resource/aws_bedrockagentcore_gateway: Fix "Unable to Convert Configuration" error caused by schema/model mismatch in authorizer_configuration.custom_jwt_authorizer. This fixes a regression introduced in v6.36.0 (#46908)
• resource/aws_cloudfrontkeyvaluestore_key: Fix issue where values were incorrectly JSON-encoded, resulting in extra quotes being stored in AWS (#46898)
• resource/aws_cloudfrontkeyvaluestore_keys_exclusive: Fix issue where values were incorrectly JSON-encoded, resulting in extra quotes being stored in AWS (#46899)
• resource/aws_datasync_agent: Support activation of advanced mode agents. Previously, attempting to activate advanced mode agents would result in EOF errors when retrieving the activation key (#46958)
• resource/aws_dynamodb_table: Fix GSI removal with key_schema syntax deleting all GSIs (#46602)
• resource/aws_instance: Fix MissingParameter: When specifying CpuOptions you must specify both CoreCount and ThreadsPerCore errors when updating cpu_options.core_count or cpu_options.threads_per_core (#46879)
• resource/aws_lakeformation_opt_in: Rename resource_data.lf_tag.value to resource_data.lf_tag.values and change to a set of string values. Previously, attempting to use resource_data.lf_tag.value would result in missing required field errors (#46788)
• resource/aws_msk_cluster: Properly handle removal of the client_authentication.sasl block (#42163)
• resource/aws_msk_cluster: Properly handle removal of the client_authentication.tls block (#42163)
• resource/aws_msk_cluster: Suppress persistent differences in unset client_authentication.sasl blocks (#42163)
• resource/aws_msk_cluster: Suppress persistent differences in unset client_authentication.tls blocks (#42163)
• resource/aws_s3_bucket_lifecycle_configuration: Fix "Missing Resource Identity After Read" error when resource created with provider version < 6.34.0 is deleted outside Terraform (#46674)
• resource/aws_savingsplan_savingsplan: Properly set savings_plan_offering_id during read to prevent forced replacement following import (#46959)
• resource/aws_wafv2_web_acl: Fix enable_machine_learning in aws_managed_rules_bot_control_rule_set incorrectly defaulting to false instead of reflecting the AWS default of true (#46682)