hashicorp/terraform-provider-aws v6.43.0

on GitHub

6.43.0 (29 April, 2026)

FEATURES:

• New Data Source: aws_securityhub_enabled_standards (#43947)
• New Data Source: aws_securityhub_security_controls (#43947)
• New List Resource: aws_db_subnet_group (#47637)
• New List Resource: aws_ec2_network_insights_access_scope (#47582)
• New List Resource: aws_iam_group_policy_attachment (#47667)
• New List Resource: aws_lambda_event_source_mapping (#47686)
• New List Resource: aws_securityhub_insight (#47622)
• New Resource: aws_arczonalshift_autoshift_observer_notification_status (#46343)
• New Resource: aws_ec2_network_insights_access_scope (#47582)
• New Resource: aws_securityhub_account_v2 (#47356)

ENHANCEMENTS:

• resource/aws_arczonalshift_autoshift_observer_notification_status: Add resource identity support (#46343)
• resource/aws_auditmanager_assessment: Add resource identity support (#47674)
• resource/aws_auditmanager_control: Add resource identity support (#47674)
• resource/aws_auditmanager_framework: Add resource identity support (#47674)
• resource/aws_auditmanager_framework_share: Add resource identity support (#47674)
• resource/aws_bedrockagentcore_memory_strategy: Support EPISODIC as a valid value for type (#47589)
• resource/aws_ecs_express_gateway_service: Deprecates current_deployment. (#47694)
• resource/aws_iam_group_policy_attachment: Add resource identity support (#47667)
• resource/aws_lambda_event_source_mapping: Add resource identity support (#47686)
• resource/aws_securityhub_action_target: Add Resource Identity support (#47543)
• resource/aws_securityhub_configuration_policy: Add Resource Identity support (#47543)
• resource/aws_securityhub_configuration_policy_association: Add Resource Identity support (#47543)
• resource/aws_securityhub_configuration_policy_association: Add support for SELF_MANAGED_SECURITY_HUB as a policy_id value (#47078)
• resource/aws_securityhub_finding_aggregator: Add Resource Identity support (#47543)
• resource/aws_securityhub_finding_aggregator: Add arn attribute (#47543)
• resource/aws_securityhub_insight: Add Resource Identity support (#47543)
• resource/aws_securityhub_member: Add Resource Identity support (#47543)
• resource/aws_securityhub_organization_admin_account: Add Resource Identity support (#47543)
• resource/aws_securityhub_product_subscription: Add Resource Identity support (#47543)
• resource/aws_securityhub_standards_control: Add Resource Identity support (#47543)
• resource/aws_securityhub_standards_control_association: Add Resource Identity support (#47543)
• resource/aws_securityhub_standards_subscription: Add Resource Identity support (#47543)
• resource/aws_securityhub_standards_subscription: Add arn attribute (#47543)
• resource/aws_subnet: Automatically detect and dissociate GuardDuty-managed VPC endpoints during terraform destroy when they block subnet deletion (#46953)
• resource/aws_vpc: Automatically detect and remove GuardDuty-managed VPC endpoints and security groups during terraform destroy when they block VPC deletion (#46953)

BUG FIXES:

• resource/aws_cloudwatch_metric_alarm: Fix invalid One of 'metric_name', 'metric_query', or 'evaluation_criteria' must be set for a cloudwatch metric alarm plan-time errors. This fixes a regression introduced in v6.42.0 (#47666)
• resource/aws_ecs_express_gateway_service: Handles more transient API errors during creation and deletion. (#47568)
• resource/aws_ecs_express_gateway_service: Marks resource for re-creation if it fails while waiting for creation. (#47568)
• resource/aws_ecs_express_gateway_service: Prevents errors when value of current_deployment changes. (#47694)
• resource/aws_ecs_express_gateway_service: Waits until the service is INACTIVE instead of DRAINING. (#47568)
• resource/aws_flow_log: Prevents error when updating from earlier versions of the provider or importing VPC Flow Logs (#47699)
• resource/aws_globalaccelerator_cross_account_attachment: Fix runtime error: invalid memory address or nil pointer dereference panics when removing resource blocks (#47625)
• resource/aws_pinpoint_app: Lower minimum of limits.messages_per_second from 50 to 1 to match the AWS API. (#47636)
• resource/aws_s3_bucket: Fix bucket creation on third-party S3-compatible APIs (e.g. OVH, Ceph RGW) by handling MalformedXML errors during tag-on-create and CreateBucketConfiguration operations (#47530)