6.51.0 (June 17, 2026)
NOTES:
- resource/aws_cloudfront_distribution_tenant: When using
managed_certificate_request, managed certificate issuance uses a fixed 3-hour timeout regardless of the configured resource timeout. This behavior will be updated in a future major version. (#47839) - resource/aws_dms_s3_endpoint: The
kms_key_arnattribute has been deprecated. All configurations usingkms_key_arnshould be updated to use theserver_side_encryption_kms_key_idattribute instead. (#48441) - resource/aws_eks_cluster: Because we cannot easily test the behavior of
outpost_config, the changes are best effort and we ask for community help in testing (#48367)
FEATURES:
- New List Resource:
aws_acm_certificate(#48283) - New List Resource:
aws_bedrockagentcore_evaluator(#47964) - New List Resource:
aws_sagemaker_hub_content_reference(#48379) - New Resource:
aws_bedrockagentcore_evaluator(#47964) - New Resource:
aws_sagemaker_hub_content_reference(#48379)
ENHANCEMENTS:
- data-source/aws_eks_cluster: Add
outpost_config.control_plane_placement.spread_level,outpost_config.etcd_instance_type, andoutpost_config.etcd_placementattributes (#48367) - resource/aws_cloudfront_distribution: Add
origin.custom_origin_config.origin_mtls_configargument (#46421) - resource/aws_cloudfront_multitenant_distribution: Add
origin.custom_origin_config.origin_mtls_configargument (#46421) - resource/aws_detective_graph: Add Resource Identity support (#48383)
- resource/aws_detective_organization_configuration: Add Resource Identity support (#48383)
- resource/aws_eks_cluster: Add
outpost_config.control_plane_placement.spread_level,outpost_config.etcd_instance_type, andoutpost_config.etcd_placementarguments (#48367) - resource/aws_eks_cluster: Change
outpost_config.control_plane_placement.group_nameto Optional (#48367) - resource/aws_elasticache_replication_group: Add
durabilityargument (#48254) - resource/aws_elasticache_serverless_cache: Add
network_typeargument (#48371) - resource/aws_msk_replicator: Add Resource Identity support (#48338)
- resource/aws_observabilityadmin_centralization_rule_for_organization: Add
destination_metrics_configurationandsource_metrics_configurationblocks (#48303) - resource/aws_opensearchserverless_collection: Add
vector_options.serverless_vector_accelerationargument (#47018)
BUG FIXES:
- resource/aws_acm_certificate: Correctly updates
subject_alternative_namesfor Imported certificates (#48362) - resource/aws_acmpca_certificate_authority: Prevents hang when trying to create resources over the quota limit. (#48365)
- resource/aws_cloudfront_distribution_tenant: Configured operation timeouts are now correctly honored, preventing potential indefinite hangs (#47839)
- resource/aws_dms_s3_endpoint: Fix perpetual diff when
kms_key_arnis set but not returned by the API for S3 engine endpoints. (#48441) - resource/aws_elasticache_replication_group: Fix error when adding a
log_delivery_configurationwithlog_type = "slow-log"while simultaneously upgrading the engine from Redis 5 to Redis 6 or Valkey 7 (#46526) - resource/aws_kinesis_firehose_delivery_stream: Fix
InvalidArgumentExceptionerrors when creating or updatingextended_s3_configurationin AWS partitions that report unsupportedcustom_time_zoneandfile_extensionattributes in a combined error message (#48369) - resource/aws_lakeformation_opt_in: Fix handling of out-of-band deletion of linked resource (#48416)
- resource/aws_lakeformation_opt_in: Prevent crash by making the
principalblock required (#48416) - resource/aws_lakeformation_resource_lf_tag: Prevent crash when processing null tag values during read operations (#48417)
- resource/aws_msk_replicator: Fix
runtime error: index out of range [0] with length 0panic when importing a replicator with no replication configurations (#48338) - resource/aws_ses_domain_mail_from: Correctly detect resources deleted outside of Terraform when refreshing state (#48387)