github hashicorp/terraform-provider-aws v6.53.0

7 hours ago

6.53.0 (July 1, 2026)

BREAKING CHANGES:

  • resource/aws_pinpointsmsvoicev2_phone_number: Remove provider-side defaults for opt_out_list_name and two_way_channel_enabled in favor of AWS server-side defaults (Default and false respectively). Configurations that omit these attributes will now show (known after apply) on first plan instead of the previous static value; the post-apply state is unchanged. This change mitigates persistent drift when the phone number is managed by an aws_pinpointsmsvoicev2_pool. (#48414)

NOTES:

  • list-resource/aws_bedrockagentcore_registry: This resource is deprecated. AWS Agent Registry is currently available in public preview. On August 6, 2026 this functionality will move from the bedrock-agentcore namespace to the agent-registry namespace. The aws_bedrockagentcore_browser resource will continue to work until September 17, 2026 (#48693)
  • resource/aws_bedrockagentcore_registry: This resource is deprecated. AWS Agent Registry is currently available in public preview. On August 6, 2026 this functionality will move from the bedrock-agentcore namespace to the agent-registry namespace. The aws_bedrockagentcore_browser resource will continue to work until September 17, 2026 (#48693)
  • resource/aws_ecs_capacity_provider: When a change forces replacement of a capacity provider that is associated with a cluster via aws_ecs_cluster_capacity_providers, add a replace_triggered_by lifecycle rule to the association so the old capacity provider is detached before it is deleted (#48156)

FEATURES:

  • New Data Source: aws_bedrock_foundation_model_agreement_offers (#47665)
  • New Data Source: aws_bedrock_use_case_for_model_access (#47665)
  • New Data Source: aws_ec2_capacity_block_reservation (#48185)
  • New List Resource: aws_pinpointsmsvoicev2_pool (#48414)
  • New Resource: aws_bedrock_foundation_model_agreement (#47665)
  • New Resource: aws_bedrock_use_case_for_model_access (#47665)
  • New Resource: aws_pinpointsmsvoicev2_pool (#48414)

ENHANCEMENTS:

  • data-source/aws_api_gateway_rest_api: Add security_policy and endpoint_access_mode attributes (#47973)
  • data-source/aws_msk_cluster: Add customer_action_status attribute (#48536)
  • resource/aws_api_gateway_rest_api: Add security_policy and endpoint_access_mode arguments (#47973)
  • resource/aws_bedrockagentcore_browser: Add browser_signing, certificate, and enterprise_policy configuration blocks (#47816)
  • resource/aws_bedrockagentcore_code_interpreter: Add certificate argument (#47817)
  • resource/aws_cloudwatch_composite_alarm: Add Resource Identity support (#48679)
  • resource/aws_cloudwatch_contributor_insight_rule: Add Resource Identity support (#48679)
  • resource/aws_cloudwatch_contributor_insight_rule: Add plan-time validation of rule_definition (#48679)
  • resource/aws_cloudwatch_contributor_insight_rule: Change rule_state to Optional and Computed (#48679)
  • resource/aws_cloudwatch_contributor_managed_insight_rule: Add Resource Identity support (#48679)
  • resource/aws_cloudwatch_contributor_managed_insight_rule: Add plan-time validation of resource_arn and template_name (#48679)
  • resource/aws_cloudwatch_dashboard: Add Resource Identity support (#48679)
  • resource/aws_cloudwatch_metric_stream: Add Resource Identity support (#48679)
  • resource/aws_default_vpc: Add resource identity support (#47590)
  • resource/aws_msk_cluster: Add customer_action_status attribute (#48536)
  • resource/aws_pinpointsmsvoicev2_phone_number: Add force_disassociate argument (#48414)
  • resource/aws_securityhub_automation_rule: Deprecates id in favor of arn (#48636)
  • resource/aws_ssmcontacts_rotation: Deprecates id in favor of arn (#48636)
  • resource/aws_ssoadmin_trusted_token_issuer: Deprecates id in favor of arn (#48636)

BUG FIXES:

  • data-source/aws_codeartifact_authorization_token: Mark authorization_token as sensitive (#48577)
  • resource/aws_cloudwatch_contributor_managed_insight_rule: Mark resource_arn, tags and template_name as ForceNew (#48679)
  • resource/aws_default_vpc: Fix provider panic (nil pointer dereference) when importing via an import block or terraform import (#47590)
  • resource/aws_ecs_capacity_provider: Return the underlying error immediately instead of timing out after 20 minutes when deleting a capacity provider that is still associated with a cluster (#48156)
  • resource/aws_iam_user: Handle InvalidAction errors in partitions where access key cleanup operations are not supported (#48473)
  • resource/aws_instance: Fix perpetual diff when instance_market_options.market_type is set to capacity-block (#48701)
  • resource/aws_lightsail_bucket_access_key: Mark secret_access_key as sensitive (#48577)
  • resource/aws_lightsail_key_pair: Mark private_key as sensitive (#48577)
  • resource/aws_route53_record: Fix the type attribute to no longer force resource replacement on change (#47105)
  • resource/aws_sqs_queue: Reduce the wait time for queue deletion. This fixes a regression introduced in v6.34.0. (#48722)

Don't miss a new terraform-provider-aws release

NewReleases is sending notifications on new releases.