6.53.0 (July 1, 2026)
BREAKING CHANGES:
- resource/aws_pinpointsmsvoicev2_phone_number: Remove provider-side defaults for
opt_out_list_nameandtwo_way_channel_enabledin favor of AWS server-side defaults (Defaultandfalserespectively). Configurations that omit these attributes will now show(known after apply)on first plan instead of the previous static value; the post-apply state is unchanged. This change mitigates persistent drift when the phone number is managed by anaws_pinpointsmsvoicev2_pool. (#48414)
NOTES:
- list-resource/aws_bedrockagentcore_registry: This resource is deprecated. AWS Agent Registry is currently available in public preview. On August 6, 2026 this functionality will move from the
bedrock-agentcorenamespace to theagent-registrynamespace. Theaws_bedrockagentcore_browserresource will continue to work until September 17, 2026 (#48693) - resource/aws_bedrockagentcore_registry: This resource is deprecated. AWS Agent Registry is currently available in public preview. On August 6, 2026 this functionality will move from the
bedrock-agentcorenamespace to theagent-registrynamespace. Theaws_bedrockagentcore_browserresource will continue to work until September 17, 2026 (#48693) - resource/aws_ecs_capacity_provider: When a change forces replacement of a capacity provider that is associated with a cluster via
aws_ecs_cluster_capacity_providers, add areplace_triggered_bylifecycle rule to the association so the old capacity provider is detached before it is deleted (#48156)
FEATURES:
- New Data Source:
aws_bedrock_foundation_model_agreement_offers(#47665) - New Data Source:
aws_bedrock_use_case_for_model_access(#47665) - New Data Source:
aws_ec2_capacity_block_reservation(#48185) - New List Resource:
aws_pinpointsmsvoicev2_pool(#48414) - New Resource:
aws_bedrock_foundation_model_agreement(#47665) - New Resource:
aws_bedrock_use_case_for_model_access(#47665) - New Resource:
aws_pinpointsmsvoicev2_pool(#48414)
ENHANCEMENTS:
- data-source/aws_api_gateway_rest_api: Add
security_policyandendpoint_access_modeattributes (#47973) - data-source/aws_msk_cluster: Add
customer_action_statusattribute (#48536) - resource/aws_api_gateway_rest_api: Add
security_policyandendpoint_access_modearguments (#47973) - resource/aws_bedrockagentcore_browser: Add
browser_signing,certificate, andenterprise_policyconfiguration blocks (#47816) - resource/aws_bedrockagentcore_code_interpreter: Add
certificateargument (#47817) - resource/aws_cloudwatch_composite_alarm: Add Resource Identity support (#48679)
- resource/aws_cloudwatch_contributor_insight_rule: Add Resource Identity support (#48679)
- resource/aws_cloudwatch_contributor_insight_rule: Add plan-time validation of
rule_definition(#48679) - resource/aws_cloudwatch_contributor_insight_rule: Change
rule_stateto Optional and Computed (#48679) - resource/aws_cloudwatch_contributor_managed_insight_rule: Add Resource Identity support (#48679)
- resource/aws_cloudwatch_contributor_managed_insight_rule: Add plan-time validation of
resource_arnandtemplate_name(#48679) - resource/aws_cloudwatch_dashboard: Add Resource Identity support (#48679)
- resource/aws_cloudwatch_metric_stream: Add Resource Identity support (#48679)
- resource/aws_default_vpc: Add resource identity support (#47590)
- resource/aws_msk_cluster: Add
customer_action_statusattribute (#48536) - resource/aws_pinpointsmsvoicev2_phone_number: Add
force_disassociateargument (#48414) - resource/aws_securityhub_automation_rule: Deprecates
idin favor ofarn(#48636) - resource/aws_ssmcontacts_rotation: Deprecates
idin favor ofarn(#48636) - resource/aws_ssoadmin_trusted_token_issuer: Deprecates
idin favor ofarn(#48636)
BUG FIXES:
- data-source/aws_codeartifact_authorization_token: Mark
authorization_tokenas sensitive (#48577) - resource/aws_cloudwatch_contributor_managed_insight_rule: Mark
resource_arn,tagsandtemplate_nameasForceNew(#48679) - resource/aws_default_vpc: Fix provider panic (nil pointer dereference) when importing via an
importblock orterraform import(#47590) - resource/aws_ecs_capacity_provider: Return the underlying error immediately instead of timing out after 20 minutes when deleting a capacity provider that is still associated with a cluster (#48156)
- resource/aws_iam_user: Handle
InvalidActionerrors in partitions where access key cleanup operations are not supported (#48473) - resource/aws_instance: Fix perpetual diff when
instance_market_options.market_typeis set tocapacity-block(#48701) - resource/aws_lightsail_bucket_access_key: Mark
secret_access_keyas sensitive (#48577) - resource/aws_lightsail_key_pair: Mark
private_keyas sensitive (#48577) - resource/aws_route53_record: Fix the
typeattribute to no longer force resource replacement on change (#47105) - resource/aws_sqs_queue: Reduce the wait time for queue deletion. This fixes a regression introduced in v6.34.0. (#48722)