terraform-aws-modules/terraform-aws-redshift v7.0.0

on GitHub

7.0.0 (2025-11-16)

⚠ BREAKING CHANGES

• Upgrade AWS provider and min required Terraform version to 6.21 and 1.11 respectively (#110)

See docs/UPGRADE-7.0.md for further details

List of backwards incompatible changes

• Terraform v1.11 is now minimum supported version to support write-only (wo_*) attributes.
• AWS provider v6.18 is now minimum supported version
• The ability for the module to create a random password has been removed in order to ensure passwords are not stored in plain text within the state file. Users must now provide their own password via the master_password_wo variable.
  • master_password is no longer supported and only the write-only equivalent is supported (master_password_wo and master_password_wo_version)
  • manage_master_password default changed from false to true to ensure password rotation is managed by default.
• The variable(s) used to create access endpoints has changed from creating a single endpoint to n-number of endpoints

Additional changes

Added

• Support for region argument to specify the AWS region for the resources created if different from the provider region.
• Support for creating a security group used by the cluster

Modified

• Variable definitions now contain detailed object types in place of the previously used any type.
• Default value for parameter_group_family changed from redshift-1.0 to redshift-2.0
• manage_master_password default changed from false to true

Removed

• Support for generating random passwords has been removed.

Variable and output changes

1. Removed variables:

   • create_random_password removed along with support for generating a random password
   • random_password_length removed along with support for generating a random password
   • aqua_configuration_status argument was deprecated
   • The variables for endpoint access have been nested under a single, top-level endpoint_access variable:
     • create_endpoint_access removed - set endpoint_access to null or omit to disable
     • endpoint_name -> endpoint_access.name
     • endpoint_resource_owner -> endpoint_access.resource_owner
     • endpoint_subnet_group_name -> endpoint_access.subnet_group_name
     • endpoint_vpc_security_group_ids -> endpoint_access.vpc_security_group_ids
   • The variables for snapshot schedule have been nested under a single, top-level snapshot_schedule variable:
     • create_snapshot_schedule removed - set snapshot_schedule to null or omit to disable
     • snapshot_schedule_identifier -> snapshot_schedule.identifier
     • use_snapshot_identifier_prefix -> snapshot_schedule.use_prefix
     • snapshot_schedule_description -> snapshot_schedule.description
     • snapshot_schedule_definitions -> snapshot_schedule.definitions
     • snapshot_schedule_force_destroy -> snapshot_schedule.force_destroy

2. Renamed variables:

   • master_password -> master_password_wo

3. Added variables:

   • region
   • create_security_group
   • security_group_name
   • security_group_use_name_prefix
   • security_group_description
   • vpc_id
   • security_group_ingress_rules
   • security_group_egress_rules
   • master_password_wo_version

4. Removed outputs:

   • endpoint_access_address -> see endpoint_access output
   • endpoint_access_port -> see endpoint_access output
   • endpoint_access_id -> see endpoint_access output
   • endpoint_access_vpc_endpoint -> see endpoint_access output

5. Renamed outputs:

   • None

6. Added outputs:

   • None