chore(deps): update terraform aws to v6#99
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
Contributor
|
🏷️ [bumpr] Next version:v1.13.11 Changes:v1.13.10...reviewdog:renovate/aws-6.x |
55bfdd6 to
1614cfd
Compare
1614cfd to
991042a
Compare
69a5972 to
b90774e
Compare
c615de2 to
474aa4b
Compare
e6c8ce9 to
e65c8a6
Compare
e65c8a6 to
768f62d
Compare
48e5ec2 to
88d5123
Compare
88d5123 to
baaea6d
Compare
baaea6d to
9ea5338
Compare
9ea5338 to
4b8d04d
Compare
4b8d04d to
00f7194
Compare
00f7194 to
b060a23
Compare
b060a23 to
56821b8
Compare
ef51296 to
cf1104a
Compare
cf1104a to
e71fe4b
Compare
f98261d to
d793932
Compare
4b2e083 to
50ad29d
Compare
e81625b to
ed5b0a1
Compare
ed5b0a1 to
b604ef7
Compare
b604ef7 to
5267b68
Compare
d8aa90d to
bd4c8f7
Compare
9118cfd to
668a83e
Compare
02e1bd8 to
264fdcd
Compare
656595d to
7ab1c0e
Compare
7ab1c0e to
ff0fb1f
Compare
b661cfe to
124725c
Compare
82930f6 to
d2db4e9
Compare
9ec292e to
6272bd8
Compare
6272bd8 to
8cd7652
Compare
8cd7652 to
fc1fd75
Compare
bd10c6f to
5fb22fc
Compare
377a88a to
a22f68b
Compare
49a35e9 to
e943e37
Compare
e943e37 to
0eb6a8d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~> 5.94.0→~> 6.53.0Release Notes
hashicorp/terraform-provider-aws (aws)
v6.53.0Compare Source
BREAKING CHANGES:
opt_out_list_nameandtwo_way_channel_enabledin favor of AWS server-side defaults (Defaultandfalserespectively). Configurations that omit these attributes will now show(known after apply)on first plan instead of the previous static value; the post-apply state is unchanged. This change mitigates persistent drift when the phone number is managed by anaws_pinpointsmsvoicev2_pool. (#48414)NOTES:
bedrock-agentcorenamespace to theagent-registrynamespace. Theaws_bedrockagentcore_browserresource will continue to work until September 17, 2026 (#48693)bedrock-agentcorenamespace to theagent-registrynamespace. Theaws_bedrockagentcore_browserresource will continue to work until September 17, 2026 (#48693)aws_ecs_cluster_capacity_providers, add areplace_triggered_bylifecycle rule to the association so the old capacity provider is detached before it is deleted (#48156)FEATURES:
aws_bedrock_foundation_model_agreement_offers(#47665)aws_bedrock_use_case_for_model_access(#47665)aws_ec2_capacity_block_reservation(#48185)aws_pinpointsmsvoicev2_pool(#48414)aws_bedrock_foundation_model_agreement(#47665)aws_bedrock_use_case_for_model_access(#47665)aws_pinpointsmsvoicev2_pool(#48414)ENHANCEMENTS:
security_policyandendpoint_access_modeattributes (#47973)customer_action_statusattribute (#48536)security_policyandendpoint_access_modearguments (#47973)browser_signing,certificate, andenterprise_policyconfiguration blocks (#47816)certificateargument (#47817)rule_definition(#48679)rule_stateto Optional and Computed (#48679)resource_arnandtemplate_name(#48679)customer_action_statusattribute (#48536)force_disassociateargument (#48414)idin favor ofarn(#48636)idin favor ofarn(#48636)idin favor ofarn(#48636)BUG FIXES:
authorization_tokenas sensitive (#48577)resource_arn,tagsandtemplate_nameasForceNew(#48679)importblock orterraform import(#47590)InvalidActionerrors in partitions where access key cleanup operations are not supported (#48473)instance_market_options.market_typeis set tocapacity-block(#48701)secret_access_keyas sensitive (#48577)private_keyas sensitive (#48577)typeattribute to no longer force resource replacement on change (#47105)v6.52.0Compare Source
NOTES:
aws_glue_catalog_tableviews (table_type = "VIRTUAL_VIEW") are now preserved when the view'sview_definitionis updated, as the underlying table is updated in place rather than recreated (#48532)****forNoEchoparameters or is missing default-matchingparameterskeys require a one-time manual reconciliation after upgrading. To recover: (1) addlifecycle { ignore_changes = [parameters] }temporarily, (2) pull state withterraform state pull, (3) correct the affectedparametersvalues and incrementserial, (4) push state back withterraform state push, (5) remove theignore_changesblock, and (6) confirm withterraform plan. For non-sensitive parameters you can instead temporarily set the parameter to a non-default value, apply, revert, and apply again (#46748)NoEchoparameter values are now persisted in Terraform state in plaintext rather than as****. This is consistent with how Terraform stores other sensitive inputs (for example,aws_db_instance.password). Ensure your state backend is appropriately secured (#46748)FEATURES:
aws_s3_bucket_notification(#31512)aws_appautoscaling_target(#48449)aws_bedrockagentcore_registry(#48314)aws_dynamodb_table_item(#48520)aws_bedrockagentcore_registry(#48314)ENHANCEMENTS:
control_plane_egress_modeattribute tovpc_configblock (#48497)arnattribute (#48502)control_plane_egress_modeargument tovpc_configblock (#48497)instances.0.endpointsare now returned in a deterministic order based on protocol prefix and port, including the newhttps://...:16001Prometheus metrics endpoint introduced in RabbitMQ 4.2 and later; any unrecognized endpoint types are appended afterward in API order (#47777)capabilitiesfromRequiredtoOptional/Computed. Applications without required capabilities can now omit the argument and the value applied by AWS will be tracked in state (#46748)BUG FIXES:
IdempotentParameterMismatchby generating client-supplied idempotency tokens using a cryptographically strong random generator and extended alphabet (#47995)TF_LOG=DEBUGoutput for resources, data sources, and list resources. Redaction continues to apply to ephemeral resources and actions (#48463)ConflictExceptionerrors (#48158)Provided delivery configuration is invalid for the destination typeerrors whens3_delivery_configurationis unchanged (#46123)automatic_failover_enableddiff by reading the value from the primary member (#47647)automatic_failover_enableddiff on member replication groups of anaws_elasticache_global_replication_group(#47647)Provider returned invalid result object after applyand subsequenttoo many resultswarning that silently removed the resource from state whenidwas not set in configuration (#48462)InvalidParameterCombination: Serverless Cache modifications only support modifying one field per requesterror when changing multiple attributes in a single apply (#47918)user_idproducing inconsistent final plan when using mixed-case values (#47705)user_group_idproducing inconsistent final plan when using mixed-case values (#47705)VIRTUAL_VIEWtable'sview_definitionby passingViewUpdateActionto the GlueUpdateTableAPI (#48532)change set: unexpected state 'FAILED', wanted target 'CREATE_COMPLETE'. last error: No updates are to be performederrors on subsequent applies. Previously,parameterswhose value matched the application's default were pruned from state, andNoEchoparameter values were stored as****, both of which produced false drift (#46748)v6.51.0Compare Source
NOTES:
managed_certificate_request, managed certificate issuance uses a fixed 3-hour timeout regardless of the configured resource timeout. This behavior will be updated in a future major version. (#47839)kms_key_arnattribute has been deprecated. All configurations usingkms_key_arnshould be updated to use theserver_side_encryption_kms_key_idattribute instead. (#48441)outpost_config, the changes are best effort and we ask for community help in testing (#48367)FEATURES:
aws_acm_certificate(#48283)aws_bedrockagentcore_evaluator(#47964)aws_sagemaker_hub_content_reference(#48379)aws_bedrockagentcore_evaluator(#47964)aws_sagemaker_hub_content_reference(#48379)ENHANCEMENTS:
outpost_config.control_plane_placement.spread_level,outpost_config.etcd_instance_type, andoutpost_config.etcd_placementattributes (#48367)origin.custom_origin_config.origin_mtls_configargument (#46421)origin.custom_origin_config.origin_mtls_configargument (#46421)outpost_config.control_plane_placement.spread_level,outpost_config.etcd_instance_type, andoutpost_config.etcd_placementarguments (#48367)outpost_config.control_plane_placement.group_nameto Optional (#48367)durabilityargument (#48254)network_typeargument (#48371)destination_metrics_configurationandsource_metrics_configurationblocks (#48303)vector_options.serverless_vector_accelerationargument (#47018)BUG FIXES:
subject_alternative_namesfor Imported certificates (#48362)kms_key_arnis set but not returned by the API for S3 engine endpoints. (#48441)log_delivery_configurationwithlog_type = "slow-log"while simultaneously upgrading the engine from Redis 5 to Redis 6 or Valkey 7 (#46526)InvalidArgumentExceptionerrors when creating or updatingextended_s3_configurationin AWS partitions that report unsupportedcustom_time_zoneandfile_extensionattributes in a combined error message (#48369)principalblock required (#48416)runtime error: index out of range [0] with length 0panic when importing a replicator with no replication configurations (#48338)v6.50.0Compare Source
NOTES:
private_endpoint, it is best effort and we ask for community help in testing (#47602)FEATURES:
aws_bedrockagentcore_policy(#47971)aws_cloudwatch_log_s3_table_integration_source(#48190)aws_ecs_daemon(#47562)aws_ecs_daemon_task_definition(#47562)aws_bedrockagentcore_policy(#47971)aws_cloudwatch_log_s3_table_integration_source(#48190)aws_ecs_daemon(#47562)aws_ecs_daemon_task_definition(#47562)aws_observabilityadmin_s3_table_integration(#48190)ENHANCEMENTS:
AGUIas a valid value forprotocol_configuration.server_protocol(#47906)policy_engine_configurationconfiguration block (#47818)listing_modeargument to thetarget_configuration.mcp.mcp_serverconfiguration block (#48225)private_endpointargument to support private connectivity to VPC-hosted MCP servers via Amazon VPC Lattice (#47602)indexed_keyandstream_delivery_resourcesarguments (#48240)BUG FIXES:
couldn't find resourceerrors when reading a version immediately after creation (#48318)ValidationException: Make sure you have given CloudWatch Logs permission to assume the provided roleIAM eventual consistency errors on Create and Update (#48255)route.gateway_idwhenroute.odb_network_arnis configured (#48239)network_configuration[0].security_groupswhen usingnetwork_configuration.ec2:DescribeSecurityGroupsIAM permission is newly required. (#47944)Resource Already Existserror when recreating a service after deletion (#48098)InvalidArgumentExceptionerrors when creating or updatingextended_s3_configurationin AWS partitions that do not support thecustom_time_zoneandfile_extensionattributes (#48284)gateway_idwhenodb_network_arnis configured (#48239)route.gateway_idwhenroute.odb_network_arnis configured (#48239)Provider produced inconsistent final planerrors whensecret_stringorsecret_string_wo_versionreferences a resource being created or replaced in the same apply (#48318)version_stagesbeing empty in state (#48318)secret_stringandsecret_string_wo(or vice versa) without changing the secret value (#48318)v6.49.0Compare Source
ENHANCEMENTS:
advanced_security_options.jwt_options.jwks_urlattribute (#48146)generationattribute (#48125)protocol_configuration.mcp.session_configurationblock (#48179)protocol_configuration.mcp.streaming_configurationblock (#48179)tagsandtags_allarguments (#47916)advanced_security_options.jwt_options.jwks_urlargument (#48146)generationargument (#48125)BUG FIXES:
runtime error: slice bounds out of range [1:0]panics when refreshing state. This fixes a regression introduced in v6.48.0 (#48215)v6.48.0Compare Source
NOTES:
FEATURES:
aws_ec2_hosts(#47986)aws_cleanrooms_membership(#48166)aws_pinpointsmsvoicev2_event_destination(#48034)aws_ec2_local_gateway_route_table(#48013)aws_ec2_local_gateway_route_table_virtual_interface_group_association(#48014)aws_pinpointsmsvoicev2_event_destination(#48034)ENHANCEMENTS:
state,allocation_time,release_time,host_maintenance,host_reservation_id,availability_zone_id,allows_multiple_instance_types,member_of_service_linked_resource_group,instances, andavailable_capacityattributes (#47991)warm_throughputattribute (#48152)enable_prefix_for_ipv6_source_natattribute (#40431)ec2_placement_group_idsattribute. (#47317)protocol_typeas Optional. Omit it to create a gateway that routes traffic directly to HTTP targets (e.g. AgentCore Runtime) (#47897)credential_provider_configuration.caller_iam_credentialsandcredential_provider_configuration.jwt_passthrougharguments (#47780)credential_provider_configuration.gateway_iam_role.serviceandcredential_provider_configuration.gateway_iam_role.regionarguments to enable SigV4 signing of upstream requests formcp_servertargets pointing at AWS-hosted endpoints (#47626)target_configuration.httpargument (#47897)global_parametersargument (#44857)warm_throughput_mib_psargument. This functionality requires thekinesis:UpdateStreamWarmThroughputIAM permission (#48152)shard_level_metrics(#48152)enable_prefix_for_ipv6_source_natargument (#40431)ruleschema to cover the full SDK shape, includingall_regions,allow_field_updates,regions,scope,selection_criteria,telemetry_source_types, and the fulldestination_configurationtree (cloudtrail_parameters,elb_load_balancer_logging_parameters,log_delivery_parameters,msk_monitoring_parameters,vpc_flow_log_parameters,waf_logging_parameters) (#48072)ruleschema to cover the full SDK shape, includingall_regions,allow_field_updates,regions,scope,selection_criteria,telemetry_source_types, and the fulldestination_configurationtree (cloudtrail_parameters,elb_load_balancer_logging_parameters,log_delivery_parameters,msk_monitoring_parameters,vpc_flow_log_parameters,waf_logging_parameters) (#48072)ec2_placement_group_idsattribute. (#47317)BUG FIXES:
x-amazon-apigateway-policyupdates being overwritten by prior policy state (#48118)ValidationException: Gateway with ID: ... has targets associated with it. Delete all targets before deleting the gatewayerrors on delete (#47626)FAILEDandSYNCHRONIZINGas pending states while a target is deleting (#47626)InvalidDBInstanceState: Cannot create a snapshot because the database instance ... is not currently in the available stateerrors on delete (#46687)CacheClusterNotFoundwhen enabling snapshots after the primary cache cluster has been changed away from-001, andInvalidParameterCombinationwhen enabling snapshots on cluster mode enabled groups (#46326)ValidationException: Unknown parameter: ExtendedS3DestinationConfiguration.CustomTimeZoneerrors in AWS partitions which do not yet support selecting a time zone for bucket prefixes (#48186)function_version(#48116)InvalidParameterValueException: Alias with weights can not be used with Provisioned Concurrencyerror when updating provisioned concurrency simultaneously with alias version change (#48116)versioning_configuration.mfa_deletewhenstatusisDisabled(#48161)v6.47.0Compare Source
FEATURES:
aws_bedrockagentcore_online_evaluation_config(#47209)aws_bedrockagentcore_policy_engine(#47108)aws_bedrockagentcore_resource_policy(#46844)aws_s3control_multi_region_access_point(#48081)aws_s3control_multi_region_access_point_routes(#48081)aws_bedrockagentcore_online_evaluation_config(#47209)aws_bedrockagentcore_policy_engine(#47108)aws_bedrockagentcore_resource_policy(#46844)aws_s3control_multi_region_access_point_routes(#47994)ENHANCEMENTS:
idin favor ofarn(#48036)id(#48036)id(#48036)idin favor ofpartition(#48036)idin favor ofregion(#48036)id(#48036)odb_network_arnattribute (#48027)routes.odb_network_arnattribute (#48027)arnin favor ofsecret_arn. (#48011)arnin favor ofsecret_arn. (#48033)namein favor ofsecret_name. (#48033)idin favor ofreverse_dns_name(#48036)ip_address_typeattribute (#48039)private_key_wowrite-only argument andprivate_key_wo_versionargument (#44414)step.rds_promote_read_replica_config,step.rds_create_cross_region_read_replica_config, andreport_configurationarguments (#46965)remote_node_networksfield inremote_network_configoptional (#47988)outpost_configandremote_network_config(#47988)log_deliveryconfiguration block (#48054)parameters.athena.role_arnargument to allow override an account-wide role for a specific Athena data source (#44666)odb_network_arnargument (#48027)core_network_arn(#48027)route.odb_network_arnargument (#48027)route.core_network_arn(#48027)arnin favor ofsecret_arn. (#48011)s3_destination.destination_data_sharingargument (#21996)ip_address_typeargument (#48039)BUG FIXES:
versions.*.last_accessed_date. (#48033)lifecycle.ignore_changesfor individualtagselements being bypassed when another tag in the same map is updated to an empty string, to avoid overwriting any out-of-band changes the lifecycle block was meant to preserve. (#48008)securityGroupIdslogic inflattenVPCConfigResponse()for Outpost clusters (#47988)lifecycle.ignore_changesfor individualtagselements being bypassed when another tag in the same map is updated to an empty string, to avoid overwriting any out-of-band changes the lifecycle block was meant to preserve. (#48008)Provider produced inconsistent final planerrors and force resource recreation for Network Load Balancers when no security groups were initially configured and updated security groups are unknown at plan-time (#46695)replication_info_list.consumer_group_replication.consumer_groups_to_excludeas Computed (#48054)replication_info_list.topic_replication.topics_to_excludeas Computed (#48054)v6.46.0Compare Source
NOTES:
policy_namenow force resource recreation. Technically this is a breaking change but the resource did not function correctly previously; updatingpolicy_namewould leave an orphaned policy with the old name in AWS (#47948)FEATURES:
aws_bedrockagentcore_harness(#47725)aws_iam_access_key(#47966)aws_observabilityadmin_telemetry_rule_for_organization(#47920)aws_route53_vpc_association_authorization(#47905)aws_route53_zone_association(#47950)aws_securityhub_automation_rule_v2(#47677)aws_bedrockagentcore_harness(#47725)aws_observabilityadmin_telemetry_rule_for_organization(#47920)aws_securityhub_automation_rule_v2(#47677)aws_xray_indexing_rule(#47975)aws_xray_trace_segment_destination([#47961](https://redirecConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.