amazon.aws 7.4.0

Release Summary

This release brings several bugfixes and minor changes. It also introduces a deprecation for the iam_role_info plugin.

Minor Changes

• AnsibeAWSModule - added fail_json_aws_error() as a wrapper for fail_json() and fail_json_aws() when passed an AnsibleAWSError exception (#1997).
• iam_access_key - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_access_key_info - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_group - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_instance_profile - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_instance_profile_info - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_managed_policy - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_mfa_device_info - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_role - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_role_info - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_user - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).
• iam_user_info - refactored code to use AnsibleIAMError and IAMErrorHandler as well as moving shared code into module_utils.iam (#1998).

Deprecated Features

• iam_role_info - in a release after 2026-05-01 paths must begin and end with / (#1998).

Bugfixes

• cloudwatchevent_rule - Fix to avoid adding quotes to JSON input for provided input_template (#1883).
• lookup/secretsmanager_secret - fix the issue when the nested secret is missing and on_missing is set to warn, the lookup was raising an error instead of a warning message (#1781).
• module_utils/elbv2 - Fix issue when creating or modifying Load balancer rule type authenticate-oidc using ClientSecret parameter and UseExistingClientSecret=true (#1877).

amazon.aws 6.5.2

Release Summary

This release includes a bugfix for the amazon.aws.aws_ec2 inventory plugin when retrieving information for more than 40 instances with use_ssm_inventory.

Bugfixes

• plugins/inventory/aws_ec2 - Fix failure when retrieving information for more than 40 instances with use_ssm_inventory (#1713).

amazon.aws 7.3.0

Release Summary

The amazon.aws 7.3.0 release includes a number of minor bugfixes, some new features and improvements.

Minor Changes

• backup_plan - Let user to set schedule_expression_timezone for backup plan rules when when using botocore >= 1.31.36 (#1952).
• iam_user - refactored error handling to use a decorator (#1951).
• lambda - added support for using ECR images for the function (#1939).
• module_utils.errors - added a basic error handler decorator (#1951).
• rds_cluster - Add support for ServerlessV2ScalingConfiguration to create and modify cluster operations (#1839).
• s3_bucket_info - add parameter bucket_versioning to return the versioning state of a bucket (#1919).
• s3_object_info - fix exception raised when listing objects from empty bucket (#1919).

Bugfixes

• backup_plan - Fix idempotency issue when using botocore >= 1.31.36 (#1952).
• plugins/inventory/aws_ec2 - Fix failure when retrieving information for more than 40 instances with use_ssm_inventory (#1713).

amazon.aws 7.2.0

Minor Changes

• ec2_instance - Add support for modifying metadata options of an existing instance (#1918).
• iam_group - Basic testing of name and path has been added to improve error messages (#1933).
• iam_group - group_name has been added as an alias to name for consistency with other IAM modules (#1933).
• iam_instance_profile - Basic testing of name and path has been added to improve error messages (#1933).
• iam_instance_profile - Basic testing of name and path has been added to improve error messages (#1933).
• iam_instance_profile - attempting to change the path for an existing profile will now generate a warning, previously this was silently ignored (#1933).
• iam_instance_profile - the prefix parameter has been renamed path for consistency with other IAM modules, prefix remains as an alias. No change to playbooks is required (#1933).
• iam_instance_profile - the default value for path has been removed. New instances will still be created with a default path of /. No change to playbooks is required (#1933).
• iam_managed_policy - Basic testing of name and path has been added to improve error messages (#1933).
• iam_managed_policy - description attempting to update the description now results in a warning, previously it was simply ignored (#1936).
• iam_managed_policy - policy is no longer a required parameter (#1936).
• iam_managed_policy - added support for tagging managed policies (#1936).
• iam_managed_policy - more consistently perform retries on rate limiting errors (#1936).
• iam_managed_policy - support for setting path (#1936).
• iam_managed_policy - the policy_description parameter has been renamed description for consistency with other IAM modules, policy_description remains as an alias. No change to playbooks is required (#1933).
• iam_managed_policy - the policy_name parameter has been renamed name for consistency with other IAM modules, policy_name remains as an alias. No change to playbooks is required (#1933).
• iam_role - Basic testing of name and path has been added to improve error messages (#1933).
• iam_role - prefix and path_prefix have been added as aliases to path for consistency with other IAM modules (#1933).
• iam_role - role_name has been added as an alias to name for consistency with other IAM modules (#1933).
• iam_role - attempting to change the path for an existing profile will now generate a warning, previously this was silently ignored (#1933).
• iam_role - the default value for path has been removed. New roles will still be created with a default path of /. No change to playbooks is required (#1933).
• iam_role_info - path and prefix have been added as aliases to path_prefix for consistency with other IAM modules (#1933).
• iam_user - Basic testing of name and path has been added to improve error messages (#1933).
• iam_user - user_name has been added as an alias to name for consistency with other IAM modules (#1933).
• iam_user - add boundary parameter to support managing boundary policy on users (#1912).
• iam_user - add path parameter to support managing user path (#1912).
• iam_user - added attached_policies to return value (#1912).
• iam_user - refactored code to reduce complexity (#1912).
• iam_user_info - prefix has been added as an alias to path_prefix for consistency with other IAM modules (#1933).
• iam_user_info - the path parameter has been renamed path_prefix for consistency with other IAM modules, path remains as an alias. No change to playbooks is required (#1933).

Bugfixes

• iam_managed_policy - fixed an issue where only partial results were returned (#1936).

amazon.aws 6.5.1

Release Summary

This release includes several bugfixes.

Minor Changes

• ec2_vpc_subnet - use wait_timeout to also control maximum time to wait for initial creation of subnets (#1848).

Bugfixes

• ec2_instance - retry API call if we get InvalidInstanceID.NotFound error (#1650).
• ec2_vpc_subnet - cleanly handle failure when subnet isn't created in time (#1848).
• s3_object - Fix typo that caused false deprecation warning when setting overwrite=latest (#1847).
• s3_object - fixed NoSuchTagSet error when S3 endpoint doesn't support tags (#1607).
• s3_object - when doing a put and specifying Content-Type in metadata, this module (since 6.0.0) erroneously set the Content-Type to None causing the put to fail. Fix now correctly honours the specified Content-Type (#1881).

amazon.aws 7.1.0

Release Summary

This release brings some new features and several bugfixes.

Minor Changes

• autoscaling_group - minor PEP8 whitespace sanity fixes (#1846).
• ec2_ami_info - simplify parameters to get_image_attribute to only pass ID of image (#1846).
• ec2_eip - use ResourceTags to set initial tags upon creation (#1843)
• ec2_instance - add support for AdditionalInfo option when creating an instance (#1828).
• ec2_security_group - use ResourceTags to set initial tags upon creation (#1844)
• ec2_vpc_igw - use ResourceTags to set initial tags upon creation (#1843)
• ec2_vpc_route_table - use ResourceTags to set initial tags upon creation (#1843)
• ec2_vpc_subnet - the default value for tags has been changed from {} to None, to remove tags from a subnet an empty map must be explicitly passed to the module (#1876).
• ec2_vpc_subnet - use ResourceTags to set initial tags upon creation (#1843)
• ec2_vpc_subnet - use wait_timeout to also control maximum time to wait for initial creation of subnets (#1848).
• iam_group - add support for setting group path (#1892).
• iam_group - adds attached_policies return value (#1892).
• iam_group - code refactored to avoid single long function (#1892).
• rds_instance_snapshot - minor PEP8 whitespace sanity fixes (#1846).

Bugfixes

• ec2_vpc_subnet - cleanly handle failure when subnet isn't created in time (#1848).
• s3_object - Fix typo that caused false deprecation warning when setting overwrite=latest` (#1847).
• s3_object - when doing a put and specifying Content-Type in metadata, this module (since 6.0.0) erroneously set the Content-Type to None causing the put to fail. Fix now correctly honours the specified Content-Type (#1881).

amazon.aws 7.0.0

Release Summary

This major release brings a new set of supported modules that have been promoted from community.aws, several bugfixes, minor changes and deprecated features. We also dropped support for botocore<1.29.0 and boto3<1.26.0. Due to the AWS SDKs announcing the end of support for Python less than 3.7 (https://aws.amazon.com/blogs/developer/python-support-policy-updates-for-aws-sdks-and-tools/), support for Python less than 3.7 by this collection was deprecated in release 6.0.0 and removed in this release.

Major Changes

• aws_region_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.aws_region_info.
• aws_s3_bucket_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.aws_s3_bucket_info.
• iam_access_key - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_access_key.
• iam_access_key_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_access_key_info.
• iam_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_group (#1755).
• iam_managed_policy - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_managed_policy (#1762).
• iam_mfa_device_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_mfa_device_info (#1761).
• iam_password_policy - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_password_policy.
• iam_role - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_role (#1760).
• iam_role_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.iam_role_info (#1760).
• s3_bucket_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.s3_bucket_info.
• sts_assume_role - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.sts_assume_role.

Minor Changes

• amazon.aws collection - apply isort code formatting to ensure consistent formatting of code (#1771).
• ec2_instance - add support for additional placement options and license_specifications in run instance spec (#1824).
• ec2_instance_info - add new parameter include_attributes to describe instance attributes (#1577).
• ec2_metadata_facts - use fstrings where appropriate (#1802).
• ec2_vpc_igw - Add ability to attach/detach VPC to/from internet gateway (#1786).
• ec2_vpc_igw - Add ability to change VPC attached to internet gateway (#1786).
• ec2_vpc_igw - Add ability to create an internet gateway without attaching a VPC (#1786).
• ec2_vpc_igw - Add ability to delete a vpc internet gateway using the id of the gateway (#1786).
• elb_application_lb_info - add new parameters include_attributes, include_listeners and include_listener_rules to optionally speed up module by fetching less information (#1778).
• module_utils.botocore - migrate from vendored copy of LooseVersion to packaging.version.Version (#1587).
• rds_cluster - Add support for removing cluster from global db (#1705).
• rds_cluster - add support for another state choice called started. This starts the rds cluster (https://github.com/ansible-collections/amazon.aws/pull/1647/files).
• rds_cluster - add support for another state choice called stopped. This stops the rds cluster (https://github.com/ansible-collections/amazon.aws/pull/1647/files).
• route53 - add a wait_id return value when a change is done (#1683).
• route53_health_check - add support for a string list parameter called child_health_checks to specify health checks that must be healthy for the calculated health check (#1631).
• route53_health_check - add support for an integer parameter called health_threshold to specify the minimum number of healthy child health checks that must be healthy for the calculated health check (#1631).
• route53_health_check - add support for another type choice called CALCULATED (#1631).
• s3_object - Allow recursive copy of objects in S3 bucket (#1379).
• s3_object - use fstrings where appropriate (#1802).

Breaking Changes / Porting Guide

• The amazon.aws collection has dropped support for botocore<1.29.0 and boto3<1.26.0. Most modules will continue to work with older versions of the AWS SDK, however compatability with older versions of the SDK is not guaranteed and will not be tested. When using older versions of the SDK a warning will be emitted by Ansible (#1763).
• amazon.aws collection - due to the AWS SDKs announcing the end of support for Python less than 3.7 (https://aws.amazon.com/blogs/developer/python-support-policy-updates-for-aws-sdks-and-tools/) support for Python less than 3.7 by this collection wss been deprecated in release 6.0.0 and removed in release 7.0.0. (#1763).
• module_utils - module_utils.urls was previously deprecated and has been removed (#1540).
• module_utils._version - vendored copy of distutils.version has been dropped (#1587).

Deprecated Features

• ec2_instance - deprecation of tenancy and placement_group in favor of placement attribute (#1825).

Bugfixes

• aws_ec2 inventory plugin - fix NoRegionError when no regions are provided and region isn't specified (#1551).
• ec2_instance - retry API call if we get InvalidInstanceID.NotFound error (#1650).
• ec2_vpc_route_table_info - default filters to empty dictionary (#1668).
• s3_bucket - fixes issue when deleting a bucket with unversioned objects (#1533).
• s3_object - fixed NoSuchTagSet error when S3 endpoint doesn't support tags (#1607).
• s3_object - fixes regression related to objects with a leading / (#1548).

New Modules

• ec2_import_image - Manage AWS EC2 import image tasks
• ec2_import_image_info - Gather information about import virtual machine tasks
• rds_global_cluster_info - Obtain information about Aurora global database clusters

amazon.aws 6.5.0

Release Summary

This release is the last planned minor release of amazon.aws prior to the release of 7.0.0.
It includes documentation fixes as well as minor changes and bug fixes for the ec2_ami and elb_application_lb_info modules.

Minor Changes

• ec2_ami - add support for org_arns and org_unit_arns in launch_permissions (#1690).
• elb_application_lb_info - drop redundant describe_load_balancers call fetching ip_address_type (#1768).

Bugfixes

• elb_application_lb_info - ensure all API queries use the retry decorator (#1767).

amazon.aws 5.5.4

Release Summary

This release contains documentation updates including updated documentation relating to secure use of the ec2_key module.

Security Fixes

• ec2_key - Update documentation to recommend using the module with no_log and register to avoid logging the private key (#1704).

amazon.aws 6.4.0

Release Summary

This release brings a new module named amazon.aws.ec2_key_info, some documentation improvements, new features and bugfixes.

Minor Changes

• cloudformation - Add support for disable_rollback to update stack operation (#1681).
• ec2_key - add support for new parameter file_name to save private key in when new key is created by AWS. When this option is provided the generated private key will be removed from the module return (#1704).

Bugfixes

• backup_selection - ensures that updating an existing selection will add new Conditions if there previously were not any (#1701).

New Modules

• ec2_key_info - Gather information about EC2 key pairs in AWS