v4.63.0

FEATURES:

• New Data Source: aws_dms_certificate (#30498)
• New Data Source: aws_quicksight_group (#12311)
• New Data Source: aws_quicksight_user (#12310)
• New Resource: aws_chimesdkmediapipelines_media_insights_pipeline_configuration (#30603)
• New Resource: aws_pipes_pipe (#30538)
• New Resource: aws_quicksight_iam_policy_assignment (#30653)
• New Resource: aws_quicksight_ingestion (#30487)
• New Resource: aws_quicksight_namespace (#30681)
• New Resource: aws_sagemaker_data_quality_job_definition (#30301)
• New Resource: aws_sagemaker_monitoring_schedule (#30684)
• New Resource: aws_vpclattice_service_network_service_association (#30410)
• New Resource: aws_vpclattice_service_network_vpc_association (#30411)
• New Resource: aws_vpclattice_target_group (#30455)

ENHANCEMENTS:

• data-source/aws_dx_connection: Add partner_name attribute (#30385)
• data-source/aws_lambda_function_url: Add invoke_mode attribute (#30547)
• data-source/aws_nat_gateway: Add association_id attribute (#30546)
• data-source/aws_sagemaker_prebuilt_ecr_image: Added sagemaker-model-monitor-analyzer images (#30301)
• resource/aws_acmpca_certificate: Add api_passthrough argument (#28142)
• resource/aws_api_gateway_rest_api: Added fail_on_warnings attribute (#22300)
• resource/aws_dx_connection: Add partner_name attribute (#30385)
• resource/aws_dx_gateway: Add plan time validation to name argument (#30375)
• resource/aws_dx_gateway: Allow updates to name without forcing resource replacement (#30375)
• resource/aws_ec2_client_vpn_route: Increase Create and Delete timeouts to 4 minutes (#30552)
• resource/aws_lambda_function_url: Add invoke_mode attribute (#30547)
• resource/aws_mwaa_environment: Add startup_script_s3_path and startup_script_s3_object_version attributes (#30549)
• resource/aws_nat_gateway: Add association_id attribute (#30546)
• resource/aws_servicecatalog_provisioned_product: Surfaces more clear error message when resource fails to apply (#30663)
• resource/aws_wafv2_web_acl: Add aws_managed_rules_atp_rule_set to managed_rule_group_configs configuration block (#30518)

BUG FIXES:

• resource/aws_batch_compute_environment: Fix crash when compute_resources.launch_template is empty (#30537)
• resource/aws_cognito_managed_user_pool_client: Allow removing token_validity_units (#30662)
• resource/aws_cognito_user_pool_client: Allow removing token_validity_units (#30662)
• resource/aws_db_instance: Allow engine and engine_version to be set when replicate_source_db is set (#30703)
• resource/aws_db_instance: Fixes panic when updating replica_mode (#30714)
• resource/aws_dynamodb_table_item: Would report spurious diffs when List and Map attributes were changed out-of-band (#30712)
• resource/aws_elasticache_user_group: Change user_group_id to ForceNew (#30533)
• resource/aws_launch_template: Fix crash when instance_market_options.spot_options is empty (#30539)
• resource/aws_msk_serverless_cluster: Change vpc_config.security_group_ids to Computed (#30535)
• resource/aws_quicksight_data_set: Fix to properly send physical_table_map.*.relational_table.catalog when set (#30704)
• resource/aws_quicksight_data_set: Fix to properly send physical_table_map.*.relational_table.schema when set (#30704)
• resource/aws_rds_cluster: Prevent db_instance_parameter_group_name from causing errors on minor upgrades (#30679)
• resource/aws_rds_cluster_parameter_group: Fixes differences being reported on every apply when setting system-source parameters (#30536)

v4.62.0

FEATURES:

• New Data Source: aws_ec2_transit_gateway_attachments (#29644)
• New Data Source: aws_ec2_transit_gateway_route_table_associations (#29642)
• New Data Source: aws_ec2_transit_gateway_route_table_propagations (#29640)
• New Data Source: aws_oam_link (#30401)
• New Data Source: aws_oam_links (#30401)
• New Data Source: aws_quicksight_data_set (#30422)
• New Data Source: aws_vpclattice_service (#30490)
• New Resource: aws_inspector2_member_association (#28921)
• New Resource: aws_lightsail_distribution (#30124)
• New Resource: aws_quicksight_account_subscription (#30359)
• New Resource: aws_quicksight_data_set (#30349)
• New Resource: aws_quicksight_folder (#30400)
• New Resource: aws_vpclattice_service (#30429)
• New Resource: aws_vpclattice_service_network (#35969)

ENHANCEMENTS:

• data-source/aws_route_table: Ignore routes managed by VPC Lattice (#30515)
• data-source/aws_secretsmanager_secret: Add rotation_rules.duration and rotation_rules.schedule_expression attributes (#30425)
• data-source/aws_secretsmanager_secret_rotation: Add rotation_rules.duration and rotation_rules.schedule_expression attributes (#30425)
• resource/aws_default_route_table: Ignore routes managed by VPC Lattice (#30515)
• resource/aws_emrserverless_application: Add image_configuration field (#30398)
• resource/aws_imagebuilder_container_recipe: Add platform_override field (#30398)
• resource/aws_route_table: Ignore routes managed by VPC Lattice (#30515)
• resource/aws_s3_bucket: Enable S3-compatible providers with no support for bucket tagging (#30151)
• resource/aws_sagemaker_endpoint_configuration: Add name_prefix argument (#28785)
• resource/aws_sagemaker_feature_group: Add table_format to the offline_store_config configuration block (#30118)
• resource/aws_secretsmanager_secret: Add duration and schedule_expression attributes to rotation_rules configuration block (#30425)
• resource/aws_secretsmanager_secret_rotation: Add duration and schedule_expression attributes to rotation_rules configuration block (#30425)

BUG FIXES:

• resource/aws_ce_cost_category: Fixed effective_start being reset on any changes despite effective_start having the same value (#30369)
• resource/aws_db_instance: Fix crash when updating password (#30379)
• resource/aws_glue_crawler: Fix InvalidInputException error string matching (#30370)
• resource/aws_glue_trigger: Fix InvalidInputException error string matching (#30370)
• resource/aws_medialive_channel: Fix attribute certificate_mode spelling in rtmp_output_settings (#30224)
• resource/aws_rds_cluster: Fix crash when updating master_password (#30379)
• resource/aws_rds_cluster: Fix inconsistent final plan errors when engine_version updates are not applied immediately (#30247)
• resource/aws_rds_cluster: Send db_instance_parameter_group_name on all modify requests when set (#30247)
• resource/aws_rds_cluster_instance: Fix inconsistent final plan errors when engine_version updates are not applied immediately (#30247)
• resource/aws_rds_instance: Fix inconsistent final plan errors when engine_version updates are not applied immediately (#30247)
• resource/aws_s3_bucket_lifecycle_configuration: Allow rule.filter.object_size_greater_than = 0 (#29857)
• resource/aws_scheduler_schedule: Mark arn property of dead_letter_config as a required property (#30360)

v4.61.0

FEATURES:

• New Data Source: aws_appmesh_gateway_route (#29064)
• New Data Source: aws_appmesh_virtual_node (#27545)
• New Data Source: aws_appmesh_virtual_router (#26908)
• New Data Source: aws_globalaccelerator_custom_routing_accelerator (#28922)
• New Data Source: aws_oam_sink (#30258)
• New Data Source: aws_oam_sinks (#30258)
• New Data Source: aws_ssmincidents_replication_set (#29769)
• New Resource: aws_globalaccelerator_custom_routing_accelerator (#28922)
• New Resource: aws_globalaccelerator_custom_routing_endpoint_group (#28922)
• New Resource: aws_globalaccelerator_custom_routing_listener (#28922)
• New Resource: aws_rbin_rule (#25926)
• New Resource: aws_sns_topic_data_protection_policy (#30008)
• New Resource: aws_ssmincidents_replication_set (#29769)

ENHANCEMENTS:

• data-source/aws_db_instance: Add master_user_secret attribute (#28848)
• data-source/aws_globalaccelerator_accelerator: Add dual_stack_dns_name attribute (#28922)
• data-source/aws_rds_cluster: Add master_user_secret attribute (#28848)
• resource/aws_appmesh_gateway_route: Add header, path and query_parameter to the spec.http_route.match and spec.http2_route.match configuration blocks (#29064)
• resource/aws_appmesh_gateway_route: Add port to the spec.grpc_route.action.target, spec.http_route.action.target and spec.http2_route.action.target configuration blocks to support Virtual Services with multiple listeners (#29064)
• resource/aws_appmesh_gateway_route: Add priority to the spec configuration block (#29064)
• resource/aws_appmesh_route: Add path and query_parameter to the spec.http_route.match and spec.http2_route.match configuration blocks (#29064)
• resource/aws_appmesh_route: spec.http_route.match.prefix and spec.http2_route.match.prefix are Optional (#29064)
• resource/aws_appmesh_virtual_node: Add ip_preference and response_type to the spec.service_discovery.dns configuration block (#29064)
• resource/aws_db_instance: Add manage_master_user_password, master_user_secret and master_user_secret_kms_key_id arguments to support RDS managed master password in Secrets Manager (#28848)
• resource/aws_globalaccelerator_accelerator: Add dual_stack_dns_name attribute (#28922)
• resource/aws_lakeformation_lf_tag: Increase values MaxItem up to 1000 to match with AWS real limit (#26546)
• resource/aws_rds_cluster: Add manage_master_user_password, master_user_secret and master_user_secret_kms_key_id arguments to support RDS managed master password in Secrets Manager (#28848)
• resource/aws_sagemaker_endpoint_configuration: Add production_variants.enable_ssm_access and shadow_production_variants.enable_ssm_access arguments (#30267)

BUG FIXES:

• datasource/aws_ecs_task_execution: Fix type assertion panic on overrides.0.container_overrides.*.environment attribute (#30214)
• datasource/aws_ecs_task_execution: Fix type assertion panic on overrides.0.container_overrides.*.resource_requirements attribute (#30214)
• datasource/aws_ecs_task_execution: Fix type assertion panic on overrides.0.inference_accelerator_overrides attribute (#30214)
• resource/aws_appmesh_virtual_router: spec.listener is Optional (#29064)
• resource/aws_fsx_openzfs_file_system: Fix iops validation in disk_iops_configuration to allow values for SINGLE_AZ_1 and SINGLE_AZ_2 (#30299)
• resource/aws_lakeformation_lf_tag: Fix support for lf-tag keys with colons in the name (#28258)
• resource/aws_launch_template: Allow metadata_options to be applied when http_endpoint is not configured (#30107)
• resource/aws_ssm_activation: Fix IAM eventual consistency errors on resource Create (#30280)
• resource/aws_ssm_document: Correctly set default_version, document_version, hash, latest_version and parameter as Computed when content changes (#28489)
• resource/aws_wafv2_ip_set: Fix DiffSuppress on addresses to detect changes for unknown values (#30352)

v4.60.0

FEATURES:

• New Data Source: aws_appmesh_route (#26695)
• New Data Source: aws_appmesh_virtual_gateway (#27057)
• New Resource: aws_cognito_managed_user_pool_client (#30140)
• New Resource: aws_oam_link (#30125)
• New Resource: aws_sesv2_contact_list (#30094)

ENHANCEMENTS:

• data-source/aws_ecs_cluster: Add tags attribute (#30073)
• resource/aws_appmesh_virtual_gateway: Add logging.access_log.file.format configuration block (#29315)
• resource/aws_appmesh_virtual_node: Add logging.access_log.file.format configuration block (#29315)
• resource/aws_rds_cluster: Conflict snapshot_identifier and global_cluster_identifier attributes, preventing misleading results on restore (#30158)
• resource/aws_securityhub_account: Add enable_default_standards argument (#13477)
• resource/aws_securityhub_member: email is Optional (#19065)

BUG FIXES:

• data-source/aws_appmesh_mesh: Don't attempt to list tags if the current AWS account is not the mesh owner (#26695)
• data-source/aws_appmesh_virtual_service: Don't attempt to list tags if the current AWS account is not the mesh owner (#26695)
• resource/aws_apigateway_domain_name: Add ability to update mutual_tls_authentication.truststore_uri in place (#30081)
• resource/aws_apigatewayv2_domain_name: Add ability to update mutual_tls_authentication.truststore_uri in place (#30081)
• resource/aws_appmesh_gateway_route: Use configured mesh_owner when deleting shared gateway route (#29362)
• resource/aws_appmesh_route: Use configured mesh_owner value when deleting shared route (#29362)
• resource/aws_appmesh_virtual_gateway: Use configured mesh_owner value when deleting shared virtual gateway (#29362)
• resource/aws_appmesh_virtual_node: Use configured mesh_owner value when deleting shared virtual node (#29362)
• resource/aws_appmesh_virtual_router: Use configured mesh_owner value when deleting shared virtual router (#29362)
• resource/aws_appmesh_virtual_service: Use configured mesh_owner value when deleting shared virtual service (#29362)
• resource/aws_cognito_risk_configuration: Adds validation to risk_exception_configuration and requires at least one of account_takeover_risk_configuration, compromised_credentials_risk_configuration, or risk_exception_configuration. (#30074)
• resource/aws_medialive_channel: Change TypeSet to TypeList on video_description, to get more precise actions from plan output (#30064)
• resource/aws_medialive_channel: Fix type casting for h264_settings in video_descriptions (#30063)
• resource/aws_medialive_channel: Fix type casting of program_num, segmentation_time and fragment_time for m2ts_settings (#30025)
• resource/aws_opsworks_application: Don't return an error like deleting OpsWorks Application (...): %!s() after successful Delete (#30101)
• resource/aws_pinpoint_app: Don't return an error like deleting Pinpoint Application (...): %!s() after successful Delete (#30101)
• resource/aws_placement_group: Change spread_level to Computed (#28596)
• resource/aws_security_group: Improve respect for delete timeout set by user and retry of certain errors (#30114)
• resource/aws_transfer_server: Fix error refreshing protocol_details.as2_transports value (#30115)

v4.59.0

NOTES:

• resource/aws_connect_queue: The quick_connect_ids_associated attribute is being deprecated in favor of quick_connect_ids (#26151)
• resource/aws_connect_routing_profile: The queue_configs_associated attribute is being deprecated in favor of queue_configs (#26151)

FEATURES:

• New Data Source: aws_ec2_public_ipv4_pool (#28245)
• New Data Source: aws_ec2_public_ipv4_pools (#28245)
• New Data Source: aws_servicecatalog_provisioning_artifacts (#25535)
• New Resource: aws_codegurureviewer_repository_association (#29656)
• New Resource: aws_emr_block_public_access_configuration (#29968)
• New Resource: aws_kms_key_policy (#29923)
• New Resource: aws_oam_sink (#29670)
• New Resource: aws_oam_sink_policy (#30020)

ENHANCEMENTS:

• aws_cognito_user_pool_domain: Add ability to update certificate_arn in place (#25275)
• data-source/aws_aws_lb: Add enable_xff_client_port, xff_header_processing_mode and enable_tls_version_and_cipher_suite_headers attributes (#29792)
• data-source/aws_ce_cost_category: Add default_value attribute (#29291)
• data-source/aws_dynamodb_table: Add deletion_protection_enabled attribute (#29924)
• data-source/aws_opensearch_domain: Add dashboard_endpoint attribute (#29867)
• resource/aws_amplify_domain_association: Add enable_auto_sub_domain argument (#29814)
• resource/aws_appflow_flow: Add attribute preserve_source_data_typing to s3_output_format_config in s3 (#27616)
• resource/aws_appsync_datasource: Add event_bridge_config argument to support AppSync EventBridge data sources (#30042)
• resource/aws_aws_lb: Add enable_xff_client_port, xff_header_processing_mode and enable_tls_version_and_cipher_suite_headers arguments (#29792)
• resource/aws_batch_compute_environment: Allow a maximum of 2 compute_resources.ec2_configurations (#27207)
• resource/aws_cloudwatch_metric_alarm: Add period parameter to metric_query (#29896)
• resource/aws_cloudwatch_metric_alarm: Add validation to period parameter of metric_query.metric (#29896)
• resource/aws_cognito_user_pool_domain: Add cloudfront_distribution and cloudfront_distribution_zone_id attributes (#27790)
• resource/aws_dynamodb_table: Add deletion_protection_enabled argument (#29924)
• resource/aws_ecs_task_definition: Add arn_without_revision attribute (#27351)
• resource/aws_elasticache_user: Add authentication_mode argument (#28928)
• resource/aws_fms_policy: Add description argument (#29926)
• resource/aws_fsx_openzfs_file_system: Add support for SINGLE_AZ_2 deployment_type (#28583)
• resource/aws_glue_crawler: Add create_native_delta_table attribute to the delta_target configuration block (#29566)
• resource/aws_inspector2_organization_configuration: Add lambda attribute to auto_enable configuration block (#28961)
• resource/aws_instance: Add ability to update private_dns_name_options in place (#26305)
• resource/aws_lb_target_group: Add load_balancing_cross_zone_enabled argument (#29920)
• resource/aws_opensearch_domain: Add dashboard_endpoint attribute (#29867)
• resource/aws_qldb_ledger: Add configurable timeouts (#29635)
• resource/aws_s3_bucket: Add error handling for XNotImplemented errors when reading acceleration_status, request_payer, lifecycle_rule, logging, or replication_configuration into terraform state. (#29632)
• resource/aws_securityhub_organization_configuration: Add auto_enable_standards attribute (#29773)
• resource/aws_wafv2_web_acl_association: Add configurable timeout for Create (#30002)

BUG FIXES:

• data-source/aws_opensearch_domain: Add missing advanced_security_options.anonymous_auth_enabled attribute (#26746)
• resource/aws_api_gateway_integration: Fix bug that cleared unchanged cache_key_parameters values on Update (#29991)
• resource/aws_apigatewayv2_integration: Retry errors like ConflictException: Unable to complete operation due to concurrent modification. Please try again later. (#29735)
• resource/aws_budgets_action: Extend and add configurable timeouts for create and update (#29976)
• resource/aws_cognito_user_pool: Remove Computed from lambda_config.custom_email_sender and lambda_config.custom_sms_sender allowing their values to be removed (#29047)
• resource/aws_cognito_user_pool: account_recovery_setting.recovery_mechanism is Optional+Computed (#22302)
• resource/aws_ecr_repository: Fix unhandled errors and nil output on read (#30067)
• resource/aws_elasticache_user: Change user_id to ForceNew (#28928)
• resource/aws_elasticsearch_domain: Remove upper bound validation for ebs_options.throughput as the 1,000 MB/s limit can be raised (#27598)
• resource/aws_lambda_function: Fix empty environment variable update (#29839)
• resource/aws_lightsail_domain_entry: Allow for the domain entry to begin with an underscore. (#30056)
• resource/aws_lightsail_domain_entry: Moved the error handling of an improperly formatted ID to be before attempting to access the id_parts. This will cause a proper empty resource message instead of a panic when ID is not properly formed. (#30056)
• resource/aws_lightsail_instance: Added a check to ensure that the availability_zone value is within the current region of the provider. (#30056)
• resource/aws_lightsail_instance: Fix name validation to allow instances to start with a numeric character (#29903)
• resource/aws_medialive_channel: Fix setting of bitrate and sample_rate for aac_settings. (#29807)
• resource/aws_medialive_channel: Fix setting of bitrate for eac3_settings. (#29809)
• resource/aws_medialive_channel: Fix spelling for attribute audio_only_timecode_control and correct type for event_id in ms_smooth_group_settings (#29917)
• resource/aws_medialive_channel: Removed Compute flag from audio_normalization_settings and remix_settings in audio_descriptions (#29859)
• resource/aws_medialive_channel: Removed Computed flag from aac_settings, ´ac3_settings, eac3_atmos_settings, eac3_settings, mp2_settings, pass_through_settings` a...

v4.58.0

FEATURES:

• New Data Source: aws_ecs_task_execution (#29783)
• New Data Source: aws_licensemanager_grants (#29741)
• New Data Source: aws_licensemanager_received_license (#29741)
• New Data Source: aws_licensemanager_received_licenses (#29741)
• New Resource: aws_licensemanager_grant (#29741)
• New Resource: aws_licensemanager_grant_accepter (#29741)

ENHANCEMENTS:

• data-source/aws_ec2_transit_gateway_attachment: Add association_state and association_transit_gateway_route_table_id attributes (#29648)
• data-source/aws_instances: Add ipv6_addresses attribute (#29794)
• resource/aws_acm_certificate: Change options to Computed (#29763)
• resource/aws_amplify_domain_association: Add enable_auto_sub_domain argument (#92814)
• resource/aws_cloudhsm_v2_hsm: Enforce ExactlyOneOf for availability_zone and subnet_id arguments (#20891)
• resource/aws_db_instance: Add listener_endpoint attribute (#28434)
• resource/aws_db_instance: Add plan time validations for backup_retention_period, monitoring_interval, and monitoring_role_arn (#28434)
• resource/aws_flow_log: Add deliver_cross_account_role argument (#29254)
• resource/aws_grafana_workspace: Add network_access_control argument (#29793)
• resource/aws_sesv2_configuration_set: Add vdm_options argument (#28812)
• resource/aws_transfer_server: Add protocol_details argument (#28621)
• resource/aws_transfer_workflow: Add decrypt_step_details to the on_exception_steps and steps configuration blocks (#29692)
• resource/db_snapshot: Add shared_accounts argument (#28424)

BUG FIXES:

• resource/aws_acm_certificate: Update options.certificate_transparency_logging_preference in place rather than replacing the resource (#29763)
• resource/aws_batch_job_definition: Prevents perpetual diff when container properties environment variable has empty value. (#29820)
• resource/aws_elastic_beanstalk_configuration_template: Map errors like InvalidParameterValue: No Platform named '...' found. to resource.NotFoundError so terraform refesh correctly removes the resource from state (#29863)
• resource/aws_flow_log: Fix IAM eventual consistency errors on resource Create (#29254)
• resource/aws_grafana_workspace: Allow removing vpc_configuration (#29793)
• resource/aws_medialive_channel: Fix setting of the include_fec attribute in fec_output_settings (#29808)
• resource/aws_medialive_channel: Fix setting of the video_pid attribute in m2ts_settings (#29824)

v4.57.1

BUG FIXES:

• resource/aws_lambda_function: Prevent Provider produced inconsistent final plan errors produced by null skip_destroy attribute value. NOTE: Because the maintainers have been unable to reproduce the reported problem, the fix is best effort and we ask for community support in verifying the fix. (#29812)

v4.57.0

NOTES:

• resource/aws_dms_endpoint: The s3_settings argument has been deprecated. All configurations using aws_dms_endpoint.*.s3_settings should be updated to use the aws_dms_s3_endpoint resource instead (#29728)
• resource/aws_networkmanager_core_network: The base_policy_region argument is being deprecated in favor of the new base_policy_regions argument. (#29623)

FEATURES:

• New Resource: aws_lightsail_bucket_resource_access (#29460)

ENHANCEMENTS:

• data-source/aws_launch_template: Add instance_requirements.allowed_instance_types and instance_requirements.network_bandwidth_gbps attributes (#29140)
• resource/aws_autoscaling_group: Add auto_rollback to the instance_refresh.preferences configuration block (#29513)
• resource/aws_autoscaling_group: Add mixed_instances_policy.launch_template.override.instance_requirements.allowed_instance_types and mixed_instances_policy.launch_template.override.instance_requirements.network_bandwidth_gbps arguments (#29140)
• resource/aws_autoscaling_policy: Add metrics to the target_tracking_configuration.customized_metric_specification configuration block in support of metric math (#28560)
• resource/aws_cloudtrail_event_data_store: Add kms_key_id argument (#29224)
• resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the db2 engine (#29380)
• resource/aws_dms_endpoint: Add support for azure-sql-managed-instance engine_name value (#28960)
• resource/aws_dms_s3_endpoint: Add detach_target_on_lob_lookup_failure_parquet argument (#29772)
• resource/aws_ec2_fleet: Add fleet_instance_set, fleet_state, fulfilled_capacity, and fulfilled_on_demand_capacity attributes (#29181)
• resource/aws_ec2_fleet: Add launch_template_config.override.instance_requirements.allowed_instance_types and launch_template_config.override.instance_requirements.network_bandwidth_gbps arguments (#29140)
• resource/aws_ec2_fleet: Add on_demand_options.capacity_reservation_options,on_demand_options.max_total_price, on_demand_options.min_target_capacity, on_demand_options.single_availability_zone and on_demand_options.single_instance_type arguments (#29181)
• resource/aws_ec2_fleet: Add spot_options.maintenance_strategies.capacity_rebalance.termination_delay argument (#29181)
• resource/aws_ec2_fleet: Add valid_from and valid_until arguments (#29181)
• resource/aws_lambda_function: Add skip_destroy argument (#29646)
• resource/aws_lambda_function: Add configurable timeout for Delete (#29646)
• resource/aws_lambda_function: Add plan time validators for memory_size, role, and timeout (#29721)
• resource/aws_lambda_function: Retry (up to the configurable timeout) deletion of replicated Lambda@Edge functions (#29646)
• resource/aws_launch_template: Add instance_requirements.allowed_instance_types and instance_requirements.network_bandwidth_gbps arguments (#29140)
• resource/aws_networkmanager_core_network: Add base_policy_regions argument (#29623)
• resource/aws_spot_fleet_request: Add launch_template_config.overrides.instance_requirements.allowed_instance_types and launch_template_config.overrides.instance_requirements.network_bandwidth_gbps arguments (#29140)
• resource/aws_transfer_server: Add support for on_partial_upload block on the workflow_details attribute. (#27730)
• resource/aws_transfer_user: Add configurable timeout for Delete (#27563)

BUG FIXES:

• resource/aws_dms_endpoint: Trigger updates based on adding new extra_connection_attributes (#29772)
• resource/aws_instance: When encountering InsufficientInstanceCapacity errors, do not retry in order to fail faster, as this error is typically not resolvable in the near future (#21293)
• resource/aws_transfer_server: Allow the removal of workflow_details attribute. (#27730)
• resource/aws_transfer_user: Fix bug preventing removal of all home_directory_mappings due to empty list validation error (#27563)

v4.56.0

NOTES:

• resource/aws_lambda_function: Updated to AWS SDK V2 (#29615)

FEATURES:

• New Data Source: aws_vpc_security_group_rule (#29484)
• New Data Source: aws_vpc_security_group_rules (#29484)
• New Resource: aws_networkmanager_connect_peer (#29296)
• New Resource: aws_vpc_security_group_egress_rule (#29484)
• New Resource: aws_vpc_security_group_ingress_rule (#29484)

ENHANCEMENTS:

• data-source/aws_ecr_image: Add most_recent argument to return the most recently pushed image (#26857)
• data-source/aws_ecr_repository: Add most_recent_image_tags attribute containing the most recently pushed image tag(s) in an ECR repository (#26857)
• resource/aws_lb_ssl_negotiation_policy: Add triggers attribute to force resource updates (#29482)
• resource/aws_load_balancer_listener_policy: Add triggers attribute to force resource updates (#29482)
• resource/aws_organizations_policy: Add skip_destroy attribute (#29382)
• resource/aws_organizations_policy_attachment: Add skip_destroy attribute (#29382)
• resource/aws_sns_topic: Add signature_version and tracing_config arguments (#29462)

BUG FIXES:

• resource/aws_acmpca_certificate_authority: revocation_configuration.crl_configuration.expiration_in_days is Optional (#29613)
• resource/aws_default_vpc: Change enable_network_address_usage_metrics to Optional+Computed, matching the aws_vpc resource (#29607)
• resource/aws_lambda_function: Fix missing ValidationException message body (#29615)
• resource/aws_medialive_channel: Fix setting of m2ts_settings arib_captions_pid and arib_captions_pid_control attributes (#29467)
• resource/aws_resourceexplorer2_view: Fix Unexpected Planned Resource State on Destroy errors when using Terraform CLI v1.3 and above (#29550)
• resource/aws_servicecatalog_provisioned_product: Fix to allow outputs to be Computed when the resource changes (#29559)
• resource/aws_sns_topic_subscription: Fix filter_policy_scope update from MessageAttributes to MessageBody with nested objects in filter_policy (#28572)
• resource/aws_wafv2_web_acl: Prevent erroneous diffs and attempts to remove AWS-added rule when applying to CF distribution using AWS Shield to automatically mitigate DDoS (#29575)

v4.55.0

FEATURES:

• New Data Source: aws_organizations_organizational_unit_child_accounts (#24350)
• New Data Source: aws_organizations_organizational_unit_descendant_accounts (#24350)
• New Resource: aws_route53_cidr_collection (#29407)
• New Resource: aws_route53_cidr_location (#29407)
• New Resource: aws_vpc_ipam_resource_discovery (#29216)
• New Resource: aws_vpc_ipam_resource_discovery_association (#29216)

ENHANCEMENTS:

• data-source/aws_s3_bucket_object: Expand content types that can be read from S3 to include some human-readable application types (e.g., application/xml, application/atom+xml) (#27704)
• data-source/aws_s3_object: Expand content types that can be read from S3 to include some human-readable application types (e.g., application/xml, application/atom+xml) (#27704)
• resource/aws_autoscaling_policy: Make resource_label optional in predefined_load_metric_specification, predefined_metric_pair_specification, and predefined_scaling_metric_specification (#29277)
• resource/aws_cloudwatch_log_group: Allow retention_in_days attribute to accept a three year retention period (1096 days) (#29426)
• resource/aws_db_proxy: Add auth.client_password_auth_type attribute (#28432)
• resource/aws_firehose_delivery_stream: Add ForceNew to dynamic_partitioning_configuration attribute (#29093)
• resource/aws_firehose_delivery_stream: Add configurable timeouts for create, update, and delete (#28469)
• resource/aws_neptune_cluster: Add neptune_instance_parameter_group_name argument, used only when upgrading major version (#28051)
• resource/aws_neptune_global_cluster: Increase Update timeout to 120 minutes (per global cluster member) (#28051)
• resource/aws_route53_cidr_location: Add cidr_routing_policy argument (#29407)
• resource/aws_s3_bucket: Accept 'NoSuchTagSetError' responses from S3-compatible services (#28530)
• resource/aws_s3_bucket: Add error handling for NotImplemented errors when reading lifecycle_rule or replication_configuration into terraform state. (#28790)
• resource/aws_s3_object: Accept 'NoSuchTagSetError' responses from S3-compatible services (#28530)

BUG FIXES:

• data-source/aws_elb: Fix errors caused by multiple security groups with the same name but different owners (#29202)
• resource/aws_appflow_connector_profile: Fix bug in connector_profile_config.0.connector_profile_properties.0.sapo_data.0.logon_language validation regex (#28550)
• resource/aws_appflow_flow: Fix misspelled source_connector_properties.0.sapo_data.0.object, which never worked, to be object_path (#28600)
• resource/aws_appmesh_route: Fix RequiredWith setting for spec.0.grpc_route.0.match.0.method_name attribute (#29217)
• resource/aws_autoscaling_policy: Fix type of target_value for predictive scaling (#28444)
• resource/aws_cloudfront_response_headers_policy: Allow server_timing_headers_config.0.sampling_rate to be 0 (#27778)
• resource/aws_codebuild_project: Fix err check on delete (#29042)
• resource/aws_ecs_service: Allow multiple service blocks within service_connect_configuration (#28813)
• resource/aws_ecs_service: Mark service_connect_configuration.service.client_alias as optional and ensure that only 1 such block can be provided (#28813)
• resource/aws_ecs_service: Require service_connect_configuration.log_configuration.log_driver to be provided (#28813)
• resource/aws_elb: Fix errors caused by multiple security groups with the same name but different owners (#29202)
• resource/aws_emr_cluster: Fix errors caused by multiple security groups with the same name but different owners (#29202)
• resource/aws_globalaccelerator_endpoint_group: Fix errors caused by multiple security groups with the same name but different owners (#29202)
• resource/aws_kms_key: Increase policy propagation eventual consistency timeouts from 5 minutes to 10 minutes (#28636)
• resource/aws_medialive_channel: Fix issue causing dbv_sub_pids attribute to be configured incorrectly in m2ts_settings (#29371)
• resource/aws_medialive_channel: Fix issue preventing audio_pids attribute from being configured in m2ts_settings (#29371)
• resource/aws_neptune_cluster: Fix restore-from-snapshot functionality using the snapshot_identifier argument on resource Create (#28051)
• resource/aws_neptune_cluster: Fix major version upgrade (#28051)
• resource/aws_sagemaker_user_profile: Change user_settings.0.jupyter_server_app_settings.0.default_resource_spec to be optional (#28581)