v5.66.0

FEATURES:

• New Data Source: aws_glue_registry (#37953)
• New Data Source: aws_organizations_organizational_unit_descendant_organizational_units (#39120)
• New Data Source: aws_quicksight_analysis (#31737)
• New Resource: aws_datazone_environment (#38811)

ENHANCEMENTS:

• data-source/aws_sns_topic: Add tags attribute (#38959)
• data-source/aws_transfer_server: Add tags attribute (#39092)
• resource/aws_appsync_graphql_api: Add api_type and merged_api_execution_role_arn arguments (#39159)
• resource/aws_bedrockagent_data_source: Add vector_ingestion_configuration.chunking_configuration.semantic_chunking_configuration, vector_ingestion_configuration.chunking_configuration.hierarchical_chunking_configuration, and vector_ingestion_configuration.parsing_configuration configuration blocks (#39138)
• resource/aws_datazone_domain: Add skip_deletion_protection attribute (#38811)
• resource/aws_docdbelastic_cluster: Add backup_retention_period and preferred_backup_window attributes (#38452)
• resource/aws_quicksight_data_source: Add parameters.databricks argument (#31737)
• resource/aws_rolesanywhere_trust_anchor: Add notification_settings argument (#39108)
• resource/aws_sagemaker_endpoint: Increase Create and Update InService timeouts to 60 minutes (#39090)
• resource/aws_wafv2_rule_group: Reduce rate_based_statement.limit minimum from 100 to 10 (#39107)
• resource/aws_wafv2_web_acl: Reduce rate_based_statement.limit minimum from 100 to 10 (#39107)

BUG FIXES:

• data-source/aws_networkmanager_core_network_policy_document: Change segment_actions.via.with_edge_override.use_edge to be nested set of edges, matching JSON (#39142)
• data-source/aws_networkmanager_core_network_policy_document: Deprecate segment_actions.via.with_edge_override.use_edge. Use segment_actions.via.with_edge_override.use_edge_location instead (#39142)
• many resources: Fixes perpetual diff when tag has a null value. (#38869)
• resource/aws_appconfig_extension: Mark role_arn as Optional (#38900)
• resource/aws_lexv2models_slot_type: Fix slot_type_values validator which limited configurations to 1 element (#39126)
• resource/aws_quicksight_analysis: Properly send theme_arn argument on create and update when configured (#31737)
• resource/aws_rolesanywhere_profile: Mark role_arns as Optional and send an empty list if unconfigured (#39108)
• resource/aws_synthetics_canary: Remove run_config.timeout_in_seconds default value to allow creation of resources with a frequency less than 14 minutes (#35177)

v5.65.0

NOTES:

• provider: Updates to Go 1.23. We do not expect this change to impact most users. For macOS, Go 1.23 requires macOS 11 Big Sur or later; support for previous versions has been discontinued. (#38999)

FEATURES:

• New Data Source: aws_shield_protection (#37524)
• New Resource: aws_glue_catalog_table_optimizer (#38052)

ENHANCEMENTS:

• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-southeast-5 AWS Region (#39052)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-southeast-5 AWS Region (#39052)
• data-source/aws_s3_bucket: Add hosted zone ID for ap-southeast-5 AWS Region (#39052)
• provider: Support ap-southeast-5 as a valid AWS Region (#39049)
• resource/aws_cognito_user_pool: Add password_policy.password_history_size argument (#39043)
• resource/aws_elastic_beanstalk_application_version: Add process argument (#25468)
• resource/aws_elasticsearch_domain: Treat SUCCEEDED_WITH_ISSUES status as success when upgrading cluster (#38086)
• resource/aws_emr_cluster: Support io2 as a valid value for ebs_config.type (#37740)
• resource/aws_emr_instance_fleet: Support io2 as a valid value for instance_type_configs.ebs_config.type (#37740)
• resource/aws_emr_instance_group: Support io2 as a valid value for instance_type_configs.ebs_config.type (#37740)
• resource/aws_glue_job: Add job_run_queuing_enabled argument (#39027)
• resource/aws_lambda_event_source_mapping: Add kms_key_arn argument (#39055)
• resource/aws_verifiedaccess_endpoint: Set PolicyEnabled flag to false on update if policy_document is empty (#38675)

BUG FIXES:

• resource/aws_amplify_app: Fix crash updating auto_branch_creation_config (#39041)
• resource/aws_elasticsearch_domain_policy: Change domain_name to ForceNew (#38086)
• resource/aws_elbv2_listener: Fix crash when reading forward actions not configured in state (#39039)
• resource/aws_emr_instance_group: Properly send an instance_count value of 0 on create when configured (#37740)
• resource/aws_gamelift_game_server_group: Fix crash while reading server group with a nil auto scaling group ARN (#39022)
• resource/aws_guardduty_invite_accepter: Fix BadRequestException: The request is rejected because an invalid or out-of-range value is specified as an input parameter errors on resource Create (#39084)
• resource/aws_lakeformation_permissions: Fix error when revoking data_cells_filter permissions (#39026)
• resource/aws_neptune_cluster: Mark neptune_cluster_parameter_group_name as Computed (#38980)
• resource/aws_neptune_cluster_instance: Mark neptune_parameter_group_name as Computed (#38980)
• resource/aws_ssm_parameter: Fix ValidationException: Parameter ARN is not supported for this operation errors when deleting resources imported by ARN (#39067)

v5.64.0

ENHANCEMENTS:

• data-source/aws_opensearch_domain: Add dashboard_endpoint_v2, domain_endpoint_v2_hosted_zone_id, and endpoint_v2 attributes (#38456)
• resource/aws_appautoscaling_target: Add suspended_state configuration block (#38942)
• resource/aws_dynamodb_table: Add restore_source_table_arn attribute (#38953)
• resource/aws_opensearch_domain: Add dashboard_endpoint_v2, domain_endpoint_v2_hosted_zone_id, and endpoint_v2 attributes (#38456)

BUG FIXES:

• resource/aws_bedrockagent_agent: Fixes consistency issues where only some prompts are overridden (#38944)
• resource/aws_cloudformation_stack_set_instance: Fix crash during construction of the id attribute when deployment_targets does not include organizational unit IDs. (#38969)
• resource/aws_glue_trigger: Fix crash when null action is configured (#38994)
• resource/aws_rds_cluster: Allow Web Service Data API (enabled_http_endpoint) to be enabled and disabled for provisioned engine mode and serverlessv2 (#38997)

v5.63.1

FEATURES:

• New Data Source: aws_route53_zones (#17457)
• New Data Source: aws_ssoadmin_permission_sets (#38741)

ENHANCEMENTS:

• data-source/aws_batch_job_queue: Add job_state_time_limit_action attribute (#38784)
• resource/aws_batch_job_definition: Add ecs_properties argument (#37871)
• resource/aws_batch_job_queue: Add job_state_time_limit_action argument (#38784)

BUG FIXES:

• provider: Fix crash when flattening string pointer slices with nil items (#38886)
• resource/aws_datazone_project: Properly surface import id parsing errors (#38924)
• resource/aws_quicksight_data_set: Fix crash when setting logical_table_map.data_transforms.project_operation.projected_columns with null list elements (#38886)
• resource/aws_ses_configuration_set: Fix crash when reputation_metrics_enabled is set to true (#38921)

v5.63.0

FEATURES:

• New Data Source: aws_bedrockagent_agent_versions (#38792)
• New Resource: aws_bedrock_guardrail (#38757)
• New Resource: aws_cloudtrail_organization_delegated_admin_account (#38817)
• New Resource: aws_datazone_environment_profile (#35603)
• New Resource: aws_datazone_form_type (#38746)
• New Resource: aws_datazone_glossary_term (#38706)
• New Resource: aws_pinpoint_email_template (#33266)

ENHANCEMENTS:

• resource/aws_networkfirewall_logging_configuration: Change logging_configuration.log_destination_config MaxItems from 2 to 3 (#38824)

BUG FIXES:

• data-source/aws_acm_certificate: Fix unreturned sdkdiags.AppendErrorf function calls (#38854)
• resource/aws_appstream_stack: Fix unreturned sdkdiags.AppendErrorf function calls (#38854)
• resource/aws_bedrockagent_agent_knowledge_base_association: Prepare agent when associating a knowledge base so it can be used (#38799)
• resource/aws_cloudwatch_event_connection: Fix various expander type assertions to prevent crashes (#38800)
• resource/aws_controltower_landing_zone: Fix unreturned sdkdiags.AppendErrorf function calls (#38854)
• resource/aws_db_event_subscription: Fix plan-time validation of name and name_prefix (#38194)
• resource/aws_ecs_cluster_capacity_providers: Fix unreturned sdkdiags.AppendErrorf function calls (#38854)
• resource/aws_ecs_service: Fix crash from nil service_registries item (#38883)
• resource/aws_ecs_task_definition: Fix perpetual container_definitions diffs on healthCheck's default values (#38872)
• resource/aws_ecs_task_definition: Prevent lowercasing of the first character of JSON keys in container_definitions.dockerLabels (#38804)
• resource/aws_ecs_task_definition: Remove nulls from container_definition array fields (#38870)
• resource/aws_elasticache_replication_group: Fix crash when setting replicas_per_node_group if node groups are empty (#38797)
• resource/aws_fms_policy: Fix unreturned sdkdiags.AppendErrorf function calls (#38854)
• resource/aws_grafana_workspace: Fix crash when empty network_access_control block is configured (#38775)
• resource/aws_grafana_workspace: Fix crash when empty vpc_configuration block is configured (#38775)
• resource/aws_iot_thing_group: Fix crash when empty attribute_payload block is configured (#38776)
• resource/aws_lexv2models_slot_type: Fix slot_type_values to have sample_value attribute (#38856)
• resource/aws_networkmanager_connect_peer: Set all configuration.bgp_configurations on Read (#38798)
• resource/aws_redshift_cluster: Set encrypted on snapshot restore, when enabled (#38828)
• resource/aws_rolesanywhere_profile: Fix unreturned sdkdiags.AppendErrorf function calls (#38854)
• resource/aws_rolesanywhere_trust_anchor: Fix unreturned sdkdiags.AppendErrorf function calls (#38854)
• resource/aws_s3_bucket_lifecycle_configuration: Fix unreturned sdkdiags.AppendErrorf function calls (#38854)

v5.62.0

FEATURES:

• New Data Source: aws_rds_cluster_parameter_group (#38416)
• New Data Source: aws_secretsmanager_secret_versions (#35411)
• New Resource: aws_ebs_snapshot_block_public_access (#38641)
• New Resource: aws_rds_integration (#35199)

ENHANCEMENTS:

• data-source/aws_s3_bucket_object: Expand content types that can be read from S3 to include include application/x-sql (#38737)
• data-source/aws_s3_object: Expand content types that can be read from S3 to include application/x-sql (#38737)
• provider: Allow default_tags to be set by environment variables (#33339)
• provider: Allow ignore_tags.keys and ignore_tags.key_prefixes to be set by environment variables (#35264)
• resource/aws_db_option_group: Add skip_destroy argument (#29663)
• resource/aws_db_parameter_group: Add skip_destroy argument (#29663)
• resource/aws_dx_macsec_key_association: Add plan-time validation of secret_arn (#37213)
• resource/aws_ecs_service: Add force_delete argument (#38707)
• resource/aws_grafana_license_association: Add grafana_token argument (#38743)
• resource/aws_lb_target_group: Add target_health_state.unhealthy_draining_interval argument (#38654)
• resource/aws_lexv2models_slot: Add sub_slot_setting attribute (#38698)

BUG FIXES:

• data-source/aws_ecr_repository_creation_template: Support ROOT as a valid value for prefix (#38685)
• data-source/aws_msk_broker_nodes: Filter out nodes with no broker info (#38042)
• resource/aws_appconfig_configuration_profile: Increase name max length validation to 128 (#37539)
• resource/aws_batch_job_definition: Fix panic when checking eks_properties for job updates (#38716)
• resource/aws_batch_job_definition: Fix panic when checking retry_strategy for job updates (#38716)
• resource/aws_batch_job_definition: Fix panic when checking timeout for job updates (#38716)
• resource/aws_ec2_capacity_block_reservation: Fix error during apply for missing created_date attribute (#38689)
• resource/aws_ecr_repository_creation_template: Support ROOT as a valid value for prefix (#38685)
• resource/aws_elbv2_trust_store_revocation: Fix to properly return errors during resource creation (#38756)
• resource/aws_emr_cluster: Fix panic when reading an instance fleet with an empty launch_specifications argument (#38773)
• resource/aws_lexv2models_bot: Handle PreconditionFailedException on delete for resources deleted out-of-band (#38661)
• resource/aws_lexv2models_bot_locale: Handle PreconditionFailedException on delete for resources deleted out-of-band (#38661)
• resource/aws_lexv2models_bot_version: Handle PreconditionFailedException on delete for resources deleted out-of-band (#38661)
• resource/aws_networkmanager_core_network: Fix $.network-function-groups: null found, array expected errors when creating resource with create_base_policy argument (#38642)
• resource/aws_quicksight_account_subscription: Fix panic when read returns nil account info (#38752)
• resource/aws_sfn_state_machine: Mark revision_id and state_machine_version_arn as Computed on update if publish is true (#38657)

v5.61.0

NOTES:

• resource/aws_chatbot_teams_channel_configuration: This resource is provided on a best-effort basis, and we welcome the community's help in testing it. (#38630)

FEATURES:

• New Data Source: aws_ecr_repository_creation_template (#38597)
• New Resource: aws_chatbot_slack_channel_configuration (#38124)
• New Resource: aws_chatbot_teams_channel_configuration (#38630)
• New Resource: aws_datazone_glossary (#38602)
• New Resource: aws_ecr_repository_creation_template (#38597)
• New Resource: aws_timestreaminfluxdb_db_instance (#37963)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add upgrade_policy attribute (#38573)
• data-source/aws_sagemaker_prebuilt_ecr_image: Support additional repository_name values. See documentation for details (#38575)
• resource/aws_appsync_graphql_api: Add enhanced_metrics_config configuration block (#38570)
• resource/aws_db_instance: Add upgrade_storage_config argument (#36904)
• resource/aws_default_vpc: Support ipv6_cidr_block sizes between /44 and /60 in increments of /4 (#35614)
• resource/aws_default_vpc: Support ipv6_netmask_length values between 44 and 60 in increments of 4 (#35614)
• resource/aws_eks_cluster: Add upgrade_policy configuration block (#38573)
• resource/aws_elasticache_user_group_association: Add configurable create and delete timeouts (#38559)
• resource/aws_pipes_pipe: Add log_configuration.include_execution_data argument (#38569)
• resource/aws_rds_cluster: Add performance_insights_enabled, performance_insights_kms_key_id, and performance_insights_retention_period arguments (#29415)
• resource/aws_rds_cluster: Add restore_to_point_in_time.source_cluster_resource_id argument (#38540)
• resource/aws_rds_cluster: Mark restore_to_point_in_time.source_cluster_identifier as Optional (#38540)
• resource/aws_sfn_activity: Add encryption_configuration configuration block to support the use of Customer Managed Keys with AWS KMS to encrypt Step Functions Activity resources (#38574)
• resource/aws_sfn_state_machine: Add encryption_configuration configuration block to support the use of Customer Managed Keys with AWS KMS to encrypt Step Functions State Machine resources (#38574)
• resource/aws_ssm_patch_baseline: Remove empty fields from json attribute value (#35950)
• resource/aws_storagegateway_file_system_association: Add configurable timeouts (#38554)
• resource/aws_vpc: Support ipv6_cidr_block sizes between /44 and /60 in increments of /4 (#35614)
• resource/aws_vpc: Support ipv6_netmask_length values between 44 and 60 in increments of 4 (#35614)
• resource/aws_vpc_ipv6_cidr_block_association: Add assign_generated_ipv6_cidr_block and ipv6_pool arguments (#27274)
• resource/aws_vpc_ipv6_cidr_block_association: Support ipv6_cidr_block sizes between /44 and /60 in increments of /4 (#35614)
• resource/aws_vpc_ipv6_cidr_block_association: Support ipv6_netmask_length values between 44 and 60 in increments of 4 (#35614)
• resource/aws_vpc_security_group_egress_rule: Add tags to the AuthorizeSecurityGroupEgress EC2 API call instead of making a separate CreateTags call (#35614)
• resource/aws_vpc_security_group_ingress_rule: Add tags to the AuthorizeSecurityGroupIngress EC2 API call instead of making a separate CreateTags call (#35614)
• resource/aws_wafv2_web_acl: Add rule_json attribute to allow raw JSON for rules. (#38309)

BUG FIXES:

• data-source/aws_appstream_image: Fix issue where the most recent image is not returned (#38571)
• datasource/aws_networkmanager_core_network_policy_document: Fix CoreNetworkPolicyException when putting policy with single wildcard in when_sent_to (#38595)
• resource/aws_cloudsearch_domain: Fix index_name character length validation (#38509)
• resource/aws_ecs_task_definition: Ensure that JSON keys in container_definitions start with a lowercase letter (#38622)
• resource/aws_iot_provisioning_template: Properly send type argument on create when configured (#38640)
• resource/aws_opensearchserverless_security_policy: Normalize policy content to prevent persistent differences (#38604)
• resource/aws_pipes_pipe: Don't reset target_parameters if the configured value has not changed (#38598)
• resource/aws_rds_instance: Allow domain_dns_ips to use single DNS server IP (#36500)
• resource/aws_sagemaker_domain: Properly send domain_settings.r_studio_server_pro_domain_settings.r_studio_package_manager_url argument on create (#38547)
• resource/aws_vpc_ipam_pool_cidr_allocation: Set description on Read (#38618)
• resource/aws_vpc_ipam_pool_cidr_allocation: Set netmask_length on Read (#38618)

v5.60.0

NOTES:

• resource/aws_shield_subscription: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#37637)

FEATURES:

• New Data Source: aws_service_principal (#38307)
• New Resource: aws_shield_subscription (#37637)

ENHANCEMENTS:

• data-source/aws_cloudwatch_event_bus: Add kms_key_identifier attribute (#38492)
• data-source/aws_cur_report_definition: Add tags attribute (#38483)
• resource/aws_appflow_flow: Add metadata_catalog_config attribute (#37566)
• resource/aws_appflow_flow: Add prefix_hierarchy attribute to destination_flow_config.s3.s3_output_format_config (#37566)
• resource/aws_batch_job_definition: Add eks_properties.*.pod_properties.*.image_pull_secret argument (#38517)
• resource/aws_cloudformation_stack_set_instance: Add operation_preferences.concurrency_mode argument (#38498)
• resource/aws_cloudwatch_event_bus: Add kms_key_identifier argument (#38492)
• resource/aws_cur_report_definition: Add tags argument and tags_all attribute (#38483)
• resource/aws_db_cluster_snapshot: Add shared_accounts argument (#34885)
• resource/aws_db_snapshot_copy: Add shared_accounts argument (#34843)
• resource/aws_glue_connection: Add AZURECOSMOS, AZURESQL, BIGQUERY, OPENSEARCH, and SNOWFLAKE as valid values for the connection_type argument and SparkProperties as a valid value for the connection_properties argument (#37731)
• resource/aws_iam_role: Change from partial resource creation to resource creation failed if an inline_policy fails to create (#38477)
• resource/aws_rds_cluster: Add scaling_configuration.seconds_before_timeout argument (#38451)
• resource/aws_sesv2_configuration_set_event_destination: Add event_destination.event_bridge_destination configuration block (#38458)
• resource/aws_timestreamwrite_table: Fix runtime error: invalid memory address or nil pointer dereference panic when reading a non-existent table (#38512)

BUG FIXES:

• data-source/aws_fsx_ontap_storage_virtual_machine: Correctly set tags on Read (#38343)
• data-source/aws_fsx_openzfs_snapshot: Correctly set tags on Read (#38343)
• resource/aws_ce_cost_category: Fix perpetual diff with the rule argument on update (#38449)
• resource/aws_codebuild_webhook: Remove errant validation on scope_configuration.domain argument (#38513)
• resource/aws_ecs_service: Fix error marshaling prior state: a number is required when upgrading from v5.58.0 to v5.59.0 (#38490)
• resource/aws_ecs_task_definition: Fix Provider produced inconsistent final plan errors when container_definitions is unknown (#38471)
• resource/aws_elasticache_replication_group: Fix error marshaling prior state when upgrading from v4.67.0 to v5.59.0 (#38476)
• resource/aws_fsx_openzfs_volume: Correctly set tags on Read (#38343)
• resource/aws_rds_cluster: Mark ca_certificate_identifier as Computed (#38437)
• resource/aws_rds_cluster: Use the configured copy_tags_to_snapshot value when restore_to_point_in_time is set (#34044)
• resource/aws_rds_cluster: Wait for no pending modified values on Update if apply_immediately is true. This fixes InvalidParameterCombination errors when updating engine_version (#38437)

v5.59.0

FEATURES:

• resource/aws_kinesis_firehose_delivery_stream: Add secrets_manager_configuration to redshift_configuration, snowflake_configuration, and splunk_configuration (#38151)
• New Data Source: aws_cloudfront_origin_access_control (#36301)
• New Data Source: aws_timestreamwrite_database (#36368)
• New Data Source: aws_timestreamwrite_table (#36599)
• New Resource: aws_datazone_project (#38345)
• New Resource: aws_grafana_workspace_service_account (#38101)
• New Resource: aws_grafana_workspace_service_account_token (#38101)
• New Resource: aws_rds_certificate (#35003)
• New Resource: aws_rekognition_stream_processor (#37536)

ENHANCEMENTS:

• data-source/aws_elasticache_replication_group: Add cluster_mode attribute (#38002)
• data-source/aws_lakeformation_data_lake_settings: Add allow_full_table_external_data_access attribute (#34474)
• data-source/aws_msk_cluster: Add broker_node_group_info attribute (#37705)
• resource/aws_bedrockagent_agent : Add skip_resource_in_use_check argument (#37586)
• resource/aws_bedrockagent_agent_action_group: Add action_group_executor.custom_control argument (#37484)
• resource/aws_bedrockagent_agent_action_group: Add function_schema configuration block (#37484)
• resource/aws_bedrockagent_agent_alias : Add routing_configuration.provisioned_throughput argument (#37520)
• resource/aws_codebuild_webhook: Add scope_configuration argument (#38199)
• resource/aws_codepipeline: Add timeout_in_minutes argument to the action configuration block (#36316)
• resource/aws_db_instance: Add engine_lifecycle_support argument (#37708)
• resource/aws_ecs_cluster: Add configuration.managed_storage_configuration argument (#37932)
• resource/aws_elasticache_replication_group: Add cluster_mode argument (#38002)
• resource/aws_emrserverless_application: Add interactive_configuration argument (#37889)
• resource/aws_fis_experiment_template: Add experiment_options configuration block (#36900)
• resource/aws_fsx_lustre_file_system: Add final_backup_tags and skip_final_backup arguments (#37717)
• resource/aws_fsx_ontap_volume: Add final_backup_tags argument (#37717)
• resource/aws_fsx_openzfs_file_system: Add delete_options and final_backup_tags arguments (#37717)
• resource/aws_fsx_windows_file_system: Add final_backup_tags argument (#37717)
• resource/aws_imagebuilder_image_pipeline: Add execution_role and workflow arguments (#37317)
• resource/aws_kinesis_firehose_delivery_stream: Add secrets_manager_configuration to http_endpoint_configuration (#38245)
• resource/aws_kinesisanalyticsv2_application: Support FLINK-1_19 as a valid value for runtime_environment (#38350)
• resource/aws_lakeformation_data_lake_settings: Add allow_full_table_external_data_access attribute (#34474)
• resource/aws_lb_target_group: Add target_group_health configuration block (#37082)
• resource/aws_msk_replicator: Add starting_position argument (#36968)
• resource/aws_rds_cluster: Add engine_lifecycle_support argument (#37708)
• resource/aws_rds_global_cluster: Add engine_lifecycle_support argument (#37708)
• resource/aws_redshift_cluster_snapshot: Set arn from DescribeClusterSnapshots API response (#37996)
• resource/aws_vpclattice_listener: Support TLS_PASSTHROUGH as a valid value for protocol (#37964)
• resource/aws_wafv2_web_acl: Add enable_machine_learning to aws_managed_rules_bot_control_rule_set configuration block (#37006)

BUG FIXES:

• data-source/aws_efs_access_point: Set id the the access point ID, not the file system ID. This fixes a regression introduced in v5.58.0 (#38372)
• data-source/aws_lb_listener: Correctly set default_action.target_group_arn (#37348)
• resource/aws_chime_voice_connector_group: Properly handle voice connector groups deleted out of band (#36774)
• resource/aws_codebuild_project: Fix unsetting concurrent_build_limit (#37748)
• resource/aws_codepipeline: Mark trigger as Computed (#36316)
• resource/aws_ecs_service: Change volume_configuration.managed_ebs_volume.throughput from TypeString to TypeInt (#38109)
• resource/aws_elasticache_replication_group: Allows setting replicas_per_node_group to 0 and sets the maximum to 5. (#38396)
• resource/aws_elasticache_replication_group: Requires description. (#38396)
• resource/aws_elasticache_replication_group: When num_cache_clusters is set, prevents setting replicas_per_node_group. (#38396)
• resource/aws_elasticache_replication_group: num_cache_clusters must be at least 2 when automatic_failover_enabled is true. (#38396)
• resource/aws_elastictranscoder_pipeline: Properly handle NotFound exceptions during deletion (#38018)
• resource/aws_elastictranscoder_preset: Properly handle NotFound exceptions during deletion (#38018)
• resource/aws_lb_target_group: Use the configured ip_address_type value when target_type is instance (#36423)
• resource/aws_lb_trust_store: Wait until trust store is ACTIVE on resource Create (#38332)
• resource/aws_pinpoint_app: Fix interface conversion: interface {} is nil, not map[string]interface {} panic when campaign_hook is empty ({}) (#38323)
• resource/aws_transfer_server: Add supported values TransferSecurityPolicy-FIPS-2024-05, TransferSecurityPolicy-Restricted-2018-11, and TransferSecurityPolicy-Restricted-2020-06 for the security_policy_name argument (#38425)

v5.58.0

FEATURES:

• New Resource: aws_cloudwatch_log_account_policy (#38328)
• New Resource: aws_verifiedpermissions_identity_source (#38181)

ENHANCEMENTS:

• data-source/aws_launch_template: Add network_interfaces.primary_ipv6 attribute (#37142)
• data-source/aws_mskconnect_connector: Add tags attribute (#38270)
• data-source/aws_mskconnect_custom_plugin: Add tags attribute (#38270)
• data-source/aws_mskconnect_worker_configuration: Add tags attribute (#38270)
• data-source/aws_oam_link: Add link_configuration attribute (#38277)
• resource/aws_cloudformation_stack_set_instance: Extend deployment_targets argument. (#37898)
• resource/aws_cloudtrail_event_data_store: Add billing_mode argument (#38273)
• resource/aws_db_instance: Fix InvalidParameterCombination: A parameter group can't be specified during Read Replica creation for the following DB engine: postgres errors (#38227)
• resource/aws_ec2_capacity_reservation: Add configurable timeouts (#36754)
• resource/aws_ec2_capacity_reservation: Retry InsufficientInstanceCapacity errors (#36754)
• resource/aws_eks_cluster: Add bootstrap_self_managed_addons argument (#38162)
• resource/aws_fms_policy: Add resource_set_ids attribute (#38161)
• resource/aws_fsx_ontap_file_system: Add 384, 768, 1536, 3072, and 6144 as valid values for throughput_capacity (#38308)
• resource/aws_fsx_ontap_file_system: Add 384, 768, and 1536 as valid values for throughput_capacity_per_ha_pair (#38308)
• resource/aws_fsx_ontap_file_system: Add MULTI_AZ_2 as a valid value for deployment_type (#38308)
• resource/aws_globalaccelerator_cross_account_attachment: Add cidr_block argument to resource configuration block (#38196)
• resource/aws_iam_server_certificate: Add configurable delete timeout (#38212)
• resource/aws_launch_template: Add network_interfaces.primary_ipv6 argument (#37142)
• resource/aws_mskconnect_connector: Add tags argument and tags_all attribute (#38270)
• resource/aws_mskconnect_custom_plugin: Add tags argument and tags_all attribute (#38270)
• resource/aws_mskconnect_worker_configuration: Add tags argument and tags_all attribute (#38270)
• resource/aws_mskconnect_worker_configuration: Add resource deletion logic (#38270)
• resource/aws_oam_link: Add link_configuration argument (#38277)
• resource/aws_rds_cluster: Add ca_certificate_identifier argument and ca_certificate_valid_till attribute (#37108)
• resource/aws_ssm_association: Add tags argument and tags_all attribute (#38271)

BUG FIXES:

• aws_dx_lag: Checks for errors other than NotFound when reading. (#38292)
• aws_dynamodb_kinesis_streaming_destination: Checks for errors other than NotFound when reading. (#38292)
• aws_ec2_capacity_block_reservation: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_access_policy: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_collection: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_security_config: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_security_policy: Checks for errors other than NotFound when reading. (#38292)
• aws_opensearchserverless_vpc_endpoint: Checks for errors other than NotFound when reading. (#38292)
• aws_ram_principal_association: Checks for errors other than NotFound when reading. (#38292)
• aws_route_table: Checks for errors other than NotFound when reading. (#38292)
• data-source/aws_ecr_repository: Fix issue where the tags attribute is not set (#38272)
• data-source/aws_eks_cluster: Add access_config.bootstrap_cluster_creator_admin_permissions attribute (#38295)
• resource/aws_appstream_fleet: Support 0 as a valid value for idle_disconnect_timeout_in_seconds (#38274)
• resource/aws_cloudformation_stack_set_instance: Add ForceNew to deployment_targets attributes to ensure a new resource is recreated when the deployment_targets argument is changed, which was not the case previously. (#37898)
• resource/aws_db_instance: Correctly mark incomplete instances as tainted during creation (#38252)
• resource/aws_eks_cluster: Set access_config.bootstrap_cluster_creator_admin_permissions to true on Read for clusters with no access_config configured. This allows in-place updates of existing clusters when access_config is configured (#38295)
• resource/aws_elasticache_serverless_cache: Allow cache_usage_limits.data_storage.maximum, cache_usage_limits.data_storage.minimum, cache_usage_limits.ecpu_per_second.maximum and cache_usage_limits.ecpu_per_second.minimum to be updated in-place (#38269)
• resource/aws_mskconnect_connector: Fix interface conversion: interface {} is nil, not map[string]interface {} panic when log_delivery.worker_log_delivery is empty ({}) (#38270)