v5.98.0

FEATURES:

• New Data Source: aws_account_primary_contact (#42526)
• New Data Source: aws_dynamodb_tables (#42339)
• New Resource: aws_bedrockagent_prompt (#42211)
• New Resource: aws_cloudfrontkeyvaluestore_keys_exclusive (#42246)
• New Resource: aws_dataexchange_revision_assets (#42272)
• New Resource: aws_inspector2_filter (#42374)
• New Resource: aws_wafv2_api_key (#42525)

ENHANCEMENTS:

• data-source/aws_cloudwatch_event_bus: Add dead_letter_config attribute (#42471)
• data-source/aws_cloudwatch_event_connection: Add kms_key_identifier attribute (#42385)
• data-source/aws_cognito_user_pool_client: Add refresh_token_rotation attribute (#42430)
• data-source/aws_cognitoidp_user_pool: Add user_pool_add_ons attribute (#42470)
• data-source/aws_dynamodb_table: Add point_in_time_recovery.recovery_period_in_days attribute (#41484)
• data-source/aws_ec2_client_vpn_endpoint: Add client_route_enforcement_options attribute (#42424)
• data-source/aws_imagebuilder_distribution_configuration: Add distribution.ssm_parameter_configuration attribute (#42604)
• data-source/aws_redshiftserverless_workgroup: Add track_name attribute (#42451)
• data-source/aws_workspaces_directory: Add active_directory_config, user_identity_type, workspace_directory_description, workspace_directory_name, and workspace_type attributes (#42330)
• resource/aws_appflow_flow: Add destination_flow_config.destination_connector_properties.salesforce.data_transfer_api argument (#42479)
• resource/aws_autoscaling_group: Add capacity_reservation_specification argument (#42380)
• resource/aws_bedrockagent_agent: Add prepared_at attribute. (#42586)
• resource/aws_bedrockagent_agent: Increase instruction max length for validation to 20000 (#42596)
• resource/aws_cloudwatch_event_bus: Add dead_letter_config argument (#42471)
• resource/aws_cloudwatch_event_connection: Add kms_key_identifier argument (#42385)
• resource/aws_cognito_managed_user_pool_client: Add refresh_token_rotation argument (#42430)
• resource/aws_cognito_user_pool_client: Add refresh_token_rotation argument (#42430)
• resource/aws_cognitoidp_user_pool: Add user_pool_add_ons.advanced_security_additional_flows argument (#42470)
• resource/aws_docdb_cluster: Add manage_master_user_password argument and master_user_secret attribute (#42563)
• resource/aws_dynamodb_table: Add point_in_time_recovery.recovery_period_in_days argument (#41484)
• resource/aws_ec2_client_vpn_endpoint: Add client_route_enforcement_options argument (#42424)
• resource/aws_ecs_account_setting_default: Add support for defaultLogDriverMode value in Name argument (#42418)
• resource/aws_imagebuilder_distribution_configuration: Add distribution.ssm_parameter_configuration argument (#42604)
• resource/aws_iot_domain_configuration: Add application_protocol and authentication_type arguments (#42534)
• resource/aws_msk_serverless_cluster: Add bootstrap_brokers_sasl_iam attribute. This functionality requires the kafka:GetBootstrapBrokers IAM permission (#42148)
• resource/aws_redshiftserverless_workgroup: Add track_name argument (#42451)
• resource/aws_rum_app_monitor: Add domain_list argument (#42456)
• resource/aws_rum_app_monitor: Mark domain as Optional (#42456)
• resource/aws_s3tables_table: Add encryption_configuration argument. This functionality requires the s3tables:GetTableEncryption IAM permission (#42356)
• resource/aws_s3tables_table_bucket: Add encryption_configuration argument. This functionality requires the s3tables:GetTableBucketEncryption IAM permission (#42356)
• resource/aws_securityhub_finding_aggregator: Support NO_REGIONS as a valid value for linking_mode (#42574)
• resource/aws_sns_topic: Add fifo_throughput_scope argument (#42508)
• resource/aws_wafv2_rule_group: Add uri_fragment to field_to_match configuration blocks (#42407)
• resource/aws_wafv2_web_acl: Add data_protection_config argument (#42404)
• resource/aws_wafv2_web_acl: Add uri_fragment to field_to_match configuration blocks (#42407)
• resource/aws_workspaces_directory: Add active_directory_config, user_identity_type, workspace_directory_description, workspace_directory_name, and workspace_type arguments in support of WorkSpaces Pools (#42330)
• resource/aws_workspaces_directory: Mark directory_id as Optional (#42330)

BUG FIXES:

• aws_sagemaker_mlflow_tracking_server: Fix ValidationException: The provided MLflow version is not supported errors (#42435)
• data-source/aws_networkfirewall_firewall_policy: Add firewall_policy.policy_variables configuration block (#42473)
• resource/aws_bedrockagent_agent_alias: Stop using state for unknown on routing_configuration so we only send it on update when explicility configured. This allows updates to aliases to create new versions. (#42603)
• resource/aws_cloudwatch_metric_alarm: Support 20 as a valid value for metric_query.metric.period, metric_query.period, and period (#42390)
• resource/aws_controltower_control: Fix handling ResourceNotFound exceptions during delete (#42494)
• resource/aws_controltower_control: Fix handling of parameters block removal (#42494)
• resource/aws_ec2_network_insights_path: Fix failure when filter_at_source.source_address is unspecified. (#42369)
• resource/aws_instance: Fix InvalidNetworkInterface.InUse errors on Create (#42623)
• resource/aws_lb_listener: Don't send zero value (false, 0 or "") for unconfigured listener attributes on Create (#41846)
• resource/aws_rds_cluster_parameter_group: Fix InvalidParameterValue: collation_server '..' is not valid for character_set '...' errors on Create (#42559)

v6.0.0-beta1

BREAKING CHANGES:

• data-source/aws_ami: The severity of the diagnostic returned when most_recent is true and owner and image ID filter criteria has been increased to an error. Existing configurations which were previously receiving a warning diagnostic will now fail to apply. To prevent this error, set the owner argument or include a filter block with an image-id or owner-id name/value pair. To continue using unsafe filter values with most_recent set to true, set the new allow_unsafe_filter argument to true. This is not recommended. (#42114)
• data-source/aws_ecs_task_definition: Remove inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
• data-source/aws_ecs_task_execution: Remove inference_accelerator_overrides attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
• data-source/aws_elbv2_listener_rule: The action.authenticate_cognito, action.authenticate_oidc, action.fixed_response, action.forward, action.forward.stickiness, action.redirect, condition.host_header, condition.http_header, condition.http_request_method, condition.path_pattern, condition.query_string, and condition.source_ip attributes are now list nested blocks instead of single nested blocks (#42283)
• data-source/aws_identitystore_user: filter has been removed (#42325)
• data-source/aws_launch_template: Remove elastic_inference_accelerator attribute. Amazon Elastic Inference reached end of life on April, 2024. (#42137)
• data-source/aws_launch_template: elastic_gpu_specifications has been removed (#42312)
• data-source/aws_opensearch_domain: kibana_endpoint has been removed (#42268)
• data-source/aws_opensearchserverless_security_config: saml_options is now a list nested block instead of a single nested block (#42270)
• data-source/aws_service_discovery_service: Remove tags_all attribute (#42136)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_application resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_custom_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ecs_cluster_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_ganglia_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_haproxy_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_instance resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_java_app_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_memcached_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_mysql_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_nodejs_app_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_permission resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_php_app_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rails_app_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_rds_db_instance resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_stack resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_static_web_layer resource has been removed (#41948)
• provider: As the AWS OpsWorks Stacks service has reached End Of Life, the aws_opsworks_user_profile resource has been removed (#41948)
• provider: As the AWS SDK for Go v2 does not support Amazon SimpleDB the aws_simpledb_domain resource has been removed. Add a constraint to v5 of the Terraform AWS Provider for continued use of this resource (#41775)
• provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_fleet resource has been removed (#42059)
• provider: As the AWS SDK for Go v2 does not support Amazon Worklink, the aws_worklink_website_certificate_authority_association resource has been removed (#42059)
• provider: The aws_redshift_service_account resource has been removed. AWS recommends that a service principal name should be used instead of an AWS account ID in any relevant IAM policy (#41941)
• provider: The endpoints.opsworks configuration argument has been removed (#41948)
• provider: The endpoints.simpledb and endpoints.sdb configuration arguments have been removed (#41775)
• provider: The endpoints.worklink configuration argument has been removed (#42059)
• resource/aws_accessanalyzer_archive_rule: filter.exists now only accepts one of "" (empty string), true, or false (#42434)
• resource/aws_alb_target_group: preserve_client_ip now only accepts one of "" (empty string), true, or false (#42434)
• resource/aws_api_gateway_account: The reset_on_delete argument has been removed ([#42226](https://github.com/hashicorp/...

v5.97.0

FEATURES:

• New Resource: aws_ec2_default_credit_specification (#42345)

ENHANCEMENTS:

• data-source/aws_glue_connection: Support athena_properties attribute (#42262)
• data-source/aws_imagebuilder_infrastructure_configuration: Add placement attribute (#42347)
• data-source/aws_networkfirewall_firewall: Add enabled_analysis_types attribute (#42160)
• data-source/aws_workspaces_directory: Add certificate_based_auth_properties attribute (#42269)
• resource/aws_accessanalyzer_analyzer: Add configuration.unused_access.analysis_rule argument (#42332)
• resource/aws_fis_experiment_template: Add support for ManagedResources to action.*.target (#42376)
• resource/aws_glue_connection: Add athena_properties argument and allow DYNAMODB connection type. (#42262)
• resource/aws_glue_connection: Support DYNAMODB as a valid value for connection_type (#42262)
• resource/aws_imagebuilder_infrastructure_configuration: Add placement argument (#42347)
• resource/aws_networkfirewall_firewall: Add enabled_analysis_types argument (#42160)
• resource/aws_workspaces_directory: Add certificate_based_auth_properties configuration block (#42269)

BUG FIXES:

• resource/aws_vpclattice_listener_rule: Prevents error when setting listener_identifier to ARN. (#42215)
• resource/aws_vpclattice_listener_rule: Prevents error when setting service_identifier to ARN. (#42215)
• resource/aws_vpclattice_listener_rule: Requires match.http_match. (#42215)
• resource/aws_vpclattice_listener_rule: Requires exactly one of action.fixed_response or action.forward. (#42215)

v5.96.0

FEATURES:

• New Data Source: aws_fis_experiment_templates (#37060)
• New Data Source: aws_vpc_endpoint_associations (#41918)

ENHANCEMENTS:

• data-source/aws_api_gateway_domain_name: Add endpoint_configuration.ip_address_type attribute (#42146)
• data-source/aws_api_gateway_rest_api: Add endpoint_configuration.ip_address_type attribute (#42146)
• data-source/aws_apigatewayv2_api: Add ip_address_type attribute (#42145)
• data-source/aws_dms_endpoint: Add kinesis_settings.use_large_integer_value attribute (#42300)
• data-source/aws_guardduty_detector: Add arn attribute (#42344)
• data-source/aws_guardduty_detector: Add tags attribute (#42344)
• resource/aws_api_gateway_domain_name: Add endpoint_configuration.ip_address_type argument to support dual-stack (IPv4 and IPv6) endpoints (#42146)
• resource/aws_api_gateway_rest_api: Add endpoint_configuration.ip_address_type argument to support dual-stack (IPv4 and IPv6) endpoints (#42146)
• resource/aws_apigatewayv2_api: Add ip_address_type argument to support dual-stack (IPv4 and IPv6) endpoints (#42145)
• resource/aws_apigatewayv2_domain_name: Add domain_name_configuration.ip_address_type argument to support dual-stack (IPv4 and IPv6) endpoints (#42145)
• resource/aws_dms_endpoint: Add kinesis_settings.use_large_integer_value argument (#42300)
• resource/aws_fis_experiment_template: Add experiment_report_configuration argument (#41120)

BUG FIXES:

• resource/aws_elasticache_replication_group: Fix malformed version error when parsing 7.x redis engine versions (#42346)
• resource/aws_iam_user: Retry ConcurrentModificationExceptions during user creation (#42081)
• resource/aws_rds_cluster: Fix InvalidParameterValue: SecondsUntilAutoPause can only be specified when minimum capacity is 0 errors when removing serverlessv2_scaling_configuration.seconds_until_auto_pause (#41180)

v5.95.0

NOTES:

• resource/aws_api_gateway_deployment: Computed attributes invoke_url and execution_arn are deprecated. Use the invoke_url and execution_arn attributes of the aws_api_gateway_stage resource instead. (#42244)

FEATURES:

• New Resource: aws_redshift_integration (#42105)

ENHANCEMENTS:

• data-source/aws_ec2_network_insights_path: Support filter_at_destination and filter_at_source attributes (#42214)
• resource/aws_amplify_app: Add compute_role_arn argument (#41650)
• resource/aws_codebuild_webhook: Add manual_creation argument (#40155)
• resource/aws_cognito_user_pool_domain: Add managed_login_version argument (#40855)
• resource/aws_ec2_network_insights_path: Add filter_at_destination and filter_at_source configuration blocks (#42214)
• resource/aws_eks_cluster: Add force_update_version argument (#42134)
• resource/aws_prometheus_scraper: Allow alias, destination, role_configuration, and scrape_configuration to be updated in-place (#42109)
• resource/aws_redshiftserverless_workgroup: Add price_performance_target argument (#40946)
• resource/aws_sagemaker_image_version: Add horovod, job_type, ml_framework, processor, programming_lang, release_notes, and vendor_guidance arguments (#42143)
• resource/aws_sagemaker_notebook_lifecycle_configuration: Add tags argument and tags_all attribute (#42141)
• resource/aws_transfer_server: Add TransferSecurityPolicy-2025-03, TransferSecurityPolicy-FIPS-2025-03, and TransferSecurityPolicy-SshAuditCompliant-2025-02 as valid values for security_policy_name (#42164)

BUG FIXES:

• resource/aws_elasticache_serverless_cache: Fix to allow in-place updates when engine is changed from redis to valkey (#42208)
• resource/aws_kms_custom_key_store: Fix panic: runtime error: invalid memory address or nil pointer dereference when no XksProxyConfiguration is returned (#42241)
• resource/aws_s3_bucket_lifecycle_configuration: Fix errors when removing rule from top of list (#42228)
• resource/aws_s3_bucket_lifecycle_configuration: Fix potential eventual consistency errors in some regions (#41764)
• resource/aws_s3_bucket_lifecycle_configuration: No longer allows empty rule.filter.and.tags (#42041)
• resource/aws_sagemaker_domain: Allow default_user_settings.custom_file_system_config and default_space_settings.custom_file_system_config to be removed on Update (#42144)
• resource/aws_sagemaker_user_profile: Allow user_settings.custom_file_system_config to be removed on Update (#42144)

v5.94.1

BUG FIXES:

• resource/aws_sns_topic_subscription: Ignore AuthorizationError exceptions for ListSubscriptionByTopic operations. This fixes a regression introduced in v5.94.0. (#42117)

v5.94.0

NOTES:

• resource/aws_ssm_parameter: The overwrite argument is no longer deprecated (#42030)

ENHANCEMENTS:

• data-source/aws_ami: Add last_launched_time attribute (#42049)
• resource/aws_ami: Add last_launched_time attribute (#42049)
• resource/aws_ami_copy: Add last_launched_time attribute (#42049)
• resource/aws_ami_from_instance: Add last_launched_time attribute (#42049)
• resource/aws_glue_job: Add source_control_details argument (#42046)
• resource/aws_lambda_function: Add support for ruby3.4 runtime value (#42052)
• resource/aws_lambda_layer_version: Add support for ruby3.4 compatible_runtimes value (#42052)
• resource/aws_prometheus_scraper: Add role_configuration argument (#42039)
• resource/aws_s3_bucket_lifecycle_configuration: Adds warning if multiple attributes in rule.expiration are set (#42036)
• resource/aws_s3_bucket_lifecycle_configuration: Adds warning if neither rule.prefix nor rule.filter is set (#42036)
• resource/aws_s3_bucket_lifecycle_configuration: Adds warning if neither rule.transition.date nor rule.transition.days is set and error if both are set (#42036)
• resource/aws_s3_bucket_lifecycle_configuration: Removes spurious "known after apply" notations in plan (#42036)

BUG FIXES:

• resource/aws_cloudformation_type: Set the default version of an extension to the newly created version. This fixes CFNRegistryException: Version '...' is the default version and cannot be deregistered errors when deregistering an extension and the create_before_destroy meta-argument is true (#38855)
• resource/aws_connect_queue: Fix API limitation when assigning more than 50 Quick Connects to a queue (#42108)
• resource/aws_ecs_service: Fix missing volume_configuration and service_connect_configurations values from state read/refresh (#41998)
• resource/aws_ecs_service: Mark service_connect_configuration.service.discovery_name and service_connect_configuration.service.client_alias.dns_name as Computed (#41998)
• resource/aws_msk_cluster: Fix Provider produced inconsistent final plan errors when configuration_info.revision is unknown (#42037)
• resource/aws_quicksight_data_set: Fix perpetual diff when refresh_properties is not configured (#42076)
• resource/aws_s3_bucket_lifecycle_configuration: Removes incorrect warning for empty rule.filter (#42036)
• resource/aws_sns_topic_subscription: Fix to handle eventually consistent subscription read operations (#42093)
• resource/aws_sqs_queue: Fix waiting for SQS Queue... attributes create: timeout while waiting errors when sqs_managed_sse_enabled = false or omitted and kms_master_key_id is not set but kms_data_key_reuse_period_seconds is set to a non-default value. (#42062)
• resource/aws_workspaces_workspace: Properly update workspace_properties.running_mode_auto_stop_timeout_in_minutes when modified (#40953)

v5.93.0

FEATURES:

• New Resource: aws_api_gateway_rest_api_put (#41375)

ENHANCEMENTS:

• data-source/aws_ecr_pull_through_cache_rule: Add custom_role_arn and upstream_repository_prefix attributes (#41933)
• resource/aws_bedrockagent_agent: Add memory_configuration configuration block (#39970)
• resource/aws_codepipeline: Adds trigger_all attribute (#42008)
• resource/aws_codepipeline: Removal of trigger argument now properly removes custom trigger definitions (#42008)
• resource/aws_cognitoidp_user_pool: Mark the username_configuration and username_configuration.case_sensitive arguments as optional and computed. This will future proof the provider against upstream API changes which may return a default value for the block when omitted during create operations. (#35439)
• resource/aws_datasync_task: Add task_mode argument (#39979)
• resource/aws_ecr_pull_through_cache_rule: Add custom_role_arn and upstream_repository_prefix arguments (#41933)
• resource/aws_ecr_pull_through_cache_rule: Correct plan-time validation of ecr_repository_prefix to support a value of "ROOT" (#41933)
• resource/aws_elasticache_cluster: Add configurable timeouts for create, update, and delete operations (#41940)
• resource/aws_kinesisanalyticsv2_application: Allow runtime_environment to be updated in-place (#41935)
• resource/aws_verified_access_endpoint: Add cidr_options, load_balancer.port_range, network_interface_options.port_range, and rds_options arguments (#41957)
• resource/aws_verified_access_endpoint: Mark application_domain, domain_certificate_arn and endpoint_domain_prefix as Optional (#41957)
• resource/aws_verified_access_endpoint: Support cidr and rds as valid values for endpoint_type (#41957)
• resource/aws_verified_access_instance: Add cidr_endpoint_custom_subdomain argument and name_servers attribute (#41957)
• resource/aws_verified_access_trust_provider: Add native_application_oidc_options and sse_specification arguments (#41957)

BUG FIXES:

• resource/aws_db_instance: Fix InvalidParameterCombination: To enable the Advanced mode of Database Insights, modify your cluster to enable Performance Insights and set the retention period for Performance Insights to at least 465 days errors when enabling database_insights_mode on existing instances (#41960)
• resource/aws_eip: Prevents application from failing when hitting "InvalidAction" error for specific regions (#41920)
• resource/aws_elasticache_replication_group: Retry InvalidReplicationGroupState exceptions during tagging operations (#41954)
• resource/aws_elasticache_replication_group: Wait for replication group to become available before all modification operations (#40320)
• resource/aws_iot_domain_configuration: Change domain_name to Computed (#41985)
• resource/aws_lakeformation_opt_in: Fix error when expanding resource_data.table_wildcard attribute (#41939)

v5.92.0

NOTES:

• resource/aws_kendra_data_source: The configuration.s3_configuration argument is deprecated. Use configuration.template_configuration instead, which supports the upgraded Amazon S3 connector. Amazon has ended support for the older architecture as of June 2024, and resources created with this argument cannot be edited or updated. See the Amazon Kendra documentation for additional details. (#35437)
• resource/aws_kendra_data_source: The configuration.web_crawler_configuration argument is deprecated. Use configuration.template_configuration instead, which supports the Amazon Kendra Web Crawler connector v2.0. See the Amazon Kendra documentation for additional details. (#35437)

FEATURES:

• New Data Source: aws_api_gateway_api_keys (#39335)
• New Data Source: aws_eks_cluster_versions (#40741)
• New Data Source: aws_identitystore_group_memberships (#31589)
• New Data Source: aws_identitystore_users (#31688)
• New Resource: aws_athena_capacity_reservation (#41858)

ENHANCEMENTS:

• data-source/aws_connect_user: Add identity_info.secondary_email attribute (#41001)
• data-source/aws_db_instance: Add database_insights_mode attribute (#41607)
• data-source/aws_ebs_volume: Add create_time attribute (#41839)
• data-source/aws_lb: Add ipam_pools attribute (#41822)
• provider: Support aws-marketplace as a valid account ID in ARNs (#41867)
• resource/aws_appconfig_extension_association: Add plan-time validation of extension_arn and resource_arn (#41907)
• resource/aws_connect_user: Add identity_info.secondary_email attribute (#41001)
• resource/aws_db_instance: Add database_insights_mode argument (#41607)
• resource/aws_ebs_volume: Add create_time attribute (#41839)
• resource/aws_kendra_data_source: Add configuration.template_configuration argument (#35437)
• resource/aws_lb: Add ipam_pools configuration block (#41822)

BUG FIXES:

• resource/aws_api_gateway_rest_api: Avoid unnecessary remove and add operations for vpc_endpoint_ids (#41836)
• resource/aws_bedrockagent_agent: Fix instruction validator to consider multi-byte chars so not to artificially limit instruction length (#41921)
• resource/aws_eks_cluster: Allow compute_config.node_role_arn to update in place when previously unset (#41925)
• resource/aws_rds_cluster: Ensure that performance_insights_enabled takes effect when creating a cluster that is a member of a global cluster (#41737)
• resource/aws_rds_cluster: Fix InvalidParameterCombination: To enable the Advanced mode of Database Insights, modify your cluster to enable Performance Insights and set the retention period for Performance Insights to at least 465 days errors when enabling database_insights_mode on existing clusters (#41737)
• resource/aws_timestreaminfluxdb_db_instance: Set new computed value for secondary_availability_zone attribute when changing deployment_type (#41849)

v5.91.0

NOTES:

• resource/aws_network_interface_permission: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#40797)

FEATURES:

• New Resource: aws_network_interface_permission (#40797)
• New Resource: aws_route53_records_exclusive (#41741)

ENHANCEMENTS:

• resource/aws_codebuild_project: Add secondary_sources.auth configuration block (#40191)
• resource/aws_kinesis_firehose_delivery_stream: Add msk_source_configuration.read_from_timestamp argument (#41794)
• resource/aws_route53_hosted_zone_dnssec: Add configurable operation timeouts (#41741)
• resource/aws_route53_key_signing_key: Add configurable operation timeouts (#41741)
• resource/aws_route53_record: Add configurable operation timeouts (#41741)
• resource/aws_route53_zone: Add configurable operation timeouts (#41741)
• resource/aws_route53_zone_association: Add configurable operation timeouts (#41741)
• resource/aws_timestreaminfluxdb_db_instance: Add network_type and port attributes. The following can now be updated in place: allocated_storage, db_instance_type, db_storage_type and deployment_type (#40661)
• resource/aws_vpc_ipv4_cidr_block_association: Support optional import of the ipv4_ipam_pool_id and ipv4_netmask_length attributes (#41779)
• resource/aws_vpc_ipv6_cidr_block_association: Support optional import of the ipv6_ipam_pool_id and ipv6_netmask_length attributes (#41779)
• resource/aws_wafv2_ip_set: Add name_prefix argument and plan-time validation of name (#40889)
• resource/aws_wafv2_regex_pattern_set: Add name_prefix argument and plan-time validation of name (#40889)
• resource/aws_wafv2_web_acl: Add name_prefix argument (#40889)
• resource/aws_wafv2_web_acl: Add rule.challenge_config argument (#40123)

BUG FIXES:

• resource/aws_msk_cluster: Ensure that storage_mode updates are actually applied to the cluster (#41773)