chore(deps): update terraform aws to ~> 6.37.0

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	~> 6.0.0 → ~> 6.37.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.37.0

Compare Source

BREAKING CHANGES:

• resource/aws_lakeformation_opt_in: Rename resource_data.lf_tag.value to resource_data.lf_tag.values and change to a set of string values (#​46788)

NOTES:

• data-source/aws_savingsplan_savingsplan: The offering_id attribute is deprecated. Use savings_plan_offering_id instead. (#​46959)
• resource/aws_savingsplan_savingsplan: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​46959)
• resource/aws_savingsplan_savingsplan: The offering_id attribute is deprecated. Use savings_plan_offering_id instead. (#​46959)

FEATURES:

• New List Resource: aws_ec2_transit_gateway_metering_policy (#​46812)
• New List Resource: aws_iam_user (#​46869)
• New List Resource: aws_s3_bucket_ownership_controls (#​46832)
• New List Resource: aws_wafv2_web_acl_rule (#​46682)
• New List Resource: aws_workmail_organization (#​46692)
• New Resource: aws_ec2_transit_gateway_metering_policy (#​46812)
• New Resource: aws_ec2_transit_gateway_metering_policy_entry (#​46812)
• New Resource: aws_wafv2_web_acl_rule (#​46682)
• New Resource: aws_workmail_organization (#​46692)

ENHANCEMENTS:

• resource/aws_datasync_task: Add schedule.status argument (#​46037)
• resource/aws_docdbelastic_cluster: Add shard_instance_count argument (#​46938)
• resource/aws_iam_user: Add resource identity support (#​46869)
• resource/aws_s3_bucket: Add bucket_namespace argument in support of account regional namespaces for general purpose buckets (#​46917)

BUG FIXES:

• data-source/aws_savingsplan_savingsplan: Properly set savings_plan_offering_id during read (#​46959)
• resource/aws_bedrockagentcore_gateway: Fix "Unable to Convert Configuration" error caused by schema/model mismatch in authorizer_configuration.custom_jwt_authorizer. This fixes a regression introduced in v6.36.0 (#​46908)
• resource/aws_cloudfrontkeyvaluestore_key: Fix issue where values were incorrectly JSON-encoded, resulting in extra quotes being stored in AWS (#​46898)
• resource/aws_cloudfrontkeyvaluestore_keys_exclusive: Fix issue where values were incorrectly JSON-encoded, resulting in extra quotes being stored in AWS (#​46899)
• resource/aws_datasync_agent: Support activation of advanced mode agents. Previously, attempting to activate advanced mode agents would result in EOF errors when retrieving the activation key (#​46958)
• resource/aws_dynamodb_table: Fix GSI removal with key_schema syntax deleting all GSIs (#​46602)
• resource/aws_instance: Fix MissingParameter: When specifying CpuOptions you must specify both CoreCount and ThreadsPerCore errors when updating cpu_options.core_count or cpu_options.threads_per_core (#​46879)
• resource/aws_lakeformation_opt_in: Rename resource_data.lf_tag.value to resource_data.lf_tag.values and change to a set of string values. Previously, attempting to use resource_data.lf_tag.value would result in missing required field errors (#​46788)
• resource/aws_msk_cluster: Properly handle removal of the client_authentication.sasl block (#​42163)
• resource/aws_msk_cluster: Properly handle removal of the client_authentication.tls block (#​42163)
• resource/aws_msk_cluster: Suppress persistent differences in unset client_authentication.sasl blocks (#​42163)
• resource/aws_msk_cluster: Suppress persistent differences in unset client_authentication.tls blocks (#​42163)
• resource/aws_s3_bucket_lifecycle_configuration: Fix "Missing Resource Identity After Read" error when resource created with provider version < 6.34.0 is deleted outside Terraform (#​46674)
• resource/aws_savingsplan_savingsplan: Properly set savings_plan_offering_id during read to prevent forced replacement following import (#​46959)
• resource/aws_wafv2_web_acl: Fix enable_machine_learning in aws_managed_rules_bot_control_rule_set incorrectly defaulting to false instead of reflecting the AWS default of true (#​46682)

v6.36.0

Compare Source

NOTES:

• provider: Update Go version to v1.25.8. Addresses GO-2026-4602, FileInfo can escape from a Root in os, GO-2026-4603, URLs in meta content attribute actions are not escaped in html/template, and GO-2026-4601, Incorrect parsing of IPv6 host literals in net/url (#​46820)

FEATURES:

• New Data Source: aws_iam_outbound_web_identity_federation (#​46503)
• New Ephemeral Resource: aws_sts_web_identity_token (#​46173)
• New List Resource: aws_s3_bucket_versioning (#​46802)

ENHANCEMENTS:

• listresource/aws_s3_bucket: No longer returns values for deprecated parameters (#​46852)
• resource/aws_bedrockagentcore_agent_runtime: Add authorizer_config.custom_jwt_authorizer.allowed_scopes argument (#​46828)
• resource/aws_cloudwatch_log_resource_policy: Add resource_arn argument and policy_scope and revision_id attributes. policy_name is now optional (#​46813)
• resource/aws_glue_catalog_table: Add open_table_format_input.iceberg_input.iceberg_table_input argument (#​46843)
• resource/aws_glue_catalog_table: Add view_definition argument (#​46843)
• resource/aws_glue_catalog_table: Change open_table_format_input.iceberg_input.metadata_operation and open_table_format_input.iceberg_input.version to ForceNew (#​46843)
• resource/aws_glue_catalog_table: Change parameters, storage_descriptor, and table_type to Optional and Computed (#​46843)
• resource/aws_guardduty_ipset: Add ip_set_id attribute (#​46703)
• resource/aws_guardduty_publishing_destination: Add arn and destination_id attributes (#​46703)
• resource/aws_guardduty_publishing_destination: Add tagging support (#​46703)
• resource/aws_guardduty_threatintelset: Add threat_intel_set_id attribute (#​46703)
• resource/aws_observabilityadmin_centralization_rule_for_organization: Add rule.destination.destination_logs_configuration.log_group_name_configuration block (#​46811)

BUG FIXES:

• data-source/aws_glue_catalog_table: Use the table's catalog ID when reading partition indexes, fixing EntityNotFoundException errors (#​46843)
• list-resource/aws_iam_role_policy_attachment: Prevent infinite loop when IAM Role deleted during list (#​46763)
• listresource/aws_s3_bucket: No longer appears to hang when buckets are deleted concurrently with listing (#​46852)
• resource/aws_appconfig_deployment_strategy: Fix panic due to "interface conversion: interface {} is float64, not float32" when updating growth_factor (#​46810)
• resource/aws_glue_catalog_table: Use the table's catalog ID when reading partition indexes, fixing EntityNotFoundException errors (#​46843)
• resource/aws_vpc_endpoint: Allow in-place update of private_dns_enabled when vpc_endpoint_type is Interface (#​46800)
• resource/aws_vpc_endpoint: Set new computed value for network_interface_ids attribute when changing subnet_configuration or subnet_ids (#​46800)
• resource/aws_vpn_concentrator: Retry VpnConcentratorLimitExceeded: The maximum number of mutating objects has been reached errors on Create (#​46823)

v6.35.1

Compare Source

BUG FIXES:

• provider: Fix regression causing "Incompatible Types" errors during flattening (#​46778)
• resource/aws_bedrockagentcore_gateway_target: Fix "Incompatible Types" errors during schema definition flattening (#​46778)
• resource/aws_s3_bucket_lifecycle_configuration: Fix "Incompatible Types" errors for LifecycleRuleAndOperator while flattening configuration (#​46778)

v6.35.0

Compare Source

FEATURES:

• New List Resource: aws_ecs_service (#​46678)
• New List Resource: aws_lb (#​46660)
• New List Resource: aws_lb_listener (#​46679)
• New List Resource: aws_lb_listener_rule (#​46731)
• New List Resource: aws_lb_target_group (#​46662)
• New List Resource: aws_sns_topic (#​46744)
• New List Resource: aws_sns_topic_subscription (#​46738)
• New Resource: aws_observabilityadmin_telemetry_pipeline (#​46698)
• New Resource: aws_sagemaker_mlflow_app (#​45565)

ENHANCEMENTS:

• data-source/aws_lambda_layer_version: Add layer_version_arn argument to support cross-account Lambda layer access (#​46673)
• resource/aws_emrserverless_application: Add job_level_cost_allocation_configuration block (#​46107)
• resource/aws_ram_resource_share: Add resource_share_configuration block (#​46715)

BUG FIXES:

• resource/aws_ce_cost_category: Change split_charge_rule targets from TypeSet to TypeList to retain order (#​42856)
• resource/aws_dms_endpoint: Fix InvalidParameterCombinationException errors when oracle_settings is configured (#​46689)
• resource/aws_elasticache_replication_group: Remove hard-coded upper limit of 5 for replicas_per_node_group and node_group_configuration.replica_count to support quota increases (#​46670)
• resource/aws_networkmanager_attachment_routing_policy_label: Fix attachment state waiter to handle all Cloud WAN attachment lifecycle states (#​46672)

v6.34.0

Compare Source

FEATURES:

• New List Resource: aws_ec2_secondary_network (#​46552)
• New List Resource: aws_ec2_secondary_subnet (#​46552)
• New List Resource: aws_ecr_task_definition (#​46628)
• New List Resource: aws_elb (#​46639)
• New List Resource: aws_s3_bucket_lifecycle_configuration (#​46531)
• New Resource: aws_networkmanager_prefix_list_association (#​46566)

ENHANCEMENTS:

• data-source/aws_grafana_workspace: Add kms_key_id attribute (#​46584)
• data-source/aws_memorydb_cluster: Add network_type and ip_discovery attributes (#​46636)
• resource/aws_athena_workgroup: Add configuration.query_results_s3_access_grants_configuration argument (#​46376)
• resource/aws_bedrockagentcore_api_key_credential_provider: Add tagging support (#​46591)
• resource/aws_bedrockagentcore_gateway_target: Add metadata_configuration block for HTTP header and query parameter propagation (#​45808)
• resource/aws_bedrockagentcore_oauth2_credential_provider: Add tagging support (#​46590)
• resource/aws_cloudwatch_event_connection: Add auth_parameters.connectivity_parameters argument (#​41561)
• resource/aws_ecs_service: Add service_connect_configuration.access_log_configuration argument (#​45820)
• resource/aws_ecs_service: Add resource identity support (#​46644)
• resource/aws_eip_domain_name: Add import support (#​46582)
• resource/aws_grafana_workspace: Add kms_key_id argument (#​46584)
• resource/aws_instance: Allow cpu_options.core_count, cpu_options.nested_virtualization, and cpu_options.threads_per_core to be updated in-place (#​46568)
• resource/aws_lb_target_group_attachment: Add import support (#​46646)
• resource/aws_lb_target_group_attachment: Add resource identity (#​46646)
• resource/aws_memorydb_cluster: Add network_type and ip_discovery arguments (#​46636)
• resource/aws_opensearch_domain: Add jwt_options attribute (#​46439)
• resource/aws_wafv2_web_acl_rule_group_association: Add support for managed_rule_group_configs within managed_rule_group and root-level visibility_config block for CloudWatch metrics configuration (#​44426)

BUG FIXES:

• data-source/aws_dms_endpoint: Add missing mongodb_settings.use_update_lookup attribute to fix "invalid address to set" error (#​46616)
• data-source/aws_iam_policy_document: Fix crash when statement.principals.identifiers contains a non-string value (#​46226)
• list-resource/aws_s3_object: Includes parent bucket in display name. (#​46596)
• resource/aws_autoscaling_group: Fix couldn't find resource (21 retries) errors updating load_balancers, target_group_arns, and traffic_source (#​46622)
• resource/aws_bedrockagentcore_gateway_target: Add credential_provider_configuration.oauth.default_return_url and credential_provider_configuration.oauth.grant_type arguments (#​46127)
• resource/aws_bedrockagentcore_gateway_target: Retry IAM eventual consistency errors on Create (#​46127)
• resource/aws_billing_view: Fix "inconsistent result after apply" errors caused by ordering of data_filter_expression.dimensions.values (#​46462)
• resource/aws_s3tables_table_bucket: Change encryption_configuration to Optional and Computed, fixing unexpected new value: .encryption_configuration: was null, but now cty.ObjectVal(map[string]cty.Value{"kms_key_arn":cty.NullVal(cty.String),"sse_algorithm":cty.StringVal("AES256")}) errors (#​46150)
• resource/aws_subnet: Fixed IPv6 CIDR block validation and assignment to IPAM-provisioned subnets. (#​46556)
• resource/aws_vpc_endpoint: Fix InvalidParameter: DnsOptions PrivateDnsOnlyForInboundResolverEndpoint is applicable only to Interface VPC Endpoints errors when creating S3Tables VPC endpoints (#​46102)

v6.33.0

Compare Source

FEATURES:

• New Resource: aws_networkmanager_attachment_routing_policy_label (#​46489)

ENHANCEMENTS:

• data-source/aws_launch_template: Add cpu_options.nested_virtualization and network_performance_options attributes (#​46540)
• data/aws_acmpca_certificate_authority: Add custom_path argument to revocation_configuration.crl_configuration configuration block (#​46487)
• resource/aws_acmpca_certificate_authority: Add custom_path argument to revocation_configuration.crl_configuration configuration block (#​46487)
• resource/aws_budgets_budget: Add filter_expression attribute (#​46501)
• resource/aws_dms_endpoint: Add access_alternate_directly, add_supplemental_logging, additional_archived_log_dest_id, allow_selected_nested_tables, archived_log_dest_id, archived_logs_only, asm_password, asm_server, asm_user, authentication_method, char_length_semantics, convert_timestamp_with_zone_to_utc, direct_path_no_log, direct_path_parallel_load, enable_homogenous_tablespace, extra_archived_log_dest_ids, fail_task_on_lob_truncation, number_datatype_scale, open_transaction_window, oracle_path_prefix, parallel_asm_read_threads, read_ahead_blocks, read_table_space_name, replace_path_prefix, retry_interval, secrets_manager_oracle_asm_access_role_arn, secrets_manager_oracle_asm_secret_id, security_db_encryption, security_db_encryption_name, spatial_data_option_to_geo_json_function_name, standby_delay_time, trim_space_in_char, use_alternate_folder_for_online, use_bfile, use_direct_path_full_load, use_logminer_reader, and use_path_prefixarguments to theoracle_settings` configuration block (#​46516)
• resource/aws_dms_endpoint: Add use_update_lookup argument to mongodb_settings configuration block (#​46253)
• resource/aws_ecs_task_definition: Add resource identity support (#​46411)
• resource/aws_instance: Add nested_virtualization attribute to cpu_options configuration block (#​46533)
• resource/aws_launch_template: Add nested_virtualization attribute to cpu_options configuration block (#​46533)
• resource/aws_launch_template: Add secondary_interfaces configuration block (#​46540)
• resource/aws_lexv2models_intent: Add qna_intent_configuration attribute (#​46419)
• resource/aws_sagemaker_domain: Add domain_settings.trusted_identity_propagation_settings argument (#​44965)

BUG FIXES:

• data-source/aws_route53_records: Fix runtime error: invalid memory address or nil pointer dereference panics when name_regex is an invalid regular expression (#​46478)
• resource/aws_cur_report_definition: Support ap-southeast-5 and eusc-de-east-1 as valid values for s3_region (#​46475)
• resource/aws_docdb_cluster: Allow adding and modifying serverless_v2_scaling_configuration without forcing cluster replacement (#​45049)
• resource/aws_lb: Fix ValidationError ... Member must have length less than or equal to 20 errors when more than 20 load balancer attributes are being modified (#​46496)
• resource/aws_sagemaker_image_version: Fix race condition when creating multiple versions concurrently (#​44960)
• resource/aws_subnet: Allows providing a cidr_block when allocating a subnet from an IPAM resource pool. (#​46453)
• resource/aws_subnet: Fix expected ipv6_netmask_length to be one of [44 48 52 56 60], got 64 validation error (#​46515)

v6.32.1

Compare Source

BUG FIXES:

• resource/aws_autoscaling_group: Fix couldn't find resource error during creation when waiting for capacity to be satisfied (#​46452)
• resource/aws_cloudwatch_log_delivery: Fix s3_delivery_configuration.suffix_path losing AWS-added prefix on update (#​46455)
• resource/aws_dynamodb_table: Fix perpetual diff when using key_schema with a single range key on a global secondary index (#​46442)
• resource/aws_elasticache_replication_group: Fix false validation error when auth_token references another resource (#​46454)

v6.32.0

Compare Source

FEATURES:

• New List Resource: aws_ecr_repository (#​46344)
• New List Resource: aws_lambda_permission (#​46341)
• New List Resource: aws_route (#​46370)
• New List Resource: aws_route53_resolver_rule_association (#​46349)
• New List Resource: aws_route_table (#​46337)
• New List Resource: aws_s3_directory_bucket (#​46373)
• New List Resource: aws_secretsmanager_secret (#​46318)
• New List Resource: aws_secretsmanager_secret_version (#​46342)
• New List Resource: aws_vpc_security_group_egress_rule (#​46368)
• New List Resource: aws_vpc_security_group_ingress_rule (#​46367)
• New Resource: aws_ec2_secondary_network (#​46408)
• New Resource: aws_ec2_secondary_subnet (#​46408)

ENHANCEMENTS:

• resource/aws_instance: Add secondary_network_interface argument (#​46408)
• resource/aws_quicksight_data_set: Support use_as property to create special RLS rules dataset (#​42687)

BUG FIXES:

• data-source/aws_odb_network_peering_connections: Fix plan phase failure of listing. (#​46384)
• list-resource/aws_s3_bucket_policy: Now supports listing Bucket Policies for S3 Directory Buckets (#​46401)
• resource/aws_athena_workgroup: Allows unsetting configuration.result_configuration or child attributes. (#​46427)
• resource/aws_cloudfront_multitenant_distribution: Fix the "inconsistent result" error when custom_error_response is configured and custom_error_response.response_code and custom_error_response.response_page_path are omitted (#​46375)
• resource/aws_grafana_workspace: Fix perpetual diff when network_access_control is configured with empty prefix_list_ids and vpce_ids (#​45637)

v6.31.0

Compare Source

NOTES:

• resource/aws_s3_bucket_abac: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_abac: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_accelerate_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_accelerate_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_acl: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_acl: Removes expected_bucket_owner and acl attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_cors_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_cors_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_lifecycle_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_lifecycle_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_logging: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_logging: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_metadata_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_metadata_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_object_lock_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_object_lock_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_request_payment_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_request_payment_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_server_side_encryption_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_server_side_encryption_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_versioning: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_versioning: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)
• resource/aws_s3_bucket_website_configuration: Deprecates expected_bucket_owner attribute. (#​46262)
• resource/aws_s3_bucket_website_configuration: Removes expected_bucket_owner attribute from Resource Identity. (#​46272)

FEATURES:

• New Data Source: aws_account_regions (#​41746)
• New Ephemeral Resource: aws_ecrpublic_authorization_token (#​45841)
• New List Resource: aws_cloudwatch_event_rule (#​46304)
• New List Resource: aws_cloudwatch_event_target (#​46297)
• New List Resource: aws_cloudwatch_metric_alarm (#​46268)
• New List Resource: aws_iam_role_policy (#​46293)
• New List Resource: aws_lambda_function (#​46295)
• New List Resource: aws_s3_bucket_acl (#​46305)
• New List Resource: aws_s3_bucket_policy (#​46312)
• New List Resource: aws_s3_bucket_public_access_block (#​46309)
• New Resource: aws_ssoadmin_customer_managed_policy_attachments_exclusive (#​46191)

ENHANCEMENTS:

• resource/aws_odb_cloud_autonomous_vm_cluster: autonomous vm cluster creation using odb network ARN and exadata infrastructure ARN for resource sharing model. (#​45583)
• resource/aws_opensearch_domain: Add serverless_vector_acceleration to aiml_options (#​45882)

BUG FIXES:

• list-resource/aws_s3_bucket: Restricts listed buckets to expected region. (#​46305)
• resource/aws_elasticache_replication_group: Fixed AUTH to RBAC migration. Previously, auth_token_update_strategy always required auth_token, which caused an error when migrating from AUTH to RBAC. Now, auth_token_update_strategy still requires auth_token except when auth_token_update_strategy is DELETE. (#​45518)
• resource/aws_elasticache_replication_group: Fixed an issue with downscaling aws_elasticache_replication_group when cluster_mode="enabled" and num_node_groups is reduced. Previously, downscaling could fail in certain scenarios; for example, if nodes 0001, 0002, 0003, 0004, and 0005 exist, and a user manually removes 0003 and 0005, then sets num_node_groups = 2, terraform would attempt to delete 0003, 0004, and 0005. This is now fixed, after this fix terraform will retrieve the current node groups before resizing. (#​45893)
• resource/aws_elasticache_serverless_cache: Fix user_group_id removal during modification. (#​45571)
• resource/aws_elasticache_serverless_cache: Fix forced replacement when upgrading Valkey major version or switching engine between redis and valkey (#​45087)
• resource/aws_network_interface: Fix UnauthorizedOperation error when detaching resource that does not have an attachment (#​46211)

v6.30.0

Compare Source

FEATURES:

• New Resource: aws_ssoadmin_managed_policy_attachments_exclusive (#​46176)

BUG FIXES:

• resource/aws_dynamodb_table: Fix panic when global_secondary_index or global_secondary_index.key_schema are dynamic (#​46195)

v6.29.0

Compare Source

NOTES:

• data-source/aws_organizations_organization: Add return_organization_only argument to return only the results of the DescribeOrganization API and avoid API limits (#​40884)
• resource/aws_cloudfront_anycast_ip_list: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing (#​43331)
• resource/aws_invoicing_invoice_unit: Deprecates region attribute, as the resource is global. (#​46185)
• resource/aws_organizations_organization: Add return_organization_only argument to return only the results of the DescribeOrganization API and avoid API limits (#​40884)
• resource/aws_savingsplans_savings_plan: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​45834)

FEATURES:

• New Data Source: aws_arcregionswitch_plan (#​43781)
• New Data Source: aws_arcregionswitch_route53_health_checks (#​43781)
• New Data Source: aws_organizations_entity_path (#​45890)
• New Data Source: aws_resourcegroupstaggingapi_required_tags (#​45994)
• New Data Source: aws_s3_bucket_object_lock_configuration (#​45990)
• New Data Source: aws_s3_bucket_replication_configuration (#​42662)
• New Data Source: aws_s3control_access_points (#​45949)
• New Data Source: aws_s3control_multi_region_access_points (#​45974)
• New Data Source: aws_savingsplans_savings_plan (#​45834)
• New Data Source: aws_wafv2_managed_rule_group (#​45899)
• New List Resource: aws_appflow_connector_profile (#​45983)
• New List Resource: aws_appflow_flow (#​45980)
• New List Resource: aws_cleanrooms_collaboration (#​45953)
• New List Resource: aws_cleanrooms_configured_table (#​45956)
• New List Resource: aws_cloudfront_key_value_store (#​45957)
• New List Resource: aws_opensearchserverless_collection (#​46001)
• New List Resource: aws_route53_record (#​46059)
• New List Resource: aws_s3_bucket (#​46004)
• New List Resource: aws_s3_object (#​46002)
• New List Resource: aws_security_group (#​46062)
• New Resource: aws_apigatewayv2_routing_rule (#​42961)
• New Resource: aws_arcregionswitch_plan (#​43781)
• New Resource: aws_cloudfront_anycast_ip_list (#​43331)
• New Resource: aws_notifications_managed_notification_account_contact_association (#​45185)
• New Resource: aws_notifications_managed_notification_additional_channel_association (#​45186)
• New Resource: aws_notifications_organizational_unit_association (#​45197)
• New Resource: aws_notifications_organizations_access (#​45273)
• New Resource: aws_opensearch_application (#​43822)
• New Resource: aws_ram_permission (#​44114)
• New Resource: aws_ram_resource_associations_exclusive (#​45883)
• New Resource: aws_sagemaker_labeling_job (#​46041)
• New Resource: aws_sagemaker_model_card (#​45993)
• New Resource: aws_sagemaker_model_card_export_job (#​46009)
• New Resource: aws_savingsplans_savings_plan (#​45834)
• New Resource: aws_sesv2_tenant_resource_association (#​45904)
• New Resource: aws_vpc_security_group_rules_exclusive (#​45876)

ENHANCEMENTS:

• aws_api_gateway_domain_name: Add routing_mode argument to support dynamic routing via routing rules (#​42961)
• aws_apigatewayv2_domain_name: Add routing_mode argument to support dynamic routing via routing rules (#​42961)
• data-source/aws_batch_job_definition: Add allow_privilege_escalation attribute to eks_properties.pod_properties.containers.security_context (#​45896)
• data-source/aws_dynamodb_table: Add global_secondary_index.key_schema attribute (#​46157)
• data-source/aws_networkmanager_core_network_policy_document: Add segment_actions.routing_policy_names argument (#​45928)
• data-source/aws_s3_object: Add body_base64 and download_body attributes. For improved performance, set download_body = false to ensure bodies are never downloaded (#​46163)
• data-source/aws_vpc_ipam_pool: Add source_resource attribute (#​44705)
• resource/aws_batch_job_definition: Add allow_privilege_escalation attribute to eks_properties.pod_properties.containers.security_context (#​45896)
• resource/aws_bedrockagent_data_source: Add vector_ingestion_configuration.parsing_configuration.bedrock_data_automation_configuration block (#​45966)
• resource/aws_bedrockagent_data_source: Add vector_ingestion_configuration.parsing_configuration.bedrock_foundation_model_configuration.parsing_modality argument (#​46056)
• resource/aws_docdb_cluster_instance: Add certificate_rotation_restart argument (#​45984)
• resource/aws_dynamodb_table: Add support for multi-attribute keys in global secondary indexes. Introduces hash_keys and range_keys to the gsi block and makes hash_key optional for backwards compatibility. (#​45357)
• resource/aws_dynamodb_table: Adds warning when stream_view_type is set and stream_enabled is either false or unset. (#​45934)
• resource/aws_ecr_account_setting: Add support for BLOB_MOUNTING account setting name with ENABLED and DISABLED values (#​46092)
• resource/aws_fsx_windows_file_system: Add domain_join_service_account_secret argument to self_managed_active_directory configuration block (#​45852)
• resource/aws_fsx_windows_file_system: Change self_managed_active_directory.password to Optional and self_managed_active_directory.username to Optional and Computed (#​45852)
• resource/aws_invoicing_invoice_unit: Adds resource identity support. (#​46185)
• resource/aws_invoicing_invoice_unit: Adds validation to restrict rules to a single element. (#​46185)
• resource/aws_lambda_function: Increase upper limit of memory_size from 10240 MB to 32768 MB (#​46065)
• resource/aws_launch_template: Add network_performance_options argument (#​46071)
• resource/aws_odb_network: Enhancements to support KMS and STS parameters in CreateOdbNetwork and UpdateOdbNetwork. (#​45636)
• resource/aws_opensearchserverless_collection: Add resource identity support (#​45981)
• resource/aws_osis_pipeline: Updates pipeline_configuration_body maximum length validation to 2,621,440 bytes to align with AWS API specification. (#​44881)
• resource/aws_sagemaker_endpoint: Retry IAM eventual consistency errors on Create (#​45951)
• resource/aws_sagemaker_monitoring_schedule: Add monitoring_schedule_config.monitoring_job_definition argument (#​45951)
• resource/aws_sagemaker_monitoring_schedule: Make monitoring_schedule_config.monitoring_job_definition_name argument optional (#​45951)
• resource/aws_vpc_ipam_pool: Add source_resource argument in support of provisioning of VPC Resource Planning Pools (#​44705)
• resource/aws_vpc_ipam_resource_discovery: Add organizational_unit_exclusion argument (#​45890)
• resource/aws_vpc_subnet: Add ipv4_ipam_pool_id, ipv4_netmask_length, ipv6_ipam_pool_id, and ipv6_netmask_length arguments in support of provisioning of subnets using IPAM (#​44705)
• resource/aws_vpc_subnet: Change ipv6_cidr_block to Optional and Computed (#​44705)

BUG FIXES:

• data-source/aws_ecr_lifecycle_policy_document: Add rule.action.target_storage_class and rule.selection.storage_class to JSON serialization (#​45909)
• data-source/aws_lakeformation_permissions: Remove incorrect validation from catalog_id, data_location.catalog_id, `database.catalog

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🏷️ [bumpr] Next version:v1.29.1 Changes:v1.29.0...reviewdog:renovate/aws-6.x