Merge branch 'main' into HEAD

Author: ewbankkit

.changelog/45235.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+aws_ecs_express_gateway_service
+```

.changelog/45251.txt

@@ -0,0 +1,12 @@
+```release-note:new-resource
+aws_s3_bucket_abac
+```
+```release-note:enhancement
+resource/aws_s3_bucket: Use the S3 Control tagging APIs when the `s3:TagResource`, `s3:UntagResource`, and `s3:ListTagsForResource` permissions are present
+```
+```release-note:enhancement
+resource/aws_s3_bucket: Tag on creation when the `s3:TagResource` permission is present
+```
+```release-note:note
+resource/aws_s3_bucket: To support ABAC (Attribute Based Access Control) in general purpose buckets, this resource will now attempt to send tags in the create request and use the S3 Control tagging APIs [`TagResource`](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_TagResource.html), [`UntagResource`](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UntagResource.html), and [`ListTagsForResource`](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListTagsForResource.html) for read and update operations. The calling principal must have the corresponding `s3:TagResource`, `s3:UntagResource`, and `s3:ListTagsForResource` [IAM permissions](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html#amazons3-actions-as-permissions). If the principal lacks the appropriate permissions, the provider will fall back to tagging after creation and using the S3 tagging APIs [`PutBucketTagging`](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html), [`DeleteBucketTagging`](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html), and [`GetBucketTagging`](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) instead. With ABAC enabled, tag modifications may fail with the fall back behavior. See the [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html) for additional details on enabling ABAC in general purpose buckets.
+```

.changelog/45258.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_eks_cluster: Add `control_plane_scaling_config` configuration block to support EKS Provisioned Control Plane
+```
+
+```release-note:enhancement
+data-source/aws_eks_cluster: Add `control_plane_scaling_config` attribute
+```

.changelog/45263.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+aws_vpc_encryption_control
+```

.changelog/45271.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_vpn_connection: Add `bgp_log_enabled`, `bgp_log_group_arn`, and `bgp_log_stream_arn` arguments to `tunnel1_log_options.cloudwatch_log_options` and `tunnel2_log_options.cloudwatch_log_options` blocks
+```

.changelog/45321.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_backup_plan: Add `target_logically_air_gapped_backup_vault_arn` argument to `rule` block
+```

.changelog/45342.txt

@@ -0,0 +1,11 @@
+```release-note:new-resource
+aws_lambda_capacity_provider
+```
+
+```release-note:enhancement
+resource/aws_lambda_function: Add `capacity_provider_config` and `publish_to` arguments
+```
+
+```release-note:enhancement
+data-source/aws_lambda_function: Add `capacity_provider_config` attribute
+```

.changelog/45345.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_resourceexplorer2_index: Deprecates `id`. Use `arn` instead.
+```
+
+```release-note:enhancement
+resource/aws_resourceexplorer2_view: Deprecates `id`. Use `arn` instead.
+```

.ci/.semgrep-service-name0.yml

@@ -4465,3 +4465,51 @@ rules:
           patterns:
             - pattern-regex: "(?i)ConfigService"
     severity: WARNING
+  - id: configservice-in-var-name
+    languages:
+      - go
+    message: Do not use "ConfigService" in var name inside configservice package
+    paths:
+      include:
+        - "/internal/service/configservice"
+    patterns:
+      - pattern: var $NAME = ...
+      - metavariable-pattern:
+          metavariable: $NAME
+          patterns:
+            - pattern-regex: "(?i)ConfigService"
+    severity: WARNING
+  - id: connect-in-func-name
+    languages:
+      - go
+    message: Do not use "Connect" in func name inside connect package
+    paths:
+      include:
+        - "/internal/service/connect"
+      exclude:
+        - "/internal/service/connect/list_pages_gen.go"
+    patterns:
+      - pattern: func $NAME( ... )
+      - metavariable-pattern:
+          metavariable: $NAME
+          patterns:
+            - pattern-regex: "(?i)Connect"
+            - pattern-not-regex: .*uickConnect.*
+      - focus-metavariable: $NAME
+      - pattern-not: func $NAME($T *testing.T)
+    severity: WARNING
+  - id: connect-in-test-name
+    languages:
+      - go
+    message: Include "Connect" in test name
+    paths:
+      include:
+        - "/internal/service/connect/*_test.go"
+    patterns:
+      - pattern: func $NAME( ... )
+      - metavariable-pattern:
+          metavariable: $NAME
+          patterns:
+            - pattern-not-regex: "^TestAccConnect"
+            - pattern-regex: ^TestAcc.*
+    severity: WARNING

.ci/.semgrep-service-name1.yml

@@ -1,53 +1,5 @@
 # Generated by internal/generate/servicesemgrep/main.go; DO NOT EDIT.
 rules:
-  - id: configservice-in-var-name
-    languages:
-      - go
-    message: Do not use "ConfigService" in var name inside configservice package
-    paths:
-      include:
-        - "/internal/service/configservice"
-    patterns:
-      - pattern: var $NAME = ...
-      - metavariable-pattern:
-          metavariable: $NAME
-          patterns:
-            - pattern-regex: "(?i)ConfigService"
-    severity: WARNING
-  - id: connect-in-func-name
-    languages:
-      - go
-    message: Do not use "Connect" in func name inside connect package
-    paths:
-      include:
-        - "/internal/service/connect"
-      exclude:
-        - "/internal/service/connect/list_pages_gen.go"
-    patterns:
-      - pattern: func $NAME( ... )
-      - metavariable-pattern:
-          metavariable: $NAME
-          patterns:
-            - pattern-regex: "(?i)Connect"
-            - pattern-not-regex: .*uickConnect.*
-      - focus-metavariable: $NAME
-      - pattern-not: func $NAME($T *testing.T)
-    severity: WARNING
-  - id: connect-in-test-name
-    languages:
-      - go
-    message: Include "Connect" in test name
-    paths:
-      include:
-        - "/internal/service/connect/*_test.go"
-    patterns:
-      - pattern: func $NAME( ... )
-      - metavariable-pattern:
-          metavariable: $NAME
-          patterns:
-            - pattern-not-regex: "^TestAccConnect"
-            - pattern-regex: ^TestAcc.*
-    severity: WARNING
   - id: connect-in-const-name
     languages:
       - go
@@ -4460,3 +4412,93 @@ rules:
           patterns:
             - pattern-regex: "(?i)IoT"
     severity: WARNING
+  - id: iot-in-var-name
+    languages:
+      - go
+    message: Do not use "IoT" in var name inside iot package
+    paths:
+      include:
+        - "/internal/service/iot"
+    patterns:
+      - pattern: var $NAME = ...
+      - metavariable-pattern:
+          metavariable: $NAME
+          patterns:
+            - pattern-regex: "(?i)IoT"
+    severity: WARNING
+  - id: ipam-in-test-name
+    languages:
+      - go
+    message: Include "IPAM" in test name
+    paths:
+      include:
+        - "/internal/service/ec2/ipam_*_test.go"
+    patterns:
+      - pattern: func $NAME( ... )
+      - metavariable-pattern:
+          metavariable: $NAME
+          patterns:
+            - pattern-not-regex: "^TestAccIPAM"
+            - pattern-regex: ^TestAcc.*
+    severity: WARNING
+  - id: ivs-in-func-name
+    languages:
+      - go
+    message: Do not use "IVS" in func name inside ivs package
+    paths:
+      include:
+        - "/internal/service/ivs"
+      exclude:
+        - "/internal/service/ivs/list_pages_gen.go"
+    patterns:
+      - pattern: func $NAME( ... )
+      - metavariable-pattern:
+          metavariable: $NAME
+          patterns:
+            - pattern-regex: "(?i)IVS"
+      - focus-metavariable: $NAME
+      - pattern-not: func $NAME($T *testing.T)
+    severity: WARNING
+  - id: ivs-in-test-name
+    languages:
+      - go
+    message: Include "IVS" in test name
+    paths:
+      include:
+        - "/internal/service/ivs/*_test.go"
+    patterns:
+      - pattern: func $NAME( ... )
+      - metavariable-pattern:
+          metavariable: $NAME
+          patterns:
+            - pattern-not-regex: "^TestAccIVS"
+            - pattern-regex: ^TestAcc.*
+    severity: WARNING
+  - id: ivs-in-const-name
+    languages:
+      - go
+    message: Do not use "IVS" in const name inside ivs package
+    paths:
+      include:
+        - "/internal/service/ivs"
+    patterns:
+      - pattern: const $NAME = ...
+      - metavariable-pattern:
+          metavariable: $NAME
+          patterns:
+            - pattern-regex: "(?i)IVS"
+    severity: WARNING
+  - id: ivs-in-var-name
+    languages:
+      - go
+    message: Do not use "IVS" in var name inside ivs package
+    paths:
+      include:
+        - "/internal/service/ivs"
+    patterns:
+      - pattern: var $NAME = ...
+      - metavariable-pattern:
+          metavariable: $NAME
+          patterns:
+            - pattern-regex: "(?i)IVS"
+    severity: WARNING