Merge pull request #45469 from sabithamuppuri/fix_aws_bedrock_model_invocation_logging_configuration_cloudwatch_role_arn

doc: mark Bedrock CloudWatch role_arn as required instead of optional

Author: ewbankkit

.changelog/45469.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_bedrock_model_invocation_logging_configuration: Mark `logging_config.s3_config.bucket_name`, `logging_config.cloudwatch_config.log_group_name`, `logging_config.cloudwatch_config.role_arn`, and `logging_config.cloudwatch_config.large_data_delivery_s3_config.bucket_name` as Required
+```

internal/service/bedrock/model_invocation_logging_configuration.go

@@ -82,13 +82,11 @@ func (r *modelInvocationLoggingConfigurationResource) Schema(ctx context.Context
 							NestedObject: schema.NestedBlockObject{
 								Attributes: map[string]schema.Attribute{
 									names.AttrLogGroupName: schema.StringAttribute{
-										// Must set to optional to avoid validation error
-										// See: https://github.com/hashicorp/terraform-plugin-framework/issues/740
-										Optional: true,
+										Required: true,
 									},
 									names.AttrRoleARN: schema.StringAttribute{
 										CustomType: fwtypes.ARNType,
-										Optional:   true,
+										Required:   true,
 									},
 								},
 								Blocks: map[string]schema.Block{
@@ -100,7 +98,7 @@ func (r *modelInvocationLoggingConfigurationResource) Schema(ctx context.Context
 										NestedObject: schema.NestedBlockObject{
 											Attributes: map[string]schema.Attribute{
 												names.AttrBucketName: schema.StringAttribute{
-													Optional: true,
+													Required: true,
 												},
 												"key_prefix": schema.StringAttribute{
 													Optional: true,
@@ -119,7 +117,7 @@ func (r *modelInvocationLoggingConfigurationResource) Schema(ctx context.Context
 							NestedObject: schema.NestedBlockObject{
 								Attributes: map[string]schema.Attribute{
 									names.AttrBucketName: schema.StringAttribute{
-										Optional: true,
+										Required: true,
 									},
 									"key_prefix": schema.StringAttribute{
 										Optional: true,

internal/service/bedrock/model_invocation_logging_configuration_test.go

@@ -219,6 +219,9 @@ resource "aws_s3_bucket" "test" {
   }
 }
 
+# Use "data.aws_region.current.name" instead of "data.aws_region.current.region" as this configguration
+# is used in a v6.0.0 upgrade test and must work in pre-v6.0.0 scenarios.
+
 resource "aws_s3_bucket_policy" "test" {
   bucket = aws_s3_bucket.test.bucket
 
@@ -241,7 +244,7 @@ resource "aws_s3_bucket_policy" "test" {
         "aws:SourceAccount": "${data.aws_caller_identity.current.account_id}"
       },
       "ArnLike": {
-        "aws:SourceArn": "arn:${data.aws_partition.current.partition}:bedrock:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:*"
+        "aws:SourceArn": "arn:${data.aws_partition.current.partition}:bedrock:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:*"
       }
     }
   }]
@@ -270,7 +273,7 @@ resource "aws_iam_role" "test" {
         "aws:SourceAccount": "${data.aws_caller_identity.current.account_id}"
       },
       "ArnLike": {
-        "aws:SourceArn": "arn:${data.aws_partition.current.partition}:bedrock:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:*"
+        "aws:SourceArn": "arn:${data.aws_partition.current.partition}:bedrock:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:*"
       }
     }
   }]

website/docs/r/bedrock_model_invocation_logging_configuration.html.markdown

@@ -103,7 +103,7 @@ The `cloudwatch_config` configuration block supports the following arguments:
 
 * `large_data_delivery_s3_config` - (Optional) S3 configuration for delivering a large amount of data. See [`large_data_delivery_s3_config` Block](#large_data_delivery_s3_config-block) for details.
 * `log_group_name` - (Required) Log group name.
-* `role_arn` - (Optional) The role ARN.
+* `role_arn` - (Required) The role ARN.
 
 ### `large_data_delivery_s3_config` Block