Skip to content

chore(deps): update terraform aws to v6.21.0 #141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update terraform aws to v6.21.0 #141

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 2, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
aws (source) required_provider minor 6.18.0 -> 6.21.0

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.21.0

Compare Source

BREAKING CHANGES:

  • resource/aws_bedrockagentcore_browser: Rename network_configuration.network_mode_config to network_configuration.vpc_config (#​44828)

FEATURES:

  • New Action: aws_dynamodb_create_backup (#​45001)
  • New Resource: aws_networkflowmonitor_monitor (#​44782)
  • New Resource: aws_networkflowmonitor_scope (#​44782)
  • New Resource: aws_observabilityadmin_centralization_rule_for_organization (#​44806)

ENHANCEMENTS:

  • data-source/aws_ecs_service: Add capacity_provider_strategy, created_at, created_by, deployment_configuration, deployment_controller, deployments, enable_ecs_managed_tags, enable_execute_command, events, health_check_grace_period_seconds, iam_role, network_configuration, ordered_placement_strategy, pending_count, placement_constraints, platform_family, platform_version, propagate_tags, running_count, service_connect_configuration, service_registries, status, and task_sets attributes (#​44842)
  • resource/aws_bedrockagentcore_gateway_target: Add target_configuration.mcp.mcp_server block (#​44991)
  • resource/aws_bedrockagentcore_gateway_target: Make credential_provider_configuration block optional (#​44991)
  • resource/aws_cloudwatch_log_delivery_destination: Make delivery_destination_type and delivery_destination_configuration optional to support AWS X-Ray as a destination (#​44995)
  • resource/aws_ecs_service: Add support for LINEAR and CANARY deployment strategies with deployment_configuration.linear_configuration and deployment_configuration.canary_configuration blocks (#​44842)
  • resource/aws_lambda_function: Add support for java25 runtime value (#​45024)
  • resource/aws_lambda_function: Add support for nodejs24.x runtime value (#​45024)
  • resource/aws_lambda_function: Add support for python3.14 runtime value (#​45024)
  • resource/aws_lambda_layer_version: Add support for java25 compatible_runtimes value (#​45024)
  • resource/aws_lambda_layer_version: Add support for nodejs24.x compatible_runtimes value (#​45024)
  • resource/aws_lambda_layer_version: Add support for python3.14 compatible_runtimes value (#​45024)
  • resource/aws_s3tables_table: Add tagging support (#​44996)
  • resource/aws_s3tables_table_bucket: Add tagging support (#​44996)
  • resource/aws_sagemaker_endpoint_configuration: Add execution_role_arn argument and make model_name optional in production_variants and shadow_production_variants blocks to support Inference Components (#​44977)
  • resource/aws_sns_topic: Fix AuthorizationError ... is not authorized to perform: iam:PassRole on resource ... IAM eventual consistency errors on Create and Update (#​45018)

BUG FIXES:

  • provider: Fix situation where refreshes of removed infrastructure appear as errors rather than warnings (#​45022)
  • resource/aws_apprunner_service: Prevents error when upgrading from provider pre-v6.0 without refreshing (#​45050)
  • resource/aws_apprunner_service: Prevents error when upgrading from provider pre-v6.0 without refreshing (#​45051)
  • resource/aws_ec2_image_block_public_access: Add region argument (#​45023)
  • resource/aws_ec2_serial_console_access: Add region argument (#​45064)
  • resource/aws_emrcontainers_job_template: Fix ValidationException: Value null at 'jobTemplateData.configurationOverrides.monitoringConfiguration.cloudWatchMonitoringConfiguration.logGroupName' failed to satisfy constraint: Member must not be null error (#​45029)
  • resource/aws_emrcontainers_job_template: Fix setting job_template_data: job_template_data.0.configuration_overrides.0.application_configuration.0: '' expected a map, got 'slice' error (#​45029)
  • resource/aws_emrcontainers_job_template: Mark job_template_data.job_driver.configuration_overrides.monitoring_configuration.persistent_app_ui argument as computed (#​45029)
  • resource/aws_invoicing_invoice_unit: Fix Provider returned invalid result object after apply error occurred when updating the resource (#​45030)
  • resource/aws_opensearch_authorize_vpc_endpoint_access: Fix reading the resource when more than one principal is authorized. The import ID has changed from domain_name to domain_name and account separated by a comma (#​44982)
  • resource/aws_redshift_cluster: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_cluster_snapshot: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_event_subscription: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_hsm_client_certificate: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_hsm_configuration: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_integration: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_parameter_group: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_snapshot_copy_grant: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_snapshot_schedule: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_subnet_group: Prevents errors with empty tag values. (#​44952)
  • resource/aws_redshift_usage_limit: Prevents errors with empty tag values. (#​44952)
  • resource/aws_sagemaker_endpoint: Fix bug where endpoint_config_name was not correctly updated, causing the endpoint to retain the old configuration (#​42843)
  • resource/aws_wafv2_web_acl_logging_configuration: Fix the validation for redacted_fields.single_header.name (#​44987)

v6.20.0

Compare Source

FEATURES:

  • New Resource: aws_ec2_allowed_images_settings (#​44800)
  • New Resource: aws_fis_target_account_configuration (#​44875)
  • New Resource: aws_invoicing_invoice_unit (#​44892)

ENHANCEMENTS:

  • data-source/aws_connect_routing_profile: Add media_concurrencies.cross_channel_behavior attribute (#​44934)
  • data-source/aws_elasticache_replication_group: Add node_group_configuration attribute to expose node group details including availability zones, replica counts, and slot ranges (#​44879)
  • data-source/aws_kinesis_stream: Add max_record_size_in_kib attribute (#​44915)
  • data-source/aws_opensearch_domain: Add identity_center_options attribute (#​44626)
  • provider: Support us-isob-west-1 as a valid AWS Region (#​44944)
  • resource/aws_cloudfront_distribution: Add logging_v1_enabled attribute (#​44838)
  • resource/aws_connect_routing_profile: Add media_concurrencies.cross_channel_behavior argument (#​44934)
  • resource/aws_ec2_client_vpn_route: Allow IPv6 address ranges for destination_cidr_block (#​44926)
  • resource/aws_ec2_instance_connect_endpoint: Add ip_address_type argument (#​44616)
  • resource/aws_eks_node_group: Add max_parallel_nodes_repaired_count, max_parallel_nodes_repaired_percentage, max_unhealthy_node_threshold_count, max_unhealthy_node_threshold_percentage, and node_repair_config_overrides to the node_repair_config schema (#​44894)
  • resource/aws_elasticache_replication_group: Add node_group_configuration block to support availability zone specification and snapshot restoration for cluster mode enabled replication groups (#​44879)
  • resource/aws_glue_job: Ensure that timeout is unconfigured for Ray jobs (#​35012)
  • resource/aws_kinesis_stream: Add max_record_size_in_kib argument to support for Kinesis 10MiB payloads. This functionality requires the kinesis:UpdateMaxRecordSize IAM permission (#​44915)
  • resource/aws_opensearch_domain: Add identity_center_options configuration block (#​44626)
  • resource/aws_transfer_server: Add support for TransferSecurityPolicy-AS2Restricted-2025-07 security_policy_name value (#​44865)
  • resource/aws_transfer_server: Support TransferSecurityPolicy-AS2Restricted-2025-07 as a valid value for security_policy_name (#​44652)

BUG FIXES:

  • resource/aws_cloudfront_continuous_deployment_policy: Fix Source type "...cloudfront.stagingDistributionDNSNamesModel" does not implement attr.Value error. This fixes a regression introduced in v6.17.0 (#​44972)
  • resource/aws_cloudfront_distribution: Change logging_config.bucket argument from Required to Optional (#​44838)
  • resource/aws_cloudfront_distribution: Fix inability to configure logging_config.include_cookies argument while keeping V1 logging disabled (#​44838)
  • resource/aws_cloudfront_vpc_origin: Fix Source type "...cloudfront.originSSLProtocolsModel" does not implement attr.Value and missing required field, CreateVpcOriginInput.VpcOriginEndpointConfig errors. This fixes a regression introduced in v6.17.0 (#​44861)
  • resource/aws_glue_job: Allow Ray jobs to be updated (#​35012)
  • resource/aws_glue_job: Allow a zero (0) value for timeout for Apache Spark streaming ETL jobs. This allows the job to be configured with no timeout (#​44920)
  • resource/aws_lakeformation_lf_tags: Remove incorrect validation from catalog_id, database.catalog_id, table.catalog_id, and table_with_columns.catalog_id arguments (#​44890)
  • resource/aws_launch_template: Allow an empty ("") value for block_device_mappings.ebs.kms_key_id. This fixes a regression introduced in v6.16.0 (#​44708)

v6.19.0

Compare Source

FEATURES:

  • New Data Source: aws_ecrpublic_images (#​44795)
  • New Resource: aws_lakeformation_identity_center_configuration (#​44867)

ENHANCEMENTS:

  • action/aws_lambda_invoke: Output logs in a progress message when log_type is Tail (#​44843)
  • data-source/aws_imagebuilder_image_recipe: Add ami_tags attribute (#​44731)
  • data-source/aws_lb_listener_rule: Add regex_values attribute to condition.host_header, condition.http_header and condition.path_pattern blocks (#​44741)
  • data-source/aws_lb_listener_rule: Add transform attribute (#​44702)
  • resource/aws_bedrockagentcore_gateway: Add validator to ensure correct authorizer_configuration and authorizer_type config (#​44826)
  • resource/aws_emrserverless_application: Add monitoring_configuration argument (#​43317)
  • resource/aws_emrserverless_application: Add runtime_configuration argument (#​43302)
  • resource/aws_identitystore_group: Adds arn attribute. (#​44867)
  • resource/aws_imagebuilder_image_recipe: Add ami_tags argument (#​44731)
  • resource/aws_lb_listener_rule: Add regex_values argument to condition.host_header, condition.http_header and condition.path_pattern blocks (#​44741)
  • resource/aws_lb_listener_rule: Add transform configuration block (#​44702)
  • resource/aws_lb_listener_rule: The values argument in condition.host_header, condition.http_header and condition.path_pattern is now optional (#​44741)
  • resource/aws_quicksight_data_set: Increase upper limit of physical_table_map.relational_table.name from 64 to 256 characters (#​44807)
  • resource/aws_sagemaker_notebook_instance: Add notebook-al2023-v1 to valid platform_identifier values (#​44570)
  • resource/aws_sqs_queue: Remove account_id and region from Resource Identity schema (#​44846)
  • resource/aws_sqs_queue_policy: Remove account_id and region from Resource Identity schema (#​44846)
  • resource/aws_sqs_queue_redrive_allow_policy: Remove account_id and region from Resource Identity schema (#​44846)
  • resource/aws_sqs_queue_redrive_policy: Remove account_id and region from Resource Identity schema (#​44846)

BUG FIXES:

  • data-source/aws_lakeformation_permissions: Allows IAM Identity Center Groups as principal. (#​44867)
  • provider: Fix crash when setting override region during provider initialization (#​44860)
  • resource/aws_bedrockagentcore_gateway: Change authorizer_configuration block from Required to Optional (#​44812)
  • resource/aws_bedrockagentcore_gateway: Mark authorizer_type argument as ForceNew (#​44812)
  • resource/aws_lakeformation_permissions: Allows IAM Identity Center Groups as principal. (#​44867)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title chore(deps): update terraform aws to v6.19.0 chore(deps): update terraform aws to v6.20.0 Nov 6, 2025
@renovate renovate bot force-pushed the renovate/aws-6.x branch 2 times, most recently from 5710f74 to 63c8bee Compare November 10, 2025 07:00
@renovate renovate bot force-pushed the renovate/aws-6.x branch from 63c8bee to ddbea58 Compare November 14, 2025 02:48
@renovate renovate bot changed the title chore(deps): update terraform aws to v6.20.0 chore(deps): update terraform aws to v6.21.0 Nov 14, 2025
@renovate renovate bot force-pushed the renovate/aws-6.x branch from ddbea58 to 4914fcf Compare November 17, 2025 04:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant