Update AWS provider/module and generated content (#981)

github-actions[bot] · bendrucker · web-flow · commit fb0cba48bb58 · 2025-11-20T13:14:32.000-08:00
Co-authored-by: bendrucker &lt;808808+bendrucker@users.noreply.github.com&gt;
diff --git a/rules/models/api-models-aws b/rules/models/api-models-aws
@@ -1 +1 @@
-Subproject commit 6001950176aff870331143d801f46e648a7ccb34
+Subproject commit 37191a6a09ea18c996cc10b45082f755b8d46470
diff --git a/rules/models/aws_alb_listener_invalid_protocol.go b/rules/models/aws_alb_listener_invalid_protocol.go
@@ -28,7 +28,9 @@ func NewAwsALBListenerInvalidProtocolRule() *AwsALBListenerInvalidProtocolRule {
 			"GENEVE",
 			"HTTP",
 			"HTTPS",
+			"QUIC",
 			"TCP",
+			"TCP_QUIC",
 			"TCP_UDP",
 			"TLS",
 			"UDP",
diff --git a/rules/models/aws_alb_target_group_invalid_protocol.go b/rules/models/aws_alb_target_group_invalid_protocol.go
@@ -28,7 +28,9 @@ func NewAwsALBTargetGroupInvalidProtocolRule() *AwsALBTargetGroupInvalidProtocol
 			"GENEVE",
 			"HTTP",
 			"HTTPS",
+			"QUIC",
 			"TCP",
+			"TCP_QUIC",
 			"TCP_UDP",
 			"TLS",
 			"UDP",
diff --git a/rules/models/aws_api_gateway_domain_name_invalid_security_policy.go b/rules/models/aws_api_gateway_domain_name_invalid_security_policy.go
@@ -25,6 +25,15 @@ func NewAwsAPIGatewayDomainNameInvalidSecurityPolicyRule() *AwsAPIGatewayDomainN
 		resourceType:  "aws_api_gateway_domain_name",
 		attributeName: "security_policy",
 		enum: []string{
+			"SecurityPolicy_TLS12_2018_EDGE",
+			"SecurityPolicy_TLS12_PFS_2025_EDGE",
+			"SecurityPolicy_TLS13_1_2_2021_06",
+			"SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09",
+			"SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09",
+			"SecurityPolicy_TLS13_1_2_PQ_2025_09",
+			"SecurityPolicy_TLS13_1_3_2025_09",
+			"SecurityPolicy_TLS13_1_3_FIPS_2025_09",
+			"SecurityPolicy_TLS13_2025_EDGE",
 			"TLS_1_0",
 			"TLS_1_2",
 		},
diff --git a/rules/models/aws_lb_listener_invalid_protocol.go b/rules/models/aws_lb_listener_invalid_protocol.go
@@ -28,7 +28,9 @@ func NewAwsLbListenerInvalidProtocolRule() *AwsLbListenerInvalidProtocolRule {
 			"GENEVE",
 			"HTTP",
 			"HTTPS",
+			"QUIC",
 			"TCP",
+			"TCP_QUIC",
 			"TCP_UDP",
 			"TLS",
 			"UDP",
diff --git a/rules/models/aws_lb_target_group_invalid_protocol.go b/rules/models/aws_lb_target_group_invalid_protocol.go
@@ -28,7 +28,9 @@ func NewAwsLbTargetGroupInvalidProtocolRule() *AwsLbTargetGroupInvalidProtocolRu
 			"GENEVE",
 			"HTTP",
 			"HTTPS",
+			"QUIC",
 			"TCP",
+			"TCP_QUIC",
 			"TCP_UDP",
 			"TLS",
 			"UDP",
diff --git a/rules/models/aws_storagegateway_cached_iscsi_volume_invalid_source_volume_arn.go b/rules/models/aws_storagegateway_cached_iscsi_volume_invalid_source_volume_arn.go
@@ -29,7 +29,7 @@ func NewAwsStoragegatewayCachedIscsiVolumeInvalidSourceVolumeArnRule() *AwsStora
 		attributeName: "source_volume_arn",
 		max:           500,
 		min:           50,
-		pattern:       regexp.MustCompile(`^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):storagegateway:[a-z\-0-9]+:[0-9]+:gateway\/(.+)\/volume\/vol-(\S+)$`),
+		pattern:       regexp.MustCompile(`^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):storagegateway:[a-z\-0-9]+:[0-9]+:gateway\/(.+)\/volume\/vol-(\S+)$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsStoragegatewayCachedIscsiVolumeInvalidSourceVolumeArnRule) Check(run
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):storagegateway:[a-z\-0-9]+:[0-9]+:gateway\/(.+)\/volume\/vol-(\S+)$`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):storagegateway:[a-z\-0-9]+:[0-9]+:gateway\/(.+)\/volume\/vol-(\S+)$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_storagegateway_nfs_file_share_invalid_kms_key_arn.go b/rules/models/aws_storagegateway_nfs_file_share_invalid_kms_key_arn.go
@@ -29,7 +29,7 @@ func NewAwsStoragegatewayNfsFileShareInvalidKmsKeyArnRule() *AwsStoragegatewayNf
 		attributeName: "kms_key_arn",
 		max:           2048,
 		min:           7,
-		pattern:       regexp.MustCompile(`^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
+		pattern:       regexp.MustCompile(`^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsStoragegatewayNfsFileShareInvalidKmsKeyArnRule) Check(runner tflint.
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_storagegateway_nfs_file_share_invalid_role_arn.go b/rules/models/aws_storagegateway_nfs_file_share_invalid_role_arn.go
@@ -29,7 +29,7 @@ func NewAwsStoragegatewayNfsFileShareInvalidRoleArnRule() *AwsStoragegatewayNfsF
 		attributeName: "role_arn",
 		max:           2048,
 		min:           20,
-		pattern:       regexp.MustCompile(`^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):iam::([0-9]+):role/(\S+)$`),
+		pattern:       regexp.MustCompile(`^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):iam::([0-9]+):role/(\S+)$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsStoragegatewayNfsFileShareInvalidRoleArnRule) Check(runner tflint.Ru
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):iam::([0-9]+):role/(\S+)$`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):iam::([0-9]+):role/(\S+)$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_storagegateway_smb_file_share_invalid_kms_key_arn.go b/rules/models/aws_storagegateway_smb_file_share_invalid_kms_key_arn.go
@@ -29,7 +29,7 @@ func NewAwsStoragegatewaySmbFileShareInvalidKmsKeyArnRule() *AwsStoragegatewaySm
 		attributeName: "kms_key_arn",
 		max:           2048,
 		min:           7,
-		pattern:       regexp.MustCompile(`^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
+		pattern:       regexp.MustCompile(`^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsStoragegatewaySmbFileShareInvalidKmsKeyArnRule) Check(runner tflint.
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_storagegateway_smb_file_share_invalid_role_arn.go b/rules/models/aws_storagegateway_smb_file_share_invalid_role_arn.go
@@ -29,7 +29,7 @@ func NewAwsStoragegatewaySmbFileShareInvalidRoleArnRule() *AwsStoragegatewaySmbF
 		attributeName: "role_arn",
 		max:           2048,
 		min:           20,
-		pattern:       regexp.MustCompile(`^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):iam::([0-9]+):role/(\S+)$`),
+		pattern:       regexp.MustCompile(`^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):iam::([0-9]+):role/(\S+)$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsStoragegatewaySmbFileShareInvalidRoleArnRule) Check(runner tflint.Ru
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):iam::([0-9]+):role/(\S+)$`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):iam::([0-9]+):role/(\S+)$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_storagegateway_stored_iscsi_volume_invalid_kms_key.go b/rules/models/aws_storagegateway_stored_iscsi_volume_invalid_kms_key.go
@@ -29,7 +29,7 @@ func NewAwsStoragegatewayStoredIscsiVolumeInvalidKmsKeyRule() *AwsStoragegateway
 		attributeName: "kms_key",
 		max:           2048,
 		min:           7,
-		pattern:       regexp.MustCompile(`^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
+		pattern:       regexp.MustCompile(`^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsStoragegatewayStoredIscsiVolumeInvalidKmsKeyRule) Check(runner tflin
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\S+)$)|(^alias/(\S+)$)$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/tags/resources.go b/rules/tags/resources.go
diff --git a/tools/provider-schema/.terraform.lock.hcl b/tools/provider-schema/.terraform.lock.hcl
diff --git a/tools/provider-schema/schema.json b/tools/provider-schema/schema.json

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func NewAwsStoragegatewayCachedIscsiVolumeInvalidSourceVolumeArnRule() *AwsStora`
`29`	`29`	`attributeName: "source_volume_arn",`
`30`	`30`	`max: 500,`
`31`	`31`	`min: 50,`
`32`		- pattern: regexp.MustCompile(`^arn:(aws(\|-cn\|-us-gov\|-iso[A-Za-z0-9_-]*)):storagegateway:[a-z\-0-9]+:[0-9]+:gateway\/(.+)\/volume\/vol-(\S+)$`),
	`32`	+ pattern: regexp.MustCompile(`^arn:(aws(\|-cn\|-us-gov\|-iso[A-Za-z0-9_-]*\|-eusc)):storagegateway:[a-z\-0-9]+:[0-9]+:gateway\/(.+)\/volume\/vol-(\S+)$`),
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`
`@@ -90,7 +90,7 @@ func (r *AwsStoragegatewayCachedIscsiVolumeInvalidSourceVolumeArnRule) Check(run`
`90`	`90`	`if !r.pattern.MatchString(val) {`
`91`	`91`	`runner.EmitIssue(`
`92`	`92`	`r,`
`93`		- fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:(aws(\|-cn\|-us-gov\|-iso[A-Za-z0-9_-]*)):storagegateway:[a-z\-0-9]+:[0-9]+:gateway\/(.+)\/volume\/vol-(\S+)$`),
	`93`	+ fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:(aws(\|-cn\|-us-gov\|-iso[A-Za-z0-9_-]*\|-eusc)):storagegateway:[a-z\-0-9]+:[0-9]+:gateway\/(.+)\/volume\/vol-(\S+)$`),
`94`	`94`	`attribute.Expr.Range(),`
`95`	`95`	`)`
`96`	`96`	`}`