infrastructure/tofu-template
Template
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(deps): update terraform aws to v6.22.0 #56

Merged
renovate-bot merged 1 commit from renovate/aws-6.x into main 2025-11-21 01:08:02 +00:00
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate-bot commented 2025-11-21 01:08:00 +00:00
Member
Copy link

This PR contains the following updates:

Package Type Update Change
aws (source) required_provider minor 6.21.0 -> 6.22.0

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.22.0

Compare Source

NOTES:

  • resource/aws_s3_bucket_server_side_encryption_configuration: Starting in March 2026, Amazon S3 will introduce a new default bucket security setting by automatically disabling server-side encryption with customer-provided keys (SSE-C) for all new buckets. Use the blocked_encryption_types argument to manage this behavior for specific buckets. (#​45105)

FEATURES:

  • New Ephemeral Resource: aws_ecr_authorization_token (#​44949)
  • New Guide: Tag Policy Compliance (#​45143)
  • New Resource: aws_billing_view (#​45097)
  • New Resource: aws_vpclattice_domain_verification (#​45085)

ENHANCEMENTS:

  • data-source/aws_lb_listener: Add default_action.jwt_validation attribute (#​45089)
  • data-source/aws_lb_listener_rule: Add action.jwt_validation attribute (#​45089)
  • data-source/aws_route53_zone: Support filtering by tags only or by vpc_id only (#​39671)
  • provider: Add support for enforcing tag policy compliance. This opt-in feature can be enabled via the new tag_policy_compliance provider argument, or the TF_AWS_TAG_POLICY_COMPLIANCE environment variable. When enabled, the principal executing Terraform must have the tags:ListRequiredTags IAM permission. (#​45143)
  • resource/aws_backup_logically_air_gapped_vault: Add encryption_key_arn argument (#​45020)
  • resource/aws_bedrock_guardrail: Add input_action, input_enabled, input_modalities, output_action, output_enabled, and output_modalities arguments to the content_policy_config.filters_config block (#​45104)
  • resource/aws_bedrockagent_knowledge_base: Add storage_configuration.rds_configuration.field_mapping.custom_metadata_field argument (#​45075)
  • resource/aws_bedrockagentcore_agent_runtime: Add agent_runtime_artifact.code_configuration block (#​45091)
  • resource/aws_bedrockagentcore_agent_runtime: Make agent_runtime_artifact.container_configuration block optional (#​45091)
  • resource/aws_dynamodb_table: Add global_table_witness argument (#​43908)
  • resource/aws_emr_managed_scaling_policy: Add scaling_strategy and utilization_performance_index arguments (#​45132)
  • resource/aws_fis_experiment_template: Add plan-time validation of log_configuration.cloudwatch_logs_configuration.log_group_arn (#​35941)
  • resource/aws_fis_experiment_template: Add support for Functions to action.*.target (#​41209)
  • resource/aws_lambda_invocation: Add import support (#​41240)
  • resource/aws_lb_listener: Support jwt-validation as a valid default_action.type and add default_action.jwt_validation configuration block (#​45089)
  • resource/aws_lb_listener_rule: Support jwt-validation as a valid action.type and add action.jwt_validation configuration block (#​45089)
  • resource/aws_odb_cloud_vm_cluster: vm cluster creation using odb network ARN and exadata infrastructure ARN for resource sharing model. (#​45003)
  • resource/aws_organizations_organization: Add SECURITYHUB_POLICY as a valid value for enabled_policy_types argument (#​45135)
  • resource/aws_prometheus_query_logging_configuration: Add plan-time validation of destination.cloudwatch_logs.log_group_arn (#​35941)
  • resource/aws_prometheus_workspace: Add plan-time validation of logging_configuration.log_group_arn (#​35941)
  • resource/aws_s3_bucket_server_side_encryption_configuration: Add rule.blocked_encryption_types argument (#​45105)
  • resource/aws_sagemaker_model: Add container.additional_model_data_source and primary_container.additional_model_data_source arguments (#​44407)
  • resource/aws_sfn_state_machine: Add plan-time validation of logging_configuration.log_destination (#​35941)
  • resource/aws_timestreaminfluxdb_db_cluster: Add engine_type attribute (#​44899)
  • resource/aws_timestreaminfluxdb_db_cluster: Add validation to ensure InfluxDB V2 clusters have required fields and InfluxDB V3 clusters (when using V3 parameter groups) do not have forbidden V2 fields. This functionality requires the timestream-influxdb:GetDbParameterGroup IAM permission (#​44899)
  • resource/aws_vpclattice_resource_configuration: Add custom_domain_name and domain_verification_id arguments and domain_verification_arn and domain_verification_status attributes to support custom domain names for resource configurations (#​45085)
  • resource/aws_vpn_connection: Add tunnel_bandwidth argument to support higher bandwidth tunnels (#​45070)

BUG FIXES:

  • resource/aws_db_instance: Fix blue/green deployments failing with "not in available state" by improving stability and handling storage-config-upgrade and storage-initialization statuses (#​41275)
  • resource/aws_elastic_beanstalk_configuration_template: Fix updates not applying by including ResourceName for option settings and preventing duplicate add/remove operations (#​45077)
  • resource/aws_odb_cloud_vm_cluster: support for hyphen in odb cloud vm cluster hostname prefix. (#​45003)
  • resource/aws_quicksight_account_settings: Add region argument (#​45083)
  • resource/aws_s3_directory_bucket: Fix plan-time AWS resource not found during refresh warnings causing resource replacement when ReadOnly s3express:SessionMode is enforced (#​45086)
  • resource/aws_ssoadmin_account_assignment: Correct target_type argument to required (#​45092)
  • resource/aws_timestreaminfluxdb_db_cluster: Make allocated_storage, bucket, organization, username, and password optional to support InfluxDB V3 clusters (#​44899)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [aws](https://registry.terraform.io/providers/hashicorp/aws) ([source](https://github.com/hashicorp/terraform-provider-aws)) | required_provider | minor | `6.21.0` -> `6.22.0` | --- ### Release Notes <details> <summary>hashicorp/terraform-provider-aws (aws)</summary> ### [`v6.22.0`](https://github.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#6220-November-20-2025) [Compare Source](https://github.com/hashicorp/terraform-provider-aws/compare/v6.21.0...v6.22.0) NOTES: - resource/aws\_s3\_bucket\_server\_side\_encryption\_configuration: Starting in March 2026, Amazon S3 will introduce a new default bucket security setting by automatically disabling server-side encryption with customer-provided keys (SSE-C) for all new buckets. Use the `blocked_encryption_types` argument to manage this behavior for specific buckets. ([#&#8203;45105](https://github.com/hashicorp/terraform-provider-aws/issues/45105)) FEATURES: - **New Ephemeral Resource:** `aws_ecr_authorization_token` ([#&#8203;44949](https://github.com/hashicorp/terraform-provider-aws/issues/44949)) - **New Guide:** `Tag Policy Compliance` ([#&#8203;45143](https://github.com/hashicorp/terraform-provider-aws/issues/45143)) - **New Resource:** `aws_billing_view` ([#&#8203;45097](https://github.com/hashicorp/terraform-provider-aws/issues/45097)) - **New Resource:** `aws_vpclattice_domain_verification` ([#&#8203;45085](https://github.com/hashicorp/terraform-provider-aws/issues/45085)) ENHANCEMENTS: - data-source/aws\_lb\_listener: Add `default_action.jwt_validation` attribute ([#&#8203;45089](https://github.com/hashicorp/terraform-provider-aws/issues/45089)) - data-source/aws\_lb\_listener\_rule: Add `action.jwt_validation` attribute ([#&#8203;45089](https://github.com/hashicorp/terraform-provider-aws/issues/45089)) - data-source/aws\_route53\_zone: Support filtering by `tags` only or by `vpc_id` only ([#&#8203;39671](https://github.com/hashicorp/terraform-provider-aws/issues/39671)) - provider: Add support for enforcing tag policy compliance. This opt-in feature can be enabled via the new `tag_policy_compliance` provider argument, or the `TF_AWS_TAG_POLICY_COMPLIANCE` environment variable. When enabled, the principal executing Terraform must have the `tags:ListRequiredTags` IAM permission. ([#&#8203;45143](https://github.com/hashicorp/terraform-provider-aws/issues/45143)) - resource/aws\_backup\_logically\_air\_gapped\_vault: Add `encryption_key_arn` argument ([#&#8203;45020](https://github.com/hashicorp/terraform-provider-aws/issues/45020)) - resource/aws\_bedrock\_guardrail: Add `input_action`, `input_enabled`, `input_modalities`, `output_action`, `output_enabled`, and `output_modalities` arguments to the `content_policy_config.filters_config` block ([#&#8203;45104](https://github.com/hashicorp/terraform-provider-aws/issues/45104)) - resource/aws\_bedrockagent\_knowledge\_base: Add `storage_configuration.rds_configuration.field_mapping.custom_metadata_field` argument ([#&#8203;45075](https://github.com/hashicorp/terraform-provider-aws/issues/45075)) - resource/aws\_bedrockagentcore\_agent\_runtime: Add `agent_runtime_artifact.code_configuration` block ([#&#8203;45091](https://github.com/hashicorp/terraform-provider-aws/issues/45091)) - resource/aws\_bedrockagentcore\_agent\_runtime: Make `agent_runtime_artifact.container_configuration` block optional ([#&#8203;45091](https://github.com/hashicorp/terraform-provider-aws/issues/45091)) - resource/aws\_dynamodb\_table: Add `global_table_witness` argument ([#&#8203;43908](https://github.com/hashicorp/terraform-provider-aws/issues/43908)) - resource/aws\_emr\_managed\_scaling\_policy: Add `scaling_strategy` and `utilization_performance_index` arguments ([#&#8203;45132](https://github.com/hashicorp/terraform-provider-aws/issues/45132)) - resource/aws\_fis\_experiment\_template: Add plan-time validation of `log_configuration.cloudwatch_logs_configuration.log_group_arn` ([#&#8203;35941](https://github.com/hashicorp/terraform-provider-aws/issues/35941)) - resource/aws\_fis\_experiment\_template: Add support for `Functions` to `action.*.target` ([#&#8203;41209](https://github.com/hashicorp/terraform-provider-aws/issues/41209)) - resource/aws\_lambda\_invocation: Add import support ([#&#8203;41240](https://github.com/hashicorp/terraform-provider-aws/issues/41240)) - resource/aws\_lb\_listener: Support `jwt-validation` as a valid `default_action.type` and add `default_action.jwt_validation` configuration block ([#&#8203;45089](https://github.com/hashicorp/terraform-provider-aws/issues/45089)) - resource/aws\_lb\_listener\_rule: Support `jwt-validation` as a valid `action.type` and add `action.jwt_validation` configuration block ([#&#8203;45089](https://github.com/hashicorp/terraform-provider-aws/issues/45089)) - resource/aws\_odb\_cloud\_vm\_cluster: vm cluster creation using odb network ARN and exadata infrastructure ARN for resource sharing model. ([#&#8203;45003](https://github.com/hashicorp/terraform-provider-aws/issues/45003)) - resource/aws\_organizations\_organization: Add `SECURITYHUB_POLICY` as a valid value for `enabled_policy_types` argument ([#&#8203;45135](https://github.com/hashicorp/terraform-provider-aws/issues/45135)) - resource/aws\_prometheus\_query\_logging\_configuration: Add plan-time validation of `destination.cloudwatch_logs.log_group_arn` ([#&#8203;35941](https://github.com/hashicorp/terraform-provider-aws/issues/35941)) - resource/aws\_prometheus\_workspace: Add plan-time validation of `logging_configuration.log_group_arn` ([#&#8203;35941](https://github.com/hashicorp/terraform-provider-aws/issues/35941)) - resource/aws\_s3\_bucket\_server\_side\_encryption\_configuration: Add `rule.blocked_encryption_types` argument ([#&#8203;45105](https://github.com/hashicorp/terraform-provider-aws/issues/45105)) - resource/aws\_sagemaker\_model: Add `container.additional_model_data_source` and `primary_container.additional_model_data_source` arguments ([#&#8203;44407](https://github.com/hashicorp/terraform-provider-aws/issues/44407)) - resource/aws\_sfn\_state\_machine: Add plan-time validation of `logging_configuration.log_destination` ([#&#8203;35941](https://github.com/hashicorp/terraform-provider-aws/issues/35941)) - resource/aws\_timestreaminfluxdb\_db\_cluster: Add `engine_type` attribute ([#&#8203;44899](https://github.com/hashicorp/terraform-provider-aws/issues/44899)) - resource/aws\_timestreaminfluxdb\_db\_cluster: Add validation to ensure InfluxDB V2 clusters have required fields and InfluxDB V3 clusters (when using V3 parameter groups) do not have forbidden V2 fields. This functionality requires the `timestream-influxdb:GetDbParameterGroup` IAM permission ([#&#8203;44899](https://github.com/hashicorp/terraform-provider-aws/issues/44899)) - resource/aws\_vpclattice\_resource\_configuration: Add `custom_domain_name` and `domain_verification_id` arguments and `domain_verification_arn` and `domain_verification_status` attributes to support custom domain names for resource configurations ([#&#8203;45085](https://github.com/hashicorp/terraform-provider-aws/issues/45085)) - resource/aws\_vpn\_connection: Add `tunnel_bandwidth` argument to support higher bandwidth tunnels ([#&#8203;45070](https://github.com/hashicorp/terraform-provider-aws/issues/45070)) BUG FIXES: - resource/aws\_db\_instance: Fix blue/green deployments failing with "not in available state" by improving stability and handling `storage-config-upgrade` and `storage-initialization` statuses ([#&#8203;41275](https://github.com/hashicorp/terraform-provider-aws/issues/41275)) - resource/aws\_elastic\_beanstalk\_configuration\_template: Fix updates not applying by including `ResourceName` for option settings and preventing duplicate add/remove operations ([#&#8203;45077](https://github.com/hashicorp/terraform-provider-aws/issues/45077)) - resource/aws\_odb\_cloud\_vm\_cluster: support for hyphen in odb cloud vm cluster hostname prefix. ([#&#8203;45003](https://github.com/hashicorp/terraform-provider-aws/issues/45003)) - resource/aws\_quicksight\_account\_settings: Add `region` argument ([#&#8203;45083](https://github.com/hashicorp/terraform-provider-aws/issues/45083)) - resource/aws\_s3\_directory\_bucket: Fix plan-time `AWS resource not found during refresh` warnings causing resource replacement when `ReadOnly` `s3express:SessionMode` is enforced ([#&#8203;45086](https://github.com/hashicorp/terraform-provider-aws/issues/45086)) - resource/aws\_ssoadmin\_account\_assignment: Correct `target_type` argument to required ([#&#8203;45092](https://github.com/hashicorp/terraform-provider-aws/issues/45092)) - resource/aws\_timestreaminfluxdb\_db\_cluster: Make `allocated_storage`, `bucket`, `organization`, `username`, and `password` optional to support InfluxDB V3 clusters ([#&#8203;44899](https://github.com/hashicorp/terraform-provider-aws/issues/44899)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xMy4zIiwidXBkYXRlZEluVmVyIjoiNDIuMTMuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
renovate-bot scheduled this pull request to auto merge when all checks succeed 2025-11-21 01:08:01 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
infrastructure/tofu-template!56
No description provided.