chore(deps): update terraform aws to v4.66.1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	4.63.0 -> 4.66.1

---

Release Notes

hashicorp/terraform-provider-aws

v4.66.1

Compare Source

BUG FIXES:

• resource/aws_appautoscaling_target: Fix InvalidParameter: 1 validation error(s) found. minimum field size of 1, ListTagsForResourceInput.ResourceARN. related to Application Auto Scaling resource tagging introduced in v4.66.0 (#​31214)

v4.66.0

Compare Source

NOTES:

• resource/aws_instance: The cpu_core_count argument is deprecated in favor of the cpu_options block. The cpu_options block can set core_count (#​31035)
• resource/aws_instance: The cpu_threads_per_core argument is deprecated in favor of the cpu_options block. The cpu_options block can set threads_per_core (#​31035)

FEATURES:

• New Data Source: aws_appintegrations_event_integration (#​24965)
• New Data Source: aws_dms_replication_instance (#​15406)
• New Data Source: aws_vpclattice_auth_policy (#​30898)
• New Data Source: aws_vpclattice_service_network (#​30904)
• New Resource: aws_account_primary_contact (#​26123)
• New Resource: aws_appintegrations_data_integration (#​24941)
• New Resource: aws_chimesdkvoice_voice_profile_domain (#​30977)
• New Resource: aws_directory_service_trust (#​31037)
• New Resource: aws_vpclattice_access_log_subscription (#​30896)
• New Resource: aws_vpclattice_auth_policy (#​30891)
• New Resource: aws_vpclattice_resource_policy (#​30900)
• New Resource: aws_vpclattice_target_group_attachment (#​31039)

ENHANCEMENTS:

• data-source/aws_autoscaling_group: Add max_instance_lifetime attribute (#​31067)
• data-source/aws_autoscaling_group: Add mixed_instances_policy attribute (#​31067)
• data-source/aws_autoscaling_group: Add predicted_capacity attribute (#​31067)
• data-source/aws_autoscaling_group: Add suspended_processes attribute (#​31067)
• data-source/aws_autoscaling_group: Add tag attribute (#​31067)
• data-source/aws_autoscaling_group: Add warm_pool_size attribute (#​31067)
• data-source/aws_autoscaling_group: Add warm_pool attribute (#​31067)
• datasource/aws_launch_template: Add amd_sev_snp attribute (#​31035)
• resource/aws_appautoscaling_policy: Add metrics to the target_tracking_scaling_policy_configuration.customized_metric_specification configuration block in support of metric math (#​30172)
• resource/aws_appautoscaling_target: Add arn attribute (#​30172)
• resource/aws_appautoscaling_target: Add tags argument and tags_all attribute to support resource tagging (#​30172)
• resource/aws_autoscaling_group: Add predicted_capacity attribute (#​31067)
• resource/aws_autoscaling_group: Add warm_pool_size attribute (#​31067)
• resource/aws_directory_service_conditional_forwarder: Add plan time validation for remote_domain_name (#​31037)
• resource/aws_directory_service_directory: Correct plan time validation for remote_domain_name (#​31037)
• resource/aws_elasticache_user: Add support for defining custom timeouts (#​31076)
• resource/aws_fsx_lustre_file_system: Add root_squash_configuration argument (#​31073)
• resource/aws_glue_catalog_database: Add tagging support (#​31071)
• resource/aws_grafana_workspace: Make grafana_version optional so that its value can be specified in configuration (#​31083)
• resource/aws_instance: Add amd_sev_snp argument (#​31035)
• resource/aws_instance: Add cpu_options argument (#​31035)
• resource/aws_lambda_function: Add support for java17 runtime value (#​31027)
• resource/aws_lambda_layer_version: Add support for java17 compatible_runtimes value (#​31028)
• resource/aws_launch_template: Add amd_sev_snp argument (#​31035)
• resource/aws_medialive_channel: Added H265 support. (#​30908)
• resource/aws_rds_cluster_role_association: Add configurable Create and Delete timeouts (#​31015)
• resource/aws_redshift_scheduled_action: Add plan time validation for name argument (#​31020)
• resource/aws_redshiftserverless_workgroup: Add support for defining custom timeouts (#​31054)
• resource/aws_sagemaker_domain: Add domain_settings.r_studio_server_pro_domain_settings, default_user_settings.canvas_app_settings.model_register_settings, and default_user_settings.r_studio_server_pro_app_settings arguments (#​31031)
• resource/aws_sagemaker_endpoint_configuration: Add async_inference_config.output_config.notification_config.include_inference_response_in and async_inference_config.output_config.s3_failure_path arguments (#​31070)
• resource/aws_sagemaker_user_profile: Add user_settings.canvas_app_settings.model_register_settings and user_settings.r_studio_server_pro_app_settings arguments (#​31072)
• resource/aws_servicecatalog_provisioning_artifact: Add provisioning_artifact_id attribute (#​31086)
• resource/aws_sfn_state_machine: Add configurable timeouts (#​31097)
• resource/aws_spot_fleet_request: Add 'aws_spot_fleet_request.context' argument (#​30918)
• resource/aws_vpn_connection: Add tunnel1_enable_tunnel_lifecycle_control and tunnel2_enable_tunnel_lifecycle_control arguments (#​31064)

BUG FIXES:

• data-source/aws_nat_gateway: Guarantee that all attributes are set when the NAT Gateway is associated with a single address (#​31118)
• data-source/aws_networkfirewall_firewall_policy: Add firewall_policy.stateful_rule_group_reference.override attribute, fixing setting firewall_policy: Invalid address to set error (#​31089)
• resource/aws_connect_routing_profile: Remove the limit on the maximum number of queues that can be associated with a routing profile. Batch processing is now done when there are more than 10 queues associated or disassociated at a time. (#​30895)
• resource/aws_db_instance: Consider delete-precheck a valid pending state for resource deletion (#​31047)
• resource/aws_inspector2_enabler: Correctly supports LAMBDA resource scanning (#​31038)
• resource/aws_inspector2_enabler: Correctly supports multiple accounts (#​31038)
• resource/aws_inspector2_enabler: No longer calls Disable API for status checking (#​31038)
• resource/aws_nat_gateway: Guarantee that all attributes are set when the NAT Gateway is associated with a single address (#​31118)
• resource/aws_rds_cluster_instance: Consider delete-precheck a valid pending state for resource deletion (#​31047)
• resource/aws_servicecatalog_provisioned_product: Changes in the provisioning_artifact_name attribute are now reflected correctly in AWS (#​26371)
• resource/aws_servicecatalog_provisioned_product: Fix product_name update handling (#​31094)

v4.65.0

Compare Source

NOTES:

• data-source/aws_db_instance: With the retirement of EC2-Classic thedb_security_groups attribute has been deprecated and will be removed in a future version (#​30919)
• data-source/aws_elasticache_cluster: With the retirement of EC2-Classic thesecurity_group_names attribute has been deprecated and will be removed in a future version (#​30919)
• data-source/aws_launch_configuration: With the retirement of EC2-Classic thevpc_classic_link_id and vpc_classic_link_security_groups attributes have been deprecated and will be removed in a future version (#​30919)
• data-source/aws_redshift_cluster: With the retirement of EC2-Classic the cluster_security_groups attribute has been deprecated and will be removed in a future version (#​30919)
• resource/aws_config_organization_custom_policy_rule: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​21373)

FEATURES:

• New Data Source: aws_api_gateway_authorizer (#​28148)
• New Data Source: aws_api_gateway_authorizers (#​28148)
• New Data Source: aws_dms_replication_subnet_group (#​30832)
• New Data Source: aws_dms_replication_task (#​30967)
• New Data Source: aws_ssmcontacts_contact (#​30667)
• New Data Source: aws_ssmcontacts_contact_channel (#​30667)
• New Data Source: aws_ssmcontacts_plan (#​30667)
• New Data Source: aws_ssmincidents_response_plan (#​30665)
• New Resource: aws_config_organization_custom_policy_rule (#​28201)
• New Resource: aws_quicksight_folder_membership (#​30871)
• New Resource: aws_quicksight_refresh_schedule (#​30788)
• New Resource: aws_ssmcontacts_contact (#​30667)
• New Resource: aws_ssmcontacts_contact_channel (#​30667)
• New Resource: aws_ssmcontacts_plan (#​30667)
• New Resource: aws_ssmincidents_response_plan (#​30665)
• New Resource: aws_synthetics_group (#​30678)
• New Resource: aws_synthetics_group_association (#​30678)

ENHANCEMENTS:

• data-source/aws_ami_ids: Add include_deprecated argument (#​30294)
• data-source/aws_backup_report_plan: Add accounts, organization_units and regions attributes to the report_setting block (#​28309)
• data-source/aws_imagebuilder_image: Add containers attribute to the output_resources block (#​30899)
• resource/aws_appstream_stack: Add streaming_experience_settings attribute (#​28512)
• resource/aws_backup_report_plan: Add accounts, organization_units and regions attributes to the report_setting block (#​28309)
• resource/aws_chime_voice_connector_streaming: Add media_insights_configuration argument (#​30713)
• resource/aws_db_subnet_group: Add vpc_id attribute (#​30775)
• resource/aws_fis_experiment_template: Add support for Cluster Network Actions to actions.*.target (#​27337)
• resource/aws_gamelift_game_session_queue: Add custom_event_data argument (#​26206)
• resource/aws_imagebuilder_image: Add containers attribute to the output_resources block (#​30899)
• resource/aws_networkfirewall_rule_group: Add limit for reference_sets (#​30759)
• resource/aws_networkmanager_core_network: Wait for the network policy to be in the READY_TO_EXECUTE state before executing any changes (#​30879)
• resource/aws_s3outposts_endpoint: Add access_type and customer_owned_ipv4_pool arguments (#​23839)
• resource/aws_wafv2_web_acl: Add token_domains argument (#​30340)
• various IAM resource types: more detailed error messages for invalid policy document JSON (#​27502)

BUG FIXES:

• resource/aws_api_gateway_api_key: Fix value minimum length verification when specified. (#​30894)
• resource/aws_apprunner_service: Allow additional instance_configuration.cpu and instance_configuration.memory values (#​30889)
• resource/aws_dms_replication_task: Fix perpetual diff on dms replication_task settings (#​30885)
• resource/aws_ds_shared_directory: Properly handle paged response objects on read (#​30914)
• resource/aws_ecs_service: Fix removal of service_registries configuration block (#​30852)
• resource/aws_redshiftdata_statement: Fix ValidationException errors reading expired statements (#​26343)
• resource/aws_vpc_endpoint_route_table_association: Retry resource Create for EC2 eventual consistency (#​30994)
• resource/aws_vpc_endpoint_service_allowed_principal: Fix too many results error (#​30974)

v4.64.0

Compare Source

FEATURES:

• New Data Source: aws_dms_endpoint (#​30717)
• New Data Source: aws_fsx_windows_file_system (#​28622)
• New Data Source: aws_iam_access_keys (#​29278)
• New Data Source: aws_networkfirewall_resource_policy (#​25474)
• New Data Source: aws_prometheus_workspaces (#​28574)
• New Data Source: aws_redshiftserverless_workgroup (#​29208)
• New Data Source: aws_route53_resolver_query_log_config (#​29111)
• New Data Source: aws_sesv2_configuration_set (#​30108)
• New Data Source: aws_vpclattice_listener (#​30843)
• New Resource: aws_cloudwatch_event_endpoint (#​25846)
• New Resource: aws_vpclattice_listener (#​30711)
• New Resource: aws_vpclattice_listener_rule (#​30784)

ENHANCEMENTS:

• data-source/aws_cloudfront_response_headers_policy: Add remove_headers_config attribute (#​28940)
• data-source/aws_ecs_task_definition: Add execution_role_arn attribute (#​28662)
• data-source/aws_eks_node_group: Add launch_template attribute (#​30780)
• data-source/aws_iam_role: Add role_last_used attribute (#​30750)
• data-source/aws_kms_key: Add cloud_hsm_cluster_id, custom_key_store_id, key_spec, pending_deletion_window_in_days, and xks_key_configuration attributes (#​29250)
• data-source/aws_lakeformation_data_lake_settings: Add allow_external_data_filtering, external_data_filtering_allow_list and authorized_session_tag_value_list attributes (#​30207)
• data-source/aws_outposts_outpost: Add lifecycle_status, site_arn, supported_hardware_type and tags attributes (#​30754)
• data-source/aws_servicequotas_service_quota: Add usage_metric attribute (#​29499)
• data-source/aws_subnet: Add enable_lni_at_device_index attribute (#​30798)
• resource/aws_appsync_datasource: Add opensearchservice_config argument (#​29578)
• resource/aws_cloudfront_response_headers_policy: Add remove_headers_config argument (#​28940)
• resource/aws_cloudwatch_event_target: Add ecs_target.ordered_placement_strategy argument (#​28384)
• resource/aws_cloudwatch_metric_stream: Add include_linked_accounts_metrics argument (#​29281)
• resource/aws_dms_replication_instance: Increase default timeout for create (#​29905)
• resource/aws_eks_node_group: Add plan time validation to node_group_name and node_group_name_prefix arguments (#​29975)
• resource/aws_elastic_beanstalk_application: Add plan time validation to appversion_lifecycle.service_role and name arguments (#​17727)
• resource/aws_emr_cluster: Add placement_group_config argument (#​30121)
• resource/aws_fis_experiment_template: Add support for Subnets Network Actions to actions.*.target (#​30211)
• resource/aws_iam_role: Add role_last_used attribute (#​30750)
• resource/aws_iot_topic_rule: Add error_action.firehose.batch_mode, error_action.iot_analytics.batch_mode, error_action.iot_events.batch_mode, firehose.batch_mode, iot_analytics.batch_mode and iot_events.batch_mode arguments (#​28568)
• resource/aws_kinesis_firehose_delivery_stream: Add opensearch_configuration block (#​29112)
• resource/aws_kinesis_firehose_delivery_stream: Add opensearch as a valid destination value (#​29112)
• resource/aws_lakeformation_data_lake_settings: Add allow_external_data_filtering, external_data_filtering_allow_list and authorized_session_tag_value_list arguments (#​30207)
• resource/aws_lambda_event_source_mapping: Add document_db_event_source_config configuration block (#​28586)
• resource/aws_lambda_function: Add support for python3.10 runtime value (#​30781)
• resource/aws_lambda_layer_version: Add support for python3.10 compatible_runtimes value (#​30781)
• resource/aws_main_route_table_association: Add configurable timeouts (#​30755)
• resource/aws_route: Allow gateway_id value of local when updating a Route (#​24507)
• resource/aws_route_table_association: Add configurable timeouts (#​30755)
• resource/aws_s3_bucket: Correct S3 Object Lock error handling for third-party S3-compatible API implementations (#​26317)
• resource/aws_s3_bucket_object_lock_configuration: Correct error handling for third-party S3-compatible API implementations (#​26317)
• resource/aws_securityhub_account: Add control_finding_generator, auto_enable_controls and arn attributes (#​30692)
• resource/aws_servicequotas_service_quota: Add usage_metric attribute (#​29499)
• resource/aws_ssoadmin_account_assignment: Extend timeout delay and min timeout (#​25849)
• resource/aws_ssoadmin_permission_set: Extend timeout delay and min timeout (#​25849)
• resource/aws_subnet: Add enable_lni_at_device_index attribute (#​30798)
• resource/aws_vpc_endpoint_service_allowed_principal: Changed id to use ServicePermissionId (#​27640)
• resource/aws_wafv2_rule_group: Add rule.action.challenge argument (#​29690)
• resource/aws_wafv2_rule_group: Add rule.captcha_config argument (#​29608)
• resource/aws_wafv2_web_acl: Add captcha_config and rule.captcha_config arguments (#​29608)

BUG FIXES:

• data-source/aws_lakeformation_permissions: Change lf_tag_policy.expression from TypeList to TypeSet as order is not significant (#​26643)
• data-source/aws_lakeformation_permissions: Remove limit on number of lf_tag_policy.expression blocks (#​26643)
• resource/aws_cloudwatch_event_rule: Add retry to read step, resolving couldn't find resource error (#​25846)
• resource/aws_default_vpc: Fix adoption of default VPC with generated IPv6 (#​29083)
• resource/aws_dx_gateway: Remove plan time validation from name argument (#​30739)
• resource/aws_ecs_service: Fix error importing service with an IAM role with a path (#​30170)
• resource/aws_fsx_windows_file_system: Increase throughput_capacity first to avoid BadRequest errors (#​28622)
• resource/aws_lakeformation_permissions: Change lf_tag_policy.expression from TypeList to TypeSet as order is not significant (#​26643)
• resource/aws_lakeformation_permissions: Change lf_tag, lf_tag.values, lf_tag_policy, lf_tag_policy.expression.key, lf_tag_policy.expression.values and lf_tag_policy.resource_type to ForceNew (#​26643)
• resource/aws_lakeformation_permissions: Remove limit on number of lf_tag_policy.expression blocks (#​26643)
• resource/aws_lambda_event_source_mapping: Fix IAM eventual consistency errors on resource Update (#​28586)
• resource/aws_medialive_channel: Fix to properly expand destinations.media_package_settings field (#​30660)
• resource/aws_networkfirewall_firewall_policy: Fix unexpected encryption_configuration.type updates from Customer_KMS to AWS_KMS (#​30821)
• resource/aws_networkfirewall_rule_group: Fix unexpected encryption_configuration.type updates from Customer_KMS to AWS_KMS (#​30821)
• resource/aws_quicksight_data_set: Correct custom_sql documentation (#​30742)
• resource/aws_quicksight_data_set: Correctly persist create_columns_operation.expression field (#​30708)
• resource/aws_quicksight_data_set: Fix to properly expand project_operation.projected_columns field (#​30699)
• resource/aws_quicksight_data_set: Fix to properly flatten cast_column_type_operation.format field (#​30701)
• resource/aws_sagemaker_app: Fix crash when app is not found (#​30786)
• resource/aws_sns_topic: Fix IAM eventual consistency error creating SNS topics with ABAC-controlled permissions (#​30432)
• resource/aws_vpc: Don't overwrite any configured value for ipv6_ipam_pool_id with IPAM Managed (#​30795)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.