chore(deps): update terraform aws to v5.62.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	5.58.0 -> 5.62.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.62.0

Compare Source

FEATURES:

• New Data Source: aws_rds_cluster_parameter_group (#​38416)
• New Data Source: aws_secretsmanager_secret_versions (#​35411)
• New Resource: aws_ebs_snapshot_block_public_access (#​38641)
• New Resource: aws_rds_integration (#​35199)

ENHANCEMENTS:

• data-source/aws_s3_bucket_object: Expand content types that can be read from S3 to include include application/x-sql (#​38737)
• data-source/aws_s3_object: Expand content types that can be read from S3 to include application/x-sql (#​38737)
• provider: Allow default_tags to be set by environment variables (#​33339)
• provider: Allow ignore_tags.keys and ignore_tags.key_prefixes to be set by environment variables (#​35264)
• resource/aws_db_option_group: Add skip_destroy argument (#​29663)
• resource/aws_db_parameter_group: Add skip_destroy argument (#​29663)
• resource/aws_dx_macsec_key_association: Add plan-time validation of secret_arn (#​37213)
• resource/aws_ecs_service: Add force_delete argument (#​38707)
• resource/aws_grafana_license_association: Add grafana_token argument (#​38743)
• resource/aws_lb_target_group: Add target_health_state.unhealthy_draining_interval argument (#​38654)
• resource/aws_lexv2models_slot: Add sub_slot_setting attribute (#​38698)

BUG FIXES:

• data-source/aws_ecr_repository_creation_template: Support ROOT as a valid value for prefix (#​38685)
• data-source/aws_msk_broker_nodes: Filter out nodes with no broker info (#​38042)
• resource/aws_appconfig_configuration_profile: Increase name max length validation to 128 (#​37539)
• resource/aws_batch_job_definition: Fix panic when checking eks_properties for job updates (#​38716)
• resource/aws_batch_job_definition: Fix panic when checking retry_strategy for job updates (#​38716)
• resource/aws_batch_job_definition: Fix panic when checking timeout for job updates (#​38716)
• resource/aws_ec2_capacity_block_reservation: Fix error during apply for missing created_date attribute (#​38689)
• resource/aws_ecr_repository_creation_template: Support ROOT as a valid value for prefix (#​38685)
• resource/aws_elbv2_trust_store_revocation: Fix to properly return errors during resource creation (#​38756)
• resource/aws_emr_cluster: Fix panic when reading an instance fleet with an empty launch_specifications argument (#​38773)
• resource/aws_lexv2models_bot: Handle PreconditionFailedException on delete for resources deleted out-of-band (#​38661)
• resource/aws_lexv2models_bot_locale: Handle PreconditionFailedException on delete for resources deleted out-of-band (#​38661)
• resource/aws_lexv2models_bot_version: Handle PreconditionFailedException on delete for resources deleted out-of-band (#​38661)
• resource/aws_networkmanager_core_network: Fix $.network-function-groups: null found, array expected errors when creating resource with create_base_policy argument (#​38642)
• resource/aws_quicksight_account_subscription: Fix panic when read returns nil account info (#​38752)
• resource/aws_sfn_state_machine: Mark revision_id and state_machine_version_arn as Computed on update if publish is true (#​38657)

v5.61.0

Compare Source

NOTES:

• resource/aws_chatbot_teams_channel_configuration: This resource is provided on a best-effort basis, and we welcome the community's help in testing it. (#​38630)

FEATURES:

• New Data Source: aws_ecr_repository_creation_template (#​38597)
• New Resource: aws_chatbot_slack_channel_configuration (#​38124)
• New Resource: aws_chatbot_teams_channel_configuration (#​38630)
• New Resource: aws_datazone_glossary (#​38602)
• New Resource: aws_ecr_repository_creation_template (#​38597)
• New Resource: aws_timestreaminfluxdb_db_instance (#​37963)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add upgrade_policy attribute (#​38573)
• data-source/aws_sagemaker_prebuilt_ecr_image: Support additional repository_name values. See documentation for details (#​38575)
• resource/aws_appsync_graphql_api: Add enhanced_metrics_config configuration block (#​38570)
• resource/aws_db_instance: Add upgrade_storage_config argument (#​36904)
• resource/aws_default_vpc: Support ipv6_cidr_block sizes between /44 and /60 in increments of /4 (#​35614)
• resource/aws_default_vpc: Support ipv6_netmask_length values between 44 and 60 in increments of 4 (#​35614)
• resource/aws_eks_cluster: Add upgrade_policy configuration block (#​38573)
• resource/aws_elasticache_user_group_association: Add configurable create and delete timeouts (#​38559)
• resource/aws_pipes_pipe: Add log_configuration.include_execution_data argument (#​38569)
• resource/aws_rds_cluster: Add performance_insights_enabled, performance_insights_kms_key_id, and performance_insights_retention_period arguments (#​29415)
• resource/aws_rds_cluster: Add restore_to_point_in_time.source_cluster_resource_id argument (#​38540)
• resource/aws_rds_cluster: Mark restore_to_point_in_time.source_cluster_identifier as Optional (#​38540)
• resource/aws_sfn_activity: Add encryption_configuration configuration block to support the use of Customer Managed Keys with AWS KMS to encrypt Step Functions Activity resources (#​38574)
• resource/aws_sfn_state_machine: Add encryption_configuration configuration block to support the use of Customer Managed Keys with AWS KMS to encrypt Step Functions State Machine resources (#​38574)
• resource/aws_ssm_patch_baseline: Remove empty fields from json attribute value (#​35950)
• resource/aws_storagegateway_file_system_association: Add configurable timeouts (#​38554)
• resource/aws_vpc: Support ipv6_cidr_block sizes between /44 and /60 in increments of /4 (#​35614)
• resource/aws_vpc: Support ipv6_netmask_length values between 44 and 60 in increments of 4 (#​35614)
• resource/aws_vpc_ipv6_cidr_block_association: Add assign_generated_ipv6_cidr_block and ipv6_pool arguments (#​27274)
• resource/aws_vpc_ipv6_cidr_block_association: Support ipv6_cidr_block sizes between /44 and /60 in increments of /4 (#​35614)
• resource/aws_vpc_ipv6_cidr_block_association: Support ipv6_netmask_length values between 44 and 60 in increments of 4 (#​35614)
• resource/aws_vpc_security_group_egress_rule: Add tags to the AuthorizeSecurityGroupEgress EC2 API call instead of making a separate CreateTags call (#​35614)
• resource/aws_vpc_security_group_ingress_rule: Add tags to the AuthorizeSecurityGroupIngress EC2 API call instead of making a separate CreateTags call (#​35614)
• resource/aws_wafv2_web_acl: Add rule_json attribute to allow raw JSON for rules. (#​38309)

BUG FIXES:

• data-source/aws_appstream_image: Fix issue where the most recent image is not returned (#​38571)
• datasource/aws_networkmanager_core_network_policy_document: Fix CoreNetworkPolicyException when putting policy with single wildcard in when_sent_to (#​38595)
• resource/aws_cloudsearch_domain: Fix index_name character length validation (#​38509)
• resource/aws_ecs_task_definition: Ensure that JSON keys in container_definitions start with a lowercase letter (#​38622)
• resource/aws_iot_provisioning_template: Properly send type argument on create when configured (#​38640)
• resource/aws_opensearchserverless_security_policy: Normalize policy content to prevent persistent differences (#​38604)
• resource/aws_pipes_pipe: Don't reset target_parameters if the configured value has not changed (#​38598)
• resource/aws_rds_instance: Allow domain_dns_ips to use single DNS server IP (#​36500)
• resource/aws_sagemaker_domain: Properly send domain_settings.r_studio_server_pro_domain_settings.r_studio_package_manager_url argument on create (#​38547)
• resource/aws_vpc_ipam_pool_cidr_allocation: Set description on Read (#​38618)
• resource/aws_vpc_ipam_pool_cidr_allocation: Set netmask_length on Read (#​38618)

v5.60.0

Compare Source

NOTES:

• resource/aws_shield_subscription: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​37637)

FEATURES:

• New Data Source: aws_service_principal (#​38307)
• New Resource: aws_shield_subscription (#​37637)

ENHANCEMENTS:

• data-source/aws_cloudwatch_event_bus: Add kms_key_identifier attribute (#​38492)
• data-source/aws_cur_report_definition: Add tags attribute (#​38483)
• resource/aws_appflow_flow: Add metadata_catalog_config attribute (#​37566)
• resource/aws_appflow_flow: Add prefix_hierarchy attribute to destination_flow_config.s3.s3_output_format_config (#​37566)
• resource/aws_batch_job_definition: Add eks_properties.*.pod_properties.*.image_pull_secret argument (#​38517)
• resource/aws_cloudformation_stack_set_instance: Add operation_preferences.concurrency_mode argument (#​38498)
• resource/aws_cloudwatch_event_bus: Add kms_key_identifier argument (#​38492)
• resource/aws_cur_report_definition: Add tags argument and tags_all attribute (#​38483)
• resource/aws_db_cluster_snapshot: Add shared_accounts argument (#​34885)
• resource/aws_db_snapshot_copy: Add shared_accounts argument (#​34843)
• resource/aws_glue_connection: Add AZURECOSMOS, AZURESQL, BIGQUERY, OPENSEARCH, and SNOWFLAKE as valid values for the connection_type argument and SparkProperties as a valid value for the connection_properties argument (#​37731)
• resource/aws_iam_role: Change from partial resource creation to resource creation failed if an inline_policy fails to create (#​38477)
• resource/aws_rds_cluster: Add scaling_configuration.seconds_before_timeout argument (#​38451)
• resource/aws_sesv2_configuration_set_event_destination: Add event_destination.event_bridge_destination configuration block (#​38458)
• resource/aws_timestreamwrite_table: Fix runtime error: invalid memory address or nil pointer dereference panic when reading a non-existent table (#​38512)

BUG FIXES:

• data-source/aws_fsx_ontap_storage_virtual_machine: Correctly set tags on Read (#​38343)
• data-source/aws_fsx_openzfs_snapshot: Correctly set tags on Read (#​38343)
• resource/aws_ce_cost_category: Fix perpetual diff with the rule argument on update (#​38449)
• resource/aws_codebuild_webhook: Remove errant validation on scope_configuration.domain argument (#​38513)
• resource/aws_ecs_service: Fix error marshaling prior state: a number is required when upgrading from v5.58.0 to v5.59.0 (#​38490)
• resource/aws_ecs_task_definition: Fix Provider produced inconsistent final plan errors when container_definitions is unknown (#​38471)
• resource/aws_elasticache_replication_group: Fix error marshaling prior state when upgrading from v4.67.0 to v5.59.0 (#​38476)
• resource/aws_fsx_openzfs_volume: Correctly set tags on Read (#​38343)
• resource/aws_rds_cluster: Mark ca_certificate_identifier as Computed (#​38437)
• resource/aws_rds_cluster: Use the configured copy_tags_to_snapshot value when restore_to_point_in_time is set (#​34044)
• resource/aws_rds_cluster: Wait for no pending modified values on Update if apply_immediately is true. This fixes InvalidParameterCombination errors when updating engine_version (#​38437)

v5.59.0

Compare Source

FEATURES:

• resource/aws_kinesis_firehose_delivery_stream: Add secrets_manager_configuration to redshift_configuration, snowflake_configuration, and splunk_configuration (#​38151)
• New Data Source: aws_cloudfront_origin_access_control (#​36301)
• New Data Source: aws_timestreamwrite_database (#​36368)
• New Data Source: aws_timestreamwrite_table (#​36599)
• New Resource: aws_datazone_project (#​38345)
• New Resource: aws_grafana_workspace_service_account (#​38101)
• New Resource: aws_grafana_workspace_service_account_token (#​38101)
• New Resource: aws_rds_certificate (#​35003)
• New Resource: aws_rekognition_stream_processor (#​37536)

ENHANCEMENTS:

• data-source/aws_elasticache_replication_group: Add cluster_mode attribute (#​38002)
• data-source/aws_lakeformation_data_lake_settings: Add allow_full_table_external_data_access attribute (#​34474)
• data-source/aws_msk_cluster: Add broker_node_group_info attribute (#​37705)
• resource/aws_bedrockagent_agent : Add skip_resource_in_use_check argument (#​37586)
• resource/aws_bedrockagent_agent_action_group: Add action_group_executor.custom_control argument (#​37484)
• resource/aws_bedrockagent_agent_action_group: Add function_schema configuration block (#​37484)
• resource/aws_bedrockagent_agent_alias : Add routing_configuration.provisioned_throughput argument (#​37520)
• resource/aws_codebuild_webhook: Add scope_configuration argument (#​38199)
• resource/aws_codepipeline: Add timeout_in_minutes argument to the action configuration block (#​36316)
• resource/aws_db_instance: Add engine_lifecycle_support argument (#​37708)
• resource/aws_ecs_cluster: Add configuration.managed_storage_configuration argument (#​37932)
• resource/aws_elasticache_replication_group: Add cluster_mode argument (#​38002)
• resource/aws_emrserverless_application: Add interactive_configuration argument (#​37889)
• resource/aws_fis_experiment_template: Add experiment_options configuration block (#​36900)
• resource/aws_fsx_lustre_file_system: Add final_backup_tags and skip_final_backup arguments (#​37717)
• resource/aws_fsx_ontap_volume: Add final_backup_tags argument (#​37717)
• resource/aws_fsx_openzfs_file_system: Add delete_options and final_backup_tags arguments (#​37717)
• resource/aws_fsx_windows_file_system: Add final_backup_tags argument (#​37717)
• resource/aws_imagebuilder_image_pipeline: Add execution_role and workflow arguments (#​37317)
• resource/aws_kinesis_firehose_delivery_stream: Add secrets_manager_configuration to http_endpoint_configuration (#​38245)
• resource/aws_kinesisanalyticsv2_application: Support FLINK-1_19 as a valid value for runtime_environment (#​38350)
• resource/aws_lakeformation_data_lake_settings: Add allow_full_table_external_data_access attribute (#​34474)
• resource/aws_lb_target_group: Add target_group_health configuration block (#​37082)
• resource/aws_msk_replicator: Add starting_position argument (#​36968)
• resource/aws_rds_cluster: Add engine_lifecycle_support argument (#​37708)
• resource/aws_rds_global_cluster: Add engine_lifecycle_support argument (#​37708)
• resource/aws_redshift_cluster_snapshot: Set arn from DescribeClusterSnapshots API response (#​37996)
• resource/aws_vpclattice_listener: Support TLS_PASSTHROUGH as a valid value for protocol (#​37964)
• resource/aws_wafv2_web_acl: Add enable_machine_learning to aws_managed_rules_bot_control_rule_set configuration block (#​37006)

BUG FIXES:

• data-source/aws_efs_access_point: Set id the the access point ID, not the file system ID. This fixes a regression introduced in v5.58.0 (#​38372)
• data-source/aws_lb_listener: Correctly set default_action.target_group_arn (#​37348)
• resource/aws_chime_voice_connector_group: Properly handle voice connector groups deleted out of band (#​36774)
• resource/aws_codebuild_project: Fix unsetting concurrent_build_limit (#​37748)
• resource/aws_codepipeline: Mark trigger as Computed (#​36316)
• resource/aws_ecs_service: Change volume_configuration.managed_ebs_volume.throughput from TypeString to TypeInt (#​38109)
• resource/aws_elasticache_replication_group: Allows setting replicas_per_node_group to 0 and sets the maximum to 5. (#​38396)
• resource/aws_elasticache_replication_group: Requires description. (#​38396)
• resource/aws_elasticache_replication_group: When num_cache_clusters is set, prevents setting replicas_per_node_group. (#​38396)
• resource/aws_elasticache_replication_group: num_cache_clusters must be at least 2 when automatic_failover_enabled is true. (#​38396)
• resource/aws_elastictranscoder_pipeline: Properly handle NotFound exceptions during deletion (#​38018)
• resource/aws_elastictranscoder_preset: Properly handle NotFound exceptions during deletion (#​38018)
• resource/aws_lb_target_group: Use the configured ip_address_type value when target_type is instance (#​36423)
• resource/aws_lb_trust_store: Wait until trust store is ACTIVE on resource Create (#​38332)
• resource/aws_pinpoint_app: Fix interface conversion: interface {} is nil, not map[string]interface {} panic when campaign_hook is empty ({}) (#​38323)
• resource/aws_transfer_server: Add supported values TransferSecurityPolicy-FIPS-2024-05, TransferSecurityPolicy-Restricted-2018-11, and TransferSecurityPolicy-Restricted-2020-06 for the security_policy_name argument (#​38425)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.