Update Terraform aws to v5.20.1 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	5.17.0 -> 5.20.1

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.20.1

Compare Source

NOTES:

• provider: Build with Terraform Plugin Framework v1.4.1, fixing potential initialization errors when using v1.6 of the Terraform CLI.

v5.20.0

Compare Source

FEATURES:

• New Resource: aws_guardduty_detector_feature (#​31463)
• New Resource: aws_servicequotas_template (#​33688)
• New Resource: aws_sesv2_account_vdm_attributes (#​33705)
• New Resource: aws_verifiedaccess_instance_trust_provider_attachment (#​33734)

ENHANCEMENTS:

• data-source/aws_guardduty_detector: Add features attribute (#​31463)
• resource/aws_finspace_kx_cluster: Increase default creation timeout to 45 minutes, default deletion timeout to 60 minutes (#​33745)
• resource/aws_finspace_kx_environment: Increase default deletion timeout to 45 minutes (#​33745)
• resource/aws_guardduty_filter: Add plan-time validation of name (#​21030)
• resource/aws_kinesis_firehose_delivery_stream: Add opensearchserverless_configuration and msk_source_configuration configuration blocks (#​33101)
• resource/aws_kinesis_firehose_delivery_stream: Add opensearchserverless as a valid destination value (#​33101)

BUG FIXES:

• data-source/aws_fsx_ontap_storage_virtual_machine: Fix crash when active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group is not configured (#​33800)
• resource/aws_ec2_transit_gateway_route : Fix TGW route search filter to avoid routes being missed when more than 1,000 static routes are in a TGW route table (#​33765)
• resource/aws_fsx_ontap_storage_virtual_machine: Fix crash when active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group is not configured (#​33800)
• resource/aws_medialive_channel: Fix VPC settings flatten/expand/docs. (#​33558)
• resource/aws_vpc_endpoint: Set dns_options.dns_record_ip_type to Computed to prevent diffs (#​33743)

v5.19.0

Compare Source

BREAKING CHANGES:

• data-source/aws_s3_bucket_object: Following migration to AWS SDK for Go v2, the metadata attribute's keys are always returned in lowercase (#​33660)
• data-source/aws_s3_object: Following migration to AWS SDK for Go v2, the metadata attribute's keys are always returned in lowercase (#​33660)

NOTES:

• data-source/aws_s3_bucket_object: The metadata attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#​33660)
• data-source/aws_s3_object: The metadata attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#​33660)
• resource/aws_iam_*: This release introduces additional validation of IAM policy JSON arguments to detect duplicate keys. Previously, arguments with duplicated keys resulted in all but one of the key values being overwritten. Since this results in unexpected IAM policies being submitted to AWS, we have updated the validation logic to error in these cases. This may cause existing IAM policy arguments to fail validation, however, those policies are likely not what was originally intended. (#​33570)

FEATURES:

• New Resource: aws_cleanrooms_configured_table (#​33602)
• New Resource: aws_dms_replication_config (#​32908)
• New Resource: aws_lexv2models_bot (#​33475)
• New Resource: aws_rds_custom_db_engine_version (#​33285)

ENHANCEMENTS:

• resource/aws_cloud9_environment_ec2: Add ubuntu-22.04-x86_64 and resolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64 as valid values for image_id (#​33662)
• resource/aws_fsx_ontap_volume: Add bypass_snaplock_enterprise_retention argument and snaplock_configuration configuration block to support SnapLock (#​32530)
• resource/aws_fsx_ontap_volume: Add copy_tags_to_backups and snapshot_policy arguments (#​32530)
• resource/aws_fsx_openzfs_volume: Add delete_volume_options argument (#​32530)
• resource/aws_lightsail_bucket: Add force_delete argument (#​33586)
• resource/aws_opensearch_outbound_connection: Add connection_properties, connection_mode and accept_connection arguments (#​32990)
• resource/aws_wafv2_rule_group: Add rate_based_statement.custom_key configuration block (#​33594)
• resource/aws_wafv2_web_acl: Add rate_based_statement.custom_key configuration block (#​33594)

BUG FIXES:

• resource/aws_batch_job_queue: Correctly validates elements of compute_environments as ARNs (#​33577)
• resource/aws_cloudfront_continuous_deployment_policy: Fix IllegalUpdate errors when updating a staging aws_cloudfront_distribution that is part of continuous deployment (#​33578)
• resource/aws_cloudfront_distribution: Fix IllegalUpdate errors when updating a staging distribution associated with an aws_cloudfront_continuous_deployment_policy (#​33578)
• resource/aws_cloudfront_distribution: Fix PreconditionFailed errors when destroying a distribution associated with an aws_cloudfront_continuous_deployment_policy (#​33578)
• resource/aws_cloudfront_distribution: Fix StagingDistributionInUse errors when destroying a distribution associated with an aws_cloudfront_continuous_deployment_policy (#​33578)
• resource/aws_datasync_location_fsx_ontap_file_system: Correct handling of protocol.smb.domain, protocol.smb.user and protocol.smb.password (#​33641)
• resource/aws_glacier_vault_lock: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_iam_group_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_iam_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_iam_role: Fail validation if duplicated keys are found in assume_role_policy (#​33570)
• resource/aws_iam_role_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_iam_user_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_mediastore_container_policy: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_s3_bucket_policy: Fix intermittent couldn't find resource errors on resource Create (#​33537)
• resource/aws_ssoadmin_permission_set_inline_policy: Fail validation if duplicated keys are found in inline_policy (#​33570)
• resource/aws_transfer_access: Fail validation if duplicated keys are found in policy (#​33570)
• resource/aws_transfer_user: Fail validation if duplicated keys are found in policy (#​33570)

v5.18.1

Compare Source

NOTES:

• documentation: Duplicate CDKTF guides with differing file extensions have been removed to resolve failures in the provider release workflow. (#​33630)

v5.18.0

Compare Source

FEATURES:

• New Data Source: aws_fsx_ontap_file_system (#​32503)
• New Data Source: aws_fsx_ontap_storage_virtual_machine (#​32621)
• New Data Source: aws_fsx_ontap_storage_virtual_machines (#​32624)
• New Data Source: aws_organizations_organizational_unit (#​33408)
• New Resource: aws_opensearch_package (#​33227)
• New Resource: aws_opensearch_package_association (#​33227)

ENHANCEMENTS:

• resource/aws_fsx_ontap_storage_virtual_machine: Remove ForceNew from active_directory_configuration.self_managed_active_directory_configuration.domain_name, active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group and active_directory_configuration.self_managed_active_directory_configuration.organizational_unit_distinguished_name allowing an SVM to join AD after creation (#​33466)

BUG FIXES:

• data-source/aws_sesv2_email_identity: Mark dkim_signing_attributes.domain_signing_private_key as sensitive (#​33477)
• resource/aws_db_instance: Fix so that storage_throughput can be changed when iops and allocated_storage are not changed (#​33529)
• resource/aws_db_option_group: Avoid erroneous differences being reported when an option port and/or version is not set (#​33511)
• resource/aws_fsx_ontap_storage_virtual_machine: Avoid recreating resource when active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group is configured (#​33466)
• resource/aws_fsx_ontap_storage_virtual_machine: Change file_system_id to ForceNew (#​32621)
• resource/aws_s3_bucket_accelerate_configuration: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#​33531)
• resource/aws_s3_bucket_policy: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#​33531)
• resource/aws_s3_bucket_versioning: Retry resource Delete on OperationAborted: A conflicting conditional operation is currently in progress against this resource errors (#​33531)
• resource/aws_sesv2_email_identity: Mark dkim_signing_attributes.domain_signing_private_key as sensitive (#​33477)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[infracost]

💰 Infracost estimate: monthly cost will not change

_{This comment will be updated when the cost estimate changes.}