chore(deps): update terraform aws to v5.76.0

[soerenschneider]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	5.71.0 -> 5.76.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.76.0

Compare Source

FEATURES:

• New Resource: aws_vpc_security_group_vpc_association (#​40069)

ENHANCEMENTS:

• resource/aws_medialive_channel: Add missing h265 codec settings (#​40071)

BUG FIXES:

• resource/aws_api_gateway_integration: Fix BadRequestException: Invalid mapping expression specified and NotFoundException: Invalid parameter name specified errors when making updates to request_parameters and/or cache_key_parameters (#​40124)
• resource/aws_api_gateway_method: Fix BadRequestException: Invalid mapping expression specified and NotFoundException: Invalid parameter name specified errors when making updates to request_parameters (#​40124)
• resource/aws_autoscaling_group: Handle eventual consistency issues that occur when using a launch_template that is updated causing ValidationError: You must use a valid fully-formed launch template. (#​40088)
• resource/aws_eip: Properly surface errors during deletion when ipam_pool_id is set (#​40082)
• resource/aws_elasticache_reserved_cache_node: Fix Provider returned invalid result object after apply errors (#​40090)
• resource/aws_iam_group_policies_exclusive: Add validation to prevent null values in policy_names (#​40076)
• resource/aws_iam_group_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#​40076)
• resource/aws_iam_instance_profile: Handle eventual consistency issues that occur when this resource is updated and has dependents (#​40088)
• resource/aws_iam_role_policies_exclusive: Add validation to prevent null values in policy_names (#​40076)
• resource/aws_iam_role_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#​40076)
• resource/aws_iam_user_policies_exclusive: Add validation to prevent null values in policy_names (#​40076)
• resource/aws_iam_user_policy_attachments_exclusive: Add validation to prevent null values in policy_arns (#​40076)
• resource/aws_launch_template: Handle eventual consistency issues that occur when this resource is updated and has dependents (#​40088)

v5.75.1

Compare Source

ENHANCEMENTS:

• data-source/aws_cloudwatch_event_bus: Add description attribute (#​39980)
• resource/aws_api_gateway_account: Add attribute reset_on_delete to properly reset CloudWatch Role ARN on deletion. (#​40004)
• resource/aws_cloudwatch_event_bus: Add description argument (#​39980)

BUG FIXES:

• resource/aws_api_gateway_deployment: Rolls back validation of canary_settings and stage_description when stage_name not set. (#​40067)
• resource/aws_dynamodb_table: Allow table TTL to be disabled by allowing ttl[0].attribute_name to be set when ttl[0].enabled is false (#​40046)
• resource/aws_sagemaker_domain: Fix issue causing a ValidationException on updates when RStudio is disabled on the domain (#​40049)

v5.75.0

Compare Source

BREAKING CHANGES:

• resource/aws_api_gateway_stage: Add canary_settings.deployment_id attribute as required (#​39929)

NOTES:

• provider: validation of arguments implementing the custom ARNType will properly surface validation errors (#​40008)
• resource/aws_api_gateway_stage: deployment_id was added to canary_settings as a required attribute. This breaking change was necessary to make canary_settings functional. Without this change all canary traffic was routed to the main deployment (#​39929)

FEATURES:

• New Data Source: aws_spot_datafeed_subscription (#​39647)

ENHANCEMENTS:

• data-source/aws_batch_job_definition: Add init_containers, share_process_namespace, and image_pull_secrets attributes (#​40019)
• resource/aws_batch_job_definition: Add init_containers and share_process_namespace arguments (#​40019)
• resource/aws_batch_job_definition: Increase maximum number of containers arguments to 10 (#​40019)
• resource/aws_eks_addon: Add pod_identity_association argument (#​38357)
• resource/aws_iam_user_login_profile: Mark the password argument as sensitive (#​39991)

BUG FIXES:

• resource/aws_api_gateway_deployment: Fix destroy error when canary stage still exists on resource (#​39929)
• resource/aws_codedeploy_deployment_group: Remove maximum items limit on the alarm_configuration.alarms argument (#​39971)
• resource/aws_eks_addon: Handle ResourceNotFound exceptions during resource destruction (#​38357)
• resource/aws_elasticache_reserved_cache_node: Fix Value Conversion Error during resource creation (#​39945)
• resource/aws_lb_listener: Fix errors when updating the tcp_idle_timeout_seconds argument for gateway load balancers (#​40039)
• resource/aws_lb_listener: Remove the default tcp_idle_timeout_seconds value, preventing ModifyListenerAttributes API calls when a value is not explicitly configured (#​40039)
• resource/aws_vpc_ipam_pool: Fix bug when public_ip_source = "amazon": The request can only contain PubliclyAdvertisable if the AddressFamily is IPv6 and PublicIpSource is byoip. (#​40042)

v5.74.0

Compare Source

FEATURES:

• New Data Source: aws_lb_listener_rule (#​39865)
• New Resource: aws_opensearch_authorize_vpc_endpoint_access (#​39846)
• New Resource: aws_ssmquicksetup_configuration_manager (#​39931)

ENHANCEMENTS:

• data-source/aws_imagebuilder_distribution_configuration: Add distribution.s3_export_configuration attribute (#​35492)
• data-source/aws_imagebuilder_image_recipe: Fix block_device_mapping.0.ebs.0.delete_on_termination: '' expected type 'bool', got unconvertible type 'string' errors (#​39928)
• resource/aws_codedeploy_deployment_group: Add termination_hook_enabled argument (#​35482)
• resource/aws_eks_cluster: Add zonal_shift_config argument (#​39852)
• resource/aws_imagebuilder_distribution_configuration: Add distribution.s3_export_configuration argument (#​35492)
• resource/aws_imagebuilder_image_pipeline: Allow container_recipe_arn and image_recipe_arn to be updated in-place (#​39117)
• resource/aws_keyspaces_keyspace: Add replication_specification argument (#​36331)
• resource/aws_launch_template: Add efa-only as a valid value for network_interfaces.interface_type (#​39882)
• resource/aws_transfer_server: Add TransferSecurityPolicy-Restricted-2024-06 as a valid value for security_policy_name (#​39871)

BUG FIXES:

• resource/aws_docdb_cluster: Use master_password on resource Create when snapshot_identifier is configured (#​38193)
• resource/aws_imagebuilder_container_recipe: Change component.parameter.name, component.parameter.value, target_repository.repository_name, and target_repository.service to ForceNew (#​39117)
• resource/aws_route53_record: Fix interface conversion: interface {} is nil, not map[string]interface {} panic when geolocation_routing_policy is empty (#​39944)
• resource/aws_ssm_patch_baseline: Update approval_rule.approve_after_days validation to allow a maximum value of 360 (#​39949)
• resource/aws_wafv2_web_acl: Fix decoding JSON: unexpected end of JSON input errors when updating from using rule_json to using rule (#​39283)
• resource/aws_wafv2_web_acl: Fix unmarshal error for incompatible types in rule_json (#​39878)

v5.73.0

Compare Source

FEATURES:

• New Data Source: aws_ssm_patch_baselines (#​39779)
• New Resource: aws_imagebuilder_lifecycle_policy (#​35674)
• New Resource: aws_resiliencehub_resiliency_policy (#​38913)
• New Resource: aws_sagemaker_hub (#​39807)
• New Resource: aws_sagemaker_mlflow_tracking_server (#​39796)

ENHANCEMENTS:

• data-source/aws_elasticache_reserved_cache_node_offering: Support valkey as valid value for product_description (#​39745)
• data-source/aws_lakeformation_data_lake_settings: Add parameters map attribute to read CROSS_ACCOUNT_VERSION (#​39826)
• data-source/aws_lb: Add enable_zonal_shift attribute (#​39585)
• resource/aws_apprunner_auto_scaling_configuration_version: Remove the upper limit on min_size and max_size (#​39843)
• resource/aws_batch_job_definition: Ensure that new revisions are created with tags (#​39797)
• resource/aws_codedeploy_deployment_config: Add zonal_config argument (#​34850)
• resource/aws_dynamodb_kinesis_streaming_destination: Add approximate_creation_date_time_precision argument (#​38098)
• resource/aws_elasticache_cluster: Support valkey as valid value for engine (#​39745)
• resource/aws_elasticache_global_replication_group: Support Valkey versions for engine_version (#​39745)
• resource/aws_elasticache_replication_group: Support Valkey versions for engine_version (#​39745)
• resource/aws_elasticache_replication_group: Support valkey as valid value for engine (#​39745)
• resource/aws_elasticache_serverless_cache: Support valkey as valid value for engine (#​39745)
• resource/aws_kinesis_firehose_delivery_stream: Add iceberg_configuration argument (#​39844)
• resource/aws_lakeformation_data_lake_settings: Add parameters map argument enabling CROSS_ACCOUNT_VERSION to be set (#​39826)
• resource/aws_lb: Add enable_zonal_shift argument (#​39585)
• resource/aws_lb_listener: Add tcp_idle_timeout_seconds argument (#​39585)
• resource/aws_route53profiles_association: Add regex and string length validation for name argument (#​39798)
• resource/aws_s3_bucket_object: Remove the call to kms:DescribeKey for the S3 default AWS managed key (alias/aws/s3) on Read (#​39782)
• resource/aws_s3_object: Remove the call to kms:DescribeKey for the S3 default AWS managed key (alias/aws/s3) on Read (#​39782)
• resource/aws_s3_object_copy: Remove the call to kms:DescribeKey for the S3 default AWS managed key (alias/aws/s3) on Read (#​39782)
• resource/aws_sagemaker_domain: Add default_user_settings.jupyter_lab_app_settings.app_lifecycle_management, default_user_settings.jupyter_lab_app_settings.built_in_lifecycle_config_arn, default_user_settings.jupyter_lab_app_settings.emr_settings, default_space_settings.jupyter_lab_app_settings.app_lifecycle_management, default_space_settings.jupyter_lab_app_settings.built_in_lifecycle_config_arn, default_space_settings.jupyter_lab_app_settings.emr_settings, default_user_settings.auto_mount_home_efs, default_user_settings.canvas_app_settings.emr_serverless_settings, default_user_settings.studio_web_portal_settings.hidden_instance_types, default_user_settings.code_editor_app_settings.app_lifecycle_management, default_user_settings.code_editor_app_settings.built_in_lifecycle_config_arn, and tag_propagation arguments (#​39774)
• resource/aws_sagemaker_domain: Allow app_network_access_type and app_security_group_management to be updated in-place (#​39774)
• resource/aws_sagemaker_feature_group: Add feature_definition.collection_config, feature_definition.collection_type, and throughput_config arguments (#​39805)
• resource/aws_sagemaker_space: Add space_settings.code_editor_app_settings.app_lifecycle_management and space_settings.jupyter_lab_app_settings.app_lifecycle_management arguments (#​39800)
• resource/aws_sagemaker_user_profile: Add user_settings.auto_mount_home_efs, user_settings.canvas_app_settings.emr_serverless_settings, user_settings.code_editor_app_settings.app_lifecycle_management, user_settings.code_editor_app_settings.built_in_lifecycle_config_arn, user_settings.jupyter_lab_app_settings.app_lifecycle_management, user_settings.jupyter_lab_app_settings.built_in_lifecycle_config_arn, user_settings.jupyter_lab_app_settings.emr_settings and user_settings.studio_web_portal_settings.hidden_instance_types arguments (#​39774)

BUG FIXES:

• data-source/aws_workspaces_bundle: Return the first matching bundle when searching by name. This fixes a regression introduced in v5.72.0 causing multiple WorkSpaces Bundles matched; use additional constraints to reduce matches to a single WorkSpaces Bundle errors (#​39777)
• resource/aws_dynamodb_table: Fix validation error when optional attribute in on_demand_throughput is excluded (#​39784)
• resource/aws_ecr_repository_policy: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_elasticache_serverless_cache: Fix InvalidParameterValue: This API supports only cross-engine upgrades to Valkey engine currently errors on Update (#​39745)
• resource/aws_iam_policy: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_iam_role_policy: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_kms_key: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_quicksight_data_set: Fix InvalidParameterValueException: Invalid RowLevelPermissionDataSet. Namespace parameter should not be specified for Version 2 errors on Create and Update (#​39778)
• resource/aws_route53_record: Allow creation of records with ttl=0 (#​39728)
• resource/aws_s3_bucket_policy: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_secretsmanager_secret: Fix persistent validation errors when malformed policy content is written to state (#​39842)
• resource/aws_security_group_rule: Remove from state when rule not found. This fixes a regression introduced in v5.60.0 (#​39834)

v5.72.1

Compare Source

FEATURES:

• New Resource: aws_iam_group_policy_attachments_exclusive (#​39732)
• New Resource: aws_iam_user_policy_attachments_exclusive (#​39731)

ENHANCEMENTS:

• resource/aws_resourceexplorer2_view: Add scope argument (#​39744)

BUG FIXES:

• data-source/aws_batch_job_definition: Properly handles ignored tags. (#​39734)
• data-source/aws_cognito_user_pool: Properly handles ignored tags. (#​39734)
• resource/aws_cognito_user_pool: Properly handles ignored tags. (#​39734)
• resource/aws_dynamodb_table: Fix crash when billing_mode is set to PAY_PER_REQUEST without global_secondary_index updates (#​39752)
• resource/aws_dynamodb_table_replica: Properly handles default and ignored tags. (#​39734)
• resource/aws_resourceexplorer2_index: Correctly mark incomplete AGGREGATOR indexes as tainted on Create (#​39744)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.