Skip to content

build(deps): bump the terraform-minor-patch group across 3 directories with 4 updates#98

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-terraform-infrastructure-modules-iam-terraform-minor-patch-1b4185fa0e
Open

build(deps): bump the terraform-minor-patch group across 3 directories with 4 updates#98
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-terraform-infrastructure-modules-iam-terraform-minor-patch-1b4185fa0e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor

Bumps the terraform-minor-patch group with 2 updates in the /infrastructure/modules/iam directory: hashicorp/aws and terraform-aws-modules/iam/aws.
Bumps the terraform-minor-patch group with 2 updates in the /infrastructure/modules/lambda directory: hashicorp/aws and terraform-aws-modules/lambda/aws.
Bumps the terraform-minor-patch group with 2 updates in the /infrastructure/modules/s3-bucket directory: hashicorp/aws and terraform-aws-modules/s3-bucket/aws.

Updates hashicorp/aws from 6.50.0 to 6.52.0

Release notes

Sourced from hashicorp/aws's releases.

v6.52.0

6.52.0 (June 24, 2026)

NOTES:

  • resource/aws_lakeformation_permissions: Grants on aws_glue_catalog_table views (table_type = "VIRTUAL_VIEW") are now preserved when the view's view_definition is updated, as the underlying table is updated in place rather than recreated (#48532)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Existing affected resources whose state still contains **** for NoEcho parameters or is missing default-matching parameters keys require a one-time manual reconciliation after upgrading. To recover: (1) add lifecycle { ignore_changes = [parameters] } temporarily, (2) pull state with terraform state pull, (3) correct the affected parameters values and increment serial, (4) push state back with terraform state push, (5) remove the ignore_changes block, and (6) confirm with terraform plan. For non-sensitive parameters you can instead temporarily set the parameter to a non-default value, apply, revert, and apply again (#46748)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: NoEcho parameter values are now persisted in Terraform state in plaintext rather than as ****. This is consistent with how Terraform stores other sensitive inputs (for example, aws_db_instance.password). Ensure your state backend is appropriately secured (#46748)

FEATURES:

  • New Data Source: aws_s3_bucket_notification (#31512)
  • New List Resource: aws_appautoscaling_target (#48449)
  • New List Resource: aws_bedrockagentcore_registry (#48314)
  • New List Resource: aws_dynamodb_table_item (#48520)
  • New Resource: aws_bedrockagentcore_registry (#48314)

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add control_plane_egress_mode attribute to vpc_config block (#48497)
  • provider: Generated names are now created using a cryptographically strong random generator instead of a timestamp and counter, so values are more uniformly distributed over the lowercase hexadecimal digit characters (#47995)
  • resource/aws_appautoscaling_target: Add resource identity support (#48449)
  • resource/aws_cloudwatch_log_account_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_anomaly_detector: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_data_protection_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_source: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_index_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_resource_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_stream: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add arn attribute (#48502)
  • resource/aws_default_network_acl: Prevents error on creation when tag-based authorization in use. (#44798)
  • resource/aws_dynamodb_table_item: Add Resource Identity support (#48520)
  • resource/aws_dynamodb_table_item: Add import support (#48520)
  • resource/aws_eks_cluster: Add control_plane_egress_mode argument to vpc_config block (#48497)
  • resource/aws_mq_broker: Known endpoints in instances.0.endpoints are now returned in a deterministic order based on protocol prefix and port, including the new https://...:16001 Prometheus metrics endpoint introduced in RabbitMQ 4.2 and later; any unrecognized endpoint types are appended afterward in API order (#47777)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Change capabilities from Required to Optional/Computed. Applications without required capabilities can now omit the argument and the value applied by AWS will be tracked in state (#46748)

BUG FIXES:

  • provider: Fix AWS API errors such as EC2's IdempotentParameterMismatch by generating client-supplied idempotency tokens using a cryptographically strong random generator and extended alphabet (#47995)
  • provider: Restore HTTP request and response body content in TF_LOG=DEBUG output for resources, data sources, and list resources. Redaction continues to apply to ephemeral resources and actions (#48463)
  • resource/aws_cloudwatch_log_delivery: Add mutex lock around create, update, and delete operations to prevent ConflictException errors (#48158)
  • resource/aws_cloudwatch_log_delivery: Fix Provided delivery configuration is invalid for the destination type errors when s3_delivery_configuration is unchanged (#46123)
  • resource/aws_elasticache_global_replication_group: Fix persistent automatic_failover_enabled diff by reading the value from the primary member (#47647)

... (truncated)

Changelog

Sourced from hashicorp/aws's changelog.

6.52.0 (June 24, 2026)

NOTES:

  • resource/aws_lakeformation_permissions: Grants on aws_glue_catalog_table views (table_type = "VIRTUAL_VIEW") are now preserved when the view's view_definition is updated, as the underlying table is updated in place rather than recreated (#48532)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Existing affected resources whose state still contains **** for NoEcho parameters or is missing default-matching parameters keys require a one-time manual reconciliation after upgrading. To recover: (1) add lifecycle { ignore_changes = [parameters] } temporarily, (2) pull state with terraform state pull, (3) correct the affected parameters values and increment serial, (4) push state back with terraform state push, (5) remove the ignore_changes block, and (6) confirm with terraform plan. For non-sensitive parameters you can instead temporarily set the parameter to a non-default value, apply, revert, and apply again (#46748)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: NoEcho parameter values are now persisted in Terraform state in plaintext rather than as ****. This is consistent with how Terraform stores other sensitive inputs (for example, aws_db_instance.password). Ensure your state backend is appropriately secured (#46748)

FEATURES:

  • New Data Source: aws_s3_bucket_notification (#31512)
  • New List Resource: aws_appautoscaling_target (#48449)
  • New List Resource: aws_bedrockagentcore_registry (#48314)
  • New List Resource: aws_dynamodb_table_item (#48520)
  • New Resource: aws_bedrockagentcore_registry (#48314)

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add control_plane_egress_mode attribute to vpc_config block (#48497)
  • provider: Generated names are now created using a cryptographically strong random generator instead of a timestamp and counter, so values are more uniformly distributed over the lowercase hexadecimal digit characters (#47995)
  • resource/aws_appautoscaling_target: Add resource identity support (#48449)
  • resource/aws_cloudwatch_log_account_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_anomaly_detector: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_data_protection_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_source: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_index_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_resource_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_stream: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add arn attribute (#48502)
  • resource/aws_default_network_acl: Prevents error on creation when tag-based authorization in use. (#44798)
  • resource/aws_dynamodb_table_item: Add Resource Identity support (#48520)
  • resource/aws_dynamodb_table_item: Add import support (#48520)
  • resource/aws_eks_cluster: Add control_plane_egress_mode argument to vpc_config block (#48497)
  • resource/aws_mq_broker: Known endpoints in instances.0.endpoints are now returned in a deterministic order based on protocol prefix and port, including the new https://...:16001 Prometheus metrics endpoint introduced in RabbitMQ 4.2 and later; any unrecognized endpoint types are appended afterward in API order (#47777)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Change capabilities from Required to Optional/Computed. Applications without required capabilities can now omit the argument and the value applied by AWS will be tracked in state (#46748)

BUG FIXES:

  • provider: Fix AWS API errors such as EC2's IdempotentParameterMismatch by generating client-supplied idempotency tokens using a cryptographically strong random generator and extended alphabet (#47995)
  • provider: Restore HTTP request and response body content in TF_LOG=DEBUG output for resources, data sources, and list resources. Redaction continues to apply to ephemeral resources and actions (#48463)
  • resource/aws_cloudwatch_log_delivery: Add mutex lock around create, update, and delete operations to prevent ConflictException errors (#48158)
  • resource/aws_cloudwatch_log_delivery: Fix Provided delivery configuration is invalid for the destination type errors when s3_delivery_configuration is unchanged (#46123)
  • resource/aws_elasticache_global_replication_group: Fix persistent automatic_failover_enabled diff by reading the value from the primary member (#47647)
  • resource/aws_elasticache_replication_group: Fix persistent automatic_failover_enabled diff on member replication groups of an aws_elasticache_global_replication_group (#47647)

... (truncated)

Commits
  • 5367b73 Merge pull request #48552 from hashicorp/t-update-changelog-version
  • 896521c Prepare release v6.52.0
  • 6f1fc40 Update CHANGELOG.md (Manual Trigger)
  • 2c84b11 Merge pull request #46748 from bendrucker/f-serverlessrepo-no-change-update
  • 3b4f28c docs: update resource counts (#48546)
  • 3db9c0e serverlessapplicationrepository_cloudformation_stack: drop misleading NoEcho ...
  • f885497 serverlessapplicationrepository_cloudformation_stack: soften NoEcho warning
  • 352e1a2 Merge remote-tracking branch 'origin/main' into f-serverlessrepo-no-change-up...
  • 52c2926 Merge branch 'f-serverlessrepo-no-change-update' of https://github.com/bendru...
  • 49f591e Docs cleanups
  • Additional commits viewable in compare view

Updates terraform-aws-modules/iam/aws from 6.6.0 to 6.6.1

Release notes

Sourced from terraform-aws-modules/iam/aws's releases.

v6.6.1

6.6.1 (2026-05-28)

Bug Fixes

  • Add missing ec2:DescribeSecurityGroups IPv4 VPC CNI IRSA permissions (#646) (10161bc)
Changelog

Sourced from terraform-aws-modules/iam/aws's changelog.

6.6.1 (2026-05-28)

Bug Fixes

  • Add missing ec2:DescribeSecurityGroups IPv4 VPC CNI IRSA permissions (#646) (10161bc)
Commits
  • 5b962b1 chore(release): version 6.6.1 [skip ci]
  • 10161bc fix: Add missing ec2:DescribeSecurityGroups IPv4 VPC CNI IRSA permissions (...
  • See full diff in compare view

Updates hashicorp/aws from 6.50.0 to 6.53.0

Release notes

Sourced from hashicorp/aws's releases.

v6.52.0

6.52.0 (June 24, 2026)

NOTES:

  • resource/aws_lakeformation_permissions: Grants on aws_glue_catalog_table views (table_type = "VIRTUAL_VIEW") are now preserved when the view's view_definition is updated, as the underlying table is updated in place rather than recreated (#48532)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Existing affected resources whose state still contains **** for NoEcho parameters or is missing default-matching parameters keys require a one-time manual reconciliation after upgrading. To recover: (1) add lifecycle { ignore_changes = [parameters] } temporarily, (2) pull state with terraform state pull, (3) correct the affected parameters values and increment serial, (4) push state back with terraform state push, (5) remove the ignore_changes block, and (6) confirm with terraform plan. For non-sensitive parameters you can instead temporarily set the parameter to a non-default value, apply, revert, and apply again (#46748)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: NoEcho parameter values are now persisted in Terraform state in plaintext rather than as ****. This is consistent with how Terraform stores other sensitive inputs (for example, aws_db_instance.password). Ensure your state backend is appropriately secured (#46748)

FEATURES:

  • New Data Source: aws_s3_bucket_notification (#31512)
  • New List Resource: aws_appautoscaling_target (#48449)
  • New List Resource: aws_bedrockagentcore_registry (#48314)
  • New List Resource: aws_dynamodb_table_item (#48520)
  • New Resource: aws_bedrockagentcore_registry (#48314)

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add control_plane_egress_mode attribute to vpc_config block (#48497)
  • provider: Generated names are now created using a cryptographically strong random generator instead of a timestamp and counter, so values are more uniformly distributed over the lowercase hexadecimal digit characters (#47995)
  • resource/aws_appautoscaling_target: Add resource identity support (#48449)
  • resource/aws_cloudwatch_log_account_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_anomaly_detector: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_data_protection_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_source: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_index_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_resource_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_stream: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add arn attribute (#48502)
  • resource/aws_default_network_acl: Prevents error on creation when tag-based authorization in use. (#44798)
  • resource/aws_dynamodb_table_item: Add Resource Identity support (#48520)
  • resource/aws_dynamodb_table_item: Add import support (#48520)
  • resource/aws_eks_cluster: Add control_plane_egress_mode argument to vpc_config block (#48497)
  • resource/aws_mq_broker: Known endpoints in instances.0.endpoints are now returned in a deterministic order based on protocol prefix and port, including the new https://...:16001 Prometheus metrics endpoint introduced in RabbitMQ 4.2 and later; any unrecognized endpoint types are appended afterward in API order (#47777)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Change capabilities from Required to Optional/Computed. Applications without required capabilities can now omit the argument and the value applied by AWS will be tracked in state (#46748)

BUG FIXES:

  • provider: Fix AWS API errors such as EC2's IdempotentParameterMismatch by generating client-supplied idempotency tokens using a cryptographically strong random generator and extended alphabet (#47995)
  • provider: Restore HTTP request and response body content in TF_LOG=DEBUG output for resources, data sources, and list resources. Redaction continues to apply to ephemeral resources and actions (#48463)
  • resource/aws_cloudwatch_log_delivery: Add mutex lock around create, update, and delete operations to prevent ConflictException errors (#48158)
  • resource/aws_cloudwatch_log_delivery: Fix Provided delivery configuration is invalid for the destination type errors when s3_delivery_configuration is unchanged (#46123)
  • resource/aws_elasticache_global_replication_group: Fix persistent automatic_failover_enabled diff by reading the value from the primary member (#47647)

... (truncated)

Changelog

Sourced from hashicorp/aws's changelog.

6.52.0 (June 24, 2026)

NOTES:

  • resource/aws_lakeformation_permissions: Grants on aws_glue_catalog_table views (table_type = "VIRTUAL_VIEW") are now preserved when the view's view_definition is updated, as the underlying table is updated in place rather than recreated (#48532)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Existing affected resources whose state still contains **** for NoEcho parameters or is missing default-matching parameters keys require a one-time manual reconciliation after upgrading. To recover: (1) add lifecycle { ignore_changes = [parameters] } temporarily, (2) pull state with terraform state pull, (3) correct the affected parameters values and increment serial, (4) push state back with terraform state push, (5) remove the ignore_changes block, and (6) confirm with terraform plan. For non-sensitive parameters you can instead temporarily set the parameter to a non-default value, apply, revert, and apply again (#46748)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: NoEcho parameter values are now persisted in Terraform state in plaintext rather than as ****. This is consistent with how Terraform stores other sensitive inputs (for example, aws_db_instance.password). Ensure your state backend is appropriately secured (#46748)

FEATURES:

  • New Data Source: aws_s3_bucket_notification (#31512)
  • New List Resource: aws_appautoscaling_target (#48449)
  • New List Resource: aws_bedrockagentcore_registry (#48314)
  • New List Resource: aws_dynamodb_table_item (#48520)
  • New Resource: aws_bedrockagentcore_registry (#48314)

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add control_plane_egress_mode attribute to vpc_config block (#48497)
  • provider: Generated names are now created using a cryptographically strong random generator instead of a timestamp and counter, so values are more uniformly distributed over the lowercase hexadecimal digit characters (#47995)
  • resource/aws_appautoscaling_target: Add resource identity support (#48449)
  • resource/aws_cloudwatch_log_account_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_anomaly_detector: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_data_protection_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_source: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_index_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_resource_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_stream: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add arn attribute (#48502)
  • resource/aws_default_network_acl: Prevents error on creation when tag-based authorization in use. (#44798)
  • resource/aws_dynamodb_table_item: Add Resource Identity support (#48520)
  • resource/aws_dynamodb_table_item: Add import support (#48520)
  • resource/aws_eks_cluster: Add control_plane_egress_mode argument to vpc_config block (#48497)
  • resource/aws_mq_broker: Known endpoints in instances.0.endpoints are now returned in a deterministic order based on protocol prefix and port, including the new https://...:16001 Prometheus metrics endpoint introduced in RabbitMQ 4.2 and later; any unrecognized endpoint types are appended afterward in API order (#47777)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Change capabilities from Required to Optional/Computed. Applications without required capabilities can now omit the argument and the value applied by AWS will be tracked in state (#46748)

BUG FIXES:

  • provider: Fix AWS API errors such as EC2's IdempotentParameterMismatch by generating client-supplied idempotency tokens using a cryptographically strong random generator and extended alphabet (#47995)
  • provider: Restore HTTP request and response body content in TF_LOG=DEBUG output for resources, data sources, and list resources. Redaction continues to apply to ephemeral resources and actions (#48463)
  • resource/aws_cloudwatch_log_delivery: Add mutex lock around create, update, and delete operations to prevent ConflictException errors (#48158)
  • resource/aws_cloudwatch_log_delivery: Fix Provided delivery configuration is invalid for the destination type errors when s3_delivery_configuration is unchanged (#46123)
  • resource/aws_elasticache_global_replication_group: Fix persistent automatic_failover_enabled diff by reading the value from the primary member (#47647)
  • resource/aws_elasticache_replication_group: Fix persistent automatic_failover_enabled diff on member replication groups of an aws_elasticache_global_replication_group (#47647)

... (truncated)

Commits
  • 5367b73 Merge pull request #48552 from hashicorp/t-update-changelog-version
  • 896521c Prepare release v6.52.0
  • 6f1fc40 Update CHANGELOG.md (Manual Trigger)
  • 2c84b11 Merge pull request #46748 from bendrucker/f-serverlessrepo-no-change-update
  • 3b4f28c docs: update resource counts (#48546)
  • 3db9c0e serverlessapplicationrepository_cloudformation_stack: drop misleading NoEcho ...
  • f885497 serverlessapplicationrepository_cloudformation_stack: soften NoEcho warning
  • 352e1a2 Merge remote-tracking branch 'origin/main' into f-serverlessrepo-no-change-up...
  • 52c2926 Merge branch 'f-serverlessrepo-no-change-update' of https://github.com/bendru...
  • 49f591e Docs cleanups
  • Additional commits viewable in compare view

Updates hashicorp/aws from 6.50.0 to 6.53.0

Release notes

Sourced from hashicorp/aws's releases.

v6.52.0

6.52.0 (June 24, 2026)

NOTES:

  • resource/aws_lakeformation_permissions: Grants on aws_glue_catalog_table views (table_type = "VIRTUAL_VIEW") are now preserved when the view's view_definition is updated, as the underlying table is updated in place rather than recreated (#48532)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Existing affected resources whose state still contains **** for NoEcho parameters or is missing default-matching parameters keys require a one-time manual reconciliation after upgrading. To recover: (1) add lifecycle { ignore_changes = [parameters] } temporarily, (2) pull state with terraform state pull, (3) correct the affected parameters values and increment serial, (4) push state back with terraform state push, (5) remove the ignore_changes block, and (6) confirm with terraform plan. For non-sensitive parameters you can instead temporarily set the parameter to a non-default value, apply, revert, and apply again (#46748)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: NoEcho parameter values are now persisted in Terraform state in plaintext rather than as ****. This is consistent with how Terraform stores other sensitive inputs (for example, aws_db_instance.password). Ensure your state backend is appropriately secured (#46748)

FEATURES:

  • New Data Source: aws_s3_bucket_notification (#31512)
  • New List Resource: aws_appautoscaling_target (#48449)
  • New List Resource: aws_bedrockagentcore_registry (#48314)
  • New List Resource: aws_dynamodb_table_item (#48520)
  • New Resource: aws_bedrockagentcore_registry (#48314)

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add control_plane_egress_mode attribute to vpc_config block (#48497)
  • provider: Generated names are now created using a cryptographically strong random generator instead of a timestamp and counter, so values are more uniformly distributed over the lowercase hexadecimal digit characters (#47995)
  • resource/aws_appautoscaling_target: Add resource identity support (#48449)
  • resource/aws_cloudwatch_log_account_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_anomaly_detector: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_data_protection_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_source: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_index_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_resource_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_stream: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add arn attribute (#48502)
  • resource/aws_default_network_acl: Prevents error on creation when tag-based authorization in use. (#44798)
  • resource/aws_dynamodb_table_item: Add Resource Identity support (#48520)
  • resource/aws_dynamodb_table_item: Add import support (#48520)
  • resource/aws_eks_cluster: Add control_plane_egress_mode argument to vpc_config block (#48497)
  • resource/aws_mq_broker: Known endpoints in instances.0.endpoints are now returned in a deterministic order based on protocol prefix and port, including the new https://...:16001 Prometheus metrics endpoint introduced in RabbitMQ 4.2 and later; any unrecognized endpoint types are appended afterward in API order (#47777)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Change capabilities from Required to Optional/Computed. Applications without required capabilities can now omit the argument and the value applied by AWS will be tracked in state (#46748)

BUG FIXES:

  • provider: Fix AWS API errors such as EC2's IdempotentParameterMismatch by generating client-supplied idempotency tokens using a cryptographically strong random generator and extended alphabet (#47995)
  • provider: Restore HTTP request and response body content in TF_LOG=DEBUG output for resources, data sources, and list resources. Redaction continues to apply to ephemeral resources and actions (#48463)
  • resource/aws_cloudwatch_log_delivery: Add mutex lock around create, update, and delete operations to prevent ConflictException errors (#48158)
  • resource/aws_cloudwatch_log_delivery: Fix Provided delivery configuration is invalid for the destination type errors when s3_delivery_configuration is unchanged (#46123)
  • resource/aws_elasticache_global_replication_group: Fix persistent automatic_failover_enabled diff by reading the value from the primary member (#47647)

... (truncated)

Changelog

Sourced from hashicorp/aws's changelog.

6.52.0 (June 24, 2026)

NOTES:

  • resource/aws_lakeformation_permissions: Grants on aws_glue_catalog_table views (table_type = "VIRTUAL_VIEW") are now preserved when the view's view_definition is updated, as the underlying table is updated in place rather than recreated (#48532)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Existing affected resources whose state still contains **** for NoEcho parameters or is missing default-matching parameters keys require a one-time manual reconciliation after upgrading. To recover: (1) add lifecycle { ignore_changes = [parameters] } temporarily, (2) pull state with terraform state pull, (3) correct the affected parameters values and increment serial, (4) push state back with terraform state push, (5) remove the ignore_changes block, and (6) confirm with terraform plan. For non-sensitive parameters you can instead temporarily set the parameter to a non-default value, apply, revert, and apply again (#46748)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: NoEcho parameter values are now persisted in Terraform state in plaintext rather than as ****. This is consistent with how Terraform stores other sensitive inputs (for example, aws_db_instance.password). Ensure your state backend is appropriately secured (#46748)

FEATURES:

  • New Data Source: aws_s3_bucket_notification (#31512)
  • New List Resource: aws_appautoscaling_target (#48449)
  • New List Resource: aws_bedrockagentcore_registry (#48314)
  • New List Resource: aws_dynamodb_table_item (#48520)
  • New Resource: aws_bedrockagentcore_registry (#48314)

ENHANCEMENTS:

  • data-source/aws_eks_cluster: Add control_plane_egress_mode attribute to vpc_config block (#48497)
  • provider: Generated names are now created using a cryptographically strong random generator instead of a timestamp and counter, so values are more uniformly distributed over the lowercase hexadecimal digit characters (#47995)
  • resource/aws_appautoscaling_target: Add resource identity support (#48449)
  • resource/aws_cloudwatch_log_account_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_anomaly_detector: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_data_protection_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_delivery_source: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_destination_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_index_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_resource_policy: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_log_stream: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add Resource Identity support (#48502)
  • resource/aws_cloudwatch_query_definition: Add arn attribute (#48502)
  • resource/aws_default_network_acl: Prevents error on creation when tag-based authorization in use. (#44798)
  • resource/aws_dynamodb_table_item: Add Resource Identity support (#48520)
  • resource/aws_dynamodb_table_item: Add import support (#48520)
  • resource/aws_eks_cluster: Add control_plane_egress_mode argument to vpc_config block (#48497)
  • resource/aws_mq_broker: Known endpoints in instances.0.endpoints are now returned in a deterministic order based on protocol prefix and port, including the new https://...:16001 Prometheus metrics endpoint introduced in RabbitMQ 4.2 and later; any unrecognized endpoint types are appended afterward in API order (#47777)
  • resource/aws_serverlessapplicationrepository_cloudformation_stack: Change capabilities from Required to Optional/Computed. Applications without required capabilities can now omit the argument and the value applied by AWS will be tracked in state (#46748)

BUG FIXES:

  • provider: Fix AWS API errors such as EC2's IdempotentParameterMismatch by generating client-supplied idempotency tokens using a cryptographically strong random generator and extended alphabet (#47995)
  • provider: Restore HTTP request and response body content in TF_LOG=DEBUG output for resources, data sources, and list resources. Redaction continues to apply to ephemeral resources and actions (#48463)
  • resource/aws_cloudwatch_log_delivery: Add mutex lock around create, update, and delete operations to prevent ConflictException errors (#48158)
  • resource/aws_cloudwatch_log_delivery: Fix Provided delivery configuration is invalid for the destination type errors when s3_delivery_configuration is unchanged (#46123)
  • resource/aws_elasticache_global_replication_group: Fix persistent automatic_failover_enabled diff by reading the value from the primary member (#47647)
  • resource/aws_elasticache_replication_group: Fix persistent automatic_failover_enabled diff on member replication groups of an aws_elasticache_global_replication_group (#47647)

... (truncated)

Commits

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 25, 2026
@dependabot dependabot Bot requested review from a team as code owners June 25, 2026 14:05
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 25, 2026
@dependabot dependabot Bot force-pushed the dependabot-terraform-infrastructure-modules-iam-terraform-minor-patch-1b4185fa0e branch 5 times, most recently from 30505be to 9ef0e02 Compare July 3, 2026 13:10
…s with 4 updates

Bumps the terraform-minor-patch group with 2 updates in the /infrastructure/modules/iam directory: [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws) and [terraform-aws-modules/iam/aws](https://github.com/terraform-aws-modules/terraform-aws-iam).
Bumps the terraform-minor-patch group with 2 updates in the /infrastructure/modules/lambda directory: [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws) and [terraform-aws-modules/lambda/aws](https://github.com/terraform-aws-modules/terraform-aws-lambda).
Bumps the terraform-minor-patch group with 2 updates in the /infrastructure/modules/s3-bucket directory: [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws) and [terraform-aws-modules/s3-bucket/aws](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket).


Updates `hashicorp/aws` from 6.50.0 to 6.52.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.50.0...v6.52.0)

Updates `terraform-aws-modules/iam/aws` from 6.6.0 to 6.6.1
- [Release notes](https://github.com/terraform-aws-modules/terraform-aws-iam/releases)
- [Changelog](https://github.com/terraform-aws-modules/terraform-aws-iam/blob/master/CHANGELOG.md)
- [Commits](terraform-aws-modules/terraform-aws-iam@v6.6.0...v6.6.1)

Updates `hashicorp/aws` from 6.50.0 to 6.53.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.50.0...v6.52.0)

Updates `hashicorp/aws` from 6.50.0 to 6.53.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.50.0...v6.52.0)

Updates `hashicorp/aws` from 6.50.0 to 6.52.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.50.0...v6.52.0)

Updates `hashicorp/aws` from 6.50.0 to 6.53.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.50.0...v6.52.0)

Updates `terraform-aws-modules/lambda/aws` from 8.7.0 to 8.8.0
- [Release notes](https://github.com/terraform-aws-modules/terraform-aws-lambda/releases)
- [Changelog](https://github.com/terraform-aws-modules/terraform-aws-lambda/blob/master/CHANGELOG.md)
- [Commits](terraform-aws-modules/terraform-aws-lambda@v8.7.0...v8.8.0)

Updates `hashicorp/aws` from 6.50.0 to 6.53.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.50.0...v6.52.0)

Updates `hashicorp/aws` from 6.50.0 to 6.52.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.50.0...v6.52.0)

Updates `hashicorp/aws` from 6.50.0 to 6.53.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.50.0...v6.52.0)

Updates `hashicorp/aws` from 6.50.0 to 6.53.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v6.50.0...v6.52.0)

Updates `terraform-aws-modules/s3-bucket/aws` from 5.13.0 to 5.14.1
- [Release notes](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/releases)
- [Changelog](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/blob/master/CHANGELOG.md)
- [Commits](terraform-aws-modules/terraform-aws-s3-bucket@v5.13.0...v5.14.1)

---
updated-dependencies:
- dependency-name: hashicorp/aws
  dependency-version: 6.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: hashicorp/aws
  dependency-version: 6.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: hashicorp/aws
  dependency-version: 6.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: hashicorp/aws
  dependency-version: 6.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: hashicorp/aws
  dependency-version: 6.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: hashicorp/aws
  dependency-version: 6.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: hashicorp/aws
  dependency-version: 6.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: hashicorp/aws
  dependency-version: 6.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: hashicorp/aws
  dependency-version: 6.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: terraform-aws-modules/iam/aws
  dependency-version: 6.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: terraform-minor-patch
- dependency-name: terraform-aws-modules/lambda/aws
  dependency-version: 8.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
- dependency-name: terraform-aws-modules/s3-bucket/aws
  dependency-version: 5.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: terraform-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot-terraform-infrastructure-modules-iam-terraform-minor-patch-1b4185fa0e branch from 9ef0e02 to 79d3dad Compare July 3, 2026 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants