Skip to content

chore(deps): update terraform aws to v6.28.0 (local_stack) #1728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
renovate merged 1 commit into from
Jan 8, 2026
Merged

chore(deps): update terraform aws to v6.28.0 (local_stack) #1728

renovate merged 1 commit into from
Jan 8, 2026

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 8, 2026

This PR contains the following updates:

Package Type Update Change
aws (source) required_provider minor 6.27.06.28.0

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.28.0

Compare Source

NOTES:

  • resource/aws_dynamodb_global_secondary_index: This resource type is experimental. The schema or behavior may change without notice, and it is not subject to the backwards compatibility guarantee of the provider. (#​44999)

FEATURES:

  • New Data Source: aws_cloudfront_connection_group (#​44885)
  • New Data Source: aws_cloudfront_distribution_tenant (#​45088)
  • New List Resource: aws_kms_alias (#​45700)
  • New List Resource: aws_sqs_queue (#​45691)
  • New Resource: aws_cloudfront_connection_function (#​45664)
  • New Resource: aws_cloudfront_connection_group (#​44885)
  • New Resource: aws_cloudfront_distribution_tenant (#​45088)
  • New Resource: aws_cloudfront_multitenant_distribution (#​45535)
  • New Resource: aws_dynamodb_global_secondary_index (#​44999)
  • New Resource: aws_ecr_pull_time_update_exclusion (#​45765)
  • New Resource: aws_organizations_tag (#​45730)
  • New Resource: aws_redshift_idc_application (#​37345)
  • New Resource: aws_secretsmanager_tag (#​45825)
  • New Resource: aws_sesv2_tenant (#​45706)

ENHANCEMENTS:

  • data-source/aws_apigateway_domain_name : Add endpoint_access_mode attribute (#​45741)
  • data-source/aws_db_proxy: Add endpoint_network_type and target_connection_network_type attributes (#​45634)
  • data-source/aws_dx_gateway: Add tags attribute (#​45766)
  • data-source/aws_ecr_lifecycle_policy_document: Add rule.action.target_storage_class and rule.selection.storage_class arguments, and new valid values for rule.action.type and rule.selection.count_type arguments (#​45752)
  • data-source/aws_iam_saml_provider: Add saml_provider_uuid attribute (#​45707)
  • data-source/aws_lambda_function: Add response_streaming_invoke_arn attribute (#​45652)
  • data-source/aws_lambda_function: Support code_signing_config_arn in AWS GovCloud (US) Regions (#​45652)
  • data-source/aws_route53_resolver_firewall_rules: Add dns_threat_protection, confidence_threshold, firewall_threat_protection_id, firewall_domain_redirection_action, and q_type attributes (#​45711)
  • data-source/aws_route53_resolver_rule: Add target_ips attribute (#​45492)
  • data-source/aws_vpc_endpoint: Add dns_options.private_dns_preference and dns_options.private_dns_specified_domains attributes (#​45679)
  • data-source/aws_vpc_endpoint: Promote service_region and vpc_endpoint_type from attributes to arguments for filtering (#​45679)
  • resource/aws_alb: Enforce tag policy compliance for the elasticloadbalancing:loadbalancer tag type (#​45671)
  • resource/aws_alb_listener: Enforce tag policy compliance for the elasticloadbalancing:listener tag type (#​45671)
  • resource/aws_alb_listener_rule: Enforce tag policy compliance for the elasticloadbalancing:listener-rule tag type (#​45671)
  • resource/aws_alb_target_group: Enforce tag policy compliance for the elasticloadbalancing:targetgroup tag type (#​45671)
  • resource/aws_apigateway_domain_name: Add endpoint_access_mode argument and configurable timeout for create and update (#​45741)
  • resource/aws_athena_workgroup: Add customer_content_encryption_configuration argument (#​45744)
  • resource/aws_athena_workgroup: Add enable_minimum_encryption_configuration argument (#​45744)
  • resource/aws_athena_workgroup: Add monitoring_configuration argument (#​45744)
  • resource/aws_cleanrooms_collaboration: Add resource identity support (#​45548)
  • resource/aws_cloudfront_distribution: Add connection_function_association and viewer_mtls_config arguments (#​45847)
  • resource/aws_cloudfront_distribution: Add owner_account_id argument to vpc_origin_config for cross-account VPC origin support (#​45011)
  • resource/aws_cloudwatch_log_subscription_filter: Add apply_on_transformed_logs argument (#​45826)
  • resource/aws_cloudwatch_log_subscription_filter: Add emit_system_fields argument (#​45760)
  • resource/aws_db_proxy: Add endpoint_network_type and target_connection_network_type arguments (#​45634)
  • resource/aws_docdb_cluster_instance: Enforce tag policy compliance for the rds:db tag type (#​45671)
  • resource/aws_docdb_global_cluster: Enforce tag policy compliance for the rds:global-cluster tag type (#​45671)
  • resource/aws_dx_gateway: Add tags argument and tags_all attribute. This functionality requires the directconnect:TagResource and directconnect:UntagResource IAM permissions (#​45766)
  • resource/aws_ecr_repository_creation_template: Support CREATE_ON_PUSH as a valid value for applied_for (#​45720)
  • resource/aws_ecs_capacity_provider: Add managed_instances_provider.instance_launch_template.capacity_option_type argument (#​45667)
  • resource/aws_fsx_lustre_file_system: Enforce tag policy compliance for the fsx:file-system tag type (#​45671)
  • resource/aws_fsx_ontap_file_system: Enforce tag policy compliance for the fsx:file-system tag type (#​45671)
  • resource/aws_fsx_openzfs_file_system: Enforce tag policy compliance for the fsx:file-system tag type (#​45671)
  • resource/aws_fsx_openzfs_snapshot: Enforce tag policy compliance for the fsx:snapshot tag type (#​45671)
  • resource/aws_fsx_openzfs_volume: Enforce tag policy compliance for the fsx:volume tag type (#​45671)
  • resource/aws_fsx_windows_file_system: Enforce tag policy compliance for the fsx:file-system tag type (#​45671)
  • resource/aws_guardduty_filter: Add finding_criteria.criterion.matches and finding_criteria.criterion.not_matches arguments (#​45758)
  • resource/aws_iam_policy: Add delay_after_policy_creation_in_ms argument. This functionality requires the iam:SetDefaultPolicyVersion IAM permission (#​42054)
  • resource/aws_iam_saml_provider: Add saml_provider_uuid attribute (#​45707)
  • resource/aws_iam_virtual_mfa_device: Add serial_number attribute (#​45751)
  • resource/aws_imagebuilder_image: Add logging_configuration argument (#​45749)
  • resource/aws_imagebuilder_image_pipeline: Add logging_configuration argument (#​45749)
  • resource/aws_inspector_assessment_target: Add plan-time validation of resource_group_arn (#​45688)
  • resource/aws_inspector_assessment_template: Add plan-time validation of rules_package_arns and target_arn (#​45688)
  • resource/aws_lambda_event_source_mapping: Add provisioned_poller_config.poller_group_name argument (#​45313)
  • resource/aws_lambda_event_source_mapping: Support Amazon MSK and self-managed Apache Kafka destinations (kafka://topic-name) for destination_config.on_failure.destination_arn argument (#​45802)
  • resource/aws_lambda_function: Add response_streaming_invoke_arn attribute (#​45652)
  • resource/aws_lambda_function: Support code_signing_config_arn in AWS GovCloud (US) Regions (#​45652)
  • resource/aws_lambda_function_url: Automatically add the lambda:InvokeFunction permission, with the InvokedViaFunctionUrl flag set to true, to the function on creation when authorization_type is NONE (#​44858)
  • resource/aws_lambda_permission: Add invoked_via_function_url argument (#​44858)
  • resource/aws_lb_target_group_attachment: Add quic_server_id argument (#​45666)
  • resource/aws_lb_target_group_attachment: Add plan-time validation of target_group_arn (#​45666)
  • resource/aws_neptune_cluster: Enforce tag policy compliance for the rds:cluster tag type (#​45671)
  • resource/aws_neptune_cluster_instance: Enforce tag policy compliance for the rds:db tag type (#​45671)
  • resource/aws_neptune_global_cluster: Enforce tag policy compliance for the rds:global-cluster tag type (#​45671)
  • resource/aws_networkmanager_vpc_attachment: Enable in-place updates of routing_policy_label argument. This functionality requires the networkmanager: PutAttachmentRoutingPolicyLabel and networkmanager: RemoveAttachmentRoutingPolicyLabel IAM permissions (#​45728)
  • resource/aws_osis_pipeline: Add pipeline_role_arn argument to support specifying a IAM role at the pipeline level (#​45806)
  • resource/aws_rds_cluster: Enforce tag policy compliance for the rds:cluster tag type (#​45671)
  • resource/aws_redshift_data_share_consumer_association: Add plan-time validation of consumer_region (#​45688)
  • resource/aws_route53_resolver_firewall_rule: Add dns_threat_protection, confidence_threshold, and firewall_threat_protection_id arguments to support DNS Firewall Advanced rules (#​45711)
  • resource/aws_transfer_web_app: Add endpoint_details.vpc configuration block to support VPC hosted Transfer Family web app (#​45745)
  • resource/aws_vpc_endpoint: Add dns_options.private_dns_preference and dns_options.private_dns_specified_domains arguments (#​45679)
  • resource/aws_vpclattice_service_network_resource_association: Add private_dns_enabled argument (#​45673)
  • resource/aws_vpn_connection: Support in-place updates for tunnel*_inside_cidr and tunnel*_inside_ipv6_cidr arguments (#​45781)

BUG FIXES:

  • data-source/aws_ecr_authorization_token: Fix value of proxy_endpoint when registry_id is specified (#​45754)
  • data-source/aws_networkmanager_core_network_policy_document: Support account-id, not account, as a valid value for attachment_policies.conditions.type. This fixes a regression introduced in v6.27.0 (#​45788)
  • data-source/aws_vpc_endpoint: Add missing implementation for service_region attribute (#​45679)
  • provider: Fix handling of user_agent values where the product name contains a forward slash (#​45715)
  • resource/aws_batch_job_definition: Fix crash during update when node_properties has NodeRangeProperties.ecsProperties set (#​45676)
  • resource/aws_batch_job_definition: Fix handling of logically deleted results in List (#​45694)
  • resource/aws_cloudwatch_log_subscription_filter: CloudWatch Logs: PutSubscriptionFilter: Retry ValidationException: Make sure you have given CloudWatch Logs permission to assume the provided role (#​43762)
  • resource/aws_ec2_subnet_cidr_reservation: Fix 255 subnet CIDR reservation limit (#​45778)
  • resource/aws_nat_gateway: Handle eventual consistency with attached appliances on delete (#​45842)
  • resource/aws_vpc: Fix reading EC2 VPC (...) default Security Group: empty result and reading EC2 VPC (...) main Route Table: empty result errors when importing RAM-shared VPCs. This fixes a regression introduced in v6.17.0 (#​45780)
  • resource/aws_vpc_endpoint: Fix "InvalidParameter: DnsOptions PrivateDnsOnlyForInboundResolverEndpoint is applicable only to Interface VPC Endpoints" error when creating S3 gateway VPC endpoint with IPv6 enabled (#​45849)
  • resource/aws_vpc_endpoint: private_dns_enabled argument is now marked as ForceNew (#​45679)

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 09:59 AM ( * 0-9 * * * ) in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Jan 8, 2026
@renovate renovate bot merged commit 78f4da5 into main Jan 8, 2026
@renovate renovate bot deleted the renovate/local_stack-terraform-minor-patch-updates branch January 8, 2026 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] approved these changes

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant