CHANGELOG.md

1.2.1 (Unreleased)

1.2.0 (October 31, 2017)

INTERNAL:

• Remove id fields from schema definitions (#1626)

FEATURES:

• New Resource: aws_servicecatalog_portfolio (#1694)
• New Resource: aws_ses_domain_dkim (#1786)
• New Resource: aws_cognito_identity_pool_roles_attachment (#863)
• New Resource: aws_ecr_lifecycle_policy (#2096)
• New Data Source: aws_nat_gateway (#1294)
• New Data Source: aws_dynamodb_table (#2062)
• New Data Source: aws_cloudtrail_service_account (#1774)

IMPROVEMENTS:

• resource/aws_ami: Support configurable timeouts (#1811)
• resource/ami_copy: Support configurable timeouts (#1811)
• resource/ami_from_instance: Support configurable timeouts (#1811)
• data-source/aws_security_group: add description (#1943)
• resource/aws_cloudfront_distribution: Change the default minimum_protocol_version to TLSv1 (#1856)
• resource/aws_sns_topic: Support SMS in protocols (#1813)
• resource/aws_spot_fleet_request: Add support for tags (#2042)
• resource/aws_kinesis_firehose_delivery_stream: Add s3_backup_mode option (#1830)
• resource/aws_elasticsearch_domain: Support VPC configuration (#1958)
• resource/aws_alb_target_group: Add support for target_type (#1589)
• resource/aws_sqs_queue: Add support for tags (#1987)
• resource/aws_security_group: Add revoke_rules_on_delete option to force a security group to revoke rules before deleting the grou (#2074)
• resource/aws_cloudwatch_log_metric_filter: Add support for DefaultValue (#1578)
• resource/aws_emr_cluster: Expose error on TERMINATED_WITH_ERRORS (#2081)

BUG FIXES:

• resource/aws_elasticache_parameter_group: Add missing return to retry logic (#1891)
• resource/aws_batch_job_queue: Wait for update completion when disabling (#1892)
• resource/aws_snapshot_create_volume_permission: Raise creation timeout to 10mins (#1894)
• resource/aws_snapshot_create_volume_permission: Raise creation timeout to 20mins (#2049)
• resource/aws_kms_alias: Retry creation on NotFoundException (#1896)
• resource/aws_kms_key: Retry reading tags on NotFoundException (#1900)
• resource/aws_db_snapshot: Raise creation timeout to 20mins (#1905)
• resource/aws_lb: Allow assigning EIP to network LB (#1956)
• resource/aws_s3_bucket: Retry tagging on OperationAborted (#2008)
• resource/aws_cognito_identity_pool: Fixed refresh of providers (#2015)
• resource/aws_elasticache_replication_group: Raise creation timeout to 50mins (#2048)
• resource/aws_api_gateway_usag_plan: Fixed setting of rate_limit (#2076)
• resource/aws_elastic_beanstalk_application: Expose error leading to failed deletion (#2080)
• resource/aws_s3_bucket: Accept query strings in redirect hosts (#2059)

1.1.0 (October 16, 2017)

NOTES:

• resource/aws_alb_* & data-source/aws_alb_*: In order to support network LBs, ALBs were renamed to aws_lb_* due to the way APIs "new" (non-Classic) load balancers are structured in AWS. All existing ALB functionality remains untouched and new resources work the same way. aws_alb_* resources are still in place as "aliases", but documentation will only mention aws_lb_*. aws_alb_* aliases will be removed in future major version. (#1806)
• Deprecated:
  • data-source/aws_alb
  • data-source/aws_alb_listener
  • data-source/aws_alb_target_group
  • resource/aws_alb
  • resource/aws_alb_listener
  • resource/aws_alb_listener_rule
  • resource/aws_alb_target_group
  • resource/aws_alb_target_group_attachment

FEATURES:

• New Resource: aws_batch_job_definition (#1710)
• New Resource: aws_batch_job_queue (#1710)
• New Resource: aws_lb (#1806)
• New Resource: aws_lb_listener (#1806)
• New Resource: aws_lb_listener_rule (#1806)
• New Resource: aws_lb_target_group (#1806)
• New Resource: aws_lb_target_group_attachment (#1806)
• New Data Source: aws_lb (#1806)
• New Data Source: aws_lb_listener (#1806)
• New Data Source: aws_lb_target_group (#1806)
• New Data Source: aws_iam_user (#1805)
• New Data Source: aws_s3_bucket (#1505)

IMPROVEMENTS:

• data-source/aws_redshift_service_account: Add arn attribute (#1775)
• data-source/aws_vpc_endpoint: Expose prefix_list_id (#1733)
• resource/aws_kinesis_stream: Add support for encryption (#1139)
• resource/aws_cloudwatch_log_group: Add support for encryption via kms_key_id (#1751)
• resource/aws_spot_instance_request: Add support for instance_interruption_behaviour (#1735)
• resource/aws_ses_event_destination: Add support for open & click event types (#1773)
• resource/aws_efs_file_system: Expose dns_name (#1825)
• resource/aws_security_group+aws_security_group_rule: Add support for rule description (#1587)
• resource/aws_emr_cluster: enable configuration of ebs root volume size (#1375)
• resource/aws_ami: Add root_snapshot_id attribute (#1572)
• resource/aws_vpn_connection: Mark preshared keys as sensitive (#1850)
• resource/aws_codedeploy_deployment_group: Support blue/green and in-place deployments with traffic control (#1162)
• resource/aws_elb: Update ELB idle timeout to 4000s (#1861)
• resource/aws_spot_fleet_request: Add support for instance_interruption_behaviour (#1847)
• resource/aws_kinesis_firehose_delivery_stream: Specify kinesis stream as the source of a aws_kinesis_firehose_delivery_stream (#1605)
• resource/aws_kinesis_firehose_delivery_stream: Output complete error when creation fails (#1881)

BUG FIXES:

• data-source/aws_db_instance: Make db_instance_arn expose ARN instead of identifier (use db_cluster_identifier for identifier) (#1766)
• data-source/aws_db_snapshot: Expose storage_type (was not exposed) (#1833)
• data-source/aws_ami: Update the tags structure for easier referencing (#1706)
• data-source/aws_ebs_snapshot: Update the tags structure for easier referencing (#1706)
• data-source/aws_ebs_volume: Update the tags structure for easier referencing (#1706)
• data-source/aws_instance: Update the tags structure for easier referencing (#1706)
• resource/aws_spot_instance_request: Handle closed request correctly (#1903)
• resource/aws_cloudtrail: Raise update retry timeout (#1820)
• resource/aws_elasticache_parameter_group: Retry resetting group on pending changes (#1821)
• resource/aws_kms_key: Retry getting rotation status (#1818)
• resource/aws_kms_key: Retry getting key policy (#1854)
• resource/aws_vpn_connection: Raise timeout to 40mins (#1819)
• resource/aws_kinesis_firehose_delivery_stream: Fix crash caused by missing processing_configuration (#1738)
• resource/aws_rds_cluster_instance: Treat configuring-enhanced-monitoring as pending state (#1744)
• resource/aws_rds_cluster_instance: Treat more states as pending (#1790)
• resource/aws_route_table: Increase number of not-found checks/retries after creation (#1791)
• resource/aws_batch_compute_environment: Fix ARN attribute name/value (ecc_cluster_arn -> ecs_cluster_arn) (#1809)
• resource/aws_kinesis_stream: Retry creation of the stream on LimitExceededException (handle throttling) (#1339)
• resource/aws_vpn_connection_route: Treat route in state deleted as deleted (#1848)
• resource/aws_eip: Avoid disassociating if there's no association (#1683)
• resource/aws_elasticache_cluster: Allow scaling up cluster by modifying az_mode (avoid recreation) (#1758)
• resource/aws_lambda_function: Fix Lambda Function Updates When Published (#1797)
• resource/aws_appautoscaling_*: Use dimension to uniquely identify target/policy (#1808)
• resource/aws_vpn_connection_route: Wait until route is available/deleted (#1849)
• resource/aws_cloudfront_distribution: Ignore minimum_protocol_version if default certificate is used (#1785)
• resource/aws_security_group: Using self = false with cidr_blocks should be allowed (#1839)
• resource/aws_instance: Check VPC array size to avoid crashes on Eucalyptus Cloud (#1882)

1.0.0 (September 27, 2017)

NOTES:

• resource/aws_appautoscaling_policy: Nest step scaling policy fields, deprecate 1st level fields (#1620)

FEATURES:

• New Resource: aws_waf_rate_based_rule (#1606)
• New Resource: aws_batch_compute_environment (#1048)

IMPROVEMENTS:

• provider: Expand shared_credentials_file (#1511)
• provider: Add support for Task Roles when running on ECS or CodeBuild (#1425)
• resource/aws_instance: New user_data_base64 attribute that allows non-UTF8 data (such as gzip) to be assigned to user-data without corruption (#850)
• data-source/aws_vpc: Expose enable_dns_* in aws_vpc data_source (#1373)
• resource/aws_appautoscaling_policy: Add support for DynamoDB (#1650)
• resource/aws_directory_service_directory: Add support for tags (#1398)
• resource/aws_rds_cluster: Allow setting of rds cluster engine (#1415)
• resource/aws_ssm_association: now supports update for parameters, schedule_expression,output_location (#1421)
• resource/aws_ssm_patch_baseline: now supports update for multiple attributes (#1421)
• resource/aws_cloudformation_stack: Add support for Import (#1432)
• resource/aws_rds_cluster_instance: Expose availability_zone attribute (#1439)
• resource/aws_efs_file_system: Add support for encryption (#1420)
• resource/aws_db_parameter_group: Allow underscores in names (#1460)
• resource/aws_elasticsearch_domain: Assign tags right after creation (#1399)
• resource/aws_route53_record: Allow CAA record type (#1467)
• resource/aws_codebuild_project: Allowed for BITBUCKET source type (#1468)
• resource/aws_emr_cluster: Add instance_group parameter for EMR clusters (#1071)
• resource/aws_alb_listener_rule: Populate listener_arn field (#1303)
• resource/aws_api_gateway_rest_api: Add a body property to API Gateway RestAPI for Swagger import support (#1197)
• resource/aws_opsworks_stack: Add support for tags (#1523)
• Add retries for AppScaling policies throttling exceptions (#1430)
• resource/aws_ssm_patch_baseline: Add compliance level to patch approval rules (#1531)
• resource/aws_ssm_activation: Export ssm activation activation_code (#1570)
• resource/aws_network_interface: Added private_dns_name to network_interface (#1599)
• data-source/aws_redshift_service_account: updated with latest redshift service account ID's (#1614)
• resource/aws_ssm_parameter: Refresh from state on 404 (#1436)
• resource/aws_api_gateway_rest_api: Allow binary media types to be updated (#1600)
• resource/aws_waf_rule: Make predicates' data_id required (it always was on the API's side, it's just reflected in the schema) (#1606)
• resource/aws_waf_web_acl: Introduce new type field in rules to allow referencing RATE_BASED type (#1606)
• resource/aws_ssm_association: Migrate the schema to use association_id (#1579)
• resource/aws_ssm_document: Added name validation (#1638)
• resource/aws_nat_gateway: Add tags support (#1625)
• resource/aws_route53_record: Add support for Route53 multi-value answer routing policy (#1686)
• resource/aws_instance: Read iops only when volume type is io1 (#1573)
• resource/aws_rds_cluster(+_instance) Allow specifying the engine (#1591)
• resource/aws_cloudwatch_event_target: Add Input transformer for Cloudwatch Events (#1343)
• resource/aws_directory_service_directory: Support Import functionality (#1732)

BUG FIXES:

• resource/aws_instance: Fix associate_public_ip_address (#1340)
• resource/aws_instance: Fix import in EC2 Classic (#1453)
• resource/aws_emr_cluster: Avoid spurious diff of log_uri (#1374)
• resource/aws_cloudwatch_log_subscription_filter: Add support for ResourceNotFound (#1414)
• resource/aws_sns_topic_subscription: Prevent duplicate (un)subscribe during initial creation (#1480)
• resource/aws_alb: Cleanup ENIs after deleting ALB (#1427)
• resource/aws_s3_bucket: Wrap s3 calls in retry to avoid race during creation (#891)
• resource/aws_eip: Remove from state on deletion (#1551)
• resource/aws_security_group: Adding second scenario where IPv6 is not supported (#880)

0.1.4 (August 08, 2017)

FEATURES:

• New Resource: aws_cloudwatch_dashboard (#1172)
• New Data Source: aws_internet_gateway (#1196)
• New Data Source: aws_efs_mount_target (#1255)

IMPROVEMENTS:

• AWS SDK to log extra debug details on request errors (#1210)
• resource/aws_spot_fleet_request: Add support for wait_for_fulfillment (#1241)
• resource/aws_autoscaling_schedule: Allow empty value (#1268)
• resource/aws_ssm_association: Add support for OutputLocation and Schedule Expression (#1253)
• resource/aws_ssm_patch_baseline: Update support for Operating System (#1260)
• resource/aws_db_instance: Expose db_instance ca_cert_identifier (#1256)
• resource/aws_rds_cluster: Add support for iam_roles to rds_cluster (#1258)
• resource/aws_rds_cluster_parameter_group: Support > 20 parameters (#1298)
• data-source/aws_iam_role: Normalize the IAM role data source (#1330)
• resource/aws_kinesis_stream: Increase Timeouts, add Timeout Support (#1345)

BUG FIXES:

• resource/aws_instance: Guard check for aws_instance UserData to prevent panic (#1288)
• resource/aws_config: Set AWS Config Configuration recorder & Delivery channel names as ForceNew (#1247)
• resource/aws_cloudtrail: Retry if IAM role isn't propagated yet (#1312)
• resource/aws_cloudtrail: Fix CloudWatch role ARN/group updates (#1357)
• resource/aws_eip_association: Avoid crash in EC2 Classic (#1344)
• resource/aws_elasticache_parameter_group: Allow removing parameters (#1309)
• resource/aws_kinesis: add retries for Kinesis throttling exceptions (#1085)
• resource/aws_kinesis_firehose: adding support for ExtendedS3DestinationConfiguration (#1015)
• resource/aws_spot_fleet_request: Ignore empty key_name (#1203)
• resource/aws_emr_instance_group: fix crash when changing instance_group.count (#1287)
• resource/aws_elasticsearch_domain: Fix updating config when update doesn't involve EBS (#1131)
• resource/aws_s3_bucket: Avoid crashing when no lifecycle rule is defined (#1316)
• resource/elastic_transcoder_preset: Fix provider validation (#1338)
• resource/aws_s3_bucket: Avoid crashing when filter is not set (#1350)

0.1.3 (July 25, 2017)

FEATURES:

• New Data Source: aws_iam_instance_profile (#1024)
• New Data Source: aws_alb_target_group (#1037)
• New Data Source: aws_iam_group (#1140)
• New Resource: aws_api_gateway_request_validator (#1064)
• New Resource: aws_api_gateway_gateway_response (#1168)
• New Resource: aws_iot_policy (#986)
• New Resource: aws_iot_certificate (#1225)

IMPROVEMENTS:

• resource/aws_sqs_queue: Add support for Server-Side Encryption (#962)
• resource/aws_vpc: Add support for classiclink_dns_support (#1079)
• resource/aws_lambda_function: Add support for lambda_function vpc_config update (#1080)
• resource/aws_lambda_function: Add support for lambda_function dead_letter_config update (#1080)
• resource/aws_route53_health_check: add support for health_check regions (#1116)
• resource/aws_spot_instance_request: add support for request launch group (#1097)
• resource/aws_rds_cluster_instance: Export the RDI Resource ID for the instance (#1142)
• resource/aws_sns_topic_subscription: Support password-protected HTTPS endpoints (#861)

BUG FIXES:

• provider: Remove assumeRoleHash (#1227)
• resource/aws_ami: Retry on InvalidAMIID.NotFound (#1035)
• resource/aws_iam_server_certificate: Fix restriction on length of name_prefix (#1217)
• resource/aws_autoscaling_group: Fix handling of empty vpc_zone_identifier (EC2 classic & default VPC) (#1191)
• resource/aws_ecr_repository_policy: Add retry logic to work around IAM eventual consistency (#1165)
• resource/aws_ecs_service: Fixes normalization issues in placement_strategy (#1025)
• resource/aws_eip: Retry reading EIPs on creation (#1053)
• resource/aws_elastic_beanstalk_environment: Avoid spurious diffs of JSON-based settings (#901)
• resource/aws_opsworks_permission: Fix 'set permissions' failing to set ssh access (#1038)
• resource/aws_s3_bucket_notification: Fix missing bucket field after import (#978)
• resource/aws_sfn_state_machine: Handle another NotFound exception type (#1062)
• resource/aws_ssm_parameter: ForceNew on ssm_parameter rename (#1022)
• resource/aws_instance: Update SourceDestCheck modification on new resources (#1065)
• resource/aws_spot_instance_request: fixed and issue with network interfaces configuration (#1070)
• resource/aws_rds_cluster: Modify RDS Cluster after restoring from snapshot, if required (#926)
• resource/aws_kms_alias: Retry lookups after creation (#1040)
• resource/aws_internet_gateway: Retry deletion properly on DependencyViolation (#1021)
• resource/aws_elb: Cleanup ENIs after deleting ELB (#1036)
• resource/aws_kms_key: Retry lookups after creation (#1039)
• resource/aws_dms_replication_instance: Add modifying as a pending creation state (#1114)
• resource/aws_redshift_cluster: Trigger ForceNew aws_redshift_cluster on encrypted change (#1120)
• resource/aws_default_network_acl: Add support for ipv6_cidr_block (#1113)
• resource/aws_autoscaling_group: Suppress diffs when an empty set is specified for availability_zones (#1190)
• resource/aws_vpc: Ignore ClassicLink DNS support in unsupported regions (#1176)
• resource/elastic_beanstalk_configuration_template: Handle missing platform (#1222)
• r/elasticache_parameter_group: support more than 20 parameters (#1221)
• data-source/aws_db_instance: Fix the output of subnet_group_name (#1141)
• data-source/aws_iam_server_certificate: Fix restriction on length of name_prefix (#1217)

0.1.2 (June 30, 2017)

FEATURES:

• New Resource: aws_network_interface_sg_attachment (#860)
• New Data Source: aws_ecr_repository (#944)

IMPROVEMENTS:

• Added ability to change the deadline for the EC2 metadata API endpoint (#950)
• resource/aws_api_gateway_integration: Add support for specifying cache key parameters (#893)
• resource/aws_cloudwatch_event_target: Add ecs_target (#977)
• resource/aws_vpn_connection: Add BGP related information on aws_vpn_connection (#973)
• resource/aws_cloudformation_stack: Add timeout support (#994)
• resource/aws_ssm_parameter: Add support for ssm parameter overwrite (#1006)
• resource/aws_codebuild_project: Add support for environment privileged_mode [GH1009]
• resource/aws_dms_endpoint: Add support for dynamodb as an endpoint target (#1002)
• resource/aws_s3_bucket: Support lifecycle tags filter (#899)
• resource/aws_s3_bucket_object: Allow to set WebsiteRedirect on S3 object (#1020)

BUG FIXES:

• resource/aws_waf: Only set FieldToMatch.Data if not empty (#953)
• resource/aws_elastic_beanstalk_application_version: Scope labels to application (#956)
• resource/aws_s3_bucket: Allow use of days = 0 with lifecycle transition (#957)
• resource/aws_ssm_maintenance_window_task: Make task_parameters updateable on aws_ssm_maintenance_window_task resource (#965)
• resource/aws_kinesis_stream: don't force stream destroy on shard_count update (#894)
• resource/aws_cloudfront_distribution: Remove validation from custom_origin params (#987)
• resource_aws_route53_record: Allow import of Route 53 records with underscores in the name (#14717)
• d/aws_db_snapshot: Id was being set incorrectly (#992)
• resource/aws_spot_fleet_request: Raise the create timeout to be 10m (#993)
• d/aws_ecs_cluster: Add ARN as an exported param for aws_ecs_cluster (#991)
• resource/aws_ebs_volume: Not setting the state for ebs_volume correctly (#999)
• resource/aws_network_acl: Make action in ingress / egress case insensitive (#1000)

0.1.1 (June 21, 2017)

BUG FIXES:

• Fixing malformed ARN attribute for aws_security_group data source (#910)

0.1.0 (June 20, 2017)

BACKWARDS INCOMPATIBILITIES / NOTES:

FEATURES:

• New Resource: aws_vpn_gateway_route_propagation [#15137](hashicorp/terraform#15137)

IMPROVEMENTS:

• resource/ebs_snapshot: Add support for tags (#3)
• resource/aws_elasticsearch_domain: now retries on IAM role association failure (#12)
• resource/codebuild_project: Increase timeout for creation retry (IAM) (#904)
• resource/dynamodb_table: Expose stream_label attribute (#20)
• resource/opsworks: Add support for configurable timeouts in AWS OpsWorks Instances. (#857)
• Fix handling of AdRoll's hologram clients (#17)
• resource/sqs_queue: Add support for name_prefix to aws_sqs_queue (#855)
• resource/iam_role: Add support for iam_role tp force_detach_policies (#890)

BUG FIXES:

• fix aws cidr validation error [#15158](hashicorp/terraform#15158)
• resource/elasticache_parameter_group: Retry deletion on InvalidCacheParameterGroupState (#8)
• resource/security_group: Raise creation timeout (#9)
• resource/rds_cluster: Retry modification on InvalidDBClusterStateFault (#18)
• resource/lambda: Fix incorrect GovCloud regexes (#16)
• Allow ipv6_cidr_block to be assigned to peering_connection (#879)
• resource/rds_db_instance: Correctly create cross-region encrypted replica (#865)
• resource/eip: dissociate EIP on update (#878)
• resource/iam_server_certificate: Increase deletion timeout (#907)