Sourced from hashicorp/aws's releases.

v6.8.0

6.8.0 (August 7, 2025)

FEATURES:

• New Resource: aws_networkfirewall_vpc_endpoint_association (#43675)
• New Resource: aws_quicksight_custom_permissions (#43613)
• New Resource: aws_quicksight_role_custom_permission (#43613)
• New Resource: aws_quicksight_user_custom_permission (#43613)
• New Resource: aws_wafv2_web_acl_rule_group_association (#43561)

ENHANCEMENTS:

• data-source/aws_quicksight_user: Add custom_permissions_name attribute (#43613)
• data-source/aws_wafv2_web_acl: Add resource_arn argument to enable finding web ACLs by resource ARN (#43597)
• data-source/aws_wafv2_web_acl: Add support for CLOUDFRONT scope web ACLs using resource_arn (#43597)
• resource/aws_bedrock_guardrail: Add input_action, output_action, input_enabled, and output_enabled attributes to sensitive_information_policy_config.pii_entities_config and sensitive_information_policy_config.regexes_config configuration blocks (#43702)
• resource/aws_cloudwatch_log_group: Add resource identity support (#43719)
• resource/aws_computeoptimizer_recommendation_preferences: Add AuroraDBClusterStorage as a valid resource_type (#43677)
• resource/aws_docdb_cluster: Add serverless_v2_scaling_configuration argument in support of Amazon DocumentDB serverless (#43667)
• resource/aws_ecr_repository: Add image_tag_mutability_exclusion_filter argument (#43642)
• resource/aws_ecr_repository: Support IMMUTABLE_WITH_EXCLUSION and MUTABLE_WITH_EXCLUSION as valid values for image_tag_mutability (#43642)
• resource/aws_inspector2_enabler: Support resource import (#43673)
• resource/aws_instance: Adds force_destroy argument that allows destruction even when disable_api_termination and disable_api_stop are true (#43722)
• resource/aws_ivs_channel: Add resource identity support (#43704)
• resource/aws_ivs_playback_key_pair: Add resource identity support (#43704)
• resource/aws_ivs_recording_configuration: Add resource identity support (#43704)
• resource/aws_ivschat_logging_configuration: Add resource identity support (#43697)
• resource/aws_ivschat_room: Add resource identity support (#43697)
• resource/aws_kinesis_firehose_delivery_stream: Add iceberg_configuration.append_only argument (#43647)
• resource/aws_lightsail_static_ip: Support resource import (#43672)
• resource/aws_opensearch_domain_policy: Support resource import (#43674)
• resource/aws_quicksight_user: Add plan-time validation of iam_arn (#43613)
• resource/aws_quicksight_user: Change user_name to Optional and Computed (#43613)
• resource/aws_quicksight_user: Support IAM_IDENTITY_CENTER as a valid value for identity_type (#43613)
• resource/aws_quicksight_user: Support RESTRICTED_AUTHOR and RESTRICTED_READER as valid values for user_role (#43613)
• resource/aws_security_group: Add parameterized resource identity support (#43744)
• resource/aws_sqs_queue: Increase upper limit of max_message_size from 256 KiB to 1024 KiB (#43710)
• resource/aws_ssm_parameter: Add resource identity support (#43736)

BUG FIXES:

• ephemeral-resource/aws_lambda_invocation: Fix plan inconsistency issue due to improperly assigned payload values (#43676)
• provider: Fix failure to detect resources deleted outside of Terraform as missing for numerous resource types (#43659)
• resource/aws_batch_compute_environment: Fix inconsistent final plan error when compute_resource.launch_template.version is unknown during an update (#43337)
• resource/aws_bedrockagent_flow: Prevent created_at becoming null on Update (#43654)
• resource/aws_ec2_managed_prefix_list: Fix PrefixListVersionMismatch: The prefix list has the incorrect version number errors when updating entry description (#43661)
• resource/aws_fsx_lustre_file_system: Fix validation of SSD read cache size for file systems using the Intelligent-Tiering storage class (#43605)
• resource/aws_instance: Prevent destruction of resource when disable_api_termination is true (#43722)
• resource/aws_kms_key: Restore pre-v6.3.0 retry delay behavior when waiting for continuous target state occurrences. This fixes certain tag update timeouts (#43716)

... (truncated)

Sourced from hashicorp/aws's changelog.

6.8.0 (August 7, 2025)

FEATURES:

• New Resource: aws_networkfirewall_vpc_endpoint_association (#43675)
• New Resource: aws_quicksight_custom_permissions (#43613)
• New Resource: aws_quicksight_role_custom_permission (#43613)
• New Resource: aws_quicksight_user_custom_permission (#43613)
• New Resource: aws_wafv2_web_acl_rule_group_association (#43561)

ENHANCEMENTS:

• data-source/aws_quicksight_user: Add custom_permissions_name attribute (#43613)
• data-source/aws_wafv2_web_acl: Add resource_arn argument to enable finding web ACLs by resource ARN (#43597)
• data-source/aws_wafv2_web_acl: Add support for CLOUDFRONT scope web ACLs using resource_arn (#43597)
• resource/aws_bedrock_guardrail: Add input_action, output_action, input_enabled, and output_enabled attributes to sensitive_information_policy_config.pii_entities_config and sensitive_information_policy_config.regexes_config configuration blocks (#43702)
• resource/aws_cloudwatch_log_group: Add resource identity support (#43719)
• resource/aws_computeoptimizer_recommendation_preferences: Add AuroraDBClusterStorage as a valid resource_type (#43677)
• resource/aws_docdb_cluster: Add serverless_v2_scaling_configuration argument in support of Amazon DocumentDB serverless (#43667)
• resource/aws_ecr_repository: Add image_tag_mutability_exclusion_filter argument (#43642)
• resource/aws_ecr_repository: Support IMMUTABLE_WITH_EXCLUSION and MUTABLE_WITH_EXCLUSION as valid values for image_tag_mutability (#43642)
• resource/aws_inspector2_enabler: Support resource import (#43673)
• resource/aws_instance: Adds force_destroy argument that allows destruction even when disable_api_termination and disable_api_stop are true (#43722)
• resource/aws_ivs_channel: Add resource identity support (#43704)
• resource/aws_ivs_playback_key_pair: Add resource identity support (#43704)
• resource/aws_ivs_recording_configuration: Add resource identity support (#43704)
• resource/aws_ivschat_logging_configuration: Add resource identity support (#43697)
• resource/aws_ivschat_room: Add resource identity support (#43697)
• resource/aws_kinesis_firehose_delivery_stream: Add iceberg_configuration.append_only argument (#43647)
• resource/aws_lightsail_static_ip: Support resource import (#43672)
• resource/aws_opensearch_domain_policy: Support resource import (#43674)
• resource/aws_quicksight_user: Add plan-time validation of iam_arn (#43613)
• resource/aws_quicksight_user: Change user_name to Optional and Computed (#43613)
• resource/aws_quicksight_user: Support IAM_IDENTITY_CENTER as a valid value for identity_type (#43613)
• resource/aws_quicksight_user: Support RESTRICTED_AUTHOR and RESTRICTED_READER as valid values for user_role (#43613)
• resource/aws_security_group: Add parameterized resource identity support (#43744)
• resource/aws_sqs_queue: Increase upper limit of max_message_size from 256 KiB to 1024 KiB (#43710)
• resource/aws_ssm_parameter: Add resource identity support (#43736)

BUG FIXES:

• ephemeral-resource/aws_lambda_invocation: Fix plan inconsistency issue due to improperly assigned payload values (#43676)
• provider: Fix failure to detect resources deleted outside of Terraform as missing for numerous resource types (#43659)
• resource/aws_batch_compute_environment: Fix inconsistent final plan error when compute_resource.launch_template.version is unknown during an update (#43337)
• resource/aws_bedrockagent_flow: Prevent created_at becoming null on Update (#43654)
• resource/aws_ec2_managed_prefix_list: Fix PrefixListVersionMismatch: The prefix list has the incorrect version number errors when updating entry description (#43661)
• resource/aws_fsx_lustre_file_system: Fix validation of SSD read cache size for file systems using the Intelligent-Tiering storage class (#43605)
• resource/aws_instance: Prevent destruction of resource when disable_api_termination is true (#43722)
• resource/aws_kms_key: Restore pre-v6.3.0 retry delay behavior when waiting for continuous target state occurrences. This fixes certain tag update timeouts (#43716)
• resource/aws_s3tables_table_bucket: Fix crash on maintenance_configuration read failure (#43707)

... (truncated)

• 356433c Prepare release v6.8.0 (#43754)
• 5296c44 Update CHANGELOG.md for #43751
• 56c658a Merge pull request #43751 from hashicorp/b-sagemaker_image_name
• 6537992 Update CHANGELOG.md for #43597
• bbeaeae Merge pull request #43597 from hashicorp/f-wafv2-web-acl-data-source
• 0c98271 Fix golangci-lint 'ineffassign,staticcheck(SA4006),wastedassign'.
• 88825b5 d/aws_wafv2_web_acl: Use 'cloudfront.FindDistributionByID'.
• 9dffc8d cloudfront: Export 'FindDistributionByID'.
• f62b72d Use 'listWebACLsPages'.
• 0501ddb Update CHANGELOG.md for #43744
• Additional commits viewable in compare view

Sourced from hashicorp/aws's releases.

v6.8.0

6.8.0 (August 7, 2025)

FEATURES:

• New Resource: aws_networkfirewall_vpc_endpoint_association (#43675)
• New Resource: aws_quicksight_custom_permissions (#43613)
• New Resource: aws_quicksight_role_custom_permission (#43613)
• New Resource: aws_quicksight_user_custom_permission (#43613)
• New Resource: aws_wafv2_web_acl_rule_group_association (#43561)

ENHANCEMENTS:

• data-source/aws_quicksight_user: Add custom_permissions_name attribute (#43613)
• data-source/aws_wafv2_web_acl: Add resource_arn argument to enable finding web ACLs by resource ARN (#43597)
• data-source/aws_wafv2_web_acl: Add support for CLOUDFRONT scope web ACLs using resource_arn (#43597)
• resource/aws_bedrock_guardrail: Add input_action, output_action, input_enabled, and output_enabled attributes to sensitive_information_policy_config.pii_entities_config and sensitive_information_policy_config.regexes_config configuration blocks (#43702)
• resource/aws_cloudwatch_log_group: Add resource identity support (#43719)
• resource/aws_computeoptimizer_recommendation_preferences: Add AuroraDBClusterStorage as a valid resource_type (#43677)
• resource/aws_docdb_cluster: Add serverless_v2_scaling_configuration argument in support of Amazon DocumentDB serverless (#43667)
• resource/aws_ecr_repository: Add image_tag_mutability_exclusion_filter argument (#43642)
• resource/aws_ecr_repository: Support IMMUTABLE_WITH_EXCLUSION and MUTABLE_WITH_EXCLUSION as valid values for image_tag_mutability (#43642)
• resource/aws_inspector2_enabler: Support resource import (#43673)
• resource/aws_instance: Adds force_destroy argument that allows destruction even when disable_api_termination and disable_api_stop are true (#43722)
• resource/aws_ivs_channel: Add resource identity support (#43704)
• resource/aws_ivs_playback_key_pair: Add resource identity support (#43704)
• resource/aws_ivs_recording_configuration: Add resource identity support (#43704)
• resource/aws_ivschat_logging_configuration: Add resource identity support (#43697)
• resource/aws_ivschat_room: Add resource identity support (#43697)
• resource/aws_kinesis_firehose_delivery_stream: Add iceberg_configuration.append_only argument (#43647)
• resource/aws_lightsail_static_ip: Support resource import (#43672)
• resource/aws_opensearch_domain_policy: Support resource import (#43674)
• resource/aws_quicksight_user: Add plan-time validation of iam_arn (#43613)
• resource/aws_quicksight_user: Change user_name to Optional and Computed (#43613)
• resource/aws_quicksight_user: Support IAM_IDENTITY_CENTER as a valid value for identity_type (#43613)
• resource/aws_quicksight_user: Support RESTRICTED_AUTHOR and RESTRICTED_READER as valid values for user_role (#43613)
• resource/aws_security_group: Add parameterized resource identity support (#43744)
• resource/aws_sqs_queue: Increase upper limit of max_message_size from 256 KiB to 1024 KiB (#43710)
• resource/aws_ssm_parameter: Add resource identity support (#43736)

BUG FIXES:

• ephemeral-resource/aws_lambda_invocation: Fix plan inconsistency issue due to improperly assigned payload values (#43676)
• provider: Fix failure to detect resources deleted outside of Terraform as missing for numerous resource types (#43659)
• resource/aws_batch_compute_environment: Fix inconsistent final plan error when compute_resource.launch_template.version is unknown during an update (#43337)
• resource/aws_bedrockagent_flow: Prevent created_at becoming null on Update (#43654)
• resource/aws_ec2_managed_prefix_list: Fix PrefixListVersionMismatch: The prefix list has the incorrect version number errors when updating entry description (#43661)
• resource/aws_fsx_lustre_file_system: Fix validation of SSD read cache size for file systems using the Intelligent-Tiering storage class (#43605)
• resource/aws_instance: Prevent destruction of resource when disable_api_termination is true (#43722)
• resource/aws_kms_key: Restore pre-v6.3.0 retry delay behavior when waiting for continuous target state occurrences. This fixes certain tag update timeouts (#43716)

... (truncated)

Sourced from hashicorp/aws's changelog.

6.8.0 (August 7, 2025)

FEATURES:

• New Resource: aws_networkfirewall_vpc_endpoint_association (#43675)
• New Resource: aws_quicksight_custom_permissions (#43613)
• New Resource: aws_quicksight_role_custom_permission (#43613)
• New Resource: aws_quicksight_user_custom_permission (#43613)
• New Resource: aws_wafv2_web_acl_rule_group_association (#43561)

ENHANCEMENTS:

• data-source/aws_quicksight_user: Add custom_permissions_name attribute (#43613)
• data-source/aws_wafv2_web_acl: Add resource_arn argument to enable finding web ACLs by resource ARN (#43597)
• data-source/aws_wafv2_web_acl: Add support for CLOUDFRONT scope web ACLs using resource_arn (#43597)
• resource/aws_bedrock_guardrail: Add input_action, output_action, input_enabled, and output_enabled attributes to sensitive_information_policy_config.pii_entities_config and sensitive_information_policy_config.regexes_config configuration blocks (#43702)
• resource/aws_cloudwatch_log_group: Add resource identity support (#43719)
• resource/aws_computeoptimizer_recommendation_preferences: Add AuroraDBClusterStorage as a valid resource_type (#43677)
• resource/aws_docdb_cluster: Add serverless_v2_scaling_configuration argument in support of Amazon DocumentDB serverless (#43667)
• resource/aws_ecr_repository: Add image_tag_mutability_exclusion_filter argument (#43642)
• resource/aws_ecr_repository: Support IMMUTABLE_WITH_EXCLUSION and MUTABLE_WITH_EXCLUSION as valid values for image_tag_mutability (#43642)
• resource/aws_inspector2_enabler: Support resource import (#43673)
• resource/aws_instance: Adds force_destroy argument that allows destruction even when disable_api_termination and disable_api_stop are true (#43722)
• resource/aws_ivs_channel: Add resource identity support (#43704)
• resource/aws_ivs_playback_key_pair: Add resource identity support (#43704)
• resource/aws_ivs_recording_configuration: Add resource identity support (#43704)
• resource/aws_ivschat_logging_configuration: Add resource identity support (#43697)
• resource/aws_ivschat_room: Add resource identity support (#43697)
• resource/aws_kinesis_firehose_delivery_stream: Add iceberg_configuration.append_only argument (#43647)
• resource/aws_lightsail_static_ip: Support resource import (#43672)
• resource/aws_opensearch_domain_policy: Support resource import (#43674)
• resource/aws_quicksight_user: Add plan-time validation of iam_arn (#43613)
• resource/aws_quicksight_user: Change user_name to Optional and Computed (#43613)
• resource/aws_quicksight_user: Support IAM_IDENTITY_CENTER as a valid value for identity_type (#43613)
• resource/aws_quicksight_user: Support RESTRICTED_AUTHOR and RESTRICTED_READER as valid values for user_role (#43613)
• resource/aws_security_group: Add parameterized resource identity support (#43744)
• resource/aws_sqs_queue: Increase upper limit of max_message_size from 256 KiB to 1024 KiB (#43710)
• resource/aws_ssm_parameter: Add resource identity support (#43736)

BUG FIXES:

• ephemeral-resource/aws_lambda_invocation: Fix plan inconsistency issue due to improperly assigned payload values (#43676)
• provider: Fix failure to detect resources deleted outside of Terraform as missing for numerous resource types (#43659)
• resource/aws_batch_compute_environment: Fix inconsistent final plan error when compute_resource.launch_template.version is unknown during an update (#43337)
• resource/aws_bedrockagent_flow: Prevent created_at becoming null on Update (#43654)
• resource/aws_ec2_managed_prefix_list: Fix PrefixListVersionMismatch: The prefix list has the incorrect version number errors when updating entry description (#43661)
• resource/aws_fsx_lustre_file_system: Fix validation of SSD read cache size for file systems using the Intelligent-Tiering storage class (#43605)
• resource/aws_instance: Prevent destruction of resource when disable_api_termination is true (#43722)
• resource/aws_kms_key: Restore pre-v6.3.0 retry delay behavior when waiting for continuous target state occurrences. This fixes certain tag update timeouts (#43716)
• resource/aws_s3tables_table_bucket: Fix crash on maintenance_configuration read failure (#43707)

... (truncated)

• 356433c Prepare release v6.8.0 (#43754)
• 5296c44 Update CHANGELOG.md for #43751
• 56c658a Merge pull request #43751 from hashicorp/b-sagemaker_image_name
• 6537992 Update CHANGELOG.md for #43597
• bbeaeae Merge pull request #43597 from hashicorp/f-wafv2-web-acl-data-source
• 0c98271 Fix golangci-lint 'ineffassign,staticcheck(SA4006),wastedassign'.
• 88825b5 d/aws_wafv2_web_acl: Use 'cloudfront.FindDistributionByID'.
• 9dffc8d cloudfront: Export 'FindDistributionByID'.
• f62b72d Use 'listWebACLsPages'.
• 0501ddb Update CHANGELOG.md for #43744
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions