Skip to content

chore(deps): update terraform aws to v6.46.0#1821

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/aws-6.x
Open

chore(deps): update terraform aws to v6.46.0#1821
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/aws-6.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 18, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
aws (source) required_provider minor 6.44.06.46.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

hashicorp/terraform-provider-aws (aws)

v6.46.0

Compare Source

NOTES:

  • resource/aws_xray_resource_policy: Changes to policy_name now force resource recreation. Technically this is a breaking change but the resource did not function correctly previously; updating policy_name would leave an orphaned policy with the old name in AWS (#​47948)

FEATURES:

  • New List Resource: aws_bedrockagentcore_harness (#​47725)
  • New List Resource: aws_iam_access_key (#​47966)
  • New List Resource: aws_observabilityadmin_telemetry_rule_for_organization (#​47920)
  • New List Resource: aws_route53_vpc_association_authorization (#​47905)
  • New List Resource: aws_route53_zone_association (#​47950)
  • New List Resource: aws_securityhub_automation_rule_v2 (#​47677)
  • New Resource: aws_bedrockagentcore_harness (#​47725)
  • New Resource: aws_observabilityadmin_telemetry_rule_for_organization (#​47920)
  • New Resource: aws_securityhub_automation_rule_v2 (#​47677)
  • New Resource: aws_xray_indexing_rule (#​47975)
  • New Resource: aws_xray_trace_segment_destination (#​47961)

ENHANCEMENTS:

  • data-source/aws_ec2_local_gateway_virtual_interface: Add outpost_lag_id and local_gateway_virtual_interface_group_id attributes (#​47974)
  • data-source/aws_opensearch_domain: Add jwt_options block to fix "Invalid address to set" error (#​47874)
  • resource/aws_bedrockagent_agent: Increase maximum value of idle_session_ttl_in_seconds from 3600 to 5400 to match the AWS API limit (#​47890)
  • resource/aws_bedrockagentcore_agent_runtime: Add filesystem_configuration argument for mounting session storage, Amazon S3 Files access points, or Amazon EFS access points into the agent runtime (#​47810)
  • resource/aws_cloudfront_distribution: Add cache_tag_config configuration block (#​47872)
  • resource/aws_iam_access_key: Add resource identity support (#​47966)
  • resource/aws_route53_vpc_association_authorization: Add resource identity support (#​47905)
  • resource/aws_route53_zone_association: Add resource identity support (#​47950)
  • resource/aws_vpclattice_resource_gateway: Add resource_config_dns_resolution argument (#​47879)
  • resource/aws_xray_resource_policy: Add Resource Identity support (#​47948)
  • resource/aws_xray_sampling_rule: Add Resource Identity support (#​47948)

BUG FIXES:

  • resource/aws_s3_bucket: Defer to the corresponding dedicated standalone resource for each deprecated nested attribute (acceleration_status, acl, cors_rule, grant, lifecycle_rule, logging, object_lock_configuration, policy, replication_configuration, request_payer, server_side_encryption_configuration, versioning, website) when the attribute is not set in configuration, preventing similar fights between the bucket resource and its standalone counterparts (#​47962)
  • resource/aws_s3_bucket: Fix InvalidRequest: SourceSelectionCriteria cannot be empty errors on unrelated updates (e.g. tags) when replication is managed by the dedicated aws_s3_bucket_replication_configuration resource using replica_modifications (#​47962)
  • resource/aws_xray_resource_policy: Fix Provider returned invalid result object after apply errors on Update (#​47948)
  • resource/aws_xray_resource_policy: Mark policy_name as as ForceNew (#​47948)

v6.45.0

Compare Source

FEATURES:

  • New List Resource: aws_observabilityadmin_telemetry_rule (#​47857)
  • New List Resource: aws_securityhub_connector_v2 (#​47678)
  • New Resource: aws_observabilityadmin_telemetry_evaluation (#​47799)
  • New Resource: aws_observabilityadmin_telemetry_evaluation_for_organization (#​47808)
  • New Resource: aws_observabilityadmin_telemetry_rule (#​47857)
  • New Resource: aws_securityhub_aggregator_v2 (#​47651)
  • New Resource: aws_securityhub_connector_v2 (#​47678)

ENHANCEMENTS:

  • resource/aws_lambda_function: Add support for ruby4.0 as a runtime value (#​47841)
  • resource/aws_lambda_function: Support mounting Amazon S3 buckets as file systems with S3 Files (#​47838)
  • resource/aws_lambda_layer_version: Add support for ruby4.0 as a compatible_runtimes value (#​47841)
  • resource/aws_secretsmanager_secret_version: Allow switching from secret_string to secret_string_wo without re-creating the resource. (#​47815)
  • resource/aws_timestreaminfluxdb_db_instance: Add maintenance_schedule configuration block (#​47853)

BUG FIXES:

  • resource/aws_elasticache_cluster: Fixed by removing valkey as an engine option to keep an alignment with aws sdk CreateCacheCluster (#​45017)
  • resource/aws_elasticache_replication_group: Fix engine_version returning full patch version instead of minor version for Valkey engine (#​46109)
  • resource/aws_elasticache_replication_group: Fix engine, engine_version, and parameter_group_name changes being ignored after disassociating from a global replication group (#​46109)
  • resource/aws_grafana_workspace: Fix network_access_control regression causing ValidationException when only one of vpce_ids or prefix_list_ids is set (#​47646)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/aws-6.x branch 6 times, most recently from e753ca3 to dbcea9b Compare May 19, 2026 06:03
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026

Caution

🩺 Integration diagnosis — mode: upgrade, phase: baseline

Commit: dbcea9b · Run: #26079408766

Likely cause: The kube-prometheus-stack HelmRelease on main sets prometheus-node-exporter.image.tag to a value that embeds a digest (v1.11.1@sha256:0f422f62c15f154af8d8572b23d623aebfb10cec73a5c654d18f911f3f9df241); the sub-chart template then appends its -distroless suffix, producing the unparseable image reference quay.io/prometheus/node-exporter:v1.11.1@sha256:....-distroless, which blocks the node-exporter DaemonSet from starting and causes windsor up to time out.

Evidence: The kube-prometheus-stack-prometheus-node-exporter-7zdbd pod in system-telemetry has been stuck in InvalidImageName since cluster start (72 InspectFailed events over 15 minutes): couldn't parse image name "quay.io/prometheus/node-exporter:v1.11.1@sha256:0f422f62c15f154af8d8572b23d623aebfb10cec73a5c654d18f911f3f9df241-distroless": invalid reference format. The HelmRelease spec confirms the malformed value: {"digest":"","tag":"v1.11.1@sha256:0f422f62c15f154af8d8572b23d623aebfb10cec73a5c654d18f911f3f9df241"}. All other Flux Kustomizations and HelmReleases reconciled successfully against main@sha1:d2e5ef2fbd81fe945f6b40323291a388a94a455d, confirming this failure is confined to the baseline (main) and unrelated to this PR's changes. A secondary issue — kubelet-serving-cert-approver in CrashLoopBackOff (7 restarts, exit 137) with Timeout: failed waiting for *v1.CertificateSigningRequest Informer to sync — is likely a downstream effect of the cluster not fully stabilising.

Suggested next step: Triage main, not this PR — fix the prometheus-node-exporter image tag on main by separating the digest from the tag (set tag: v1.11.1 and digest: sha256:0f422f62c15f154af8d8572b23d623aebfb10cec73a5c654d18f911f3f9df241 in the prometheus-node-exporter values, or remove the digest pin entirely).

Live read-only inspection by Claude. Support bundle attached to the run artifacts.

@renovate renovate Bot force-pushed the renovate/aws-6.x branch 10 times, most recently from 3b02159 to 6b942b0 Compare May 20, 2026 21:52
@renovate renovate Bot changed the title chore(deps): update terraform aws to v6.45.0 chore(deps): update terraform aws to v6.46.0 May 20, 2026
@renovate renovate Bot force-pushed the renovate/aws-6.x branch 10 times, most recently from 2e7c63f to c5736c9 Compare May 22, 2026 10:45
@renovate renovate Bot force-pushed the renovate/aws-6.x branch from c5736c9 to b931f9a Compare May 22, 2026 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants