v1.0.0

In the v1.0.0 release, we've upgraded the underlying Terraform provider version from v4.67.0 to v5.31.0.
Explore the API Changes section below for a concise overview of the modifications introduced by this version bump. Conversion function support has been incorporated to address significant API changes. Kindly refer to the #1118 for more details on these updates.

This release is based on Upjet v1.1.0, which implements an external client for Terraform Plugin Framework resources for the first time. Terraform Plugin Framework is successor to Terraform Plugin SDKv2. Before this release, Plugin Framework resources used to be reconciled with Terraform CLI. Now that we use Upjet's external client to reconcile these resources, we no longer need Terraform CLI. Upbound provider-aws v1.0.0 runtime doesn't contain Terraform CLI. Accordingly we also deprecated all the process-forking related command-line flags. The full list of the deprecated command-line flags is as follows:

• --terraform-version
• --terraform-provider-version
• --terraform-native-provider-path
• --terraform-provider-source
• --provider-ttl

Using these flags will be non-functional and you will receive log messages similar to the following, if you pass any of these deprecated command-line flags to the provider.

warning: Command-line flag "terraform-version" is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).
warning: Command-line flag "terraform-provider-source" is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).
warning: Command-line flag "terraform-provider-version" is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).
warning: Command-line flag "provider-ttl" is deprecated and no longer used. It will be removed in a future release. Please remove it from all of your configurations (ControllerConfigs, etc.).

Our users are advised to remove any of these deprecated command-line flags from their configurations (ControllerConfigs, etc.) because the deprecated command-line flags will be removed in a future release of the provider.

The release brings forth support for generating multi-version Custom Resource Definitions (CRDs) and CRD conversion webhooks. This enhancement is accompanied by the integration of v1beta2 version support into the following specified resources.

Warning

Downgrades to lower major versions are not supported.

In addition, there are some bug fixes, adding a new resource and updates to dependencies,
some of the important ones are given below.

Support for the v1beta2 of the Following Resources

• Attachment.autoscaling.aws.upbound.io/v1beta2
• AutoscalingGroup.autoscaling.aws.upbound.io/v1beta2
• HoursOfOperation.connect.aws.upbound.io/v1beta2
• Queue.connect.aws.upbound.io/v1beta2
• RoutingProfile.connect.aws.upbound.io/v1beta2
• Instance.rds.aws.upbound.io/v1beta2
• ReplicationGroup.elasticache.aws.upbound.io/v1beta2
• Cluster.kafka.aws.upbound.io/v1beta2
• Route.ec2.aws.upbound.io/v1beta2

Support for New Resource

• PodIdentityAssociation.eks.aws.upbound.io/v1beta1 #1120

Bug Fixes and Enhancements

• [DocDB] - Add autoGeneratePassword feature #1105
• Elasticache ReplicationGroup fails when engineVersion is provided #1071
• timestream-write: add support for customer-defined partition keys #1006
• Cluster.docdb.aws.upbound.io/v1beta1 : Provide password details as connection secret #1077
• v0.46.0 broke localstack config #1063
• AWS Secrets Manager Provider Constantly Adds and Deletes Regional Replication #1079

API Changes

• CertificateAuthority.acmpca.aws.upbound.io/v1beta1 => status.atProvider.status has been deleted.
• RestAPI.apigateway.aws.upbound.io/v1beta1 => spec.forProvider.minimumCompressionSize type changed from number to string.
• LaunchConfiguration.autoscaling.aws.upbound.io/v1beta1 => spec.forProvider.{vpcClassicLinkSecurityGroups,vpcClassicLinkId} have been deleted.
• Attachment.autoscaling.aws.upbound.io/v1beta1 => spec.forProvider.albTargetGroupArn has been replaced with spec.forProvider.lbTargetGroupArn.
• AutoscalingGroup.autoscaling.aws.upbound.io/v1beta1 => spec.forProvider.tags has been replaced with spec.forProvider.tag.
• Budget.budgets.aws.upbound.io/v1beta1 => spec.forProvider.costFilters has been replaced with spec.forProvider.costFilter.
• HoursOfOperation.connect.aws.upbound.io/v1beta1 => status.atProvider.hoursOfOperationArn has been replaced with status.atProvider.arn.
• Queue.connect.aws.upbound.io/v1beta1 => status.atProvider.quickConnectIdsAssociated has been replaced with status.atProvider.quickConnectIds.
• RoutingProfile.connect.aws.upbound.io/v1beta1 => status.atProvider.queueConfigsAssociated has been replaced with status.atProvider.queueConfigs.
• Connection.directconnect.aws.upbound.io/v1beta1 => status.atProvider.vlanId type changed from string to number.
• Endpoint.dms.aws.upbound.io/v1beta1 => spec.forProvider.s3Settings.ignoreHeadersRow has been deleted.
• EventSubscription.dms.aws.upbound.io/v1beta1 => spec.forProvider.{sourceIds,sourceType} are new required fields.
• DefaultVPC.ec2.aws.upbound.io/v1beta1 => spec.forProvider.{enableClassiclink,enableClassiclinkDnsSupport} have been deleted.
• Route.ec2.aws.upbound.io/v1beta1 => spec.forProvider.instanceId has been deleted, use spec.forProvider.networkInterfaceId.
• RouteTable.ec2.aws.upbound.io/v1beta1 => status.atProvider.route.instanceId has been deleted, use status.atProvider.route.networkInterfaceId instead.
• VPCPeeringConnectionAccepter.ec2.aws.upbound.io/v1beta1 => spec.forProvider.accepter.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted. spec.forProvider.requester.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted.
• VPCPeeringConnectionOptions.ec2.aws.upbound.io/v1beta1 => spec.forProvider.accepter.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted. spec.forProvider.requester.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted.
• VPCPeeringConnection.ec2.aws.upbound.io/v1beta1 => status.atProvider.accepter.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted. status.atProvider.requester.{allowClassicLinkToRemoteVpc,allowVpcToRemoteClassicLink} have been deleted.
• VPC.ec2.aws.upbound.io/v1beta1 => spec.forProvider.{enableClassiclink,enableClassiclinkDnsSupport} have been deleted.
• Cluster.ecs.aws.upbound.io/v1beta1 => spec.forProvider.defaultCapacityProviderStrategy has been deleted. status.atProvider.{capacityProviders,defaultCapacityProviderStrategy} have been deleted.
• Cluster.elasticache.aws.upbound.io/v1beta1 => spec.forProvider.securityGroupNames has been deleted.
• ReplicationGroup.elasticache.aws.upbound.io/v1beta1 => spec.forProvider.clusterMode has been deleted, use spec.forProvider.numNodeGroups and spec.forProvider.replicasPerNodeGroup instead. spec.forProvider.availabilityZones has been replaced with spec.forProvider.preferredCacheClusterAzs. spec.forProvider.numberCacheClusters has been replaced with spec.forProvider.numCacheClusters. spec.forProvider.replicationGroupDescription has been replaced with spec.forProvider.description.
• DeliveryStream.firehose.aws.upbound.io/v1beta1 => spec.forProvider.s3Configuration has been replaced with: spec.forProvider.elasticsearchConfiguration.s3Configuration,
  spec.forProvider.opensearchConfigurations.3Configuration, spec.forProvider.redshiftConfiguration.s3Configuration,
  spec.forProvider.splunkConfiguration.s3Configuration and spec.forProvider.httpEndpointConfiguration.s3Configuration.
  spec.forProvider.destination value s3 has been replaced with extended_s3.
  spec.forProvider.extendedS3Configuration.bufferInterval has been replaced with spec.forProvider.extendedS3Configuration.bufferingInterval.
  spec.forProvider.extendedS3Configuration.bufferSize has been replaced with spec.forProvider.extendedS3Configuration.bufferingSize.
  spec.forProvider.extendedS3Configuration.s3BackupConfiguration.bufferInterval has been replaced with
  spec.forProvider.extendedS3Configuration.s3BackupConfiguration.bufferingInterval.
  spec.forProvider.extendedS3Configuration.s3BackupConfiguration.bufferSize has been replaced with
  spec.forProvider.extendedS3Configuration.s3BackupConfiguration.bufferingSize.
• Role.iam.aws.upbound.io/v1beta1 => status.atProvider.roleLastUsed has been deleted.
• Cluster.kafka.aws.upbound.io/v1beta1 => spec.forProvider.brokerNodeGroupInfo.ebsVolumeSize has been deleted, use spec.forProvider.brokerNodeGroupInfo.storageInfo.ebsStorageInfo.volumeSize instead.
• Instance.lightsail.aws.upbound.io/v1beta1 => status.atProvider.ipv6Address has been deleted, use status.atProvider.ipv6Addresses instead.
• Channel.medialive.aws.upbound.io/v1beta1 => Various schema changes in spec.forProvider.inputAttachments.inputSettings.audioSelector and
  spec.forProvider.inputAttachments.inputSettings.captionSelector.
• **`CoreNetw...

v0.47.1

This release changes assume_role_with_web_identity provider configuration value from a map to a list as expected by the corresponding Terraform provider schema addressing #1054, and fixes issues #807, #828, and #1049 related to the UserPoolClient.cognitoidp resource.

What's Changed

• [Backport release-0.47] Make assume_role_with_web_identity provider configuration value a list by @github-actions in #1058
• [Backport release-0.47] (bugfix) Fix cognito user pool client orphaned resources by @github-actions in #1059

Full Changelog: v0.47.0...v0.47.1

v0.46.2

This release changes assume_role_with_web_identity provider configuration value from a map to a list as expected by the corresponding Terraform provider schema addressing #1054, and fixes issues #807, #828, and #1049 related to the UserPoolClient.cognitoidp resource.

What's Changed

• [Backport release-0.46] Make assume_role_with_web_identity provider configuration value a list by @github-actions in #1057
• [Backport release-0.46] (bugfix) Fix cognito user pool client orphaned resources by @ulucinar in #1060

Full Changelog: v0.46.1...v0.46.2

v0.47.0

The release includes some bug fixes, adding new resources, and updates to dependencies, with the most significant ones detailed below.

• Generates reference fields for the spec.initProvider of all resources which fixes #994
• Fixes the issue Cluster eks.aws.upbound.io unable to select subnetIds
• Support for new resources: TopicRuleDestination.iot and Endpoint.sagemaker

What's Changed

• Add iot TopicRuleDestination to v1beta1 by @mbbush in #1015
• Bump Go to v1.21 by @ulucinar in #1035
• Reconcile aws_appconfig_environment using the TF SDK-based external client by @ulucinar in #1038
• Bump crddiff to v0.8.0 by @ulucinar in #1040
• Update actions/upload-artifact action to v4 by @renovate in #1025
• Update module golang.org/x/crypto to v0.17.0 [SECURITY] by @renovate in #1036
• Update kubernetes packages to v0.29.0 by @renovate in #1023
• Add examples for fifo SNS topics by @mbbush in #1031
• Add references to Cognito UserPool by @mbbush in #1022
• Sagemaker Endpoint Resource by @blakeromano in #1034
• Generate reference fields for the spec.initProvider of all resources by @ulucinar in #1046

New Contributors

• @blakeromano made their first contribution in #1034

Full Changelog: v0.46.1...v0.47.0

v0.46.1

v0.46.1 is a patch release where we address the two important issues reported in #1010 and #1018. #1010 has been resolved by immediately caching the Terraform state available in the result of the create operation even if it has failed. This allows us to recover the ID of a newly provisioned resource if the create SDK call has been successful but any subsequent steps have failed in the create operation. The issue reported in #1018 has been caused by some recent changes in v0.46.0, which resulted in configuration sharing between multiple managed resources. The resolution was to prevent the unintended configuration sharing. The provider family's config package is available as xpkg.upbound.io/upbound/provider-family-aws:v0.46.1.

What's Changed

• [release-0.46] Backport #1024 by @ulucinar in #1030

Full Changelog: v0.46.0...v0.46.1

v0.46.0

The release includes some bug fixes, adding a new family provider provider-aws-identitystore, adding new resources, and updates to dependencies, with the most significant ones detailed below.

• Support for new resources: Group.identitystore, GroupMembership.identitystore, User.identitystore, CustomerManagedPolicyAttachment.ssoadmin, InstanceAccessControlAttributes.ssoadmin and PermissionsBoundaryAttachment.ssoadmin
• Fixed the limitation of assumeRoleChain configs for the new TF-SDK based AWS provider (v0.44.0 onwards), reported in issue #998. Arbitrary lengths of role chains are supported.
• Refactored getAWSConfig calls in the external client code to make single call per connect, reducing the AWS STS calls. Remedies the issues reported in #997

What's Changed

• Update alpine Docker tag to v3.18.5 by @renovate in #996
• fix(late-init): Lambda Permission: statement_id_prefix late initialization problem by @haarchri in #1004
• Update actions/setup-go action to v5 by @renovate in #1012
• Add full support for SSO resources by @mbbush in #928
• handle assumeRoleChain config with length > 1 in no-fork clients by @erhancagirici in #1002
• Update alpine Docker tag to v3.19.0 by @renovate in #1016
• refactor external client to make single getAWSConfig call per connect by @erhancagirici in #1003

Full Changelog: v0.45.0...v0.46.0

v0.45.0

The release includes some bug fixes, adding a new resource, and updates to dependencies, with the most significant ones detailed below.

• Addresses this issue by fixing the external name configuration of the TransitGatewayVPCAttachmentAccepter resource.
• Adds missing support for configuring custom AWS service endpoints in the AWS provider config for the new TF-SDK based AWS provider (v0.44.0 onwards), reported by #971. This allows configuring non-default AWS service endpoints or endpoints of AWS-compatible solutions (like Localstack).
• Adds the LBListenerCertificate.elbv2 resource.

What's Changed

• README.md: add instruction to build, publish and install by @sttts in #942
• fix: allow using custom AMI by @moolen in #977
• Bump golangci-lint to v1.55.2 by @ulucinar in #979
• added endpoint and arn to docdb cluster secret by @ahmedali6 in #950
• Fix external name configuration of TransitGatewayVPCAttachmentAccepter resource by @sergenyalcin in #982
• elbv2: add aws_lb_listener_certificate to v1beta1 by @phyrog in #984
• Update k8s.io/utils digest to b307cd5 by @renovate in #980
• add support for endpoint configuration of no-fork external client by @erhancagirici in #989

New Contributors

• @sttts made their first contribution in #942
• @moolen made their first contribution in #977
• @phyrog made their first contribution in #984
• @erhancagirici made their first contribution in #989

Full Changelog: v0.44.0...v0.45.0

v0.42.1

This release backports the PR addressing the regression related to IAM roles and role policy attachments introduced in version 0.40.0

After upgrading from the affected version to this version, make sure to unset the spec.forProvider.managedPolicyArns value from any Role.iam.aws.upbound.io managed resources that you want to be able to use RolePolicyAttachment resources to attach policies to. You will need to run a script like the following as suggested by @mbbush in this comment.

kubectl get role.iam.aws.upbound.io -o name | xargs kubectl patch --dry-run=server --patch '[{"op":"remove","path":"/spec/forProvider/managedPolicyArns"}]' --type=json

What's Changed

• [release-0.42] Backport #933 by @turkenf in #993

Full Changelog: v0.42.0...v0.42.1

v0.41.1

This release backports the PR addressing the regression related to IAM roles and role policy attachments introduced in version 0.40.0

After upgrading from the affected version to this version, make sure to unset the spec.forProvider.managedPolicyArns value from any Role.iam.aws.upbound.io managed resources that you want to be able to use RolePolicyAttachment resources to attach policies to. You will need to run a script like the following as suggested by @mbbush in this comment.

kubectl get role.iam.aws.upbound.io -o name | xargs kubectl patch --dry-run=server --patch '[{"op":"remove","path":"/spec/forProvider/managedPolicyArns"}]' --type=json

What's Changed

• [release-0.41] Backport #933 by @turkenf in #992

Full Changelog: v0.41.0...v0.41.1

v0.40.1

This release backports the PR addressing the regression related to IAM roles and role policy attachments introduced in version 0.40.0

After upgrading from the affected version to this version, make sure to unset the spec.forProvider.managedPolicyArns value from any Role.iam.aws.upbound.io managed resources that you want to be able to use RolePolicyAttachment resources to attach policies to. You will need to run a script like the following as suggested by @mbbush in this comment.

kubectl get role.iam.aws.upbound.io -o name | xargs kubectl patch --dry-run=server --patch '[{"op":"remove","path":"/spec/forProvider/managedPolicyArns"}]' --type=json

What's Changed

• [release-0.40] Backport #933 by @turkenf in #991

Full Changelog: v0.40.0...v0.40.1