Terraform AWS Provider v6.53.0: New Bedrock features, breaking changes, and enhancements
Terraform AWS Provider v6.53.0 introduces new data sources and resources for AWS Bedrock, alongside breaking changes in Pinpoint SMS Voice V2 phone number management. It also includes several enhancements and bug fixes across services like API Gateway, ECS, and CloudWatch. Users should review the breaking changes and deprecations for potential impact on their infrastructure as code.
- →New Data Source: aws_bedrock_foundation_model_agreement_offers
- →New Data Source: aws_bedrock_use_case_for_model_access
- →New Data Source: aws_ec2_capacity_block_reservation
- →New List Resource: aws_pinpointsmsvoicev2_pool
- →New Resource: aws_bedrock_foundation_model_agreement
Breaking changes (1) ›
- aws_pinpointsmsvoicev2_phone_number
Remove provider-side defaults for opt_out_list_name and two_way_channel_enabled in favor of AWS server-side defaults (Default and false respectively). Configurations that omit these attributes will now show (known after apply) on first plan instead of the previous static value; the post-apply state is unchanged. This change mitigates persistent drift when the phone number is managed by an aws_pinpointsmsvoicev2_pool
Features (7) ›
- aws_bedrock_foundation_model_agreement_offers New Data Source: aws_bedrock_foundation_model_agreement_offers
- aws_bedrock_use_case_for_model_access New Data Source: aws_bedrock_use_case_for_model_access
- aws_ec2_capacity_block_reservation New Data Source: aws_ec2_capacity_block_reservation
- aws_pinpointsmsvoicev2_pool New List Resource: aws_pinpointsmsvoicev2_pool
- aws_bedrock_foundation_model_agreement New Resource: aws_bedrock_foundation_model_agreement
- aws_bedrock_use_case_for_model_access New Resource: aws_bedrock_use_case_for_model_access
- aws_pinpointsmsvoicev2_pool New Resource: aws_pinpointsmsvoicev2_pool
Enhancements (19) ›
- aws_api_gateway_rest_api Add security_policy and endpoint_access_mode attributes
- aws_msk_cluster Add customer_action_status attribute
- aws_api_gateway_rest_api Add security_policy and endpoint_access_mode arguments
- aws_bedrockagentcore_browser Add browser_signing, certificate, and enterprise_policy configuration blocks
- aws_bedrockagentcore_code_interpreter Add certificate argument
- aws_cloudwatch_composite_alarm Add Resource Identity support
- aws_cloudwatch_contributor_insight_rule Add Resource Identity support
- aws_cloudwatch_contributor_insight_rule Add plan-time validation of rule_definition
- aws_cloudwatch_contributor_insight_rule Change rule_state to Optional and Computed
- aws_cloudwatch_contributor_managed_insight_rule Add Resource Identity support
- aws_cloudwatch_contributor_managed_insight_rule Add plan-time validation of resource_arn and template_name
- aws_cloudwatch_dashboard Add Resource Identity support
- aws_cloudwatch_metric_stream Add Resource Identity support
- aws_default_vpc Add resource identity support
- aws_msk_cluster Add customer_action_status attribute
- aws_pinpointsmsvoicev2_phone_number Add force_disassociate argument
- aws_securityhub_automation_rule Deprecates id in favor of arn
- aws_ssmcontacts_rotation Deprecates id in favor of arn
- aws_ssoadmin_trusted_token_issuer Deprecates id in favor of arn
Fixes (10) ›
- aws_codeartifact_authorization_token Mark authorization_token as sensitive
- aws_cloudwatch_contributor_managed_insight_rule Mark resource_arn, tags and template_name as ForceNew
- aws_default_vpc Fix provider panic (nil pointer dereference) when importing via an import block or terraform import
- aws_ecs_capacity_provider
Return the underlying error immediately instead of timing out after 20 minutes when deleting a capacity provider that is still associated with a cluster
- aws_iam_user Handle InvalidAction errors in partitions where access key cleanup operations are not supported
- aws_instance Fix perpetual diff when instance_market_options.market_type is set to capacity-block
- aws_lightsail_bucket_access_key Mark secret_access_key as sensitive
- aws_lightsail_key_pair Mark private_key as sensitive
- aws_route53_record Fix the type attribute to no longer force resource replacement on change
- aws_sqs_queue Reduce the wait time for queue deletion. This fixes a regression introduced in v6.34.0
Notes (3) ›
list-resource/aws_bedrockagentcore_registry: This resource is deprecated. AWS Agent Registry is currently available in public preview. On August 6, 2026) this functionality will move from the bedrock-agentcore namespace to the agent-registry namespace. The aws_bedrockagentcore_browser resource will continue to work until September 17, 2026
- aws_bedrockagentcore_registry
This resource is deprecated. AWS Agent Registry is currently available in public preview. On August 6, 2026) this functionality will move from the bedrock-agentcore namespace to the agent-registry namespace. The aws_bedrockagentcore_browser resource will continue to work until September 17, 2026
- aws_ecs_capacity_provider
When a change forces replacement of a capacity provider that is associated with a cluster via aws_ecs_cluster_capacity_providers, add a replace_triggered_by lifecycle rule to the association so the old capacity provider is detached before it is deleted
https://github.com/hashicorp/terraform-provider-aws/releases/tag/v6.53.0