Terraform AWS Provider Version 2 Upgrade Guide
Version 2.0.0 of the AWS provider for Terraform is a major release and includes some changes that you will need to consider when upgrading. This guide is intended to help with that process and focuses only on changes from version 1.60.0 to version 2.0.0.
Most of the changes outlined in this guide have been previously marked as deprecated in the Terraform plan/apply output throughout previous provider releases. These changes, such as deprecation notices, can always be found in the Terraform AWS Provider CHANGELOG.
Upgrade topics:
- Provider Version Configuration
- Provider: Configuration
- Data Source: aws_ami
- Data Source: aws_ami_ids
- Data Source: aws_iam_role
- Data Source: aws_kms_secret
- Data Source: aws_lambda_function
- Data Source: aws_region
- Resource: aws_api_gateway_api_key
- Resource: aws_api_gateway_integration
- Resource: aws_api_gateway_integration_response
- Resource: aws_api_gateway_method
- Resource: aws_api_gateway_method_response
- Resource: aws_appautoscaling_policy
- Resource: aws_autoscaling_policy
- Resource: aws_batch_compute_environment
- Resource: aws_cloudfront_distribution
- Resource: aws_cognito_user_pool
- Resource: aws_dx_lag
- Resource: aws_ecs_service
- Resource: aws_efs_file_system
- Resource: aws_elasticache_cluster
- Resource: aws_iam_user_login_profile
- Resource: aws_instance
- Resource: aws_lambda_function
- Resource: aws_lambda_layer_version
- Resource: aws_network_acl
- Resource: aws_redshift_cluster
- Resource: aws_route_table
- Resource: aws_route53_record
- Resource: aws_route53_zone
- Resource: aws_wafregional_byte_match_set
Provider Version Configuration
-> Before upgrading to version 2.0.0 or later, it is recommended to upgrade to the most recent 1.X version of the provider (version 1.60.0) and ensure that your environment successfully runs terraformPlan without unexpected changes or deprecation notices.
We recommend using version constraints when configuring Terraform providers. If you are following that recommendation, update the version constraints in your Terraform configuration and run terraformInit to download the new version.
Update to latest 1.X version:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.provider.AwsProvider(this, "aws", {});
Update to latest 2.X version:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.provider.AwsProvider(this, "aws", {});
Provider: Configuration
skip_requesting_account_id Argument Now Required to Skip Account ID Lookup Errors
If the provider is unable to determine the AWS account ID from a provider assume role configuration or the STS GetCallerIdentity call used to verify the credentials (if skipCredentialsValidation =False), it will attempt to lookup the AWS account ID via EC2 metadata, IAM GetUser, IAM ListRoles, and STS GetCallerIdentity. Previously, the provider would silently allow the failure of all the above methods.
The provider will now return an error to ensure operators understand the implications of the missing AWS account ID in the provider.
If necessary, the AWS account ID lookup logic can be skipped via:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.provider.AwsProvider(this, "aws", {
skipRequestingAccountId: true,
});
Data Source: aws_ami
owners Argument Now Required
The owners argument is now required. Specifying ownerId or ownerAlias under filter does not satisfy this requirement.
Data Source: aws_ami_ids
owners Argument Now Required
The owners argument is now required. Specifying ownerId or ownerAlias under filter does not satisfy this requirement.
Data Source: aws_iam_role
assume_role_policy_document Attribute Removal
Switch your attribute references to the assumeRolePolicy attribute instead.
role_id Attribute Removal
Switch your attribute references to the uniqueId attribute instead.
role_name Argument Removal
Switch your Terraform configuration to the name argument instead.
Data Source: aws_kms_secret
Data Source Removal and Migrating to aws_kms_secrets Data Source
The implementation of the awsKmsSecret data source, prior to Terraform AWS provider version 2.0.0, used dynamic attribute behavior which is not supported with Terraform 0.12 and beyond (full details available in this GitHub issue).
Terraform configuration migration steps:
- Change the data source type from
awsKmsSecrettoawsKmsSecrets - Change any attribute reference (e.g.,
"${dataAwsKmsSecretExampleAttribute}") fromattributetoplaintext["attribute"]
As an example, lets take the below sample configuration and migrate it.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsKmsSecretExample = new aws.dataAwsKmsSecret.DataAwsKmsSecret(
this,
"example",
{
secret: [
{
name: "master_password",
payload: "AQEC...",
},
{
name: "master_username",
payload: "AQEC...",
},
],
}
);
const awsRdsClusterExample = new aws.rdsCluster.RdsCluster(this, "example_1", {
masterPassword: dataAwsKmsSecretExample.masterPassword,
masterUsername: dataAwsKmsSecretExample.masterUsername,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRdsClusterExample.overrideLogicalId("example");
Notice that the awsKmsSecret data source previously was taking the two secret configuration block name arguments and generating those as attribute names (masterPassword and masterUsername in this case). To remove the incompatible behavior, this updated version of the data source provides the decrypted value of each of those secret configuration block name arguments within a map attribute named plaintext.
Updating the sample configuration from above:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsKmsSecretsExample = new aws.dataAwsKmsSecrets.DataAwsKmsSecrets(
this,
"example",
{
secret: [
{
name: "master_password",
payload: "AQEC...",
},
{
name: "master_username",
payload: "AQEC...",
},
],
}
);
const awsRdsClusterExample = new aws.rdsCluster.RdsCluster(this, "example_1", {
masterPassword: `\${${dataAwsKmsSecretsExample.plaintext.fqn}["master_password"]}`,
masterUsername: `\${${dataAwsKmsSecretsExample.plaintext.fqn}["master_username"]}`,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRdsClusterExample.overrideLogicalId("example");
Data Source: aws_lambda_function
arn and qualified_arn Attribute Behavior Changes
The arn attribute now always returns the unqualified (no :qualifier or :version suffix) ARN value and the qualifiedArn attribute now always returns the qualified (includes :qualifier or :version suffix) ARN value. Previously by default, the arn attribute included :$latest suffix when not setting the optional qualifier argument, which was not compatible with many other resources. To restore the previous default behavior, set the qualifier argument to $latest and reference the qualifiedArn attribute.
Data Source: aws_region
current Argument Removal
Simply remove current =True from your Terraform configuration. The data source defaults to the current provider region if no other filtering is enabled.
Resource: aws_api_gateway_api_key
stage_key Argument Removal
Since the API Gateway usage plans feature was launched on August 11, 2016, usage plans are now required to associate an API key with an API stage. To migrate your Terraform configuration, the AWS provider implements support for usage plans with the following resources:
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsApiGatewayRestApiExample = new aws.apiGatewayRestApi.ApiGatewayRestApi(
this,
"example",
{
name: "example",
}
);
const awsApiGatewayDeploymentExample =
new aws.apiGatewayDeployment.ApiGatewayDeployment(this, "example_1", {
restApiId: awsApiGatewayRestApiExample.id,
stageName: "example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayDeploymentExample.overrideLogicalId("example");
const awsApiGatewayApiKeyExample = new aws.apiGatewayApiKey.ApiGatewayApiKey(
this,
"example_2",
{
name: "example",
stage_key: [
{
rest_api_id: awsApiGatewayRestApiExample.id,
stage_name: awsApiGatewayDeploymentExample.stageName,
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayApiKeyExample.overrideLogicalId("example");
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsApiGatewayApiKeyExample = new aws.apiGatewayApiKey.ApiGatewayApiKey(
this,
"example",
{
name: "example",
}
);
const awsApiGatewayRestApiExample = new aws.apiGatewayRestApi.ApiGatewayRestApi(
this,
"example_1",
{
name: "example",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayRestApiExample.overrideLogicalId("example");
const awsApiGatewayDeploymentExample =
new aws.apiGatewayDeployment.ApiGatewayDeployment(this, "example_2", {
restApiId: awsApiGatewayRestApiExample.id,
stageName: "example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayDeploymentExample.overrideLogicalId("example");
const awsApiGatewayUsagePlanExample =
new aws.apiGatewayUsagePlan.ApiGatewayUsagePlan(this, "example_3", {
apiStages: [
{
apiId: awsApiGatewayRestApiExample.id,
stage: awsApiGatewayDeploymentExample.stageName,
},
],
name: "example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayUsagePlanExample.overrideLogicalId("example");
const awsApiGatewayUsagePlanKeyExample =
new aws.apiGatewayUsagePlanKey.ApiGatewayUsagePlanKey(this, "example_4", {
keyId: awsApiGatewayApiKeyExample.id,
keyType: "API_KEY",
usagePlanId: awsApiGatewayUsagePlanExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayUsagePlanKeyExample.overrideLogicalId("example");
Resource: aws_api_gateway_integration
request_parameters_in_json Argument Removal
Switch your Terraform configuration to the requestParameters argument instead.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apiGatewayIntegration.ApiGatewayIntegration(this, "example", {
request_parameters_in_json:
'{\n "integration.request.header.X-Authorization": "\'static\'"\n}\n',
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apiGatewayIntegration.ApiGatewayIntegration(this, "example", {
requestParameters: {
"integration.request.header.X-Authorization": "'static'",
},
});
Resource: aws_api_gateway_integration_response
response_parameters_in_json Argument Removal
Switch your Terraform configuration to the responseParameters argument instead.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apiGatewayIntegrationResponse.ApiGatewayIntegrationResponse(
this,
"example",
{
response_parameters_in_json:
'{\n "method.response.header.Content-Type": "integration.response.body.type"\n}\n',
}
);
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apiGatewayIntegrationResponse.ApiGatewayIntegrationResponse(
this,
"example",
{
responseParameters: {
"method.response.header.Content-Type": "integration.response.body.type",
},
}
);
Resource: aws_api_gateway_method
request_parameters_in_json Argument Removal
Switch your Terraform configuration to the requestParameters argument instead.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apiGatewayMethod.ApiGatewayMethod(this, "example", {
request_parameters_in_json:
'{\n "method.request.header.Content-Type": false,\n "method.request.querystring.page": true\n}\n',
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apiGatewayMethod.ApiGatewayMethod(this, "example", {
requestParameters: {
"method.request.header.Content-Type": false,
"method.request.querystring.page": true,
},
});
Resource: aws_api_gateway_method_response
response_parameters_in_json Argument Removal
Switch your Terraform configuration to the responseParameters argument instead.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apiGatewayMethodResponse.ApiGatewayMethodResponse(this, "example", {
response_parameters_in_json:
'{\n "method.response.header.Content-Type": true\n}\n',
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apiGatewayMethodResponse.ApiGatewayMethodResponse(this, "example", {
responseParameters: {
"method.response.header.Content-Type": true,
},
});
Resource: aws_appautoscaling_policy
Argument Removals
The following arguments have been moved into a nested argument named stepScalingPolicyConfiguration:
adjustmentTypecooldownmetricAggregationTypeminAdjustmentMagnitudestepAdjustment
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.appautoscalingPolicy.AppautoscalingPolicy(this, "example", {
adjustment_type: "ChangeInCapacity",
cooldown: 60,
metric_aggregation_type: "Maximum",
step_adjustment: [
{
metric_interval_upper_bound: 0,
scaling_adjustment: -1,
},
],
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.appautoscalingPolicy.AppautoscalingPolicy(this, "example", {
stepScalingPolicyConfiguration: {
adjustmentType: "ChangeInCapacity",
cooldown: 60,
metricAggregationType: "Maximum",
stepAdjustment: [
{
metricIntervalUpperBound: 0,
scalingAdjustment: -1,
},
],
},
});
Resource: aws_autoscaling_policy
min_adjustment_step Argument Removal
Switch your Terraform configuration to the minAdjustmentMagnitude argument instead.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.autoscalingPolicy.AutoscalingPolicy(this, "example", {
min_adjustment_step: 2,
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.autoscalingPolicy.AutoscalingPolicy(this, "example", {
minAdjustmentMagnitude: 2,
});
Resource: aws_batch_compute_environment
ecc_cluster_arn Attribute Removal
Switch your attribute references to the ecsClusterArn attribute instead.
Resource: aws_cloudfront_distribution
cache_behavior Argument Removal
Switch your Terraform configuration to the orderedCacheBehavior argument instead. It behaves similar to the previous cacheBehavior argument, however the ordering of the configurations in Terraform is now reflected in the distribution where previously it was indeterminate.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.cloudfrontDistribution.CloudfrontDistribution(this, "example", {
cache_behavior: [{}, {}],
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.cloudfrontDistribution.CloudfrontDistribution(this, "example", {
orderedCacheBehavior: [{}, {}],
});
Resource: aws_cognito_user_pool
email_verification_subject Argument Now Conflicts With verification_message_template Configuration Block email_subject Argument
Choose one argument or the other. These arguments update the same underlying information in Cognito and the selection is indeterminate if differing values are provided.
email_verification_message Argument Now Conflicts With verification_message_template Configuration Block email_message Argument
Choose one argument or the other. These arguments update the same underlying information in Cognito and the selection is indeterminate if differing values are provided.
sms_verification_message Argument Now Conflicts With verification_message_template Configuration Block sms_message Argument
Choose one argument or the other. These arguments update the same underlying information in Cognito and the selection is indeterminate if differing values are provided.
Resource: aws_dx_lag
number_of_connections Argument Removal
Default connections have been removed as part of LAG creation. To migrate your Terraform configuration, the AWS provider implements the following resources:
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dxLag.DxLag(this, "example", {
connectionsBandwidth: "1Gbps",
location: "EqSe2-EQ",
name: "example",
number_of_connections: 1,
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsDxConnectionExample = new aws.dxConnection.DxConnection(
this,
"example",
{
bandwidth: "1Gbps",
location: "EqSe2-EQ",
name: "example",
}
);
const awsDxLagExample = new aws.dxLag.DxLag(this, "example_1", {
connectionsBandwidth: "1Gbps",
location: "EqSe2-EQ",
name: "example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDxLagExample.overrideLogicalId("example");
const awsDxConnectionAssociationExample =
new aws.dxConnectionAssociation.DxConnectionAssociation(this, "example_2", {
connectionId: awsDxConnectionExample.id,
lagId: awsDxLagExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDxConnectionAssociationExample.overrideLogicalId("example");
Resource: aws_ecs_service
placement_strategy Argument Removal
Switch your Terraform configuration to the orderedPlacementStrategy argument instead. It behaves similar to the previous placementStrategy argument, however the ordering of the configurations in Terraform is now reflected in the distribution where previously it was indeterminate.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsService.EcsService(this, "example", {
placement_strategy: [{}, {}],
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ecsService.EcsService(this, "example", {
orderedPlacementStrategy: [{}, {}],
});
Resource: aws_efs_file_system
reference_name Argument Removal
Switch your Terraform configuration to the creationToken argument instead.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.efsFileSystem.EfsFileSystem(this, "example", {
reference_name: "example",
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.efsFileSystem.EfsFileSystem(this, "example", {
creationToken: "example",
});
Resource: aws_elasticache_cluster
availability_zones Argument Removal
Switch your Terraform configuration to the preferredAvailabilityZones argument instead. The argument is still optional and the API will continue to automatically choose Availability Zones for nodes if not specified. The new argument will also continue to match the APIs required behavior that the length of the list must be the same as numCacheNodes.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.elasticacheCluster.ElasticacheCluster(this, "example", {
availability_zones: ["us-west-2a", "us-west-2b"],
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.elasticacheCluster.ElasticacheCluster(this, "example", {
preferredAvailabilityZones: ["us-west-2a", "us-west-2b"],
});
Resource: aws_iam_user_login_profile
Import Now Required For Existing Infrastructure
When attempting to bring existing IAM User Login Profiles under Terraform management, terraformImport is now required. See the awsIamUserLoginProfile resource documentation for more information.
Resource: aws_instance
network_interface_id Attribute Removal
Switch your attribute references to the primaryNetworkInterfaceId attribute instead.
Resource: aws_lambda_function
reserved_concurrent_executions Argument Behavior Change
Setting reservedConcurrentExecutions to 0 will now disable Lambda Function invocations, causing downtime for the Lambda Function.
Previously reservedConcurrentExecutions accepted 0 and below for unreserved concurrency, which means it was not previously possible to disable invocations. The argument now differentiates between a new value for unreserved concurrency (1) and disabling Lambda invocations (0). If previously configuring this value to 0 for unreserved concurrency, update the configured value to 1 or the resource will disable Lambda Function invocations on update. If previously unconfigured, the argument does not require any changes.
See the Lambda User Guide for more information about concurrency.
Resource: aws_lambda_layer_version
arn and layer_arn Attribute Value Swap
Switch your arn attribute references to the layerArn attribute instead and vice-versa.
Resource: aws_network_acl
subnet_id Argument Removal
Switch your Terraform configuration to the subnetIds argument instead.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.networkAcl.NetworkAcl(this, "example", {
subnet_id: "subnet-12345678",
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.networkAcl.NetworkAcl(this, "example", {
subnetIds: ["subnet-12345678"],
});
Resource: aws_redshift_cluster
Argument Removals
The following arguments have been moved into a nested argument named logging:
bucketNameenableLogging(also renamed to justenable)s3KeyPrefix
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.redshiftCluster.RedshiftCluster(this, "example", {
bucket_name: "example",
enable_logging: true,
s3_key_prefix: "example",
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.redshiftCluster.RedshiftCluster(this, "example", {
logging: {
bucketName: "example",
enable: true,
s3KeyPrefix: "example",
},
});
Resource: aws_route_table
Import Change
Previously, importing this resource resulted in an awsRoute resource for each route, in addition to the awsRouteTable, in the Terraform state. Support for importing awsRoute resources has been added and importing this resource only adds the awsRouteTable resource, with in-line routes, to the state.
Resource: aws_route53_record
allow_overwrite Default Value Change
The resource now requires existing Route 53 Records to be imported into the Terraform state for management unless the allowOverwrite argument is enabled.
For example, if the wwwExampleCom Route 53 Record in the exampleCom Route 53 Hosted Zone existed previously and this new Terraform configuration was introduced:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.route53Record.Route53Record(this, "www", {
name: "www.example.com",
});
During resource creation in version 1.X and prior, it would silently perform an upsert changeset to the existing Route 53 Record and not report back an error. In version 2.0.0 of the Terraform AWS Provider, the resource now performs a create changeset, which will error for existing Route 53 Records.
The allowOverwrite argument provides a workaround to keep the old behavior, but most existing workflows should be updated to perform a terraformImport command like the following instead:
More information can be found in the awsRoute53Record resource documentation.
Resource: aws_route53_zone
vpc_id and vpc_region Argument Removal
Switch your Terraform configuration to vpc configuration block(s) instead.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.route53Zone.Route53Zone(this, "example", {
vpc_id: "...",
});
An updated configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.route53Zone.Route53Zone(this, "example", {
vpc: [
{
vpcId: "...",
},
],
});
Resource: aws_wafregional_byte_match_set
byte_match_tuple Argument Removal
Switch your Terraform configuration to the byteMatchTuples argument instead.
For example, given this previous configuration:
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.wafregionalByteMatchSet.WafregionalByteMatchSet(this, "example", {
byte_match_tuple: [{}, {}],
});
An updated configuration: