chore(deps): update hashicorp/aws requirement from ~> 5.30.0 to ~> 5.39.0

[dependabot]

Updates the requirements on hashicorp/aws to permit the latest version.

Release notes

Sourced from hashicorp/aws's releases.

v5.39.0

FEATURES:

• New Data Source: aws_redshift_data_shares (#35937)
• New Resource: aws_apprunner_deployment (#35758)
• New Resource: aws_config_retention_configuration (#15136)
• New Resource: aws_securityhub_automation_rule (#34781)
• New Resource: aws_shield_proactive_engagement (#34667)

ENHANCEMENTS:

• aws_kinesis_firehose_delivery_stream: Add custom_time_zone and file_extension arguments to the extended_S3_configuration configuration block (#35969)
• resource/aws_appflow_flow: Allow task.source_fields to be a null value (#35993)
• resource/aws_codepipeline: Add trigger configuration block (#35475)
• resource/aws_config_configuration_recorder: Add plan-time validation of aws_config_organization_custom_rule.lambda_function_arn (#15136)
• resource/aws_instance: Add configurable read timeout (#35955)
• resource/aws_instance: Apply default tags to volumes/block devices managed through an aws_instance, add ebs_block_device.*.tags_all and root_block_device.*.tags_all attributes which include default tags (#33769)
• resource/aws_mq_broker: Add data_replication_mode and data_replication_primary_broker_arn arguments, enabling support for cross-region data replication (#35990)
• resource/aws_mwaa_environment: Add endpoint_management attribute (#35961)
• resource/aws_redshiftserverless_namespace: Add attributes admin_password_secret_kms_key_id and manage_admin_password (#35965)
• resource/aws_shield_drt_access_log_bucket_association: Support resource import (#34667)
• resource/aws_shield_drt_access_role_arn_association: Support resource import (#34667)
• resource/aws_spot_instance_request: Add configurable read timeout (#35955)
• resource/aws_wafv2_web_acl: Add application_integration_url attribute (#35974)

BUG FIXES:

• data/aws_redshiftserverless_namespace: Properly set iam_roles attribute on read (#35965)
• resource/aws_appflow_flow: Fix perpetual diff when task.task_type is set to Map_all (#35993)
• resource/aws_config_configuration_recorder: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when recording_group.exclusion_by_resource_types is empty (#15136)
• resource/aws_config_rule: Change name to ForceNew (#15136)
• resource/aws_config_rule: Fix InvalidParameterValueException: PolicyText is required when Owner is CUSTOM_POLICY errors on resource Update (#15136)
• resource/aws_ecs_task_definition: Fix perpetual container_definitions diffs when Names are ordered differently (#36029)
• resource/aws_msk_replicator: Fix incorrect detect_and_copy_new_topics attribute value from state read/refresh (#35966)
• resource/aws_redshiftserverless_workgroup: Fix max_capacity removal (#36032)
• resource/aws_redshiftserverless_workgroup: Fix updating both base_capacity and max_capacity (#36032)
• resource/aws_shield_drt_access_log_bucket_association: Change log_bucket and role_arn_association_id to ForceNew (#34667)

Changelog

Sourced from hashicorp/aws's changelog.

5.39.0 (February 29, 2024)

FEATURES:

• New Data Source: aws_redshift_data_shares (#35937)
• New Resource: aws_apprunner_deployment (#35758)
• New Resource: aws_config_retention_configuration (#15136)
• New Resource: aws_securityhub_automation_rule (#34781)
• New Resource: aws_shield_proactive_engagement (#34667)

ENHANCEMENTS:

• aws_kinesis_firehose_delivery_stream: Add custom_time_zone and file_extension arguments to the extended_S3_configuration configuration block (#35969)
• resource/aws_appflow_flow: Allow task.source_fields to be a null value (#35993)
• resource/aws_codepipeline: Add trigger configuration block (#35475)
• resource/aws_config_configuration_recorder: Add plan-time validation of aws_config_organization_custom_rule.lambda_function_arn (#15136)
• resource/aws_instance: Add configurable read timeout (#35955)
• resource/aws_instance: Apply default tags to volumes/block devices managed through an aws_instance, add ebs_block_device.*.tags_all and root_block_device.*.tags_all attributes which include default tags (#33769)
• resource/aws_mq_broker: Add data_replication_mode and data_replication_primary_broker_arn arguments, enabling support for cross-region data replication (#35990)
• resource/aws_mwaa_environment: Add endpoint_management attribute (#35961)
• resource/aws_redshiftserverless_namespace: Add attributes admin_password_secret_kms_key_id and manage_admin_password (#35965)
• resource/aws_shield_drt_access_log_bucket_association: Support resource import (#34667)
• resource/aws_shield_drt_access_role_arn_association: Support resource import (#34667)
• resource/aws_spot_instance_request: Add configurable read timeout (#35955)
• resource/aws_wafv2_web_acl: Add application_integration_url attribute (#35974)

BUG FIXES:

• data/aws_redshiftserverless_namespace: Properly set iam_roles attribute on read (#35965)
• resource/aws_appflow_flow: Fix perpetual diff when task.task_type is set to Map_all (#35993)
• resource/aws_config_configuration_recorder: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when recording_group.exclusion_by_resource_types is empty (#15136)
• resource/aws_config_rule: Change name to ForceNew (#15136)
• resource/aws_config_rule: Fix InvalidParameterValueException: PolicyText is required when Owner is CUSTOM_POLICY errors on resource Update (#15136)
• resource/aws_ecs_task_definition: Fix perpetual container_definitions diffs when Names are ordered differently (#36029)
• resource/aws_msk_replicator: Fix incorrect detect_and_copy_new_topics attribute value from state read/refresh (#35966)
• resource/aws_redshiftserverless_workgroup: Fix max_capacity removal (#36032)
• resource/aws_redshiftserverless_workgroup: Fix updating both base_capacity and max_capacity (#36032)
• resource/aws_shield_drt_access_log_bucket_association: Change log_bucket and role_arn_association_id to ForceNew (#34667)

5.38.0 (February 22, 2024)

FEATURES:

• New Data Source: aws_batch_job_definition (#34663)
• New Data Source: aws_cognito_user_group (#34046)
• New Data Source: aws_cognito_user_groups (#34046)

ENHANCEMENTS:

... (truncated)

Commits

• 1e31189 Update CHANGELOG.md (Manual Trigger)
• 944058f Merge pull request #33769 from autotune/provider_default_tags_root_block_devi...
• 0716ee3 ec2/instance: Small fixes
• 57c6b53 ec2/instance: Remove unused, fix docs
• 63cb5dd ec2/instance/docs: Move comment to docs
• 87587b1 Update CHANGELOG.md for #35990
• ef6ffcc r/aws_mq_broker: enable cross-region data replication (#35990)
• 7db5ffa Merge pull request #36032 from marcinbelczewski/b-aws_redshiftserverless_work...
• 7fdef67 Add changelog
• b57f531 ec2/instance/test: Clean up
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Terraform plan in .

Plan: 5 to add, 2 to change, 3 to destroy.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+   create
!~  update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # aws_ecs_service.service will be updated in-place
!~  resource "aws_ecs_service" "service" {
        id                                 = "arn:aws:ecs:us-east-1:950012193416:service/co-boomi-atom-cluster/co-boomi-atom-service"
        name                               = "co-boomi-atom-service"
        tags                               = {}
!~      task_definition                    = "arn:aws:ecs:us-east-1:950012193416:task-definition/co-boomi-atom:10" -> (known after apply)
#        (15 unchanged attributes hidden)

#        (3 unchanged blocks hidden)
    }

  # aws_ecs_task_definition.task_definition must be replaced
-/+ resource "aws_ecs_task_definition" "task_definition" {
!~      arn                      = "arn:aws:ecs:us-east-1:950012193416:task-definition/co-boomi-atom:10" -> (known after apply)
!~      arn_without_revision     = "arn:aws:ecs:us-east-1:950012193416:task-definition/co-boomi-atom" -> (known after apply)
!~      container_definitions    = (sensitive value) # forces replacement
!~      id                       = "*************" -> (known after apply)
!~      revision                 = 10 -> (known after apply)
-       tags                     = {} -> null
#        (10 unchanged attributes hidden)
    }

  # module.lambda.aws_lambda_function.this[0] will be updated in-place
!~  resource "aws_lambda_function" "this" {
!~      filename                       = "builds/241b1f7ae462f4a8751a57746e74c31eec966a480a4e274ea96d313b1cf5ce53.zip" -> "builds/64ba857a4d2215da8666eb5a80812fd30eec1678e2826d53f148adb24b32a2f9.zip"
        id                             = "co-boomi-atom-secret-install-lambda"
!~      last_modified                  = "2023-12-13T22:49:34.000+0000" -> (known after apply)
!~      qualified_arn                  = "arn:aws:lambda:us-east-1:950012193416:function:co-boomi-atom-secret-install-lambda:26" -> (known after apply)
!~      qualified_invoke_arn           = "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:950012193416:function:co-boomi-atom-secret-install-lambda:26/invocations" -> (known after apply)
        tags                           = {}
!~      version                        = "26" -> (known after apply)
#        (18 unchanged attributes hidden)

#        (5 unchanged blocks hidden)
    }

  # module.lambda.aws_lambda_permission.current_version_triggers["secrets"] must be replaced
-/+ resource "aws_lambda_permission" "current_version_triggers" {
!~      id                  = "*******" -> (known after apply)
!~      qualifier           = "26" # forces replacement -> (known after apply) # forces replacement
+       statement_id_prefix = (known after apply)
#        (4 unchanged attributes hidden)
    }

  # module.lambda.local_file.archive_plan[0] will be created
+   resource "local_file" "archive_plan" {
+       content              = jsonencode(
            {
+               artifacts_dir = "builds"
+               build_plan    = [
+                   [
+                       "zip",
+                       "./lambda/rotate_install_token.py",
+                       null,
                    ],
+                   [
+                       "zip",
+                       "./lambda/package/",
+                       null,
                    ],
                ]
+               filename      = "builds/64ba857a4d2215da8666eb5a80812fd30eec1678e2826d53f148adb24b32a2f9.zip"
+               runtime       = "python3.11"
            }
        )
+       content_base64sha256 = (known after apply)
+       content_base64sha512 = (known after apply)
+       content_md5          = (known after apply)
+       content_sha1         = (known after apply)
+       content_sha256       = (known after apply)
+       content_sha512       = (known after apply)
+       directory_permission = "0755"
+       file_permission      = "0644"
+       filename             = "builds/64ba857a4d2215da8666eb5a80812fd30eec1678e2826d53f148adb24b32a2f9.plan.json"
+       id                   = (known after apply)
    }

  # module.lambda.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
!~      id       = "*******************" -> (known after apply)
!~      triggers = { # forces replacement
!~          "filename"  = "builds/241b1f7ae462f4a8751a57746e74c31eec966a480a4e274ea96d313b1cf5ce53.zip" -> "builds/64ba857a4d2215da8666eb5a80812fd30eec1678e2826d53f148adb24b32a2f9.zip"
!~          "timestamp" = "1702508765622397800" -> "1709333846758091000"
        }
    }

  # module.secrets_manager.aws_secretsmanager_secret_version.ignore_changes[0] will be created
+   resource "aws_secretsmanager_secret_version" "ignore_changes" {
+       arn            = (known after apply)
+       id             = (known after apply)
+       secret_id      = "***************************************************************************************************"
+       secret_string  = (sensitive value)
+       version_id     = (known after apply)
+       version_stages = (known after apply)
    }

Plan: 5 to add, 2 to change, 3 to destroy.

📝 Plan generated in Create terraform plan #61

[dependabot]

Superseded by #144.