Terraform
Upgrading to Terraform v1.10
Tip: Use the version selector to view the upgrade guides for older Terraform versions.
Terraform v1.10 is a minor release in the stable Terraform v1.0 series.
Terraform v1.10 honors the Terraform v1.0 Compatibility Promises. There are minor changes that may require additional upgrade steps:
moved
blocks will now report an error iffrom
orto
points to a resource type conflicting with reserved keywords
See the full changelog for more details. If you encounter any problems during upgrading which are not covered this guide, please start a new topic in the Terraform community forum to discuss it.
Conflicting moved
block references
Moved blocks now respect reserved keywords such as local
, each
, self
etc. when parsing resource addresses.
Configurations that reference resources with type names that match top level blocks and
keywords from moved blocks will need to prepend the reference identifier with resource.
.
S3 Backend
Executing terraform init -reconfigure
is required after updating to Terraform v1.10. This removes the deprecated fields from the internal state file.
S3 Native State Locking
The S3 backend now supports S3 native state locking as an opt-in, experimental feature. An S3 lock can be used alongside a DynamoDB lock, or independently. When both locking mechanisms are configured, a lock must be successfully acquired from both locations before subsequent operations will proceed.
To opt-in to S3 native state locking, set use_lockfile
to true
.
terraform {
backend "s3" {
# additional configuration omitted for brevity
use_lockfile = true
}
}
With S3 locking enabled, a lock file will be placed in the same location as the state file.
The lock file will be named identically to the state file, but with a .tflock
extension.
S3 bucket policies and IAM policies attached to the calling principal may need to be adjusted to include permissions for the new lock file.
In a future minor version of Terraform the experimental label will be removed from the use_lockfile
attribute and attributes related to DynamoDB based locking will be deprecated.
Root Assume Role Attribute Removal
Several root level attributes related to IAM role assumption which were previously deprecated have been removed.
Each removed field has an analogous field inside the assume_role
block which should be used instead.
Removed | Replacement |
---|---|
role_arn | assume_role.role_arn |
session_name | assume_role.session_name |
external_id | assume_role.external_id |
assume_role_duration_seconds | assume_role.duration |
assume_role_policy | assume_role.policy |
assume_role_policy_arns | assume_role.policy_arn |
assume_role_tags | assume_role.tags |
assume_role_transitive_tag_keys | assume_role.transitive_tag_keys |