Bump the terraform-all-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the terraform-all-dependencies group with 3 updates in the /infra/shared directory: auth0/auth0, hashicorp/aws and hashicorp/awscc.

Updates auth0/auth0 from 1.48.0 to 1.50.0

Release notes

Sourced from auth0/auth0's releases.

v1.50.0

ENHANCEMENTS:

• resource/auth0_client – Add support for configuring invitation_landing_client_id in the My Organization API (#1609)
• resource/auth0_client_credentials – Add support for the PKCS#1 (RSA PUBLIC KEY) public key format when computing JWK thumbprints (#1608)

v1.49.0

ENHANCEMENTS:

• resource/auth0_event_stream – Add support for custom_header webhook authorization method, with header_key, header_value, header_value_wo, and header_value_wo_version fields (#1600)
• resource/auth0_log_stream – Add support for a write-only Datadog API key via datadog_api_key_wo and datadog_api_key_wo_version (#1601)

BUG FIXES:

• resource/auth0_action – Fix 409 Conflict race condition between action deploy and trigger binding by adding a create timeout and deployment wait logic (#1590)
• resource/auth0_tenant – Prevent state drift for fields with server-side defaults (session_lifetime, idle_session_lifetime, ephemeral_session_lifetime, idle_ephemeral_session_lifetime, enable_pipeline2, enable_client_connections, and disable_management_api_sms_obfuscation) (#1587)
• resource/auth0_connection – Handle empty id_token_signed_response_algs as unset for OIDC and Okta connections (#1598)

NOTES:

• resource/auth0_guardian – Deprecate the provider attribute and options block within the phone block in favor of the auth0_phone_provider resource (Unified Phone Experience). Refer to the migration documentation for the detailed steps (#1596)
• resource/auth0_trigger_action / resource/auth0_trigger_actions – Document newly supported trigger types (password-reset-post-challenge, custom-email-provider, custom-phone-provider, login-post-identifier, and signup-post-identifier) (#1605)
• resource/auth0_attack_protection – Update description for bot_detection_level (#1595)

Changelog

Sourced from auth0/auth0's changelog.

v1.50.0

ENHANCEMENTS:

• resource/auth0_client – Add support for configuring invitation_landing_client_id in the My Organization API (#1609)
• resource/auth0_client_credentials – Add support for the PKCS#1 (RSA PUBLIC KEY) public key format when computing JWK thumbprints (#1608)

v1.49.0

ENHANCEMENTS:

• resource/auth0_event_stream – Add support for custom_header webhook authorization method, with header_key, header_value, header_value_wo, and header_value_wo_version fields (#1600)
• resource/auth0_log_stream – Add support for a write-only Datadog API key via datadog_api_key_wo and datadog_api_key_wo_version (#1601)

BUG FIXES:

• resource/auth0_action – Fix 409 Conflict race condition between action deploy and trigger binding by adding a create timeout and deployment wait logic (#1590)
• resource/auth0_tenant – Prevent state drift for fields with server-side defaults (session_lifetime, idle_session_lifetime, ephemeral_session_lifetime, idle_ephemeral_session_lifetime, enable_pipeline2, enable_client_connections, and disable_management_api_sms_obfuscation) (#1587)
• resource/auth0_connection – Handle empty id_token_signed_response_algs as unset for OIDC and Okta connections (#1598)

NOTES:

• resource/auth0_guardian – Deprecate the provider attribute and options block within the phone block in favor of the auth0_phone_provider resource (Unified Phone Experience) (#1596)
• resource/auth0_trigger_action / resource/auth0_trigger_actions – Document newly supported trigger types (password-reset-post-challenge, custom-email-provider, custom-phone-provider, login-post-identifier, and signup-post-identifier) (#1605)
• resource/auth0_attack_protection – Update description for bot_detection_level (#1595)

Commits

• 7f7bf41 Add Changelog for v1.50.0 (#1614)
• e505eac feat: Add invitation_landing_client_id to My Organization API in client (#1609)
• f4482b6 feat: Add support for PKCS#1 public key format in client_credentials (#1608)
• 5dd5401 chore(deps): bump github.com/auth0/go-auth0 from 1.42.0 to 1.42.1 (#1607)
• 7fe0ca0 Add Changelog for v1.49.0 (#1606)
• 45f2bb0 docs: Added new trigger types to auth0_trigger_action/s (#1605)
• 26bff37 feat: added support for custom header auth with header_key and header… (#1600)
• 1a8b203 chore(deps): bump github.com/auth0/go-auth0/v2 from 2.12.0 to 2.13.0 (#1604)
• 8caddb7 feat: Enhance Datadog sink with write-only API key (#1601)
• 079e5c0 fix: Fix Action Deploy and Trigger Binding Race Condition Error (#1590)
• Additional commits viewable in compare view

Updates hashicorp/aws from 6.47.0 to 6.51.0

Release notes

Sourced from hashicorp/aws's releases.

v6.51.0

6.51.0 (June 17, 2026)

NOTES:

• resource/aws_cloudfront_distribution_tenant: When using managed_certificate_request, managed certificate issuance uses a fixed 3-hour timeout regardless of the configured resource timeout. This behavior will be updated in a future major version. (#47839)
• resource/aws_dms_s3_endpoint: The kms_key_arn attribute has been deprecated. All configurations using kms_key_arn should be updated to use the server_side_encryption_kms_key_id attribute instead. (#48441)
• resource/aws_eks_cluster: Because we cannot easily test the behavior of outpost_config, the changes are best effort and we ask for community help in testing (#48367)

FEATURES:

• New List Resource: aws_acm_certificate (#48283)
• New List Resource: aws_bedrockagentcore_evaluator (#47964)
• New List Resource: aws_sagemaker_hub_content_reference (#48379)
• New Resource: aws_bedrockagentcore_evaluator (#47964)
• New Resource: aws_sagemaker_hub_content_reference (#48379)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add outpost_config.control_plane_placement.spread_level, outpost_config.etcd_instance_type, and outpost_config.etcd_placement attributes (#48367)
• resource/aws_cloudfront_distribution: Add origin.custom_origin_config.origin_mtls_config argument (#46421)
• resource/aws_cloudfront_multitenant_distribution: Add origin.custom_origin_config.origin_mtls_config argument (#46421)
• resource/aws_detective_graph: Add Resource Identity support (#48383)
• resource/aws_detective_organization_configuration: Add Resource Identity support (#48383)
• resource/aws_eks_cluster: Add outpost_config.control_plane_placement.spread_level, outpost_config.etcd_instance_type, and outpost_config.etcd_placement arguments (#48367)
• resource/aws_eks_cluster: Change outpost_config.control_plane_placement.group_name to Optional (#48367)
• resource/aws_elasticache_replication_group: Add durability argument (#48254)
• resource/aws_elasticache_serverless_cache: Add network_type argument (#48371)
• resource/aws_msk_replicator: Add Resource Identity support (#48338)
• resource/aws_observabilityadmin_centralization_rule_for_organization: Add destination_metrics_configuration and source_metrics_configuration blocks (#48303)
• resource/aws_opensearchserverless_collection: Add vector_options.serverless_vector_acceleration argument (#47018)

BUG FIXES:

• resource/aws_acm_certificate: Correctly updates subject_alternative_names for Imported certificates (#48362)
• resource/aws_acmpca_certificate_authority: Prevents hang when trying to create resources over the quota limit. (#48365)
• resource/aws_cloudfront_distribution_tenant: Configured operation timeouts are now correctly honored, preventing potential indefinite hangs (#47839)
• resource/aws_dms_s3_endpoint: Fix perpetual diff when kms_key_arn is set but not returned by the API for S3 engine endpoints. (#48441)
• resource/aws_elasticache_replication_group: Fix error when adding a log_delivery_configuration with log_type = "slow-log" while simultaneously upgrading the engine from Redis 5 to Redis 6 or Valkey 7 (#46526)
• resource/aws_kinesis_firehose_delivery_stream: Fix InvalidArgumentException errors when creating or updating extended_s3_configuration in AWS partitions that report unsupported custom_time_zone and file_extension attributes in a combined error message (#48369)
• resource/aws_lakeformation_opt_in: Fix handling of out-of-band deletion of linked resource (#48416)
• resource/aws_lakeformation_opt_in: Prevent crash by making the principal block required (#48416)
• resource/aws_lakeformation_resource_lf_tag: Prevent crash when processing null tag values during read operations (#48417)
• resource/aws_msk_replicator: Fix runtime error: index out of range [0] with length 0 panic when importing a replicator with no replication configurations (#48338)
• resource/aws_ses_domain_mail_from: Correctly detect resources deleted outside of Terraform when refreshing state (#48387)

v6.50.0

6.50.0 (June 10, 2026)

NOTES:

... (truncated)

Changelog

Sourced from hashicorp/aws's changelog.

6.51.0 (June 17, 2026)

NOTES:

• resource/aws_cloudfront_distribution_tenant: When using managed_certificate_request, managed certificate issuance uses a fixed 3-hour timeout regardless of the configured resource timeout. This behavior will be updated in a future major version. (#47839)
• resource/aws_dms_s3_endpoint: The kms_key_arn attribute has been deprecated. All configurations using kms_key_arn should be updated to use the server_side_encryption_kms_key_id attribute instead. (#48441)
• resource/aws_eks_cluster: Because we cannot easily test the behavior of outpost_config, the changes are best effort and we ask for community help in testing (#48367)

FEATURES:

• New List Resource: aws_acm_certificate (#48283)
• New List Resource: aws_bedrockagentcore_evaluator (#47964)
• New List Resource: aws_sagemaker_hub_content_reference (#48379)
• New Resource: aws_bedrockagentcore_evaluator (#47964)
• New Resource: aws_sagemaker_hub_content_reference (#48379)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add outpost_config.control_plane_placement.spread_level, outpost_config.etcd_instance_type, and outpost_config.etcd_placement attributes (#48367)
• resource/aws_cloudfront_distribution: Add origin.custom_origin_config.origin_mtls_config argument (#46421)
• resource/aws_cloudfront_multitenant_distribution: Add origin.custom_origin_config.origin_mtls_config argument (#46421)
• resource/aws_detective_graph: Add Resource Identity support (#48383)
• resource/aws_detective_organization_configuration: Add Resource Identity support (#48383)
• resource/aws_eks_cluster: Add outpost_config.control_plane_placement.spread_level, outpost_config.etcd_instance_type, and outpost_config.etcd_placement arguments (#48367)
• resource/aws_eks_cluster: Change outpost_config.control_plane_placement.group_name to Optional (#48367)
• resource/aws_elasticache_replication_group: Add durability argument (#48254)
• resource/aws_elasticache_serverless_cache: Add network_type argument (#48371)
• resource/aws_msk_replicator: Add Resource Identity support (#48338)
• resource/aws_observabilityadmin_centralization_rule_for_organization: Add destination_metrics_configuration and source_metrics_configuration blocks (#48303)
• resource/aws_opensearchserverless_collection: Add vector_options.serverless_vector_acceleration argument (#47018)

BUG FIXES:

• resource/aws_acm_certificate: Correctly updates subject_alternative_names for Imported certificates (#48362)
• resource/aws_acmpca_certificate_authority: Prevents hang when trying to create resources over the quota limit. (#48365)
• resource/aws_cloudfront_distribution_tenant: Configured operation timeouts are now correctly honored, preventing potential indefinite hangs (#47839)
• resource/aws_dms_s3_endpoint: Fix perpetual diff when kms_key_arn is set but not returned by the API for S3 engine endpoints. (#48441)
• resource/aws_elasticache_replication_group: Fix error when adding a log_delivery_configuration with log_type = "slow-log" while simultaneously upgrading the engine from Redis 5 to Redis 6 or Valkey 7 (#46526)
• resource/aws_kinesis_firehose_delivery_stream: Fix InvalidArgumentException errors when creating or updating extended_s3_configuration in AWS partitions that report unsupported custom_time_zone and file_extension attributes in a combined error message (#48369)
• resource/aws_lakeformation_opt_in: Fix handling of out-of-band deletion of linked resource (#48416)
• resource/aws_lakeformation_opt_in: Prevent crash by making the principal block required (#48416)
• resource/aws_lakeformation_resource_lf_tag: Prevent crash when processing null tag values during read operations (#48417)
• resource/aws_msk_replicator: Fix runtime error: index out of range [0] with length 0 panic when importing a replicator with no replication configurations (#48338)
• resource/aws_ses_domain_mail_from: Correctly detect resources deleted outside of Terraform when refreshing state (#48387)

6.50.0 (June 10, 2026)

NOTES:

• resource/aws_bedrockagentcore_gateway_target: Because we cannot easily test the behavior of private_endpoint, it is best effort and we ask for community help in testing (#47602)

... (truncated)

Commits

• 399b259 Update CHANGELOG.md for #48448
• d3d26d1 prepare 6.51.0 for release (#48448)
• 3a60f23 Merge pull request #48441 from hashicorp/b-dms_s3_endpoint_kms_key
• d33a274 update with review comments
• 19bc5eb Update CHANGELOG.md for #48283
• a917de6 Merge pull request #48283 from hashicorp/f-list-acm-certificate
• d610eeb add CHANGELOG entry
• fcff29c aws_dms_s3_endpoint: update documentation
• 6016fb5 aws_dms_s3_endpoint: ignore diff and add deprecation message
• d403d18 Merge pull request #47964 from tejaskash/evaluator
• Additional commits viewable in compare view

Updates hashicorp/awscc from 1.86.0 to 1.89.0

Release notes

Sourced from hashicorp/awscc's releases.

v1.89.0

1.89.0 (June 17, 2026)

FEATURES:

• New Data Source: awscc_awsexternalanthropic_workspace
• New Data Source: awscc_awsexternalanthropic_workspaces
• New Data Source: awscc_bedrockagentcore_configuration_bundle
• New Data Source: awscc_bedrockagentcore_configuration_bundles
• New Data Source: awscc_cloudwatch_log_alarm
• New Data Source: awscc_cloudwatch_log_alarms
• New Data Source: awscc_elasticloadbalancing_load_balancer
• New Data Source: awscc_elasticloadbalancing_load_balancers
• New Data Source: awscc_elementalinference_dictionaries
• New Data Source: awscc_elementalinference_dictionary
• New Data Source: awscc_neptune_global_cluster
• New Data Source: awscc_neptune_global_clusters
• New Data Source: awscc_sagemaker_mlflow_app
• New Data Source: awscc_sagemaker_mlflow_apps
• New List Resource: awscc_awsexternalanthropic_workspace
• New List Resource: awscc_bedrockagentcore_configuration_bundle
• New List Resource: awscc_cloudwatch_log_alarm
• New List Resource: awscc_elasticloadbalancing_load_balancer
• New List Resource: awscc_elementalinference_dictionary
• New List Resource: awscc_neptune_global_cluster
• New List Resource: awscc_sagemaker_mlflow_app
• New Resource: awscc_awsexternalanthropic_workspace
• New Resource: awscc_bedrockagentcore_configuration_bundle
• New Resource: awscc_cloudwatch_log_alarm
• New Resource: awscc_elasticloadbalancing_load_balancer
• New Resource: awscc_elementalinference_dictionary
• New Resource: awscc_neptune_global_cluster
• New Resource: awscc_sagemaker_mlflow_app

v1.88.0

1.88.0 (June 10, 2026)

FEATURES:

• New Data Source: awscc_appstream_stack_fleet_association
• New Data Source: awscc_bedrockagentcore_payment_manager
• New Data Source: awscc_bedrockagentcore_payment_managers
• New Data Source: awscc_bedrockagentcore_resource_policy
• New Data Source: awscc_resiliencehubv2_service_function
• New Data Source: awscc_resiliencehubv2_user_journey
• New Data Source: awscc_rtbfabric_link_routing_rule
• New List Resource: awscc_bedrockagentcore_payment_manager
• New Resource: awscc_appstream_stack_fleet_association
• New Resource: awscc_bedrockagentcore_payment_manager
• New Resource: awscc_bedrockagentcore_resource_policy

... (truncated)

Changelog

Sourced from hashicorp/awscc's changelog.

1.89.0 (June 17, 2026)

FEATURES:

• New Data Source: awscc_awsexternalanthropic_workspace
• New Data Source: awscc_awsexternalanthropic_workspaces
• New Data Source: awscc_bedrockagentcore_configuration_bundle
• New Data Source: awscc_bedrockagentcore_configuration_bundles
• New Data Source: awscc_cloudwatch_log_alarm
• New Data Source: awscc_cloudwatch_log_alarms
• New Data Source: awscc_elasticloadbalancing_load_balancer
• New Data Source: awscc_elasticloadbalancing_load_balancers
• New Data Source: awscc_elementalinference_dictionaries
• New Data Source: awscc_elementalinference_dictionary
• New Data Source: awscc_neptune_global_cluster
• New Data Source: awscc_neptune_global_clusters
• New Data Source: awscc_sagemaker_mlflow_app
• New Data Source: awscc_sagemaker_mlflow_apps
• New List Resource: awscc_awsexternalanthropic_workspace
• New List Resource: awscc_bedrockagentcore_configuration_bundle
• New List Resource: awscc_cloudwatch_log_alarm
• New List Resource: awscc_elasticloadbalancing_load_balancer
• New List Resource: awscc_elementalinference_dictionary
• New List Resource: awscc_neptune_global_cluster
• New List Resource: awscc_sagemaker_mlflow_app
• New Resource: awscc_awsexternalanthropic_workspace
• New Resource: awscc_bedrockagentcore_configuration_bundle
• New Resource: awscc_cloudwatch_log_alarm
• New Resource: awscc_elasticloadbalancing_load_balancer
• New Resource: awscc_elementalinference_dictionary
• New Resource: awscc_neptune_global_cluster
• New Resource: awscc_sagemaker_mlflow_app

1.88.0 (June 10, 2026)

FEATURES:

• New Data Source: awscc_appstream_stack_fleet_association
• New Data Source: awscc_bedrockagentcore_payment_manager
• New Data Source: awscc_bedrockagentcore_payment_managers
• New Data Source: awscc_bedrockagentcore_resource_policy
• New Data Source: awscc_resiliencehubv2_service_function
• New Data Source: awscc_resiliencehubv2_user_journey
• New Data Source: awscc_rtbfabric_link_routing_rule
• New List Resource: awscc_bedrockagentcore_payment_manager
• New Resource: awscc_appstream_stack_fleet_association
• New Resource: awscc_bedrockagentcore_payment_manager
• New Resource: awscc_bedrockagentcore_resource_policy
• New Resource: awscc_resiliencehubv2_service_function
• New Resource: awscc_resiliencehubv2_user_journey

... (truncated)

Commits

• 1c4c54a Merge pull request #3203 from hashicorp/2026-06-17-schema-updates
• 283b294 update release version
• 41c42eb 2026-06-17 Documentation; Update generated documentation
• fa6c6c1 2026-06-17 CloudFormation schemas in us-east-1; Generate Terraform data sourc...
• c6b15cc 2026-06-17 CloudFormation schemas in us-east-1; Generate Terraform resource s...
• 5bf9400 2026-06-17 CloudFormation schemas in us-east-1; New schemas
• 662070a 2026-06-17 CloudFormation schemas in us-east-1; Refresh existing schemas
• 7e5ba31 Merge pull request #3191 from hashicorp/b-duplicate_id_resource_suppressions
• d5df650 make data sources
• 5d5d9cb log data source errors
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Note

Provider lock files have been automatically updated

This Dependabot PR modified infra/shared/versions.tf, so the corresponding
.terraform.lock.hcl files have been automatically updated and committed.

The changes are ready for review and merge.

Important

The actions have not been run on this PR since the lock files were updated, because GHA won't run push actions when the commit has been made by a bot.
To get the CI checks to run, you will need to amend the PR:

1. Check out the PR branch locally: git checkout dependabot/terraform/infra/shared/main/terraform-all-dependencies-93cf11e1d6
2. Pull the latest changes: git pull
3. Make a no-op amendment: git commit --amend --no-edit
4. Push the amended commit: git push --force-with-lease

This will trigger the CI checks to run with the updated lock files.

Warning

If dependabot has attempted to modify the PR (i.e. if there are new dependency updates available), comment @dependabot recreate and it'll recreate the PR from scratch (allowing the lock files to be updated correctly).