amazon.aws 9.0.0

Release Summary

This major release brings a new set of supported modules that have been promoted from community.aws, several bugfixes, minor changes and deprecated features. We also dropped support for botocore<1.31.0 and boto3<1.28.0. Due to the AWS SDKs announcing the end of support for Python less than 3.8 (https://aws.amazon.com/blogs/developer/python-support-policy-updates-for-aws-sdks-and-tools/), support for Python less than 3.8 by this collection was deprecated in this release and will be removed in release 10.0.0.

Major Changes

• autoscaling_instance_refresh - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_instance_refresh (#2338).
• autoscaling_instance_refresh_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.autoscaling_instance_refresh_info (#2338).
• ec2_launch_template - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_launch_template (#2348).
• ec2_placement_group - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_placement_group.
• ec2_placement_group_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_placement_group_info.
• ec2_transit_gateway - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway.
• ec2_transit_gateway_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway_info.
• ec2_transit_gateway_vpc_attachment - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway_vpc_attachment.
• ec2_transit_gateway_vpc_attachment_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_transit_gateway_vpc_attachment_info.
• ec2_vpc_egress_igw - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_egress_igw (https://api.github.com/repos/ansible-collections/amazon.aws/pulls/2327).
• ec2_vpc_nacl - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_nacl (#2339).
• ec2_vpc_nacl_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_nacl_info (#2339).
• ec2_vpc_peer - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_peer.
• ec2_vpc_peering_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_peering_info.
• ec2_vpc_vgw - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vgw.
• ec2_vpc_vgw_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vgw_info.
• ec2_vpc_vpn - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vpn.
• ec2_vpc_vpn_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.ec2_vpc_vpn_info.
• elb_classic_lb_info - The module has been migrated from the community.aws collection. Playbooks using the Fully Qualified Collection Name for this module should be updated to use amazon.aws.elb_classic_lb_info.

Minor Changes

• Add support for transit gateway vpc attachment module (#2314).
• Bump version of ansible-lint to minimum 24.7.0 (#2201).
• Move function determine_iam_role from module ec2_instance to module_utils/ec2 so that it can be used by community.aws.ec2_launch_template module (#2319).
• aws_az_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2163). - aws_region_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2163).
• backup_vault - Update code to remove unnecessary return values returned as None (#2105).
• cloudwatchlogs_log_group_metric_filter - Add support for unit and dimensions options (#2286)
• ec2_ami - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2164).
• ec2_ami_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2164).
• ec2_eip - Add support to update reverse DNS record of an EIP (#2292).
• ec2_eip - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2165). - ec2_eip_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2165).
• ec2_eni - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2166).
• ec2_eni_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2166).
• ec2_import_image - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2167).
• ec2_import_image_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2167).
• ec2_instance - Pass variables client and module as function arguments instead of global variables (#2192).
• ec2_instance - add the possibility to upgrade / downgrade existing ec2 instance type (#469).
• ec2_instance - refactored code to use AnsibleEC2Error and shared code from module_utils.ec2 (#2192).
• ec2_instance_info - Replaced call to deprecated function datetime.utcnow() by datetime.now(timezone.utc) (#2192).
• ec2_instance_info - refactored code to use AnsibleEC2Error and shared code from module_utils.ec2 (#2192).
• ec2_key - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2168).
• ec2_key_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2168).
• ec2_security_group - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2169).
• ec2_security_group_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2169).
• ec2_snapshot - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2099).
• ec2_snapshot_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2099).
• ec2_spot_instance - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (#2099).
• ec2_spot_instance_info - refactored code to use AnsibleEC2Error as well as moving shared code into module_utils.ec2 (<https://gith...

amazon.aws 8.2.1

Release Summary

This is a bugfix release for the iam_role module that resolves the issue where IAM instance profiles were being created when create_instance_profile was set to false and addresses the EntityAlreadyExists exception when the instance profile already existed.

Bugfixes

• iam_role - fixes EntityAlreadyExists exception when create_instance_profile was set to false and the instance profile already existed (#2102).
• iam_role - fixes issue where IAM instance profiles were created when create_instance_profile was set to false (#2281).

amazon.aws 8.2.0

Release Summary

The amazon.aws 8.2.0 release includes a number of bugfixes, some new features and improvements. This releases also introduces a deprecation for the amazon.aws.iam_role module, where support for creating and deleting IAM instance profiles using the create_instance_profile and delete_instance_profile options has been deprecated and will be removed in a release after 2026-05-01.

Minor Changes

• cloudwatch_metric_alarm - add support for evaluate_low_sample_count_percentile` parameter.
• cloudwatch_metric_alarm - support DatapointsToAlarm config (#2196).
• ec2_ami - Add support for uefi-preferred boot mode (#2253).
• ec2_instance - Add support for network_interfaces and network_interfaces_ids options replacing deprecated option network (#2123).
• ec2_instance - network.source_dest_check option has been deprecated and replaced by new option source_dest_check (#2123).
• ec2_instance - add the possibility to create instance with multiple network interfaces (#2123).
• ec2_metadata_facts - Add parameter metadata_token_ttl_seconds (#2209).
• rds_cluster - Add support for I/O-Optimized storage configuration for aurora clusters (#2063).
• rds_instance - snake case for parameter performance_insights_kms_key_id was incorrect according to boto documentation (#2163).
• s3_bucket - Add support for bucket inventories (https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html)
• s3_object - Add support for expected_bucket_owner option (#2114).
• ssm parameter lookup - add new option droppath to drop the hierarchical search path from ssm parameter lookup results (#1756).

Deprecated Features

• iam_role - support for creating and deleting IAM instance profiles using the create_instance_profile and delete_instance_profile options has been deprecated and will be removed in a release after 2026-05-01. To manage IAM instance profiles the amazon.aws.iam_instance_profile module can be used instead (#2221).

Bugfixes

• cloudwatch_metric_alarm - Fix idempotency when creating cloudwatch metric alarm without dimensions (#1865).
• ec2_instance - fix state processing when exact_count is used (#1659).
• rds_cluster - Limit params sent to api call to DBClusterIdentifier when using state started or stopped (#2197).
• route53 - modify the return value to return diff only when module._diff is set to true (#2136).
• s3_bucket - catch UnsupportedArgument when calling API GetBucketAccelerationConfig on region where it is not supported (#2180).
• s3_bucket - change the default behaviour of the new accelerate_enabled option to only update the configuration if explicitly passed (#2220).
• s3_bucket - fixes MethodNotAllowed exceptions caused by fetching transfer acceleration state in regions that don't support it (#2266).
• s3_bucket - fixes TypeError: cannot unpack non-iterable NoneType object errors related to bucket versioning, policies, tags or encryption (#2228).

amazon.aws 8.1.0

Release Summary

This release includes several documentation improvements and two new features for the s3_bucket module.

Minor Changes

• s3_bucket - Add object_lock_default_retention to set Object Lock default retention configuration for S3 buckets (#2062).
• s3_bucket - Add support for enabling Amazon S3 Transfer Acceleration by setting the accelerate_enabled option (#2046).

amazon.aws 8.0.1

Release Summary

This release includes some bug fixes for the s3_object, ec2_instance and backup_plan_info modules.

Bugfixes

• backup_plan_info - Bugfix to enable getting info of all backup plans (#2083).
• ec2_instance - do not ignore IPv6 addresses when a single network interface is specified (#1979).
• s3_object - fixed issue which was causing MemoryError exceptions when downloading large files (#2107).

amazon.aws 7.6.1

Release Summary

This release includes some bug fixes for the ec2_instance and backup_plan_info modules.

Bugfixes

• backup_plan_info - Bugfix to enable getting info of all backup plans (#2083).
• ec2_instance - do not ignore IPv6 addresses when a single network interface is specified (#1979).

amazon.aws 8.0.0

Release Summary

This major release brings several new features, bug fixes, and deprecated features. It also includes the removal of some functionality for iam_role, iam_role_info and module_utils.policy that were previously deprecated. We have also removed support for ansible-core<2.15.

Minor Changes

• autoscaling_group - removed unused code (#1996).
• cloudformation - apply automatic retries when paginating through stack events without a filter (#2049).
• cloudtrail - removed unused code (#1996).
• ec2_instance - removed unused code (#1996).
• ec2_vol - Ensure volume state is not one of deleted or deleting when trying to delete volume, to guaranty idempotency (#2052).
• ec2_vol - removed unused code (#1996).
• elb_classic_lb - removed unused code (#1996).
• kms_key - removed unused code (#1996).
• lambda_event - Add support for setting the maximum_batching_window_in_seconds option (#2025).
• module_uils/botocore - support sets and tuples of errors as well as lists (#1829).
• module_utils/elbv2 - Add support for adding listener with multiple certificates during ALB creation. Allows elb_application_elb module to handle mentioned use case. (#1950).
• module_utils/elbv2 - Add the possibility to update SslPolicy, Certificates and AlpnPolicy for TLS listeners (#1198).
• rds_instance - Allow passing empty list to enable_cloudwatch_logs_exports in order to remove all existing exports (#1917).
• s3_bucket - refactor s3_bucket module code for improved readability and maintainability (#2057).
• s3_object - removed unused code (#1996).

Breaking Changes / Porting Guide

• amazon.aws collection - Support for ansible-core < 2.15 has been dropped (#2093).
• iam_role - iam_role.assume_role_policy_document is no longer converted from CamelCase to snake_case (#2040).
• iam_role_info - iam_role.assume_role_policy_document is no longer converted from CamelCase to snake_case (#2040).
• kms_key - the policies return value has been renamed to key_policies the contents has not been changed (#2040).
• kms_key_info - the policies return value has been renamed to key_policies the contents has not been changed (#2040).
• lambda_event - | batch_size no longer defaults to 100. According to the boto3 API (https://boto3.amazonaws.com/v1/documentation/api/1.26.78/reference/services/lambda.html#Lambda.Client.create_event_source_mapping), batch_size defaults to 10 for sqs sources and to 100 for stream sources (#2025).

Deprecated Features

• aws_ec2 inventory plugin - removal of the previously deprecated include_extra_api_calls option has been assigned to release 9.0.0 (#2040).
• cloudformation - the template parameter has been deprecated and will be removed in a release after 2026-05-01. The template_body parameter can be used in conjungtion with the lookup plugin (#2048).
• iam_policy - removal of the previously deprecated policies return key has been assigned to release 9.0.0. Use the policy_names return key instead (#2040).
• module_utils.botocore - the boto3 parameter for get_aws_connection_info() will be removed in a release after 2025-05-01. The boto3 parameter has been ignored since release 4.0.0 (#2047).
• module_utils.botocore - the boto3 parameter for get_aws_region() will be removed in a release after 2025-05-01. The boto3 parameter has been ignored since release 4.0.0 (#2047).
• module_utils.ec2 - the boto3 parameter for get_ec2_security_group_ids_from_names() will be removed in a release after 2025-05-01. The boto3 parameter has been ignored since release 4.0.0 (#2047).
• rds_param_group - the rds_param_group module has been renamed to rds_instance_param_group. The usage of the module has not changed. The rds_param_group alias will be removed in version 10.0.0 (#2058).

Removed Features (previously deprecated)

• iam_role - the iam_role.assume_role_policy_document_raw return value has been deprecated. iam_role.assume_role_policy_document now returns the same format as iam_role.assume_role_policy_document_raw (#2040).
• iam_role_info - the iam_role.assume_role_policy_document_raw return value has been deprecated. iam_role.assume_role_policy_document now returns the same format as iam_role.assume_role_policy_document_raw (#2040).
• module_utils.policy - the previously deprecated sort_json_policy_dict() function has been removed, consider using compare_policies() instead (#2052).

Bugfixes

• elb_classic_lb - fixes bug where proxy_protocol not being set or being set to None may result in unexpected behaviour or errors (#2049).
• lambda_event - Fix when batch_size is greater than 10, by enabling support for setting maximum_batching_window_in_seconds (#2025).
• lambda_event - Retrieve function ARN using AWS API (get_function) instead of building it with AWS account information (#1859).

amazon.aws 7.6.0

Release Summary

This release brings several bugfixes, minor changes and some new rds modules (rds_cluster_param_group, rds_cluster_param_group_info and rds_engine_versions_info). It also introduces a deprecation for the cloudformation module.

Minor Changes

• ec2_instance - add support for host option in placement.tenancy (#2026).
• ec2_vol - Ensure volume state is not one of deleted or deleting when trying to delete volume, to guaranty idempotency (#2052).

Deprecated Features

• cloudformation - the template parameter has been deprecated and will be removed in a release after 2026-05-01. The template_body parameter can be used in conjungtion with the lookup plugin (#2048).
• module_utils.botocore - the boto3 parameter for get_aws_connection_info() will be removed in a release after 2025-05-01. The boto3 parameter has been ignored since release 4.0.0 (#2047).
• module_utils.botocore - the boto3 parameter for get_aws_region() will be removed in a release after 2025-05-01. The boto3 parameter has been ignored since release 4.0.0 (#2047).
• module_utils.ec2 - the boto3 parameter for get_ec2_security_group_ids_from_names() will be removed in a release after 2025-05-01. The boto3 parameter has been ignored since release 4.0.0 (#2047).

Bugfixes

• iam_managed_policy - fixes bug that causes ParamValidationError when attempting to delete a policy that's attached to a role or a user (#2067).
• iam_role_info - fixes bug in handling paths missing the / prefix and/or suffix (#2065).
• s3_object - fix idempotency issue when copying object uploaded using multipart upload (#2016).

New Modules

• rds_cluster_param_group - Manage RDS cluster parameter groups
• rds_cluster_param_group_info - Describes the properties of specific RDS cluster parameter group.
• rds_engine_versions_info - Describes the properties of specific versions of DB engines.

amazon.aws 7.5.0

Release Summary

This release includes a new feature for the iam_user_info module, bugfixes for the cloudwatchlogs_log_group_info and s3_object modules and the inventory plugins, and some internal refactoring of module_utils.

Minor Changes

• iam_user_info - Add login_profile to return info that is get from a user, to know if they can login from AWS console (#2012).
• module_utils.iam - refactored normalization functions to use boto3_resource_to_ansible_dict() and boto3_resource_list_to_ansible_dict() (#2006).
• module_utils.transformations - add boto3_resource_to_ansible_dict() and boto3_resource_list_to_ansible_dict() helpers (#2006).

Bugfixes

• cloudwatchlogs_log_group_info - Implement exponential backoff when making API calls to prevent throttling exceptions (#2011).
• plugin_utils.inventory - Ensure templated options in lookup plugins are converted (#1955).
• s3_object - Fix the issue when copying an object with overriding metadata. (#1991).

amazon.aws 6.5.4

Release Summary

This release includes bugfixes for the cloudwatchlogs_log_group_info module and the inventory plugins.

Bugfixes

• cloudwatchlogs_log_group_info - Implement exponential backoff when making API calls to prevent throttling exceptions (#2011).
• plugin_utils.inventory - Ensure templated options in lookup plugins are converted (#1955).