Bump the terraform-all-dependencies group in /infra/shared with 2 updates

[dependabot]

Bumps the terraform-all-dependencies group in /infra/shared with 2 updates: hashicorp/aws and hashicorp/awscc.

Updates hashicorp/aws from 6.45.0 to 6.46.0

Release notes

Sourced from hashicorp/aws's releases.

v6.46.0

6.46.0 (May 20, 2026)

NOTES:

• resource/aws_xray_resource_policy: Changes to policy_name now force resource recreation. Technically this is a breaking change but the resource did not function correctly previously; updating policy_name would leave an orphaned policy with the old name in AWS (#47948)

FEATURES:

• New List Resource: aws_bedrockagentcore_harness (#47725)
• New List Resource: aws_iam_access_key (#47966)
• New List Resource: aws_observabilityadmin_telemetry_rule_for_organization (#47920)
• New List Resource: aws_route53_vpc_association_authorization (#47905)
• New List Resource: aws_route53_zone_association (#47950)
• New List Resource: aws_securityhub_automation_rule_v2 (#47677)
• New Resource: aws_bedrockagentcore_harness (#47725)
• New Resource: aws_observabilityadmin_telemetry_rule_for_organization (#47920)
• New Resource: aws_securityhub_automation_rule_v2 (#47677)
• New Resource: aws_xray_indexing_rule (#47975)
• New Resource: aws_xray_trace_segment_destination (#47961)

ENHANCEMENTS:

• data-source/aws_ec2_local_gateway_virtual_interface: Add outpost_lag_id and local_gateway_virtual_interface_group_id attributes (#47974)
• data-source/aws_opensearch_domain: Add jwt_options block to fix "Invalid address to set" error (#47874)
• resource/aws_bedrockagent_agent: Increase maximum value of idle_session_ttl_in_seconds from 3600 to 5400 to match the AWS API limit (#47890)
• resource/aws_bedrockagentcore_agent_runtime: Add filesystem_configuration argument for mounting session storage, Amazon S3 Files access points, or Amazon EFS access points into the agent runtime (#47810)
• resource/aws_cloudfront_distribution: Add cache_tag_config configuration block (#47872)
• resource/aws_iam_access_key: Add resource identity support (#47966)
• resource/aws_route53_vpc_association_authorization: Add resource identity support (#47905)
• resource/aws_route53_zone_association: Add resource identity support (#47950)
• resource/aws_vpclattice_resource_gateway: Add resource_config_dns_resolution argument (#47879)
• resource/aws_xray_resource_policy: Add Resource Identity support (#47948)
• resource/aws_xray_sampling_rule: Add Resource Identity support (#47948)

BUG FIXES:

• resource/aws_s3_bucket: Defer to the corresponding dedicated standalone resource for each deprecated nested attribute (acceleration_status, acl, cors_rule, grant, lifecycle_rule, logging, object_lock_configuration, policy, replication_configuration, request_payer, server_side_encryption_configuration, versioning, website) when the attribute is not set in configuration, preventing similar fights between the bucket resource and its standalone counterparts (#47962)
• resource/aws_s3_bucket: Fix InvalidRequest: SourceSelectionCriteria cannot be empty errors on unrelated updates (e.g. tags) when replication is managed by the dedicated aws_s3_bucket_replication_configuration resource using replica_modifications (#47962)
• resource/aws_xray_resource_policy: Fix Provider returned invalid result object after apply errors on Update (#47948)
• resource/aws_xray_resource_policy: Mark policy_name as as ForceNew (#47948)

Changelog

Sourced from hashicorp/aws's changelog.

6.46.0 (May 20, 2026)

NOTES:

• resource/aws_xray_resource_policy: Changes to policy_name now force resource recreation. Technically this is a breaking change but the resource did not function correctly previously; updating policy_name would leave an orphaned policy with the old name in AWS (#47948)

FEATURES:

• New List Resource: aws_bedrockagentcore_harness (#47725)
• New List Resource: aws_iam_access_key (#47966)
• New List Resource: aws_observabilityadmin_telemetry_rule_for_organization (#47920)
• New List Resource: aws_route53_vpc_association_authorization (#47905)
• New List Resource: aws_route53_zone_association (#47950)
• New List Resource: aws_securityhub_automation_rule_v2 (#47677)
• New Resource: aws_bedrockagentcore_harness (#47725)
• New Resource: aws_observabilityadmin_telemetry_rule_for_organization (#47920)
• New Resource: aws_securityhub_automation_rule_v2 (#47677)
• New Resource: aws_xray_indexing_rule (#47975)
• New Resource: aws_xray_trace_segment_destination (#47961)

ENHANCEMENTS:

• data-source/aws_ec2_local_gateway_virtual_interface: Add outpost_lag_id and local_gateway_virtual_interface_group_id attributes (#47974)
• data-source/aws_opensearch_domain: Add jwt_options block to fix "Invalid address to set" error (#47874)
• resource/aws_bedrockagent_agent: Increase maximum value of idle_session_ttl_in_seconds from 3600 to 5400 to match the AWS API limit (#47890)
• resource/aws_bedrockagentcore_agent_runtime: Add filesystem_configuration argument for mounting session storage, Amazon S3 Files access points, or Amazon EFS access points into the agent runtime (#47810)
• resource/aws_cloudfront_distribution: Add cache_tag_config configuration block (#47872)
• resource/aws_iam_access_key: Add resource identity support (#47966)
• resource/aws_route53_vpc_association_authorization: Add resource identity support (#47905)
• resource/aws_route53_zone_association: Add resource identity support (#47950)
• resource/aws_vpclattice_resource_gateway: Add resource_config_dns_resolution argument (#47879)
• resource/aws_xray_resource_policy: Add Resource Identity support (#47948)
• resource/aws_xray_sampling_rule: Add Resource Identity support (#47948)

BUG FIXES:

• resource/aws_s3_bucket: Defer to the corresponding dedicated standalone resource for each deprecated nested attribute (acceleration_status, acl, cors_rule, grant, lifecycle_rule, logging, object_lock_configuration, policy, replication_configuration, request_payer, server_side_encryption_configuration, versioning, website) when the attribute is not set in configuration, preventing similar fights between the bucket resource and its standalone counterparts (#47962)
• resource/aws_s3_bucket: Fix InvalidRequest: SourceSelectionCriteria cannot be empty errors on unrelated updates (e.g. tags) when replication is managed by the dedicated aws_s3_bucket_replication_configuration resource using replica_modifications (#47962)
• resource/aws_xray_resource_policy: Fix Provider returned invalid result object after apply errors on Update (#47948)
• resource/aws_xray_resource_policy: Mark policy_name as as ForceNew (#47948)

Commits

• 2d2f68c Merge pull request #47992 from hashicorp/t-update-changelog-version
• 78a96c6 Update changelog + version
• d08ade5 Merge pull request #47990 from hashicorp/f-new-swissshepherd
• ab758b8 Update tools: swissshepherd
• 8ae5266 Doc fixes
• adf9a80 docs: Fix argument ordering per swissshepherd (batch 8)
• 3b6a31c docs: Fix argument ordering per swissshepherd (batch 7)
• 8016bb4 docs: Fix argument ordering per swissshepherd (batch 6)
• 77c25a8 docs: Fix argument ordering per swissshepherd (batch 5)
• df7e192 docs: Fix argument ordering per swissshepherd (batch 4)
• Additional commits viewable in compare view

Updates hashicorp/awscc from 1.84.0 to 1.85.0

Release notes

Sourced from hashicorp/awscc's releases.

v1.85.0

1.85.0 (May 20, 2026)

BUG FIXES:

• provider: Fix diff showing after upgrade for resources whose list-type attributes (e.g. tags, vpc_config.subnet_ids, load_balancer_attributes) were stored in a different order than CloudFormation returns them. (#3059)

FEATURES:

• New Data Source: awscc_bedrockagentcore_payment_credential_provider
• New Data Source: awscc_bedrockagentcore_payment_credential_providers
• New List Resource: awscc_bedrockagentcore_payment_credential_provider
• New Resource: awscc_bedrockagentcore_payment_credential_provider

Changelog

Sourced from hashicorp/awscc's changelog.

1.85.0 (May 20, 2026)

BUG FIXES:

• provider: Fix diff showing after upgrade for resources whose list-type attributes (e.g. tags, vpc_config.subnet_ids, load_balancer_attributes) were stored in a different order than CloudFormation returns them. (#3059)

FEATURES:

• New Data Source: awscc_bedrockagentcore_payment_credential_provider
• New Data Source: awscc_bedrockagentcore_payment_credential_providers
• New List Resource: awscc_bedrockagentcore_payment_credential_provider
• New Resource: awscc_bedrockagentcore_payment_credential_provider

Commits

• b595ca2 Merge pull request #3164 from hashicorp/2026-05-20-schema-updates
• 574337e Update version
• 47f8dc8 2026-05-20 Documentation; Update generated documentation
• 2eca1b6 Update changelog
• 2412d98 2026-05-20 CloudFormation schemas in us-east-1; Generate Terraform data sourc...
• db1cd22 2026-05-20 CloudFormation schemas in us-east-1; Generate Terraform resource s...
• 579f26a 2026-05-20 CloudFormation schemas in us-east-1; New schemas
• 8570450 2026-05-20 CloudFormation schemas in us-east-1; Refresh existing schemas
• dcf044b Merge pull request #3059 from AviorSchreiber/b-key-value-list-ordering-plan-diff
• ba80ac4 build(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (#3156)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Note

Provider lock files have been automatically updated

This Dependabot PR modified infra/shared/versions.tf, so the corresponding
.terraform.lock.hcl files have been automatically updated and committed.

The changes are ready for review and merge.

Important

The actions have not been run on this PR since the lock files were updated, because GHA won't run push actions when the commit has been made by a bot.
To get the CI checks to run, you will need to amend the PR:

1. Check out the PR branch locally: git checkout dependabot/terraform/infra/shared/main/terraform-all-dependencies-a5a94fd80d
2. Pull the latest changes: git pull
3. Make a no-op amendment: git commit --amend --no-edit
4. Push the amended commit: git push --force-with-lease

This will trigger the CI checks to run with the updated lock files.

Warning

If dependabot has attempted to modify the PR (i.e. if there are new dependency updates available), comment @dependabot recreate and it'll recreate the PR from scratch (allowing the lock files to be updated correctly).