Update Terraform aws to v5.91.0

[usa-reddragon-renovate-ce]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	5.90.1 -> 5.91.0

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.91.0

Compare Source

NOTES:

• resource/aws_network_interface_permission: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing (#​40797)

FEATURES:

• New Resource: aws_network_interface_permission (#​40797)
• New Resource: aws_route53_records_exclusive (#​41741)

ENHANCEMENTS:

• resource/aws_codebuild_project: Add secondary_sources.auth configuration block (#​40191)
• resource/aws_kinesis_firehose_delivery_stream: Add msk_source_configuration.read_from_timestamp argument (#​41794)
• resource/aws_route53_hosted_zone_dnssec: Add configurable operation timeouts (#​41741)
• resource/aws_route53_key_signing_key: Add configurable operation timeouts (#​41741)
• resource/aws_route53_record: Add configurable operation timeouts (#​41741)
• resource/aws_route53_zone: Add configurable operation timeouts (#​41741)
• resource/aws_route53_zone_association: Add configurable operation timeouts (#​41741)
• resource/aws_timestreaminfluxdb_db_instance: Add network_type and port attributes. The following can now be updated in place: allocated_storage, db_instance_type, db_storage_type and deployment_type (#​40661)
• resource/aws_vpc_ipv4_cidr_block_association: Support optional import of the ipv4_ipam_pool_id and ipv4_netmask_length attributes (#​41779)
• resource/aws_vpc_ipv6_cidr_block_association: Support optional import of the ipv6_ipam_pool_id and ipv6_netmask_length attributes (#​41779)
• resource/aws_wafv2_ip_set: Add name_prefix argument and plan-time validation of name (#​40889)
• resource/aws_wafv2_regex_pattern_set: Add name_prefix argument and plan-time validation of name (#​40889)
• resource/aws_wafv2_web_acl: Add name_prefix argument (#​40889)
• resource/aws_wafv2_web_acl: Add rule.challenge_config argument (#​40123)

BUG FIXES:

• resource/aws_msk_cluster: Ensure that storage_mode updates are actually applied to the cluster (#​41773)

---

Configuration

📅 Schedule: Branch creation - "after 1:00am, before 5:00am" in timezone America/Chicago, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

GCP Terraform Checks

✅ Terraform Format and Style Passed

✅ Terraform Initialization Passed

✅ Terraform Validation Passed

✅ Terraform Plan Passed

terraform plan output

data.cloudflare_zone.site-zone: Reading...
data.cloudflare_zone.site-zone: Read complete after 0s [id=1896d1131a72f9255386a78c50024864]
data.google_compute_image.ubuntu: Reading...
data.google_compute_image.ubuntu: Read complete after 1s [id=projects/ubuntu-os-cloud/global/images/ubuntu-2204-jammy-v20250305]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # cloudflare_record.record will be created
  + resource "cloudflare_record" "record" {
      + allow_overwrite = false
      + content         = (known after apply)
      + created_on      = (known after apply)
      + hostname        = (known after apply)
      + id              = (known after apply)
      + metadata        = (known after apply)
      + modified_on     = (known after apply)
      + name            = "dallas.aredn"
      + proxiable       = (known after apply)
      + proxied         = false
      + ttl             = (known after apply)
      + type            = "A"
      + value           = (known after apply)
      + zone_id         = "1896d1131a72f9255386a78c50024864"
    }

  # cloudflare_record.supernode-record will be created
  + resource "cloudflare_record" "supernode-record" {
      + allow_overwrite = false
      + content         = (known after apply)
      + created_on      = (known after apply)
      + hostname        = (known after apply)
      + id              = (known after apply)
      + metadata        = (known after apply)
      + modified_on     = (known after apply)
      + name            = "supernode.dallas.aredn"
      + proxiable       = (known after apply)
      + proxied         = false
      + ttl             = (known after apply)
      + type            = "A"
      + value           = (known after apply)
      + zone_id         = "1896d1131a72f9255386a78c50024864"
    }

  # google_compute_address.ip will be created
  + resource "google_compute_address" "ip" {
      + address            = (known after apply)
      + address_type       = "EXTERNAL"
      + creation_timestamp = (known after apply)
      + effective_labels   = {
          + "goog-terraform-provisioned" = "true"
        }
      + id                 = (known after apply)
      + label_fingerprint  = (known after apply)
      + name               = "ki5vmf-dallas-gcp"
      + network_tier       = (known after apply)
      + prefix_length      = (known after apply)
      + project            = "supernode-401805"
      + purpose            = (known after apply)
      + region             = (known after apply)
      + self_link          = (known after apply)
      + subnetwork         = (known after apply)
      + terraform_labels   = {
          + "goog-terraform-provisioned" = "true"
        }
      + users              = (known after apply)
    }

  # google_compute_instance.default will be created
  + resource "google_compute_instance" "default" {
      + allow_stopping_for_update = true
      + can_ip_forward            = false
      + cpu_platform              = (known after apply)
      + creation_timestamp        = (known after apply)
      + current_status            = (known after apply)
      + deletion_protection       = false
      + effective_labels          = {
          + "goog-terraform-provisioned" = "true"
        }
      + id                        = (known after apply)
      + instance_id               = (known after apply)
      + label_fingerprint         = (known after apply)
      + machine_type              = "e2-highcpu-2"
      + metadata                  = (known after apply)
      + metadata_fingerprint      = (known after apply)
      + metadata_startup_script   = (sensitive value)
      + min_cpu_platform          = (known after apply)
      + name                      = "ki5vmf-dallas-gcp"
      + project                   = "supernode-401805"
      + self_link                 = (known after apply)
      + tags                      = [
          + "http-server",
          + "https-server",
          + "vtun-server",
          + "vtun-supernode-server",
          + "wireguard-server",
        ]
      + tags_fingerprint          = (known after apply)
      + terraform_labels          = {
          + "goog-terraform-provisioned" = "true"
        }
      + zone                      = "us-south1-b"

      + boot_disk {
          + auto_delete                = true
          + device_name                = (known after apply)
          + disk_encryption_key_sha256 = (known after apply)
          + kms_key_self_link          = (known after apply)
          + mode                       = "READ_WRITE"
          + source                     = (known after apply)

          + initialize_params {
              + image                  = "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-2204-jammy-v20250305"
              + labels                 = (known after apply)
              + provisioned_iops       = (known after apply)
              + provisioned_throughput = (known after apply)
              + resource_policies      = (known after apply)
              + size                   = 10
              + type                   = "pd-ssd"
            }
        }

      + confidential_instance_config (known after apply)

      + guest_accelerator (known after apply)

      + network_interface {
          + internal_ipv6_prefix_length = (known after apply)
          + ipv6_access_type            = (known after apply)
          + ipv6_address                = (known after apply)
          + name                        = (known after apply)
          + network                     = "default"
          + network_attachment          = (known after apply)
          + network_ip                  = (known after apply)
          + stack_type                  = (known after apply)
          + subnetwork                  = (known after apply)
          + subnetwork_project          = (known after apply)

          + access_config {
              + nat_ip       = (known after apply)
              + network_tier = (known after apply)
            }
        }

      + reservation_affinity (known after apply)

      + scheduling (known after apply)
    }

  # tls_private_key.key will be created
  + resource "tls_private_key" "key" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 4096
    }

Plan: 5 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + key       = (sensitive value)
  + public-ip = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

[github-actions]

AWS Terraform Checks

✅ Terraform Format and Style Passed

✅ Terraform Initialization Passed

✅ Terraform Validation Passed

✅ Terraform Plan Passed

terraform plan output

data.cloudflare_zone.site-zone: Reading...
data.aws_ami.ubuntu-jammy: Reading...
data.cloudflare_zone.site-zone: Read complete after 0s [id=1896d1131a72f9255386a78c50024864]
data.aws_ami.ubuntu-jammy: Read complete after 1s [id=ami-0967e5535761d839e]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_eip.ip will be created
  + resource "aws_eip" "ip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags_all             = (known after apply)
      + vpc                  = (known after apply)
    }

  # aws_instance.node will be created
  + resource "aws_instance" "node" {
      + ami                                  = "ami-0967e5535761d839e"
      + arn                                  = (known after apply)
      + associate_public_ip_address          = (known after apply)
      + availability_zone                    = "us-east-1a"
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + enable_primary_ipv6                  = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = (known after apply)
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_lifecycle                   = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = "t4g.small"
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = "KI5VMF-CLOUD-TUNNEL"
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = (known after apply)
      + source_dest_check                    = true
      + spot_instance_request_id             = (known after apply)
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Name" = "KI5VMF-CLOUD-TUNNEL"
        }
      + tags_all                             = {
          + "Name" = "KI5VMF-CLOUD-TUNNEL"
        }
      + tenancy                              = (known after apply)
      + user_data                            = (sensitive value)
      + user_data_base64                     = (known after apply)
      + user_data_replace_on_change          = true
      + vpc_security_group_ids               = (known after apply)

      + capacity_reservation_specification (known after apply)

      + cpu_options (known after apply)

      + ebs_block_device (known after apply)

      + enclave_options (known after apply)

      + ephemeral_block_device (known after apply)

      + instance_market_options (known after apply)

      + maintenance_options (known after apply)

      + metadata_options (known after apply)

      + network_interface (known after apply)

      + private_dns_name_options (known after apply)

      + root_block_device {
          + delete_on_termination = true
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + tags_all              = (known after apply)
          + throughput            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = 8
          + volume_type           = "gp2"
        }
    }

  # aws_key_pair.key will be created
  + resource "aws_key_pair" "key" {
      + arn             = (known after apply)
      + fingerprint     = (known after apply)
      + id              = (known after apply)
      + key_name        = "KI5VMF-CLOUD-TUNNEL"
      + key_name_prefix = (known after apply)
      + key_pair_id     = (known after apply)
      + key_type        = (known after apply)
      + public_key      = (known after apply)
      + tags_all        = (known after apply)
    }

  # aws_security_group.allow-vpn will be created
  + resource "aws_security_group" "allow-vpn" {
      + arn                    = (known after apply)
      + description            = "Security Group for VTun VPN"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
                # (1 unchanged attribute hidden)
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 51820
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "udp"
              + security_groups  = []
              + self             = false
              + to_port          = 51820
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 5525
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 5525
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 5526
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 5526
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 9001
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 9001
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 9002
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 9002
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 9100
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 9100
                # (1 unchanged attribute hidden)
            },
        ]
      + name                   = "KI5VMF-CLOUD-TUNNEL-vpn"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # cloudflare_record.record will be created
  + resource "cloudflare_record" "record" {
      + allow_overwrite = false
      + content         = (known after apply)
      + created_on      = (known after apply)
      + hostname        = (known after apply)
      + id              = (known after apply)
      + metadata        = (known after apply)
      + modified_on     = (known after apply)
      + name            = "aredn-cloud-node"
      + proxiable       = (known after apply)
      + proxied         = false
      + ttl             = (known after apply)
      + type            = "A"
      + value           = (known after apply)
      + zone_id         = "1896d1131a72f9255386a78c50024864"
    }

  # tls_private_key.key will be created
  + resource "tls_private_key" "key" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 4096
    }

Plan: 6 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + key       = (sensitive value)
  + public-ip = (known after apply)

Warning: Value for undeclared variable

The root module does not declare a variable named "map-config-json" but a
value was found in file "variables.tfvars". If you meant to use this value,
add a "variable" block to the configuration.

To silence these warnings, use TF_VAR_... environment variables to provide
certain "global" settings to all configurations in your organization. To
reduce the verbosity of these warnings, use the -compact-warnings option.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.