Bump hashicorp/aws from 6.37.0 to 6.38.0 in /.review_apps in the terraform-all-dependencies group

[dependabot]

Bumps the terraform-all-dependencies group in /.review_apps with 1 update: hashicorp/aws.

Updates hashicorp/aws from 6.37.0 to 6.38.0

Release notes

Sourced from hashicorp/aws's releases.

v6.38.0

6.38.0 (March 25, 2026)

FEATURES:

• New Action: aws_dms_start_replication_task_assessment_run (#47058)
• New Data Source: aws_dynamodb_backups (#47036)
• New Data Source: aws_msk_topic (#46490)
• New Data Source: aws_savingsplans_offerings (#47081)
• New List Resource: aws_msk_cluster (#46490)
• New List Resource: aws_msk_serverless_cluster (#46490)
• New List Resource: aws_msk_topic (#46490)
• New List Resource: aws_route53_resolver_rule (#47063)
• New List Resource: aws_sagemaker_algorithm (#47051)
• New List Resource: aws_ssm_document (#46974)
• New List Resource: aws_ssoadmin_account_assignment (#47067)
• New List Resource: aws_vpc_endpoint (#46977)
• New List Resource: aws_workmail_domain (#46931)
• New Resource: aws_msk_topic (#46490)
• New Resource: aws_observabilityadmin_telemetry_enrichment (#47089)
• New Resource: aws_sagemaker_algorithm (#47051)
• New Resource: aws_workmail_default_domain (#46931)
• New Resource: aws_workmail_domain (#46931)

ENHANCEMENTS:

• data-source/aws_networkfirewall_firewall_policy: Add firewall_policy.enable_tls_session_holding attribute (#47065)
• resource/aws_bedrockagentcore_agent_runtime: Add authorizer_configuration.custom_jwt_authorizer.custom_claim configuration block (#47049)
• resource/aws_bedrockagentcore_gateway: Add authorizer_configuration.custom_jwt_authorizer.custom_claim configuration block (#47049)
• resource/aws_bedrockagentcore_gateway_target: Add target_configuration.mcp.api_gateway configuration block (#46916)
• resource/aws_dynamodb_table: Add restore_backup_arn argument (#47068)
• resource/aws_fis_experiment_template: Support KinesisStreams as a value for action.target.key (#47010)
• resource/aws_fis_experiment_template: Support VPCEndpoints as a value for action.target.key (#47045)
• resource/aws_mq_broker: Change user block to Optional (#46883)
• resource/aws_msk_cluster: Add resource identity support (#46490)
• resource/aws_msk_serverless_cluster: Add resource identity support (#46490)
• resource/aws_networkfirewall_firewall_policy: Add firewall_policy.enable_tls_session_holding argument (#47065)
• resource/aws_securityhub_insight: Add filters.aws_account_name configuration block (#47027)
• resource/aws_securityhub_insight: Add filters.compliance_associated_standards_id configuration block (#47027)
• resource/aws_securityhub_insight: Add filters.compliance_security_control_id configuration block (#47027)
• resource/aws_securityhub_insight: Add filters.compliance_security_control_parameters_name configuration block (#47027)
• resource/aws_securityhub_insight: Add filters.compliance_security_control_parameters_value configuration block (#47027)
• resource/aws_ssoadmin_account_assignment: Add Resource Identity support (#47067)

BUG FIXES:

• resource/aws_api_gateway_method: Fix import to honor @region suffix when using resource-level region attribute (#47043)
• resource/aws_apigatewayv2_integration: Fix import to honor @region suffix when using resource-level region attribute (#47043)
• resource/aws_apigatewayv2_route: Fix import to honor @region suffix when using resource-level region attribute (#47043)
• resource/aws_apigatewayv2_stage: Fix import to honor @region suffix when using resource-level region attribute (#47043)

... (truncated)

Changelog

Sourced from hashicorp/aws's changelog.

6.38.0 (March 25, 2026)

FEATURES:

• New Action: aws_dms_start_replication_task_assessment_run (#47058)
• New Data Source: aws_dynamodb_backups (#47036)
• New Data Source: aws_msk_topic (#46490)
• New Data Source: aws_savingsplans_offerings (#47081)
• New List Resource: aws_msk_cluster (#46490)
• New List Resource: aws_msk_serverless_cluster (#46490)
• New List Resource: aws_msk_topic (#46490)
• New List Resource: aws_route53_resolver_rule (#47063)
• New List Resource: aws_sagemaker_algorithm (#47051)
• New List Resource: aws_ssm_document (#46974)
• New List Resource: aws_ssoadmin_account_assignment (#47067)
• New List Resource: aws_vpc_endpoint (#46977)
• New List Resource: aws_workmail_domain (#46931)
• New Resource: aws_msk_topic (#46490)
• New Resource: aws_observabilityadmin_telemetry_enrichment (#47089)
• New Resource: aws_sagemaker_algorithm (#47051)
• New Resource: aws_workmail_default_domain (#46931)
• New Resource: aws_workmail_domain (#46931)

ENHANCEMENTS:

• data-source/aws_networkfirewall_firewall_policy: Add firewall_policy.enable_tls_session_holding attribute (#47065)
• resource/aws_bedrockagentcore_agent_runtime: Add authorizer_configuration.custom_jwt_authorizer.custom_claim configuration block (#47049)
• resource/aws_bedrockagentcore_gateway: Add authorizer_configuration.custom_jwt_authorizer.custom_claim configuration block (#47049)
• resource/aws_bedrockagentcore_gateway_target: Add target_configuration.mcp.api_gateway configuration block (#46916)
• resource/aws_dynamodb_table: Add restore_backup_arn argument (#47068)
• resource/aws_fis_experiment_template: Support KinesisStreams as a value for action.target.key (#47010)
• resource/aws_fis_experiment_template: Support VPCEndpoints as a value for action.target.key (#47045)
• resource/aws_mq_broker: Change user block to Optional (#46883)
• resource/aws_msk_cluster: Add resource identity support (#46490)
• resource/aws_msk_serverless_cluster: Add resource identity support (#46490)
• resource/aws_networkfirewall_firewall_policy: Add firewall_policy.enable_tls_session_holding argument (#47065)
• resource/aws_securityhub_insight: Add filters.aws_account_name configuration block (#47027)
• resource/aws_securityhub_insight: Add filters.compliance_associated_standards_id configuration block (#47027)
• resource/aws_securityhub_insight: Add filters.compliance_security_control_id configuration block (#47027)
• resource/aws_securityhub_insight: Add filters.compliance_security_control_parameters_name configuration block (#47027)
• resource/aws_securityhub_insight: Add filters.compliance_security_control_parameters_value configuration block (#47027)
• resource/aws_ssoadmin_account_assignment: Add Resource Identity support (#47067)

BUG FIXES:

• resource/aws_api_gateway_method: Fix import to honor @region suffix when using resource-level region attribute (#47043)
• resource/aws_apigatewayv2_integration: Fix import to honor @region suffix when using resource-level region attribute (#47043)
• resource/aws_apigatewayv2_route: Fix import to honor @region suffix when using resource-level region attribute (#47043)
• resource/aws_apigatewayv2_stage: Fix import to honor @region suffix when using resource-level region attribute (#47043)
• resource/aws_appmesh_gateway_route: Fix import to honor @region suffix when using resource-level region attribute (#47043)

... (truncated)

Commits

• d3c45ac Update CHANGELOG.md for #47051
• 691c4c6 Merge pull request #47051 from hashicorp/f-aws_sagemaker_algorithm
• 5cba0f6 Update CHANGELOG.md for #47104
• 39ea9d7 Merge pull request #47104 from hashicorp/prepare6.38.0
• fe69f09 Prepare for v6.38.0 release.
• efaef74 Merge pull request #47089 from bonclay7/f-observabilityadmin_telemetry_enrich...
• a459501 Update CHANGELOG.md for #47058
• 727183b Merge pull request #47058 from hashicorp/f-start-assessment-run
• 5256e35 r/aws_observabilityadmin_telemetry_enrichment: We do need 'id' (at least for ...
• 6594917 build(deps): bump the aws-sdk-go-v2 group across 1 directory with 6 updates (...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

🎉 A review copy of this PR has been deployed! You can reach it at: https://pr-2685.admin.review.forms.service.gov.uk/

It may take 5 minutes or so for the application to be fully deployed and working. If it still isn't ready
after 5 minutes, there may be something wrong with the ECS task. You will need to go to the integration AWS account
to debug, or otherwise ask an infrastructure person.

For the sign in details and more information, see the review apps wiki page.