Update hashicorp/aws requirement from ~> 5.0 to ~> 6.23

[dependabot]

Updates the requirements on hashicorp/aws to permit the latest version.

Changelog

Sourced from hashicorp/aws's changelog.

6.23.0 (November 26, 2025)

NOTES:

• resource/aws_s3_bucket: To support ABAC (Attribute Based Access Control) in general purpose buckets, this resource will now attempt to send tags in the create request and use the S3 Control tagging APIs TagResource, UntagResource, and ListTagsForResource for read and update operations. The calling principal must have the corresponding s3:TagResource, s3:UntagResource, and s3:ListTagsForResource IAM permissions. If the principal lacks the appropriate permissions, the provider will fall back to tagging after creation and using the S3 tagging APIs PutBucketTagging, DeleteBucketTagging, and GetBucketTagging instead. With ABAC enabled, tag modifications may fail with the fall back behavior. See the AWS documentation for additional details on enabling ABAC in general purpose buckets. (#45251)

FEATURES:

• New Resource: aws_ecs_express_gateway_service (#45235)
• New Resource: aws_s3_bucket_abac (#45251)
• New Resource: aws_vpc_encryption_control (#45263)
• New Resource: aws_vpn_concentrator (#45175)

ENHANCEMENTS:

• action/aws_lambda_invoke: Add tenant_id argument (#45170)
• data-source/aws_eks_cluster: Add control_plane_scaling_config attribute (#45258)
• data-source/aws_lambda_function: Add tenancy_config attribute (#45170)
• data-source/aws_lambda_invocation: Add tenant_id argument (#45170)
• data-source/aws_vpn_connection: Add vpn_concentrator_id attribute (#45175)
• resoource/aws_ecs_capacity_provider: Add managed_instances_provider.infrastructure_optimization argument (#45142)
• resource/aws_docdb_cluster: Add network_type argument (#45140)
• resource/aws_docdb_subnet_group: Add supported_network_types attribute (#45140)
• resource/aws_eks_cluster: Add control_plane_scaling_config configuration block to support EKS Provisioned Control Plane (#45258)
• resource/aws_lambda_function: Add tenancy_config argument (#45170)
• resource/aws_lambda_invocation: Add tenant_id argument (#45170)
• resource/aws_s3_bucket: Tag on creation when the s3:TagResource permission is present (#45251)
• resource/aws_s3_bucket: Use the S3 Control tagging APIs when the s3:TagResource, s3:UntagResource, and s3:ListTagsForResource permissions are present (#45251)
• resource/aws_vpn_connection: Add vpn_concentrator_id argument to support Site-to-Site VPN Concentrator (#45175)

6.22.1 (November 21, 2025)

ENHANCEMENTS:

• resource/aws_fsx_openzfs_file_system: Support INTELLIGENT_TIERING storage type and add read_cache_configuration argument (#45159)
• resource/aws_msk_cluster: Add rebalancing configuration block to support intelligent rebalancing for Express broker clusters (#45073)

BUG FIXES:

• provider: Fix crash in required tag validation interceptor when tag values are unknown. This addresses a regression introduced in v6.22.0. (#45201)
• provider: Fix early return logic in the required tag validation interceptor. This addresses a performance regression introduced in v6.22.0. (#45201)
• resource/aws_accessanalyzer_analyzer: Fix interface conversion: interface {} is nil, not map[string]interface {} panics when configuration.unused_access.analysis_rule.exclusion.resource_tags contains null values (#45202)
• resource/aws_odb_cloud_vm_cluster: Fix incorrect validation error when arguments are configured using variables. This addresses a regression introduced in v6.22.0 (#45205)

6.22.0 (November 20, 2025)

NOTES:

• resource/aws_s3_bucket_server_side_encryption_configuration: Starting in March 2026, Amazon S3 will introduce a new default bucket security setting by automatically disabling server-side encryption with customer-provided keys (SSE-C) for all new buckets. Use the blocked_encryption_types argument to manage this behavior for specific buckets. (#45105)

... (truncated)

Commits

• c3023de Update CHANGELOG.md for #45277
• 6815f5d Merge pull request #45277 from hashicorp/prepare6.23.0
• bd79ef7 Merge pull request #45263 from hashicorp/f-vpc-encryption-controls
• d9e50d1 Document 'region' argument.
• cb1fdb1 Prepare for v6.23.0 release.
• c7c4b55 Merge pull request #45276 from sasidhar-aws/d_networkflowmonitor
• 286279a Update website/docs/r/networkflowmonitor_monitor.html.markdown
• eb8611c Merge pull request #45274 from tabito-hara/td-aws_organizations-add_new_policies
• bb55278 Adds CHANGELOG entry
• 3f21e1a Updates documentation from stub
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)