Updatestf-azure

Terraform Azure Provider: 19 New Features in Cognitive Account Project, Managed Redis Access Policy Assignment

v4.59.0v4.60.0Verified February 18, 2026

Quick Summary

This release includes 24 changes, with 19 new features and 5 behavior updates, affecting various Azure resources such as API management, application gateways, and cognitive accounts. The updates introduce new data sources, resources, and properties, while also fixing issues related to identity, node pool cycling, and diagnostic settings. To ensure a smooth upgrade, it's essential to review the changes and follow the migration playbook. The updates are part of the v4.60.0 release, and it's recommended to verify the changes after upgrading.

Changes by Severity

#### 🟡 Plan Ahead

The azurerm_cognitive_account_project, azurerm_managed_redis_access_policy_assignment, and azurerm_oracle_database_system_versions resources have new data sources available. Additionally, the azurerm_api_management_workspace_named_value, azurerm_data_factory_linked_service_sql_managed_instance, and azurerm_managed_redis_access_policy_assignment resources have been introduced. The azurerm_mysql_flexible_database, azurerm_service_plan, and azurerm_postgresql_flexible_server resources now have new list resources available.

#### 🟢 Informational

The azurerm_application_gateway resource now supports 2.2 to waf_configuration.rule_set_version and MS-ThreatIntel-XSS to waf_configuration.disabled_rule_group.rule_group_name. The azurerm_express_route_port resource supports GcmAesXpn128 and GcmAesXpn256 ciphers to link*.macsec_cipher. The azurerm_web_application_firewall_policy resource supports 2.2 to managed_rules.managed_rule_set.version and managed_rules.exclusion.excluded_rule_set.version, as well as MS-ThreatIntel-XSS to managed_rules.managed_rule_set.rule_group_override.rule_group_name and managed_rules.exclusion.excluded_rule_set.rule_group.rule_group_name.

Migration Playbook

1. Review new data sources: Familiarize yourself with the new data sources available for azurerm_cognitive_account_project, azurerm_managed_redis_access_policy_assignment, and azurerm_oracle_database_system_versions.

2. Update resource configurations: Update your resource configurations to use the new resources, such as azurerm_api_management_workspace_named_value and azurerm_data_factory_linked_service_sql_managed_instance.

3. Use new list resources: Utilize the new list resources available for azurerm_mysql_flexible_database, azurerm_service_plan, and azurerm_postgresql_flexible_server.

4. Configure WAF settings: Configure the WAF settings for azurerm_application_gateway to use the new rule set version and disabled rule group.

5. Update Express Route Port settings: Update the Express Route Port settings to use the new ciphers.

Verification Checklist

  • ☐ Verify that the new data sources are available and functioning correctly.
  • ☐ Confirm that the new resources are created and configured correctly.
  • ☐ Test the new list resources to ensure they are returning the expected results.
  • ☐ Validate that the WAF settings are configured correctly and functioning as expected.
  • ☐ Check that the Express Route Port settings are updated and working correctly.
  • ☐ Review the logs to ensure that there are no errors or issues related to the upgrade.

    • References

    * [Release v4.60.0](https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v4.60.0)

    * [Release v4.59.0](https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v4.59.0)

    Last verified at: 2026-02-18T13:46:24.796951+00:00

    📎 Sources