diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8865203b5..fe4fa4302 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
# Changelog
+## [6.2.0](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/6.1.2...6.2.0) (2023-03-22)
+
+
+### Features
+
+* show `config.toml` and user data in Terraform plan ([#754](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/754)) ([5b5c335](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/5b5c3354d56971786e9afe50e493fa2bde1bdbb4))
+
## [6.1.2](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/6.1.1...6.1.2) (2023-03-09)
diff --git a/README.md b/README.md
index 735a29a0f..a659dcc33 100644
--- a/README.md
+++ b/README.md
@@ -432,12 +432,14 @@ Made with [contributors-img](https://contrib.rocks).
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
| [aws](#requirement\_aws) | >= 4 |
+| [local](#requirement\_local) | >= 2.4.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 4.49.0 |
+| [local](#provider\_local) | >= 2.4.0 |
## Modules
@@ -489,6 +491,8 @@ Made with [contributors-img](https://contrib.rocks).
| [aws_security_group_rule.runner_ping_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_ssm_parameter.runner_registration_token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
| [aws_ssm_parameter.runner_sentry_dsn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
+| [local_file.config_toml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.user_data](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [aws_ami.docker-machine](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
| [aws_ami.runner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
| [aws_availability_zone.runners](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
@@ -544,7 +548,7 @@ Made with [contributors-img](https://contrib.rocks).
| [enable\_manage\_gitlab\_token](#input\_enable\_manage\_gitlab\_token) | (Deprecated) Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `null` | no |
| [enable\_ping](#input\_enable\_ping) | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no |
| [enable\_runner\_ssm\_access](#input\_enable\_runner\_ssm\_access) | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no |
-| [enable\_runner\_user\_data\_trace\_log](#input\_enable\_runner\_user\_data\_trace\_log) | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `true` | no |
+| [enable\_runner\_user\_data\_trace\_log](#input\_enable\_runner\_user\_data\_trace\_log) | Enable bash trace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `true` | no |
| [enable\_schedule](#input\_enable\_schedule) | Flag used to enable/disable auto scaling group schedule for the runner instance. | `bool` | `false` | no |
| [environment](#input\_environment) | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes |
| [extra\_security\_group\_ids\_runner\_agent](#input\_extra\_security\_group\_ids\_runner\_agent) | Optional IDs of extra security groups to apply to the runner agent. This will not apply to the runners spun up when using the docker+machine executor, which is the default. | `list(string)` | `[]` | no |
@@ -625,6 +629,7 @@ Made with [contributors-img](https://contrib.rocks).
| [secure\_parameter\_store\_runner\_sentry\_dsn](#input\_secure\_parameter\_store\_runner\_sentry\_dsn) | The Sentry DSN name used to store the Sentry DSN in Secure Parameter Store | `string` | `"sentry-dsn"` | no |
| [secure\_parameter\_store\_runner\_token\_key](#input\_secure\_parameter\_store\_runner\_token\_key) | The key name used store the Gitlab runner token in Secure Parameter Store | `string` | `"runner-token"` | no |
| [sentry\_dsn](#input\_sentry\_dsn) | Sentry DSN of the project for the runner to use (uses legacy DSN format) | `string` | `"__SENTRY_DSN_REPLACED_BY_USER_DATA__"` | no |
+| [show\_user\_data\_in\_plan](#input\_show\_user\_data\_in\_plan) | When enabled, shows the diff for agent configuration files in Terraform plan: `config.toml` and user data script | `bool` | `false` | no |
| [subnet\_id](#input\_subnet\_id) | Subnet id used for the runner and executors. Must belong to the VPC specified above. | `string` | `""` | no |
| [subnet\_id\_runners](#input\_subnet\_id\_runners) | Deprecated! Use subnet\_id instead. List of subnets used for hosting the gitlab-runners. | `string` | `""` | no |
| [subnet\_ids\_gitlab\_runner](#input\_subnet\_ids\_gitlab\_runner) | Deprecated! Use subnet\_id instead. Subnet used for hosting the GitLab runner. | `list(string)` | `[]` | no |
diff --git a/examples/runner-default/README.md b/examples/runner-default/README.md
index a119bd65b..d9d40627b 100644
--- a/examples/runner-default/README.md
+++ b/examples/runner-default/README.md
@@ -45,8 +45,8 @@ No output.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
-| [aws](#requirement\_aws) | 4.57.0 |
-| [local](#requirement\_local) | 2.3.0 |
+| [aws](#requirement\_aws) | 4.59.0 |
+| [local](#requirement\_local) | 2.4.0 |
| [null](#requirement\_null) | 3.2.1 |
| [random](#requirement\_random) | 3.4.3 |
| [tls](#requirement\_tls) | 4.0.4 |
@@ -55,7 +55,7 @@ No output.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.57.0 |
+| [aws](#provider\_aws) | 4.59.0 |
## Modules
@@ -69,8 +69,8 @@ No output.
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.57.0/docs/data-sources/availability_zones) | data source |
-| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/4.57.0/docs/data-sources/security_group) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/data-sources/availability_zones) | data source |
+| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/data-sources/security_group) | data source |
## Inputs
diff --git a/examples/runner-docker/README.md b/examples/runner-docker/README.md
index fb709c2ac..66416d5d5 100644
--- a/examples/runner-docker/README.md
+++ b/examples/runner-docker/README.md
@@ -47,8 +47,8 @@ No output.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
-| [aws](#requirement\_aws) | 4.57.0 |
-| [local](#requirement\_local) | 2.3.0 |
+| [aws](#requirement\_aws) | 4.59.0 |
+| [local](#requirement\_local) | 2.4.0 |
| [null](#requirement\_null) | 3.2.1 |
| [random](#requirement\_random) | 3.4.3 |
| [tls](#requirement\_tls) | 4.0.4 |
@@ -57,7 +57,7 @@ No output.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.57.0 |
+| [aws](#provider\_aws) | 4.59.0 |
## Modules
@@ -71,7 +71,7 @@ No output.
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.57.0/docs/data-sources/availability_zones) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/data-sources/availability_zones) | data source |
## Inputs
diff --git a/examples/runner-multi-region/README.md b/examples/runner-multi-region/README.md
index 6a804244a..c141b3bb2 100644
--- a/examples/runner-multi-region/README.md
+++ b/examples/runner-multi-region/README.md
@@ -90,7 +90,7 @@ No output.
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
| [aws](#requirement\_aws) | 4.49.0 |
-| [local](#requirement\_local) | 2.2.3 |
+| [local](#requirement\_local) | 2.4.0 |
| [null](#requirement\_null) | 3.2.1 |
| [random](#requirement\_random) | 3.4.3 |
| [tls](#requirement\_tls) | 4.0.4 |
diff --git a/examples/runner-pre-registered/README.md b/examples/runner-pre-registered/README.md
index 380e17fa8..38148081b 100644
--- a/examples/runner-pre-registered/README.md
+++ b/examples/runner-pre-registered/README.md
@@ -34,7 +34,7 @@ No output.
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
| [aws](#requirement\_aws) | 4.49.0 |
-| [local](#requirement\_local) | 2.2.3 |
+| [local](#requirement\_local) | 2.4.0 |
| [null](#requirement\_null) | 3.2.1 |
| [random](#requirement\_random) | 3.4.3 |
| [tls](#requirement\_tls) | 4.0.4 |
diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md
index 357e44727..28164c912 100644
--- a/examples/runner-public/README.md
+++ b/examples/runner-public/README.md
@@ -46,8 +46,8 @@ No output.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
-| [aws](#requirement\_aws) | 4.57.0 |
-| [local](#requirement\_local) | 2.3.0 |
+| [aws](#requirement\_aws) | 4.59.0 |
+| [local](#requirement\_local) | 2.4.0 |
| [null](#requirement\_null) | 3.2.1 |
| [random](#requirement\_random) | 3.4.3 |
| [tls](#requirement\_tls) | 4.0.4 |
@@ -56,7 +56,7 @@ No output.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.57.0 |
+| [aws](#provider\_aws) | 4.59.0 |
## Modules
@@ -71,7 +71,7 @@ No output.
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.57.0/docs/data-sources/availability_zones) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/data-sources/availability_zones) | data source |
## Inputs
diff --git a/modules/terminate-agent-hook/README.md b/modules/terminate-agent-hook/README.md
index 681f6de98..8444db043 100644
--- a/modules/terminate-agent-hook/README.md
+++ b/modules/terminate-agent-hook/README.md
@@ -152,7 +152,7 @@ No modules.
| [cloudwatch\_logging\_retention\_in\_days](#input\_cloudwatch\_logging\_retention\_in\_days) | The number of days to retain logs in CloudWatch. | `number` | `30` | no |
| [enable\_xray\_tracing](#input\_enable\_xray\_tracing) | Enables X-Ray for debugging and analysis | `bool` | `false` | no |
| [environment](#input\_environment) | A name that identifies the environment, used as a name prefix and for tagging. | `string` | n/a | yes |
-| [kms\_key\_id](#input\_kms\_key\_id) | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | n/a | yes |
+| [kms\_key\_id](#input\_kms\_key\_id) | KMS key id to encrypt the resources, e.g. logs, lambda environment variables, ... | `string` | n/a | yes |
| [name](#input\_name) | The name of the Lambda function to create. The 'environment' will be prefixed to this. | `string` | n/a | yes |
| [name\_docker\_machine\_runners](#input\_name\_docker\_machine\_runners) | The `Name` tag of EC2 instances created by the runner agent. | `string` | n/a | yes |
| [name\_iam\_objects](#input\_name\_iam\_objects) | The name to use for IAM resources - roles and policies. | `string` | `""` | no |