Releases: localstack/localstack
v4.9.2
v4.9.1
What's Changed
- Update README for 4.9 by @remotesynth in #13216
- CFN: add validation in GetAtt for conditionally canceled resources by @pinzon in #13213
New Contributors
- @remotesynth made their first contribution in #13216
Full Changelog: v4.9.0...v4.9.1
v4.9.0
Summary
This release focuses on reinforcing the underlying foundations of the project while enhancing both performance and security that improve alignment with AWS support while ensuring our software has the safety and reliability our users expect.
This release includes updates to several resources that underpin LocalStack for AWS services, including DynamoDB Local, Hadoop, Apache Spark, Glue, k3d, Postgres, Apache ActiveMQ, Python, and Debian Trixie. We’ve also added support for new versions of OpenSearch, new merge strategies for Cloud Pods, CRUD support for EKS access entries, and multi-protocol support for CloudWatch’s additional protocols.
AWS Features
- LocalStack for AWS 4.9 adds support for new versions of OpenSearch and updates the default version to align with AWS support. The new supported versions for OpenSearch are 2.15, 2.17, 2.19 and 3.1. The new default version for OpenSearch domains (if no version is set) is now 3.1.
- LocalStack for AWS 4.9 adds CRUD support of EKS access entries and access policies. The new supported APIs include:
AssociateAccessPolicy
CreateAccessEntry
DeleteAccessEntry
DescribeAccessEntry
DisassociateAccessPolicy
ListAccessEntries
ListAccessPolicies
ListAssociatedAccessPolicies
UpdateAccessEntry
- The emulator is ready with multi-protocol support for the CloudWatch service in order to align with these upcoming changes to the CloudWatch service.
Enhancements
- Implement
ListTags
,TagResource
andUntagResource
API support for Backup Vaults and Backup Plans, which are the only resources we support that would support tagging. - Remove unused Terraform package installer at
localstack-core/localstack/packages/terraform.py
. If you were using this package installer, please instead refer to ourterraform-init
extension.
Deprecations
- PostgreSQL 11 Support Removed: LocalStack for AWS 4.9 drops support for installing PostgreSQL 11. All services that previously used PostgreSQL 11 — including RDS, Redshift, and Timestream — now default to PostgreSQL 12. If you rely on PostgreSQL 11 in previous versions, ensure compatibility before upgrading.
- Debian Trixie / Python 3.13 Upgrade: Starting with LocalStack for AWS 4.9, the base image has been upgraded from Debian Bookworm / Python 3.11 to Debian Trixie / Python 3.13. This may impact custom extensions, init scripts, or packages that rely on specific OS packages or Python 3.11.
- Reinitialization Required for Existing Extensions: Due to the base image and Python upgrade, older volumes with installed extensions (using
localstack extension init
) may not be detected. Users will need to reinitialize and reinstall these extensions after upgrading.
What's Changed
Exciting New Features 🎉
Enhancements
- opensearch: add new versions by @alexrashed in #13134
- ASF: implement CBOR parser and serializer by @bentsku in #13103
- ASF: implement RPC V2 CBOR parser and serializer by @bentsku in #13125
- unpin moto-ext, upgrade to 5.1.12.post22 by @alexrashed in #13147
- upgrade to Python 3.13 and Debian Trixie by @dfangl in #13037
- remove terraform tests and package by @alexrashed in #13154
- ASF: implement multi-protocol support by @bentsku in #13151
- ASF/CloudWatch: add support for multi-protocols by @bentsku in #13161
- ASF: handle error serialization for Query-compatible services by @bentsku in #13172
- ASF: validate full CloudWatch suite with multi-protocol by @bentsku in #13173
- feat(kinesis): implement resource policies CRUD operations (#12488) by @dmacvicar in #12961
- add label to enforce running k8s test by @cloutierMat in #13168
- refactor sqs deveoper api into its own module by @thrau in #13202
Other Changes
- CFn: ecr repo uses request account and region by @simonrw in #13156
- IaC: Add AWS operations and CFN resources catalog by @k-a-il in #13027
- CFn: implement list change sets for new provider by @simonrw in #13149
- update old references to venv paths by @alexrashed in #13163
- CLA: Fix typo by @segogoreng in #13176
- Update CODEOWNERS by @localstack-bot in #13178
- ASF: fix exception serialization for
smithy-rpc-v2-cbor
andjson
protocol by @bentsku in #13180 - Add hot reload regression test cases for implicit behavior by @joe4dev in #13183
- Generate a dictionary of all publicly available AWS owned Cfn resources by @silv-io in #13150
- S3: fix DeleteObjectTagging on current object by @bentsku in #13174
- ASF: fix empty exception member serialization when required by @bentsku in #13186
- Fix DNS not supporting wildcard matching by @skyrpex in #13158
- switch to new labels workflow, add notes labels sync by @alexrashed in #13189
- CloudWatch: fix MA/MR for new snapshot test
test_put_metric_alarm_escape_character
by @bentsku in #13190 - CFn: handle resolving parameter names constructed in intrinsics by @simonrw in #13192
- CFn: correct stack ids by @simonrw in #13187
- CFN: fix for dynamic ref when value is a number by @pinzon in #13194
- SES: add snapshot test for describe_configuration_set with SNS destinations by @dmacvicar in #12814
- add sqs tests for ApproximateNumberOfMessagesNotVisible queue attribute by @thrau in #13197
- fix sqs dev endpoint to show invisible fifo messages correctly by @thrau in #13196
- update elasticsearch default version to 7.10.2 by @alexrashed in #13199
- fix pr-enforce-pr-labels workflow reference by @alexrashed in #13200
- APIGW: fix TestInvokeMethod 500 failures by @bentsku in #13207
- Upgrade dynamodb local to version 3.1 by @dfangl in #13210
- fix(kinesis): Add account and region context when using connect_to by @gregfurman in #13211
- CFn: fix CDK redeploy by @simonrw in #13191
- Cfn: Fix backslash processing for dynamic replacement values by @dfangl in #13212
New Contributors
- @segogoreng made their first contribution in #13176
- @skyrpex made their first contribution in #13158
Full Changelog: v4.8.1...v4.9.0
v4.8.1
What's Changed
Other Changes
- CFn: Improve parameter value validation by @simonrw in #13124
- CFn: Protect against in review stacks for GetTemplateSummary by @simonrw in #13126
- CFn: correct disassociation of change sets from stacks by @simonrw in #13128
- CFn: fix modelling issue with AWS::NoValue by @simonrw in #13132
- CFn: better validation of select construct by @simonrw in #13136
- CFn: validate during get template by @simonrw in #13139
- CFn: tidy up legacy skip decorator by @simonrw in #13130
- CFn: fix invalid behaviour for nested intrinsic calls by @simonrw in #13146
- Add context manager for translating Moto exceptions by @viren-nadkarni in #13129
- Update version in README by @alexrashed in #13135
Full Changelog: v4.8.0...v4.8.1
v4.8.0
Summary
LocalStack v4.8 brings one-click Lambda debugging with the AWS Toolkit for VS Code, a new CloudFormation engine, and an ECS-based Batch provider. The release also adds Kubernetes support for Redis, Route 53 → S3 website routing, and several enhancements to other AWS services like RDS Data, CloudFront, EKS, SQS, and CodeBuild, alongside major upgrades to the LocalStack Toolkit for VS Code.
AWS Features
- LocalStack integrates with the AWS Toolkit for VS Code, enabling one-click remote debugging of Lambda functions. You can set breakpoints, step through code, and inspect variables directly in your IDE. Debugger instrumentation is now automatic for Python, Node.js, and Java runtimes, eliminating the need for manual setup or boilerplate code. Check out our blog for more information.
- LocalStack introduces a new CloudFormation engine with improved parity for
UPDATE
operations and closer alignment with AWS. The legacy engine remains available (PROVIDER_OVERRIDE_CLOUDFORMATION=engine-legacy
) for backwards compatibility, but all new features and fixes will target the new engine. Learn more in the documentation. - LocalStack now ships with a new Batch provider built on top of the ECS runtime, replacing the previous custom implementation. Kubernetes execution is available via
ECS_TASK_EXECUTOR=kubernetes
. The legacy provider can still be used withPROVIDER_OVERRIDE_BATCH=legacy
. Learn more in the documentation. (🌟 ultimate)
Enhancements
- LocalStack now supports running Redis in ElastiCache & MemoryDB as Kubernetes pods, providing consistent behaviour across local and cluster environments and removing the need for separate Docker-based execution. Enable it by setting
REDIS_CONTAINER_MODE=1
andCONTAINER_RUNTIME=kubernetes
. (🌟 enterprise) - LocalStack now offers CRUD support for EKS Addons. The following API calls are now supported: (🌟 ultimate)
- LocalStack now supports routing Route 53 domains to S3 static website endpoints, enabling custom domains to resolve directly to S3-hosted websites and improving parity with AWS. (🌟 base)
- LocalStack's RDS Data provider now includes the following enhancements: (🌟 base)
- Added support for
oid
type in Postgres via the RDS Data API. - Added support for array types in Postgres via the RDS Data API, with fixes for array handling in Redshift Data.
- Added support for returning
numberOfRecordsUpdated
in Postgres databases, improving parity with AWS responses.
- Added support for
- LocalStack's CloudFront provider now includes the following enhancements: (🌟 base)
- Improved parity for header propagation in Lambda@Edge.
- Improved parity by propagating status code changes for request event types (
viewer-request
,origin-request
) in Lambda@Edge. - Proper handling of
3XX
redirects for request events, ensuring responses like302
are correctly propagated in Lambda@Edge. CustomOriginConfig.HTTPPort
andCustomOriginConfig.HTTPSPort
are now properly set, ensuring requests correctly use configured custom ports instead of defaulting to port 80/443, with fallbacks to LocalStack’s edge port (4566
) when necessary.
- Enhanced Lambda hot-reload to return
file://
URIs for code locations instead of arbitrary strings, making them easier to parse and understand. - Support for custom SSM Documents with
SendCommand
is now available, including parameter substitution. Only theaws:runShellScript
plugin is supported. (🌟 base) - Implemented FIS action
aws:ecs:stop-task
, enabling fault injection experiments to stop running ECS tasks. (🌟 ultimate) - Enabled API Gateway VPC endpoint routing, allowing API invocation via
.vpce.execute-api
URLs using thex-apigw-api-id
header. - SNS now supports passing
MessageGroupId
to non-FIFO topics, aligning with SQS Fair Queues behavior and ensuring the attribute is propagated correctly to SQS messages. - Implemented SES
SetIdentityHeadersInNotificationsEnabled
API, enabling configuration of header inclusion in bounce, complaint, and delivery notifications. - Added support for Lambda Function URLs with
ResponseStream
invoke mode, enabling streaming responses via theInvokeMode
parameter. - Added Java 24 support in the Trino installer, enabling upgrades from Trino 389 to 476 and improving module installation command generation. (🌟 ultimate)
- Increased SQS message and batch size limit to 1 MiB, matching the recent AWS update.
- Added support for EFS
DeleteFileSystemPolicy
operation. (🌟 ultimate) - Added support in CodePipeline for the
CODEBUILD_RESOLVED_SOURCE_VERSION
environment variable, ensuring CodeBuild actions receive the correct commit ID or S3 version ID for the source. (🌟 ultimate) - Added support for Iceberg table metadata format v2 and
s3a://
filesystem support in Hive, improving compatibility with Iceberg tables created using theiceberg-go
SDK. (🌟 ultimate) - Added Kubernetes owner references to Glue pods, enabling proper cleanup of child containers when the LocalStack pod is terminated. (🌟 enterprise)
- Added support in CodeBuild for resolving environment variables from Secrets Manager and SSM Parameter Store using ARNs, in addition to names. (🌟 base)
- Added tagging support for the CodeConnections service, enabling resource tag operations. (🌟 base)
- Improved EKS CloudFormation support for
AWS::EKS::FargateProfile
with idempotency handling, improved parameter validation, and proper support for profiles created without subnets. (🌟 ultimate) - Updated DNS handling to allow
checkip.amazonaws.com
to resolve upstream by default by adding it toDEFAULT_SKIP_PATTERNS
. - The Traefik ingress controller and k3d load balancer are no longer started automatically when creating an EKS cluster. Set
EKS_START_K3D_LB_INGRESS=1
to restore the previous behavior. (🌟 ultimate)
LocalStack Features
- The LocalStack Toolkit for VS Code now features a guided setup wizard, status bar integra...
v4.7.0
Summary
LocalStack 4.7 is now available! This release introduces native Organizations support for multi-account setups, Valkey engine support as a Redis alternative in ElastiCache/MemoryDB, AppSync Events API for real-time WebSocket subscriptions, and significant enhancements across CodeBuild, CloudTrail, EKS, and DynamoDB providers with improved AWS parity throughout.
AWS Features
- LocalStack now supports the Valkey engine as an alternative to Redis in ElastiCache (🌟 base) and MemoryDB (🌟 ultimate). To enable Valkey, you need to use the
REDIS_CONTAINER_MODE=1
configuration variable while starting the LocalStack container. - LocalStack now includes a native Organizations provider, replacing the legacy Moto-based implementation. This new provider introduces improved AWS parity and expands support for managing multi-account and multi-organization setups in a local environment. (🌟 ultimate)
- LocalStack now supports the AppSync Events API for real-time event subscriptions, featuring channel namespaces, API Key/IAM authentication, and Direct Lambda integration. It provides both domain-based and path-based endpoints for local development, as well as HTTP interfaces for backend event publishing. (🌟 ultimate)
Enhancements
- Kinesis provider has been upgraded to use
kinesis-mock
version0.4.13
. - DynamoDB provider has been upgraded to use DynamoDB Local
3.0.0
. - Hive version
3.1.3
is now the default for Big Data services, such as EMR, Glue, and Athena. (🌟 ultimate) - CodeBuild provider now includes the following enhancements: (🌟 base)
- CodeBuild now assumes the configured IAM service role during builds, enabling use of AWS CLI commands without manual credential setup.
- Additionally, CodeBuild automatically sets environment variables for region, and endpoint URL into the build container. The endpoint URL is configured to point to the LocalStack container, allowing jobs to access other emulated AWS services.
- CloudTrail provider now includes the following enhancements: (🌟 ultimate)
- CloudTrail now delivers log delivery notifications to SNS after logs are written to S3.
- CloudTrail events now contain the populated
requestParameters
andresponseElements
fields for most events.
- EKS provider now includes the following enhancements: (🌟 ultimate)
- Support for k8s version
1.33
is now available. The default version also changed to1.33
- EKS Load Balancer Controller with
target-mode
set toip
is now supported. - Support for
DescribeClusterVersions
API for improved compatibility with IaC tooling.
- Support for k8s version
- Support for the
cognito-identity.amazonaws.com:sub
IAM policy variable has been added. (🌟 base) - Role ARN and session name parameters are now validated in STS operations.
- The
UpdateKinesisStreamingDestination
API is now supported in DynamoDB. - Proper validation errors are now returned for malformed AVP policies instead of internal server errors. (🌟 ultimate)
- The
GetTokensFromRefreshToken
API is now supported in Cognito. (🌟 base) - The
RSA_AES_KEY_WRAP_SHA_256
algorithm is now supported in the KMSImportKeyMaterial
API. - Route53 provider now correctly maps FQDNs with trailing dots for ELB routing.
- Proper error responses are now returned for Lambda functions with invalid S3 code locations.
- The
DeploymentCanarySettings
property is now supported forAWS::ApiGateway::Deployment
resources. - Multiple VPCs are now supported for
AWS::Route53::HostedZone
during initial creation. - MySQL RDS containers now run as non-root by default, with support for configurable user and group IDs via
RDS_CONTAINER_USER_GROUP_ID
environment variable (default:1000:1000
). (🌟 base) - Improved parity for EFS
AccessPoint
API with enhanced validation and error handling. (🌟 ultimate) - The
ipAddressType
field is now supported in API Gateway REST & HTTP APIs, where the field can be set toipv4
ordualstack
, via theCreateRestApi
, andCreateApi
APIs. - Updates to the
AWS::SNS::Topic
resource are now supported, including support for changes toDisplayName
,TopicName
, andTags
properties. DomainProcessingStatus
is now returned and user-provided values are preserved when creating Elasticsearch domains via theCreateElasticsearchDomain
API.- The
Name
andOpenTableFormatInput
parameters are now supported in the GlueCreateTable
API, andTableInput
is treated as optional in parity with AWS behaviour. (🌟 ultimate) - Improved support for non-default account IDs in API Gateway v2, AppSync, CodePipeline, [Cognito](https://docs.localstack.cloud/aws/se...
v4.6.0
Summary
LocalStack 4.6 is now available! This release introduces AWS CodeArtifact support for package management, Kubernetes execution for Glue jobs, dramatically improved AppSync JavaScript resolver performance, API Gateway HTTP API SQS integrations, and enhancements across S3, CloudFront, CodeBuild, and EventBridge Pipes providers.
AWS Features
- LocalStack now supports AWS CodeArtifact, enabling you to mock creating domains, repositories, external connections, and authorization tokens, with additional support for NPM repositories, enabling you to publish and install packages locally. Refer to our documentation to learn more. (🌟 base)
Enhancements
- LocalStack now includes Kubernetes support for AWS Glue job execution, enabling you to run them as pods in your Kubernetes cluster. To activate the Kubernetes executor, set the
GLUE_JOB_EXECUTOR_PROVIDER
environment variable tov2
, and set theCONTAINER_RUNTIME
environment variable tokubernetes
. (🌟 enterprise) - LocalStack has significantly improved the performance and capabilities of AWS AppSync JavaScript resolvers. The JavaScript resolver executor has been overhauled to replace the previous Docker container-based implementation with a lightweight Node.js runtime package. (🌟 ultimate)
- AppSync provider now includes the following enhancements: (🌟 ultimate)
- AppSync now supports
console.log
statements in resolver code, with the output directed to LocalStack logs for improved debugging capabilities. - Support for
attributeExists
conditions in the RDS statementwhere
clause logic. - Enhanced JavaScript resolver utility functions, including support for
util.error
andutil.unauthorized methods
, with improvedutil.appendError
functionality.
- AppSync now supports
- CodeBuild provider now includes the following enhancements: (🌟 base)
- Buildspec overrides now follow the correct precedence. Buildspecs from
CreateProject
andStartBuild
take priority over those in the source code. Buildspec overrides from CodePipeline actions are supported and passed toStartBuild
. - CRUD support for source credentials is now available:
ImportSourceCredentials
,ListSourceCredentials
, andDeleteSourceCredentials
. - You can use custom Docker images by setting the
CODEBUILD_ENABLE_CUSTOM_IMAGES
environment variable. This allows any build image, not just Amazon Linux 2023 containers. Official AWS CodeBuild Docker images from GitHub are also supported. - Environment variables now support Secrets Manager and SSM parameters as well as plaintext variables. Variable precedence is handled correctly (
StartBuild
>CreateProject
> buildspec), and parameter overrides now update values instead of fully replacing them during builds.
- Buildspec overrides now follow the correct precedence. Buildspecs from
- API Gateway HTTP API provider now includes support for
AWS_PROXY
SQS subtypes (first-class integrations), enabling direct SQS operations through HTTP API endpoints. The supported operations include: (🌟 base) - Support for AWS S3
MetricsConfiguration
APIs, enabling management of CloudWatch request metrics configurations for S3 buckets. The supported operations include: - EventBridge Pipes provider now supports pipe configuration updates through the
UpdatePipe
operation. You can now modify: (🌟 ultimate)- Pipe targets
- Target parameters
- Enrichment configurations
This is in addition to the previously supported source parameters.
- API Gateway provider now supports:
- Support for the
UpdateMethodResponse
API. - CRUD operations for WebSockets route and integration request parameters through enhanced
CreateRoute
andCreateIntegration
validation logic. (🌟 base) DeleteRouteRequestParameter
operation, enabling complete lifecycle management of WebSocket route configurations and proper parameter handling in the invocation layer. (🌟 base)- Improved VTL
$input.path
and$input.json
handling, fixing edge cases for empty request bodies, non-existent JSONPath values, non-JSON content, and string body fallback behavior for better parity with AWS.
- Support for the
- S3 provider now includes the following enhancements:
DeleteObject
now checksIfMatch
headers correctly. It returns errors forIfMatch
on regular buckets, since this is only supported in Directory Buckets, and adds clear logs.- Object Lock compliance is improved. Retention Mode values are validated, and
COMPLIANCE
mode restrictions are enforced when updating retention withPutObjectRetention
. - Improved Checksum handling in
UploadPartCopy
with checksums now calculated and returned correctly during multipart copy in multipart uploads. GetObjectAttributes
now fully implementsObjectParts
. It supports bothCOMPOSITE
andFULL_OBJECT
checksums for multipart uploads and stores and retrieves part metadata correctly.
- CloudFront provider now supports custom distribution IDs through the
_custom_id_
tag, enabling predictable distribution URLs. Refer to our documentation to learn more. (🌟 base) - EFS provider now supports the following new API operations: (🌟 ultimate)
- Support for Airflow version 2.10.3 in the MWAA environment. (🌟 ultimate)
- Timestream provider now supports tagging for databases and tables. (🌟 ultimate)
- Improved RDS statement
where
clause logic to handle nestedand/or
operators. (🌟 base) - KMS provider now supports the
ReEncrypt
operation. - EKS provider now supports the
DescribeClusterVersions
operation. (🌟 ultimate) - DocumentDB provider now supports MongoDB transactions by starting clusters in single-node replica mode to enhance parity with transactional operations on AWS. (🌟 ultimate)
- CloudTrail provider now populates the
imageId
parameter inrequestParameters
forec2.ModifyImageAttribute
API calls. (🌟 ultimate) - Route53 provider now supports alias records targeting dualstack ELB domains (e.g.,
dualstack.<elb-id>.elb.amazonaws.com
). (🌟 base) - RDS provider now allows using
postgres
as a username when creating PostgreSQL databases, in parity with AWS. (🌟 base) - SQS provider now automatically propagates
X-Amzn-Trace-Id
headers from incoming requests to theAWSTraceHeader
message attribute, enabling X-Ray tracing integration for SQS messages. - Cognito provider now properly includes the
nonce
parameter from authorization requests as a claim in generated OIDC tokens. (🌟 base) - Step Functions provider now supports mocking for the
StartSyncExecution
operation to enable consistent testing across both Standard and Express state machines. - ELBv2 provider now supports the
ForwardConfig
configuration block in listener rules, enabling compatibility with AWS Load Balancer Controller for Kubernetes by properly handling target group configurations. (🌟 base)
LocalStack Features
- LocalStack now includes
x-localstack
header in all AWS service responses to help distinguish between LocalStack and AWS origins during development and testing. Set the `LOCALSTACK_RESPONSE_HEADER_ENABLED...
v4.5.0
Summary
LocalStack 4.5 introduces support for the AWS Developer Tools suite (CodePipeline, CodeBuild, and CodeDeploy), enhanced AppSync WebSocket behavior, and advanced features for API Gateway REST APIs, including Canary Deployments and VTL improvements. This release also brings deeper parity in core services like RDS, EC2, EKS, EventBridge, CloudFormation, and more, continuing our mission to enable high-fidelity local development with production-like AWS behavior.
AWS Features
- LocalStack now supports AWS CodeBuild, enabling you to build and test applications locally with a build process that mirrors real AWS environments. Refer to our documentation to learn more. (🌟 pro)
- LocalStack now supports AWS CodePipeline, enabling you to emulate end-to-end CI/CD workflows locally using real AWS-style declarations and resources. Refer to our documentation to learn more. (🌟 pro)
- LocalStack now supports AWS CodeDeploy, allowing you to mock deployment flows to targets like EC2, Lambda, and ECS locally. Refer to our documentation to learn more. (🌟 pro)
- PostgreSQL 17 is now supported in LocalStack's RDS provider, with the default engine version updated to
17.5
. (🌟 pro) - LocalStack's RDS provider now supports DB Proxy Endpoints, allowing you to create, describe, and delete DB proxy endpoints with our mock operations. (🌟 pro)
Enhancements
- AppSync’s WebSocket behavior has been enhanced to better align with AWS. This includes: (🌟 pro)
- Full support for AWS-style payload shapes
- Improved lifecycle handling of GraphQL subscriptions
- LocalStack’s API Gateway provider now includes the following enhancements for REST APIs:
- Emulation of Canary Deployments, allowing staged traffic shifting strategies for safer releases and A/B testing.
- Support for
Response Overrides
from Request Templates, enabling more flexible response handling. - Improved VTL (Velocity Template Language) support, including bracketed expressions and variable assignments in
#set
operations, increasing compatibility with complex mapping templates.
- LocalStack’s RDS provider now includes the following enhancements: (🌟 pro)
- Support for the
ManageMasterPassword
API, enabling automated credential management and secure DB credential flows. - Engine Parameter Introspection using
DescribeEngineDefaultParameters
andDescribeEngineDefaultClusterParameters
, allowing you to examine default settings for supported RDS engines. - Introduction of
RDS_PG_MAX_CONNECTIONS
environment variable to control the maximum number of connections for PostgreSQL instances.
- Support for the
- LocalStack’s EC2 provider now includes the following enhancements:
- Support for the
GetSecurityGroupsForVpc
API, allowing you to retrieve security groups associated with a specific VPC. - Improved filtering behavior in EC2's
DescribeAvailabilityZones
, aligning more closely with AWS behavior.
- Support for the
- Partial support for the
UpdatePipe
API is now available in EventBridge Pipes. Currently, only source parameters of an existing pipe can be updated. (🌟 pro) - DynamoDB Streams now properly redirects requests for global table replicas to the original region, ensuring consistent stream behavior across all replicas.
- EKS provider now integrates with autoscaling and security groups, allowing you to emulate Kubernetes clusters with more realistic networking and scaling behavior. (🌟 pro)
- CloudFormation resource
AWS::Lambda::Version
now supports theProvisionedConcurrencyConfig
property to enable emulation of cold start mitigation strategies. - Enhanced Lambda
GetFunction
API parity by returning thereserved_concurrent_executions
parameter in responses, allowing you to inspect and manage reserved concurrency settings for Lambda functions. - Support for the
ListRuleNamesByTarget
API in EventBridge, allowing you to inspect which rules are targeting a given resource. - Support for pagination and filtering parameters when listing S3 buckets, improving performance and aligning with AWS behavior in larger S3 environments.
- Support for
DeleteDistribution
API in CloudFront Lambda@Edge to achieve better parity with AWS. (🌟 pro) - Support for
DescribeCapacityReservation
API in Elastic Load Balancing, allowing you to inspect capacity reservations for load balancers. (🌟 pro) - Support for selecting the Scala-based Kinesis mock engine via the
KINESIS_MOCK_PROVIDER_ENGINE
environment variable (node
orscala
) for improved performance with large or high-throughput requests.
LocalStack Features
- LocalStack Replicator now supports cross-account VPC replication scenarios using AWS Resource Access Manager (RAM), enabling more realistic testing of multi-account network setups. (🌟 Ultimate)
What's Changed
Exciting New Features 🎉
- CloudFormation v2 Engine: Batch of Parity Improvements by @MEPalma in #12589
- [Kinesis] add Scala kinesis-mock build behind feature flag by @gregfurman in #12559
- Apigw/add support for response override in request by @cloutierMat in #12628
- CloudFormation V2 Engine: Support for Pseudo Parameter References by @MEPalma in #12595
- Feature: implement list rule names by target by @etiago in #12632
- Add EC2 support for GetSecurityGroupsForVpc API operation (#12602) by @iamramtin in #12615
- ffmpeg: Update build source to use BtbN GitHub Releases by @sannya-singal in #12634
- CloudFormation V2 Engine: Support for DependsOn Blocks by @MEPalma in #12644
- Bump moto-ext to 5.1.4.post2 by @viren-nadkarni in #12652
- Record validated tests duration by @tiurin in #12638
- Introduce LOG_LEVEL_OVERRIDES config var by @simonrw in #10808
- fix(esm/kinesis): Always store NextShardIterator from GetRecords by @gregfurman in #12677
- Bump moto-ext to 5.1.5.post1 by @viren-nadkarni in #12684
- ESM/Pipes stream pollers: add shards to init params by @tiurin in #12659
- Add stack option for CLI start command by @gtsiolis in #12675
- CloudFormation V2 Engine: Support for Fn::Sub by @MEPalma in #12650
- CloudFormation v2 Engine: V1 Test Porting and Annotations and Batch of Parity Improvements by @MEPalma in #12660
- CloudFormation v2 Engine: Base Support for Fn::Transform by @MEPalma in #12662
- CloudFormation v2 Engine: Base Support for AWS::NoValue and Migration to Nothing Types by @MEPalma in #12668
- CloudFormation v2 Engine: Support for Fn::Select by @MEPalma in #12679
- APIGW: add Canary Deployment logic in invocation layer by @bentsku in #12695
- refactor(counter analytics): enforce (namespace,name) pair uniqueness [DAT-145] by @vittoriopolverino in #12687
- CloudFormation v2 Engine: Base Support for Fn::Split by @MEPalma in #12698
- CloudFormation v2 Engine: Base Support for Fn::GetAZs by @MEPalma in #12699
- CloudFormation v2 Engine: Base Support for Fn::Base64 by @MEPalma in #12700
Other Changes
- Add CloudFormation Lambda Version Provisioned Concurrency by @joe4dev in #12594
- CFn v2: Skip media type assertion by @simonrw in #12597
- Update README.md with 4.4 release by @tiurin in #12596
- ASF: Ignore optional-ness when comparing argument types by @bblommers in #12605
- CFn v2: better handle deploy errors by @simonrw in #12601
- Improve security group fixture for EC2 by @giograno in #12607
- fix put-metric-alarm test failure rate by @pinzon in #12598
- ASF: Mark optional params as such (X | None) by @bblommers in #12614
- Added pagination and filtering for s3 list buckets operation by @bryansan-local in #12609
- Add Github Action job to publish test results to coveralls and uploading test results to artifacts by @k-a-il in #12608
- DDB Global Tables: add failing test to expose the missing stream on replicas by @giograno in #12622
- S3: fix IfMatch/IfNoneMatch in pre-signed URLs by @bentsku in https://github.com/localstack/localstack/pull/...
v4.4.0
Summary
LocalStack 4.4 introduces the Amazon Verified Permissions provider, a native RDS provider for better AWS parity, and a container-based Glue job executor. The release also includes Step Functions service integration mocking, expanded IAM features with service-specific credential APIs and condition keys, and updates to KMS, EMR Serverless, CloudFront Lambda@Edge, and Application Auto Scaling services.
AWS Features
- LocalStack now supports Amazon Verified Permissions (AVP) for managing fine-grained access using Cedar policies. You can test authorization logic locally and integrate with services like Cognito. Refer to our documentation to learn more. (🌟 enterprise)
- LocalStack now supports AWS Step Functions Local with mocked and emulated service integrations. It works with existing setups and includes support for JSONata, Variables, and mocked task states. Refer to our documentation to learn more.
- LocalStack now uses a new native RDS provider by default for better AWS parity. It adds support for advanced features like parameter groups, snapshots, IAM auth, proxies, and Neptune compatibility. (🌟 pro)
- LocalStack now runs Glue jobs in Docker using the
aws-glue-libs
image for better parity, faster startup, and isolated execution. SetGLUE_JOB_EXECUTOR=docker
andGLUE_JOB_EXECUTOR_PROVIDER=v2
to enable it. (🌟 pro) - Ruby 3.4 Lambda runtime is now supported in LocalStack.
Enhancements
- LocalStack now supports IAM service-specific credential APIs with full CRUD operations. Supported APIs include create, list, update, reset, and delete for service-specific credentials.
- LocalStack now supports additional IAM condition keys for fine-grained access control in policies. New keys include
iam:PermissionBoundary
,aws:RequestTag
,sts:ExternalId
,aws:username
, and others. - KMS provider now includes the following enhancements:
- Enables
custom_key_material
usage for Elliptic Curve Cryptography (ECC) keys in the KMS service. - Adds ability to decrypt data encrypted before a key rotation event by preserving the history of key material during RotateKeyOnDemand, maintaining access to all rotated KMS keys.
- Improves KMS PSS signature generation by aligning salt length with RFC 4055, increasing compatibility with external cryptographic libraries.
- Adds support for the
dry_run
parameter in theGenerateDataKeyPair
andGenerateDataKeyPairWithoutPlaintext
APIs.
- Enables
- EMR Serverless provider now includes the following enhancements: (🌟 pro)
- EMR Serverless jobs now accept program arguments when running scripts, allowing reuse of functionality and parameterized execution.
- Logs from EMR Serverless jobs are now sent to CloudWatch for better visibility into job execution and easier debugging of failures.
- Cloudfront Lambda@Edge feature now includes the following enhancements: (🌟 pro)
- Added support for the
IncludeBody
parameter. - Added validations for supported Python and Node.js runtimes.
- Added support for the
- LocalStack now supports tagging for Application Auto Scaling resources. Supported APIs include
TagResource
,UntagResource
, andListTagsForResource
. (🌟 pro) - LocalStack now runs Apache Flink's
JobManager
andTaskManager
in separate containers to better emulate AWS behavior. Previously, both ran in a single container with a shared filesystem. (🌟 pro) - Support for IAM transitive session tagging is now available. Tags marked as transitive on IAM sessions now propagate correctly and can be used for IAM policy enforcement.
- Improvements to AppSync VTL template
$utils
helpers now include better support for$util.error
and added support for$util.appendError
. (🌟 pro) - Support for record filtering for MSK & Self-Managed Kafka Event Source Mappings. (🌟 pro)
- Support for
ListStateMachineAliases
pagination is now available in Step Functions. This includes handling of the--next-token
and--max-results
parameters to paginate results when listing aliases for a state machine. - Implemented automatic registration of ECS tasks with AWS Cloud Map service discovery. Container IP addresses are now correctly registered in the service registry, enabling accurate service discovery and proper task-to-task communication. (🌟 pro)
- Support for SES email confirmation from user pools is now available. User pools can now send confirmation emails to new users via SES automatically upon user creation. (🌟 pro)
- Enhanced
DeleteRepository
operation in ECR to correctly honor the--force
flag. When--force
is specified, repositories containing images can now be deleted without requiring individual image deletion. (🌟 pro) - Enhanced
CreateComputeEnvironment
API in AWS Batch to automatically create anAWSBatchServiceRole
if none is provided. This improves parity with AWS by matching the default behavior where the role is auto-created if not explicitly specified. (🌟 pro) - Enhanced domain name handling to properly normalize escaped character sequences in DNS names. This improves AWS parity by ensuring that all Route 53 encoded domain names are correctly processed before being passed to the DNS server.
- Enhanced the OAuth2 authorization flow to generate unique
state
andcode
values for each login attempt. This improves CSRF protection for existing users and ensures compliance with OAuth2 specifications. (🌟 pro) - Deleting a FIFO message with an expired receipt handle now raises an error to achieve better parity with AWS.
- Added X-Ray trace ID propagation from EventBridge to target services (Lambda and API Gateway), enabling end-to-end request tracing. This also ensures compatibility with existing trace header encoding.
- Implemented support for
USER_AUTH
authentication flow type in Cognito, enablingSMS_OTP
,PASSWORD
, andPASSWORD_SRP
challenge handling to match AWS behavior. (🌟 pro)
LocalStack Features
- Replication support for
AWS::Route53::HostedZone
is now available for the AWS Replicator tool. (🌟 teams) - The
--profile
flag can now be used anywhere in the CLI command, not just at the top level, improving compatibility with custom tooling.
Deprecations
- Older Glue versions (0.9, 1.0, 2.0) are now deprecated.
- RDS state created in version 4.3 or earlier using Cloud Pods or standard persistence will not be compatible with the new RDS provider introduced in version 4.4. Recreating the RDS state is recommended for compatibility. (🌟 pro)
What's Changed
Exciting New Features 🎉
- CloudFormation: [POC] Support Update Graph Modeling of Mappings and FindInMap by @MEPalma in #12432
- CloudFormation: POC Support for Modeling of Outputs Blocks in the Update Graph, Improved Handling of Intrinsic Function Types by @MEPalma in #12443
- Lambda: Added Ruby 3.4 Runtime by @anisaoshafi in #12458
- Fix(#12318): Fixes a bug in evaluation of JSONPath for wildcard and s… by @marcodallasanta in #12366
- CFn: WIP POC v2 executor by @simonrw in #12396
- Step Functions: Migrate v2 Test Suite to no_retry aws_client Fixture by @MEPalma in #12461
- Reapply reduce requests necessary for log publishing from lambda to cloudwatch logs by @dfangl in #12470
- KMS: fix RSA PSS signing issue for salt length by @sannya-singal in #12467
- [ESM] Re-initialize shards when NextShardIterator value is empty by @gregfurman in #12483
- KMS: add ability to decrypt data with all rotated keys by @sannya-singal ...
v4.3.0
Summary
LocalStack 4.3 is packed with major enhancements! We’ve introduced experimental support for CloudFront Lambda@Edge, added new languages and improved models in Transcribe, and switched Flink to application mode for better AWS parity. Step Functions, SQS, IAM, KMS, and Timestream received significant feature upgrades, and the Web Application now supports stack outputs and graph rendering for Step Functions.
AWS Features
- Experimental support for AWS CloudFront Lambda@Edge emulation, which can be enabled by setting
CLOUDFRONT_LAMBDA_EDGE=1
in your LocalStack configuration. Learn more about the current features & limitations in our documentation. (🌟 pro)
Enhancements
- Support for resource tagging in the EKS provider. (🌟 pro)
- Expanded language support in the Transcribe provider with the addition of Catalan, Czech, Gujarati, Kazakh, Korean, Polish, Telugu, Uzbek, and Ukrainian. Additionally, updated language models are now used for Chinese, Farsi, Spanish, Italian, Russian, and Vietnamese, improving transcription accuracy across these languages.
- Managed Service for Apache Flink (MSF) now runs in application mode instead of the previous session mode for a better parity with how Flink clusters run on AWS. (🌟 pro)
- Step Functions nested MapRun execution now works correctly by making map run components stateless and ensuring proper worker creation for all nested map runs.
- Support for AWS Step Functions aliasing features are now available.
- Step Functions interpreter now supports JSONata object templates as ItemSelector declaration bodies, ensuring correct evaluation in both JSONPath and JSONata modes.
- SQS Messages with an empty body are now rejected, ensuring that only valid messages are processed.
- Support for pagination in SQS ListQueues API, implementing
MaxResults
parameter functionality andNextToken
generation. - Basic CRUD functionality for IAM service-specific credentials is now supported.
- Service-linked role naming to match AWS pattern (
AWSServiceRoleFor<service>
) has been improved with added proper policy attachment for greater parity with AWS. - LocalStack’s Event Source Mapping (ESM) implementation now validates the existence of different event source resources.
- LocalStack now supports on-demand key rotation for KMS symmetric keys without imported key material, allowing up to 10 rotations per key that don’t affect automatic rotation schedules.
- Support for
EKS_K3S_FLAGS
configuration variable to customize thek3s
cluster created by LocalStack to emulate EKS clusters. (🌟 pro) - Support for
ListTagsForResource
API in the SSO Admin provider. (🌟 pro) - Support for filters in the
DescribeInstanceInformation
API in the SSM provider. - Support for AppSync Lambda data source batch processing is now available to reduce cold starts by combining queries based on batch size or time window. (🌟 pro)
- Support for schema enforcement to the Timestream provider in LocalStack, requiring dimensions marked as REQUIRED for record insertion. Records will be rejected if they’re missing required dimension keys, ensuring compliance with Timestream schema rules. (🌟 pro)
- Support for batching of records in Stream Pollers (DynamoDB Streams/Kinesis) based on
BatchSize
andMaximumBatchingWindowInSeconds
.
LocalStack Features
- You can now view the stack outputs in the CloudFormation Resource Browser. This feature allows you to view the outputs of a stack in the LocalStack Web Application.
- Step Functions Resource Browser now supports rendering graphs with auto-layouting along with improved StateFunction parsing, and has replaced the previous mermaid renderer.
- Replication support for
AWS::ECR::Repository
is now available for the AWS Replicator tool. (🌟 teams)
What's Changed
Exciting New Features 🎉
- TaggingService: Allow key value field names to be overridden by @viren-nadkarni in #12306
- Add structured metrics instrumentation by @vittoriopolverino in #12230
- [ESM] Validate event sources existence by @eLRuLL in #12297
- Step Functions: Improve Nested Map Run Stability by @MEPalma in #12343
- [ESM] Correctly enable exponential backoff inside stream poller by @gregfurman in #12312
- Step Functions: Support for Aliasing by @MEPalma in #12326
- Fix Invalid noqa Usage in Step Functions TestState Preprocessor by @MEPalma in #12368
- Cloud Formation: [POC] Modeling Stack Operations and Evaluating ChangeSet Descriptions by @MEPalma in #12355
- CFn updates: create new v2 provider for new engine by @simonrw in #12375
- Implement IAM service specific credentials CRUD by @dfangl in #12351
- Transcribe: New language models by @viren-nadkarni in #12336
- KMS: on-demand key rotation by @agseco in #12342
- Step Functions: Allow JSONata Object Templates in ItemSelector Declarations by @MEPalma in #12327
- Match IAM service linked role naming with AWS by @dfangl in #12387
- cleanup ServiceNameParser rules by @bentsku in #12358
- Step Functions: Lazy Initialization of JVM for JSONata Evaluation by @MEPalma in #12369
- Step Functions: Migrate Usage Metrics to New Counter Standards by @MEPalma in #12389
- Cloud Formation: [POC] Update Graph with Template Traversal & Intrinsic Function Resolution by @MEPalma in #12378
- [ESM] Add configurable poll frequency and log shard info by @gregfurman in #12415
- Cloud Formation: [POC] Scoping Mechanism, Base Support for Parameters, Dynamic Parameters, Conditions, Intrinsic Functions, and Type Divergence by @MEPalma in #12405
- [Utils] Add a batch policy utility by @gregfurman in #12430
- [ESM] Support Stream Poller batching by @gregfurman in #12437
- CloudFormation: Fix LoggingConfiguration Parameter Handling in StepFunctions Resource Provider by @MEPalma in #12433
Other Changes
- Add Lambda@Edge service principal by @joe4dev in #12313
- Util: support building in place for ECR docker images by @simonrw in #11806
- Add CodeStarConnections to the client types by @giograno in #12308
- Fix vulnerabilities in lambda runtime init by @dfangl in #12316
- [ESM] Fix flaky SQS ReportBatchItemFailures test with proper visiblity timeouts by @gregfurman in #12323
- [ESM] Fix constantly triggering SQS back-off by @gregfurman in #12319
- Skip flaky Kinesis Lambda test by @joe4dev in #12328
- APIGW: add validation for AWS ARN in PutIntegration by @bentsku in #12324
- [ESM] Fix validation of StartingPosition streams parameter by @gregfurman in #12329
- CFn: populate APIGW regional* properties by @simonrw in #12320
- ESM: fix CreateESM SQS validation by @bentsku in #12338
- fix kms api call response on method get-key-rotation-status by @pureiboi in #12103
- add service catalog cache loading from static var by @alexrashed in #12314
- add build time service catalog cache generation to s3 image by @alexrashed in #12341
- fix flaky transcribe tests by @sannya-singal in #12262
- Makes docker healthcheck more robust by @crystalin in #12344
- migrate healthcheck enhancements to S3 image by @alexrashed in #12347
- move parse_service_name after serve_edge_router_rules by @bentsku in #11800
- remove APIGW CORS handler and update global CORS logic by @bentsku in https://github.com/local...