floci-io/floci 1.5.28

on GitHub

🎉 Highlights

This release adds two new services (AWS IoT Core and Elastic Beanstalk Query API), brings AppSync Phase 3 with the $util runtime library, lands Kafka pipe sources for EventBridge Pipes, and ships Steampipe read API support. ECS gets EFS volumes, MemoryDB gets ACL-based auth, and there's substantial conformance work across Cognito, RDS, and Lambda. Welcome to the 7 first-time contributors.

🆕 Two new services

• AWS IoT Core (#1359) — local testing of MQTT-based IoT workflows
• AWS Elastic Beanstalk Query API (initial support) (#1362)

🧩 AppSync Phase 3: $util runtime for VTL

AppSync continues its phased build-out. Phase 3 lands the $util runtime library for VTL resolvers (#1223). Resolver templates that depend on $util.dynamodb, $util.qr, $util.error, and similar utilities now work, which closes one of the largest remaining gaps for real-world AppSync templates.

📨 EventBridge Pipes: Kafka sources

Pipes gain Kafka source and polling support (#1260). Streaming workloads that funnel from Kafka through Pipes to other AWS targets can now be exercised end to end locally.

🔎 Steampipe read API coverage

A meaningful new audience-targeting capability: read APIs required by Steampipe resource collection are now implemented (#1538). Steampipe users can now point at Floci to introspect resources without a real AWS account.

🚢 ECS: EFS volumes

ECS now mounts efsVolumeConfiguration task volumes as shared local volumes (#1569). Stateful container workloads that depend on shared filesystems across tasks now behave correctly.

🔐 MemoryDB: ACL-based auth

MemoryDB models auth via ACLs and users (#1478), bringing its security model closer to real AWS rather than running as an open Redis-style endpoint.

💾 CodeDeploy persistence

CodeDeploy joins the persistence story: applications, deployment groups, configs, on-prem instances, and tags now persist across restart (#1579). This continues the durable-state work from 1.5.27 (ECS, CodeBuild, Config, ACM).

🧱 Cognito alignment pass

A coordinated Cognito pass from @shrimptails-f:

• Sign-up confirmation aligned with AWS behavior (#1488)
• CUSTOM_AUTH trigger failures aligned with AWS (#1484)
• AdminGetUser lookup aligned with pool sign-in settings (#1571)

✨ New Features

New services

• feat(iot): add IoT Core (issue #1038) by @nblomquist in #1359
• feat(beanstalk): initial Elastic Beanstalk Query API support by @kotov228 in #1362

Service expansions

• feat(appsync): Phase 3 — $util runtime library for VTL resolvers by @AgustinBertagna in #1223
• feat(pipes): support Kafka pipe sources and polling by @LiamMacP in #1260
• feat(ecs): mount efsVolumeConfiguration task volumes as shared local volumes by @abanna in #1569
• feat(memorydb): model auth via ACLs and users by @ahmedk20 in #1478
• feat(s3): support bucket logging configuration by @codingkiddo in #1510
• feat(ses): publish SNS notifications to identity feedback topics by @okinaka in #1540
• feat(ses): implement PutConfigurationSetDeliveryOptions for SES v1 by @okinaka in #1553
• feat(ec2): add Java-built Ubuntu AMI guest image by @jvanzyl in #1542
• feat(ec2): add instance type metadata catalog by @jvanzyl in #1534
• feat(core): add opt-in Private Network Access for CORS preflights by @Jongsic in #1530

Read APIs

• feat(read-apis): implement read APIs required by Steampipe resource collection by @Abhi011999 in #1538

🐛 Bug Fixes

Cognito

• fix(cognito): align sign-up confirmation with AWS behavior by @shrimptails-f in #1488
• fix(cognito): align CUSTOM_AUTH trigger failures with AWS behavior by @shrimptails-f in #1484
• fix(cognito): align AdminGetUser lookup with pool sign-in settings by @shrimptails-f in #1571

Lambda

• fix(lambda): populate SQS messageAttributes in Lambda event payload by @9046balaji in #1422
• fix(lambda): propagate SQS FIFO system attributes to ESM event by @slang25 in #1527
• fix(lambda): use persisted firstReceiveTimestamp in SQS ESM by @9046balaji in #1548
• fix(lambda): resolve handler paths with a leading ./ against the package by @abanna in #1575

RDS / EC2 / IAM

• fix(rds): align CreateDBInstance and CreateDBCluster parameter group validation with AWS by @shrimptails-f in #1330
• fix(rds): align subnet group placement handling with AWS behavior by @shrimptails-f in #1295
• fix(ec2): VPC endpoint compatibility for AWS SDK / Terraform by @awsvigilante in #1476
• fix(ec2): persist default egress as SecurityGroupRule and fix DescribeSecurityGroupRules filter parsing by @kapoorp99 in #1525
• fix(iam): make entity stores thread-safe under concurrent mutation by @steve-hb in #1509
• fix(iam): resolve AWS-managed policies from any account context by @abanna in #1573

S3 / SES / Secrets Manager

• fix(s3): serve custom error document for missing keys in static websites by @JESUSLUG in #1334
• fix(secretsmanager): register AWSPENDING version before invoking rotation Lambda by @jamesnetherton in #1519

CloudFormation / CloudFront / CodeBuild / CodeDeploy

• fix(cloudformation): fail stack delete when a managed resource cannot be deleted by @dixitrathod16 in #1554
• fix(cloudfront): honor configured domain-suffix for generated distribution domains by @sai-gillingham in #1533
• fix(codedeploy): persist applications, deployment groups, configs, on-prem instances, and tags by @hectorvent in #1579
• fix(codebuild): create build working directory before running phases by @abanna in #1577
• fix(codebuild): stabilize compatibility tests by @shrimptails-f in #1565

DynamoDB / Step Functions / Athena / ELBv2 / EventBridge / MSK / UI

• fix(dynamodb): invalid expressions throw 400 with exact error messages by @someear9h in #1545
• fix(sfn): no execution data available via SDK by @Mulgish in #1506
• fix(athena): serialize timestamps as epoch seconds in GetWorkGroup and GetTableMetadata by @b6k-dev in #1524
• fix(elbv2): omit terminal SSL policy marker by @Abhi011999 in #1522
• fix(eventbridge): sync EventBridge tags to ResourceGroupsTaggingService by @9046balaji in #1347
• fix(msk): advertise externally reachable broker address by @silfabio in #1239
• fix(floci-ui): report real sidecar-start failures instead of always blaming the image by @slang25 in #1544

🧰 CI

• ci: build native compat image on runner, test full matrix against native by @hectorvent in #1578

👋 New Contributors

A warm welcome to everyone making their first contribution to Floci:

• @b6k-dev in #1524
• @Abhi011999 in #1522
• @Mulgish in #1506
• @sai-gillingham in #1533
• @Jongsic in #1530
• @abanna in #1575
• @LiamMacP in #1260

Full Changelog: 1.5.27...1.5.28