🎉 Highlights
This release adds Amazon MQ and VPC Flow Logs, brings a major Step Functions feature push (state machine versions, ECS integrations, ResultSelector, cross-account execution), lands CloudFormation StackSets with account-aware provisioning, and ships HTTPS on port 443 with Lambda cert trust. IAM gains AssumeRole trust policy enforcement and STS session policies. Service count is now officially 68. Welcome to the 4 first-time contributors.
🆕 New: Amazon MQ
Amazon MQ broker control plane lands (#1642), backed by RabbitMQ. Messaging workloads that depend on Amazon MQ can now be exercised locally with a real message broker rather than a mock, continuing the real-Docker-backed pattern from RDS, ElastiCache, MSK, and OpenSearch.
🌐 New: VPC Flow Logs
EC2 gains VPC Flow Logs support (#1611), enabling local testing of network observability pipelines that consume flow logs from VPCs, subnets, or ENIs.
🧩 Step Functions: major feature push
Six coordinated Step Functions improvements land this cycle:
- State machine version APIs (
PublishStateMachineVersion,List,Delete) (#1562) - Executions run under the execution's account (#1566)
ResultSelector,PassParameters,ArrayContains, wildcard projection, plusIsPresentfix for absent paths (#1558)aws-sdkCloudFormation and EC2 integrations (already in 1.5.29)ecs:runTaskservice integration (#1564)- Compilation repair after semantic conflict between #1558 and #1564 (#1694)
Together this makes Step Functions substantially more capable for real workflow orchestration, particularly for patterns that fan out to ECS tasks or coordinate CloudFormation stack operations.
🧱 CloudFormation StackSets
StackSets with account-aware provisioning (#1551) unlock multi-account CloudFormation patterns, previously blocked entirely. Combined with the IAM cross-account routing from 1.5.29, enterprise-style multi-account IaC now runs locally.
🔐 IAM: trust policies + STS session policies
Two meaningful identity improvements:
- AssumeRole trust policies enforced when enforcement is enabled (#1552), opt-in for now but a real capability
- STS session policies enforced (#1636), completing the STS story
Together these give IAM a much more realistic policy-enforcement surface, useful for teams testing security posture locally.
🔒 HTTPS on port 443
Floci now serves HTTPS on port 443 and Lambda containers trust Floci's certificate (#1595). SDK code that expects to reach Floci over HTTPS, or Lambda handlers that make AWS calls back into Floci over HTTPS, now work without cert workarounds.
🔥 Firehose improvements
Firehose gains:
ExtendedS3DestinationDescriptionreturned from describe operations (#1710)UpdateDestinationsupport (#1710)
📊 Service count: officially 68
Documentation now reflects the accurate 68 services (#1716), with IoT Core and S3 Vectors pages added to catch up to recent additions.
✨ New Features
New services
- feat(amazonmq): add Amazon MQ broker control plane backed by RabbitMQ by @ahmedk20 in #1642
- feat(ec2): add VPC Flow Logs by @hectorvent in #1611
Step Functions
- feat(stepfunctions): add state machine version APIs (
Publish/List/Delete) by @abanna in #1562 - feat(stepfunctions): run executions under the execution's account by @abanna in #1566
- feat(stepfunctions):
ResultSelector,PassParameters,ArrayContains, wildcard projection,IsPresentfix by @abanna in #1558 - feat(stepfunctions): add
ecs:runTaskservice integration by @abanna in #1564
CloudFormation & IAM
- feat(cloudformation): add StackSets with account-aware provisioning by @abanna in #1551
- feat(iam): enforce AssumeRole trust policies when enforcement is enabled by @abanna in #1552
Networking & TLS
- feat(tls): serve HTTPS on 443 and trust Floci's cert in Lambda containers by @abanna in #1595
- feat(ec2): publish security-group TCP ingress ports on the host by @hectorvent in #1680
Other services
- feat(firehose): return
ExtendedS3DestinationDescriptionand supportUpdateDestinationby @hectorvent in #1710 - feat(ses): implement
ContactListCRUD for SES v2 by @okinaka in #1638 - feat(cloudtrail): support empty lookup events by @jvanzyl in #1603
🐛 Bug Fixes
IAM / STS
- fix(iam): enforce STS session policies by @snazy in #1636
- fix(iam): resolve attached AWS-managed policies for any account by @abanna in #1663
EC2 / ELBv2 / Auto Scaling
- fix(ec2): align AMI guest and launch template parity by @jvanzyl in #1597
- fix(ec2): return
groupSetfromDescribeInstanceAttributeby @hectorvent in #1709 - fix(elbv2): wrap void query responses in their Result envelope by @mvanhorn in #1189
- fix(autoscaling): fail SSM commands for stale ASG instances by @jvanzyl in #1600
CloudFormation
- fix(cloudformation): treat missing Secrets Manager secret as already-deleted on stack delete by @ctnnguyen in #1672
- fix(cloudformation): register
!Cidrand!GetAZsshorthand YAML tags by @TAKEDA-Takashi in #1635
DynamoDB / SES / Cognito / KMS
- fix(dynamodb): return a null
Messagefor non-failed item cancellation reason by @b6k-dev in #1623 - fix(ses): treat missing
SendingEnabledas false in v2PutConfigurationSetSendingOptionsby @okinaka in #1594 - fix(ses): align
CreateEmailIdentityDKIM behavior with AWS by @shrimptails-f in #1620 - fix(cognito): do not return optional blocks in
CreateUserPoolClientwhen they are not set by @b6k-dev in #1615 - fix(cognito): register
VerificationCodefor reflection soHybridStorageworks by @dzwicker in #1646 - fix(kms): normalize alias
targetKeyIdto plain key ID oncreateAliasby @mikelamutxastegi in #1648
CloudWatch Logs / ElastiCache / S3 & SNS / Step Functions
- fix(cloudwatch-logs): preserve ingestion order for same-timestamp events by @slang25 in #1592
- fix(elasticache): roll back proxy port and container on failed provisioning by @ahmedk20 in #1618
- fix(s3, sns): preserve root service-host routing by @hampsterx in #1625
- fix(stepfunctions): repair main compilation after #1558 / #1564 semantic conflict by @hectorvent in #1694
Docker / ECR / Persistence
- fix(docker): enable TLS and sync docker test runner with compatibility workflow by @hectorvent in #1714
- fix(ecr): advertise published host port when adopting registry container by @hectorvent in #1715
- fix(tagging): persist resource tag mappings across restart by @hectorvent in #1711
- fix(core): register persisted enums for native-image reflection by @hectorvent in #1695
🚀 Performance
🧰 Tests & CI
- test(ec2): added timeout in manager test by @Preston-Cai in #1612
- test(ssm): keep diagnostics fixture generic by @jvanzyl in #1619
- chore(ci): skip nightly workflow on forks by @martincostello in #1627
- chore(ci): use time zone for schedule by @martincostello in #1628
📚 Documentation
- docs: correct service count to 68 and add missing IoT and S3 Vectors entries by @hectorvent in #1716
- chore(compat): remove sdk-test-rust suite and refresh test counts by @hectorvent in #1717
📦 Dependencies
- chore(deps): update Maven dependencies and GitHub Actions by @hectorvent in #1690
- chore(deps): bump
com.graphql-java:graphql-javafrom 22.0 to 26.0 by @dependabot in #1683
👋 New Contributors
A warm welcome to everyone making their first contribution to Floci:
- @TAKEDA-Takashi in #1635
- @snazy in #1636
- @dzwicker in #1646
- @mikelamutxastegi in #1648
Full Changelog: 1.5.29...1.5.30