github floci-io/floci 1.5.30

3 hours ago

🎉 Highlights

This release adds Amazon MQ and VPC Flow Logs, brings a major Step Functions feature push (state machine versions, ECS integrations, ResultSelector, cross-account execution), lands CloudFormation StackSets with account-aware provisioning, and ships HTTPS on port 443 with Lambda cert trust. IAM gains AssumeRole trust policy enforcement and STS session policies. Service count is now officially 68. Welcome to the 4 first-time contributors.

🆕 New: Amazon MQ

Amazon MQ broker control plane lands (#1642), backed by RabbitMQ. Messaging workloads that depend on Amazon MQ can now be exercised locally with a real message broker rather than a mock, continuing the real-Docker-backed pattern from RDS, ElastiCache, MSK, and OpenSearch.

🌐 New: VPC Flow Logs

EC2 gains VPC Flow Logs support (#1611), enabling local testing of network observability pipelines that consume flow logs from VPCs, subnets, or ENIs.

🧩 Step Functions: major feature push

Six coordinated Step Functions improvements land this cycle:

  • State machine version APIs (PublishStateMachineVersion, List, Delete) (#1562)
  • Executions run under the execution's account (#1566)
  • ResultSelector, Pass Parameters, ArrayContains, wildcard projection, plus IsPresent fix for absent paths (#1558)
  • aws-sdk CloudFormation and EC2 integrations (already in 1.5.29)
  • ecs:runTask service integration (#1564)
  • Compilation repair after semantic conflict between #1558 and #1564 (#1694)

Together this makes Step Functions substantially more capable for real workflow orchestration, particularly for patterns that fan out to ECS tasks or coordinate CloudFormation stack operations.

🧱 CloudFormation StackSets

StackSets with account-aware provisioning (#1551) unlock multi-account CloudFormation patterns, previously blocked entirely. Combined with the IAM cross-account routing from 1.5.29, enterprise-style multi-account IaC now runs locally.

🔐 IAM: trust policies + STS session policies

Two meaningful identity improvements:

  • AssumeRole trust policies enforced when enforcement is enabled (#1552), opt-in for now but a real capability
  • STS session policies enforced (#1636), completing the STS story

Together these give IAM a much more realistic policy-enforcement surface, useful for teams testing security posture locally.

🔒 HTTPS on port 443

Floci now serves HTTPS on port 443 and Lambda containers trust Floci's certificate (#1595). SDK code that expects to reach Floci over HTTPS, or Lambda handlers that make AWS calls back into Floci over HTTPS, now work without cert workarounds.

🔥 Firehose improvements

Firehose gains:

  • ExtendedS3DestinationDescription returned from describe operations (#1710)
  • UpdateDestination support (#1710)

📊 Service count: officially 68

Documentation now reflects the accurate 68 services (#1716), with IoT Core and S3 Vectors pages added to catch up to recent additions.

✨ New Features

New services

Step Functions

  • feat(stepfunctions): add state machine version APIs (Publish / List / Delete) by @abanna in #1562
  • feat(stepfunctions): run executions under the execution's account by @abanna in #1566
  • feat(stepfunctions): ResultSelector, Pass Parameters, ArrayContains, wildcard projection, IsPresent fix by @abanna in #1558
  • feat(stepfunctions): add ecs:runTask service integration by @abanna in #1564

CloudFormation & IAM

  • feat(cloudformation): add StackSets with account-aware provisioning by @abanna in #1551
  • feat(iam): enforce AssumeRole trust policies when enforcement is enabled by @abanna in #1552

Networking & TLS

  • feat(tls): serve HTTPS on 443 and trust Floci's cert in Lambda containers by @abanna in #1595
  • feat(ec2): publish security-group TCP ingress ports on the host by @hectorvent in #1680

Other services

  • feat(firehose): return ExtendedS3DestinationDescription and support UpdateDestination by @hectorvent in #1710
  • feat(ses): implement ContactList CRUD for SES v2 by @okinaka in #1638
  • feat(cloudtrail): support empty lookup events by @jvanzyl in #1603

🐛 Bug Fixes

IAM / STS

  • fix(iam): enforce STS session policies by @snazy in #1636
  • fix(iam): resolve attached AWS-managed policies for any account by @abanna in #1663

EC2 / ELBv2 / Auto Scaling

  • fix(ec2): align AMI guest and launch template parity by @jvanzyl in #1597
  • fix(ec2): return groupSet from DescribeInstanceAttribute by @hectorvent in #1709
  • fix(elbv2): wrap void query responses in their Result envelope by @mvanhorn in #1189
  • fix(autoscaling): fail SSM commands for stale ASG instances by @jvanzyl in #1600

CloudFormation

  • fix(cloudformation): treat missing Secrets Manager secret as already-deleted on stack delete by @ctnnguyen in #1672
  • fix(cloudformation): register !Cidr and !GetAZs shorthand YAML tags by @TAKEDA-Takashi in #1635

DynamoDB / SES / Cognito / KMS

  • fix(dynamodb): return a null Message for non-failed item cancellation reason by @b6k-dev in #1623
  • fix(ses): treat missing SendingEnabled as false in v2 PutConfigurationSetSendingOptions by @okinaka in #1594
  • fix(ses): align CreateEmailIdentity DKIM behavior with AWS by @shrimptails-f in #1620
  • fix(cognito): do not return optional blocks in CreateUserPoolClient when they are not set by @b6k-dev in #1615
  • fix(cognito): register VerificationCode for reflection so HybridStorage works by @dzwicker in #1646
  • fix(kms): normalize alias targetKeyId to plain key ID on createAlias by @mikelamutxastegi in #1648

CloudWatch Logs / ElastiCache / S3 & SNS / Step Functions

  • fix(cloudwatch-logs): preserve ingestion order for same-timestamp events by @slang25 in #1592
  • fix(elasticache): roll back proxy port and container on failed provisioning by @ahmedk20 in #1618
  • fix(s3, sns): preserve root service-host routing by @hampsterx in #1625
  • fix(stepfunctions): repair main compilation after #1558 / #1564 semantic conflict by @hectorvent in #1694

Docker / ECR / Persistence

  • fix(docker): enable TLS and sync docker test runner with compatibility workflow by @hectorvent in #1714
  • fix(ecr): advertise published host port when adopting registry container by @hectorvent in #1715
  • fix(tagging): persist resource tag mappings across restart by @hectorvent in #1711
  • fix(core): register persisted enums for native-image reflection by @hectorvent in #1695

🚀 Performance

  • perf(lambda): drop the base64 encode-decode round-trip on the S3 code path by @abanna in #1666

🧰 Tests & CI

📚 Documentation

  • docs: correct service count to 68 and add missing IoT and S3 Vectors entries by @hectorvent in #1716
  • chore(compat): remove sdk-test-rust suite and refresh test counts by @hectorvent in #1717

📦 Dependencies

  • chore(deps): update Maven dependencies and GitHub Actions by @hectorvent in #1690
  • chore(deps): bump com.graphql-java:graphql-java from 22.0 to 26.0 by @dependabot in #1683

👋 New Contributors

A warm welcome to everyone making their first contribution to Floci:

Full Changelog: 1.5.29...1.5.30

Don't miss a new floci release

NewReleases is sending notifications on new releases.