github floci-io/floci 1.5.33

6 hours ago

πŸŽ‰ Highlights

This release adds EKS Fargate profiles, brings Step Functions JSONata workflow variables, expands Cognito with GlobalSignOut and RevokeToken, and lands substantial S3 conformance work on ACLs, replication, encryption defaults, and error handling. IAM gets S3 list condition context, and lifecycle management improves for process-bound containers. Welcome to the 7 first-time contributors.

☸️ EKS Fargate profiles

EKS Fargate profiles support lands (#1523), extending the EKS + managed node groups story from 1.5.24. Real EKS provisioning patterns that use Fargate for serverless container execution now work locally.

🧩 Step Functions: JSONata Assign

Step Functions now supports JSONata workflow variables via the Assign field (#1824). Recent AWS additions to Step Functions expression language now work locally β€” state machines using JSONata syntax for variable manipulation can be tested end to end.

πŸ” Cognito: sign-out completion

Two coordinated Cognito additions:

  • GlobalSignOut implemented (#1701)
  • jti / origin_jti claims emitted with RevokeToken support (#1705)

Combined with the earlier AdminUserGlobalSignOut token revocation from 1.5.27, Cognito's session-invalidation story is now genuinely complete. Applications relying on token revocation for security-sensitive flows now behave correctly.

πŸͺ£ S3 conformance pass

Five coordinated S3 improvements land this cycle:

  • DeleteBucketReplication handled correctly instead of deleting the whole bucket (@MariusVolkhart, #1837)
  • GetBucketEncryption returns default SSE-S3 instead of 404 (#1838)
  • ACL headers and explicit grants honored (@kmahadevan-bidgely, #1768)
  • Fail-fast on unwritable data root instead of opaque 500s (#1868)
  • IAM S3 list condition context passed to IAM enforcement (#1748)

Between these and the S3 auth enforcement from 1.5.32, S3's security and correctness posture is meaningfully more realistic.

🧱 CloudFormation: SAM refinements

  • SAM function PackageType carried through expansion (#1772), so SAM templates that reference container images vs zips are handled correctly
  • Secrets parsed in ContainerDefinitions for ECS resource provisioning (#1874)

πŸ”„ Lifecycle: process-bound container teardown

Process-bound containers are now torn down properly on shutdown (#1869). Combined with the shutdown-flush work from 1.5.29, Floci's shutdown story continues to improve β€” no more orphan containers left behind after clean shutdowns.

🌐 EC2 / RDS conformance

  • EC2: ImportKeyPair rejects duplicate names (@ankit1324, #1848)
  • RDS: DescribeDBSubnetGroups returns DBSubnetGroupNotFoundFault for missing groups (@Leandro-ft, #1870)
  • Scheduler: MessageAttributes forwarded in universal sns:publish target (#1706)

✨ New Features

EKS / Step Functions / Cognito

CloudFormation

  • feat(cloudformation): parse secrets in ContainerDefinitions by @RvanB in #1874

πŸ› Bug Fixes

S3

EC2 / RDS / ELBv2 / Scheduler

  • fix(ec2): reject duplicate key pair names in ImportKeyPair by @ankit1324 in #1848
  • fix(rds): return DBSubnetGroupNotFoundFault for missing DescribeDBSubnetGroups by @Leandro-ft in #1870
  • fix(elbv2): expose target health reason parity by @jvanzyl in #1743
  • fix(scheduler): forward MessageAttributes in universal sns:publish target by @ctnnguyen in #1706

CloudFormation / EKS / Lifecycle

  • fix(cloudformation): carry PackageType through SAM Function expansion by @rogueserenity in #1772
  • fix(eks): register FargateProfileStatus for reflection by @hectorvent in #1876
  • fix(lifecycle): tear down process-bound containers on shutdown by @hectorvent in #1869

πŸ§ͺ Tests

  • test(apigateway): cover request-header forwarding on the _user_request_ path by @abanna in #1830

πŸ‘‹ New Contributors

A warm welcome to everyone making their first contribution to Floci:

Full Changelog: 1.5.32...1.5.33

Don't miss a new floci release

NewReleases is sending notifications on new releases.