localstack/localstack v4.14.0 on GitHub

Summary

LocalStack for AWS 4.14 introduces a new Resource Groups Tagging API provider with native integrations across EC2, KMS, S3, Lambda, Route 53, SNS, SQS, OpenSearch, and Elastic Beanstalk. This release adds KRaft cluster support for Amazon MSK, switches Hive to use Glue as its default metastore, and integrates EKS nodes with the Instance Metadata Service (IMDS). Additional improvements include CloudFormation DeletionPolicy and UpdateReplacePolicy support, Step Functions testing enhancements, and parity updates across S3, Route 53, ECS, ElastiCache, and RDS.

AWS Features

LocalStack now includes a new Resource Groups Tagging API provider as the default for licensed users. This provider offers native tagging integrations with EC2, KMS, S3, Lambda, Route 53, SNS, SQS, OpenSearch, and Elastic Beanstalk, replacing the previous Moto-based fallback implementation. (🌟 base)
LocalStack now supports KRaft-based clusters in Amazon Managed Streaming for Apache Kafka (MSK). KRaft is Kafka's built-in consensus protocol that eliminates the need for ZooKeeper, simplifying cluster operations. This release also introduces support for running multiple Kafka brokers per cluster. (🌟 ultimate)
LocalStack for AWS 4.14 switches Hive to use Glue as its metastore by default, providing tighter integration between Glue, Athena, and Hive. Key improvements include native s3:// location support, multi-region database support between Glue and Athena, enhanced JDBC crawler support, and improved partitioning support in Glue crawlers. (🌟 ultimate)
EKS nodes from managed nodegroups now register with the Instance Metadata Service (IMDS) after creation, enabling pods to introspect their networking configuration. This is required for tools like the AWS Load Balancer Controller that interact directly with IMDS to fetch networking configuration, such as subnets. (🌟 ultimate)

Enhancements

Added support for Kubernetes versions 1.34 and 1.35 in EKS. Kubernetes 1.34 is now the default version for EKS clusters. Removed support for Kubernetes version 1.28. (🌟 ultimate)
When creating EKS clusters, the node.kubernetes.io/exclude-from-external-load-balancers=true label is now automatically added to server nodes to prevent the AWS Load Balancer Controller from considering them as load balancer targets. (🌟 ultimate)
CloudFormation now supports DeletionPolicy and UpdateReplacePolicy attributes for resource management, including support for intrinsic functions within policy values using Fn::If conditions.
Fixed an issue where Fn::FindInMap with nested intrinsic functions (like {"Ref": "AWS::Partition"}) would raise a misleading InternalFailure error during stack redeployment. This particularly affected CDK-generated templates using CloudFront distributions with Route 53 alias targets.
Added support for the variables parameter in the Step Functions TestState API, allowing pre-populated variables to be passed when testing individual states.
Improved Step Functions Local mock response handling to correctly iterate through numbered responses for multiple invocations of the same state.
Improved JSONata $merge() function handling with dynamic input references like $states.input.part1.
Added support for conditional headers (If-Match and If-None-Match) in the S3 CopyObject API, enabling atomic copy operations based on the destination object's ETag.
Added UPDATE support for the AWS::Route53::RecordSet CloudFormation resource provider, including proper handling of SetIdentifier for weighted routing policies.
Added validation for supported runtimes when creating Lambda Managed Instances functions, along with improved capacity providers lifecycle management.
Added CRUD support for Users and UserGroups in ElastiCache, including CreateUser, CreateUserGroup, and related operations. (🌟 base)
Added stopTimeout support for ECS container definitions, improving AWS parity for task termination behaviour. (🌟 base)
Implemented MSSQL data persistence in RDS, allowing database state to be preserved between LocalStack restarts when using the SQL Server engine. (🌟 base)
The Glue provider now supports the --python-modules-installer-option parameter, allowing users to pass extra arguments to pip install when creating or running Glue jobs. (🌟 ultimate)

Deprecations

Removed the --host option from the LocalStack CLI. The CLI now only supports running LocalStack inside a container via localstack start.
Any state created with a version prior to 4.14 will not be compatible and will need to be recreated. This applies to Cloud Pods, state snapshots, and PERSISTENCE=1. LocalStack will display an explicit message when attempting to load incompatible state.

What's Changed

Exciting New Features 🎉

SNS:v2 return pending confirmation on list subs by @baermat in #13666
S3: fix Unicode handling in System and User Metadata by @bentsku in #13663
Events: improve typing of models and default values by @bentsku in #13689
S3: improve typing, removing int dict keys, clean up backwards getattr by @bentsku in #13687
Sns/v2 switch default provider by @baermat in #13699
Fix: Update Dev Run to mount plux.ini instead of entry_points.txt for localstack dependencies by @aidehn in #13708
APIGW: fix model typing / update custom id logic by @bentsku in #13694
Lambda: fix store typing for serialization by @bentsku in #13707
OpenSearch: Move Tagging into Provider Methods by @aidehn in #13624
Remove CLI code from core repository by @silv-io in #13704
DynamoDB: refactor the store for proper type annotations by @giograno in #13256
Lambda: refactor tagging by @bentsku in #13770
feat: implement conditional headers for S3 CopyObject API by @shubhiscoding in #13554
ResourceGroupsTaggingAPI: Migration for Integrated Services by @aidehn in #13821
feat(stepfunctions): Add support for variables as TestState parameter by @tiurin in #13827

Other Changes

fix lambda state reset method to shutdown esm workers correctly by @thrau in #13671
CloudFormation: Support nested intrinsic functions in Fn::FindInMap by @nik-localstack in #13678
Improve types for the SQS store by @giograno in #13684
Update ruff target-version to 3.13 by @giograno in #13688
Bump bytes from 1.11.0 to 1.11.1 in /tests/aws/services/lambda_/functions/common/uncaughtexception/provided/src by @dependabot[bot] in #13690
Bump bytes from 1.11.0 to 1.11.1 in /tests/aws/services/lambda_/functions/common/introspection/provided/src by @dependabot[bot] in #13691
Follow-up for ruff target-version upgrade by @giograno in #13696
S3: Move Tagging Functionality into Provider Methods by @aidehn in #13657
improve system information sent in session and container_info by @thrau in #13680
KMS: Move Tagging Functionality into methods on the Provider by @aidehn in #13595
SecretsManager: add tag/untag resource handling for deleted secrets by @shubhiscoding in #13662
Route53: Move tagging logic into Provider methods by @aidehn in #13606
deps: upgrade rolo/localstack-twisted by @bentsku in #13695
Deprecate TaggingService by @viren-nadkarni in #13697
CloudFormation: make test_fn_find_in_map_with_nested_ref_change_mapping region-agnostic by @nik-localstack in #13700
SNS: add missing requires_in_process test markers by @bentsku in #13703
testing: avoid installing service dependencies in runners if unnecessary by @bentsku in #13701
fix(cloudformation): skip properties of conditional resources with false conditions by @sodre in #13664
CFn: implement DeletionPolicy and UpdateReplacePolicy by @simonrw in #13535
Lambda: Update CapacityProviderArn for managed instances by @anisaoshafi in #13702
tests: Fix pre-install fixtures logic by @bentsku in #13709
fix linting error by @bentsku in #13710
Events: improve Store IAM Statement typing by @bentsku in #13716
Upgrade lambda-runtime-init by @skyrpex in #13712
fix(transcribe): allow exact 4h duration and handle invalid metadata by @kelvinvelasquez-SDE in #13561
SNS: fix existing topic attr check by @bentsku in #13714
pin upgrade-pinned-dependencies target to pip<26 by @bentsku in #13719
fix: secret value stored not decoded by @amitsh1 in #13543
fix(SFN): prevent .waitForTaskToken cleanup in states that don't support it by @skyrpex in #13706
Skip flaky path for Lambda introspection test by @anisaoshafi in #13730
Bump Moto-Ext to 5.1.22 by @viren-nadkarni in #13727
EKS: track eks customisation settings by @simonrw in #13733
CFn: capture analytics on stack deploy failure by @simonrw in #13649
dev: add live-reload capability by @simonrw in #13718
SFN: Fix Local mock iterations for states without retry by @tiurin in #13693
Bump cryptography from 46.0.4 to 46.0.5 by @dependabot[bot] in #13738
Fix Cfn resource update by @silv-io in #13613
transcribe: Skip test in k8s pipeline by @nik-localstack in #13741
tests: run store checks in Community against Pro workflow by @bentsku in #13721
RGTA/EC2: skip RGTA EC2 test in Pro by @bentsku in #13743
CFn: Handle Fn::Sub returning JSON strings for IAM policies by @nik-localstack in #13735
S3: fix URL encoding of ContinuationToken in ListObjectsV2 by @bentsku in #13746
fix cli import in watcher by @alexrashed in #13750
fix(apigateway): prevent deletion of stages during deployment replacement by @shubhiscoding in #13736
APIGW: update CFN template for Stage test by @bentsku in #13752
optimize analytics event batching window by @ackdav in #13747
Fix docker errors with docker 29 and containerd storage backend by @dfangl in #13759
Fix capture not implemented by installing localstack by @silv-io in #13761
Sns avro by @baermat in #13711
APIGW: handle undeclared Sparse Maps in specs by @bentsku in #13753
CW Logs: Test suite for service internalization by @pinzon in #13692
dev: lazy import live reload dependencies by @simonrw in #13757
Update CODEOWNERS by @localstack-bot in #13779
optimize config analytics event before sending by @thrau in #13744
Test selection: migrate IAM by @simonrw in #13768
S3: pre-signed URL account logic with SigV2 by @bentsku in #13782
Update CloudFormation resource availability by @localstack-bot in #13740
Fix failing snapshot test due to Lambda Python image changes by @joe4dev in #13789
SQS: Move Tagging Functionality to Provider Methods by @aidehn in #13777
SNS: Move Tagging Functionality to Provider Methods by @aidehn in #13608
Handle async deletion for lambda managed instances by @anisaoshafi in #13751
Logs: fix snapshot region from tests by @pinzon in #13792
Test and fix provisioned concurrency error handling by @joe4dev in #13784
Lambda: add more context to alias failure reason by @simonrw in #13807
fix: correct typo in Dockerfile comment (degredation → degradation) by @MrLawrenceKwan in #13812
fix(stepfunctions): resolve JSONata $merge regression with dynamic args by @shubhiscoding in #13717
Lambda: async update lambda managed instance functions by @anisaoshafi in #13797
upgrade lambda RIE by @carole-lavillonniere in #13826
fix: development environment setup link by @rudransh-shrivastava in #13816
S3: regenerate test snapshots & parity fixes by @bentsku in #13824
Set correct JLI path for JRE versions 12+ by @tiurin in #13830
fix: use standard npm install command to upgrade npm by @Swaraj-sync in #13817
fix: add --no-install-recommends to builder stage apt-get install by @Heyyprakhar1 in #13814
Add deprecation warning for ACTIVATE_PRO by @k-a-il in #13833
Lambda: keep track of DesiredState for capacity provider for managed instances by @anisaoshafi in #13828
S3: fix tagging with cross region calls by @bentsku in #13834
CloudWatch: fix Scheduler shutdown by @bentsku in #13822
Fix: Clean Up from RGTA Migration by @aidehn in #13835
Lambda: keep track of function scaling config in the store by @anisaoshafi in #13837
SQS: use queue account and region for tagging by @bentsku in #13847
remove unused analytics payload ls_service_provider_assignment by @thrau in #13846

New Contributors

@sodre made their first contribution in #13664
@kelvinvelasquez-SDE made their first contribution in #13561
@MrLawrenceKwan made their first contribution in #13812
@rudransh-shrivastava made their first contribution in #13816
@Swaraj-sync made their first contribution in #13817
@Heyyprakhar1 made their first contribution in #13814

Full Changelog: v4.13.1...v4.14.0