github ministackorg/ministack v1.3.27
on GitHub

5 hours ago

What's Changed

New Contributors

[1.3.27] — 2026-05-04

Added

  • AWS CloudTrail — in-memory audit log + control plane. Recording opt-in via CLOUDTRAIL_RECORDING=1; per-account ring buffer (CLOUDTRAIL_MAX_EVENTS=10000). LookupEvents supports all 8 AWS LookupAttributes. Control plane: CreateTrail, DeleteTrail, GetTrail, DescribeTrails, ListTrails, UpdateTrail, GetTrailStatus, StartLogging / StopLogging with real IsLogging state, Put/GetEventSelectors, AddTags / ListTags / RemoveTags. Contributed by @AdigaAkhil.
  • AWS Resource Groups (resource-groups, 2017-11-27) — 19 of 23 spec operations: group CRUD, resource queries, configuration, membership, tagging, account settings. Tag-sync ops omitted (not exposed by AWS CLI / Terraform). Requested by @staranto.

Fixed

  • API Gateway v1 GetUsagePlanKeyGET /usageplans/{planId}/keys/{keyId} handler was missing; per-key path fell through to 404. Terraform's GetUsagePlanKey refresh after CreateUsagePlanKey aborted every aws_api_gateway_usage_plan_key apply. Contributed by @marcin-nowak-scl.
  • API Gateway v1 HTTP_PROXY path-param substitution + query-string forwarding{paramName} placeholders in integration uri were forwarded literally; the inbound execute path was appended to the integration URI; query string was dropped. Now substitutes from integration.request.path.X = method.request.path.X mappings (plus {proxy} for {proxy+}), uses the substituted URI as the upstream URL, and forwards the query string. Contributed by @marcin-nowak-scl.
  • API Gateway v1 UpdateModelPATCH /restapis/{id}/models/{name} was missing; Terraform aws_api_gateway_model updates 404
  • Transfer Family LOGICAL root home directory mappingsEntry="/" failed to match because the resolver built "//" as the prefix. Contributed by @stefanmb.
  • CloudTrail router target prefix — was AmazonCloudTrailService; AWS uses CloudTrail_20131101. Routing still worked via credential scope, but the prefix entry was dead code.
  • CloudTrail IsLogging state on Stop/StartLogging — both were no-ops; GetTrailStatus always returned IsLogging: True. Now flips the trail record's state and stamps _StartedAt / _StoppedAt (int epoch).
  • STS Credentials.Expiration is int epoch in the JSON pathAssumeRole / AssumeRoleWithWebIdentity / GetSessionToken returned a float; Java/Go SDK v2 reject it.
  • backup / eks _epoch() / _now() return int — were time.time() (float); consumed by record fields like createdAt.
  • DynamoDB ConditionalCheckFailedException populates Item on ReturnValuesOnConditionCheckFailure="ALL_OLD"PutItem / UpdateItem / DeleteItem / TransactWriteItems now return the prior item alongside the error code (and on the failing CancellationReason for transactions). Verified against botocore: CancellationReason and ConditionalCheckFailedException shapes both include Item. Reported by @darkamgine.
  • CFN AWS::S3::Bucket preserves physical id on update — auto-named buckets got a new random name on every UpdateStack, breaking {Ref} after redeploy. Contributed by @erick-reis-gran.
  • CFN AWS::Lambda::Function returns real CodeSize / CodeSha256 — were hardcoded; now computed from the deployment-package bytes. Contributed by @erick-reis-gran.
Check out latest releases or
releases around ministackorg/ministack v1.3.27

Don't miss a new ministack release

NewReleases is sending notifications on new releases.

Get notifications