What's Changed
New Contributors
- @ellouzeskandercs made their first contribution in #610
[1.3.35] — 2026-05-11
Fixed
- EKS
CreateCluster— k3s container now starts withprivileged=True— the k3s server container was being launched with a granularcap_addlist + unconfined seccomp/apparmor in an attempt to avoid privileged mode, but k3s server mode remounts/sys/fs/cgroupand no capability set short of--privilegedpermits that. The container exited on boot withfailed to evacuate root cgroup: mkdir /sys/fs/cgroup/init: read-only file system, breaking EKS cluster creation entirely. The container is now launched withprivileged=True; the cap_add list is retained as defence-in-depth. Documented as a host-security trade-off in the EKS section of the README. Reported by @zkoncir. - SNS FIFO topic → standard SQS queue subscription — MiniStack rejected the subscribe with
InvalidParameterException: Topic with FIFO requires a subscription to a FIFO SQS Queue, which was the AWS rule until 2023-09-14 when AWS added support for FIFO topics fanning out to standard SQS queues. The stale validation is removed; the existing fanout path already attachesMessageGroupId/MessageDeduplicationIdto delivered messages and SQS standard queues ignore those fields, matching real AWS where consumers of a standard queue subscribed to a FIFO topic "may receive messages out of order, and more than once." Contributed by @ellouzeskandercs. - RDS
CreateDBInstancehonorsPreferredMaintenanceWindow— the field was hardcoded tosun:05:00-sun:06:00on the instance record at creation time, silently discarding any caller-supplied value.ModifyDBInstanceand cluster-levelPreferredMaintenanceWindowalready worked, so the divergence was per-instance only on create. The create path now reads the user value and falls back to the default only when none is supplied. Surfaced by Terraformaws_rds_cluster_instance.preferred_maintenance_windowround-trip diffing against a real-AWS capture. Contributed by @jayjanssen.