What's Changed
New Contributors
[1.3.36] — 2026-05-11
Added
- IAM AWS-managed policies (
arn:aws:iam::aws:policy/<Name>) — real AWS hosts these under a virtualawsaccount every customer can read; MiniStack used to key every policy by the caller's account soGetPolicy(arn:aws:iam::aws:policy/AdministratorAccess)returnedNoSuchEntity. AWS-managed policies now live in a separate non-account-scoped store, pre-seeded with 20 of the most commonly referenced policies (AdministratorAccess,PowerUserAccess,ReadOnlyAccess,SecurityAudit,AWSLambdaBasicExecutionRole,AmazonS3FullAccess/ReadOnlyAccess,AmazonEC2FullAccess/ReadOnlyAccess,AmazonSSMManagedInstanceCore,AmazonDynamoDBFullAccess,AWSLambdaVPCAccessExecutionRole, and friends) carrying their canonical AWS documents verbatim. Unknown AWS-managed ARNs returnNoSuchEntityby default so typos surface locally; opt in to permissive autovivify withMINISTACK_AUTOCREATE_AWS_MANAGED=1.AttachmentCountis tracked per-(session-account, arn) via an account-scoped sidecar, matching real AWS where the counter is per-account.ListPoliciesrespectsScope=All/AWS/Local; attach/detach work against any AWS-managed ARN; mutation operations (CreatePolicyinto theawsnamespace,DeletePolicy,TagPolicy,UntagPolicy,CreatePolicyVersion,DeletePolicyVersion) returnAccessDenied/InvalidInputto match real AWS. Contributed by @spicykay. - Cost and Usage Reports (CUR) — full 7-operation surface (
PutReportDefinition,DescribeReportDefinitions,ModifyReportDefinition,DeleteReportDefinition,TagResource,UntagResource,ListTagsForResource). Report definitions persist; report file generation is not emulated (MiniStack doesn't track usage or compute costs), so this targets IaC validation — Terraform / CDK / Bash automation that managesaws_cur_report_definitionresources can now plan and apply against MiniStack without hitting real AWS billing. Contributed by @staranto. - Lambda Ruby 4.0 runtime —
ruby4.0maps topublic.ecr.aws/lambda/ruby:4.0, tracking the runtime AWS added in May 2026 (botocore 1.42.94).
Fixed
- RDS
DescribeDBClustersserialization —DatabaseName,NetworkType,EngineLifecycleSupport— three independent shape bugs on the same code path.DatabaseNamewas stored as""and always emitted, so botocore parsed it as the empty string instead ofnull; the field is now stored asNonewhen unset and only emitted when truthy, matching real-AWS XML elision.NetworkTypeandEngineLifecycleSupportwere never stored or serialized; they're now accepted from the request and emit with the AWS-documented defaults (IPV4andopen-source-rds-extended-support). Surfaced by brownfield-import diffing against a real-AWS captured Aurora cluster. Contributed by @jayjanssen. - RDS
DescribeDBClusterParametersemits<Source>element — the cluster-parameter response XML omitted<Source>entirely, so botocore materializedParameters[].SourceasNonefor every entry. Each emitted<Parameter>now includes<Source>user</Source>, matching the existing instance-level path. Note: MiniStack only stores user-modified parameters (engine defaults are not modelled); the literaluseris correct for the slice MS currently returns but will need to become conditional once engine-defaults are added. Surfaced by the same brownfield-import diffing. Contributed by @jayjanssen. - CUR report definitions lost on warm-boot — the CUR module declared
get_state()andrestore_state()but theload_state("cur")call at import time was missing, so MiniStack wrote state on shutdown and never read it on restart. Standard import-time block added;PERSIST_STATE=1now correctly survives across container restarts for CUR. - IAM
AttachmentCounton AWS-managed policies reset on warm-boot — the per-(session-account, arn) sidecar_aws_managed_attachment_countsadded with the AWS-managed-policies work was missing fromget_state/restore_state. Customer-managedAttachmentCountalready persisted via the policy record itself; only the AWS-managed-policy sidecar was dropped. Now wired in.