ministackorg/ministack v1.3.37 on GitHub

What's Changed

New Contributors

@mfurqaan31 made their first contribution in #622
@mark-bray made their first contribution in #624

[1.3.37] — 2026-05-12

Added

CloudFormation AWS::ApiGateway::Authorizer — stacks declaring a TOKEN / REQUEST / COGNITO_USER_POOLS authorizer now provision against the existing apigateway_v1 store instead of failing the stack with Unsupported resource type. Maps the standard CFN properties (Name, Type, AuthorizerUri, AuthorizerCredentials, IdentitySource, IdentityValidationExpression, AuthorizerResultTtlInSeconds, ProviderARNs, RestApiId); AuthType is informational only in the AWS spec and is dropped.
SQS AddPermission / RemovePermission — both operations now wire through to the queue's IAM resource policy stored under the existing Policy queue attribute. AddPermission appends statements in AWS canonical shape (bare 12-digit account IDs in Principal.AWS, lowercase sqs: action namespace, <queue-arn>/SQSDefaultPolicy Id). Duplicate Label is rejected with InvalidParameterValue; RemovePermission is idempotent per AWS.
RDS DescribePendingMaintenanceActions no-op surface — accepts the operation and returns an empty PendingMaintenanceActions list. Accepts and ignores ResourceIdentifier, Filters, Marker, and MaxRecords. Unblocks brownfield state-capture tooling that walks the full RDS API surface. Contributed by @jayjanssen.

Fixed

SQS SendMessage honors MaximumMessageSize — body byte length is now validated against the queue's MaximumMessageSize attribute (default 262144, configurable up to 1 MiB per AWS). Oversized messages return InvalidParameterValue (400). Before this fix MS silently accepted oversized messages that real AWS would reject.
SNS Publish and PublishBatch enforce 256 KiB — total payload size (Message + MessageAttributes name/type/value bytes) is now bounded at 262144 bytes per AWS docs. Publish returns InvalidParameter (400); PublishBatch surfaces each oversized entry as a per-entry failure rather than failing the whole batch. Subject is intentionally excluded (AWS limits Subject to 100 chars but does not count it toward the 256 KB payload).
EventBridge SQS target stamps SqsParameters.MessageGroupId on FIFO queues — _dispatch_to_sqs now reads the target's SqsParameters block and stamps MessageGroupId on the delivered message; it also derives a content-based MessageDeduplicationId and a fifo_seq so the delivery shape matches real EventBridge → FIFO SQS. Before this fix MS dropped MessageGroupId at dispatch, so FIFO targets received messages real AWS would reject.
SQS DeleteQueue raises QueueDoesNotExist for missing queues — the action silently returned {} when the URL didn't match a stored queue. Real AWS returns 400 QueueDoesNotExist (awsQueryCompatible AWS.SimpleQueueService.NonExistentQueue). The handler now routes through the same _get_q helper every other SQS action uses, also picking up its docker-compose-hostname fallback. Contributed by @mfurqaan31.
S3 UploadPartCopy validates x-amz-copy-source-range — the header was parsed with rng.split("-") and no validation, so malformed values (bytes=abc-def, extra dashes, missing prefix) raised an unhandled ValueError and surfaced as HTTP 500; reversed and out-of-bounds ranges silently produced wrong-sized parts. All malformed inputs now return 400 InvalidArgument; out-of-bounds includes the source object size in the error message. boto3 retries 5xx but fails fast on 4xx, so the prior 500 behaviour caused infinite client retry loops against MiniStack where real S3 would have failed immediately. Contributed by @mfurqaan31.
S3 _parse_bucket_key strips absolute-form request targets — AWS SDK for .NET v4 sends HTTP/1.1 requests with absolute-form targets (e.g. PUT http://ministack:4566/bucket/key); hypercorn passes the raw target through, so MS was parsing http: as the bucket name. The function now strips scheme + authority before parsing. Contributed by @mark-bray.