What landed in MiniStack between 1.2.0 and 1.3.30

If you read the 1.2.0 post, that is where this picks up. About four weeks have gone by and over fifty patch releases. This is a tour of what actually shipped, focused on the parts you can use today.

If you have not seen MiniStack before: it is a single-binary local AWS emulator. One process, 46 services, MIT licensed, runs on your laptop or in CI in under a second. Think LocalStack without the paywall and without the JVM.

GitHub: https://github.com/ministackorg/ministack
Docs: https://ministack.org/docs/

New services

EKS with real k3s (1.2.20). CreateCluster spawns a 75 MB k3s container that gives you a real Kubernetes API. kubectl and Helm work against it. CloudFormation provisioners for AWS::EKS::Cluster and AWS::EKS::Nodegroup are wired in. If Docker is unavailable the cluster still goes ACTIVE with a stub endpoint so the API contract holds in CI.

Transfer Family (1.2.17). 10 operations covering server CRUD, user CRUD, SSH key rotation, and LOGICAL home directory mappings to S3. Contributed by @mjdavidson.

EventBridge Scheduler (1.2.19). The full scheduler API: schedule groups, cascading deletes, name and state filters, plus at(), cron(), and rate() expressions. CFN AWS::Scheduler::Schedule and AWS::Scheduler::ScheduleGroup provisioners included. EventBridge cron() rules also fire automatically now (1.3.25), with a zero-dependency parser that covers the full six-field syntax including L, LW, <n>W, <n>#<k>. Contributed by @hiddengearz.

Resource Groups Tagging API (1.3.2). GetResources, GetTagKeys, GetTagValues across 15 services (S3, Lambda, SQS, SNS, DynamoDB, EventBridge, KMS, ECR, ECS, Glue, Cognito, AppSync, Scheduler, CloudFront, EFS). Contributed by @AdigaAkhil.

Resource Groups (1.3.27). 19 of 23 spec operations: group CRUD, resource queries, configuration, membership, tagging, account settings. Requested by @staranto.

AWS CloudTrail (1.3.27). In-memory audit log with control plane and LookupEvents. Per-account ring buffer, opt-in via CLOUDTRAIL_RECORDING=1. Contributed by @AdigaAkhil.

AppSync Events API (1.3.25). Event API management, channel namespaces, API keys, HTTP publish, and realtime WebSocket on the aws-appsync-event-ws subprotocol. Contributed by @marcin-nowak-scl.

CloudFront KeyValueStore (1.3.25, 1.3.26). Both planes: management plane for Create/Describe/List/Update/Delete with ETag concurrency, and a separate cloudfront-keyvaluestore data plane for GetKey/PutKey/DeleteKey/UpdateKeys. CFN AWS::CloudFront::KeyValueStore provisioner included. Contributed by @davireisvieira.

Lambda

A big stretch of work. Highlights:

RIE-based Docker executor (1.2.20). LAMBDA_EXECUTOR=docker now uses official AWS Lambda Runtime Interface Emulator images for every runtime. Containers stay warm between invocations. Originally contributed by @fzonneveld.

Runtime coverage (1.2.21 and after). The full image map today: python3.8 through python3.14, nodejs14.x through nodejs24.x, java8.al2, java11, java17, java21, java25, dotnet6, dotnet8, dotnet10, ruby3.2, ruby3.3, ruby3.4, plus provided, provided.al2, provided.al2023.

Lambda to CloudWatch Logs (1.3.3). Every invocation now writes START, handler output, END, and REPORT lines to /aws/lambda/{FunctionName} on a per-invocation stream. Metric filters, subscription filters, and alarm chains that needed real Lambda logs work locally now. Applies to every executor.

Async retry and DLQ routing (1.3.3). Invoke(InvocationType=Event) and S3-notification fan-out retry up to MaximumRetryAttempts and route the final failure to the configured DLQ or OnFailure destination (SQS, SNS, or another Lambda) with the AWS-shaped envelope.

Docker-in-Docker (1.2.21). Running MiniStack inside Docker with LAMBDA_EXECUTOR=docker works. Code is copied via docker cp instead of bind-mounted, and Lambda containers are reached via container IP. Reported by @HackJack-101.

Filter criteria during polling (1.3.3). SQS, Kinesis, and DynamoDB Streams pollers evaluate each record against FilterCriteria.Filters and drop non-matching records before invoking. Equality lists, prefix, suffix, anything-but, exists, and numeric content filters are all supported.

Step Functions aws-sdk:* integrations

Resource: arn:aws:states:::aws-sdk:<service>:<op> works against the following services in 1.3.30. The list is the actual contents of the dispatch table in ministack/services/stepfunctions.py:

• Query protocol: ec2, sqs, sns, rds, elasticache, iam, sts, cloudwatch
• JSON protocol: dynamodb, secretsmanager, states (Step Functions calling itself), logs (CloudWatch Logs), ssm, eventbridge, kinesis, glue, athena, ecs, ecr, kms
• REST-JSON protocol: rdsdata
• REST-XML protocol: s3 (12 ops added in 1.3.29: ListBuckets, CreateBucket, DeleteBucket, HeadBucket, GetBucketVersioning, ListObjectsV2, ListObjects, HeadObject, CopyObject, DeleteObject, GetObjectTagging, PutObjectTagging)
• Lambda: dispatched directly to the local Lambda invoker

REST-JSON output now uses PascalCase to match the query and REST-XML dispatchers (1.3.30, contributed by @jayjanssen), so ResultSelector: $.Records works on aws-sdk:rdsdata:executeStatement results.

CloudFormation

New provisioners since 1.2.0:

• AWS::Events::EventBus (1.2.21, contributed by @AdigaAkhil)
• AWS::Pipes::Pipe (1.3.2, contributed by @davidtme), with FilterPolicy and FilterPolicyScope on AWS::SNS::Subscription
• AWS::Scheduler::Schedule, AWS::Scheduler::ScheduleGroup (1.2.19)
• AWS::CodeBuild::Project (1.2.19, contributed by @AdigaAkhil)
• AWS::EKS::Cluster, AWS::EKS::Nodegroup (1.2.20)
• AWS::CloudFront::KeyValueStore (1.3.26), with the engine now routing previously-provisioned resources through a per-type update handler when one is defined

Infrastructure

Hypercorn ASGI with HTTP/2 h2c (1.3.1). Replaces uvicorn. AWS Java SDK v2 and the Kinesis Client Library work out of the box. Idle RAM dropped from about 21 MB to about 7 MB. Contributed by @AdigaAkhil.

Lazy service imports (1.2.19). Service modules load on first request. Idle RAM dropped from 59 MB to 21 MB before the hypercorn cut, startup time from 1.2 s to 0.5 s. Services you never call cost zero memory.

Per-PR preview Docker images (1.3.2). Every PR (including forks) publishes ministackorg/ministack-preview-build:pr-N-<shortsha>. Reviewers can docker pull the exact build before merge. Contributed by @jgrumboe.

Multi-tenancy correctness

1.3.3 closed eight cross-account leaks where services stored per-tenant data in plain dict or list (CloudWatch metrics and alarm history, ElastiCache events, EventBridge buses, Athena workgroups and data catalogs, SES sent emails, API Gateway v1 stages, deployments, authorizers, and tags). All of them now route through AccountScopedDict, with isolation tests in tests/test_multitenancy.py.

Wire-format fixes worth knowing

• All timestamps in JSON responses are int epoch seconds. The Java SDK v2 rejects floats. STS Credentials.Expiration, EventBridge Time, EKS createdAt, Backup, Firehose, CloudTrail timestamps were converted across 1.3.x.
• KMS Verify raises KMSInvalidSignatureException on bad signatures instead of returning SignatureValid: false.
• KMS crypto operations return the full key ARN as KeyId, not the bare UUID.
• DynamoDB ConditionalCheckFailedException populates Item when ReturnValuesOnConditionCheckFailure="ALL_OLD" is set, on Put/Update/Delete/TransactWriteItems.
• EC2 VPCs include cidrBlockAssociationSet (Terraform AWS provider v6 crashes without it).
• SQS FIFO DeduplicationScope: messageGroup actually scopes per message group.
• SQS ReceiveMessage honours MessageSystemAttributeNames. AWS SDK v2 was the only thing reading it (1.3.29, contributed by @joaomena).

Get it

docker run --rm -p 4566:4566 ministackorg/ministack:1.3.30

Or pip:

pip install ministack
ministack

GitHub: https://github.com/ministackorg/ministack
Docs: https://ministack.org/docs/
LinkedIn: https://www.linkedin.com/company/ministackorg/
Reddit: https://www.reddit.com/r/ministack/

If something you need is missing or wrong, open an issue. Most of what is listed above started as one.