Release v0.14.0 · faiscadev/fakecloud

What's Changed

refactor: drop optional/required_param wrappers, call core helpers directly by @vieiralucas in #857
refactor: standardize state collections on BTreeMap (ecr, elbv2) by @vieiralucas in #855
refactor: convert cognito/elasticache/ses/eventbridge state to BTreeMap by @vieiralucas in #865
refactor: convert iam/kms/sqs state to BTreeMap by @vieiralucas in #866
refactor: convert apigw/apigwv2/ssm/dynamodb/bedrock/cloudformation state to BTreeMap by @vieiralucas in #867
refactor: extract test modules from large service files (Phase I) by @vieiralucas in #868
refactor: extract test modules from Phase J files (12 services) by @vieiralucas in #869
refactor(elasticache): extract free helpers to submodule (Phase I) by @vieiralucas in #870
refactor(route53): extract helpers + VPC handlers below impl block (Phase J) by @vieiralucas in #871
refactor: extract free helpers from 16 service files (Phase I/J) by @vieiralucas in #872
refactor: demote pub mod state/service across 32 crates (Phase K) by @vieiralucas in #873
refactor: finish ARN format! sweep (34 sites -> 0) by @vieiralucas in #874
refactor(sns): split service.rs (3152 -> 1564 lines) by @vieiralucas in #875
refactor(kms): split service.rs (3008 -> 1310 lines) by @vieiralucas in #876
refactor(eventbridge): split service.rs (3440 -> 1665 lines) by @vieiralucas in #877
refactor(apigateway): split service.rs (3413 -> 324 lines) by @vieiralucas in #878
refactor(ecs): split service.rs (3291 -> 296 lines) by @vieiralucas in #879
refactor(bedrock): extract tests to sibling file (2908 -> 1676 lines) by @vieiralucas in #880
refactor(dynamodb): extract free helper fns from service/mod.rs (2931 -> 424 lines) by @vieiralucas in #881
refactor(lambda): split service.rs (2935 -> 1616 lines) by @vieiralucas in #882
refactor(iam): extract evaluator tests (2895 -> 1019 lines) by @vieiralucas in #883
feat(ecs): implement Daemon + ExpressGatewayService 2026 ops by @vieiralucas in #884
feat(cloudfront): implement DistributionTenant + ConnectionFunction ops by @vieiralucas in #885
feat(conformance): @examples deep-diff strategy by @vieiralucas in #886
feat(conformance): Create->Get round-trip echo strategy by @vieiralucas in #887
feat(conformance): identifier-form fanout strategy by @vieiralucas in #888
feat(conformance): split 4xx by AWS error shape match by @vieiralucas in #889
feat(s3): close response field gaps surfaced by parity audit by @vieiralucas in #891
feat(lambda): emit full FunctionConfiguration response shape by @vieiralucas in #892
feat(lambda): real AccountUsage + full ESM + Versions + Code.Location by @vieiralucas in #893
refactor(iam): delete fabricated operations not in real AWS by @vieiralucas in #890
feat(dynamodb): emit ConsumedCapacity + ItemCollectionMetrics on data-plane ops by @vieiralucas in #894
feat(rds): add fields and dynamic values to db_instance_xml by @vieiralucas in #895
feat(elasticache): persist + render encryption/log/cluster fields on ReplicationGroup by @vieiralucas in #896
feat(kinesis): emit EnhancedMonitoring + StreamModeDetails + KeyId on DescribeStream and real StreamSummaries by @vieiralucas in #897
feat(ecs,ecr): emit always-present response fields on Task/Service/Image by @vieiralucas in #898
feat(dynamodb): accept table ARN (and sub-resource ARNs) anywhere TableName is read by @vieiralucas in #899
feat(sqs): accept queue ARN in QueueUrl fields by @vieiralucas in #900
feat(kms): accept alias/* in EnableKeyRotation/DisableKeyRotation/GetKeyRotationStatus by @vieiralucas in #901
feat(lambda): UpdateFunctionCode actually replaces code/image and recomputes hashes by @vieiralucas in #902
fix(lambda): normalize AddPermission action prefix and unify tag store by @vieiralucas in #904
feat(s3): enforce PublicAccessBlock on PutBucketPolicy and PutBucket/Object ACL by @vieiralucas in #907
feat(lambda): PublishVersion snapshots config + monotonic numbering by @vieiralucas in #903
fix(s3): DeleteObjects batch honors COMPLIANCE retention and legal hold by @vieiralucas in #909
feat(s3): fire ObjectCreated:CompleteMultipartUpload event and emit checksum by @vieiralucas in #910
fix(s3): update_object_encryption actually re-encrypts on algorithm flip by @vieiralucas in #911
feat(lambda): enforce reserved concurrency and resolve alias routing by @vieiralucas in #905
feat(iam): enforce sts:ExternalId on AssumeRole trust policy by @vieiralucas in #913
feat(logs): enforce retention on GetLogEvents and FilterLogEvents by @vieiralucas in #916
feat(s3): enforce BucketOwnerEnforced on ACL writes by @vieiralucas in #908
feat(organizations): CreateAccount lifecycle + CloseAccount + RemoveAccountFromOrganization by @vieiralucas in #918
feat(lambda): UpdateFunctionConfiguration accepts advanced fields and EphemeralStorage applies as tmpfs by @vieiralucas in #906
feat(iam): real Simulate{Custom,Principal}Policy via the IAM evaluator by @vieiralucas in #920
feat(elbv2): enforce deletion_protection.enabled on DeleteLoadBalancer by @vieiralucas in #923
feat(secretsmanager): enforce resource policy on cross-account GetSecretValue by @vieiralucas in #922
feat(acm): real X.509 self-signed PEM via rcgen on RequestCertificate by @vieiralucas in #924
feat(route53): admin-controllable health check status + last-failure reason by @vieiralucas in #925
feat(s3): validate KMS key id on PutBucketEncryption and use real JSON parse for IsPublic by @vieiralucas in #912
feat(ssm): enforce parameter Expiration policy on read by @vieiralucas in #927
feat(cloudformation): real Fn::GetAtt resolution per resource type by @vieiralucas in #926
feat(dynamodb): DescribeEndpoints + DescribeLimits become region-aware by @vieiralucas in #929
feat(eventbridge): add suffix / equals-ignore-case / cidr / wildcard / $or filter operators by @vieiralucas in #930
feat(scheduler): evaluate cron against ScheduleExpressionTimezone by @vieiralucas in #928
fix(kinesis): emit 56-digit sequence numbers like real AWS by @vieiralucas in #931
feat(cloudfront): Distribution Status transitions InProgress -> Deployed by @vieiralucas in #932
fix(ecr): GetLifecyclePolicy returns the actual lastEvaluatedAt by @vieiralucas in #933
fix(iam): ChangePassword validates and stores password by @vieiralucas in #915
feat(ssm): SendCommand goes through Pending -> InProgress -> Success by @vieiralucas in #921
feat(sqs): emit MD5OfMessageSystemAttributes on SendMessage by @vieiralucas in #934
feat(bedrock): dynamic token counts + BEDROCK_ECHO mode by @vieiralucas in #935
feat(elasticache): RebootCacheCluster restarts the engine container by @vieiralucas in #937
feat(stepfunctions): ASL intrinsic functions (States.*) by @vieiralucas in #938
feat(appas): RegisterScalableTarget emits ScalingActivity rows by @vieiralucas in #939
feat(iam): expand global condition keys (MFA, VPC, federation, CalledVia) by @vieiralucas in #941
feat(rds): DescribeEvents serves real events from in-memory ring by @vieiralucas in #942
feat(cloudformation): Fn::Base64 / Split / Select / Length / ToJsonString / Cidr by @vieiralucas in #944
feat(sns): EffectiveDeliveryPolicy merges user policy over default by @vieiralucas in #943
feat(acm): ExportCertificate encrypts private key with Passphrase by @vieiralucas in #936
feat(route53): GetChange transitions PENDING -> INSYNC after a few reads by @vieiralucas in #940
feat(kms): real RSA Sign/Verify/GetPublicKey for RSA_2048/3072/4096 by @vieiralucas in #917
feat(ses): honor account/config-set sending pause flags by @vieiralucas in #946
feat(cloudformation): substitute AWS::* pseudo-parameters by @vieiralucas in #948
feat(route53): TestDNSAnswer honors RRset routing policy + health by @vieiralucas in #947
feat(cloudformation): provision AWS::Lambda::Function by @vieiralucas in #951
feat(ssm): admin endpoint to override SendCommand status by @vieiralucas in #954
feat(acm): auto-flip RequestCertificate to ISSUED after a few reads by @vieiralucas in #952
feat(cloudformation): parse Outputs + ImportValue + ListExports by @vieiralucas in #955
feat(organizations): implement handshake invitation flow by @vieiralucas in #956
feat(ses): render Content.Template at SendEmail/SendBulkEmail by @vieiralucas in #961
feat(scheduler): wire Kinesis as a universal target by @vieiralucas in #963
feat(cloudformation): support Conditions + Fn::If/Equals/And/Or/Not by @vieiralucas in #949
feat(organizations): trusted services + delegated administrators by @vieiralucas in #957
test(bedrock): serialize BEDROCK_ECHO env mutation with embed test by @vieiralucas in #964
feat(ses): gate sends on verified sender identity by @vieiralucas in #945
feat(eventbridge): round-trip full target config on PutTargets by @vieiralucas in #967
feat(ecr): trigger image scan on PutImage when scan_on_push is enabled by @vieiralucas in #965
test(ses): seed verified identity in template-render test by @vieiralucas in #969
feat(organizations): EnableAllFeatures + policy-type management by @vieiralucas in #959
feat(ses): MailFromDomain MX/TXT records + status lifecycle by @vieiralucas in #966
feat(organizations): tagging + nav + effective/resource policy by @vieiralucas in #958
feat(cloudformation): support Mappings + Fn::FindInMap by @vieiralucas in #950
feat(iam): F4 polish - ResyncMFADevice EnableDate, Get/SetSecurityTokenServicePreferences by @vieiralucas in #953
feat(lambda): UpdateFunctionCode enforces CodeSigningConfig + stable RevisionId by @vieiralucas in #970
feat(lambda): GetFunction(Qualifier) returns version snapshot by @vieiralucas in #971
feat(ses): DKIM-sign outbound emails with per-identity RSA keys by @vieiralucas in #962
feat(lambda): Invoke runs from numbered version snapshot by @vieiralucas in #972
fix(sqs): cross-service FIFO delivery assigns sequence_number + surfaces invalid-param by @vieiralucas in #977
feat(cognito): real RSA-2048 RS256 JWT signing per pool by @vieiralucas in #968
feat(sns): POST SubscriptionConfirmation to HTTP/HTTPS endpoints by @vieiralucas in #976
feat(organizations): accept all five policy types by @vieiralucas in #960
feat(sns): track SubscriptionsDeleted per topic by @vieiralucas in #973
feat(kinesis): GetShardIterator supports AT_TIMESTAMP by @vieiralucas in #978
feat(sqs): enforce queue access policies via ResourcePolicyProvider by @vieiralucas in #980
feat(s3): add CRC32C and CRC64NVME checksum algorithms by @vieiralucas in #982
feat(eventbridge): enforce event bus policies via ResourcePolicyProvider by @vieiralucas in #981
feat(dynamodb): reject ConsistentRead on GSI + omit Items under Select=COUNT by @vieiralucas in #983
fix(s3): emit x-amz-transition-default-minimum-object-size on lifecycle GET by @sveitser in #975
fix(iam): include AWS managed policies in ListAttachedRolePolicies by @sveitser in #974
feat(cognito): expose pool JWKS + OIDC discovery endpoints by @vieiralucas in #979
feat(cognito): /oauth2/token endpoint (Y3) by @vieiralucas in #985
feat(kms): bind EncryptionContext into ciphertext AAD (G6) by @vieiralucas in #986
feat(ses): legacy v1 verified-email aliases (X9) by @vieiralucas in #987
feat(elbv2): validate Listener Protocol and Port (Q4) by @vieiralucas in #988
feat(ecr): registry-level scan-on-push fallback (GG6) by @vieiralucas in #989
feat(dynamodb): Scan honors IndexName + GSI/LSI projection (L5) by @vieiralucas in #992
feat(rds): RestoreDBInstanceFromDBSnapshot carries Tags (M11) by @vieiralucas in #993
feat(cognito): /oauth2/userInfo + /oauth2/revoke (Y5) by @vieiralucas in #994
feat(apigateway): GetExport derives OpenAPI from state (GG10) by @vieiralucas in #991
fix(dynamodb): GetResourcePolicy 404 PolicyNotFoundException (L6) by @vieiralucas in #990
feat(cognito): RefreshTokenRotation rotates refresh on grant (Y7) by @vieiralucas in #995
fix(rds): persist DB instance after bg container start (#914) by @vieiralucas in #997
feat(firehose): new fakecloud-firehose crate with S3 destination delivery (AA1) by @vieiralucas in #996
feat(glue): new fakecloud-glue Data Catalog crate (AA2) by @vieiralucas in #998
feat(cloudformation): provision AWS::SecretsManager::Secret (BB13) by @vieiralucas in #1000
feat(cloudwatch): new fakecloud-cloudwatch metrics + alarms crate (AA3) by @vieiralucas in #999
feat(cloudformation): provision AWS::Kinesis::Stream (BB23) by @vieiralucas in #1001
feat(cloudformation): provision AWS::KMS::Key + AWS::KMS::Alias (BB14) by @vieiralucas in #1002
feat(cloudformation): provision AWS::ECR::Repository (BB12) by @vieiralucas in #1003
feat(cloudformation): provision AWS::CloudWatch::Alarm (BB18) by @vieiralucas in #1004
feat(cloudformation): provision AWS::Kinesis::StreamConsumer (BB23 followup) by @vieiralucas in #1005
feat(cloudformation): provision Logs LogStream + MetricFilter + SubscriptionFilter (BB29) by @vieiralucas in #1006
feat(cloudformation): provision Events Connection + ApiDestination + Archive (BB28) by @vieiralucas in #1007
feat(cloudformation): provision IAM User/Group/ManagedPolicy/AccessKey/InstanceProfile (BB30) by @vieiralucas in #1008
feat(cloudformation): provision ELBv2 LB + TargetGroup + Listener + ListenerRule (BB17) by @vieiralucas in #1009
feat(cloudformation): provision Organizations Org + OU + Policy + ResourcePolicy (BB31) by @vieiralucas in #1010
feat(cloudformation): provision Cognito UserPool + UserPoolClient + UserPoolDomain (BB15) by @vieiralucas in #1011
feat(cloudformation): provision Lambda Permission/EventSourceMapping/LayerVersion/Url/Alias/Version (BB8) by @vieiralucas in #1012
feat(cloudformation): provision RDS metadata resource types (BB16) by @vieiralucas in #1013
feat(cloudformation): provision ECS Cluster + TaskDefinition + Service + CapacityProvider (BB11) by @vieiralucas in #1014
feat(cloudformation): provision ACM Certificate (BB22) by @vieiralucas in #1015
feat(cloudformation): provision ElastiCache metadata resource types (BB24) by @vieiralucas in #1016
feat(cfn): provision Route53 HostedZone, RecordSet, HealthCheck by @vieiralucas in #1017
feat(cfn): provision CloudFront metadata resources (8 types) by @vieiralucas in #1018
feat(cfn): provision Step Functions StateMachine + Activity + Version + Alias by @vieiralucas in #1019
feat(cfn): provision Logs Destination + ResourcePolicy + Delivery* + QueryDefinition by @vieiralucas in #1020
feat(cfn): provision WAFv2 WebACL + IPSet + RegexPatternSet + RuleGroup + LoggingConfiguration + WebACLAssociation by @vieiralucas in #1021
feat(cfn): provision EventBridge EventBus + EventBusPolicy + Endpoint by @vieiralucas in #1022
feat(cfn): provision IAM OIDCProvider + SAMLProvider + ServiceLinkedRole + VirtualMFADevice by @vieiralucas in #1023
feat(cloudwatch): add Dashboard CRUD ops + CFN provisioner by @vieiralucas in #1024
feat(cloudformation): provision AWS::ApiGateway::* resource types by @vieiralucas in #1025
feat(cloudformation): provision AWS::ApiGatewayV2::* resource types by @vieiralucas in #1026
feat(cloudformation): provision AWS::SES::* resource types by @vieiralucas in #1027
feat(cloudformation): provision AWS::SecretsManager::* extras by @vieiralucas in #1028
feat(cloudformation): provision AWS::RDS::DBInstance and DBCluster by @vieiralucas in #1029
feat(cloudformation): provision AWS::ElastiCache::CacheCluster and ReplicationGroup by @vieiralucas in #1030
feat(cloudformation): make ExecuteChangeSet apply real resource updates by @vieiralucas in #1031
fix(cloudformation): make CreateChangeSet/ExecuteChangeSet tolerate skeleton requests by @vieiralucas in #1032
feat(cloudformation): provision AWS::CertificateManager::Account by @vieiralucas in #1033
feat(cloudformation): provision AWS::Organizations::Account by @vieiralucas in #1034
feat(cloudformation): provision ECR policies + replication + pull-through cache by @vieiralucas in #1035
feat(cloudformation): provision ELBv2 ListenerCertificate and TrustStore by @vieiralucas in #1036
feat(cloudformation): provision Route53 DNSSEC and KeySigningKey by @vieiralucas in #1037
feat(cloudformation): provision AWS::KMS::ReplicaKey by @vieiralucas in #1038
feat(cloudformation): provision AWS::CloudFront::Distribution by @vieiralucas in #1039
refactor(lambda, iam): delete fabricated CapacityProvider, DurableExecution, and IAM mutating-action stubs by @vieiralucas in #1040
fix(s3): emit quoted ETag and ChecksumType in GetObjectAttributes by @vieiralucas in #1041
fix(dynamodb): emit real ItemCollectionMetrics on LSI tables by @vieiralucas in #1042
fix(lambda): emit StateReason and LastUpdateStatusReason fields by @vieiralucas in #1043
fix(lambda): round-trip advanced EventSourceMapping fields by @vieiralucas in #1044
fix(elasticache): emit parameter group, security groups, log delivery, and encryption flags on cache clusters by @vieiralucas in #1045
fix(ecs): emit capacityProviderName on Task by @vieiralucas in #1046
fix(rds): emit extended fields on DBSnapshot by @vieiralucas in #1047
feat(sns): retry HTTP delivery and route to RedrivePolicy DLQ by @vieiralucas in #1048
refactor(sns): unify cross-service publish path with direct fan-out by @vieiralucas in #1049
refactor(eventbridge): unify cross-service target dispatch by @vieiralucas in #1050
feat(logs): write CreateExportTask + CreateDelivery output to real S3 by @vieiralucas in #1051
feat(ecr): execute replication rules on PutImage by @vieiralucas in #1052
feat(ecr): enforce repository policy on cross-account image ops by @vieiralucas in #1053
feat(logs): route subscription filter destinations to Firehose by @vieiralucas in #1054
feat(logs): enforce retention on Logs Insights query results by @vieiralucas in #1055
feat(iam): enforce trust policy on AssumeRole via IAM evaluator by @vieiralucas in #1056
feat(iam): real DecodeAuthorizationMessage round-trip by @vieiralucas in #1057
feat(kms): real HMAC for GenerateMac/VerifyMac by @vieiralucas in #1058
feat(kms): enforce key_state on every crypto op by @vieiralucas in #1059
feat(kms): real RSA-OAEP unwrap on ImportKeyMaterial by @vieiralucas in #1060
feat(eventbridge): gate cross-account PutEvents through bus policy by @vieiralucas in #1061
feat(kinesis): honor StreamModeDetails on CreateStream + retention prune on read by @vieiralucas in #1062
feat(dynamodb): DynamoDB Streams data plane (L1) by @vieiralucas in #1063
feat(dynamodb): atomic TransactWriteItems + stream/kinesis emit (L2) by @vieiralucas in #1064
feat(dynamodb): atomic ExecuteTransaction + stream/kinesis emit (L3) by @vieiralucas in #1065
feat(dynamodb): PartiQL multi-account + comparators + key validation (L4) by @vieiralucas in #1066
feat(dynamodb): Query/Scan Limit-before-Filter + parallel Scan (L5) by @vieiralucas in #1067
feat(dynamodb): preserve GSI/LSI/tags/TTL/SSE/Stream across backup; reject ConsistentRead on GSI Scan (L6) by @vieiralucas in #1068
feat(kms): real RSA/ECC GenerateDataKeyPair returning parseable PKCS#8 + SPKI (G4) by @vieiralucas in #1069
test(kms): EncryptionContext round-trip + AAD-mismatch coverage (G6) by @vieiralucas in #1070
feat(scheduler): FlexibleTimeWindow + RetryPolicy budget before DLQ (K11) by @vieiralucas in #1071
feat(scheduler): universal targets for SES SendEmail + ECS RunTask + Kinesis (K12) by @vieiralucas in #1072
feat(lambda): Kinesis poller honors ReportBatchItemFailures (K14) by @vieiralucas in #1073
feat(rds): ModifyDBInstance accepts all mutable fields (M1) by @vieiralucas in #1074
feat(rds): ModifyDB[Cluster]ParameterGroup parses + DescribeDB[Cluster]Parameters reads (M2) by @vieiralucas in #1075
feat(rds): tag operations multiplex across resource types (M4) by @vieiralucas in #1076
feat(rds): real PromoteReadReplica + SwitchoverReadReplica (M5) by @vieiralucas in #1077
feat(rds): real cluster lifecycle ops (M6) by @vieiralucas in #1078
feat(rds): real PIT + cluster snapshot/PIT restore (M7) by @vieiralucas in #1079
feat(rds): real RestoreDBInstanceFromS3 (M8) by @vieiralucas in #1080
feat(rds): real BlueGreenDeployment lifecycle (M9) by @vieiralucas in #1081
feat(acm): real X.509 PEM via rcgen (V1) by @vieiralucas in #1082
feat(elbv2): enforce deletion_protection on DeleteLoadBalancer (Q1) by @vieiralucas in #1083
feat(rds): real DescribeDBLogFiles + DownloadDBLogFilePortion (M10) by @vieiralucas in #1084
feat(elasticache): CreateReplicationGroup accepts all fields (N1) by @vieiralucas in #1085
feat(route53): admin endpoint for health-check status (U1) by @vieiralucas in #1086
feat(rds): real Modify ops + ApplyPendingMaintenance + snapshot copy + tags (M11) by @vieiralucas in #1087
feat(ecs): real multi-container task launch (O1) by @vieiralucas in #1088
feat(cloudfront): real JS execution in TestFunction + TestConnectionFunction (T1) by @vieiralucas in #1089
feat(cognito): real RSA-2048 RS256 JWT signing (Y1) by @vieiralucas in #1090
feat(ses): enforce verified-identity gate on SendEmail v1+v2 (X1) by @vieiralucas in #1091
feat(wafv2): statement evaluation engine + action resolution (W1) by @vieiralucas in #1092
feat(logs): metric filters extract metrics on PutLogEvents (Z1) by @vieiralucas in #1094
feat(elasticache): CreateCacheCluster accepts all fields (N2) by @vieiralucas in #1095
feat(ecr): real replication rule execution + status tracking (P1) by @vieiralucas in #1093
feat(acm): auto-issue + admin endpoint for certificate status (V2) by @vieiralucas in #1096
feat(lambda): UpdateFunctionCode actually replaces code (D1) by @vieiralucas in #1097
feat(ecr): enforce repository policy on cross-account ops (P2) by @vieiralucas in #1098
feat(cloudfront): distribution status transitions + admin endpoint (T2) by @vieiralucas in #1099
feat(cognito): JWKS + OIDC discovery endpoints (Y2) by @vieiralucas in #1100
feat(iam): enforce trust policy on AssumeRole (F1) by @vieiralucas in #1101
feat(lambda): PublishVersion snapshots code+config (D2) by @vieiralucas in #1102
feat(apigatewayv2): WebSocket support + @connections data plane (S1) by @vieiralucas in #1103
feat(ecr): auto-trigger image scan on PutImage when configured (P3) by @vieiralucas in #1104
feat(iam): real SimulateCustomPolicy + SimulatePrincipalPolicy (F2) by @vieiralucas in #1105
feat(logs): CreateExportTask + CreateDelivery write to real S3 (Z2) by @vieiralucas in #1106
feat(route53): TestDNSAnswer evaluates routing policies + alias targets (U2) by @vieiralucas in #1107
feat(elasticache): ModifyReplicationGroup accepts auth/encryption/log/multi-AZ fields (N3) by @vieiralucas in #1108
feat(ecs): translate portMappings to docker --publish flags (O2) by @vieiralucas in #1109
feat(ses): account + config-set sending pause + suppression enforcement (X2) by @vieiralucas in #1110
feat(cloudformation): Fn::GetAtt resolves provisioner-specific attributes (BB1) by @vieiralucas in #1111
feat(lambda): AddPermission action prefix + tag store unified (D3) by @vieiralucas in #1112
feat(elbv2): WAFv2 evaluation in ALB dataplane (Q2) by @vieiralucas in #1113
feat(apigateway): authorizer enforcement before integration (R1) by @vieiralucas in #1114
fix(elbv2): allow too_many_arguments on evaluate_waf_outcome by @vieiralucas in #1115
feat(lambda): D4 reserved concurrency Reason + alias weight tests by @vieiralucas in #1116
feat(apigateway): enforce usage plan throttle + quota at data plane by @vieiralucas in #1117
feat(cloudformation): exports registry + ImportValue validation + DeleteStack guard (BB2) by @vieiralucas in #1118
feat(ecr): periodic lifecycle policy re-evaluation ticker (P4) by @vieiralucas in #1119
feat(apigatewayv2): @connections management API + connection metadata (S2) by @vieiralucas in #1120
feat(iam): wire MFA + federated provider + token issue time on STS sessions (F3) by @vieiralucas in #1121
feat(lambda): D5 ephemeral storage validation, SnapStart auto-On, tmpfs exec by @vieiralucas in #1122
feat(cloudfront): wall-clock timeout + ComputeUtilization for TestFunction (T1) by @vieiralucas in #1124
fix(tests): align e2e + conformance with shipped contract changes by @vieiralucas in #1129
feat(ecr): UpdateImageStorageClass + ListImageReferrers + in-use tracking (P5) by @vieiralucas in #1125
feat(acm): ExportCertificate emits PKCS#8 v2 encrypted PEM (V3) by @vieiralucas in #1126
fix(sdks/python): ruff format + verify SES sender in test by @vieiralucas in #1130
feat(cloudformation): memoized Conditions + AWS::NoValue (BB3) by @vieiralucas in #1123
feat(elbv2): emit ALB access + connection logs to S3 by @vieiralucas in #1127
fix: address Cubic findings from #1123/#1125/#1126/#1129/#1130 by @vieiralucas in #1131
feat(cognito): real RSA-2048 RS256 JWT signing per user pool (Y1) by @vieiralucas in #1133
fix(lambda): UpdateFunctionCode replaces code + recomputes hash/size (D1) by @vieiralucas in #1132
fix(elbv2): listener validation + WAF ARN + ipv6 SNAT bool (Q4) by @vieiralucas in #1134
docs(cloudfront): document boa-backed TestFunction + TestConnectionFunction (T1) by @vieiralucas in #1135
feat(iam): trust policy enforcement on AssumeRole/SAML/WebIdentity (F1) by @vieiralucas in #1137
feat(lambda): real PublishVersion snapshots + ListVersionsByFunction (D2) by @vieiralucas in #1136
feat(scheduler): FlexibleTimeWindow + RetryPolicy + tz support (K11) by @vieiralucas in #1138
test(dynamodb-streams): e2e coverage for ListStreams/DescribeStream/Get* + Lambda ESM (L1) by @vieiralucas in #1140
feat(rds): ModifyDBInstance accepts all mutable fields + PendingModifiedValues (M1) by @vieiralucas in #1139
feat(wafv2): real statement evaluator + action enforcement (W1) by @vieiralucas in #1141
feat(cognito): JWKS + OIDC discovery endpoints (Y2) by @vieiralucas in #1144
fix(lambda): AddPermission action prefix + tag store unification + UntagResource (D3) by @vieiralucas in #1142
feat(ses): verified-identity gate on SendCustomVerificationEmail (X1) by @vieiralucas in #1143
feat(cloudformation): Mappings + Fn::FindInMap (BB4) by @vieiralucas in #1145
feat(dynamodb): atomic TransactWriteItems + stream emission (L2) by @vieiralucas in #1147
feat(elasticache): CreateReplicationGroup accepts all fields (N1) by @vieiralucas in #1146
feat(ecs): multi-container task launch + per-container lifecycle (O1) by @vieiralucas in #1148
feat(apigateway): authorizer enforcement (TOKEN/REQUEST/COGNITO_USER_POOLS) (R1) by @vieiralucas in #1149
feat(rds): ModifyDBParameterGroup + DescribeDB(Cluster)Parameters real (M2) by @vieiralucas in #1153
feat(iam): real SimulateCustomPolicy + SimulatePrincipalPolicy (F2) by @vieiralucas in #1152
feat(cloudformation): Fn::Select/Split/Base64/Cidr/Length/ToJsonString/ForEach (BB5) by @vieiralucas in #1150
feat(organizations): CreateAccount + CloseAccount + lifecycle ops (H1) by @vieiralucas in #1151
feat(ssm): SendCommand async Pending -> InProgress -> Success (I1) by @vieiralucas in #1154
feat(organizations): handshake invitation flow + accept/decline/cancel (H2) by @vieiralucas in #1156
feat(cloudformation): pseudo-parameters AWS::Region/Partition/URLSuffix/NoValue/NotificationARNs (BB6) by @vieiralucas in #1155
feat(ssm): parameter policies (I2) by @vieiralucas in #1157
feat(rds): real DescribeEvents from emit_event buffer (M3) by @vieiralucas in #1158
feat(rds): tagging multiplexed across all resource types (M4) by @vieiralucas in #1159
feat(organizations): trusted services + delegated administrator (H3) by @vieiralucas in #1161
feat(route53): controllable HealthCheck status + admin endpoint (U1) by @vieiralucas in #1160
feat(acm): cert auto-issue lifecycle PENDING_VALIDATION -> ISSUED (V2) by @vieiralucas in #1162
feat(wafv2): inspection wired into ELBv2 + API Gateway v1+v2 dataplanes (W2) by @vieiralucas in #1163
feat(ses): verified-identity gate on send (v1 + v2) (X1) by @vieiralucas in #1164
feat(cloudfront): TestFunction stage selection + E2E coverage (T1) by @vieiralucas in #1165
feat(cloudformation): AWS::Lambda::Function provisioner (BB7) by @vieiralucas in #1167
feat(elasticache): CreateCacheCluster accepts all input fields (N2) by @vieiralucas in #1169
feat(rds): real PromoteReadReplica + SwitchoverReadReplica (M5) by @vieiralucas in #1168
feat(ecr): repository policy enforcement on cross-account image/layer ops (P2) by @vieiralucas in #1175
feat(organizations): tagging + nav + EffectivePolicy + ResourcePolicy (H4) by @vieiralucas in #1179
test(kms): prove RSA Sign verifies outside fakecloud (G1) by @vieiralucas in #1176
feat(route53): GetChange transition + DNSSEC RRSIG + query log delivery (U3) by @vieiralucas in #1173
feat(apigateway): API key requirement + usage plan throttle/quota (R2) by @vieiralucas in #1174
feat(dynamodb): atomic ExecuteTransaction with snapshot/revert + stream emission (L3) by @vieiralucas in #1172
feat(cloudformation): AWS::Lambda::{Permission,EventSourceMapping,LayerVersion,Url,Alias,Version} (BB8) by @vieiralucas in #1177
feat(elasticache): ModifyReplicationGroup accepts all rotation/encryption/log/multi-AZ fields (N3) by @vieiralucas in #1180
feat(iam): tighten ChangePassword + AccessDenied encoded msg + GCI auth (F4 follow-up) by @vieiralucas in #1171
feat(sns): HTTP/HTTPS SubscriptionConfirmation POST + ConfirmSubscription (K3) by @vieiralucas in #1183
feat(sqs): SSE-SQS managed encryption + MD5OfMessageSystemAttributes + Lambda poller visibility (K2) by @vieiralucas in #1182
feat(ssm): honest 501 on StartSession + admin session inject endpoint (I3) by @vieiralucas in #1170
feat(sns): unify direct + cross-service publish (filter policy + HTTP + FIFO) (K5) by @vieiralucas in #1184
fix(e2e): debounce sns_http_confirm test against loaded-runner flake by @vieiralucas in #1185
feat(cloudformation): AWS::ApiGateway::* provisioners (BB9) by @vieiralucas in #1181
feat(ses): account + config-set sending pause + suppression enforcement (X2) by @vieiralucas in #1166
feat(cognito): /oauth2/token with all 3 grants (Y3) by @vieiralucas in #1189
feat(rds): real Failover/Reboot/Start/Stop/Backtrack/ModifyDBCluster (M6) by @vieiralucas in #1188
feat(dynamodb): PartiQL real comparators + schema validation + stream emit (L4) by @vieiralucas in #1187
feat(sns): compute EffectiveDeliveryPolicy as merge of user policy over default (K6) by @vieiralucas in #1190
feat(cloudformation): AWS::ApiGatewayV2::* provisioners (BB10) by @vieiralucas in #1186
feat(cloudformation): AWS::ECS provisioners (BB11) by @vieiralucas in #1193
feat(cloudformation): AWS::ECR::* provisioners (BB12) by @vieiralucas in #1194
feat(logs): CreateExportTask + CreateDelivery write to real S3 (Z2) by @vieiralucas in #1191
feat(route53): TestDNSAnswer routing policies + cross-service alias resolution (U2) by @vieiralucas in #1192
feat(ses): real template rendering at SendEmail (v1 + v2) (X3) by @vieiralucas in #1195
feat(cloudformation): AWS::KMS::{Key,Alias,ReplicaKey} provisioners (BB14) by @vieiralucas in #1196
feat(cloudformation): AWS::SecretsManager::* provisioners (BB13) by @vieiralucas in #1197
feat(rds): real RestoreDBInstanceToPointInTime + RestoreDBClusterFromSnapshot (M7) by @vieiralucas in #1198
feat(ecs): real Docker HEALTHCHECK from container healthCheck definition (O4) by @vieiralucas in #1201
feat(ses): real DKIM signing on outgoing emails (X4) by @vieiralucas in #1202
feat(cloudformation): AWS::Cognito::* provisioners (BB15) by @vieiralucas in #1200
feat(application-autoscaling): DynamoDB capacity target-tracking + step scaling (EE1) by @vieiralucas in #1204
feat(ecs): real volume mounts (host bind + EFS stub + named) (O3) by @vieiralucas in #1199
feat(stepfunctions): generic aws-sdk:* integration via service registry (CC1) by @vieiralucas in #1203
feat(bedrock): echo mode + dynamic token counts (FF1) by @vieiralucas in #1205
feat(athena): minimal SQL parser + Glue catalog reads + S3 CSV result write (DD1) by @vieiralucas in #1207
feat(lambda): real eventstream chunks in InvokeWithResponseStream (GG1) by @vieiralucas in #1206
feat(eventbridge): full EventTarget field round-trip (K7) by @vieiralucas in #1210
feat(cloudformation): ELBv2 provisioner update + GetAtt (BB17) by @vieiralucas in #1209
feat(ecs): honor containerDefinitions.dependsOn ordering (O5) by @vieiralucas in #1211
feat(cloudfront): real Status InProgress -> Deployed for streaming distributions + ETag stability (T2) by @vieiralucas in #1212
feat(elasticache): real shard + replica count mutations (N4) by @vieiralucas in #1208
feat(cloudformation): CloudWatch Alarm + Dashboard UpdateStack support (BB18) by @vieiralucas in #1215
feat(cognito): /oauth2/authorize endpoint with code+token response types (Y4) by @vieiralucas in #1213
feat(stepfunctions): real .sync wait pattern (CC2) by @vieiralucas in #1214
feat(ecs): EnableExecuteCommand + propagateTags + ProtectFromScaleIn enforcement (O15) by @vieiralucas in #1216
feat(dynamodb): real PartiQL WHERE evaluator + INSERT validation + stream emission (L4) by @vieiralucas in #1217
feat(application-autoscaling): scheduled action executor + cross-service apply (EE4) by @vieiralucas in #1220
feat(cloudformation): real ExecuteChangeSet diff+apply (BB35) by @vieiralucas in #1218
feat(stepfunctions): waitForTaskToken pattern (CC3) by @vieiralucas in #1221
feat(application-autoscaling): ECS desiredCount scaling (EE2) by @vieiralucas in #1223
feat(apigatewayv2): WebSocket support (S1) by @vieiralucas in #1222
fix(acm): resolve conformance failures — protocol mapping + shape validation by @vieiralucas in #1224
feat(cognito-identity): full CRUD + credential issuance (Y6) by @vieiralucas in #1219
docs: parity matrix + limitations sections (HH1) by @vieiralucas in #1225
feat(cloudformation): ApplicationAutoScaling provisioner (BB25) by @vieiralucas in #1226
feat(cloudformation): WAFv2 GetAtt + tests (BB26) by @vieiralucas in #1227
feat(cloudformation): SES GetAtt + tests (BB27) by @vieiralucas in #1228
feat(cloudformation): Athena provisioner (BB32) by @vieiralucas in #1229
feat(cloudformation): Glue Database + Table + Partition provisioner (BB33) by @vieiralucas in #1230
feat(cloudformation): Firehose DeliveryStream provisioner (BB34) by @vieiralucas in #1231
feat(cloudformation): nested stacks + SAM transform + drift/events (BB38) by @vieiralucas in #1235
feat(stepfunctions): StartSyncExecution real execution (CC8) by @vieiralucas in #1236
fix(protocol): route bedrock-runtime credential scope to the bedrock handler by @moonming in #1237
feat(stepfunctions): CC10 Map distributed mode by @vieiralucas in #1239
feat(athena): DD3 named query resolution + ExecutionParameters substitution by @vieiralucas in #1241
feat(athena): DD2 ListDatabases + GetTableMetadata real Glue reads by @vieiralucas in #1240
feat(stepfunctions): CC9 Express logging delivery by @vieiralucas in #1238
feat(bedrock-agent): fakecloud-bedrock-agent crate with CRUD + conformance by @vieiralucas in #1242
feat(bedrock-agent-runtime): fakecloud-bedrock-agent-runtime crate by @vieiralucas in #1243
feat(s3): real SelectObjectContent with EventStream by @vieiralucas in #1244
feat(s3): real WriteGetObjectResponse stores body + metadata (GG3) by @vieiralucas in #1245
feat(elasticache): restore from snapshot with real RDB dump by @vieiralucas in #1246
feat(elasticache): ACL SETUSER, CONFIG SET, Memcached ConfigurationEndpoint by @vieiralucas in #1247
feat(apigateway): request validator + model validation in data plane by @vieiralucas in #1248
feat(apigateway): AWS direct service integration (R5) by @vieiralucas in #1250
feat(apigateway): VTL evaluator + MOCK/HTTP request+response templates by @vieiralucas in #1249
feat(apigateway): VPC_LINK integration (R6) by @vieiralucas in #1251
feat(apigateway): binary media types in data plane + UpdateRestApi patch by @vieiralucas in #1252
feat(apigateway): custom domain + base path mapping data plane (R8) by @vieiralucas in #1253
feat(apigatewayv2): JWT authorizer enforcement in HTTP data plane (S3) by @vieiralucas in #1254
feat(apigatewayv2): Lambda authorizer enforcement in HTTP data plane (S4) by @vieiralucas in #1255
feat(apigatewayv2): stage variables, custom domain routing, AWS service integrations by @vieiralucas in #1256
feat(apigatewayv2): access log delivery to CloudWatch Logs by @vieiralucas in #1257
feat(ses): X6 receipt-rule actions polish by @vieiralucas in #1258
feat(ecs): O6 - ulimits + linuxParameters + stopTimeout + user + tty + readonlyRootfs by @vieiralucas in #1259
feat(ses): X7 — event destinations for Kinesis, Firehose, and CloudWatch by @vieiralucas in #1260
feat(ses): X9 — SendBounce + deliverability simulator addresses by @vieiralucas in #1261
fix(kinesis): use opaque 56-digit decimal sequence numbers everywhere by @vieiralucas in #1262
feat(ecs): O12 - ECS_CONTAINER_METADATA_URI_V4 endpoint + env injection by @vieiralucas in #1263
O7: ECS awsvpc network mode with synthetic ENI attachments by @vieiralucas in #1264
feat(ecs): O8 - loadBalancers → ELBv2 RegisterTargets cross-service hook by @vieiralucas in #1265
feat(ecs): O11 - CreateService + RunTask accept volumeConfigurations by @vieiralucas in #1266
fix(wafv2): validate PutManagedRuleSetVersions and UpdateManagedRuleSetVersionExpiryDate inputs by @vieiralucas in #1267
fix(ecs): no-runtime service lifecycle + list_tasks default filter by @vieiralucas in #1268
fix(ecs): keep desired_status=RUNNING in no-runtime RunTask path by @vieiralucas in #1269
fix(e2e): skip ElastiCache tests when Docker unavailable by @vieiralucas in #1270
fix(ecs): keep desired_status=RUNNING in no-runtime service spawn paths by @vieiralucas in #1271
feat(ecs): CreateDaemon spawns tasks per capacity provider (O10) by @vieiralucas in #1272
feat(ecs): CODE_DEPLOY blue/green task sets (O16) by @vieiralucas in #1273
feat(ses): real GetMessageInsights delivery tracking data by @vieiralucas in #1274
feat(s3): S3 access points control plane + data plane routing (GG4) by @vieiralucas in #1275
feat(ecs): placement constraints and strategies by @vieiralucas in #1276
feat(ses): SMTP submission listener (X8) by @vieiralucas in #1277
feat(logs): real LiveTail/GetLogObject/GetLogFields (Z5) by @vieiralucas in #1278
feat(stepfunctions): nested startExecution[.sync] (CC5+CC6) by @vieiralucas in #1279
docs(parity): add Will-never-implement + Roadmap sections by @vieiralucas in #1280
fix(ssm): hard-fail SecureString PutParameter when KMS encrypt fails (S9) by @vieiralucas in #1282
feat(bedrock-agent-runtime): real eventstream framing for Invoke* (F6) by @vieiralucas in #1283
fix(iam): promote unrecognized-principal logs to warn (S1) by @vieiralucas in #1281
feat(logs): real GetLogRecord with pointer resolution (L7) by @vieiralucas in #1284
feat(logs): DescribeFieldIndexes returns parsed Fields (L3) by @vieiralucas in #1285
feat(glue): GetPartitions Expression filter pruning (X1) by @vieiralucas in #1286
feat(logs): FilterLogEvents array-pattern syntax (L8) by @vieiralucas in #1288
feat(glue): Job control plane CRUD + JobRun (X2) by @vieiralucas in #1287
feat(firehose): enforce BufferingHints range limits (R5) by @vieiralucas in #1289
feat(logs): anomaly state + injection admin endpoint (L1) by @vieiralucas in #1291
feat(logs): persist delivery configuration + standard templates (L2) by @vieiralucas in #1290
feat(sqs): cross-service injections honor SSE-SQS (S12) by @vieiralucas in #1292
feat(s3): GetObject enforces PublicAccessBlock.IgnorePublicAcls (R1) by @vieiralucas in #1294
feat(lambda): Invoke publishes AWS/Lambda CloudWatch metrics (R2) by @vieiralucas in #1295
feat(lambda): UpdateFunctionCode fetches real bytes from S3 (R4) by @vieiralucas in #1293
feat(ses): env-flagged outbound SMTP relay (D1) by @vieiralucas in #1296
feat(sns): email subscriptions deliver via SMTP relay (D2) by @vieiralucas in #1297
feat(cognito): CompromisedCredentialsRiskConfiguration BLOCK enforcement (S11) by @vieiralucas in #1298
feat(cognito): PreTokenGeneration trigger claim merge (Y8a) by @vieiralucas in #1299
feat(cognito): WebAuthn packed attestation parsing + verification (Y8b) by @vieiralucas in #1300
feat(introspection): PKI stub introspection endpoints (PKI-1) by @vieiralucas in #1301
feat(cognito): GetSigningCertificate returns real X.509 (PKI-2) by @vieiralucas in #1302
feat(kms): real ECDSA P-521 + drop fake-bytes Sign/Verify (PKI-3) by @vieiralucas in #1303
docs(apigateway): sync v1+v2 docs with shipped features (B3) by @vieiralucas in #1305
docs(kms): sync docs with shipped features (B8) by @vieiralucas in #1306
docs(lambda): sync docs with shipped features (B7) by @vieiralucas in #1307
docs(cloudformation): expand docs with shipped features (B9) by @vieiralucas in #1308
docs(s3): sync docs + SDK helpers (B6) by @vieiralucas in #1304
docs(elasticache+appas+orgs): sync docs + new pages (B12) by @vieiralucas in #1309
docs(bedrock-agent): new pages + SDK sub-clients (B11) by @vieiralucas in #1310
docs(logs): sync docs + SDK helpers (B5) by @vieiralucas in #1314
docs(ecs): sync docs + SDK helpers (B4) by @vieiralucas in #1313
docs(cognito): sync docs + SDK helpers (B2) by @vieiralucas in #1312
docs(analytics): stepfn + new athena/glue/firehose pages + SDK helpers (B10) by @vieiralucas in #1316
docs(ses): sync docs + SDK helpers with shipped features (B1) by @vieiralucas in #1311
docs(misc): sync 8 service pages + ACM chain-info helper (B13) by @vieiralucas in #1315
docs(introspection): full /_fakecloud/* endpoint reference (B14) by @vieiralucas in #1317
docs: swap parity matrix + refresh global service/op counts (B15) by @vieiralucas in #1318
docs(guides): refresh cross-service integration guide (B16) by @vieiralucas in #1319
feat(glue): introspection endpoints — jobs + job-runs (I6) by @vieiralucas in #1325
feat(logs): introspection endpoints — delivery config + field indexes (I9) by @vieiralucas in #1328
feat(cognito): introspection endpoint — pretokengen invocation log (I2) by @vieiralucas in #1321
feat(elasticache): introspection endpoint — ACLs (I8) by @vieiralucas in #1327
feat(ses): introspection endpoints — bounces, insights, smtp submissions, event-dest deliveries (I1) by @vieiralucas in #1320
feat(bedrock-agent): introspection endpoints — agents + invocations (I5) by @vieiralucas in #1324
feat(stepfunctions): introspection endpoints — sync executions + execution tree (I4) by @vieiralucas in #1323
feat(s3): introspection endpoints — access points + object-lambda responses (I3) by @vieiralucas in #1322
feat(athena): introspection endpoint — named queries (I7) by @vieiralucas in #1326
feat(ecs): introspection endpoint — task metadata (I11) by @vieiralucas in #1330
feat(organizations): introspection endpoint — accounts (I10) by @vieiralucas in #1329
release(v0.14.0): bump workspace + SDK versions by @vieiralucas in #1331
fix(ci/release): correct crates publish topological order by @vieiralucas in #1332

New Contributors

@sveitser made their first contribution in #975
@moonming made their first contribution in #1237

Full Changelog: v0.13.3...v0.14.0

What's Changed

refactor: drop optional/required_param wrappers, call core helpers directly by @vieiralucas in #857
refactor: standardize state collections on BTreeMap (ecr, elbv2) by @vieiralucas in #855
refactor: convert cognito/elasticache/ses/eventbridge state to BTreeMap by @vieiralucas in #865
refactor: convert iam/kms/sqs state to BTreeMap by @vieiralucas in #866
refactor: convert apigw/apigwv2/ssm/dynamodb/bedrock/cloudformation state to BTreeMap by @vieiralucas in #867
refactor: extract test modules from large service files (Phase I) by @vieiralucas in #868
refactor: extract test modules from Phase J files (12 services) by @vieiralucas in #869
refactor(elasticache): extract free helpers to submodule (Phase I) by @vieiralucas in #870
refactor(route53): extract helpers + VPC handlers below impl block (Phase J) by @vieiralucas in #871
refactor: extract free helpers from 16 service files (Phase I/J) by @vieiralucas in #872
refactor: demote pub mod state/service across 32 crates (Phase K) by @vieiralucas in #873
refactor: finish ARN format! sweep (34 sites -> 0) by @vieiralucas in #874
refactor(sns): split service.rs (3152 -> 1564 lines) by @vieiralucas in #875
refactor(kms): split service.rs (3008 -> 1310 lines) by @vieiralucas in #876
refactor(eventbridge): split service.rs (3440 -> 1665 lines) by @vieiralucas in #877
refactor(apigateway): split service.rs (3413 -> 324 lines) by @vieiralucas in #878
refactor(ecs): split service.rs (3291 -> 296 lines) by @vieiralucas in #879
refactor(bedrock): extract tests to sibling file (2908 -> 1676 lines) by @vieiralucas in #880
refactor(dynamodb): extract free helper fns from service/mod.rs (2931 -> 424 lines) by @vieiralucas in #881
refactor(lambda): split service.rs (2935 -> 1616 lines) by @vieiralucas in #882
refactor(iam): extract evaluator tests (2895 -> 1019 lines) by @vieiralucas in #883
feat(ecs): implement Daemon + ExpressGatewayService 2026 ops by @vieiralucas in #884
feat(cloudfront): implement DistributionTenant + ConnectionFunction ops by @vieiralucas in #885
feat(conformance): @examples deep-diff strategy by @vieiralucas in #886
feat(conformance): Create->Get round-trip echo strategy by @vieiralucas in #887
feat(conformance): identifier-form fanout strategy by @vieiralucas in #888
feat(conformance): split 4xx by AWS error shape match by @vieiralucas in #889
feat(s3): close response field gaps surfaced by parity audit by @vieiralucas in #891
feat(lambda): emit full FunctionConfiguration response shape by @vieiralucas in #892
feat(lambda): real AccountUsage + full ESM + Versions + Code.Location by @vieiralucas in #893
refactor(iam): delete fabricated operations not in real AWS by @vieiralucas in #890
feat(dynamodb): emit ConsumedCapacity + ItemCollectionMetrics on data-plane ops by @vieiralucas in #894
feat(rds): add fields and dynamic values to db_instance_xml by @vieiralucas in #895
feat(elasticache): persist + render encryption/log/cluster fields on ReplicationGroup by @vieiralucas in #896
feat(kinesis): emit EnhancedMonitoring + StreamModeDetails + KeyId on DescribeStream and real StreamSummaries by @vieiralucas in #897
feat(ecs,ecr): emit always-present response fields on Task/Service/Image by @vieiralucas in #898
feat(dynamodb): accept table ARN (and sub-resource ARNs) anywhere TableName is read by @vieiralucas in #899
feat(sqs): accept queue ARN in QueueUrl fields by @vieiralucas in #900
feat(kms): accept alias/* in EnableKeyRotation/DisableKeyRotation/GetKeyRotationStatus by @vieiralucas in #901
feat(lambda): UpdateFunctionCode actually replaces code/image and recomputes hashes by @vieiralucas in #902
fix(lambda): normalize AddPermission action prefix and unify tag store by @vieiralucas in #904
feat(s3): enforce PublicAccessBlock on PutBucketPolicy and PutBucket/Object ACL by @vieiralucas in #907
feat(lambda): PublishVersion snapshots config + monotonic numbering by @vieiralucas in #903
fix(s3): DeleteObjects batch honors COMPLIANCE retention and legal hold by @vieiralucas in #909
feat(s3): fire ObjectCreated:CompleteMultipartUpload event and emit checksum by @vieiralucas in #910
fix(s3): update_object_encryption actually re-encrypts on algorithm flip by @vieiralucas in #911
feat(lambda): enforce reserved concurrency and resolve alias routing by @vieiralucas in #905
feat(iam): enforce sts:ExternalId on AssumeRole trust policy by @vieiralucas in #913
feat(logs): enforce retention on GetLogEvents and FilterLogEvents by @vieiralucas in #916
feat(s3): enforce BucketOwnerEnforced on ACL writes by @vieiralucas in #908
feat(organizations): CreateAccount lifecycle + CloseAccount + RemoveAccountFromOrganization by @vieiralucas in #918
feat(lambda): UpdateFunctionConfiguration accepts advanced fields and EphemeralStorage applies as tmpfs by @vieiralucas in #906
feat(iam): real Simulate{Custom,Principal}Policy via the IAM evaluator by @vieiralucas in #920
feat(elbv2): enforce deletion_protection.enabled on DeleteLoadBalancer by @vieiralucas in #923
feat(secretsmanager): enforce resource policy on cross-account GetSecretValue by @vieiralucas in #922
feat(acm): real X.509 self-signed PEM via rcgen on RequestCertificate by @vieiralucas in #924
feat(route53): admin-controllable health check status + last-failure reason by @vieiralucas in #925
feat(s3): validate KMS key id on PutBucketEncryption and use real JSON parse for IsPublic by @vieiralucas in #912
feat(ssm): enforce parameter Expiration policy on read by @vieiralucas in #927
feat(cloudformation): real Fn::GetAtt resolution per resource type by @vieiralucas in #926
feat(dynamodb): DescribeEndpoints + DescribeLimits become region-aware by @vieiralucas in #929
feat(eventbridge): add suffix / equals-ignore-case / cidr / wildcard / $or filter operators by @vieiralucas in #930
feat(scheduler): evaluate cron against ScheduleExpressionTimezone by @vieiralucas in #928
fix(kinesis): emit 56-digit sequence numbers like real AWS by @vieiralucas in #931
feat(cloudfront): Distribution Status transitions InProgress -> Deployed by @vieiralucas in #932
fix(ecr): GetLifecyclePolicy returns the actual lastEvaluatedAt by @vieiralucas in #933
fix(iam): ChangePassword validates and stores password by @vieiralucas in #915
feat(ssm): SendCommand goes through Pending -> InProgress -> Success by @vieiralucas in #921
feat(sqs): emit MD5OfMessageSystemAttributes on SendMessage by @vieiralucas in #934
feat(bedrock): dynamic token counts + BEDROCK_ECHO mode by @vieiralucas in #935
feat(elasticache): RebootCacheCluster restarts the engine container by @vieiralucas in #937
feat(stepfunctions): ASL intrinsic functions (States.*) by @vieiralucas in #938
feat(appas): RegisterScalableTarget emits ScalingActivity rows by @vieiralucas in #939
feat(iam): expand global condition keys (MFA, VPC, federation, CalledVia) by @vieiralucas in #941
feat(rds): DescribeEvents serves real events from in-memory ring by @vieiralucas in #942
feat(cloudformation): Fn::Base64 / Split / Select / Length / ToJsonString / Cidr by @vieiralucas in #944
feat(sns): EffectiveDeliveryPolicy merges user policy over default by @vieiralucas in #943
feat(acm): ExportCertificate encrypts private key with Passphrase by @vieiralucas in #936
feat(route53): GetChange transitions PENDING -> INSYNC after a few reads by @vieiralucas in #940
feat(kms): real RSA Sign/Verify/GetPublicKey for RSA_2048/3072/4096 by @vieiralucas in #917
feat(ses): honor account/config-set sending pause flags by @vieiralucas in #946
feat(cloudformation): substitute AWS::* pseudo-parameters by @vieiralucas in #948
feat(route53): TestDNSAnswer honors RRset routing policy + health by @vieiralucas in #947
feat(cloudformation): provision AWS::Lambda::Function by @vieiralucas in #951
feat(ssm): admin endpoint to override SendCommand status by @vieiralucas in #954
feat(acm): auto-flip RequestCertificate to ISSUED after a few reads by @vieiralucas in #952
feat(cloudformation): parse Outputs + ImportValue + ListExports by @vieiralucas in #955
feat(organizations): implement handshake invitation flow by @vieiralucas in #956
feat(ses): render Content.Template at SendEmail/SendBulkEmail by @vieiralucas in #961
feat(scheduler): wire Kinesis as a universal target by @vieiralucas in #963
feat(cloudformation): support Conditions + Fn::If/Equals/And/Or/Not by @vieiralucas in #949
feat(organizations): trusted services + delegated administrators by @vieiralucas in #957
test(bedrock): serialize BEDROCK_ECHO env mutation with embed test by @vieiralucas in #964
feat(ses): gate sends on verified sender identity by @vieiralucas in #945
feat(eventbridge): round-trip full target config on PutTargets by @vieiralucas in #967
feat(ecr): trigger image scan on PutImage when scan_on_push is enabled by @vieiralucas in #965
test(ses): seed verified identity in template-render test by @vieiralucas in #969
feat(organizations): EnableAllFeatures + policy-type management by @vieiralucas in #959
feat(ses): MailFromDomain MX/TXT records + status lifecycle by @vieiralucas in #966
feat(organizations): tagging + nav + effective/resource policy by @vieiralucas in #958
feat(cloudformation): support Mappings + Fn::FindInMap by @vieiralucas in #950
feat(iam): F4 polish - ResyncMFADevice EnableDate, Get/SetSecurityTokenServicePreferences by @vieiralucas in #953
feat(lambda): UpdateFunctionCode enforces CodeSigningConfig + stable RevisionId by @vieiralucas in #970
feat(lambda): GetFunction(Qualifier) returns version snapshot by @vieiralucas in #971
feat(ses): DKIM-sign outbound emails with per-identity RSA keys by @vieiralucas in #962
feat(lambda): Invoke runs from numbered version snapshot by @vieiralucas in #972
fix(sqs): cross-service FIFO delivery assigns sequence_number + surfaces invalid-param by @vieiralucas in #977
feat(cognito): real RSA-2048 RS256 JWT signing per pool by @vieiralucas in #968
feat(sns): POST SubscriptionConfirmation to HTTP/HTTPS endpoints by @vieiralucas in #976
feat(organizations): accept all five policy types by @vieiralucas in #960
feat(sns): track SubscriptionsDeleted per topic by @vieiralucas in #973
feat(kinesis): GetShardIterator supports AT_TIMESTAMP by @vieiralucas in #978
feat(sqs): enforce queue access policies via ResourcePolicyProvider by @vieiralucas in #980
feat(s3): add CRC32C and CRC64NVME checksum algorithms by @vieiralucas in #982
feat(eventbridge): enforce event bus policies via ResourcePolicyProvider by @vieiralucas in #981
feat(dynamodb): reject ConsistentRead on GSI + omit Items under Select=COUNT by @vieiralucas in #983
fix(s3): emit x-amz-transition-default-minimum-object-size on lifecycle GET by @sveitser in #975
fix(iam): include AWS managed policies in ListAttachedRolePolicies by @sveitser in #974
feat(cognito): expose pool JWKS + OIDC discovery endpoints by @vieiralucas in #979
feat(cognito): /oauth2/token endpoint (Y3) by @vieiralucas in #985
feat(kms): bind EncryptionContext into ciphertext AAD (G6) by @vieiralucas in #986
feat(ses): legacy v1 verified-email aliases (X9) by @vieiralucas in #987
feat(elbv2): validate Listener Protocol and Port (Q4) by @vieiralucas in #988
feat(ecr): registry-level scan-on-push fallback (GG6) by @vieiralucas in #989
feat(dynamodb): Scan honors IndexName + GSI/LSI projection (L5) by @vieiralucas in #992
feat(rds): RestoreDBInstanceFromDBSnapshot carries Tags (M11) by @vieiralucas in #993
feat(cognito): /oauth2/userInfo + /oauth2/revoke (Y5) by @vieiralucas in #994
feat(apigateway): GetExport derives OpenAPI from state (GG10) by @vieiralucas in #991
fix(dynamodb): GetResourcePolicy 404 PolicyNotFoundException (L6) by @vieiralucas in #990
feat(cognito): RefreshTokenRotation rotates refresh on grant (Y7) by @vieiralucas in #995
fix(rds): persist DB instance after bg container start (#914) by @vieiralucas in #997
feat(firehose): new fakecloud-firehose crate with S3 destination delivery (AA1) by @vieiralucas in #996
feat(glue): new fakecloud-glue Data Catalog crate (AA2) by @vieiralucas in #998
feat(cloudformation): provision AWS::SecretsManager::Secret (BB13) by @vieiralucas in #1000
feat(cloudwatch): new fakecloud-cloudwatch metrics + alarms crate (AA3) by @vieiralucas in #999
feat(cloudformation): provision AWS::Kinesis::Stream (BB23) by @vieiralucas in #1001
feat(cloudformation): provision AWS::KMS::Key + AWS::KMS::Alias (BB14) by @vieiralucas in #1002
feat(cloudformation): provision AWS::ECR::Repository (BB12) by @vieiralucas in #1003
feat(cloudformation): provision AWS::CloudWatch::Alarm (BB18) by @vieiralucas in #1004
feat(cloudformation): provision AWS::Kinesis::StreamConsumer (BB23 followup) by @vieiralucas in #1005
feat(cloudformation): provision Logs LogStream + MetricFilter + SubscriptionFilter (BB29) by @vieiralucas in #1006
feat(cloudformation): provision Events Connection + ApiDestination + Archive (BB28) by @vieiralucas in #1007
feat(cloudformation): provision IAM User/Group/ManagedPolicy/AccessKey/InstanceProfile (BB30) by @vieiralucas in #1008
feat(cloudformation): provision ELBv2 LB + TargetGroup + Listener + ListenerRule (BB17) by @vieiralucas in #1009
feat(cloudformation): provision Organizations Org + OU + Policy + ResourcePolicy (BB31) by @vieiralucas in #1010
feat(cloudformation): provision Cognito UserPool + UserPoolClient + UserPoolDomain (BB15) by @vieiralucas in #1011
feat(cloudformation): provision Lambda Permission/EventSourceMapping/LayerVersion/Url/Alias/Version (BB8) by @vieiralucas in #1012
feat(cloudformation): provision RDS metadata resource types (BB16) by @vieiralucas in #1013
feat(cloudformation): provision ECS Cluster + TaskDefinition + Service + CapacityProvider (BB11) by @vieiralucas in #1014
feat(cloudformation): provision ACM Certificate (BB22) by @vieiralucas in #1015
feat(cloudformation): provision ElastiCache metadata resource types (BB24) by @vieiralucas in #1016
feat(cfn): provision Route53 HostedZone, RecordSet, HealthCheck by @vieiralucas in #1017
feat(cfn): provision CloudFront metadata resources (8 types) by @vieiralucas in #1018
feat(cfn): provision Step Functions StateMachine + Activity + Version + Alias by @vieiralucas in #1019
feat(cfn): provision Logs Destination + ResourcePolicy + Delivery* + QueryDefinition by @vieiralucas in #1020
feat(cfn): provision WAFv2 WebACL + IPSet + RegexPatternSet + RuleGroup + LoggingConfiguration + WebACLAssociation by @vieiralucas in #1021
feat(cfn): provision EventBridge EventBus + EventBusPolicy + Endpoint by @vieiralucas in #1022
feat(cfn): provision IAM OIDCProvider + SAMLProvider + ServiceLinkedRole + VirtualMFADevice by @vieiralucas in #1023
feat(cloudwatch): add Dashboard CRUD ops + CFN provisioner by @vieiralucas in #1024
feat(cloudformation): provision AWS::ApiGateway::* resource types by @vieiralucas in #1025
feat(cloudformation): provision AWS::ApiGatewayV2::* resource types by @vieiralucas in #1026
feat(cloudformation): provision AWS::SES::* resource types by @vieiralucas in #1027
feat(cloudformation): provision AWS::SecretsManager::* extras by @vieiralucas in #1028
feat(cloudformation): provision AWS::RDS::DBInstance and DBCluster by @vieiralucas in #1029
feat(cloudformation): provision AWS::ElastiCache::CacheCluster and ReplicationGroup by @vieiralucas in #1030
feat(cloudformation): make ExecuteChangeSet apply real resource updates by @vieiralucas in #1031
fix(cloudformation): make CreateChangeSet/ExecuteChangeSet tolerate skeleton requests by @vieiralucas in #1032
feat(cloudformation): provision AWS::CertificateManager::Account by @vieiralucas in #1033
feat(cloudformation): provision AWS::Organizations::Account by @vieiralucas in #1034
feat(cloudformation): provision ECR policies + replication + pull-through cache by @vieiralucas in #1035
feat(cloudformation): provision ELBv2 ListenerCertificate and TrustStore by @vieiralucas in #1036
feat(cloudformation): provision Route53 DNSSEC and KeySigningKey by @vieiralucas in #1037
feat(cloudformation): provision AWS::KMS::ReplicaKey by @vieiralucas in #1038
feat(cloudformation): provision AWS::CloudFront::Distribution by @vieiralucas in #1039
refactor(lambda, iam): delete fabricated CapacityProvider, DurableExecution, and IAM mutating-action stubs by @vieiralucas in #1040
fix(s3): emit quoted ETag and ChecksumType in GetObjectAttributes by @vieiralucas in #1041
fix(dynamodb): emit real ItemCollectionMetrics on LSI tables by @vieiralucas in #1042
fix(lambda): emit StateReason and LastUpdateStatusReason fields by @vieiralucas in #1043
fix(lambda): round-trip advanced EventSourceMapping fields by @vieiralucas in #1044
fix(elasticache): emit parameter group, security groups, log delivery, and encryption flags on cache clusters by @vieiralucas in #1045
fix(ecs): emit capacityProviderName on Task by @vieiralucas in #1046
fix(rds): emit extended fields on DBSnapshot by @vieiralucas in #1047
feat(sns): retry HTTP delivery and route to RedrivePolicy DLQ by @vieiralucas in #1048
refactor(sns): unify cross-service publish path with direct fan-out by @vieiralucas in #1049
refactor(eventbridge): unify cross-service target dispatch by @vieiralucas in #1050
feat(logs): write CreateExportTask + CreateDelivery output to real S3 by @vieiralucas in #1051
feat(ecr): execute replication rules on PutImage by @vieiralucas in #1052
feat(ecr): enforce repository policy on cross-account image ops by @vieiralucas in #1053
feat(logs): route subscription filter destinations to Firehose by @vieiralucas in #1054
feat(logs): enforce retention on Logs Insights query results by @vieiralucas in #1055
feat(iam): enforce trust policy on AssumeRole via IAM evaluator by @vieiralucas in #1056
feat(iam): real DecodeAuthorizationMessage round-trip by @vieiralucas in #1057
feat(kms): real HMAC for GenerateMac/VerifyMac by @vieiralucas in #1058
feat(kms): enforce key_state on every crypto op by @vieiralucas in #1059
feat(kms): real RSA-OAEP unwrap on ImportKeyMaterial by @vieiralucas in #1060
feat(eventbridge): gate cross-account PutEvents through bus policy by @vieiralucas in #1061
feat(kinesis): honor StreamModeDetails on CreateStream + retention prune on read by @vieiralucas in #1062
feat(dynamodb): DynamoDB Streams data plane (L1) by @vieiralucas in #1063
feat(dynamodb): atomic TransactWriteItems + stream/kinesis emit (L2) by @vieiralucas in #1064
feat(dynamodb): atomic ExecuteTransaction + stream/kinesis emit (L3) by @vieiralucas in #1065
feat(dynamodb): PartiQL multi-account + comparators + key validation (L4) by @vieiralucas in #1066
feat(dynamodb): Query/Scan Limit-before-Filter + parallel Scan (L5) by @vieiralucas in #1067
feat(dynamodb): preserve GSI/LSI/tags/TTL/SSE/Stream across backup; reject ConsistentRead on GSI Scan (L6) by @vieiralucas in #1068
feat(kms): real RSA/ECC GenerateDataKeyPair returning parseable PKCS#8 + SPKI (G4) by @vieiralucas in #1069
test(kms): EncryptionContext round-trip + AAD-mismatch coverage (G6) by @vieiralucas in #1070
feat(scheduler): FlexibleTimeWindow + RetryPolicy budget before DLQ (K11) by @vieiralucas in #1071
feat(scheduler): universal targets for SES SendEmail + ECS RunTask + Kinesis (K12) by @vieiralucas in #1072
feat(lambda): Kinesis poller honors ReportBatchItemFailures (K14) by @vieiralucas in #1073
feat(rds): ModifyDBInstance accepts all mutable fields (M1) by @vieiralucas in #1074
feat(rds): ModifyDB[Cluster]ParameterGroup parses + DescribeDB[Cluster]Parameters reads (M2) by @vieiralucas in #1075
feat(rds): tag operations multiplex across resource types (M4) by @vieiralucas in #1076
feat(rds): real PromoteReadReplica + SwitchoverReadReplica (M5) by @vieiralucas in #1077
feat(rds): real cluster lifecycle ops (M6) by @vieiralucas in #1078
feat(rds): real PIT + cluster snapshot/PIT restore (M7) by @vieiralucas in #1079
feat(rds): real RestoreDBInstanceFromS3 (M8) by @vieiralucas in #1080
feat(rds): real BlueGreenDeployment lifecycle (M9) by @vieiralucas in #1081
feat(acm): real X.509 PEM via rcgen (V1) by @vieiralucas in #1082
feat(elbv2): enforce deletion_protection on DeleteLoadBalancer (Q1) by @vieiralucas in #1083
feat(rds): real DescribeDBLogFiles + DownloadDBLogFilePortion (M10) by @vieiralucas in #1084
feat(elasticache): CreateReplicationGroup accepts all fields (N1) by @vieiralucas in #1085
feat(route53): admin endpoint for health-check status (U1) by @vieiralucas in #1086
feat(rds): real Modify ops + ApplyPendingMaintenance + snapshot copy + tags (M11) by @vieiralucas in #1087
feat(ecs): real multi-container task launch (O1) by @vieiralucas in #1088
feat(cloudfront): real JS execution in TestFunction + TestConnectionFunction (T1) by @vieiralucas in #1089
feat(cognito): real RSA-2048 RS256 JWT signing (Y1) by @vieiralucas in #1090
feat(ses): enforce verified-identity gate on SendEmail v1+v2 (X1) by @vieiralucas in #1091
feat(wafv2): statement evaluation engine + action resolution (W1) by @vieiralucas in #1092
feat(logs): metric filters extract metrics on PutLogEvents (Z1) by @vieiralucas in #1094
feat(elasticache): CreateCacheCluster accepts all fields (N2) by @vieiralucas in #1095
feat(ecr): real replication rule execution + status tracking (P1) by @vieiralucas in #1093
feat(acm): auto-issue + admin endpoint for certificate status (V2) by @vieiralucas in #1096
feat(lambda): UpdateFunctionCode actually replaces code (D1) by @vieiralucas in #1097
feat(ecr): enforce repository policy on cross-account ops (P2) by @vieiralucas in #1098
feat(cloudfront): distribution status transitions + admin endpoint (T2) by @vieiralucas in #1099
feat(cognito): JWKS + OIDC discovery endpoints (Y2) by @vieiralucas in #1100
feat(iam): enforce trust policy on AssumeRole (F1) by @vieiralucas in #1101
feat(lambda): PublishVersion snapshots code+config (D2) by @vieiralucas in #1102
feat(apigatewayv2): WebSocket support + @connections data plane (S1) by @vieiralucas in #1103
feat(ecr): auto-trigger image scan on PutImage when configured (P3) by @vieiralucas in #1104
feat(iam): real SimulateCustomPolicy + SimulatePrincipalPolicy (F2) by @vieiralucas in #1105
feat(logs): CreateExportTask + CreateDelivery write to real S3 (Z2) by @vieiralucas in #1106
feat(route53): TestDNSAnswer evaluates routing policies + alias targets (U2) by @vieiralucas in #1107
feat(elasticache): ModifyReplicationGroup accepts auth/encryption/log/multi-AZ fields (N3) by @vieiralucas in #1108
feat(ecs): translate portMappings to docker --publish flags (O2) by @vieiralucas in #1109
feat(ses): account + config-set sending pause + suppression enforcement (X2) by @vieiralucas in #1110
feat(cloudformation): Fn::GetAtt resolves provisioner-specific attributes (BB1) by @vieiralucas in #1111
feat(lambda): AddPermission action prefix + tag store unified (D3) by @vieiralucas in #1112
feat(elbv2): WAFv2 evaluation in ALB dataplane (Q2) by @vieiralucas in #1113
feat(apigateway): authorizer enforcement before integration (R1) by @vieiralucas in #1114
fix(elbv2): allow too_many_arguments on evaluate_waf_outcome by @vieiralucas in #1115
feat(lambda): D4 reserved concurrency Reason + alias weight tests by @vieiralucas in #1116
feat(apigateway): enforce usage plan throttle + quota at data plane by @vieiralucas in #1117
feat(cloudformation): exports registry + ImportValue validation + DeleteStack guard (BB2) by @vieiralucas in #1118
feat(ecr): periodic lifecycle policy re-evaluation ticker (P4) by @vieiralucas in #1119
feat(apigatewayv2): @connections management API + connection metadata (S2) by @vieiralucas in #1120
feat(iam): wire MFA + federated provider + token issue time on STS sessions (F3) by @vieiralucas in #1121
feat(lambda): D5 ephemeral storage validation, SnapStart auto-On, tmpfs exec by @vieiralucas in #1122
feat(cloudfront): wall-clock timeout + ComputeUtilization for TestFunction (T1) by @vieiralucas in #1124
fix(tests): align e2e + conformance with shipped contract changes by @vieiralucas in #1129
feat(ecr): UpdateImageStorageClass + ListImageReferrers + in-use tracking (P5) by @vieiralucas in #1125
feat(acm): ExportCertificate emits PKCS#8 v2 encrypted PEM (V3) by @vieiralucas in #1126
fix(sdks/python): ruff format + verify SES sender in test by @vieiralucas in #1130
feat(cloudformation): memoized Conditions + AWS::NoValue (BB3) by @vieiralucas in #1123
feat(elbv2): emit ALB access + connection logs to S3 by @vieiralucas in #1127
fix: address Cubic findings from #1123/#1125/#1126/#1129/#1130 by @vieiralucas in #1131
feat(cognito): real RSA-2048 RS256 JWT signing per user pool (Y1) by @vieiralucas in #1133
fix(lambda): UpdateFunctionCode replaces code + recomputes hash/size (D1) by @vieiralucas in #1132
fix(elbv2): listener validation + WAF ARN + ipv6 SNAT bool (Q4) by @vieiralucas in #1134
docs(cloudfront): document boa-backed TestFunction + TestConnectionFunction (T1) by @vieiralucas in #1135
feat(iam): trust policy enforcement on AssumeRole/SAML/WebIdentity (F1) by @vieiralucas in #1137
feat(lambda): real PublishVersion snapshots + ListVersionsByFunction (D2) by @vieiralucas in #1136
feat(scheduler): FlexibleTimeWindow + RetryPolicy + tz support (K11) by @vieiralucas in #1138
test(dynamodb-streams): e2e coverage for ListStreams/DescribeStream/Get* + Lambda ESM (L1) by @vieiralucas in #1140
feat(rds): ModifyDBInstance accepts all mutable fields + PendingModifiedValues (M1) by @vieiralucas in #1139
feat(wafv2): real statement evaluator + action enforcement (W1) by @vieiralucas in #1141
feat(cognito): JWKS + OIDC discovery endpoints (Y2) by @vieiralucas in #1144
fix(lambda): AddPermission action prefix + tag store unification + UntagResource (D3) by @vieiralucas in #1142
feat(ses): verified-identity gate on SendCustomVerificationEmail (X1) by @vieiralucas in #1143
feat(cloudformation): Mappings + Fn::FindInMap (BB4) by @vieiralucas in #1145
feat(dynamodb): atomic TransactWriteItems + stream emission (L2) by @vieiralucas in #1147
feat(elasticache): CreateReplicationGroup accepts all fields (N1) by @vieiralucas in #1146
feat(ecs): multi-container task launch + per-container lifecycle (O1) by @vieiralucas in #1148
feat(apigateway): authorizer enforcement (TOKEN/REQUEST/COGNITO_USER_POOLS) (R1) by @vieiralucas in #1149
feat(rds): ModifyDBParameterGroup + DescribeDB(Cluster)Parameters real (M2) by @vieiralucas in #1153
feat(iam): real SimulateCustomPolicy + SimulatePrincipalPolicy (F2) by @vieiralucas in #1152
feat(cloudformation): Fn::Select/Split/Base64/Cidr/Length/ToJsonString/ForEach (BB5) by @vieiralucas in #1150
feat(organizations): CreateAccount + CloseAccount + lifecycle ops (H1) by @vieiralucas in #1151
feat(ssm): SendCommand async Pending -> InProgress -> Success (I1) by @vieiralucas in #1154
feat(organizations): handshake invitation flow + accept/decline/cancel (H2) by @vieiralucas in #1156
feat(cloudformation): pseudo-parameters AWS::Region/Partition/URLSuffix/NoValue/NotificationARNs (BB6) by @vieiralucas in #1155
feat(ssm): parameter policies (I2) by @vieiralucas in #1157
feat(rds): real DescribeEvents from emit_event buffer (M3) by @vieiralucas in #1158
feat(rds): tagging multiplexed across all resource types (M4) by @vieiralucas in #1159
feat(organizations): trusted services + delegated administrator (H3) by @vieiralucas in #1161
feat(route53): controllable HealthCheck status + admin endpoint (U1) by @vieiralucas in #1160
feat(acm): cert auto-issue lifecycle PENDING_VALIDATION -> ISSUED (V2) by @vieiralucas in #1162
feat(wafv2): inspection wired into ELBv2 + API Gateway v1+v2 dataplanes (W2) by @vieiralucas in #1163
feat(ses): verified-identity gate on send (v1 + v2) (X1) by @vieiralucas in #1164
feat(cloudfront): TestFunction stage selection + E2E coverage (T1) by @vieiralucas in #1165
feat(cloudformation): AWS::Lambda::Function provisioner (BB7) by @vieiralucas in #1167
feat(elasticache): CreateCacheCluster accepts all input fields (N2) by @vieiralucas in #1169
feat(rds): real PromoteReadReplica + SwitchoverReadReplica (M5) by @vieiralucas in #1168
feat(ecr): repository policy enforcement on cross-account image/layer ops (P2) by @vieiralucas in #1175
feat(organizations): tagging + nav + EffectivePolicy + ResourcePolicy (H4) by @vieiralucas in #1179
test(kms): prove RSA Sign verifies outside fakecloud (G1) by @vieiralucas in #1176
feat(route53): GetChange transition + DNSSEC RRSIG + query log delivery (U3) by @vieiralucas in #1173
feat(apigateway): API key requirement + usage plan throttle/quota (R2) by @vieiralucas in #1174
feat(dynamodb): atomic ExecuteTransaction with snapshot/revert + stream emission (L3) by @vieiralucas in #1172
feat(cloudformation): AWS::Lambda::{Permission,EventSourceMapping,LayerVersion,Url,Alias,Version} (BB8) by @vieiralucas in #1177
feat(elasticache): ModifyReplicationGroup accepts all rotation/encryption/log/multi-AZ fields (N3) by @vieiralucas in #1180
feat(iam): tighten ChangePassword + AccessDenied encoded msg + GCI auth (F4 follow-up) by @vieiralucas in #1171
feat(sns): HTTP/HTTPS SubscriptionConfirmation POST + ConfirmSubscription (K3) by @vieiralucas in #1183
feat(sqs): SSE-SQS managed encryption + MD5OfMessageSystemAttributes + Lambda poller visibility (K2) by @vieiralucas in #1182
feat(ssm): honest 501 on StartSession + admin session inject endpoint (I3) by @vieiralucas in #1170
feat(sns): unify direct + cross-service publish (filter policy + HTTP + FIFO) (K5) by @vieiralucas in #1184
fix(e2e): debounce sns_http_confirm test against loaded-runner flake by @vieiralucas in #1185
feat(cloudformation): AWS::ApiGateway::* provisioners (BB9) by @vieiralucas in #1181
feat(ses): account + config-set sending pause + suppression enforcement (X2) by @vieiralucas in #1166
feat(cognito): /oauth2/token with all 3 grants (Y3) by @vieiralucas in #1189
feat(rds): real Failover/Reboot/Start/Stop/Backtrack/ModifyDBCluster (M6) by @vieiralucas in #1188
feat(dynamodb): PartiQL real comparators + schema validation + stream emit (L4) by @vieiralucas in #1187
feat(sns): compute EffectiveDeliveryPolicy as merge of user policy over default (K6) by @vieiralucas in #1190
feat(cloudformation): AWS::ApiGatewayV2::* provisioners (BB10) by @vieiralucas in #1186
feat(cloudformation): AWS::ECS provisioners (BB11) by @vieiralucas in #1193
feat(cloudformation): AWS::ECR::* provisioners (BB12) by @vieiralucas in #1194
feat(logs): CreateExportTask + CreateDelivery write to real S3 (Z2) by @vieiralucas in #1191
feat(route53): TestDNSAnswer routing policies + cross-service alias resolution (U2) by @vieiralucas in #1192
feat(ses): real template rendering at SendEmail (v1 + v2) (X3) by @vieiralucas in #1195
feat(cloudformation): AWS::KMS::{Key,Alias,ReplicaKey} provisioners (BB14) by @vieiralucas in #1196
feat(cloudformation): AWS::SecretsManager::* provisioners (BB13) by @vieiralucas in #1197
feat(rds): real RestoreDBInstanceToPointInTime + RestoreDBClusterFromSnapshot (M7) by @vieiralucas in #1198
feat(ecs): real Docker HEALTHCHECK from container healthCheck definition (O4) by @vieiralucas in #1201
feat(ses): real DKIM signing on outgoing emails (X4) by @vieiralucas in #1202
feat(cloudformation): AWS::Cognito::* provisioners (BB15) by @vieiralucas in #1200
feat(application-autoscaling): DynamoDB capacity target-tracking + step scaling (EE1) by @vieiralucas in #1204
feat(ecs): real volume mounts (host bind + EFS stub + named) (O3) by @vieiralucas in #1199
feat(stepfunctions): generic aws-sdk:* integration via service registry (CC1) by @vieiralucas in #1203
feat(bedrock): echo mode + dynamic token counts (FF1) by @vieiralucas in #1205
feat(athena): minimal SQL parser + Glue catalog reads + S3 CSV result write (DD1) by @vieiralucas in #1207
feat(lambda): real eventstream chunks in InvokeWithResponseStream (GG1) by @vieiralucas in #1206
feat(eventbridge): full EventTarget field round-trip (K7) by @vieiralucas in #1210
feat(cloudformation): ELBv2 provisioner update + GetAtt (BB17) by @vieiralucas in #1209
feat(ecs): honor containerDefinitions.dependsOn ordering (O5) by @vieiralucas in #1211
feat(cloudfront): real Status InProgress -> Deployed for streaming distributions + ETag stability (T2) by @vieiralucas in #1212
feat(elasticache): real shard + replica count mutations (N4) by @vieiralucas in #1208
feat(cloudformation): CloudWatch Alarm + Dashboard UpdateStack support (BB18) by @vieiralucas in #1215
feat(cognito): /oauth2/authorize endpoint with code+token response types (Y4) by @vieiralucas in #1213
feat(stepfunctions): real .sync wait pattern (CC2) by @vieiralucas in #1214
feat(ecs): EnableExecuteCommand + propagateTags + ProtectFromScaleIn enforcement (O15) by @vieiralucas in #1216
feat(dynamodb): real PartiQL WHERE evaluator + INSERT validation + stream emission (L4) by @vieiralucas in #1217
feat(application-autoscaling): scheduled action executor + cross-service apply (EE4) by @vieiralucas in #1220
feat(cloudformation): real ExecuteChangeSet diff+apply (BB35) by @vieiralucas in #1218
feat(stepfunctions): waitForTaskToken pattern (CC3) by @vieiralucas in #1221
feat(application-autoscaling): ECS desiredCount scaling (EE2) by @vieiralucas in #1223
feat(apigatewayv2): WebSocket support (S1) by @vieiralucas in #1222
fix(acm): resolve conformance failures — protocol mapping + shape validation by @vieiralucas in #1224
feat(cognito-identity): full CRUD + credential issuance (Y6) by @vieiralucas in #1219
docs: parity matrix + limitations sections (HH1) by @vieiralucas in #1225
feat(cloudformation): ApplicationAutoScaling provisioner (BB25) by @vieiralucas in #1226
feat(cloudformation): WAFv2 GetAtt + tests (BB26) by @vieiralucas in #1227
feat(cloudformation): SES GetAtt + tests (BB27) by @vieiralucas in #1228
feat(cloudformation): Athena provisioner (BB32) by @vieiralucas in #1229
feat(cloudformation): Glue Database + Table + Partition provisioner (BB33) by @vieiralucas in #1230
feat(cloudformation): Firehose DeliveryStream provisioner (BB34) by @vieiralucas in #1231
feat(cloudformation): nested stacks + SAM transform + drift/events (BB38) by @vieiralucas in #1235
feat(stepfunctions): StartSyncExecution real execution (CC8) by @vieiralucas in #1236
fix(protocol): route bedrock-runtime credential scope to the bedrock handler by @moonming in #1237
feat(stepfunctions): CC10 Map distributed mode by @vieiralucas in #1239
feat(athena): DD3 named query resolution + ExecutionParameters substitution by @vieiralucas in #1241
feat(athena): DD2 ListDatabases + GetTableMetadata real Glue reads by @vieiralucas in #1240
feat(stepfunctions): CC9 Express logging delivery by @vieiralucas in #1238
feat(bedrock-agent): fakecloud-bedrock-agent crate with CRUD + conformance by @vieiralucas in #1242
feat(bedrock-agent-runtime): fakecloud-bedrock-agent-runtime crate by @vieiralucas in #1243
feat(s3): real SelectObjectContent with EventStream by @vieiralucas in #1244
feat(s3): real WriteGetObjectResponse stores body + metadata (GG3) by @vieiralucas in #1245
feat(elasticache): restore from snapshot with real RDB dump by @vieiralucas in #1246
feat(elasticache): ACL SETUSER, CONFIG SET, Memcached ConfigurationEndpoint by @vieiralucas in #1247
feat(apigateway): request validator + model validation in data plane by @vieiralucas in #1248
feat(apigateway): AWS direct service integration (R5) by @vieiralucas in #1250
feat(apigateway): VTL evaluator + MOCK/HTTP request+response templates by @vieiralucas in #1249
feat(apigateway): VPC_LINK integration (R6) by @vieiralucas in #1251
feat(apigateway): binary media types in data plane + UpdateRestApi patch by @vieiralucas in #1252
feat(apigateway): custom domain + base path mapping data plane (R8) by @vieiralucas in #1253
feat(apigatewayv2): JWT authorizer enforcement in HTTP data plane (S3) by @vieiralucas in #1254
feat(apigatewayv2): Lambda authorizer enforcement in HTTP data plane (S4) by @vieiralucas in #1255
feat(apigatewayv2): stage variables, custom domain routing, AWS service integrations by @vieiralucas in #1256
feat(apigatewayv2): access log delivery to CloudWatch Logs by @vieiralucas in #1257
feat(ses): X6 receipt-rule actions polish by @vieiralucas in #1258
feat(ecs): O6 - ulimits + linuxParameters + stopTimeout + user + tty + readonlyRootfs by @vieiralucas in #1259
feat(ses): X7 — event destinations for Kinesis, Firehose, and CloudWatch by @vieiralucas in #1260
feat(ses): X9 — SendBounce + deliverability simulator addresses by @vieiralucas in #1261
fix(kinesis): use opaque 56-digit decimal sequence numbers everywhere by @vieiralucas in #1262
feat(ecs): O12 - ECS_CONTAINER_METADATA_URI_V4 endpoint + env injection by @vieiralucas in #1263
O7: ECS awsvpc network mode with synthetic ENI attachments by @vieiralucas in #1264
feat(ecs): O8 - loadBalancers → ELBv2 RegisterTargets cross-service hook by @vieiralucas in #1265
feat(ecs): O11 - CreateService + RunTask accept volumeConfigurations by @vieiralucas in #1266
fix(wafv2): validate PutManagedRuleSetVersions and UpdateManagedRuleSetVersionExpiryDate inputs by @vieiralucas in #1267
fix(ecs): no-runtime service lifecycle + list_tasks default filter by @vieiralucas in #1268
fix(ecs): keep desired_status=RUNNING in no-runtime RunTask path by @vieiralucas in #1269
fix(e2e): skip ElastiCache tests when Docker unavailable by @vieiralucas in #1270
fix(ecs): keep desired_status=RUNNING in no-runtime service spawn paths by @vieiralucas in #1271
feat(ecs): CreateDaemon spawns tasks per capacity provider (O10) by @vieiralucas in #1272
feat(ecs): CODE_DEPLOY blue/green task sets (O16) by @vieiralucas in #1273
feat(ses): real GetMessageInsights delivery tracking data by @vieiralucas in #1274
feat(s3): S3 access points control plane + data plane routing (GG4) by @vieiralucas in #1275
feat(ecs): placement constraints and strategies by @vieiralucas in #1276
feat(ses): SMTP submission listener (X8) by @vieiralucas in #1277
feat(logs): real LiveTail/GetLogObject/GetLogFields (Z5) by @vieiralucas in #1278
feat(stepfunctions): nested startExecution[.sync] (CC5+CC6) by @vieiralucas in #1279
docs(parity): add Will-never-implement + Roadmap sections by @vieiralucas in #1280
fix(ssm): hard-fail SecureString PutParameter when KMS encrypt fails (S9) by @vieiralucas in #1282
feat(bedrock-agent-runtime): real eventstream framing for Invoke* (F6) by @vieiralucas in #1283
fix(iam): promote unrecognized-principal logs to warn (S1) by @vieiralucas in #1281
feat(logs): real GetLogRecord with pointer resolution (L7) by @vieiralucas in #1284
feat(logs): DescribeFieldIndexes returns parsed Fields (L3) by @vieiralucas in #1285
feat(glue): GetPartitions Expression filter pruning (X1) by @vieiralucas in #1286
feat(logs): FilterLogEvents array-pattern syntax (L8) by @vieiralucas in #1288
feat(glue): Job control plane CRUD + JobRun (X2) by @vieiralucas in #1287
feat(firehose): enforce BufferingHints range limits (R5) by @vieiralucas in #1289
feat(logs): anomaly state + injection admin endpoint (L1) by @vieiralucas in #1291
feat(logs): persist delivery configuration + standard templates (L2) by @vieiralucas in #1290
feat(sqs): cross-service injections honor SSE-SQS (S12) by @vieiralucas in #1292
feat(s3): GetObject enforces PublicAccessBlock.IgnorePublicAcls (R1) by @vieiralucas in #1294
feat(lambda): Invoke publishes AWS/Lambda CloudWatch metrics (R2) by @vieiralucas in #1295
feat(lambda): UpdateFunctionCode fetches real bytes from S3 (R4) by @vieiralucas in #1293
feat(ses): env-flagged outbound SMTP relay (D1) by @vieiralucas in #1296
feat(sns): email subscriptions deliver via SMTP relay (D2) by @vieiralucas in #1297
feat(cognito): CompromisedCredentialsRiskConfiguration BLOCK enforcement (S11) by @vieiralucas in #1298
feat(cognito): PreTokenGeneration trigger claim merge (Y8a) by @vieiralucas in #1299
feat(cognito): WebAuthn packed attestation parsing + verification (Y8b) by @vieiralucas in #1300
feat(introspection): PKI stub introspection endpoints (PKI-1) by @vieiralucas in #1301
feat(cognito): GetSigningCertificate returns real X.509 (PKI-2) by @vieiralucas in #1302
feat(kms): real ECDSA P-521 + drop fake-bytes Sign/Verify (PKI-3) by @vieiralucas in #1303
docs(apigateway): sync v1+v2 docs with shipped features (B3) by @vieiralucas in #1305
docs(kms): sync docs with shipped features (B8) by @vieiralucas in #1306
docs(lambda): sync docs with shipped features (B7) by @vieiralucas in #1307
docs(cloudformation): expand docs with shipped features (B9) by @vieiralucas in #1308
docs(s3): sync docs + SDK helpers (B6) by @vieiralucas in #1304
docs(elasticache+appas+orgs): sync docs + new pages (B12) by @vieiralucas in #1309
docs(bedrock-agent): new pages + SDK sub-clients (B11) by @vieiralucas in #1310
docs(logs): sync docs + SDK helpers (B5) by @vieiralucas in #1314
docs(ecs): sync docs + SDK helpers (B4) by @vieiralucas in #1313
docs(cognito): sync docs + SDK helpers (B2) by @vieiralucas in #1312
docs(analytics): stepfn + new athena/glue/firehose pages + SDK helpers (B10) by @vieiralucas in #1316
docs(ses): sync docs + SDK helpers with shipped features (B1) by @vieiralucas in #1311
docs(misc): sync 8 service pages + ACM chain-info helper (B13) by @vieiralucas in #1315
docs(introspection): full /_fakecloud/* endpoint reference (B14) by @vieiralucas in #1317
docs: swap parity matrix + refresh global service/op counts (B15) by @vieiralucas in #1318
docs(guides): refresh cross-service integration guide (B16) by @vieiralucas in #1319
feat(glue): introspection endpoints — jobs + job-runs (I6) by @vieiralucas in https://github.co

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.14.0

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

What's Changed

New Contributors

What's Changed

Contributors

Uh oh!