localstack
diff --git a/‎localstack-core/localstack/services/cloudformation/engine/entities.py
Lines changed: 4 additions & 0 deletions b/‎localstack-core/localstack/services/cloudformation/engine/entities.py
Lines changed: 4 additions & 0 deletions
diff --git a/‎localstack-core/localstack/services/cloudformation/engine/transformers.py
Lines changed: 180 additions & 2 deletions b/‎localstack-core/localstack/services/cloudformation/engine/transformers.py
Lines changed: 180 additions & 2 deletions
diff --git a/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model_executor.py
Lines changed: 7 additions & 6 deletions b/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model_executor.py
Lines changed: 7 additions & 6 deletions
diff --git a/‎localstack-core/localstack/services/cloudformation/provider.py
Lines changed: 17 additions & 5 deletions b/‎localstack-core/localstack/services/cloudformation/provider.py
Lines changed: 17 additions & 5 deletions
diff --git a/‎localstack-core/localstack/testing/pytest/fixtures.py
Lines changed: 2 additions & 0 deletions b/‎localstack-core/localstack/testing/pytest/fixtures.py
Lines changed: 2 additions & 0 deletions
@@ -104,6 +104,10 @@ def __init__(
         self.template_original = clone_safe(self.template)
         # initialize resources
         for resource_id, resource in self.template_resources.items():
+            # HACK: if the resource is a Fn::ForEach intrinsic call from the LanguageExtensions transform, then it is not a dictionary but a list
+            if resource_id.startswith("Fn::ForEach"):
+                # we are operating on an untransformed template, so ignore for now
+                continue
             resource["LogicalResourceId"] = self.template_original["Resources"][resource_id][
                 "LogicalResourceId"
             ] = resource.get("LogicalResourceId") or resource_id
 
@@ -1,8 +1,11 @@
+import copy
 import json
 import logging
 import os
+import re
 from copy import deepcopy
-from typing import Dict, Optional, Type, Union
+from dataclasses import dataclass
+from typing import Any, Callable, Dict, Optional, Type, Union
 
 import boto3
 from botocore.exceptions import ClientError
@@ -12,6 +15,7 @@
 from localstack.aws.connect import connect_to
 from localstack.services.cloudformation.engine.policy_loader import create_policy_loader
 from localstack.services.cloudformation.engine.template_deployer import resolve_refs_recursively
+from localstack.services.cloudformation.engine.validations import ValidationError
 from localstack.services.cloudformation.stores import get_cloudformation_store
 from localstack.utils import testutil
 from localstack.utils.objects import recurse_object
@@ -26,6 +30,29 @@
 TransformResult = Union[dict, str]
 
 
+@dataclass
+class ResolveRefsRecursivelyContext:
+    account_id: str
+    region_name: str
+    stack_name: str
+    resources: dict
+    mappings: dict
+    conditions: dict
+    parameters: dict
+
+    def resolve(self, value: Any) -> Any:
+        return resolve_refs_recursively(
+            self.account_id,
+            self.region_name,
+            self.stack_name,
+            self.resources,
+            self.mappings,
+            self.conditions,
+            self.parameters,
+            value,
+        )
+
+
 class Transformer:
     """Abstract class for Fn::Transform intrinsic functions"""
 
@@ -155,7 +182,20 @@ def apply_global_transformations(
                 account_id, region_name, processed_template, stack_parameters
             )
         elif transformation["Name"] == EXTENSIONS_TRANSFORM:
-            continue
+            resolve_context = ResolveRefsRecursivelyContext(
+                account_id,
+                region_name,
+                stack_name,
+                resources,
+                mappings,
+                conditions,
+                stack_parameters,
+            )
+
+            processed_template = apply_language_extensions_transform(
+                processed_template,
+                resolve_context,
+            )
         elif transformation["Name"] == SECRETSMANAGER_TRANSFORM:
             # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-secretsmanager.html
             LOG.warning("%s is not yet supported. Ignoring.", SECRETSMANAGER_TRANSFORM)
@@ -269,6 +309,144 @@ def execute_macro(
     return result.get("fragment")
 
 
+def apply_language_extensions_transform(
+    template: dict,
+    resolve_context: ResolveRefsRecursivelyContext,
+) -> dict:
+    """
+    Resolve language extensions constructs
+    """
+
+    def _visit(obj, path, **_):
+        # Fn::ForEach
+        # TODO: can this be used in non-resource positions?
+        if isinstance(obj, dict) and any("Fn::ForEach" in key for key in obj):
+            newobj = {}
+            for key in obj:
+                if "Fn::ForEach" not in key:
+                    newobj[key] = obj[key]
+                    continue
+
+                new_entries = expand_fn_foreach(obj[key], resolve_context)
+                newobj.update(**new_entries)
+            return newobj
+        # Fn::Length
+        elif isinstance(obj, dict) and "Fn::Length" in obj:
+            value = obj["Fn::Length"]
+            if isinstance(value, dict):
+                value = resolve_context.resolve(value)
+
+            if isinstance(value, list):
+                # TODO: what if one of the elements was AWS::NoValue?
+                # no conversion required
+                return len(value)
+            elif isinstance(value, str):
+                length = len(value.split(","))
+                return length
+            return obj
+        elif isinstance(obj, dict) and "Fn::ToJsonString" in obj:
+            # TODO: is the default representation ok here?
+            return json.dumps(obj["Fn::ToJsonString"], default=str, separators=(",", ":"))
+
+            # reference
+        return obj
+
+    return recurse_object(template, _visit)
+
+
+def expand_fn_foreach(
+    foreach_defn: list,
+    resolve_context: ResolveRefsRecursivelyContext,
+    extra_replace_mapping: dict | None = None,
+) -> dict:
+    if len(foreach_defn) != 3:
+        raise ValidationError(
+            f"Fn::ForEach: invalid number of arguments, expected 3 got {len(foreach_defn)}"
+        )
+    output = {}
+    iteration_name, iteration_value, template = foreach_defn
+    if not isinstance(iteration_name, str):
+        raise ValidationError(
+            f"Fn::ForEach: incorrect type for iteration name '{iteration_name}', expected str"
+        )
+    if isinstance(iteration_value, dict):
+        # we have a reference
+        if "Ref" in iteration_value:
+            iteration_value = resolve_context.resolve(iteration_value)
+        else:
+            raise NotImplementedError(
+                f"Fn::Transform: intrinsic {iteration_value} not supported in this position yet"
+            )
+    if not isinstance(iteration_value, list):
+        raise ValidationError(
+            f"Fn::ForEach: incorrect type for iteration variables '{iteration_value}', expected list"
+        )
+
+    if not isinstance(template, dict):
+        raise ValidationError(
+            f"Fn::ForEach: incorrect type for template '{template}', expected dict"
+        )
+
+    # TODO: locations other than resources
+    replace_template_value = "${" + iteration_name + "}"
+    for variable in iteration_value:
+        # there might be multiple children, which could themselves be a `Fn::ForEach` call
+        for logical_resource_id_template in template:
+            if logical_resource_id_template.startswith("Fn::ForEach"):
+                result = expand_fn_foreach(
+                    template[logical_resource_id_template],
+                    resolve_context,
+                    {iteration_name: variable},
+                )
+                output.update(**result)
+                continue
+
+            if replace_template_value not in logical_resource_id_template:
+                raise ValidationError("Fn::ForEach: no placeholder in logical resource id")
+
+            def gen_visit(variable: str) -> Callable:
+                def _visit(obj: Any, path: Any):
+                    if isinstance(obj, dict) and "Ref" in obj:
+                        ref_variable = obj["Ref"]
+                        if ref_variable == iteration_name:
+                            return variable
+                    elif isinstance(obj, dict) and "Fn::Sub" in obj:
+                        arguments = recurse_object(obj["Fn::Sub"], _visit)
+                        if isinstance(arguments, str):
+                            # simple case
+                            # TODO: can this reference anything outside of the template?
+                            result = arguments
+                            variables_found = re.findall("\\${([^}]+)}", arguments)
+                            for var in variables_found:
+                                if var == iteration_name:
+                                    result = result.replace(f"${{{var}}}", variable)
+                            return result
+                        else:
+                            raise NotImplementedError
+                    elif isinstance(obj, dict) and "Fn::Join" in obj:
+                        # first visit arguments
+                        arguments = recurse_object(
+                            obj["Fn::Join"],
+                            _visit,
+                        )
+                        separator, items = arguments
+                        return separator.join(items)
+                    return obj
+
+                return _visit
+
+            logical_resource_id = logical_resource_id_template.replace(
+                replace_template_value, variable
+            )
+            for key, value in (extra_replace_mapping or {}).items():
+                logical_resource_id = logical_resource_id.replace("${" + key + "}", value)
+            resource_body = copy.deepcopy(template[logical_resource_id_template])
+            body = recurse_object(resource_body, gen_visit(variable))
+            output[logical_resource_id] = body
+
+    return output
+
+
 def apply_serverless_transformation(
     account_id: str, region_name: str, parsed_template: dict, template_parameters: dict
 ) -> Optional[str]:
 
@@ -355,12 +355,13 @@ def _execute_resource_action(
         )
         resource_provider = resource_provider_executor.try_load_resource_provider(resource_type)
         track_resource_operation(action, resource_type, missing=resource_provider is not None)
-        log_not_available_message(
-            resource_type,
-            f'No resource provider found for "{resource_type}"',
-        )
-        if resource_provider is None and not config.CFN_IGNORE_UNSUPPORTED_RESOURCE_TYPES:
-            raise NoResourceProvider
+        if resource_provider is None:
+            log_not_available_message(
+                resource_type,
+                f'No resource provider found for "{resource_type}"',
+            )
+            if not config.CFN_IGNORE_UNSUPPORTED_RESOURCE_TYPES:
+                raise NoResourceProvider
 
         extra_resource_properties = {}
         event = ProgressEvent(OperationStatus.SUCCESS, resource_model={})
 
@@ -244,7 +244,6 @@ def create_stack(self, context: RequestContext, request: CreateStackInput) -> Cr
             old_parameters={},
         )
 
-        # handle conditions
         stack = Stack(context.account_id, context.region, request, template)
 
         try:
@@ -269,12 +268,15 @@ def create_stack(self, context: RequestContext, request: CreateStackInput) -> Cr
             state.stacks[stack.stack_id] = stack
             return CreateStackOutput(StackId=stack.stack_id)
 
+        # HACK: recreate the stack (including all of its confusing processes in the __init__ method
+        # to set the stack template to be the transformed template, rather than the untransformed
+        # template
+        stack = Stack(context.account_id, context.region, request, template)
+
         # perform basic static analysis on the template
         for validation_fn in DEFAULT_TEMPLATE_VALIDATIONS:
             validation_fn(template)
 
-        stack = Stack(context.account_id, context.region, request, template)
-
         # resolve conditions
         raw_conditions = template.get("Conditions", {})
         resolved_stack_conditions = resolve_stack_conditions(
@@ -512,8 +514,18 @@ def get_template(
 
         if template_stage == TemplateStage.Processed and "Transform" in stack.template_body:
             copy_template = clone(stack.template_original)
-            copy_template.pop("ChangeSetName", None)
-            copy_template.pop("StackName", None)
+            for key in [
+                "ChangeSetName",
+                "StackName",
+                "StackId",
+                "Transform",
+                "Conditions",
+                "Mappings",
+            ]:
+                copy_template.pop(key, None)
+            for key in ["Parameters", "Outputs"]:
+                if key in copy_template and not copy_template[key]:
+                    copy_template.pop(key)
             for resource in copy_template.get("Resources", {}).values():
                 resource.pop("LogicalResourceId", None)
             template_body = json.dumps(copy_template)
 
@@ -1106,6 +1106,8 @@ def _deploy(
 
         if template_path is not None:
             template = load_template_file(template_path)
+            if template is None:
+                raise RuntimeError(f"Could not find file {os.path.realpath(template_path)}")
         template_rendered = render_template(template, **(template_mapping or {}))
 
         kwargs = dict(