Summary

This is our fourth major release for LocalStack, bringing a host of new features, enhancements, and breaking changes designed to improve local cloud development & test experience! With LocalStack 4.0, we’re introducing support for foundation models through the new Bedrock provider, enhanced EventBridge & API Gateway support via a native implementation, and opening up the AWS “black box” with Event Studio to give developers the tools to understand, debug, and quickly iterate over their cloud applications.

Additionally, LocalStack's Web Application now includes new features like an improved IAM Policy Stream to generate security policies on the fly, a Stack Overview for quick insights into local cloud resources, and expanded Cloud Pods capabilities for better state management.

Breaking changes include the deprecation of legacy service providers and deprecated FIS actions alongside various Ubuntu AMI, Airflow & PostgreSQL versions. Deprecations are also aimed at improving security and compatibility, such as replacing legacy API keys with Auth Tokens and streamlining environment variable management.

This release reinforces our commitment to creating a comprehensive, reliable local cloud development platform, and continues our mission to become a drop-in replacement for AWS in your local environment, as well as meeting all your enterprise needs.

AWS Features

• LocalStack now supports a new Bedrock provider that locally emulates foundation models (FMs) with features like Invoke API, Converse API & Batch processing. (🌟 enterprise)
• LocalStack has switched the default implementation for the EventBridge to a new native provider offering improved reliability, performance, and AWS parity. The old EventBridge provider is temporarily available in LocalStack using PROVIDER_OVERRIDE_EVENTS=v1.
• LocalStack has switched the default implementation for the API Gateway to a new native provider offering improved reliability, performance, and AWS parity. The old API Gateway provider is temporarily available in LocalStack using PROVIDER_OVERRIDE_APIGATEWAY=legacy.
• Python 3.13 Lambda runtime is now supported in LocalStack.

LocalStack Features

• LocalStack now features Event Studio in preview, which allows you to view data exchanges between AWS services, collect all events, inspect payloads and metadata, and replay events for all supported services at key steps. (🌟 pro)
• Support for the official LocalStack SDK for Python is now available, enabling interaction with emulated services, along with proprietary features through our internal developer endpoints.
• Support for hot reloading is now available for the Lambda Debug Mode configuration file. This feature updates the configuration every time modifications are detected, allowing for multiple debugging sessions of the same Lambda function.
• Several user experience improvements have been introduced to the preview IAM Policy Stream feature in the LocalStack Web Application. This simplifies permission management by generating a continuous flow of IAM policies based on the AWS API calls your application infrastructure makes. (🌟 pro)
• Support for a new Stack Overview feature that provides a summary of deployed resources, categorized services with configurations, and quick access to resource details like identifiers and endpoints. (🌟 pro)
• Support for a new EventBridge Pipes Resource Browser, enabling you to set up direct integrations between event producers and consumers directly from your Web Browser or the LocalStack Desktop application. (🌟 pro)
• Several new Cloud Pods capabilities have been introduced in the LocalStack Web Application: (🌟 teams)
  • Select from merge strategies when loading Cloud Pod states.
  • Choose specific services to save when creating a Cloud Pod.
• Support for a new Ephemeral Instances CLI experience that allows users to run a LocalStack instance in the cloud, enabling instance creation & management directly from your terminal. (🌟 pro)
• Users can now create a Cloud Pod at the shutdown of an Ephemeral Instance, allowing you to resume your application at the state where you left it off. (🌟 teams)
• LocalStack Enterprise users can now automatically assign licenses to new workspace members through Single Sign-On. (🌟 enterprise)
• Several new features have been introduced in the LocalStack Resource Browsers:
  • Edit and view policies directly within the IAM Resource Browser.
  • View the value of your API keys in the API Gateway Resource Browser.
  • Enable continuous updates and testing without redeployment through Lambda Hot Reloading in the Lambda Resource Browser.
• Kubernetes support for major computing and database services has been unified in LocalStack, allowing you to run a broader range of services on Kubernetes. These services include Lambda, ECS, DocumentDB, MWAA, and RDS (MySQL & MSSQL). Use the configuration variable CONTAINER_RUNTIME=kubernetes when starting LocalStack to enable Kubernetes executors for these services. (🌟 enterprise)

Enhancements

• CloudFormation Custom Resources now support UPDATE and DELETE operations
• KMS now supports deriving shared secrets using key agreement algorithm.
• Lambda Event Source Mapping now handles empty invocations from a custom Lambda bootstrap.
• Lambda now supports tagging of Event Source Mappings.
• LocalStack’s DynamoDB emulation has been upgraded to use the new DynamoDB Local 2.0.

Breaking Changes

• The following legacy service providers are being removed. Please update your configurations to use the latest versions by removing the specified settings.

  Service	Configuration Being Removed
  Step Functions	PROVIDER_OVERRIDE_STEPFUNCTIONS=legacy
  S3 (v2 Provider)	PROVIDER_OVERRIDE_S3=legacy_v2
  ElastiCache	PROVIDER_OVERRIDE_ELASTICACHE=legacy
  Event Source Mapping	LAMBDA_EVENT_SOURCE_MAPPING=v1

• The following custom LocalStack FIS actions are now removed:

  • localstack:generic:api-error
  • localstack:kms:inject-api-internal-error
  • localstack:log-debug
  • localstack:generic:latency

• Outages Extension is no longer published on PyPI and will not be maintained anymore. Please follow our documentation to migrate to the Chaos API.

• Support for the following deprecated Airflow versions for MWAA have been removed from LocalStack:

  • v1.10.12
  • v2.0.2
  • v2.2.2

• Support for RDS PostgreSQL 10 has been removed from LocalStack.

• Support for Ubuntu 20.04 AMI (ami-ff0fea8310f3) for EC2 has been removed from LocalStack.

• Support for Python 3.8 in the Python distribution of the LocalStack CLI has been removed.

Deprecations

• Auth tokens have fully replaced legacy API and CI keys for both personal and CI use, increasing security and enabling more detailed access control. Existing API and CI keys will function until early 2025, after which only Auth Tokens will be supported.
• Lambda Kubernetes Executor has been migrated into LocalStack Enterprise.
• Non-prefixed environment variables are now deprecated and users are encouraged to use a variable prefix (LOCALSTACK_) to better manage environment variables across different LocalStack versions.
• LocalStack CLI will now exclusively use Auth Tokens for user identification and authentication. The localstack auth login command will be removed.
• AWS credentials are no longer automatically set during Init Hooks execution. Scripts must now explicitly define these credentials due to LocalStack's shift to multi-account support to manage them based on request context.
• In addition to the LocalStack runtime, the LocalStack CLI also adheres to semantic versioning. While running localstack --version, the output would point to LocalStack CLI before the version number.

What's Changed

• make next-gen APIGW provider default by @bentsku in #11035
• Remove legacy Lambda ESM v1 feature by @joe4dev in #11733
• remove s3 legacy provider by @bentsku in #11746
• remove APIGW NextGen CI job by @bentsku in #11754
• Remove virtualenv dependency from docker build by @dfangl in #11794
• Add CLI version command prefix by @gtsiolis in #11474
• Remove legacy StepFunctions v1 provider in by @joe4dev in #11734
• Init hooks: Remove default AWS credentials in by @viren-nadkarni in #11705
• remove S3 persistence workaround by @bentsku #11809
• drop support for Python 3.8 in the LocalStack CLI by @alexrashed in #11875
• Add JRE dependency to Java components by @viren-nadkarni in #11462
• kms: implement DeriveSharedSecret operation by @sannya-singal in #11672
• [Lambda DevX] Bypass Concurrency Settings by @MEPalma in #11418
• APIGW: move current provider in legacy module by @bentsku in #11651
• Feature: Decompose submit notification for s3 to be able to patch it in extension by @maxhoheiser in #11692
• [SFN] Improve responsiveness on shutdown by @MEPalma in #11596
• [SFN] Base Support for ValidateStateMachineDefinition by @MEPalma in #11660
• Replicator user defined id generator by @cloutierMat in #11626
• implement new DDB streams provider using DynamoDB-Local by @bentsku in #11688
• improve tests selection by @cloutierMat in #11721
• OpenSearch: HTTP proxy support for plugin installation by @viren-nadkarni in #11723
• add: TaggingService functionality to Lambda Provider by @gregfurman in #11745
• Feature/SNS: Decompose publish to topic by @maxhoheiser in #11761
• Fix bug: Support list header value on Step Functions ApiGateway:Invoke integration by @ShahadIshraq in #11681
• X-Ray trace header parsing and Lambda tracing propagation by @joe4dev in #11708
• add IPv6 support to the runtime gateway by @labaneilers in #11601
• add AWS json protocol support for SQS developer endpoints by @thrau in #11726
• DynamoDB: Upgrade DDBLocal to v2 by @viren-nadkarni in #11064
• Remove legacy Lambda config for enabling the LocalStack SQS dependency by @joe4dev in #11759
• Add context manager to id generator by @cloutierMat in #11773
• add /_extension to well-known path prefixes to avoid s3 fallback handling by @thrau in #11796
• Introduce CONTAINER_RUNTIME environment variable to control all container runtimes by @dfangl in #11793
• migrate to LOCALSTACK_AUTH_TOKEN by @alexrashed in #11767
• ESM v2: Fix case where lambda is deleted prior to ESM resource by @gregfurman in #11686
• Feature/DynamoDBStreams: decompose process records by @maxhoheiser in #11821
• [Lambda DevX] Support for Config Hot Reloading by @MEPalma in #11477
• feat(CloudControl): Introduces list operations for bunch of services so cloudcontrol can pick them up by @Pive01 in #11830
• add ephemeral cli commands to advanced features by @HarshCasper in #11867
• EventBridge Connections tests plus implementation by @zaingz in #11836
• Add Python 3.13 Lambda runtime by @joe4dev in #11865
• Make EventBridge v2 provider default by @joe4dev in #11834
• Add client factory to bypass LocalStack DNS server by @simonrw in #11581
• Remove downloaded package archives after extracting them by @kjagiello in #11640
• upgrade kinesis-mock from 0.4.6 to 0.4.7 by @alexrashed in #11646
• Move dns server import inside resolving function to avoid import in CLI by @dfangl in #11658
• fix proxied requests forwarding to Moto by @bentsku in #11653
• Remove duplicate --strip-extras flag in dependency pinning target by @vignesh1507 in #11666
• ESM v2: Allow target Lambda response payloads to not only be JSON by @gregfurman in #11661
• Skip test_cfn_lambda_sqs_source by @viren-nadkarni in #11673
• Add LD_LIBRARY_PATH to JavaInstallerMixin by @viren-nadkarni in #11667
• Fix memory leak caused by S3 DownloadFileObj by @viren-nadkarni in #11674
• add DMS ServicePrincipal by @bentsku in #11679
• Force delete secrets when deleting a cloudformation stack by @dfangl in #11676
• revert StrEnum for Python compatibility by @bentsku in #11684
• Bump moto-ext to 5.0.17.post1 by @viren-nadkarni in #11659
• ESM v2: Test Lambda runtime where provided bootstrap returns nothing by @gregfurman in #11685
• add support for region ref in mappings inside condition CFn by @pinzon in #11671
• APIGW: improve parity for GetApiKeys and GetUsagePlanKeys by @bentsku in #11670
• logs: fix put_metric_data client for multi-account/region by @sannya-singal in #11691
• remove key-existence checks against dict.keys() calls by @bentsku in #11694
• Test force deletion of secrets already marked for deletion by @dfangl in #11680
• cfn: fix failing test_mapping_ref_map_key for multi-account/region by @sannya-singal in #11699
• ESM v2: Add EventSourceMappingArn field by @gregfurman in #11675
• Allow adaptation of the localstack run command in the supervisor by @dfangl in #11707
• Validate SQS dev endpoints by @giograno in #11620
• Add special handling of bedrock-runtime service in service router by @silv-io in #11706
• Add note recommending pyenv in dev environment docs by @silv-io in #11713
• fix source distro installation by limiting setuptools version by @alexrashed in #11715
• Add workflow to dispatch the update of the OpenAPI spec by @giograno in #11709
• APIGW NG: fix storing store attribute instead of full store by @bentsku in #11702
• refactor ref keys in conditional mappings and test by @pinzon in #11693
• fixed s3 deletion from stack in cdk by @macnev2013 in #11700
• fix lambda function extra resources upload in s3 by @macnev2013 in #11655
• Bump moto-ext to 5.0.17.post2 by @viren-nadkarni in #11710
• remove setuptools limit in build-system.requires by @alexrashed in #11725
• Add hint about pre-commit hooks to dev tips by @joe4dev in #11738
• Fix typo in dynamic ESM deprecation warning by @joe4dev in #11735
• Fix Java installer on Mac hosts by @viren-nadkarni in #11740
• Fix: Cfn: non-string parameter values by @simonrw in #11714
• remove S3 legacy CI job by @bentsku in #11743
• add DynamoDB v2 CI job by @bentsku in #11744
• Bump moto-ext to 5.0.18.post1 by @viren-nadkarni in #11753
• fix APIGW oneOf and add APIGW test for Model $ref resolving by @bentsku in #11756
• Convert SQS test util into re-usable fixture sqs_collect_messages by @joe4dev in #11757
• APIGW NG: add LocalStack-only CORS handling for REST API by @bentsku in #11764
• fix S3 enabling versioning with a ObjectLockEnabledForBucket bucket by @bentsku in #11768
• Add key value pairs to dict utility fn by @RobertLucian in #11748
• Add tests to test urlencoded IAM policies by @dfangl in #11580
• Validate SES developer endpoints against OAS by @giograno in #11776
• Remove legacy ESM CI job by @joe4dev in #11779
• Remove legacy StepFunctions CI job by @joe4dev in #11778
• APIGW: fix importing API with Cognito Authorizer by @bentsku in #11783
• APIGW: fix MOCK integration with no URI and path parameters by @bentsku in #11784
• DynamoDB: Fix hangup when resetting state by @viren-nadkarni in #11789
• Delete unused test Cfn templates by @viren-nadkarni in #11771
• APIGW: fix requestOverride not being present in responseTemplates by @bentsku in #11799
• implement S3 MD5 checksum check for UploadPart and improve logic by @bentsku in #11795
• Fix: CFn: support tags with ESMs by @simonrw in #11787
• Cfn/fix lambda update by @cloutierMat in #11802
• fix node installation in Dockerfile by @alexrashed in #11808
• Validate SNS developer endpoints by @giograno in #11621
• Remove cloudtrail tracking module by @simonrw in #11812
• Update broken links in localstack-concepts/Readme.md by @dance-cmdr in #11820
• Idempotent start of the DynamoDB server by @giograno in #11815
• Fix Java shared library path for darwin by @viren-nadkarni in #11792
• Update Node.js release signer keys by @viren-nadkarni in #11837
• Update CODEOWNERS by @localstack-bot in #11823
• Parity test for Eventbridge logs target by @zaingz in #11797
• Fix testing links and update aws client fixtures in contributing docs by @dfangl in #11839
• Replicator: support generating specific VPC ids by @simonrw in #11772
• DynamoDB: fix mkdir call with None when DYNAMODB_IN_MEMORY=1 by @bentsku in #11846
• EC2: implement determinstic subnet ID generation by @simonrw in #11853
• fix APIGW AWS_PROXY lambda response validation by @bentsku in #11856
• fix SNS empty MessageAttributes validation by @bentsku in #11857
• Add Bedrock configuration values to analytics by @silv-io in #11847
• fix usage analytics to properly register and not count if disabled by @bentsku in #11848
• [SFN] Fix access to selected items in Distributed Map state by @gregfurman in #11861
• re-add usage analytics collector_registry registration by @bentsku in #11863
• Track replicator usage in analytics by @simonrw in #11868
• Bump moto-ext to 5.0.20.post1 by @viren-nadkarni in #11831
• Added EVENT_RULE_ENGINE flag based opt-in by @zaingz in #11816
• add analytics to APIGW NextGen REST API handler chain by @bentsku in #11860
• Update analytics tracked env vars by @viren-nadkarni in #11874
• Use jpype-ext and set jpype interrupt=False by @dfangl in #11877
• Fix validated events test for v2 provider by @dominikschubert in #11852
• Prevent usage of java rule engine in tests by @dominikschubert in #11879
• deprecate env vars without prefix in CLI by @alexrashed in #11810
• Fix comment typo by @kapsiR in #11882
• ExpectedBucketOwner for S3 bucket policy operations by @nikosmichas in #11827
• Switch Lambda debug path analytics to presense by @joe4dev in #11859
• Add EventBridge rule target analytics by @joe4dev in #11884
• fix usage aggregation to not send empty payloads by @thrau in #11885
• Split analytics UsageCounter and TimingStats by @bentsku in #11854
• add analytics for SNS internal routes by @bentsku in #11862
• fix vtl resolver patch by @cloutierMat in #11886
• Put events fix for multiple targets by @zaingz in #11880
• fix java home for macos by @macnev2013 in #11888
• Add restructurings to fix events persistence in v2 by @dfangl in #11889

New Contributors

• @kjagiello made their first contribution in #11640
• @ShahadIshraq made their first contribution in #11681
• @labaneilers made their first contribution in #11601
• @dance-cmdr made their first contribution in #11820
• @Pive01 made their first contribution in #11830
• @kapsiR made their first contribution in #11882
• @nikosmichas made their first contribution in #11827

Full Changelog: v3.8.1...v4.0.0