May 12, 2026 · v1.3.37
Three additions, six correctness fixes — most surfaced by comparing MiniStack behaviour against real AWS API references.
AWS::ApiGateway::AuthorizerStacks declaring a TOKEN / REQUEST / COGNITO_USER_POOLS authorizer used to fail with Unsupported resource type. The new provisioner wires straight into the existing apigateway_v1 store and honours the standard CFN properties — Name, Type, AuthorizerUri, AuthorizerCredentials, IdentitySource, IdentityValidationExpression, AuthorizerResultTtlInSeconds, ProviderARNs, RestApiId. AuthType is informational only in the AWS spec and is dropped.
AddPermission / RemovePermissionBoth operations now wire through to the queue's IAM resource policy stored under the existing Policy queue attribute. AddPermission appends statements in the AWS canonical shape: bare 12-digit account IDs in Principal.AWS, lowercase sqs: action namespace, and the <queue-arn>/SQSDefaultPolicy Id pattern.
aws sqs add-permission \ --queue-url $URL --label cross-acct \ --aws-account-ids 111111111111 \ --actions SendMessage ReceiveMessage
Duplicate Label is rejected with InvalidParameterValue; RemovePermission is idempotent per AWS.
DescribePendingMaintenanceActions no-op surfaceThe operation now accepts the request and returns an empty PendingMaintenanceActions list. ResourceIdentifier, Filters, Marker, and MaxRecords are accepted and ignored. Unblocks brownfield state-capture tooling that walks the full RDS API surface. Contributed by @jayjanssen.
SendMessage honors MaximumMessageSizeBody byte length is now validated against the queue's MaximumMessageSize attribute (default 262144, configurable up to 1 MiB per AWS). Oversized messages return InvalidParameterValue (400). Before this fix MiniStack silently accepted oversized messages that real AWS would reject.
Publish and PublishBatch enforce 256 KiBTotal payload size (Message + MessageAttributes name/type/value bytes) is now bounded at 262144 bytes per AWS docs. Publish returns InvalidParameter (400); PublishBatch surfaces each oversized entry as a per-entry failure rather than failing the whole batch. Subject is intentionally excluded (AWS limits it to 100 chars but does not count it toward the 256 KiB payload).
MessageGroupId on FIFO queuesThe dispatcher now reads the target's SqsParameters block and stamps MessageGroupId on the delivered message; it also derives a content-based MessageDeduplicationId and a fifo_seq so the delivery shape matches real EventBridge → FIFO SQS. Before this fix MiniStack dropped MessageGroupId at dispatch, so FIFO targets received messages that real AWS would reject.
DeleteQueue raises QueueDoesNotExistThe action silently returned {} when the URL didn't match a stored queue. Real AWS returns 400 QueueDoesNotExist (awsQueryCompatible code AWS.SimpleQueueService.NonExistentQueue). The handler now routes through the same _get_q helper every other SQS action uses, also picking up its docker-compose-hostname fallback. Contributed by @mfurqaan31.
UploadPartCopy validates x-amz-copy-source-rangeThe header was parsed with rng.split("-") and no validation, so malformed values (bytes=abc-def, extra dashes, missing prefix) raised an unhandled ValueError and surfaced as HTTP 500; reversed and out-of-bounds ranges silently produced wrong-sized parts. All malformed inputs now return 400 InvalidArgument; out-of-bounds includes the source object size in the error message. boto3 retries 5xx but fails fast on 4xx, so the prior 500 behaviour caused infinite client retry loops against MiniStack where real S3 would have failed immediately. Contributed by @mfurqaan31.
AWS SDK for .NET v4 sends HTTP/1.1 requests with absolute-form targets (e.g. PUT http://ministack:4566/bucket/key); hypercorn passes the raw target through, so MiniStack was parsing http: as the bucket name. _parse_bucket_key now strips scheme + authority before parsing. Contributed by @mark-bray.
docker pull ministackorg/ministack:1.3.37 docker run -d -p 4566:4566 ministackorg/ministack:1.3.37
Or pin in compose.yaml:
services:
ministack:
image: ministackorg/ministack:1.3.37
ports:
- "4566:4566"
Shipped by the MiniStack community. Contributions credited throughout. GitHub · r/ministack