May 27, 2026 · v1.3.51
1.3.51 is a DynamoDB-heavy release driven by the dynamodb-conformance.org gap report. Six new feature surfaces, plus EC2 security-group lifecycle responses and roughly twenty validator and shape fixes.
CreateBackup, DescribeBackup, DeleteBackup, ListBackups, RestoreTableFromBackup, and RestoreTableToPointInTime. Restore rebuilds the target table with the snapshot's items, key schema, and indexes; BillingModeOverride, GlobalSecondaryIndexOverride, and LocalSecondaryIndexOverride are honored. Backup metadata persists across MiniStack restarts via the existing persistence hooks.
ExportTableToPointInTime, DescribeExport, ListExports, ImportTable, DescribeImport, ListImports. Both ops are idempotent on ClientToken. The emulator completes exports synchronously and re-creates the destination table from TableCreationParameters on import.
UpdateContributorInsights, DescribeContributorInsights, ListContributorInsights. The ENABLING→ENABLED and DISABLING→DISABLED state machine matches the way real AWS settles status on subsequent Describe calls; optional IndexName is validated against the table's GSI list.
PutResourcePolicy, GetResourcePolicy, DeleteResourcePolicy with full revision-id semantics. ExpectedRevisionId mismatches raise PolicyNotFoundException, including the NO_POLICY conditional path documented in the AWS API reference. Policy size is capped at 20 KB per the AWS quota.
BatchExecuteStatement and ExecuteTransaction land with ClientRequestToken idempotency, all-or-nothing rollback on any statement failure, and DuplicateItemException on INSERT against an existing primary key. ExecuteStatement now also returns ConsumedCapacity when ReturnConsumedCapacity is set.
DescribeLimitsReturns the canonical account- and table-level read/write capacity limits.
CreateSecurityGroup now returns SecurityGroupArn, DeleteSecurityGroup returns the deleted GroupId, and RevokeSecurityGroupEgress returns RevokedSecurityGroupRules, so workflows that inspect create / revoke / delete output get the same shapes as production. DescribeSecurityGroups also now distinguishes malformed IDs (InvalidGroupId.Malformed) from missing ones (InvalidGroup.NotFound). Contributed by @Areson.
Item-level validation tightened across PutItem, BatchWriteItem, and TransactWriteItems (empty SS/NS/BS, duplicate set elements, empty hash/sort key strings, number canonicalization, 38-digit bound, 400 KB item-size cap with attribute names counted). Batch and transaction caps enforced (25 / 100 / 4 MB). Full CreateTable and UpdateTable validation. Query and Scan reject unsupported parameter combinations. UpdateItem resolves SET references against the pre-update snapshot. GetItem ProjectionExpression honors nested paths and list indexes. Reserved keywords, redundant parentheses, and contains(x, x) rejected. ExpressionAttributeNames / ExpressionAttributeValues bookkeeping. Binary keys order bytewise; size() counts UTF-16 code units for strings and bytes for binary.
Glue StartJobRun no longer auto-pulls a missing Docker image (stubs the run to SUCCEEDED when the image isn't present locally, instead of triggering a multi-gigabyte pull on the request path). MWAA worker containers auto-remove on exit instead of leaving stopped containers behind after every DAG run.
docker pull ministackorg/ministack:1.3.51 docker run -d -p 4566:4566 ministackorg/ministack:1.3.51
Or pin in compose.yaml:
services:
ministack:
image: ministackorg/ministack:1.3.51
ports:
- "4566:4566"
Issues and PRs welcome on GitHub. Discussion on r/ministack.