localstack-core 4.3.1.dev6__py3-none-any.whl → 4.3.1.dev28__py3-none-any.whl

localstack/services/cloudformation/engine/v2/change_set_model_executor.py

@@ -0,0 +1,170 @@
+import logging
+import uuid
+from typing import Final
+
+from localstack.aws.api.cloudformation import ChangeAction
+from localstack.constants import INTERNAL_AWS_SECRET_ACCESS_KEY
+from localstack.services.cloudformation.engine.v2.change_set_model import (
+    NodeIntrinsicFunction,
+    NodeResource,
+    NodeTemplate,
+    TerminalValue,
+)
+from localstack.services.cloudformation.engine.v2.change_set_model_describer import (
+    ChangeSetModelDescriber,
+    DescribeUnit,
+)
+from localstack.services.cloudformation.resource_provider import (
+    Credentials,
+    OperationStatus,
+    ProgressEvent,
+    ResourceProviderExecutor,
+    ResourceProviderPayload,
+    get_resource_type,
+)
+
+LOG = logging.getLogger(__name__)
+
+
+class ChangeSetModelExecutor(ChangeSetModelDescriber):
+    account_id: Final[str]
+    region: Final[str]
+
+    def __init__(
+        self,
+        node_template: NodeTemplate,
+        account_id: str,
+        region: str,
+        stack_name: str,
+        stack_id: str,
+    ):
+        super().__init__(node_template)
+        self.account_id = account_id
+        self.region = region
+        self.stack_name = stack_name
+        self.stack_id = stack_id
+        self.resources = {}
+
+    def execute(self) -> dict:
+        self.visit(self._node_template)
+        return self.resources
+
+    def visit_node_resource(self, node_resource: NodeResource) -> DescribeUnit:
+        resource_provider_executor = ResourceProviderExecutor(
+            stack_name=self.stack_name, stack_id=self.stack_id
+        )
+
+        # TODO: investigate effects on type changes
+        properties_describe_unit = self.visit_node_properties(node_resource.properties)
+        LOG.info("SRW: describe unit: %s", properties_describe_unit)
+
+        action = node_resource.change_type.to_action()
+        if action is None:
+            raise RuntimeError(
+                f"Action should always be present, got change type: {node_resource.change_type}"
+            )
+
+        # TODO
+        resource_type = get_resource_type({"Type": "AWS::SSM::Parameter"})
+        payload = self.create_resource_provider_payload(
+            properties_describe_unit,
+            action,
+            node_resource.name,
+            resource_type,
+        )
+        resource_provider = resource_provider_executor.try_load_resource_provider(resource_type)
+
+        extra_resource_properties = {}
+        if resource_provider is not None:
+            # TODO: stack events
+            event = resource_provider_executor.deploy_loop(
+                resource_provider, extra_resource_properties, payload
+            )
+        else:
+            event = ProgressEvent(OperationStatus.SUCCESS, resource_model={})
+
+        self.resources.setdefault(node_resource.name, {"Properties": {}})
+        match event.status:
+            case OperationStatus.SUCCESS:
+                # merge the resources state with the external state
+                # TODO: this is likely a duplicate of updating from extra_resource_properties
+                self.resources[node_resource.name]["Properties"].update(event.resource_model)
+                self.resources[node_resource.name].update(extra_resource_properties)
+                # XXX for legacy delete_stack compatibility
+                self.resources[node_resource.name]["LogicalResourceId"] = node_resource.name
+                self.resources[node_resource.name]["Type"] = resource_type
+            case any:
+                raise NotImplementedError(f"Event status '{any}' not handled")
+
+        return DescribeUnit(before_context=None, after_context={})
+
+    def visit_node_intrinsic_function_fn_get_att(
+        self, node_intrinsic_function: NodeIntrinsicFunction
+    ) -> DescribeUnit:
+        arguments_unit = self.visit(node_intrinsic_function.arguments)
+        before_arguments_list = arguments_unit.before_context
+        after_arguments_list = arguments_unit.after_context
+        if before_arguments_list:
+            logical_name_of_resource = before_arguments_list[0]
+            attribute_name = before_arguments_list[1]
+            before_node_resource = self._get_node_resource_for(
+                resource_name=logical_name_of_resource, node_template=self._node_template
+            )
+            node_property: TerminalValue = self._get_node_property_for(
+                property_name=attribute_name, node_resource=before_node_resource
+            )
+            before_context = self.visit(node_property.value).before_context
+        else:
+            before_context = None
+
+        if after_arguments_list:
+            logical_name_of_resource = after_arguments_list[0]
+            attribute_name = after_arguments_list[1]
+            after_node_resource = self._get_node_resource_for(
+                resource_name=logical_name_of_resource, node_template=self._node_template
+            )
+            node_property: TerminalValue = self._get_node_property_for(
+                property_name=attribute_name, node_resource=after_node_resource
+            )
+            after_context = self.visit(node_property.value).after_context
+        else:
+            after_context = None
+
+        return DescribeUnit(before_context=before_context, after_context=after_context)
+
+    def create_resource_provider_payload(
+        self,
+        describe_unit: DescribeUnit,
+        action: ChangeAction,
+        logical_resource_id: str,
+        resource_type: str,
+    ) -> ResourceProviderPayload:
+        # FIXME: use proper credentials
+        creds: Credentials = {
+            "accessKeyId": self.account_id,
+            "secretAccessKey": INTERNAL_AWS_SECRET_ACCESS_KEY,
+            "sessionToken": "",
+        }
+        resource_provider_payload: ResourceProviderPayload = {
+            "awsAccountId": self.account_id,
+            "callbackContext": {},
+            "stackId": self.stack_name,
+            "resourceType": resource_type,
+            "resourceTypeVersion": "000000",
+            # TODO: not actually a UUID
+            "bearerToken": str(uuid.uuid4()),
+            "region": self.region,
+            "action": str(action),
+            "requestData": {
+                "logicalResourceId": logical_resource_id,
+                "resourceProperties": describe_unit.after_context["Properties"],
+                "previousResourceProperties": describe_unit.before_context["Properties"],
+                "callerCredentials": creds,
+                "providerCredentials": creds,
+                "systemTags": {},
+                "previousSystemTags": {},
+                "stackTags": {},
+                "previousStackTags": {},
+            },
+        }
+        return resource_provider_payload

localstack/services/cloudformation/engine/v2/change_set_model_visitor.py

@@ -10,6 +10,8 @@ from localstack.services.cloudformation.engine.v2.change_set_model import (
     NodeMapping,
     NodeMappings,
     NodeObject,
+    NodeOutput,
+    NodeOutputs,
     NodeParameter,
     NodeParameters,
     NodeProperties,
@@ -53,6 +55,12 @@ class ChangeSetModelVisitor(abc.ABC):
     def visit_node_mappings(self, node_mappings: NodeMappings):
         self.visit_children(node_mappings)
 
+    def visit_node_outputs(self, node_outputs: NodeOutputs):
+        self.visit_children(node_outputs)
+
+    def visit_node_output(self, node_output: NodeOutput):
+        self.visit_children(node_output)
+
     def visit_node_parameters(self, node_parameters: NodeParameters):
         self.visit_children(node_parameters)
 

localstack/services/cloudformation/v2/provider.py

@@ -1,3 +1,4 @@
+import logging
 from copy import deepcopy
 
 from localstack.aws.api import RequestContext, handler
@@ -5,12 +6,18 @@ from localstack.aws.api.cloudformation import (
     ChangeSetNameOrId,
     ChangeSetNotFoundException,
     ChangeSetType,
+    ClientRequestToken,
     CreateChangeSetInput,
     CreateChangeSetOutput,
     DescribeChangeSetOutput,
+    DisableRollback,
+    ExecuteChangeSetOutput,
+    ExecutionStatus,
     IncludePropertyValues,
+    InvalidChangeSetStatusException,
     NextToken,
     Parameter,
+    RetainExceptOnCreate,
     StackNameOrId,
     StackStatus,
 )
@@ -27,6 +34,9 @@ from localstack.services.cloudformation.engine.template_utils import resolve_sta
 from localstack.services.cloudformation.engine.v2.change_set_model_describer import (
     ChangeSetModelDescriber,
 )
+from localstack.services.cloudformation.engine.v2.change_set_model_executor import (
+    ChangeSetModelExecutor,
+)
 from localstack.services.cloudformation.engine.validations import ValidationError
 from localstack.services.cloudformation.provider import (
     ARN_CHANGESET_REGEX,
@@ -41,6 +51,8 @@ from localstack.services.cloudformation.stores import (
 )
 from localstack.utils.collections import remove_attributes
 
+LOG = logging.getLogger(__name__)
+
 
 class CloudformationProviderV2(CloudformationProvider):
     @handler("CreateChangeSet", expand=False)
@@ -178,7 +190,12 @@ class CloudformationProviderV2(CloudformationProvider):
 
         # create change set for the stack and apply changes
         change_set = StackChangeSet(
-            context.account_id, context.region, stack, req_params, transformed_template
+            context.account_id,
+            context.region,
+            stack,
+            req_params,
+            transformed_template,
+            change_set_type=change_set_type,
         )
         # only set parameters for the changeset, then switch to stack on execute_change_set
         change_set.template_body = template_body
@@ -233,14 +250,61 @@ class CloudformationProviderV2(CloudformationProvider):
 
         return CreateChangeSetOutput(StackId=change_set.stack_id, Id=change_set.change_set_id)
 
+    @handler("ExecuteChangeSet")
+    def execute_change_set(
+        self,
+        context: RequestContext,
+        change_set_name: ChangeSetNameOrId,
+        stack_name: StackNameOrId | None = None,
+        client_request_token: ClientRequestToken | None = None,
+        disable_rollback: DisableRollback | None = None,
+        retain_except_on_create: RetainExceptOnCreate | None = None,
+        **kwargs,
+    ) -> ExecuteChangeSetOutput:
+        change_set = find_change_set(
+            context.account_id,
+            context.region,
+            change_set_name,
+            stack_name=stack_name,
+            active_only=True,
+        )
+        if not change_set:
+            raise ChangeSetNotFoundException(f"ChangeSet [{change_set_name}] does not exist")
+        if change_set.metadata.get("ExecutionStatus") != ExecutionStatus.AVAILABLE:
+            LOG.debug("Change set %s not in execution status 'AVAILABLE'", change_set_name)
+            raise InvalidChangeSetStatusException(
+                f"ChangeSet [{change_set.metadata['ChangeSetId']}] cannot be executed in its current status of [{change_set.metadata.get('Status')}]"
+            )
+        stack_name = change_set.stack.stack_name
+        LOG.debug(
+            'Executing change set "%s" for stack "%s" with %s resources ...',
+            change_set_name,
+            stack_name,
+            len(change_set.template_resources),
+        )
+        if not change_set.update_graph:
+            raise RuntimeError("Programming error: no update graph found for change set")
+
+        change_set_executor = ChangeSetModelExecutor(
+            change_set.update_graph,
+            account_id=context.account_id,
+            region=context.region,
+            stack_name=change_set.stack.stack_name,
+            stack_id=change_set.stack.stack_id,
+        )
+        new_resources = change_set_executor.execute()
+        change_set.stack.set_stack_status(f"{change_set.change_set_type or 'UPDATE'}_COMPLETE")
+        change_set.stack.resources = new_resources
+        return ExecuteChangeSetOutput()
+
     @handler("DescribeChangeSet")
     def describe_change_set(
         self,
         context: RequestContext,
         change_set_name: ChangeSetNameOrId,
-        stack_name: StackNameOrId = None,
-        next_token: NextToken = None,
-        include_property_values: IncludePropertyValues = None,
+        stack_name: StackNameOrId | None = None,
+        next_token: NextToken | None = None,
+        include_property_values: IncludePropertyValues | None = None,
         **kwargs,
     ) -> DescribeChangeSetOutput:
         # TODO add support for include_property_values
@@ -261,8 +325,10 @@ class CloudformationProviderV2(CloudformationProvider):
         if not change_set:
             raise ChangeSetNotFoundException(f"ChangeSet [{change_set_name}] does not exist")
 
-        change_set_describer = ChangeSetModelDescriber(node_template=change_set.update_graph)
-        resource_changes = change_set_describer.get_resource_changes()
+        change_set_describer = ChangeSetModelDescriber(
+            node_template=change_set.update_graph, include_property_values=include_property_values
+        )
+        resource_changes = change_set_describer.get_changes()
 
         attrs = [
             "ChangeSetType",

localstack/services/ec2/patches.py

@@ -78,15 +78,22 @@ def apply_patches():
         tags: Optional[dict[str, str]] = None,
         **kwargs,
     ):
+        # Patch this method so that we can create a subnet with a specific "custom"
+        # ID.  The custom ID that we will use is contained within a special tag.
         vpc_id: str = args[0] if len(args) >= 1 else kwargs["vpc_id"]
         cidr_block: str = args[1] if len(args) >= 1 else kwargs["cidr_block"]
         resource_identifier = SubnetIdentifier(
             self.account_id, self.region_name, vpc_id, cidr_block
         )
-        # tags has the format: {"subnet": {"Key": ..., "Value": ...}}
+
+        # tags has the format: {"subnet": {"Key": ..., "Value": ...}}, but we need
+        # to pass this to the generate method as {"Key": ..., "Value": ...}.  Take
+        # care not to alter the original tags dict otherwise moto will not be able
+        # to understand it.
+        subnet_tags = None
         if tags is not None:
-            tags = tags.get("subnet", tags)
-        custom_id = resource_identifier.generate(tags=tags)
+            subnet_tags = tags.get("subnet", tags)
+        custom_id = resource_identifier.generate(tags=subnet_tags)
 
         if custom_id:
             # Check if custom id is unique within a given VPC
@@ -102,9 +109,16 @@ def apply_patches():
         if custom_id:
             # Remove the subnet from the default dict and add it back with the custom id
             self.subnets[availability_zone].pop(result.id)
+            old_id = result.id
             result.id = custom_id
             self.subnets[availability_zone][custom_id] = result
 
+            # Tags are not stored in the Subnet object, but instead stored in a separate
+            # dict in the EC2 backend, keyed by subnet id.  That therefore requires
+            # updating as well.
+            if old_id in self.tags:
+                self.tags[custom_id] = self.tags.pop(old_id)
+
         # Return the subnet with the patched custom id
         return result
 
@@ -132,9 +146,16 @@ def apply_patches():
         if custom_id:
             # Remove the security group from the default dict and add it back with the custom id
             self.groups[result.vpc_id].pop(result.group_id)
+            old_id = result.group_id
             result.group_id = result.id = custom_id
             self.groups[result.vpc_id][custom_id] = result
 
+            # Tags are not stored in the Security Group object, but instead are stored in a
+            # separate dict in the EC2 backend, keyed by id.  That therefore requires
+            # updating as well.
+            if old_id in self.tags:
+                self.tags[custom_id] = self.tags.pop(old_id)
+
         return result
 
     @patch(ec2_models.vpcs.VPCBackend.create_vpc)
@@ -175,9 +196,16 @@ def apply_patches():
 
             # Remove the VPC from the default dict and add it back with the custom id
             self.vpcs.pop(vpc_id)
+            old_id = result.id
             result.id = custom_id
             self.vpcs[custom_id] = result
 
+            # Tags are not stored in the VPC object, but instead stored in a separate
+            # dict in the EC2 backend, keyed by VPC id.  That therefore requires
+            # updating as well.
+            if old_id in self.tags:
+                self.tags[custom_id] = self.tags.pop(old_id)
+
             # Create default network ACL, route table, and security group for custom ID VPC
             self.create_route_table(
                 vpc_id=custom_id,

localstack/services/events/provider.py

@@ -44,6 +44,7 @@ from localstack.aws.api.events import (
     DescribeReplayResponse,
     DescribeRuleResponse,
     EndpointId,
+    EventBusArn,
     EventBusDescription,
     EventBusList,
     EventBusName,
@@ -921,12 +922,14 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
         self,
         context: RequestContext,
         archive_name: ArchiveName,
-        event_source_arn: Arn,
+        event_source_arn: EventBusArn,
         description: ArchiveDescription = None,
         event_pattern: EventPattern = None,
         retention_days: RetentionDays = None,
+        kms_key_identifier: KmsKeyIdentifier = None,
         **kwargs,
     ) -> CreateArchiveResponse:
+        # TODO add support for kms_key_identifier
         region = context.region
         account_id = context.account_id
         store = self.get_store(region, account_id)
@@ -1022,8 +1025,10 @@ class EventsProvider(EventsApi, ServiceLifecycleHook):
         description: ArchiveDescription = None,
         event_pattern: EventPattern = None,
         retention_days: RetentionDays = None,
+        kms_key_identifier: KmsKeyIdentifier = None,
         **kwargs,
     ) -> UpdateArchiveResponse:
+        # TODO add support for kms_key_identifier
         region = context.region
         account_id = context.account_id
         store = self.get_store(region, account_id)

localstack/services/kms/models.py

@@ -476,7 +476,7 @@ class KmsKey:
             if "PKCS" in signing_algorithm:
                 return padding.PKCS1v15()
             elif "PSS" in signing_algorithm:
-                return padding.PSS(mgf=padding.MGF1(hasher), salt_length=padding.PSS.MAX_LENGTH)
+                return padding.PSS(mgf=padding.MGF1(hasher), salt_length=padding.PSS.DIGEST_LENGTH)
             else:
                 LOG.warning("Unsupported padding in SigningAlgorithm '%s'", signing_algorithm)
 

localstack/services/lambda_/event_source_mapping/pollers/dynamodb_poller.py

@@ -61,6 +61,8 @@ class DynamoDBPoller(StreamPoller):
                 **kwargs,
             )
             shards[shard_id] = get_shard_iterator_response["ShardIterator"]
+
+        LOG.debug("Event source %s has %d shards.", self.source_arn, len(self.shards))
         return shards
 
     def stream_arn_param(self) -> dict:

localstack/services/lambda_/event_source_mapping/pollers/kinesis_poller.py

@@ -84,6 +84,8 @@ class KinesisPoller(StreamPoller):
                 **kwargs,
             )
             shards[shard_id] = get_shard_iterator_response["ShardIterator"]
+
+        LOG.debug("Event source %s has %d shards.", self.source_arn, len(self.shards))
         return shards
 
     def stream_arn_param(self) -> dict:

localstack/services/lambda_/event_source_mapping/pollers/stream_poller.py

@@ -154,7 +154,6 @@ class StreamPoller(Poller):
             LOG.debug("No shards found for %s.", self.source_arn)
             raise EmptyPollResultsException(service=self.event_source(), source_arn=self.source_arn)
         else:
-            LOG.debug("Event source %s has %d shards.", self.source_arn, len(self.shards))
             # Remove all shard batchers without corresponding shards
             for shard_id in self.shard_batcher.keys() - self.shards.keys():
                 self.shard_batcher.pop(shard_id, None)
@@ -185,7 +184,10 @@ class StreamPoller(Poller):
     def poll_events_from_shard(self, shard_id: str, shard_iterator: str):
         get_records_response = self.get_records(shard_iterator)
         records: list[dict] = get_records_response.get("Records", [])
-        next_shard_iterator = get_records_response["NextShardIterator"]
+        if not (next_shard_iterator := get_records_response.get("NextShardIterator")):
+            # If the next shard iterator is None, we can assume the shard is closed or
+            # has expired on the DynamoDB Local server, hence we should re-initialize.
+            self.shards = self.initialize_shards()
 
         # We cannot reliably back-off when no records found since an iterator
         # may have to move multiple times until records are returned.

localstack/services/lambda_/invocation/assignment.py

@@ -86,7 +86,9 @@ class AssignmentService(OtherServiceEndpoint):
         except InvalidStatusException as invalid_e:
             LOG.error("InvalidStatusException: %s", invalid_e)
         except Exception as e:
-            LOG.error("Failed invocation %s", e)
+            LOG.error(
+                "Failed invocation <%s>: %s", type(e), e, exc_info=LOG.isEnabledFor(logging.DEBUG)
+            )
             self.stop_environment(execution_environment)
             raise e
 
@@ -107,7 +109,7 @@ class AssignmentService(OtherServiceEndpoint):
         except EnvironmentStartupTimeoutException:
             raise
         except Exception as e:
-            message = f"Could not start new environment: {e}"
+            message = f"Could not start new environment: {type(e).__name__}:{e}"
             raise AssignmentException(message) from e
         return execution_environment
 

localstack/services/lambda_/invocation/execution_environment.py

@@ -37,10 +37,11 @@ class RuntimeStatus(Enum):
     INACTIVE = auto()
     STARTING = auto()
     READY = auto()
-    RUNNING = auto()
+    INVOKING = auto()
     STARTUP_FAILED = auto()
     STARTUP_TIMED_OUT = auto()
     STOPPED = auto()
+    TIMING_OUT = auto()
 
 
 class InvalidStatusException(Exception):
@@ -246,7 +247,7 @@ class ExecutionEnvironment:
     def release(self) -> None:
         self.last_returned = datetime.now()
         with self.status_lock:
-            if self.status != RuntimeStatus.RUNNING:
+            if self.status != RuntimeStatus.INVOKING:
                 raise InvalidStatusException(
                     f"Execution environment {self.id} can only be set to status ready while running."
                     f" Current status: {self.status}"
@@ -264,7 +265,7 @@ class ExecutionEnvironment:
                     f"Execution environment {self.id} can only be reserved if ready. "
                     f" Current status: {self.status}"
                 )
-            self.status = RuntimeStatus.RUNNING
+            self.status = RuntimeStatus.INVOKING
 
         self.keepalive_timer.cancel()
 
@@ -274,6 +275,17 @@ class ExecutionEnvironment:
             self.id,
             self.function_version.qualified_arn,
         )
+        # The stop() method allows to interrupt invocations (on purpose), which might cancel running invocations
+        # which we should not do when the keepalive timer passed.
+        # The new TIMING_OUT state prevents this race condition
+        with self.status_lock:
+            if self.status != RuntimeStatus.READY:
+                LOG.debug(
+                    "Keepalive timer passed, but current runtime status is %s. Aborting keepalive stop.",
+                    self.status,
+                )
+                return
+            self.status = RuntimeStatus.TIMING_OUT
         self.stop()
         # Notify assignment service via callback to remove from environments list
         self.on_timeout(self.version_manager_id, self.id)
@@ -340,7 +352,7 @@ class ExecutionEnvironment:
         return f"{prefix}{prefixed_logs}"
 
     def invoke(self, invocation: Invocation) -> InvocationResult:
-        assert self.status == RuntimeStatus.RUNNING
+        assert self.status == RuntimeStatus.INVOKING
         # Async/event invokes might miss an aws_trace_header, then we need to create a new root trace id.
         aws_trace_header = (
             invocation.trace_context.get("aws_trace_header") or TraceHeader().ensure_root_exists()

localstack/services/lambda_/invocation/logs.py

@@ -1,13 +1,13 @@
 import dataclasses
 import logging
 import threading
+import time
 from queue import Queue
 from typing import Optional, Union
 
 from localstack.aws.connect import connect_to
 from localstack.utils.aws.client_types import ServicePrincipal
 from localstack.utils.bootstrap import is_api_enabled
-from localstack.utils.cloudwatch.cloudwatch_util import store_cloudwatch_logs
 from localstack.utils.threads import FuncThread
 
 LOG = logging.getLogger(__name__)
@@ -50,10 +50,34 @@ class LogHandler:
             log_item = self.log_queue.get()
             if log_item is QUEUE_SHUTDOWN:
                 return
+            # we need to split by newline - but keep the newlines in the strings
+            # strips empty lines, as they are not accepted by cloudwatch
+            logs = [line + "\n" for line in log_item.logs.split("\n") if line]
+            # until we have a better way to have timestamps, log events have the same time for a single invocation
+            log_events = [
+                {"timestamp": int(time.time() * 1000), "message": log_line} for log_line in logs
+            ]
             try:
-                store_cloudwatch_logs(
-                    logs_client, log_item.log_group, log_item.log_stream, log_item.logs
-                )
+                try:
+                    logs_client.put_log_events(
+                        logGroupName=log_item.log_group,
+                        logStreamName=log_item.log_stream,
+                        logEvents=log_events,
+                    )
+                except logs_client.exceptions.ResourceNotFoundException:
+                    # create new log group
+                    try:
+                        logs_client.create_log_group(logGroupName=log_item.log_group)
+                    except logs_client.exceptions.ResourceAlreadyExistsException:
+                        pass
+                    logs_client.create_log_stream(
+                        logGroupName=log_item.log_group, logStreamName=log_item.log_stream
+                    )
+                    logs_client.put_log_events(
+                        logGroupName=log_item.log_group,
+                        logStreamName=log_item.log_stream,
+                        logEvents=log_events,
+                    )
             except Exception as e:
                 LOG.warning(
                     "Error saving logs to group %s in region %s: %s",

localstack/services/lambda_/provider.py

@@ -223,6 +223,7 @@ from localstack.services.lambda_.runtimes import (
     DEPRECATED_RUNTIMES,
     DEPRECATED_RUNTIMES_UPGRADES,
     RUNTIMES_AGGREGATED,
+    SNAP_START_SUPPORTED_RUNTIMES,
     VALID_RUNTIMES,
 )
 from localstack.services.lambda_.urlrouter import FunctionUrlRouter
@@ -718,6 +719,11 @@ class LambdaProvider(LambdaApi, ServiceLifecycleHook):
                 f"1 validation error detected: Value '{apply_on}' at 'snapStart.applyOn' failed to satisfy constraint: Member must satisfy enum value set: [PublishedVersions, None]"
             )
 
+        if runtime not in SNAP_START_SUPPORTED_RUNTIMES:
+            raise InvalidParameterValueException(
+                f"{runtime} is not supported for SnapStart enabled functions.", Type="User"
+            )
+
     def _validate_layers(self, new_layers: list[str], region: str, account_id: str):
         if len(new_layers) > LAMBDA_LAYERS_LIMIT_PER_FUNCTION:
             raise InvalidParameterValueException(
@@ -1597,10 +1603,19 @@ class LambdaProvider(LambdaApi, ServiceLifecycleHook):
         except ServiceException:
             raise
         except EnvironmentStartupTimeoutException as e:
-            raise LambdaServiceException("Internal error while executing lambda") from e
+            raise LambdaServiceException(
+                f"[{context.request_id}] Timeout while starting up lambda environment for function {function_name}:{qualifier}"
+            ) from e
         except Exception as e:
-            LOG.error("Error while invoking lambda", exc_info=e)
-            raise LambdaServiceException("Internal error while executing lambda") from e
+            LOG.error(
+                "[%s] Error while invoking lambda %s",
+                context.request_id,
+                function_name,
+                exc_info=LOG.isEnabledFor(logging.DEBUG),
+            )
+            raise LambdaServiceException(
+                f"[{context.request_id}] Internal error while executing lambda {function_name}:{qualifier}. Caused by {type(e).__name__}: {e}"
+            ) from e
 
         if invocation_type == InvocationType.Event:
             # This happens when invocation type is event