localstack-core 4.3.1.dev6__py3-none-any.whl → 4.3.1.dev28__py3-none-any.whl

localstack/services/lambda_/runtimes.py

@@ -59,6 +59,7 @@ IMAGE_MAPPING: dict[Runtime, str] = {
     Runtime.dotnet6: "dotnet:6",
     Runtime.dotnetcore3_1: "dotnet:core3.1",  # deprecated Apr 3, 2023 => Apr 3, 2023 => May 3, 2023
     Runtime.go1_x: "go:1",  # deprecated Jan 8, 2024 => Feb 8, 2024 => Mar 12, 2024
+    Runtime.ruby3_4: "ruby:3.4",
     Runtime.ruby3_3: "ruby:3.3",
     Runtime.ruby3_2: "ruby:3.2",
     Runtime.ruby2_7: "ruby:2.7",  # deprecated Dec 7, 2023 => Jan 9, 2024 => Feb 8, 2024
@@ -133,6 +134,7 @@ RUNTIMES_AGGREGATED = {
     "ruby": [
         Runtime.ruby3_2,
         Runtime.ruby3_3,
+        Runtime.ruby3_4,
     ],
     "dotnet": [
         Runtime.dotnet6,
@@ -149,7 +151,18 @@ TESTED_RUNTIMES: list[Runtime] = [
     runtime for runtime_group in RUNTIMES_AGGREGATED.values() for runtime in runtime_group
 ]
 
+# An unordered list of snapstart-enabled runtimes. Related to snapshots in test_snapstart_exceptions
+# https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html
+SNAP_START_SUPPORTED_RUNTIMES = [
+    Runtime.java11,
+    Runtime.java17,
+    Runtime.java21,
+    Runtime.python3_12,
+    Runtime.python3_13,
+    Runtime.dotnet8,
+]
+
 # An ordered list of all Lambda runtimes considered valid by AWS. Matching snapshots in test_create_lambda_exceptions
-VALID_RUNTIMES: str = "[nodejs20.x, provided.al2023, python3.12, python3.13, nodejs22.x, java17, nodejs16.x, dotnet8, python3.10, java11, python3.11, dotnet6, java21, nodejs18.x, provided.al2, ruby3.3, java8.al2, ruby3.2, python3.8, python3.9]"
+VALID_RUNTIMES: str = "[nodejs20.x, provided.al2023, python3.12, python3.13, nodejs22.x, java17, nodejs16.x, dotnet8, python3.10, java11, python3.11, dotnet6, java21, nodejs18.x, provided.al2, ruby3.3, ruby3.4, java8.al2, ruby3.2, python3.8, python3.9]"
 # An ordered list of all Lambda runtimes for layers considered valid by AWS. Matching snapshots in test_layer_exceptions
-VALID_LAYER_RUNTIMES: str = "[ruby2.6, dotnetcore1.0, python3.7, nodejs8.10, nasa, ruby2.7, python2.7-greengrass, dotnetcore2.0, python3.8, java21, dotnet6, dotnetcore2.1, python3.9, java11, nodejs6.10, provided, dotnetcore3.1, dotnet8, java17, nodejs, nodejs4.3, java8.al2, go1.x, nodejs20.x, go1.9, byol, nodejs10.x, provided.al2023, nodejs22.x, python3.10, java8, nodejs12.x, python3.11, nodejs8.x, python3.12, nodejs14.x, nodejs8.9, python3.13, nodejs16.x, provided.al2, nodejs4.3-edge, nodejs18.x, ruby3.2, python3.4, ruby3.3, ruby2.5, python3.6, python2.7]"
+VALID_LAYER_RUNTIMES: str = "[ruby2.6, dotnetcore1.0, python3.7, nodejs8.10, nasa, ruby2.7, python2.7-greengrass, dotnetcore2.0, python3.8, java21, dotnet6, dotnetcore2.1, python3.9, java11, nodejs6.10, provided, dotnetcore3.1, dotnet8, java25, java17, nodejs, nodejs4.3, java8.al2, go1.x, dotnet10, nodejs20.x, go1.9, byol, nodejs10.x, provided.al2023, nodejs22.x, python3.10, java8, nodejs12.x, python3.11, nodejs24.x, nodejs8.x, python3.12, nodejs14.x, nodejs8.9, python3.13, python3.14, nodejs16.x, provided.al2, nodejs4.3-edge, nodejs18.x, ruby3.2, python3.4, ruby3.3, ruby3.4, ruby2.5, python3.6, python2.7]"

localstack/services/s3/presigned_url.py

@@ -60,7 +60,7 @@ LOG = logging.getLogger(__name__)
 
 SIGNATURE_V2_POST_FIELDS = [
     "signature",
-    "AWSAccessKeyId",
+    "awsaccesskeyid",
 ]
 
 SIGNATURE_V4_POST_FIELDS = [
@@ -768,13 +768,17 @@ def validate_post_policy(
         )
         raise ex
 
-    if not (policy := request_form.get("policy")):
+    form_dict = {k.lower(): v for k, v in request_form.items()}
+
+    policy = form_dict.get("policy")
+    if not policy:
         # A POST request needs a policy except if the bucket is publicly writable
         return
 
     # TODO: this does validation of fields only for now
-    is_v4 = _is_match_with_signature_fields(request_form, SIGNATURE_V4_POST_FIELDS)
-    is_v2 = _is_match_with_signature_fields(request_form, SIGNATURE_V2_POST_FIELDS)
+    is_v4 = _is_match_with_signature_fields(form_dict, SIGNATURE_V4_POST_FIELDS)
+    is_v2 = _is_match_with_signature_fields(form_dict, SIGNATURE_V2_POST_FIELDS)
+
     if not is_v2 and not is_v4:
         ex: AccessDenied = AccessDenied("Access Denied")
         ex.HostId = FAKE_HOST_ID
@@ -784,7 +788,7 @@ def validate_post_policy(
         policy_decoded = json.loads(base64.b64decode(policy).decode("utf-8"))
     except ValueError:
         # this means the policy has been tampered with
-        signature = request_form.get("signature") if is_v2 else request_form.get("x-amz-signature")
+        signature = form_dict.get("signature") if is_v2 else form_dict.get("x-amz-signature")
         credentials = get_credentials_from_parameters(request_form, "us-east-1")
         ex: SignatureDoesNotMatch = create_signature_does_not_match_sig_v2(
             request_signature=signature,
@@ -813,7 +817,6 @@ def validate_post_policy(
         return
 
     conditions = policy_decoded.get("conditions", [])
-    form_dict = {k.lower(): v for k, v in request_form.items()}
     for condition in conditions:
         if not _verify_condition(condition, form_dict, additional_policy_metadata):
             str_condition = str(condition).replace("'", '"')
@@ -896,7 +899,7 @@ def _parse_policy_expiration_date(expiration_string: str) -> datetime.datetime:
 
 
 def _is_match_with_signature_fields(
-    request_form: ImmutableMultiDict, signature_fields: list[str]
+    request_form: dict[str, str], signature_fields: list[str]
 ) -> bool:
     """
     Checks if the form contains at least one of the required fields passed in `signature_fields`
@@ -910,12 +913,13 @@ def _is_match_with_signature_fields(
         for p in signature_fields:
             if p not in request_form:
                 LOG.info("POST pre-sign missing fields")
-                # .capitalize() does not work here, because of AWSAccessKeyId casing
                 argument_name = (
-                    capitalize_header_name_from_snake_case(p)
-                    if "-" in p
-                    else f"{p[0].upper()}{p[1:]}"
+                    capitalize_header_name_from_snake_case(p) if "-" in p else p.capitalize()
                 )
+                # AWSAccessKeyId is a special case
+                if argument_name == "Awsaccesskeyid":
+                    argument_name = "AWSAccessKeyId"
+
                 ex: InvalidArgument = _create_invalid_argument_exc(
                     message=f"Bucket POST must contain a field named '{argument_name}'.  If it is specified, please check the order of the fields.",
                     name=argument_name,

localstack/services/secretsmanager/provider.py

@@ -729,17 +729,28 @@ def backend_rotate_secret(
     if not self._is_valid_identifier(secret_id):
         raise SecretNotFoundException()
 
-    if self.secrets[secret_id].is_deleted():
+    secret = self.secrets[secret_id]
+    if secret.is_deleted():
         raise InvalidRequestException(
             "An error occurred (InvalidRequestException) when calling the RotateSecret operation: You tried to \
             perform the operation on a secret that's currently marked deleted."
         )
+    # Resolve rotation_lambda_arn and fallback to previous value if its missing
+    # from the current request
+    rotation_lambda_arn = rotation_lambda_arn or secret.rotation_lambda_arn
+    if not rotation_lambda_arn:
+        raise InvalidRequestException(
+            "No Lambda rotation function ARN is associated with this secret."
+        )
 
     if rotation_lambda_arn:
         if len(rotation_lambda_arn) > 2048:
             msg = "RotationLambdaARN must <= 2048 characters long."
             raise InvalidParameterException(msg)
 
+    # In case rotation_period is not provided, resolve auto_rotate_after_days
+    # and fallback to previous value if its missing from the current request.
+    rotation_period = secret.auto_rotate_after_days or 0
     if rotation_rules:
         if rotation_days in rotation_rules:
             rotation_period = rotation_rules[rotation_days]
@@ -753,8 +764,6 @@ def backend_rotate_secret(
     except Exception:
         raise ResourceNotFoundException("Lambda does not exist or could not be accessed")
 
-    secret = self.secrets[secret_id]
-
     # The rotation function must end with the versions of the secret in
     # one of two states:
     #
@@ -782,7 +791,7 @@ def backend_rotate_secret(
         pass
 
     secret.rotation_lambda_arn = rotation_lambda_arn
-    secret.auto_rotate_after_days = rotation_rules.get(rotation_days, 0)
+    secret.auto_rotate_after_days = rotation_period
     if secret.auto_rotate_after_days > 0:
         wait_interval_s = int(rotation_period) * 86400
         secret.next_rotation_date = int(time.time()) + wait_interval_s

localstack/services/sqs/models.py

@@ -30,9 +30,9 @@ from localstack.services.sqs.exceptions import (
 )
 from localstack.services.sqs.queue import InterruptiblePriorityQueue, InterruptibleQueue
 from localstack.services.sqs.utils import (
-    decode_receipt_handle,
     encode_move_task_handle,
     encode_receipt_handle,
+    extract_receipt_handle_info,
     global_message_sequence,
     guess_endpoint_strategy_and_host,
     is_message_deduplication_id_required,
@@ -445,7 +445,7 @@ class SqsQueue:
         return len(self.delayed)
 
     def validate_receipt_handle(self, receipt_handle: str):
-        if self.arn != decode_receipt_handle(receipt_handle):
+        if self.arn != extract_receipt_handle_info(receipt_handle).queue_arn:
             raise ReceiptHandleIsInvalid(
                 f'The input receipt handle "{receipt_handle}" is not a valid receipt handle.'
             )
@@ -490,6 +490,7 @@ class SqsQueue:
                 return
 
             standard_message = self.receipts[receipt_handle]
+            self._pre_delete_checks(standard_message, receipt_handle)
             standard_message.deleted = True
             LOG.debug(
                 "deleting message %s from queue %s",
@@ -724,6 +725,18 @@ class SqsQueue:
 
         return expired
 
+    def _pre_delete_checks(self, standard_message: SqsMessage, receipt_handle: str) -> None:
+        """
+        Runs any potential checks if a message that has been successfully identified via a receipt handle
+        is indeed supposed to be deleted.
+        For example, a receipt handle that has expired might not lead to deletion.
+
+        :param standard_message: The message to be deleted
+        :param receipt_handle: The handle associated with the message
+        :return: None. Potential violations raise errors.
+        """
+        pass
+
 
 class StandardQueue(SqsQueue):
     visible: InterruptiblePriorityQueue[SqsMessage]
@@ -1001,9 +1014,15 @@ class FifoQueue(SqsQueue):
         for message in self.delayed:
             message.delay_seconds = value
 
+    def _pre_delete_checks(self, message: SqsMessage, receipt_handle: str) -> None:
+        _, _, _, last_received = extract_receipt_handle_info(receipt_handle)
+        if time.time() - float(last_received) > message.visibility_timeout:
+            raise InvalidParameterValueException(
+                f"Value {receipt_handle} for parameter ReceiptHandle is invalid. Reason: The receipt handle has expired."
+            )
+
     def remove(self, receipt_handle: str):
         self.validate_receipt_handle(receipt_handle)
-        decode_receipt_handle(receipt_handle)
 
         super().remove(receipt_handle)
 

localstack/services/sqs/utils.py

@@ -3,7 +3,7 @@ import itertools
 import json
 import re
 import time
-from typing import Literal, Optional, Tuple
+from typing import Literal, NamedTuple, Optional, Tuple
 from urllib.parse import urlparse
 
 from localstack.aws.api.sqs import QueueAttributeName, ReceiptHandleIsInvalid
@@ -116,16 +116,25 @@ def parse_queue_url(queue_url: str) -> Tuple[str, Optional[str], str]:
     return account_id, region, queue_name
 
 
-def decode_receipt_handle(receipt_handle: str) -> str:
+class ReceiptHandleInformation(NamedTuple):
+    identifier: str
+    queue_arn: str
+    message_id: str
+    last_received: str
+
+
+def extract_receipt_handle_info(receipt_handle: str) -> ReceiptHandleInformation:
     try:
         handle = base64.b64decode(receipt_handle).decode("utf-8")
-        _, queue_arn, message_id, last_received = handle.split(" ")
-        parse_arn(queue_arn)  # raises a ValueError if it is not an arn
-        return queue_arn
-    except (IndexError, ValueError):
+        parts = handle.split(" ")
+        if len(parts) != 4:
+            raise ValueError(f'The input receipt handle "{receipt_handle}" is incomplete.')
+        parse_arn(parts[1])
+        return ReceiptHandleInformation(*parts)
+    except (IndexError, ValueError) as e:
         raise ReceiptHandleIsInvalid(
             f'The input receipt handle "{receipt_handle}" is not a valid receipt handle.'
-        )
+        ) from e
 
 
 def encode_receipt_handle(queue_arn, message) -> str:

localstack/services/ssm/resource_providers/aws_ssm_parameter.py

@@ -177,11 +177,7 @@ class SSMParameterProvider(ResourceProvider[SSMParameterProperties]):
 
         ssm.put_parameter(Overwrite=True, Tags=[], **update_config_props)
 
-        return ProgressEvent(
-            status=OperationStatus.SUCCESS,
-            resource_model=model,
-            custom_context=request.custom_context,
-        )
+        return self.read(request)
 
     def update_tags(self, ssm, model, new_tags):
         current_tags = ssm.list_tags_for_resource(

localstack/services/stepfunctions/asl/utils/json_path.py

@@ -7,6 +7,7 @@ from jsonpath_ng.jsonpath import Index
 from localstack.services.events.utils import to_json_str
 
 _PATTERN_SINGLETON_ARRAY_ACCESS_OUTPUT: Final[str] = r"\[\d+\]$"
+_PATTERN_SLICE_OR_WILDCARD_ACCESS = r"\$(?:\.[^[]+\[(?:\*|\d*:\d*)\]|\[\*\])(?:\.[^[]+)*$"
 
 
 def _is_singleton_array_access(path: str) -> bool:
@@ -14,6 +15,12 @@ def _is_singleton_array_access(path: str) -> bool:
     return bool(re.search(_PATTERN_SINGLETON_ARRAY_ACCESS_OUTPUT, path))
 
 
+def _contains_slice_or_wildcard_array(path: str) -> bool:
+    # Returns true if the json path contains a slice or wildcard in the array.
+    # Slices at the root are discarded, but wildcard at the root is allowed.
+    return bool(re.search(_PATTERN_SLICE_OR_WILDCARD_ACCESS, path))
+
+
 class NoSuchJsonPathError(Exception):
     json_path: Final[str]
     data: Final[Any]
@@ -42,6 +49,8 @@ def extract_json(path: str, data: Any) -> Any:
 
     matches = input_expr.find(data)
     if not matches:
+        if _contains_slice_or_wildcard_array(path):
+            return []
         raise NoSuchJsonPathError(json_path=path, data=data)
 
     if len(matches) > 1 or isinstance(matches[0].path, Index):

localstack/testing/snapshots/transformer_utility.py

@@ -648,6 +648,19 @@ class TransformerUtility:
                 ),
                 "version_uuid",
             ),
+            KeyValueBasedTransformer(
+                lambda k, v: (
+                    v
+                    if (
+                        isinstance(k, str)
+                        and k == "RotationLambdaARN"
+                        and isinstance(v, str)
+                        and re.match(PATTERN_ARN, v)
+                    )
+                    else None
+                ),
+                "lambda-arn",
+            ),
             SortingTransformer("VersionStages"),
             SortingTransformer("Versions", lambda e: e.get("CreatedDate")),
         ]

localstack/utils/aws/client_types.py

@@ -31,6 +31,7 @@ if TYPE_CHECKING:
     from mypy_boto3_cloudwatch import CloudWatchClient
     from mypy_boto3_codebuild import CodeBuildClient
     from mypy_boto3_codecommit import CodeCommitClient
+    from mypy_boto3_codeconnections import CodeConnectionsClient
     from mypy_boto3_codedeploy import CodeDeployClient
     from mypy_boto3_codepipeline import CodePipelineClient
     from mypy_boto3_codestar_connections import CodeStarconnectionsClient
@@ -109,6 +110,7 @@ if TYPE_CHECKING:
     from mypy_boto3_timestream_query import TimestreamQueryClient
     from mypy_boto3_timestream_write import TimestreamWriteClient
     from mypy_boto3_transcribe import TranscribeServiceClient
+    from mypy_boto3_verifiedpermissions import VerifiedPermissionsClient
     from mypy_boto3_wafv2 import WAFV2Client
     from mypy_boto3_xray import XRayClient
 
@@ -139,6 +141,9 @@ class TypedServiceClientFactory(abc.ABC):
     cloudwatch: Union["CloudWatchClient", "MetadataRequestInjector[CloudWatchClient]"]
     codebuild: Union["CodeBuildClient", "MetadataRequestInjector[CodeBuildClient]"]
     codecommit: Union["CodeCommitClient", "MetadataRequestInjector[CodeCommitClient]"]
+    codeconnections: Union[
+        "CodeConnectionsClient", "MetadataRequestInjector[CodeConnectionsClient]"
+    ]
     codedeploy: Union["CodeDeployClient", "MetadataRequestInjector[CodeDeployClient]"]
     codepipeline: Union["CodePipelineClient", "MetadataRequestInjector[CodePipelineClient]"]
     codestar_connections: Union[
@@ -255,6 +260,9 @@ class TypedServiceClientFactory(abc.ABC):
         "TimestreamWriteClient", "MetadataRequestInjector[TimestreamWriteClient]"
     ]
     transcribe: Union["TranscribeServiceClient", "MetadataRequestInjector[TranscribeServiceClient]"]
+    verifiedpermissions: Union[
+        "VerifiedPermissionsClient", "MetadataRequestInjector[VerifiedPermissionsClient]"
+    ]
     wafv2: Union["WAFV2Client", "MetadataRequestInjector[WAFV2Client]"]
     xray: Union["XRayClient", "MetadataRequestInjector[XRayClient]"]
 

localstack/utils/docker_utils.py

@@ -156,14 +156,14 @@ def container_ports_can_be_bound(
     except Exception as e:
         if "port is already allocated" not in str(e) and "address already in use" not in str(e):
             LOG.warning(
-                "Unexpected error when attempting to determine container port status: %s", e
+                "Unexpected error when attempting to determine container port status", exc_info=e
             )
         return False
     # TODO(srw): sometimes the command output from the docker container is "None", particularly when this function is
     #  invoked multiple times consecutively. Work out why.
     if to_str(result[0] or "").strip() != "test123":
         LOG.warning(
-            "Unexpected output when attempting to determine container port status: %s", result[0]
+            "Unexpected output when attempting to determine container port status: %s", result
         )
     return True
 

localstack/version.py

@@ -17,5 +17,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '4.3.1.dev6'
-__version_tuple__ = version_tuple = (4, 3, 1, 'dev6')
+__version__ = version = '4.3.1.dev28'
+__version_tuple__ = version_tuple = (4, 3, 1, 'dev28')

{localstack_core-4.3.1.dev6.dist-info → localstack_core-4.3.1.dev28.dist-info}/METADATA

@@ -1,15 +1,15 @@
 Metadata-Version: 2.4
 Name: localstack-core
-Version: 4.3.1.dev6
+Version: 4.3.1.dev28
 Summary: The core library and runtime of LocalStack
 Author-email: LocalStack Contributors <info@localstack.cloud>
+License-Expression: Apache-2.0
 Project-URL: Homepage, https://localstack.cloud
 Project-URL: Documentation, https://docs.localstack.cloud
 Project-URL: Repository, https://github.com/localstack/localstack.git
 Project-URL: Issues, https://github.com/localstack/localstack/issues
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.11
-Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Topic :: Internet
 Classifier: Topic :: Software Development :: Testing
 Classifier: Topic :: System :: Emulators
@@ -31,8 +31,8 @@ Requires-Dist: requests>=2.20.0
 Requires-Dist: semver>=2.10
 Requires-Dist: tailer>=0.4.1
 Provides-Extra: base-runtime
-Requires-Dist: boto3==1.37.23; extra == "base-runtime"
-Requires-Dist: botocore==1.37.23; extra == "base-runtime"
+Requires-Dist: boto3==1.37.28; extra == "base-runtime"
+Requires-Dist: botocore==1.37.28; extra == "base-runtime"
 Requires-Dist: awscrt>=0.13.14; extra == "base-runtime"
 Requires-Dist: cbor2>=5.5.0; extra == "base-runtime"
 Requires-Dist: dnspython>=1.16.0; extra == "base-runtime"
@@ -93,5 +93,5 @@ Requires-Dist: ruff>=0.3.3; extra == "dev"
 Requires-Dist: rstr>=3.2.0; extra == "dev"
 Provides-Extra: typehint
 Requires-Dist: localstack-core[dev]; extra == "typehint"
-Requires-Dist: boto3-stubs[acm,acm-pca,amplify,apigateway,apigatewayv2,appconfig,appconfigdata,application-autoscaling,appsync,athena,autoscaling,backup,batch,ce,cloudcontrol,cloudformation,cloudfront,cloudtrail,cloudwatch,codebuild,codecommit,codedeploy,codepipeline,codestar-connections,cognito-identity,cognito-idp,dms,docdb,dynamodb,dynamodbstreams,ec2,ecr,ecs,efs,eks,elasticache,elasticbeanstalk,elbv2,emr,emr-serverless,es,events,firehose,fis,glacier,glue,iam,identitystore,iot,iot-data,iotanalytics,iotwireless,kafka,kinesis,kinesisanalytics,kinesisanalyticsv2,kms,lakeformation,lambda,logs,managedblockchain,mediaconvert,mediastore,mq,mwaa,neptune,opensearch,organizations,pi,pinpoint,pipes,qldb,qldb-session,rds,rds-data,redshift,redshift-data,resource-groups,resourcegroupstaggingapi,route53,route53resolver,s3,s3control,sagemaker,sagemaker-runtime,secretsmanager,serverlessrepo,servicediscovery,ses,sesv2,sns,sqs,ssm,sso-admin,stepfunctions,sts,timestream-query,timestream-write,transcribe,wafv2,xray]; extra == "typehint"
+Requires-Dist: boto3-stubs[acm,acm-pca,amplify,apigateway,apigatewayv2,appconfig,appconfigdata,application-autoscaling,appsync,athena,autoscaling,backup,batch,ce,cloudcontrol,cloudformation,cloudfront,cloudtrail,cloudwatch,codebuild,codecommit,codeconnections,codedeploy,codepipeline,codestar-connections,cognito-identity,cognito-idp,dms,docdb,dynamodb,dynamodbstreams,ec2,ecr,ecs,efs,eks,elasticache,elasticbeanstalk,elbv2,emr,emr-serverless,es,events,firehose,fis,glacier,glue,iam,identitystore,iot,iot-data,iotanalytics,iotwireless,kafka,kinesis,kinesisanalytics,kinesisanalyticsv2,kms,lakeformation,lambda,logs,managedblockchain,mediaconvert,mediastore,mq,mwaa,neptune,opensearch,organizations,pi,pinpoint,pipes,qldb,qldb-session,rds,rds-data,redshift,redshift-data,resource-groups,resourcegroupstaggingapi,route53,route53resolver,s3,s3control,sagemaker,sagemaker-runtime,secretsmanager,serverlessrepo,servicediscovery,ses,sesv2,sns,sqs,ssm,sso-admin,stepfunctions,sts,timestream-query,timestream-write,transcribe,verifiedpermissions,wafv2,xray]; extra == "typehint"
 Dynamic: license-file