Version History

Simfra follows semantic versioning. The full changelog with detailed notes is maintained in CHANGELOG.md at the root of the repository.

Releases

0.15.1 - 2026-06-03

Bug fix release with 10 fixes across API Gateway V1, IAM, ELBv2, FSx, MSK, and CloudFront.

  • API Gateway V1 - 7 fixes including JSON Pointer unescaping in patch operations, GetAccount defaults, PutRestApi YAML support, and missing DomainName fields
  • CloudFront - 5 AWS managed response headers policies now returned with real IDs
  • IAM, ELBv2, FSx, MSK - trust policy, certificate validation, ENI provisioning, and configuration deletion fixes

0.15.0 - 2026-06-03

Major ElastiCache and Auto Scaling TF provider compatibility milestones, cross-account DNS and CloudTrail delivery, and new Resource Groups service.

  • Resource Groups - new service (15 operations, REST-JSON) for resource group management, tagging, and resource membership
  • ElastiCache TF compatibility - acceptance tests jump from 3 to 123 passing
  • Auto Scaling TF compatibility - acceptance tests jump from 0 to 143 passing
  • EC2 ENI secondary IPs and IPv6 - ENIs support secondary private IPv4 addresses and IPv6 assignment via a standardized ENIProvisioner interface
  • Cross-account DNS validation - ACM certificate DNS validation resolves records globally across all accounts
  • Cross-account CloudTrail S3 delivery - trail log delivery resolves bucket owner for correct cross-account authorization
  • IAM outbound web identity federation - enable, disable, and query OWIF state

0.14.0 - 2026-05-28

Tag and header resource ID overrides replace the seed API.

  • simfra: tag overrides - add simfra:<FieldName> tags to create requests for deterministic resource IDs. Works with Terraform. Supported across EC2, KMS, IAM, and Organizations
  • X-Simfra-Id header - HTTP header for overriding IDs on resources that don't accept tags (Route53 hosted zones, Organizations)
  • Both mechanisms go through the full creation path, replacing the seed API which created skeleton resources

0.13.0 - 2026-05-27

Declarative seed API for creating resources with exact IDs (superseded by tag + header overrides in 0.14.0).

  • Seed API - POST /_simfra/seed accepts a YAML document to create accounts, organizations, EC2 transit gateways, TGW route tables, security groups, KMS keys, and Route53 hosted zones with specific IDs
  • SIMFRA_SEED env var - apply a seed YAML file at startup before bootstrap runs
  • Replaces the remap API introduced in 0.11.0

0.12.0 - 2026-05-27

Resource ID remap expanded to EC2 and KMS.

  • Remap API expansion - POST /_simfra/remap now supports EC2 transit gateways, transit gateway route tables, security groups, and KMS keys (superseded by seed API in 0.13.0)

0.11.0 - 2026-05-27

Resource ID remap API, S3 Express One Zone, FSx service, and debug endpoints.

  • Resource ID remap - POST /_simfra/remap for assigning specific IDs to resources after creation (superseded by seed API in 0.13.0)
  • FSx (10 ops) - Windows file system lifecycle with Lustre, ONTAP, and OpenZFS types
  • S3 Express One Zone - directory buckets, CreateSession credential resolution, CRC64NVME checksum
  • Debug endpoints - /_simfra/debug/requests for request log inspection and /_simfra/debug/pprof/ for profiling
  • RDS - pending modifications with maintenance window simulation

0.9.0 - 2026-05-21

EC2 AMI launch permissions with cross-account organization sharing.

  • EC2 - ModifyImageAttribute stores launch permissions for organizations, OUs, accounts, and public sharing. DescribeImages resolves shared AMIs cross-account via Organizations membership lookup. Block public access enforced for group=all
  • EC2 - DescribeImages now returns org-shared AMIs for --owners and --executable-users queries from member accounts

0.8.0 - 2026-05-20

Cost Explorer service and KMS root delegation fix.

  • Cost Explorer (CE) (41 ops) - anomaly monitors and subscriptions, cost categories with rule-based classification, cost allocation tags, and cost/usage query stubs
  • KMS - key policies granting access to the account root principal now correctly delegate authority to IAM identity policies
  • Service Quotas - expanded quota definitions for Auto Scaling, EC2 VPC, S3, and IAM
  • 103 total services with 5,755 operations

0.7.0 - 2026-05-20

SSM expansion, DMS, and Service Quotas.

  • SSM - 58 new operations: associations, maintenance windows, patch baselines, service settings, activations, and resource data sync. All 147 Terraform acceptance tests passing
  • DMS (118 ops) - Database Migration Service with Docker-backed replication between MySQL, PostgreSQL, and S3
  • Service Quotas (26 ops) - quota querying, increase requests, and templates with QuotaProvider interface across 38 services
  • EC2 - Allowed Images Settings operations
  • 102 total services with 5,714 operations

0.6.1 - 2026-05-19

Route53 Resolver Firewall per-region IDs and SSM expansion.

  • Route53 Resolver - AWS-managed Firewall domain lists now use correct per-region IDs instead of us-east-1 IDs everywhere
  • SSM - 58 new operations: associations, maintenance windows, patch baselines, service settings, activations, and resource data sync. Seeds 17 AWS-owned default patch baselines per account. All 147 Terraform acceptance tests passing
  • DMS (118 ops) - Database Migration Service with replication instances, endpoints, tasks, full-load and CDC between MySQL, PostgreSQL, and S3, Docker-backed replicator container
  • Service Quotas (26 ops) - quota querying, increase requests (auto-approved), and quota templates with QuotaProvider interface across 38 services
  • EC2 - Allowed Images Settings (Get/Enable/DisableImageBlockPublicAccess, GetAllowedImagesSettings)
  • 102 total services with 5,714 operations

0.5.9 - 2026-05-19

AWS global condition keys and org-scoped policy evaluation.

  • IAM - policy evaluation now populates aws:PrincipalOrgID, aws:PrincipalType, aws:userid, aws:username, aws:PrincipalTag/*, aws:ResourceAccount, and aws:ResourceOrgID across all authorization paths
  • S3 - cross-account bucket policy evaluation correctly passes condition keys; public access block recognizes org-scoped conditions as non-public
  • RAM - organization and OU principals resolved so member accounts discover shared resources; cross-region resource associations rejected

0.5.4 - 2026-05-19

Cross-account trust policy fixes.

  • STS - cross-account AssumeRole with sts:ExternalId conditions no longer incorrectly denied
  • RAM - organization ARN principals recognized as internal when allow_external_principals = false

0.5.3 - 2026-05-18

Transit Gateway deterministic ID overrides.

  • EC2 - All Transit Gateway creation operations now support simfra: tag overrides for pinning resource IDs (gateway, attachments, route tables, multicast domains, connect peers, policy tables, metering policies)

0.5.2 - 2026-05-18

Organizations CreateAccount role provisioning.

  • Organizations - CreateAccount and CreateGovCloudAccount now automatically provision OrganizationAccountAccessRole (or the custom name from RoleName) in new member accounts with AdministratorAccess and a trust policy for the management account, matching real AWS behavior

0.5.1 - 2026-05-18

Override tag preservation and web console defaults.

  • Override tags are now preserved on resources instead of stripped, fixing Terraform plan/apply state drift
  • Health endpoint exposes defaultAccountId and defaultRegion; web console auto-initializes from server defaults
  • CreateDefaultVpc triggers VPC lifecycle hooks for Docker network setup

0.5.0 - 2026-05-17

App Runner service and codegen required field validation.

  • App Runner (33 ops) - service CRUD with auto scaling configurations, VPC connectors, custom domains, connections, observability configs, and async deployment lifecycle with state machine
  • Codegen - required:"true" struct tag emitted for required fields, enabling runtime validation
  • 100 total services with 5,562 operations

0.4.0 - 2026-05-15

New services, UI console expansion, and E2E scenario growth.

  • Braket (17 ops) - quantum circuit execution via containerized Amazon Braket Default Simulator (SV1/DM1), async task lifecycle, hybrid jobs, spending limits, and S3 result output
  • Cloud9 (13 ops) - cloud IDE with Docker-backed code-server environments, membership management, and automatic hibernation
  • Web console - added Braket, Direct Connect, ARC Region Switch, and ARC Zonal Shift service pages; enhanced KMS, ACM, WAFv2, Secrets Manager, Network Firewall, Security Hub, and Access Analyzer with inline editing and modification capabilities
  • 99 total services with 5,529 operations

0.3.0 - 2026-05-14

Organizations resource ID overrides and Docker image version pinning.

  • Organizations overrides - SIMFRA_ORG_ID and SIMFRA_ORG_ROOT_ID env vars for CreateOrganization, plus simfra:AccountId, simfra:OrganizationalUnitId tag overrides for deterministic resource IDs
  • Docker sidecar image versioning - sidecar container images are now pinned to the Simfra binary version tag instead of :latest

0.2.1 - 2026-05-13

Version and build metadata. The binary and Docker images now report their version via simfra --version, startup logs include the version and commit hash, and Docker images are tagged with semver versions (e.g., :0.2.1).

0.2.0 - 2026-05-13

TLS, CloudFront expansion, and UI mutations.

  • TLS support for the control plane via SIMFRA_TLS with auto-generated or user-provided certificates, and CA propagation to all Docker containers
  • CloudFront expanded from 31 to 107 operations - OAI, public keys, key groups, field-level encryption, KeyValueStore, monitoring, trust stores, VPC origins, continuous deployment policies, and CDN policy forwarding
  • Lambda presigned code URLs - GetFunction returns HMAC-signed download URLs for deployment packages
  • Web console UI mutations - create, update, and delete support across ~30 services
  • E2E test suite with Playwright specs across ~20 services
  • New scenarios - Multi-Region ARC Failover and SageMaker ML Pipeline

0.1.0 - 2026-05-04

Initial release - a single-binary AWS cloud emulator for local development and testing.

  • 97 AWS services with 5,400+ operations across compute, storage, database, networking, security, analytics, and AI
  • Docker-backed services - EC2, ECS, EKS, Lambda, RDS, ELBv2, Route53, API Gateway, MQ, DSQL, and more run real processes in containers
  • IAM policy evaluation - identity policies, resource policies, SCPs, permission boundaries, and session policies
  • Cross-service integrations - DynamoDB Streams triggering Lambda, EventBridge routing to Step Functions, SNS delivering to SQS, and 50+ other live integrations
  • Persistence - opt-in SQLite write-through with AES-256 field encryption for sensitive data
  • Web console UI - multi-account, multi-region management dashboard
  • 16 validated E2E scenarios - from serverless APIs to EKS platforms to financial CQRS systems