localstack
diff --git a/‎localstack/services/awslambda/invocation/docker_runtime_executor.py
Lines changed: 24 additions & 1 deletion b/‎localstack/services/awslambda/invocation/docker_runtime_executor.py
Lines changed: 24 additions & 1 deletion
diff --git a/‎localstack/services/awslambda/provider.py
Lines changed: 14 additions & 4 deletions b/‎localstack/services/awslambda/provider.py
Lines changed: 14 additions & 4 deletions
diff --git a/‎localstack/testing/aws/lambda_utils.py
Lines changed: 11 additions & 8 deletions b/‎localstack/testing/aws/lambda_utils.py
Lines changed: 11 additions & 8 deletions
diff --git a/‎localstack/utils/container_utils/container_client.py
Lines changed: 35 additions & 1 deletion b/‎localstack/utils/container_utils/container_client.py
Lines changed: 35 additions & 1 deletion
diff --git a/‎localstack/utils/container_utils/docker_cmd_client.py
Lines changed: 7 additions & 1 deletion b/‎localstack/utils/container_utils/docker_cmd_client.py
Lines changed: 7 additions & 1 deletion
diff --git a/‎localstack/utils/container_utils/docker_sdk_client.py
Lines changed: 9 additions & 4 deletions b/‎localstack/utils/container_utils/docker_sdk_client.py
Lines changed: 9 additions & 4 deletions
diff --git a/‎setup.cfg
Lines changed: 1 addition & 1 deletion b/‎setup.cfg
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/bootstrap/test_cli.py
Lines changed: 3 additions & 0 deletions b/‎tests/bootstrap/test_cli.py
Lines changed: 3 additions & 0 deletions
diff --git a/‎tests/integration/awslambda/functions/lambda_introspect.py
Lines changed: 13 additions & 1 deletion b/‎tests/integration/awslambda/functions/lambda_introspect.py
Lines changed: 13 additions & 1 deletion
@@ -7,7 +7,7 @@
 from typing import Callable, Dict, Literal, Optional
 
 from localstack import config
-from localstack.aws.api.lambda_ import PackageType, Runtime
+from localstack.aws.api.lambda_ import Architecture, PackageType, Runtime
 from localstack.services.awslambda import hooks as lambda_hooks
 from localstack.services.awslambda.invocation.executor_endpoint import (
     INVOCATION_PORT,
@@ -27,6 +27,7 @@
 from localstack.utils.container_networking import get_main_container_name
 from localstack.utils.container_utils.container_client import (
     ContainerConfiguration,
+    DockerPlatform,
     PortMappings,
     VolumeBind,
     VolumeMappings,
@@ -54,6 +55,27 @@
 HOT_RELOADING_ENV_VARIABLE = "LOCALSTACK_HOT_RELOADING_PATHS"
 
 
+"""Map AWS Lambda architecture to Docker platform flags. Example: arm64 => linux/arm64"""
+ARCHITECTURE_PLATFORM_MAPPING: dict[Architecture, DockerPlatform] = dict(
+    {
+        Architecture.x86_64: DockerPlatform.linux_amd64,
+        Architecture.arm64: DockerPlatform.linux_arm64,
+    }
+)
+
+
+def docker_platform(lambda_architecture: Architecture) -> DockerPlatform:
+    """
+    Convert an AWS Lambda architecture into a Docker platform flag. Examples:
+    * docker_platform("x86_64") == "linux/amd64"
+    * docker_platform("arm64") == "linux/arm64"
+
+    :param lambda_architecture: the instruction set that the function supports
+    :return: Docker platform in the format ``os[/arch[/variant]]``
+    """
+    return ARCHITECTURE_PLATFORM_MAPPING[lambda_architecture]
+
+
 def get_image_name_for_function(function_version: FunctionVersion) -> str:
     return f"localstack/lambda-{function_version.id.qualified_arn().replace(':', '_').replace('$', '_').lower()}"
 
@@ -245,6 +267,7 @@ def start(self, env_vars: dict[str, str]) -> None:
             env_vars=env_vars,
             network=network,
             entrypoint=RAPID_ENTRYPOINT,
+            platform=docker_platform(self.function_version.config.architectures[0]),
             additional_flags=config.LAMBDA_DOCKER_FLAGS,
         )
         if self.function_version.config.package_type == PackageType.Zip:
 
@@ -551,8 +551,18 @@ def create_function(
             )
 
         architectures = request.get("Architectures")
-        if architectures and Architecture.arm64 in architectures:
-            raise ServiceException("ARM64 is currently not supported by this provider")
+        if architectures:
+            if len(architectures) != 1:
+                raise ValidationException(
+                    f"1 validation error detected: Value '[{', '.join(architectures)}]' at 'architectures' failed to "
+                    f"satisfy constraint: Member must have length less than or equal to 1",
+                )
+            if architectures[0] not in [Architecture.x86_64, Architecture.arm64]:
+                raise ValidationException(
+                    f"1 validation error detected: Value '[{', '.join(architectures)}]' at 'architectures' failed to "
+                    f"satisfy constraint: Member must satisfy constraint: [Member must satisfy enum value set: "
+                    f"[x86_64, arm64], Member must not be null]",
+                )
 
         if env_vars := request.get("Environment", {}).get("Variables"):
             self._verify_env_variables(env_vars)
@@ -568,7 +578,7 @@ def create_function(
         package_type = request.get("PackageType", PackageType.Zip)
         if package_type == PackageType.Zip and request.get("Runtime") not in IMAGE_MAPPING:
             raise InvalidParameterValueException(
-                f"Value {request.get('Runtime')} at 'runtime' failed to satisfy constraint: Member must satisfy enum value set: [nodejs12.x, provided, nodejs16.x, nodejs14.x, ruby2.7, java11, dotnet6, go1.x, provided.al2, java8, java8.al2, dotnetcore3.1, python3.7, python3.8, python3.9] or be a valid ARN",
+                f"Value {request.get('Runtime')} at 'runtime' failed to satisfy constraint: Member must satisfy enum value set: [nodejs12.x, provided, nodejs16.x, nodejs14.x, ruby2.7, java11, dotnet6, go1.x, nodejs18.x, provided.al2, java8, java8.al2, dotnetcore3.1, python3.7, python3.8, python3.9] or be a valid ARN",
                 Type="User",
             )
         state = lambda_stores[context.account_id][context.region]
@@ -637,7 +647,7 @@ def create_function(
                     package_type=package_type,
                     reserved_concurrent_executions=0,
                     environment=env_vars,
-                    architectures=request.get("Architectures") or ["x86_64"],  # TODO
+                    architectures=request.get("Architectures") or [Architecture.x86_64],
                     tracing_config_mode=TracingMode.PassThrough,  # TODO
                     image=image,
                     image_config=image_config,
 
@@ -1,5 +1,6 @@
 import json
 import os
+import platform
 from typing import Literal
 
 from localstack.utils.common import to_str
@@ -117,14 +118,16 @@ def get_events():
 
 
 def is_old_provider():
-    return (
-        os.environ.get("TEST_TARGET") != "AWS_CLOUD"
-        and os.environ.get("PROVIDER_OVERRIDE_LAMBDA") != "asf"
-    )
+    return os.environ.get("TEST_TARGET") != "AWS_CLOUD" and os.environ.get(
+        "PROVIDER_OVERRIDE_LAMBDA"
+    ) not in ["asf", "v2"]
 
 
 def is_new_provider():
-    return (
-        os.environ.get("TEST_TARGET") != "AWS_CLOUD"
-        and os.environ.get("PROVIDER_OVERRIDE_LAMBDA") == "asf"
-    )
+    return os.environ.get("TEST_TARGET") != "AWS_CLOUD" and os.environ.get(
+        "PROVIDER_OVERRIDE_LAMBDA"
+    ) in ["asf", "v2"]
+
+
+def is_arm_compatible():
+    return platform.machine() == "arm64"
@@ -96,6 +96,13 @@ def close(self):
         raise NotImplementedError
 
 
+class DockerPlatform(str):
+    """Platform in the format ``os[/arch[/variant]]``"""
+
+    linux_amd64 = "linux/amd64"
+    linux_arm64 = "linux/arm64"
+
+
 # defines the type for port mappings (source->target port range)
 PortRange = Union[List, HashableList]
 
@@ -366,6 +373,7 @@ class ContainerConfiguration:
     network: Optional[str] = None
     dns: Optional[str] = None
     workdir: Optional[str] = None
+    platform: Optional[str] = None
 
 
 @dataclasses.dataclass
@@ -378,6 +386,8 @@ class DockerRunFlags:
     extra_hosts: Optional[Dict[str, str]]
     network: Optional[str]
     labels: Optional[Dict[str, str]]
+    user: Optional[str]
+    platform: Optional[DockerPlatform]
 
 
 class ContainerClient(metaclass=ABCMeta):
@@ -496,7 +506,7 @@ def copy_from_container(
         pass
 
     @abstractmethod
-    def pull_image(self, docker_image: str) -> None:
+    def pull_image(self, docker_image: str, platform: Optional[DockerPlatform] = None) -> None:
         """Pulls an image with a given name from a Docker registry"""
         pass
 
@@ -687,6 +697,7 @@ def create_container_from_config(self, container_config: ContainerConfiguration)
             additional_flags=container_config.additional_flags,
             workdir=container_config.workdir,
             privileged=container_config.privileged,
+            platform=container_config.platform,
         )
 
     @abstractmethod
@@ -714,6 +725,7 @@ def create_container(
         workdir: Optional[str] = None,
         privileged: Optional[bool] = None,
         labels: Optional[Dict[str, str]] = None,
+        platform: Optional[DockerPlatform] = None,
     ) -> str:
         """Creates a container with the given image
 
@@ -888,13 +900,17 @@ def parse_additional_flags(
         ports: PortMappings = None,
         mounts: List[SimpleVolumeBind] = None,
         network: Optional[str] = None,
+        user: Optional[str] = None,
+        platform: Optional[DockerPlatform] = None,
     ) -> DockerRunFlags:
         """Parses environment, volume and port flags passed as string
         :param additional_flags: String which contains the flag definitions
         :param env_vars: Dict with env vars. Will be modified in place.
         :param ports: PortMapping object. Will be modified in place.
         :param mounts: List of mount tuples (host_path, container_path). Will be modified in place.
         :param network: Existing network name (optional). Warning will be printed if network is overwritten in flags.
+        :param user: User to run firs
F438
t process. Warning will be printed if user is overwritten in flags.
+        :param platform: Platform to execute container. Warning will be printed if platform is overwritten in flags.
         :return: A DockerRunFlags object containing the env_vars, ports, mount, extra_hosts, network, and labels.
                 The result will return new objects if respective parameters were None and additional flags contained
                 a flag for that object, the same which are passed otherwise.
@@ -917,6 +933,10 @@ def parse_additional_flags(
                     cur_state = "set-network"
                 elif flag == "--label":
                     cur_state = "add-label"
+                elif flag in ["-u", "--user"]:
+                    cur_state = "user"
+                elif flag == "--platform":
+                    cur_state = "platform"
                 else:
                     raise NotImplementedError(
                         f"Flag {flag} is currently not supported by this Docker client."
@@ -982,6 +1002,18 @@ def parse_additional_flags(
                         labels[key] = value
                     else:
                         LOG.warning("Invalid --label specified, unable to parse: '%s'", flag)
+                elif cur_state == "user":
+                    if user:
+                        LOG.warning(
+                            f"Overwriting Docker container user {user} with new value {flag}"
+                        )
+                    user = flag
+                elif cur_state == "platform":
+                    if platform:
+                        LOG.warning(
+                            f"Overwriting Docker container platform {platform} with new value {flag}"
+                        )
+                    platform = flag
 
                 cur_state = None
 
@@ -992,6 +1024,8 @@ def parse_additional_flags(
             extra_hosts=extra_hosts,
             network=network,
             labels=labels,
+            user=user,
+            platform=platform,
         )
 
     @staticmethod
 
@@ -14,6 +14,7 @@
     ContainerClient,
     ContainerException,
     DockerContainerStatus,
+    DockerPlatform,
     NoSuchContainer,
     NoSuchImage,
     NoSuchNetwork,
@@ -263,9 +264,11 @@ def copy_from_container(
                 "Docker process returned with errorcode %s" % e.returncode, e.stdout, e.stderr
             ) from e
 
-    def pull_image(self, docker_image: str) -> None:
+    def pull_image(self, docker_image: str, platform: Optional[DockerPlatform] = None) -> None:
         cmd = self._docker_cmd()
         cmd += ["pull", docker_image]
+        if platform:
+            cmd += ["--platform", platform]
         LOG.debug("Pulling image with cmd: %s", cmd)
         try:
             run(cmd)
@@ -616,6 +619,7 @@ def _build_run_create_cmd(
         workdir: Optional[str] = None,
         privileged: Optional[bool] = None,
         labels: Optional[Dict[str, str]] = None,
+        platform: Optional[DockerPlatform] = None,
     ) -> Tuple[List[str], str]:
         env_file = None
         cmd = self._docker_cmd() + [action]
@@ -663,6 +667,8 @@ def _build_run_create_cmd(
         if labels:
             for key, value in labels.items():
                 cmd += ["--label", f"{key}={value}"]
+        if platform:
+            cmd += ["--platform", platform]
 
         if additional_flags:
             cmd += shlex.split(additional_flags)
 
@@ -17,6 +17,7 @@
     ContainerClient,
     ContainerException,
     DockerContainerStatus,
+    DockerPlatform,
     NoSuchContainer,
     NoSuchImage,
     NoSuchNetwork,
@@ -213,11 +214,11 @@ def copy_from_container(
         except APIError as e:
             raise ContainerException() from e
 
-    def pull_image(self, docker_image: str) -> None:
+    def pull_image(self, docker_image: str, platform: Optional[DockerPlatform] = None) -> None:
         LOG.debug("Pulling Docker image: %s", docker_image)
         # some path in the docker image string indicates a custom repository
         try:
-            self.client().images.pull(docker_image)
+            self.client().images.pull(docker_image, platform=platform)
         except ImageNotFound:
             raise NoSuchImage(docker_image)
         except APIError as e:
@@ -507,19 +508,22 @@ def create_container(
         workdir: Optional[str] = None,
         privileged: Optional[bool] = None,
         labels: Optional[Dict[str, str]] = None,
+        platform: Optional[DockerPlatform] = None,
     ) -> str:
         LOG.debug("Creating container with attributes: %s", locals())
         extra_hosts = None
         if additional_flags:
             parsed_flags = Util.parse_additional_flags(
-                additional_flags, env_vars, ports, mount_volumes, network
+                additional_flags, env_vars, ports, mount_volumes, network, user, platform
             )
             env_vars = parsed_flags.env_vars
             ports = parsed_flags.ports
             mount_volumes = parsed_flags.mounts
             extra_hosts = parsed_flags.extra_hosts
             network = parsed_flags.network
             labels = parsed_flags.labels
+            user = parsed_flags.user
+            platform = parsed_flags.platform
 
         try:
             kwargs = {}
@@ -558,13 +562,14 @@ def create_container():
                     network=network,
                     volumes=mounts,
                     extra_hosts=extra_hosts,
+                    platform=platform,
                     **kwargs,
                 )
 
             try:
                 container = create_container()
             except ImageNotFound:
-                self.pull_image(image_name)
+                self.pull_image(image_name, platform)
                 container = create_container()
             return container.id
         except ImageNotFound:
 
@@ -75,7 +75,7 @@ runtime =
     cryptography
     dnslib>=0.9.10
     dnspython>=1.16.0
-    docker==5.0.0
+    docker==6.0.1
     flask==2.1.3
     flask-cors>=3.0.3,<3.1.0
     flask_swagger==0.2.12
 
@@ -180,8 +180,11 @@ def test_container_starts_non_root(self, runner, monkeypatch, container_client):
         output = container_client.exec_in_container(config.MAIN_CONTAINER_NAME, ["ps", "-u", user])
         assert "supervisord" in to_str(output[0])
 
+    @pytest.mark.skip(reason="skip temporarily until compatible localstack image is on DockerHub")
     def test_start_cli_within_container(self, runner, container_client):
         output = container_client.run_container(
+            # CAVEAT: Updates to the Docker image are not immediately reflected when using the latest image from
+            # DockerHub in the CI. Re-build the Docker image locally through `make docker-build` for local testing.
             "localstack/localstack",
             remove=True,
             entrypoint="",
 
@@ -1,4 +1,8 @@
+import getpass
 import os
+import platform
+import stat
+import subprocess
 import time
 
 
@@ -8,6 +12,14 @@ def handler(event, context):
         time.sleep(event["wait"])
 
     return {
-        "env": {k: v for k, v in os.environ.items()},
+        # Tested in tests/integration/awslambda/test_lambda_common.py
+        # "environment": dict(os.environ),
         "event": event,
+        # user behavior: https://stackoverflow.com/a/25574419
+        "user_login_name": getpass.getuser(),
+        "user_whoami": subprocess.getoutput("whoami"),
+        "platform_system": platform.system(),
+        "platform_machine": platform.machine(),
+        "pwd_filemode": stat.filemode(os.stat(".").st_mode),
+        "opt_filemode": stat.filemode(os.stat("/opt").st_mode),
     }