localstack
diff --git a/‎localstack/aws/connect.py
Lines changed: 9 additions & 5 deletions b/‎localstack/aws/connect.py
Lines changed: 9 additions & 5 deletions
diff --git a/‎localstack/aws/forwarder.py
Lines changed: 2 additions & 2 deletions b/‎localstack/aws/forwarder.py
Lines changed: 2 additions & 2 deletions
diff --git a/‎localstack/constants.py
Lines changed: 16 additions & 24 deletions b/‎localstack/constants.py
Lines changed: 16 additions & 24 deletions
diff --git a/‎localstack/services/apigateway/helpers.py
Lines changed: 5 additions & 4 deletions b/‎localstack/services/apigateway/helpers.py
Lines changed: 5 additions & 4 deletions
diff --git a/‎localstack/services/apigateway/integration.py
Lines changed: 3 additions & 3 deletions b/‎localstack/services/apigateway/integration.py
Lines changed: 3 additions & 3 deletions
diff --git a/‎localstack/services/apigateway/invocations.py
Lines changed: 1 addition & 1 deletion b/‎localstack/services/apigateway/invocations.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎localstack/services/awslambda/lambda_api.py
Lines changed: 7 additions & 6 deletions b/‎localstack/services/awslambda/lambda_api.py
Lines changed: 7 additions & 6 deletions
diff --git a/‎localstack/services/awslambda/lambda_executors.py
Lines changed: 2 additions & 1 deletion b/‎localstack/services/awslambda/lambda_executors.py
Lines changed: 2 additions & 1 deletion
diff --git a/‎localstack/services/awslambda/lambda_starter.py
Lines changed: 5 additions & 7 deletions b/‎localstack/services/awslambda/lambda_starter.py
Lines changed: 5 additions & 7 deletions
diff --git a/‎localstack/services/cloudformation/api_utils.py
Lines changed: 2 additions & 2 deletions b/‎localstack/services/cloudformation/api_utils.py
Lines changed: 2 additions & 2 deletions
diff --git a/‎localstack/services/cloudformation/engine/entities.py
Lines changed: 3 additions & 20 deletions b/‎localstack/services/cloudformation/engine/entities.py
Lines changed: 3 additions & 20 deletions
@@ -21,7 +21,6 @@
     INTERNAL_AWS_ACCESS_KEY_ID,
     INTERNAL_AWS_SECRET_ACCESS_KEY,
     MAX_POOL_CONNECTIONS,
-    TEST_AWS_ACCESS_KEY_ID,
     TEST_AWS_SECRET_ACCESS_KEY,
 )
 from localstack.utils.aws.aws_stack import get_local_service_url, get_s3_hostname
@@ -447,9 +446,9 @@ def get_client(
         :param region_name: Name of the AWS region to be associated with the client
             If set to None, loads from botocore session.
         :param aws_access_key_id: Access key to use for the client.
-            Defaults to dummy value ("test")
+            If set to None, loads from botocore session.
         :param aws_secret_access_key: Secret key to use for the client.
-            Defaults to "dummy value ("test")
+            If set to None, uses a placeholder value
         :param aws_session_token: Session token to use for the client.
             Not being used if not set.
         :param endpoint_url: Full endpoint URL to be used by the client.
@@ -466,14 +465,19 @@ def get_client(
             if re.match(r"https?://localhost(:[0-9]+)?", endpoint_url):
                 endpoint_url = endpoint_url.replace("://localhost", f"://{get_s3_hostname()}")
 
+        # Prevent `PartialCredentialsError` when only access key ID is provided
+        # The value of secret access key is insignificant and can be set to anything
+        if aws_access_key_id:
+            aws_secret_access_key = aws_secret_access_key or TEST_AWS_SECRET_ACCESS_KEY
+
         return self._get_client(
             service_name=service_name,
             region_name=region_name or config.region_name or self._get_region(),
             use_ssl=self._use_ssl,
             verify=self._verify,
             endpoint_url=endpoint_url,
-            aws_access_key_id=aws_access_key_id or TEST_AWS_ACCESS_KEY_ID,
-            aws_secret_access_key=aws_secret_access_key or TEST_AWS_SECRET_ACCESS_KEY,
+            aws_access_key_id=aws_access_key_id,
+            aws_secret_access_key=aws_secret_access_key,
             aws_session_token=aws_session_token,
             config=config,
         )
 
@@ -18,11 +18,11 @@
     ServiceResponse,
 )
 from localstack.aws.client import parse_response, raise_service_exception
+from localstack.aws.connect import connect_to
 from localstack.aws.skeleton import DispatchTable, create_dispatch_table
 from localstack.aws.spec import load_service
 from localstack.http import Response
 from localstack.http.proxy import forward
-from localstack.utils.aws import aws_stack
 from localstack.utils.strings import to_str
 
 
@@ -160,7 +160,7 @@ def create_aws_request_context(
     # we re-use botocore internals here to serialize the HTTP request,
     # but deactivate validation (validation errors should be handled by the backend)
     # and don't send it yet
-    client = aws_stack.connect_to_service(
+    client = connect_to.get_client(
         service_name,
         endpoint_url=endpoint_url,
         region_name=region,
 
@@ -41,17 +41,6 @@
 # host to bind to when starting the services
 BIND_HOST = "0.0.0.0"
 
-# Fallback Account ID if not available in the client request
-DEFAULT_AWS_ACCOUNT_ID = "000000000000"
-
-# AWS user account ID used for tests - TODO move to config.py
-if "TEST_AWS_ACCOUNT_ID" not in os.environ:
-    os.environ["TEST_AWS_ACCOUNT_ID"] = DEFAULT_AWS_ACCOUNT_ID
-
-# Values used by tests
-TEST_AWS_ACCOUNT_ID = os.environ["TEST_AWS_ACCOUNT_ID"]
-TEST_AWS_REGION_NAME = "us-east-1"
-
 # root code folder
 MODULE_MAIN_PATH = os.path.dirname(os.path.realpath(__file__))
 # TODO rename to "ROOT_FOLDER"!
@@ -158,21 +147,24 @@
 except Exception:
     MAX_POOL_CONNECTIONS = 150
 
-# credentials used in the test suite
-TEST_AWS_ACCESS_KEY_ID = "test"
-TEST_AWS_SECRET_ACCESS_KEY = (
-    "test"  # NOTE: In the near future, this will be set to a structured Access Key ID
-)
-
-# additional credentials used in the test suite (mainly for cross-account access)
-SECONDARY_TEST_AWS_ACCOUNT_ID = "000000000002"
-SECONDARY_TEST_AWS_ACCESS_KEY_ID = (
-    "000000000002"  # NOTE: In the near future, this will be set to a structured Access Key ID
-)
-SECONDARY_TEST_AWS_SECRET_ACCESS_KEY = "test2"
+# Fallback Account ID if not available in the client request
+DEFAULT_AWS_ACCOUNT_ID = "000000000000"
+
+# Credentials used in the test suite
+# These can be overridden if the tests are being run against AWS
+# If a structured access key ID is used, it must correspond to the account ID
+TEST_AWS_ACCOUNT_ID = os.getenv("TEST_AWS_ACCOUNT_ID") or DEFAULT_AWS_ACCOUNT_ID
+TEST_AWS_ACCESS_KEY_ID = os.getenv("TEST_AWS_ACCESS_KEY_ID") or "test"
+TEST_AWS_SECRET_ACCESS_KEY = os.getenv("TEST_AWS_SECRET_ACCESS_KEY") or "test"
+TEST_AWS_REGION_NAME = "us-east-1"
+
+# Additional credentials used in the test suite (when running cross-account tests)
+SECONDARY_TEST_AWS_ACCOUNT_ID = os.getenv("SECONDARY_TEST_AWS_ACCOUNT_ID") or "000000000002"
+SECONDARY_TEST_AWS_ACCESS_KEY_ID = os.getenv("SECONDARY_TEST_AWS_ACCESS_KEY_ID") or "000000000002"
+SECONDARY_TEST_AWS_SECRET_ACCESS_KEY = os.getenv("SECONDARY_TEST_AWS_SECRET_ACCESS_KEY") or "test2"
 SECONDARY_TEST_AWS_REGION_NAME = "ap-southeast-1"
 
-# credentials being used for internal calls
+# Credentials used for internal calls
 INTERNAL_AWS_ACCESS_KEY_ID = "__internal_call__"
 INTERNAL_AWS_SECRET_ACCESS_KEY = "__internal_call__"
 
 
@@ -28,6 +28,7 @@
     Model,
     RequestValidator,
 )
+from localstack.aws.connect import connect_to
 from localstack.constants import (
     APPLICATION_JSON,
     HEADER_LOCALSTACK_EDGE_URL,
@@ -528,7 +529,7 @@ def get_stage_variables(context: ApiInvocationContext) -> Optional[Dict[str, str
         return {}
 
     _, region_name = get_api_account_id_and_region(context.api_id)
-    api_gateway_client = aws_stack.connect_to_service("apigateway", region_name=region_name)
+    api_gateway_client = connect_to(region_name=region_name).apigateway
     try:
         response = api_gateway_client.get_stage(restApiId=context.api_id, stageName=context.stage)
         return response.get("variables")
@@ -617,7 +618,7 @@ def get_cors_response(headers):
 
 
 def get_rest_api_paths(rest_api_id, region_name=None):
-    apigateway = aws_stack.connect_to_service(service_name="apigateway", region_name=region_name)
+    apigateway = connect_to(region_name=region_name).apigateway
     resources = apigateway.get_resources(restApiId=rest_api_id, limit=100)
     resource_map = {}
     for resource in resources["items"]:
@@ -1467,7 +1468,7 @@ def _swagger_export(self, api_id: str, stage: str, export_format: str) -> str:
         """
         https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md
         """
-        apigateway_client = aws_stack.connect_to_service("apigateway")
+        apigateway_client = connect_to().apigateway
 
         rest_api = apigateway_client.get_rest_api(restApiId=api_id)
         resources = apigateway_client.get_resources(restApiId=api_id)
@@ -1488,7 +1489,7 @@ def _oas30_export(self, api_id: str, stage: str, export_format: str) -> str:
         """
         https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md
         """
-        apigateway_client = aws_stack.connect_to_service("apigateway")
+        apigateway_client = connect_to().apigateway
 
         rest_api = apigateway_client.get_rest_api(restApiId=api_id)
         resources = apigateway_client.get_resources(restApiId=api_id)
 
@@ -573,7 +573,7 @@ def invoke(self, invocation_context: ApiInvocationContext):
         relative_path, query_string_params = extract_query_string_params(path=invocation_path)
         uri = integration.get("uri") or integration.get("integrationUri") or ""
 
-        s3 = aws_stack.connect_to_service("s3")
+        s3 = connect_to().s3
         uri = apply_request_parameters(
             uri,
             integration=integration,
@@ -619,7 +619,7 @@ def invoke(self, invocation_context: ApiInvocationContext):
 
         if ":servicediscovery:" in uri:
             # check if this is a servicediscovery integration URI
-            client = aws_stack.connect_to_service("servicediscovery")
+            client = connect_to().servicediscovery
             service_id = uri.split("/")[-1]
             instances = client.list_instances(ServiceId=service_id)["Instances"]
             instance = (instances or [None])[0]
@@ -752,7 +752,7 @@ def invoke(self, invocation_context: ApiInvocationContext):
         else:
             payload = json.loads(invocation_context.data)
 
-        client = aws_stack.connect_to_service("stepfunctions")
+        client = connect_to().stepfunctions
         if isinstance(payload.get("input"), dict):
             payload["input"] = json.dumps(payload["input"])
 
 
@@ -149,7 +149,7 @@ def run_authorizer(invocation_context: ApiInvocationContext, authorizer: Dict):
 
 def authorize_invocation(invocation_context: ApiInvocationContext):
     region_name = invocation_context.region_name or aws_stack.get_region()
-    client = aws_stack.connect_to_service("apigateway", region_name=region_name)
+    client = connect_to(region_name=region_name).apigateway
     authorizers = client.get_authorizers(restApiId=invocation_context.api_id, limit=100).get(
         "items", []
     )
 
@@ -25,6 +25,7 @@
 
 from localstack import config, constants
 from localstack.aws.accounts import get_aws_account_id
+from localstack.aws.connect import connect_to
 from localstack.constants import APPLICATION_JSON
 from localstack.http import Request
 from localstack.http import Response as HttpResponse
@@ -432,7 +433,7 @@ def run_lambda(
     # (e.g., persistence) have been executed when the run_lambda(..) function gets called (e.g., from API GW).
     LOG.debug("Running lambda %s", func_arn)
     if not hasattr(run_lambda, "_provider_initialized"):
-        aws_stack.connect_to_service("lambda").list_functions()
+        connect_to().awslambda.list_functions()
         run_lambda._provider_initialized = True
 
     store = get_awslambda_store_for_arn(func_arn)
@@ -909,7 +910,7 @@ def forward_to_fallback_url(func_arn, data):
     lambda_name = arns.lambda_function_name(func_arn)
     if config.LAMBDA_FALLBACK_URL.startswith("dynamodb://"):
         table_name = urlparse(config.LAMBDA_FALLBACK_URL.replace("dynamodb://", "http://")).netloc
-        dynamodb = aws_stack.connect_to_service("dynamodb")
+        dynamodb = connect_to().dynamodb
         item = {
             "id": {"S": short_uid()},
             "timestamp": {"N": str(now_utc())},
@@ -938,7 +939,7 @@ def forward_to_fallback_url(func_arn, data):
 
 
 def get_lambda_policy(function, qualifier=None):
-    iam_client = aws_stack.connect_to_service("iam")
+    iam_client = connect_to().iam
     policies = iam_client.list_policies(Scope="Local", MaxItems=500)["Policies"]
     docs = []
     for p in policies:
@@ -1631,7 +1632,7 @@ def add_permission_policy_statement(
 ):
     store = get_awslambda_store_for_arn(resource_arn)
     data = json.loads(to_str(request.data))
-    iam_client = aws_stack.connect_to_service("iam")
+    iam_client = connect_to().iam
     sid = data.get("StatementId")
     action = data.get("Action")
     principal = data.get("Principal")
@@ -1690,7 +1691,7 @@ def add_permission_policy_statement(
 @app.route("%s/functions/<function>/policy/<statement>" % API_PATH_ROOT, methods=["DELETE"])
 def remove_permission(function, statement):
     qualifier = request.args.get("Qualifier")
-    iam_client = aws_stack.connect_to_service("iam")
+    iam_client = connect_to().iam
     policy = get_lambda_policy(function, qualifier=qualifier)
     if not policy:
         return not_found_error('Unable to find policy for Lambda function "%s"' % function)
@@ -1842,7 +1843,7 @@ def _create_response(invocation_result, status_code=200, headers=None):
             ),
             mode="rb",
         )
-        lambda_client = aws_stack.connect_to_service("lambda")
+        lambda_client = connect_to().awslambda
         lambda_client.create_function(
             FunctionName="localstack-internal-awssdk",
             Runtime=LAMBDA_RUNTIME_NODEJS14X,
 
@@ -19,6 +19,7 @@
 from typing import Any, Callable, Dict, List, Optional, Tuple, Union
 
 from localstack import config
+from localstack.aws.connect import connect_to
 from localstack.constants import DEFAULT_LAMBDA_CONTAINER_REGISTRY
 from localstack.runtime.hooks import hook_spec
 from localstack.services.awslambda.lambda_utils import (
@@ -878,7 +879,7 @@ def invoke_lambda(
     ) -> InvocationResult:
         full_url = self._get_lambda_stay_open_url(lambda_docker_ip)
 
-        client = aws_stack.connect_to_service("lambda", endpoint_url=full_url)
+        client = connect_to(endpoint_url=full_url).awslambda
         event = inv_context.event or "{}"
 
         LOG.debug(f"Calling {full_url} to run invocation in docker-reuse Lambda container")
 
@@ -3,12 +3,13 @@
 from moto.awslambda import models as moto_awslambda_models
 
 from localstack import config
+from localstack.aws.connect import connect_to
 from localstack.services.awslambda.lambda_api import handle_lambda_url_invocation
 from localstack.services.awslambda.lambda_utils import get_default_executor_mode
 from localstack.services.edge import ROUTER
 from localstack.services.plugins import ServiceLifecycleHook
 from localstack.utils.analytics import log
-from localstack.utils.aws import arns, aws_stack
+from localstack.utils.aws import arns
 from localstack.utils.aws.request_context import AWS_REGION_REGEX
 from localstack.utils.patch import patch
 from localstack.utils.platform import is_linux
@@ -77,7 +78,6 @@ def check_lambda(expect_shutdown=False, print_error=False):
     out = None
     try:
         from localstack.services.infra import PROXY_LISTENERS
-        from localstack.utils.aws import aws_stack
         from localstack.utils.common import wait_for_port_open
 
         # wait for port to be opened
@@ -86,9 +86,7 @@ def check_lambda(expect_shutdown=False, print_error=False):
         wait_for_port_open(port, sleep_time=0.5, retries=20)
 
         endpoint_url = f"http://127.0.0.1:{port}"
-        out = aws_stack.connect_to_service(
-            service_name="lambda", endpoint_url=endpoint_url
-        ).list_functions()
+        out = connect_to(endpoint_url=endpoint_url).awslambda.list_functions()
     except Exception:
         if print_error:
             LOG.exception("Lambda health check failed")
@@ -104,7 +102,7 @@ def get_function(fn, self, *args, **kwargs):
     if result:
         return result
 
-    client = aws_stack.connect_to_service("lambda")
+    client = connect_to().awslambda
     lambda_name = arns.lambda_function_name(args[0])
     response = client.get_function(FunctionName=lambda_name)
 
@@ -119,5 +117,5 @@ def get_function(fn, self, *args, **kwargs):
 @patch(moto_awslambda_models.LambdaFunction.invoke)
 def invoke(fn, self, *args, **kwargs):
     payload = to_bytes(args[0])
-    client = aws_stack.connect_to_service("lambda")
+    client = connect_to().awslambda
     return client.invoke(FunctionName=self.function_name, Payload=payload)
@@ -5,8 +5,8 @@
 from requests.structures import CaseInsensitiveDict
 
 from localstack import config, constants
+from localstack.aws.connect import connect_to
 from localstack.services.s3 import s3_listener, s3_utils
-from localstack.utils.aws import aws_stack
 from localstack.utils.functions import run_safe
 from localstack.utils.http import safe_requests
 from localstack.utils.strings import to_str
@@ -45,7 +45,7 @@ def get_template_body(req_data: dict) -> str:
             if is_local_service_url(url):
                 parsed_path = urlparse(url).path.lstrip("/")
                 parts = parsed_path.partition("/")
-                client = aws_stack.connect_to_service("s3")
+                client = connect_to().s3
                 LOG.debug(
                     "Download CloudFormation template content from local S3: %s - %s",
                     parts[0],
 
@@ -5,7 +5,6 @@
 from localstack.services.cloudformation.engine.parameters import (
     StackParameter,
     convert_stack_parameters_to_list,
-    map_to_legacy_structure,
     strip_parameter_type,
 )
 from localstack.utils.aws import arns
@@ -244,26 +243,10 @@ def stack_name(self):
     def stack_id(self):
         return self.metadata["StackId"]
 
-    # TODO: potential performance issues due to many stack_parameters calls (cache or limit actual invocations)
     @property
-    def resources(self):  # TODO: not actually resources, split apart
-        """Return dict of resources, parameters, conditions, and other stack metadata."""
-        result = dict(self.template_resources)
-
-        result.update(
-            {k: map_to_legacy_structure(k, v) for k, v in self.resolved_parameters.items()}
-        )
-
-        # TODO: conditions don't really belong here and should be handled separately
-        for name, value in self.conditions.items():
-            if name not in result:
-                result[name] = {
-                    "Type": "Parameter",
-                    "LogicalResourceId": name,
-                    "Properties": {"Value": value},
-                }
-
-        return result
+    def resources(self):
+        """Return dict of resources"""
+        return dict(self.template_resources)
 
     @property
     def template_resources(self):
Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ def run_authorizer(invocation_context: ApiInvocationContext, authorizer: Dict):`
`149`	`149`
`150`	`150`	`def authorize_invocation(invocation_context: ApiInvocationContext):`
`151`	`151`	`region_name = invocation_context.region_name or aws_stack.get_region()`
`152`		`- client = aws_stack.connect_to_service("apigateway", region_name=region_name)`
	`152`	`+ client = connect_to(region_name=region_name).apigateway`
`153`	`153`	`authorizers = client.get_authorizers(restApiId=invocation_context.api_id, limit=100).get(`
`154`	`154`	`"items", []`
`155`	`155`	`)`