Cloud Emulation

Each service provides AWS-compatible API operations emulated at runtime. In CDK mode, CDK constructs are parsed from your cdk synth output. In HCL mode, all services start in always-on mode and resources are created dynamically via management APIs.

DynamoDB SQS S3 SNS EventBridge Step Functions Cognito Lambda API Gateway SSM Parameter Store Secrets Manager ECS IAM & STS RDS DocumentDB Neptune Elasticsearch OpenSearch ElastiCache MemoryDB Glacier S3 Tables

Core Services

DynamoDB

CDK Constructs

aws_dynamodb.Table

tableName, partitionKey, sortKey, globalSecondaryIndexes

API Operations

PutItem GetItem DeleteItem UpdateItem Query Scan BatchGetItem BatchWriteItem CreateTable DeleteTable DescribeTable ListTables TransactGetItems TransactWriteItems UpdateTable DescribeContinuousBackups DescribeTimeToLive UpdateTimeToLive TagResource UntagResource ListTagsOfResource

Backed by SQLite. Supports expression attribute names/values, filter expressions, condition expressions, transactional operations, and eventual consistency simulation.

SQS

CDK Constructs

aws_sqs.Queue

queueName, fifo, visibilityTimeout, contentBasedDeduplication, deadLetterQueue

API Operations

SendMessage ReceiveMessage DeleteMessage CreateQueue GetQueueUrl GetQueueAttributes SetQueueAttributes DeleteQueue ListQueues PurgeQueue SendMessageBatch DeleteMessageBatch ChangeMessageVisibility ChangeMessageVisibilityBatch ListDeadLetterSourceQueues TagQueue UntagQueue ListQueueTags

Supports message attributes, long polling, FIFO queues, batch operations, and dead-letter queue wiring from RedrivePolicy.

S3

CDK Constructs

aws_s3.Bucket

bucketName, websiteIndexDocument, websiteErrorDocument

API Operations

PutObject GetObject DeleteObject HeadObject ListObjectsV2 CreateBucket DeleteBucket HeadBucket ListBuckets CopyObject DeleteObjects PutBucketTagging GetBucketTagging DeleteBucketTagging GetBucketLocation PutBucketPolicy GetBucketPolicy PutBucketNotificationConfiguration GetBucketNotificationConfiguration CreateMultipartUpload UploadPart CompleteMultipartUpload AbortMultipartUpload ListParts PutBucketWebsite GetBucketWebsite DeleteBucketWebsite

Backed by the local filesystem. Supports event notifications (ObjectCreated, ObjectRemoved), multipart uploads, presigned URL generation, ETags, binary content, content-type headers, and static website hosting with index document resolution and error document serving.

SNS

CDK Constructs

aws_sns.Topic

topicName. aws_sns.Subscription is not parsed — subscriptions are wired at runtime via the API or auto-wired by LDK for Lambda/SQS targets.

API Operations

Publish Subscribe CreateTopic ListTopics ListSubscriptions DeleteTopic SetTopicAttributes Unsubscribe GetSubscriptionAttributes SetSubscriptionAttributes ConfirmSubscription GetTopicAttributes ListSubscriptionsByTopic TagResource UntagResource ListTagsForResource

Supports Lambda and SQS subscription protocols, message attributes, topic and subscription attribute management, and fan-out to multiple subscribers.

EventBridge

CDK Constructs

aws_events.EventBus aws_events.Rule

eventBusName, ruleName, eventBus, eventPattern, schedule, targets

API Operations

PutEvents CreateEventBus DescribeEventBus ListEventBuses DeleteEventBus PutRule DescribeRule ListRules DeleteRule EnableRule DisableRule PutTargets ListTargetsByRule RemoveTargets TagResource UntagResource ListTagsForResource

Supports custom event buses, event pattern matching, schedule expressions (rate and cron), Lambda targets, and input transformations.

Step Functions

CDK Constructs

aws_stepfunctions.StateMachine

stateMachineName, definitionBody, stateMachineType

API Operations

CreateStateMachine DescribeStateMachine ListStateMachines DeleteStateMachine UpdateStateMachine StartExecution StartSyncExecution DescribeExecution ListExecutions StopExecution GetExecutionHistory ListStateMachineVersions ValidateStateMachineDefinition TagResource UntagResource ListTagsForResource

State types: Task, Pass, Choice, Wait, Succeed, Fail, Parallel, Map. Supports JSONPath (InputPath, OutputPath, ResultPath), error handling (Retry, Catch), definition validation, and Standard & Express workflows.

Cognito

CDK Constructs

aws_cognito.UserPool aws_cognito.UserPoolClient

userPoolName, lambdaTriggers (preAuthentication, postConfirmation), passwordPolicy, userPool

API Operations

CreateUserPool DescribeUserPool ListUserPools DeleteUserPool UpdateUserPool CreateUserPoolClient DescribeUserPoolClient ListUserPoolClients DeleteUserPoolClient SignUp ConfirmSignUp InitiateAuth ForgotPassword ConfirmForgotPassword ChangePassword GlobalSignOut AdminCreateUser AdminDeleteUser AdminGetUser ListUsers JWKS

Backed by SQLite. Supports JWT token generation (ID, access, refresh), user attributes, password hashing, password reset flows, and multi-pool management.

Lambda

CDK Constructs

aws_lambda.Function aws_lambda.FunctionUrl

handler, runtime, code, timeout, memorySize, environment, authType, cors, invokeMode

Management API (HCL mode)

CreateFunction GetFunction DeleteFunction ListFunctions Invoke UpdateFunctionConfiguration UpdateFunctionCode CreateEventSourceMapping GetEventSourceMapping DeleteEventSourceMapping ListEventSourceMappings AddPermission RemovePermission GetPolicy TagResource UntagResource ListTags

Function URLs

CreateFunctionUrlConfig GetFunctionUrlConfig UpdateFunctionUrlConfig DeleteFunctionUrlConfig

Runs functions inside official AWS Lambda Docker images (with AWS SDK pre-installed). Run ldk setup lambda once to pull the images. Supports timeout enforcement, realistic context objects, environment variable injection, and Function URLs — each function URL gets its own HTTP endpoint on a dedicated port with full CORS support and AWS Lambda payload format 2.0. Supports both BUFFERED and RESPONSE_STREAM invoke modes. In CDK mode, functions and URLs are discovered from the cloud assembly. In HCL mode, functions are created dynamically via the management API.

API Gateway

CDK Constructs

aws_apigateway.RestApi aws_apigatewayv2.HttpApi

routes, methods, integrations

REST API (V1) Management

CreateRestApi GetRestApi ListRestApis UpdateRestApi DeleteRestApi CreateResource GetResources DeleteResource PutMethod GetMethod DeleteMethod PutMethodResponse GetMethodResponse PutIntegration GetIntegration DeleteIntegration PutIntegrationResponse GetIntegrationResponse TestInvokeMethod CreateDeployment GetDeployment ListDeployments CreateStage GetStage UpdateStage DeleteStage CreateAuthorizer GetAuthorizer ListAuthorizers

HTTP API (V2) Management

CreateApi GetApi ListApis UpdateApi DeleteApi CreateRoute GetRoute ListRoutes DeleteRoute CreateIntegration GetIntegration ListIntegrations DeleteIntegration CreateStage GetStage ListStages UpdateStage DeleteStage CreateAuthorizer GetAuthorizer ListAuthorizers

Supports both REST API (V1) and HTTP API (V2) with Lambda proxy integration. Features include CORS handling, TOKEN and JWT authorizers, multi-value query parameters, multi-value headers, binary payload support (base64 encoding), path parameters, and request/response mapping. In HCL mode, APIs and routes are created dynamically via the management API.

Configuration & Secrets

SSM Parameter Store

CDK Constructs

aws_ssm.StringParameter

Name, Type, Value, Description

API Operations

PutParameter GetParameter GetParameters GetParametersByPath DeleteParameter DeleteParameters DescribeParameters AddTagsToResource RemoveTagsFromResource ListTagsForResource

In-memory parameter store supporting String, StringList, and SecureString types with hierarchical paths, tagging, and version tracking. In CDK mode, parameters defined in the CloudFormation template are pre-seeded on startup.

Secrets Manager

CDK Constructs

aws_secretsmanager.Secret

Name, Description, SecretString, GenerateSecretString

API Operations

CreateSecret GetSecretValue PutSecretValue UpdateSecret DeleteSecret RestoreSecret ListSecrets DescribeSecret TagResource UntagResource ListSecretVersionIds GetResourcePolicy

In-memory secret store with version tracking (AWSCURRENT/AWSPREVIOUS staging labels), soft delete/restore, resource policies, and tagging support. In CDK mode, secrets defined in the CloudFormation template are pre-seeded on startup.

Container Services

ECS

CDK Constructs

aws_ecs.TaskDefinition aws_ecs.FargateService aws_ecs.Ec2Service

containerDefinitions, taskDefinition

Runs services as local subprocesses. Supports health checking, service discovery, file watching with auto-restart, and port mapping. Supports local command overrides via ldk.local_command metadata. CDK mode only.

Identity & Authorization

IAM & STS

IAM Operations

CreateRole GetRole DeleteRole CreatePolicy AttachRolePolicy PutRolePolicy ListRoles ListPolicies

STS Operations

GetCallerIdentity AssumeRole

IAM Authorization Modes

Disabled Audit Enforce

IAM role and policy operations are accepted and stored in memory. STS returns credentials and caller identity for HCL compatibility. IAM authorization can be configured in three modes: disabled (default — all requests pass through), audit (requests pass through but violations are logged as warnings), or enforce (requests that fail IAM checks are denied with HTTP 403). Supports identity-based policies, permissions boundaries, resource policies, wildcard matching, and per-request identity override via HTTP header. Authorization applies to DynamoDB, S3, SQS, SNS, EventBridge, Step Functions, Cognito, SSM, and Secrets Manager.

Database Stubs

RDS

API Operations

CreateDBCluster DescribeDBClusters DeleteDBCluster CreateDBInstance DescribeDBInstances DeleteDBInstance

Stub APIs for HCL compatibility. Supports cluster and instance lifecycle operations with identifier-based filtering.

DocumentDB

API Operations

CreateDBCluster DescribeDBClusters DeleteDBCluster

Stub APIs for HCL compatibility. Supports MongoDB-compatible cluster lifecycle operations.

Neptune

API Operations

CreateDBCluster DescribeDBClusters DeleteDBCluster

Stub APIs for HCL compatibility. Supports graph database cluster lifecycle with Gremlin endpoint exposure.

Search & Cache Stubs

Elasticsearch

API Operations

CreateElasticsearchDomain DescribeElasticsearchDomains DeleteElasticsearchDomain ListElasticsearchDomainNames

Stub APIs for HCL compatibility. Supports domain lifecycle operations.

OpenSearch

API Operations

CreateDomain DescribeDomains DeleteDomain ListDomainNames

Stub APIs for HCL compatibility. Supports domain lifecycle operations.

ElastiCache

API Operations

CreateCacheCluster DescribeCacheClusters DeleteCacheCluster

Stub APIs for HCL compatibility. Supports cache cluster lifecycle with status tracking.

MemoryDB

API Operations

CreateCluster DescribeClusters DeleteCluster

Stub APIs for HCL compatibility. Supports Redis-compatible cluster lifecycle with status tracking.

Storage Stubs

Glacier

API Operations

CreateVault ListVaults

Stub APIs for HCL compatibility. Supports idempotent vault creation and listing.

S3 Tables

API Operations

CreateTableBucket ListTableBuckets CreateTable ListTables

Stub APIs for HCL compatibility. Supports table buckets with namespace-based table organization.