Merge master into feature/dynamodb #5574
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
empty commit to trigger ci
feat(sagemakerunifiedstudio): Support for SageMaker Unified Studio
#2007 The Toolkit doesn't read the endpoint configured in an AWS profile config. The endpoint even before these changes is already being read from the AWS config file, and it's included in the CredentialsProvider object, but there wasn't a way to retrieve that. We're adding `getEndpointUrl()` method to the different providers, and then we're retrieving that endpoint in: 1. when loading the current profile, to add it to the credentialsCache (`auth.ts -> createCachedCredentials()`, `loginManager.ts -> login()`). Because of this, then we can get this endpoint alongside the credentials when creating a new AWS client. 2. when creating the list of connections that then will be displayed for the user to pick (`packages/core/src/auth/auth.ts -> getIamConnection()`) (this required to make `getIamConnection` an async
…Walkthrough Update AppBuilder Walkthrough wording and add LocalStack VS Code extension
…ugh walkthrough But add ts-ignore until this value gets added to metric definitions [1] [1]: https://github.com/aws/aws-toolkit-common/blob/8c88537fae2ac7e6524fb2b29ae336c606850eeb/telemetry/definitions/commonDefinitions.json#L2215-L2221
And general fixes when connection is to non-AWS endpoints - Add helper function to identify when connected to LocalStack - Make LiveTail and DocDB read endpoint URL if exists (they don't use the generic ClientBuilder) - Disable S3 virtual-host-style and host prefix for LocalStack - Disable host prefixes for all services when using LocalStack - Send telemetry for custom endpoints and for LocalStack connections
…lStack - Add LocalStack detection for Lambda debugging webview, by refactoring into two sub classes to handle the lifecycle of the debugging process. - Hide and disable version publishing - Await debugger start to slightly mitigate the race condition - Add LocalStack Lambda Debug Mode config deletion upon stopping debugging - Wait for function to be active before launching debugger - Add user-agent integration - Add temporary workaround to mitigate debugger attach timing issue - Fix debugger attach race condition by waiting using the new GET API - Add LDM error handling - Handle LocalStack Lambda hot reloading gracefully - Disable code download upon LocalStack hot reloading - Skip file watcher for hot-reloaded Lambda function - Disable Convert to SAM application for LocalStack - Show message in Remote Invoke WebView when connected to Localstack - Add telemetry for LocalStack case (including refactor some old telemetry)
The endpointUrl is only really valuable for IAMConnections, but we still add it Optional in SsoConnections to keep TypeScript consistent.
## Problem Better to first open the diff.patch for user to see, then parse it and apply it, so that if it is malformed, it is first visible to user. ## Solution Open diff.patch first. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: David Hasani <davhasan@amazon.com>
**Description** We were seeing intermittent issues where sometimes the context was being returned as undefined. Setting it at the start of the activation to ensure the the context is available always. **Motivation** Bug fix **Testing Done** Tested manually locally. ## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Bhargava Varadharajan <vabharga@amazon.com>
…g commands (#7883) ## Problem Amazon Q couldn't make changes to unsaved files. When users apply fix commands to unsaved files, Amazon Q couldn't fix those problems. ## Solution Auto save the file when users clicking on the fix commands. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: atontb <104926752+atonaamz@users.noreply.github.com> Co-authored-by: aws-toolkit-automation <43144436+aws-toolkit-automation@users.noreply.github.com> Co-authored-by: andrewyuq <89420755+andrewyuq@users.noreply.github.com> Co-authored-by: Will Lo <96078566+Will-ShaoHua@users.noreply.github.com>
## Problem This merges the released changes for rc-20250910 into main. MCM-134160906 ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <>
## Problem Currently there is no telemetry support for auto debug feature. ## Solution Add telemetry support for auto debug feature. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com> Co-authored-by: Ashish Reddy Podduturi <ashishrp@amazon.com> Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com>
…iew (#8019) ## Problem Currently users couldn't edit code files on the diff view provided by Amazon Q. Users have to open those files in the workspace to edit them. This is very inconvenient. ## Solution Copy of #7886 Enable users to edit code files directly on the diff view. https://github.com/user-attachments/assets/464d9757-cb6f-4f0f-aa6f-de4f3104cdb5 --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Lei Gao <97199248+leigaol@users.noreply.github.com> Co-authored-by: Lei Gao <leigaol@amazon.com> Co-authored-by: aws-toolkit-automation <43144436+aws-toolkit-automation@users.noreply.github.com> Co-authored-by: andrewyuq <89420755+andrewyuq@users.noreply.github.com> Co-authored-by: Will Lo <96078566+Will-ShaoHua@users.noreply.github.com>
## Problem This merges the released changes for rc-20250911 into main. ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <>
## Problem - Added new UX to inform user about migration of /agents. ## Solution - Removing the migration of /agents ux but need some time to remove entire functionality due to backward compatability issues. - Removed unused and unnecessary code. - Related Flare PR: aws/language-servers#2248 ### Old VSC plugin behavior with new flare version https://github.com/user-attachments/assets/c6966bdb-7bdc-41ca-ae67-acadc4f69ef9 ### New VSC plugin behavior with new flare version https://github.com/user-attachments/assets/9e76779d-6284-4ba3-b206-ddbb862c3d76 --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…#8047) ## Problem #8045 #8040 ## Solution fix for path parsing for windows for editable diff view --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
fix(auth): Add console session profile overwrite prompt and improve credential refresh flow
…8413) ## Problem The hash algorithm using used to verify downloads is not configurable, make it configurable but default to `sha384` ## Solution --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…in webview (#8418) ## Problem - Cx will begin to get used to the new console grouping stack events by operation id and expect the same in the IDE ## Solution - group stack events by operation id similar to console --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem - Hook invocations not visible in stack events ## Solution - show Hook invocations when there is a failure caused by Hook (last column is new and shows conditionally) <img width="1213" height="582" alt="image" src="https://github.com/user-attachments/assets/0e57407d-5fcc-415b-ae2a-e9e39d8d49dc" /> --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
build(amazonq): merge release candidate version rc-20251218
…8438) ## Problem - Signing out did not clear the DZ client, so when user re-tries signing in with corrected region, they cannot access the targeted domain. ## Solution - Dispose smuAuthProvider when signing out, within authProvider dispose, the DZ clients will also be disposed --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem
- sometimes custom metrics are missing from `smus_stopSpace` and
`smus_openRemoteConnection`
## Solution
- Some telemetry custom variables are fetched via async calls
- This calls should gracefully handle async failures, and still being
able to record what metrics are available.
### Example
- successful async calls
```
2025-12-29 11:38:25.994 [debug] telemetry: smus_openRemoteConnection {
Metadata: {
metricId: 'acc0a9b4-e642-4e4f-a2a7-949879fca73d',
traceId: '911f58fd-9f63-4a8f-8e87-590d3f46d534',
smusAuthMode: 'iam',
smusSpaceKey: 'd-5eomwrxzxbim__default-ce003678-576c-4253-a65f-01ef29af4f94',
smusDomainRegion: 'us-east-2',
smusDomainId: 'dzd-byubiyc1bebgfd',
smusProjectId: 'b236u0pytkd02x',
smusDomainAccountId: '619071339486',
smusProjectAccountId: '619071339486',
smusProjectRegion: 'us-east-2',
duration: '20598',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-west-2'
},
Value: 1,
Unit: 'None',
Passive: false
}
```
```
2025-12-29 11:39:28.454 [debug] telemetry: smus_stopSpace {
Metadata: {
metricId: '743e4212-8d6f-40bf-b2aa-a3ab45b5aa86',
traceId: '6bfd857d-cf53-410e-9e38-d1f8b37ec833',
smusAuthMode: 'iam',
smusSpaceKey: 'd-5eomwrxzxbim__default-ce003678-576c-4253-a65f-01ef29af4f94',
smusDomainRegion: 'us-east-2',
smusDomainId: 'dzd-byubiyc1bebgfd',
smusProjectId: 'b236u0pytkd02x',
smusDomainAccountId: '619071339486',
smusProjectAccountId: '619071339486',
smusProjectRegion: 'us-east-2',
duration: '4430',
result: 'Succeeded',
awsAccount: 'not-set',
awsRegion: 'us-west-2'
},
Value: 1,
Unit: 'None',
Passive: false
}
```
- failed async calls
```
2025-12-29 12:00:12.444 [warning] smus: Failed to get project region for telemetry: The security token included in the request is expired
```
```
2025-12-29 12:00:15.237 [debug] telemetry: smus_stopSpace {
Metadata: {
metricId: '52e34dd6-3016-4abc-82cb-2605c2cb7e71',
traceId: '8288d8a9-6674-4402-901a-0ebafe57ad1d',
smusAuthMode: 'iam',
smusSpaceKey: 'd-5eomwrxzxbim__default-ce003678-576c-4253-a65f-01ef29af4f94',
smusDomainRegion: 'us-east-2',
smusDomainId: 'dzd-byubiyc1bebgfd',
smusProjectId: 'b236u0pytkd02x',
smusDomainAccountId: '619071339486',
smusProjectAccountId: '619071339486',
smusProjectRegion: 'not-set',
duration: '2973',
result: 'Failed',
reason: 'ExpiredTokenException',
reasonDesc: 'ExpiredTokenException: Failed to stop space default-ce003678-576c-4253-a65f-01ef29af4f94: The security token included in the request is expired | ExpiredTokenException: The security token included in the request is expired',
awsAccount: 'not-set',
awsRegion: 'us-west-2'
},
Value: 1,
Unit: 'None',
Passive: false
}
```
`smusProjectRegion` is set to 'not-set` and the rest of custom metrics
are recorded.
---
- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.
Co-authored-by: kzr-at-amazon <build@amazon.com>
## Problem On Windows, sometimes files cannot be deleted due to `EBUSY` errors. ## Solution Wrap all temporary file delete logic with a try-catch, and continue the transformation in case of any errors, because deleting the files is not strictly necessary. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: David Hasani <davhasan@amazon.com>
…will not be rendered (#8470) ## Problem ## Solution ``` 2025-12-29 01:20:24.853 [info] inline: found non null next token; Start pagination 2025-12-29 01:20:24.853 [info] GenerateCompletion activity: - number of suggestions: 1 - sessionId: 584db06a-4e51-4fbf-9656-6ac590756627 - first suggestion content (next line): // a function to find the square of a number public static int square(int a) { return a * a; } - duration between trigger to before sending LSP call: 0ms - duration between trigger to after receiving LSP response: 758ms - duration between before sending LSP call to after receving LSP response: 758ms - duration between trigger to completion suggestion is displayed: 759ms 2025-12-29 01:20:25.145 [info] inline: Pagination call is complete page 0 has 1 suggestions page 1 has 1 suggestions 2025-12-29 01:20:25.160 [info] inline: Done pagination; ShouldUpdate=true; updatedSuggestionCount=2 ``` --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
This merges the released changes for rc-20260108 into main. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <>
…edentials (#8500) ## Problem AWS CLI update process enters an infinite retry loop when outdated CLI is detected (exit code 252), causing continuous failed authentication attempts and poor user experience. ## Solution #### CLI update loop - affects users with outdated CLI - Remove automatic retry loop for AWS CLI updates to prevent infinite recursion - Show warning message when CLI update is attempted, requiring retry - Remove try-catch wrapper: it was swallowing errors and allowing profile activation to proceed despite failed CLI execution, causing invalid credential state <img width="1196" height="798" alt="1-need-update" src="https://github.com/user-attachments/assets/94a038bd-4972-4202-a940-e7b16348f465" /> <img width="1198" height="798" alt="2-run-installer" src="https://github.com/user-attachments/assets/343d8ad9-2fe2-4581-bbd9-68b063340441" /> <img width="1196" height="798" alt="3-install-successful" src="https://github.com/user-attachments/assets/5bfdf0af-44bf-4559-8a84-672f25851827" /> <img width="476" height="149" alt="4-warning-to-retry" src="https://github.com/user-attachments/assets/22d1e5dd-bd29-400a-b8ce-504e5acf1cf6" /> #### Testing: - Tested AWS CLI update scenario (exit code 252) with single update attempt and manual retry - Confirmed no infinite loops during installation --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <43144436+aws-toolkit-automation@users.noreply.github.com>
# Summary This PR migrates the SQLWorkbench custom API client from the deprecated AWS SDK v2 generator pattern to standalone AWS SDK v3-compatible packages. This migration is required as part of the broader AWS Toolkit repository migration from SDK v2 to v3. # Problem The AWS Toolkit VSCode repository is deprecating the centralized generateServiceClient.ts script that generates TypeScript clients from service JSON definitions. The SageMaker Unified Studio (SMUS) team currently uses this v2 generator for SQLWorkbench. # Solution * Created standalone package @amzn/sql-workbench-client * Updated imports to use new standalone package * Migrated from SDK v2 .promise() pattern to SDK v3 Command pattern (client.send(command)) * Updated credential handling to use credential provider function for auto-refresh support * Replaced local type definitions with SDK-provided types (DatabaseConnectionConfiguration, ParentResource, Resource, etc.) * Removed dependency for SQLWorkbench on the deprecated generateServiceClient.ts script * Updated unit tests to mock SDK v3 send method instead of v2 .promise() pattern --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
…8490) ## Description This PR fixes a bug where space status was incorrectly displayed for spaces with mixed-case names. ## Problem The SageMaker ListApps API's SpaceNameEquals filter is case-sensitive, but space names in SMUS (SageMaker Unified Studio) can have mixed case. When a space name contained uppercase characters, the API would not find the matching app, causing incorrect status display in the UI. ## Solution Added listAppsForDomainMatchSpaceIgnoreCase method with an optimization: If the space name is all lowercase, uses the efficient listAppForSpace method with SpaceNameEquals filter (server-side filtering) Otherwise, fetches all apps via listAppsForDomain and performs case-insensitive client-side matching ## Changes * packages/core/src/shared/clients/sagemaker.ts: Added listAppsForDomainMatchSpaceIgnoreCase method * packages/core/src/awsService/sagemaker/sagemakerSpace.ts: Updated updateSpaceAppStatus() to use the new method ## Technical Notes: Why Batch Polling Optimization Was Not Implemented Goal: Since listAppsForDomainMatchSpaceIgnoreCase fetches all apps in a domain (for case-insensitive matching), ideally we could reuse this single API response to update multiple spaces in the same domain simultaneously, reducing redundant API calls during polling. Why It's Difficult: Per-Space Update Architecture: The current updateSpaceAppStatus() method is designed to update a single space. It's called individually for each space by the PollingSet timer. Shared Method for Different Use Cases: The same updateSpaceAppStatus() method serves two purposes: Initial status refresh: Triggered by user action (e.g., clicking "Connect"). Requires real-time data to correctly determine if the space should be added to the polling set. Periodic polling updates: Triggered by PollingSet timer. Could potentially use shared/batched data. Real-time Data Requirement: When a user triggers an action, the initial refresh must return real-time data. If the status is stale, the space might not be added to the polling set, causing the UI to not update properly after user actions. Refactoring Scope: To properly implement batch updates, we would need to separate the initial refresh logic from polling update logic, which is a significant architectural change beyond the scope of this bug fix. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
## Problem - When user connects to space, it creates a duplicate window for the same space ## Solution - Assign unique identifier to workspace. This will open same external window when connecting to same workspace. ## Notes - Test cases added in separate pr with unit tests - Retested locally for most recent changes with new vsix --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
# Summary This PR migrates the DataZone custom API client from the deprecated AWS SDK v2 generator pattern to standalone AWS SDK v3-compatible packages. This migration is required as part of the broader AWS Toolkit repository migration from SDK v2 to v3. The AWS Toolkit VSCode repository is deprecating the centralized generateServiceClient.ts script that generates TypeScript clients from service JSON definitions. The SageMaker Unified Studio (SMUS) team currently uses this v2 generator for DataZone Custom API. # Solution * Created standalone package @amzn/datazone-custom-client with SDK v3 patterns * Updated DataZoneCustomClientHelper to use SDK v3 client initialization and Command pattern * Migrated from client.methodName().promise() to client.send(new Command()) pattern * Updated credential provider to use SDK v3 async credential provider function * Updated imports to use new standalone package types and commands * Updated test files to mock SDK v3 send() method instead of v2 .promise() pattern * Removed dependency for DataZone Custom API on the deprecated generateServiceClient.ts script --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Laxman Reddy <141967714+laileni-aws@users.noreply.github.com> Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
This merges the released changes for rc-20260115 into main. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <>
## Problem - workspace connection is currently failing via presigned url due to change of attributes ## Solution - reverting change and using eks cluster attr for hostname ## Testing - updated unit tests - tested locally with new vsix --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
…#8514) ## Problem Console session credentials fail to work properly in two scenarios: 1. After token refresh or profile overwrite: Users encounter "Your session has expired" errors even after successfully running aws login, requiring manual VS Code restart without clear guidance (reported in #8488) 2. Immediate connection use after CLI login: When users try to use a connection immediately after aws login completes, the credential provider was created before the CLI wrote the new login session to disk, causing authentication failures ## Solution - Enhanced makeConsoleSessionCredentialsProvider() to detect stale credential scenarios and prompt for window reload <img width="1409" height="939" alt="final-2-after-succeeds" src="https://github.com/user-attachments/assets/2c0b77be-ea10-4a41-9642-29d637a03110" /> - Added user-friendly messages showing identity ARN after successful login <img width="1408" height="941" alt="final-1-before-retry" src="https://github.com/user-attachments/assets/841721be-525d-4853-8d7a-b49f7d97c272" /> - Improved inline documentation explaining AWS CLI vs SDK credential handling differences - Added handling for does not contain login_session error when provider is created too early - Removed try-catch wrapper when verifying that connection exists after CLI succeeds ## Tradeoffs Reloading the VS Code window is a heavier UX, but it is the only deterministic way to fully reinitialize credential providers and avoid using stale credentials. Reloading guarantees that all in0memory credential providers, Auth state, and AWS SDK clients are fully reinitialized. This avoids subtle, hard-to-debug states where credentials appear refreshed on disk but stale credentials are still used at runtime. The reload is user-initiated via confirmation, not automatic. For future direction, this needs a supported Auth/provider reset mechanism to refresh credentials without requiring a window reload. ## Testing 1. Run `npm run compile` to verify build. 2. Run `npm run package`. Manual verification of end-to-end flow - Verified token refresh flow prompts for reload and works after reload - Tested immediate connection use after aws login triggers appropriate reload prompt - Confirmed profile overwrite scenarios handle credential refresh correctly --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem - This setting is no longer used. <img width="1276" height="242" alt="image" src="https://github.com/user-attachments/assets/71c2a761-e849-4058-ac99-41329cd32c28" /> ## Solution - Removing /dev amazonq settings --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
This merges the released changes for rc-20260122 into main. MCM-XXX --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: aws-toolkit-automation <>
## Problem
After updating AWS CLI for console credentials, the success message
didn't show users which AWS CLI installation the Toolkit was actually
using. This made it unclear whether the update was successful or if
multiple CLI installations existed on the system.
This is particularly problematic for users who encountered repeated
update prompts during console credentials authentication, as they can't
verify if the correct CLI version is being used.
## Solution
- Added child process execution to run the OS-specific command (which on
Unix/macOS, where on Windows) after CLI update
- Retrieved the actual AWS CLI path that the Toolkit uses for console
credentials
- Updated the success message to display: 'AWS CLI updated successfully
to "{path}"'
This helps users immediately verify the CLI installation location and
confirms which CLI binary the Toolkit will use for console login.
### Notes
We make a display message clearer that this is about what the Toolkit
will be used going forward, not necessarily what the installer was just
installed. This helps distinguish between:
- What the installer just updated/installed
- What the Toolkit will actually use (which could be a different
installation if multiple exist)
<img width="1197" height="800" alt="cli-1-detect-need-to-update"
src="https://github.com/user-attachments/assets/f728cec2-7428-4b86-9b65-a06007a248da"
/>
<img width="1199" height="795" alt="cli-2-installer-proceeds"
src="https://github.com/user-attachments/assets/792438b6-9fae-49e7-bbd1-8c52d4a7f414"
/>
<img width="1197" height="799" alt="cli-3-show-path-in-message"
src="https://github.com/user-attachments/assets/3bf6957f-f13f-4c33-a5e3-c0515a0e173c"
/>
---
- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.
---------
Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
… adding region to profile (#8522) ## Problem - If a user picks a profile that does not have region entry from the config file, smus tries to update the profile with selected region. But smus is only looking for the profile in credentials file. ## Solution - Look for profile in both config and credentials files when adding region to profile - Use shared parsing method to handle profiles with `profile` prefix ## Test Updating profile with `profile` prefix in config file before ``` [profile configWithProfilePrefix] AWS_ACCESS_KEY_ID=xyz AWS_SECRET_ACCESS_KEY=xyz AWS_SESSION_TOKEN=xyz ``` after ``` [profile configWithProfilePrefix] AWS_ACCESS_KEY_ID=xyz AWS_SECRET_ACCESS_KEY=xyz AWS_SESSION_TOKEN=xyz region = ap-east-1 ``` --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: kzr-at-amazon <build@amazon.com> Co-authored-by: invictus <149003065+ashishrp-aws@users.noreply.github.com>
## Problem Toolkit is using an older Lambda SDK (3.731, latest 3.9xx) due to compatibility issues. This caused new fields introduced in LMI/DAR to be not available in local types and need to be manually bypassed. see: #8392, we need to update lambda SDK to latest version and resolve all the compatibility issues Below is the compatibility issue when trying to upgrade sdk lambda client ``` npm error src/shared/clients/lambdaClient.ts(327,9): error TS2741: Property 'config' is missing in type 'AwsClient' but required in type 'LambdaClient'. npm error src/shared/clients/lambdaClient.ts(328,13): error TS2419: Types of construct signatures are incompatible. npm error Type 'new (...[configuration]: [] | [LambdaClientConfig]) => LambdaClient' is not assignable to type 'new (o: AwsClientOptions) => AwsClient'. npm error Construct signature return types 'LambdaClient' and 'AwsClient' are incompatible. npm error The types of 'middlewareStack.add' are incompatible between these types. npm error Type '{ (middleware: InitializeMiddleware<ServiceInputTypes, ServiceOutputTypes>, options?: (InitializeHandlerOptions & AbsoluteLocation) | undefined): void; (middleware: SerializeMiddleware<...>, options: SerializeHandlerOptions & AbsoluteLocation): void; (middleware: BuildMiddleware<...>, options: BuildHandlerOptions & ...' is not assignable to type '{ (middleware: InitializeMiddleware<any, MetadataBearer>, options?: (InitializeHandlerOptions & AbsoluteLocation) | undefined): void; (middleware: SerializeMiddleware<...>, options: SerializeHandlerOptions & AbsoluteLocation): void; (middleware: BuildMiddleware<...>, options: BuildHandlerOptions & AbsoluteLocation):...'. npm error Types of parameters 'middleware' and 'middleware' are incompatible. npm error Types of parameters 'context' and 'context' are incompatible. npm error Type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/middleware").HandlerExecutionContext' is not assignable to type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/middleware").HandlerExecutionContext'. npm error Types of property '[SMITHY_CONTEXT_KEY]' are incompatible. npm error Type '{ [key: string]: unknown; service?: string | undefined; operation?: string | undefined; commandInstance?: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined; selectedHttpAuthScheme?:...' is not assignable to type '{ [key: string]: unknown; service?: string | undefined; operation?: string | undefined; commandInstance?: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined; selectedHttpAuthScheme?: import("/Users/ruojiazh/proj/aws-toolkit-vsc...'. npm error Type '{ [key: string]: unknown; service?: string | undefined; operation?: string | undefined; commandInstance?: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined; selectedHttpAuthScheme?:...' is not assignable to type '{ [key: string]: unknown; service?: string | undefined; operation?: string | undefined; commandInstance?: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined; selectedHttpAuthScheme?: import("/Users/ruojiazh/proj/aws-toolkit-vsc...'. npm error Types of property 'commandInstance' are incompatible. npm error Type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined' is not assignable to type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any> | undefined'. npm error Type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any>' is not assignable to type 'import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/command").Command<any, any, any, any, any>'. npm error The types of 'middlewareStack.add' are incompatible between these types. npm error Type '{ (middleware: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/types/dist-types/middleware").InitializeMiddleware<any, any>, options?: (import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@aws-sdk/middleware-host-header/node_modules/@smithy/t...' is not assignable to type '{ (middleware: import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/middleware").InitializeMiddleware<any, any>, options?: (import("/Users/ruojiazh/proj/aws-toolkit-vscode/node_modules/@smithy/types/dist-types/middleware").InitializeHandlerOptions & import("/Users/ruojiazh/proj/aws-t...'. npm error Types of parameters 'options' and 'options' are incompatible. npm error Type 'SerializeHandlerOptions & AbsoluteLocation' is not assignable to type '(InitializeHandlerOptions & AbsoluteLocation) | undefined'. npm error Type 'SerializeHandlerOptions & AbsoluteLocation' is not assignable to type 'InitializeHandlerOptions & AbsoluteLocation'. npm error Type 'SerializeHandlerOptions & AbsoluteLocation' is not assignable to type 'InitializeHandlerOptions'. npm error Types of property 'step' are incompatible. npm error Type '"serialize"' is not assignable to type '"initialize"'. ``` ## Reason for Compatibility Error Upgrading @aws-sdk/client-lambda to version 3.953.0+ (which uses Smithy v4) causes TypeScript compilation errors due to module path conflicts. The toolkit's awsClientBuilderV3 uses Smithy v3 types, while the new Lambda client uses Smithy v4 types. Even though the types are structurally identical, TypeScript treats them as incompatible because they're imported from different module paths. ## Solution Added type assertions (as any and as LambdaSdkClient) in lambdaClient.ts to bypass TypeScript's type checking when creating the Lambda client. This allows the new SDK version to work while maintaining runtime compatibility. No new tests are required for the lambdaClient.ts changes because there is no behavior change - The type assertions don't change runtime behavior, only bypass compile-time type checking. The Lambda client functions identically before and after. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Chengjun Li <>
…8537) ## Problem - Users without pre-configured credentials encounter authentication errors when opening Lambda functions from console - Credential mismatches between console account and local profile cause errors even when function is accessible in console: - `ResourceNotFoundException` when function exists in console account but not in local profile account - `AccessDeniedException` when local credentials lack `lambda:GetFunction` permission but console credentials have access ## Solution - Add `setupConsoleConnection()` to encapsulate browser-based AWS CLI `aws login` authentication and use the new connection - Add `getFunctionWithFallback()` to retrieve Lambda configuration with automatic console login fallback - Integrate fallback into `openLambdaFolderForEdit()` to handle missing credentials and credential mismatches - Improve error handling to distinguish credential mismatches and resource access issues - Handle `ResourceNotFoundException` by showing account-specific error message before fallback - Handle `AccessDeniedException` by showing permission error message before fallback ### Screenshots #### Show warning message when Lambda GetFunction API returns ResourceNotFoundException, then automatically proceed with console login flow <img width="461" height="90" alt="Screenshot 2026-01-29 at 12 29 00 AM" src="https://github.com/user-attachments/assets/1c1c700f-5585-4684-bcae-9daa43add315" /> #### Show warning message when Lambda GetFunction API returns AccessDeniedException, then automatically proceed with console login flow <img width="463" height="91" alt="Screenshot 2026-01-29 at 12 28 07 AM" src="https://github.com/user-attachments/assets/dce48127-1cca-406e-b966-ebc615ef5fa6" /> ## Background The Lambda `load-function` URI handler enables a seamless workflow where users can click "Open in Visual Studio Code" from the AWS Lambda console to view, edit, and deploy their Lambda functions directly in their preferred IDE. This feature downloads the function code locally, opens it in VS Code, and allows users to make changes and deploy updates back to AWS—all without leaving their development environment. ## Testing - [X] Tested with no local credentials configured - [X] Tested credential mismatch scenarios: - ResourceNotFoundException (function in console account but not local profile account) - AccessDeniedException (local credentials lack permission, console credentials have access) - [X] Tested user cancellation flow - [X] Test with SSO connection active --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
## Problem - `Amazon Q: Fix all Errors` feature does not work on warning issues. ## Solution - If user click on `Amazon Q: Fix all Issue` feature from warning issue, Q should fix both errors and warnings. - If user click on `Amazon Q: Fix all Issue` feature from error issue, Q should fix only errors. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
This merges the released changes for rc-20260129 into main. MCM-143408862 --------- Co-authored-by: aws-toolkit-automation <>
…8520) Add support for multi-tenant Lambda functions by introducing a Tenant ID input field in the Local Invoke configuration panel. The field appears conditionally when the SAM template contains TenancyConfig (either at function-level or in Globals section). The tenant ID value is saved in launch.json and passed to SAM CLI when invoking Lambda functions locally. <img width="619" height="862" alt="Screenshot 2026-01-29 at 10 16 29 AM" src="https://github.com/user-attachments/assets/985e01ce-cbcd-4204-a1ce-37ea9c1fca70" /> --------- Co-authored-by: Chengjun Li <>
## Problem Need to add support for AWS SigV4 for the WebSocket URL used to open a remote connection. These parameters, including the cell-number, can contain special characters and must be properly handled. ## Solution Encode all URI query parameters and extract and append AWS signature parameters to the WebSocket URL. --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Automatic merge failed
Command line hint
To perform the merge from the command line, you could do something like the following (where "origin" is the name of the remote in your local git repo):