Fix SQS Event Source LocalStack Integration

[Blind-Striker]

What does this PR do?

This PR fixes the critical issue where AWS Lambda functions with SQS Event Sources fail to connect to LocalStack, throwing "Invalid URI" errors. The fix automatically injects the AWS_ENDPOINT_URL environment variable into SQS Event Source resources, enabling the AWS Lambda Tools to properly connect to LocalStack's SQS service.

Additionally, this PR includes a complete testing playground with an analytics-driven architecture to validate the fix in a real-world scenario.

Related Issue(s):

• Fixes Invalid URL error when Lambda with SQS event source uses LocalStack endpoint in .NET Aspire #6 - Invalid URL error when Lambda with SQS event source uses LocalStack endpoint

🔄 Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📚 Documentation update
• 🧹 Code cleanup/refactoring
• ⚡ Performance improvement
• 🧪 Test improvements

🎯 Aspire Compatibility

• Compatible with .NET Aspire 9.x (tested with 9.5.0)
• Supports both .NET 8.0 and .NET 9.0
• Follows Aspire.Hosting.AWS patterns
• Works with existing AWS integrations

🧪 Testing

How has this been tested?

• Unit tests added/updated
  • Added ConfigureSqsEventSourceResource tests
  • Updated mock tests to work with WithEnvironment() pattern
  • 208 unit tests passing
• Integration tests added/updated
  • Complete analytics playground with 3 Lambda functions
  • SQS Event Source triggering Analyzer Lambda
  • End-to-end event flow testing
• Manual testing with playground examples
  • URL creation triggers analytics events
  • URL redirect triggers analytics events
  • Analyzer Lambda processes events from SQS
• Tested with LocalStack container
• Tested across multiple .NET versions
• Tested auto-configure (UseLocalStack())
• Tested manual configuration (WithReference()) - Not applicable for this fix

Test Environment:

• LocalStack Version: 4.x
• .NET Aspire Version: 9.5.0
• .NET Versions Tested: 8.0, 9.0
• Operating Systems: Windows

📚 Documentation

• Code is self-documenting with clear naming
• XML documentation comments added/updated
• README.md updated (if needed)
  • Updated playground/lambda/README.md with analytics architecture
  • Updated playground/README.md with SQS mention
• Playground examples updated (if needed)
  • Added LocalStack.Lambda.Analyzer project
  • Enhanced UrlShortener and Redirector with analytics
• Breaking changes documented - N/A (no breaking changes)

✅ Code Quality Checklist

• Code follows project coding standards
• No new analyzer warnings introduced
• All tests pass locally (208 tests passing)
• No merge conflicts
• Branch is up to date with target branch
• Commit messages follow Conventional Commits

🔍 Additional Notes

Breaking Changes:
None. This is a backward-compatible fix that enhances existing functionality.

Performance Impact:
Minimal. The fix only adds environment variable injection during resource configuration (one-time setup cost). No runtime performance impact.

Dependencies:

• Updated to .NET Aspire 9.5.0
• Added AWSSDK.SQS to Redirector and UrlShortener Lambda projects (for analytics testing)

🎯 Reviewer Focus Areas

Please pay special attention to:

• Security implications
  • Environment variable injection is safe and scoped to SQS Event Source resources only
  • No credentials or sensitive data exposed
• Performance impact
  • Configuration-time only, no runtime overhead
• Breaking changes
  • None
• Test coverage
  • Comprehensive unit tests for the fix
  • Real-world integration testing via analytics playground
• Documentation completeness
  • Architecture diagrams updated
  • CLI testing examples added
  • Request flow documented
• Aspire integration patterns
  • Follows WithEnvironment() extension pattern
  • Consistent with Aspire resource configuration
• LocalStack compatibility
  • Tested with LocalStack 3.x
  • Works with SQS, DynamoDB, S3, Lambda emulators

🏗️ Architecture Overview

The Problem

When using WithSQSEventSource() with LocalStack, the AWS Lambda Tools process tries to parse the LocalStack URL (http://localhost.localstack.cloud:4566) as an AWS region, causing an "Invalid URI" error.

The Solution

Automatically inject AWS_ENDPOINT_URL environment variable into SQS Event Source resources, instructing Lambda Tools to use the LocalStack endpoint instead of AWS.

Implementation Details

1. Detection (LocalStackResourceConfigurator.cs)

private const string SQSEventSourceResource = "Aspire.Hosting.AWS.SQS.SQSEventSourceResource";

// Detect SQS Event Source resources
if (string.Equals(resource.Resource.GetType().FullName,
    Constants.SQSEventSourceResource,
    StringComparison.Ordinal))
{
    ConfigureSqsEventSourceResource(resource, localStackUrl);
}

2. Configuration (Simplified Approach)

internal static void ConfigureSqsEventSourceResource(
    IResourceBuilder<ExecutableResource> builder,
    Uri localStackUrl)
{
    builder.WithEnvironment(context =>
    {
        context.EnvironmentVariables["AWS_ENDPOINT_URL"] = localStackUrl.ToString();
    });
}

3. Validation (ConstantsTests.cs)

• Added AWS assembly validation to detect breaking changes
• Ensures SQSEventSourceResource type exists in Aspire.Hosting.AWS

Analytics Testing Playground

New Resources:

• Analyzer Lambda: Processes SQS events and writes to DynamoDB
• Analytics Queue: SQS queue receiving events from UrlShortener/Redirector
• Analytics Table: DynamoDB table storing analytics data

Event Flow:

POST /shorten → UrlShortener → url_created event → SQS → Analyzer → DynamoDB
GET /{slug}   → Redirector   → url_accessed event → SQS → Analyzer → DynamoDB

📸 Screenshots/Examples

Using the Analytics Flow

# 1. Create a short URL
curl -d '{"url":"https://aws.amazon.com","format":"qr"}' \
     -H "Content-Type: application/json" \
     -X POST {GATEWAY_BASE_URL}/shorten
# Response: { "id":"abc123", "qrUrl":"..." }

# 2. Access the short URL (triggers redirect + analytics)
curl -I {GATEWAY_BASE_URL}/abc123
# Response: 302 Found → https://aws.amazon.com

# 3. Check analytics in DynamoDB
aws dynamodb scan \
    --table-name UrlAnalytics \
    --endpoint-url <localstack_address> \
    --region eu-central-1
# Shows both url_created and url_accessed events

Code Example in AppHost

var builder = DistributedApplication.CreateBuilder(args);

// LocalStack with auto-configuration
var localstack = builder.AddLocalStack("localstack");

// CDK Stack with SQS Queue
var urlShortenerStack = builder.AddAWSCDKStack("UrlShortenerStack")
    .WithReference(localstack);

// Lambda with SQS Event Source (now works with LocalStack!)
var analyzer = builder.AddAWSLambdaFunction("analyzer")
    .WithReference(localstack)
    .WithSQSEventSource(urlShortenerStack.GetOutput("AnalyticsQueueUrl"));

builder.Build().Run();

🎯 Validation Criteria

• Fix resolves the original issue (Invalid URL error when Lambda with SQS event source uses LocalStack endpoint in .NET Aspire #6)
• All existing tests pass
• New tests validate the fix
• Real-world playground demonstrates functionality
• Documentation reflects the changes
• No breaking changes introduced
• Follows Aspire integration patterns
• Compatible with LocalStack 4.x

---

By submitting this pull request, I confirm that:

• I have read and agree to the project's Code of Conduct
• I understand that this contribution may be subject to the .NET Foundation CLA
• My contribution is licensed under the same terms as the project (MIT License)

---

Note

Detects SQS Event Source resources and injects AWS_ENDPOINT_URL for LocalStack, adds an end-to-end analytics playground (SQS+DynamoDB) and updates versions/CI to Aspire 9.5 with SemVer2 artifacts.

• Core (Aspire.Hosting.LocalStack)
  • Detects SQSEventSourceResource and injects AWS_ENDPOINT_URL to route SDK calls to LocalStack.
  • Extends UseLocalStack/connection callback to handle ExecutableResource SQS event sources; adds Constants.SQSEventSourceResource.
  • Bumps package version to 9.5.0.
• Playground (Lambda analytics)
  • Adds LocalStack.Lambda.Analyzer (SQS-triggered) and wires SQS event source in AppHost.
  • Extends CDK stack with AnalyticsQueue (SQS) and UrlAnalytics (DynamoDB) outputs.
  • Updates UrlShortener/Redirector to emit analytics to SQS; analyzer persists to DynamoDB.
  • Solution updates and README docs reflecting new analytics flow and CLI.
• CI/CD
  • Switches package versioning to NuGet SemVer 2 pre-release format and standardizes artifact suffixes/names in summaries.
• Dependencies
  • Upgrades to Aspire 9.5.0 and refreshes AWS/OpenTelemetry/SkiaSharp/xUnit analyzer versions.
• Tests
  • Adds unit tests for SQS event source detection/configuration and AWS type presence; includes test package refs.
• Misc
  • Timestamp format in provisioning handler changed to ISO-8601.

^{Written by Cursor Bugbot for commit 4915669. This will update automatically on new commits. Configure here.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
nuget/AWSSDK.Core	>= 0	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 6 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
nuget/AWSSDK.DynamoDBv2	>= 0	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 6 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
nuget/Amazon.Lambda.Core	>= 0	🟢 6.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 18/22 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts ⚠️ 0 binaries present in source code SAST 🟢 10 SAST tool is run on all commits Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1
nuget/Amazon.Lambda.SQSEvents	>= 0	🟢 6.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 18/22 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts ⚠️ 0 binaries present in source code SAST 🟢 10 SAST tool is run on all commits Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1
nuget/Amazon.Lambda.Serialization.SystemTextJson	>= 0	🟢 6.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 18/22 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts ⚠️ 0 binaries present in source code SAST 🟢 10 SAST tool is run on all commits Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1
nuget/LocalStack.Client	>= 0	Unknown	Unknown
nuget/LocalStack.Client.Extensions	>= 0	Unknown	Unknown
nuget/AWSSDK.SQS	>= 0	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 6 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
nuget/AWSSDK.SQS	>= 0	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 6 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Files

• playground/lambda/LocalStack.Lambda.Analyzer/LocalStack.Lambda.Analyzer.csproj
• playground/lambda/LocalStack.Lambda.Redirector/LocalStack.Lambda.Redirector.csproj
• playground/lambda/LocalStack.Lambda.UrlShortener/LocalStack.Lambda.UrlShortener.csproj

[Copilot]

Pull Request Overview

This PR fixes a critical issue where AWS Lambda functions with SQS Event Sources fail to connect to LocalStack due to "Invalid URI" errors. The fix automatically injects the AWS_ENDPOINT_URL environment variable into SQS Event Source resources. Additionally, it includes a comprehensive analytics testing playground with event-driven architecture to validate the fix.

• Fixes SQS Event Source LocalStack integration by adding environment variable injection
• Updates test coverage with new unit tests for the SQS configuration logic
• Adds complete analytics playground with 3 Lambda functions demonstrating real-world SQS Event Source usage

Reviewed Changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/Aspire.Hosting.LocalStack/Internal/Constants.cs	Adds constant for SQS Event Source resource type name
src/Aspire.Hosting.LocalStack/Internal/LocalStackResourceConfigurator.cs	Implements SQS Event Source configuration method
src/Aspire.Hosting.LocalStack/Internal/LocalStackConnectionStringAvailableCallback.cs	Adds SQS Event Source detection and configuration logic
src/Aspire.Hosting.LocalStack/LocalStackResourceBuilderExtensions.cs	Adds SQS Event Source resource detection in UseLocalStack method
tests/Aspire.Hosting.LocalStack.Unit.Tests/Internal/LocalStackResourceConfiguratorTests.cs	Comprehensive unit tests for SQS Event Source configuration
tests/Aspire.Hosting.LocalStack.Unit.Tests/Internal/ConstantsTests.cs	Validation tests for AWS assembly type existence
playground/lambda/*	Complete analytics playground demonstrating SQS Event Source functionality

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 41 out of 41 changed files in this pull request and generated 4 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The test setup pattern for mocking WithAnnotation is duplicated across multiple test methods. Consider extracting this common setup into a helper method to reduce code duplication and improve maintainability.

[Copilot]

The assembly loading in the constructor could fail with FileNotFoundException if the AWS assembly is not available, causing all tests in this class to fail during construction. Consider wrapping this in a try-catch block or moving it to a static constructor with proper error handling.

Suggested change

	var awsAssembly = Assembly.Load("Aspire.Hosting.AWS");
	_ = awsAssembly; // Suppress unused warning
	try
	{
	var awsAssembly = Assembly.Load("Aspire.Hosting.AWS");
	_ = awsAssembly; // Suppress unused warning
	}
	catch (System.IO.FileNotFoundException)
	{
	// AWS assembly not found. Tests that require it may fail or should handle this case.
	}
	catch (System.IO.FileLoadException)
	{
	// AWS assembly could not be loaded. Tests that require it may fail or should handle this case.
	}
	catch (BadImageFormatException)
	{
	// AWS assembly is not a valid assembly. Tests that require it may fail or should handle this case.
	}

[Copilot]

Logging the exception message directly could potentially expose sensitive information. Consider logging a sanitized message or using structured logging with appropriate filtering for production environments.

Suggested change

	lambdaContext.Logger.LogWarning($"Failed to send analytics event: {ex.Message}");
	lambdaContext.Logger.LogWarning("Failed to send analytics event.");

[Copilot]

Same security concern as in UrlShortener - logging exception messages directly could expose sensitive information. Consider using structured logging or sanitizing the message.

Suggested change

	lambdaContext.Logger.LogWarning($"Failed to send analytics event: {ex.Message}");
	lambdaContext.Logger.LogWarning($"Failed to send analytics event for slug '{slug}'. Exception type: {ex.GetType().Name}");