localstack
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎localstack/services/apigateway/models.py‎
Lines changed: 1 addition & 1 deletion b/‎localstack/services/apigateway/models.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎localstack/services/cloudformation/engine/entities.py‎
Lines changed: 1 addition & 1 deletion b/‎localstack/services/cloudformation/engine/entities.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎localstack/services/cloudformation/models/ecr.py‎
Lines changed: 3 additions & 3 deletions b/‎localstack/services/cloudformation/models/ecr.py‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎localstack/services/cloudformation/models/es.py‎
Lines changed: 1 addition & 1 deletion b/‎localstack/services/cloudformation/models/es.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎localstack/services/cloudformation/models/iam.py‎
Lines changed: 4 additions & 2 deletions b/‎localstack/services/cloudformation/models/iam.py‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎localstack/services/cloudformation/models/opensearch.py‎
Lines changed: 1 addition & 1 deletion b/‎localstack/services/cloudformation/models/opensearch.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎localstack/services/ecr/resource_providers/aws_ecr_repository.py‎
Lines changed: 1 addition & 1 deletion b/‎localstack/services/ecr/resource_providers/aws_ecr_repository.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎localstack/services/kinesis/provider.py‎
Lines changed: 2 additions & 0 deletions b/‎localstack/services/kinesis/provider.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎localstack/services/logs/provider.py‎
Lines changed: 52 additions & 19 deletions b/‎localstack/services/logs/provider.py‎
Lines changed: 52 additions & 19 deletions
@@ -1,5 +1,5 @@
 # java-builder: Stage to build a custom JRE (with jlink)
-FROM eclipse-temurin:11@sha256:1f62aaa9b6947e96189b4dbd14a7fc2a768914df3aefc9b0a1f7ec8a4dce8d6b as java-builder
+FROM eclipse-temurin:11@sha256:17571c4ae2936842c2b6547a382dd0fad3a4601294240a871a0282657f3e89db as java-builder
 
 # create a custom, minimized JRE via jlink
 RUN jlink --add-modules \
 
@@ -83,7 +83,7 @@ def __init__(self):
 
         self.account.update(
             {
-                "cloudwatchRoleArn": arns.role_arn(
+                "cloudwatchRoleArn": arns.iam_role_arn(
                     "api-gw-cw-role", DEFAULT_AWS_ACCOUNT_ID
                 ),  # FIXME: account ID must be of the current store
                 "throttleSettings": {"burstLimit": 1000, "rateLimit": 500},
 
@@ -339,7 +339,7 @@ def __init__(self, account_id: str, region_name: str, stack: Stack, params=None,
 
         name = self.metadata["ChangeSetName"]
         if not self.metadata.get("ChangeSetId"):
-            self.metadata["ChangeSetId"] = arns.cf_change_set_arn(
+            self.metadata["ChangeSetId"] = arns.cloudformation_change_set_arn(
                 name, change_set_id=short_uid(), account_id=account_id, region_name=region_name
             )
 
 
@@ -25,7 +25,7 @@ def fetch_state(self, stack_name, resources):
         repo_name = default_repos_per_stack.get(stack_name)
         if repo_name:
             return {
-                "repositoryArn": arns.get_ecr_repository_arn(
+                "repositoryArn": arns.ecr_repository_arn(
                     repo_name, self.account_id, self.region_name
                 ),
                 "registryId": self.account_id,
@@ -70,12 +70,12 @@ def _handle_result(
             resource: dict,
         ):
             repo_name = resource["Properties"]["RepositoryName"]
-            resource["PhysicalResourceId"] = arns.get_ecr_repository_arn(
+            resource["PhysicalResourceId"] = arns.ecr_repository_arn(
                 repo_name, account_id, region_name
             )
 
             # add in some properties required for GetAtt and Ref
-            resource["Properties"]["Arn"] = arns.get_ecr_repository_arn(
+            resource["Properties"]["Arn"] = arns.ecr_repository_arn(
                 repo_name, account_id, region_name
             )
             resource["Properties"]["RepositoryUri"] = "http://localhost:4566"
 
@@ -16,7 +16,7 @@ def es_add_tags_params(
     resource: dict,
     stack_name: str,
 ):
-    es_arn = arns.es_domain_arn(properties.get("DomainName"), account_id, region_name)
+    es_arn = arns.elasticsearch_domain_arn(properties.get("DomainName"), account_id, region_name)
     tags = properties.get("Tags", [])
     return {"ARN": es_arn, "TagList": tags}
 
 
@@ -574,7 +574,9 @@ def _delete_params(
             resource: dict,
             stack_name: str,
         ) -> dict:
-            return {"PolicyArn": arns.policy_arn(properties["PolicyName"], account_id=account_id)}
+            return {
+                "PolicyArn": arns.iam_policy_arn(properties["PolicyName"], account_id=account_id)
+            }
 
         return {
             "create": {
@@ -601,7 +603,7 @@ def _filter(pols):
         groups = props.get("Groups", [])
         if managed_policy:
             result["policy"] = iam.get_policy(
-                PolicyArn=arns.policy_arn(policy_name, account_id=account_id)
+                PolicyArn=arns.iam_policy_arn(policy_name, account_id=account_id)
             )
         for role in roles:
             policies = (
 
@@ -24,7 +24,7 @@ def opensearch_add_tags_params(
     resource: dict,
     stack_name: str,
 ):
-    es_arn = arns.es_domain_arn(properties.get("DomainName"), account_id, region_name)
+    es_arn = arns.elasticsearch_domain_arn(properties.get("DomainName"), account_id, region_name)
     tags = properties.get("Tags", [])
     return {"ARN": es_arn, "TagList": tags}
 
 
@@ -97,7 +97,7 @@ def create(
         )
         model.update(
             {
-                "Arn": arns.get_ecr_repository_arn(
+                "Arn": arns.ecr_repository_arn(
                     model["RepositoryName"], DEFAULT_AWS_ACCOUNT_ID, AWS_REGION_US_EAST_1
                 ),
                 "RepositoryUri": "http://localhost:4566",
 
@@ -151,6 +151,7 @@ def put_record(
         sequence_number_for_ordering: SequenceNumber = None,
         stream_arn: StreamARN = None,
     ) -> PutRecordOutput:
+        # TODO: Ensure use of `stream_arn` works. Currently kinesis-mock only works with ctx request account ID and region
         if random() < config.KINESIS_ERROR_PROBABILITY:
             raise ProvisionedThroughputExceededException(
                 "Rate exceeded for shard X in stream Y under account Z."
@@ -166,6 +167,7 @@ def put_records(
         stream_name: StreamName = None,
         stream_arn: StreamARN = None,
     ) -> PutRecordsOutput:
+        # TODO: Ensure use of `stream_arn` works. Currently kinesis-mock only works with ctx request account ID and region
         if random() < config.KINESIS_ERROR_PROBABILITY:
             records_count = len(records) if records is not None else 0
             records = [
 
@@ -11,7 +11,6 @@
 from moto.logs.models import LogGroup as MotoLogGroup
 from moto.logs.models import LogStream as MotoLogStream
 
-from localstack.aws.accounts import get_aws_account_id
 from localstack.aws.api import CommonServiceException, RequestContext, handler
 from localstack.aws.api.logs import (
     AmazonResourceName,
@@ -40,7 +39,7 @@
 from localstack.services.moto import call_moto
 from localstack.services.plugins import ServiceLifecycleHook
 from localstack.utils.aws import arns
-from localstack.utils.aws.arns import extract_region_from_arn
+from localstack.utils.aws.client_types import ServicePrincipal
 from localstack.utils.bootstrap import is_api_enabled
 from localstack.utils.common import is_number
 from localstack.utils.patch import patch
@@ -247,46 +246,61 @@ def moto_put_subscription_filter(fn, self, *args, **kwargs):
     role_arn = args[4]
 
     log_group = self.groups.get(log_group_name)
+    log_group_arn = arns.log_group_arn(log_group_name, self.account_id, self.region_name)
 
     if not log_group:
         raise ResourceNotFoundException("The specified log group does not exist.")
 
+    arn_data = arns.parse_arn(destination_arn)
+
+    if role_arn:
+        factory = connect_to.with_assumed_role(
+            role_arn=role_arn, service_principal=ServicePrincipal.logs
+        )
+    else:
+        factory = connect_to(aws_access_key_id=arn_data["account"], region_name=arn_data["region"])
+
     if ":lambda:" in destination_arn:
-        client = connect_to(region_name=extract_region_from_arn(destination_arn)).lambda_
-        lambda_name = arns.lambda_function_name(destination_arn)
+        client = factory.lambda_.request_metadata(
+            source_arn=log_group_arn, service_principal=ServicePrincipal.logs
+        )
         try:
-            client.get_function(FunctionName=lambda_name)
+            client.get_function(FunctionName=destination_arn)
         except Exception:
             raise InvalidParameterException(
                 "destinationArn for vendor lambda cannot be used with roleArn"
             )
 
     elif ":kinesis:" in destination_arn:
-        client = connect_to().kinesis
+        client = factory.kinesis.request_metadata(
+            source_arn=log_group_arn, service_principal=ServicePrincipal.logs
+        )
         stream_name = arns.kinesis_stream_name(destination_arn)
         try:
+            # Kinesis-Local DescribeStream does not support StreamArn param, so use StreamName instead
             client.describe_stream(StreamName=stream_name)
         except Exception:
             raise InvalidParameterException(
-                "Could not deliver test message to specified Kinesis stream. "
-                "Check if the given kinesis stream is in ACTIVE state. "
+                "Could not deliver message to specified Kinesis stream. "
+                "Ensure that the Kinesis stream exists and is ACTIVE."
             )
 
     elif ":firehose:" in destination_arn:
-        client = connect_to().firehose
+        client = factory.firehose.request_metadata(
+            source_arn=log_group_arn, service_principal=ServicePrincipal.logs
+        )
         firehose_name = arns.firehose_name(destination_arn)
         try:
             client.describe_delivery_stream(DeliveryStreamName=firehose_name)
         except Exception:
             raise InvalidParameterException(
-                "Could not deliver test message to specified Firehose stream. "
-                "Check if the given Firehose stream is in ACTIVE state."
+                "Could not deliver message to specified Firehose stream. "
+                "Ensure that the Firehose stream exists and is ACTIVE."
             )
 
     else:
-        service = arns.extract_service_from_arn(destination_arn)
         raise InvalidParameterException(
-            f"PutSubscriptionFilter operation cannot work with destinationArn for vendor {service}"
+            f"PutSubscriptionFilter operation cannot work with destinationArn for vendor {arn_data['service']}"
         )
 
     if filter_pattern:
@@ -329,7 +343,7 @@ def moto_put_log_events(self: "MotoLogStream", log_events):
 
             data = {
                 "messageType": "DATA_MESSAGE",
-                "owner": get_aws_account_id(),
+                "owner": self.account_id,  # AWS Account ID of the originating log data
                 "logGroup": self.log_group.name,
                 "logStream": self.log_stream_name,
                 "subscriptionFilters": [subscription_filter.name],
@@ -342,20 +356,39 @@ def moto_put_log_events(self: "MotoLogStream", log_events):
             payload_gz_encoded = output.getvalue()
             event = {"awslogs": {"data": base64.b64encode(output.getvalue()).decode("utf-8")}}
 
+            log_group_arn = arns.log_group_arn(self.log_group.name, self.account_id, self.region)
+            arn_data = arns.parse_arn(destination_arn)
+
+            if subscription_filter.role_arn:
+                factory = connect_to.with_assumed_role(
+                    role_arn=subscription_filter.role_arn, service_principal=ServicePrincipal.logs
+                )
+            else:
+                factory = connect_to(
+                    aws_access_key_id=arn_data["account"], region_name=arn_data["region"]
+                )
+
             if ":lambda:" in destination_arn:
-                client = connect_to(region_name=extract_region_from_arn(destination_arn)).lambda_
-                lambda_name = arns.lambda_function_name(destination_arn)
-                client.invoke(FunctionName=lambda_name, Payload=json.dumps(event))
+                client = factory.lambda_.request_metadata(
+                    source_arn=log_group_arn, service_principal=ServicePrincipal.logs
+                )
+                client.invoke(FunctionName=destination_arn, Payload=json.dumps(event))
+
             if ":kinesis:" in destination_arn:
-                client = connect_to().kinesis
+                client = factory.kinesis.request_metadata(
+                    source_arn=log_group_arn, service_principal=ServicePrincipal.logs
+                )
                 stream_name = arns.kinesis_stream_name(destination_arn)
                 client.put_record(
                     StreamName=stream_name,
                     Data=payload_gz_encoded,
                     PartitionKey=self.log_group.name,
                 )
+
             if ":firehose:" in destination_arn:
-                client = connect_to().firehose
+                client = factory.firehose.request_metadata(
+                    source_arn=log_group_arn, service_principal=ServicePrincipal.logs
+                )
                 firehose_name = arns.firehose_name(destination_arn)
                 client.put_record(
                     DeliveryStreamName=firehose_name,
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ def __init__(self):`
`83`	`83`
`84`	`84`	`self.account.update(`
`85`	`85`	`{`
`86`		`- "cloudwatchRoleArn": arns.role_arn(`
	`86`	`+ "cloudwatchRoleArn": arns.iam_role_arn(`
`87`	`87`	`"api-gw-cw-role", DEFAULT_AWS_ACCOUNT_ID`
`88`	`88`	`), # FIXME: account ID must be of the current store`
`89`	`89`	`"throttleSettings": {"burstLimit": 1000, "rateLimit": 500},`
Original file line number	Diff line number	Diff line change
`@@ -339,7 +339,7 @@ def __init__(self, account_id: str, region_name: str, stack: Stack, params=None,`
`339`	`339`
`340`	`340`	`name = self.metadata["ChangeSetName"]`
`341`	`341`	`if not self.metadata.get("ChangeSetId"):`
`342`		`- self.metadata["ChangeSetId"] = arns.cf_change_set_arn(`
	`342`	`+ self.metadata["ChangeSetId"] = arns.cloudformation_change_set_arn(`
`343`	`343`	`name, change_set_id=short_uid(), account_id=account_id, region_name=region_name`
`344`	`344`	`)`
`345`	`345`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ def create(`
`97`	`97`	`)`
`98`	`98`	`model.update(`
`99`	`99`	`{`
`100`		`- "Arn": arns.get_ecr_repository_arn(`
	`100`	`+ "Arn": arns.ecr_repository_arn(`
`101`	`101`	`model["RepositoryName"], DEFAULT_AWS_ACCOUNT_ID, AWS_REGION_US_EAST_1`
`102`	`102`	`),`
`103`	`103`	`"RepositoryUri": "http://localhost:4566",`