Moto

-----
Docker Digest for 5.0.13: _sha256:de97faba597d8f1bfb4dab1c7d562e1997ac5e0ba1186c4392430650b0f6bd4e_

General:
* Support for Python 3.13
* Moto now supports whitelisting which services can be used

New Services:
* AppMesh:
* create_mesh()
* delete_mesh()
* describe_mesh()
* list_meshes()
* list_tags_for_resource()
* tag_resource()
* update_mesh()

* Transfer:
* create_server()
* create_user()
* delete_server()
* delete_ssh_public_key()
* delete_user()
* describe_server()
* describe_user()
* import_ssh_public_key()

New Methods:
* Athena:
* delete_work_group()

* CodeBuild:
* batch_get_projects()

* DynamoDB:
* delete_resource_policy()
* get_resource_policy()
* put_resource_policy()

* EMR:
* get_block_public_access_configuration()
* put_block_public_access_configuration()

* QLDB:
* create_ledger()
* delete_ledger()
* describe_ledger()
* list_tags_for_resource()
* tag_resource()
* update_ledger()

* SageMaker:
* create_data_quality_job_definition()
* create_model_bias_job_definition()
* create_model_card()
* delete_data_quality_job_definition()
* delete_model_bias_job_definition()
* delete_model_card()
* describe_data_quality_job_definition()
* describe_model_bias_job_definition()
* describe_model_card()
* list_data_quality_job_definitions()
* list_model_bias_job_definitions()
* list_model_cards()
* list_model_card_versions()

Miscellaneous:
* ACM-PCA: create_certificate_authority() now uses the provided Subject
* Athena: The default work group now has the correct configuration
* ApplicationAutoscaling - put_scheduled_action() now allows multiple actions per Namespace/Dimension/Id
* Autoscaling: update_group() now validates that the Group exists
* Batch: now supports parameters in Job commands
* CloudFormation: create_change_set() now validates the provided ChangeSetName
* CloudFormation: describe_stacks() now returns export names in the Outputs
* CloudFormation: AWS::Events::Rule's now also creates/deletes Targets
* CloudWatch: get_metric_data() now returns everything when querying for Metric Insights Queries
* CodeBuild: create_project() now supports the parameter description, tags, cache, timeoutInMinutes, queuedTimeoutInMinutes, sourceVersion, logsConfig and vpcConfig
* CognitoIDP: sign_up() now returns CodeDeliveryDetails
* DynamoDB: export_table_to_point_in_time() now exports data in correct format
* DynamoDB: update_item() now validates an empty ExpressionAttributeValues and UpdateExpression
* DynamoDB: All applicable methods that accept a TableName-parameter now also accept the ARN of the table
* EC2: describe_security_group_rules() now correctly exposes rules with duplicate port/protocol values
* EC2: Terminating an instance now also terminates any NIC's
* EventBridge: create_connection() now creates a KMS Secret
* EventBridge: Messages are now formatted using the InputTemplate, if provided
* KMS: describe_key() now exposes the MultiRegionConfiguration-attribute
* Organizations: create_account() now comes preconfigured with an IAM role
* RDS: update_db_instance() now supports the CloudwatchLogsExportConfiguration-parameter
* ResourceGroupsTagging API now supports additional SageMaker resources
(CompilationJobs, Domains, ModelExplainabilityJobDefinition, ModelQualityJobDefinition, HyperParameterTuningJob)
* S3: copy_object() now respects the CopySourceIfNoneMatch-parameter
* SageMaker: search() now supports ModelPackageGroups
* StepFunctions now has improved JSONPath support
* StepFunctions now supports MaxItem/MaxItemPath/MaxConcurrencyPath
* StepFunctions now supports MaxAttempts with value 0

-----
Docker Digest for 5.0.12: _sha256:e1bde8f908f2fdf0878c8e4398561badd016b51b4d9fd8dcb9f4daef936a4427_

General:
* The MotoProxy can now be run on Windows

New Services:
* DirectConnect:
* create_connection()
* delete_connection()
* describe_connections()
* update_connection()

* DynamoDB:
* describe_export()
* export_table_to_point_in_time()
* list_export()

* NetworkManager:
* create_device()
* create_link()
* create_link()
* delete_device()
* delete_link()
* delete_site()
* get_devices()
* get_links()
* get_sites()
* list_tags_for_resource()

* SageMaker:
* list_endpoints()
* list_endpoint_configs()
* create_auto_ml_job_v2()
* describe_auto_ml_job_v2()
* list_auto_ml_jobs()
* stop_auto_ml_job()
* create_compilation_job()
* describe_compilation_job()
* list_compilation_jobs()
* delete_compilation_job()
* create_domain()
* describe_domain()
* list_domains()
* delete_domain()
* create_model_explainability_job_definition()
* describe_model_explainability_job_definition()
* list_model_explainability_job_definitions()
* delete_model_explainability_job_definition()
* create_hyper_parameter_tuning_job()
* describe_hyper_parameter_tuning_job()
* list_hyper_parameter_tuning_jobs()
* delete_hyper_parameter_tuning_job()
* create_model_quality_job_definition()
* describe_model_quality_job_definition()
* list_model_quality_job_definitions()
* delete_model_quality_job_definition()

* Route53:
* list_tags_for_resource()

Miscellaneous:
* ACM: export_certificate() now only allows exporting private certificates
* ACM: DomainValidationOptions now have SUCCESS-status, fixing the `certificate_validated` waiter
* Athena: QueryResults are now stored in S3
* CloudFormation: update_stack() now persists the new parameters provided
* CloudFormation: update_stack() now understands UsePreviousValue=False
* CloudFormation: update_stack() now throws an exception when using UsePreviousValue=True and a new parameter value
* CloudFormation: update_stack() is now able to update resources where only the parameters have changed
* CloudFormation: AWS::S3::Bucket resources will now create/update Tags
* CloudFormation: AWS::S3::Bucket resources are no longer recreated for every update
* CognitoIDP: initiate_auth() now supports USERNAME_PASSWORD_AUTH and SMS/Software Token MFA
* CognitoIDP: initiate_auth() now returns th email in the ID-token claims
* DynamoDB: query() now sorts the results correctly when querying GSI data with identical hash keys
* EC2: describe_security_group_rules() now enumerates multiple rules correctly
* EC2: run_instances() can now use $Default or $Latest launch template version
* Events: list_targets_by_rule() now supports pagination
* EventBridge Scheduler - get_schedule() now returns the ActionAfterCompletion
* Firehose: create_delivery_stream() now creates S3 files with the correct filename if no prefix is provided
* IOT: Certificates hashes can now be computed using the DER encoding, per the AWS spec
This is an opt-in behaviour, and can be enabled with the following configuration:
mock_aws(config={"iot": {"use_valid_cert": True}})
* ResourceGroupsTaggingAPI: tag_resources() now supports SageMaker resources
* S3: head_object()/get_object() now support the PartNumber-argument
* S3: put_object() now correctly enforces the BucketPolicy when creating new objects
* SESv2: send_email() now returns the MessageId

-----
Docker Digest for 5.0.11: _sha256:438f7fbb5fa1dff2cf0887c59466ff78bed5aaca9ea7b5cf54d6a41fc2418e28_

New Methods:
* ServiceDiscovery:
* deregister_instance()
* discover_instances()
* discover_instances_revision()
* get_instance()
* get_instances_health_status()
* list_instances()
* register_instance()
* update_http_namespace()
* update_instance_custom_health_status()

Miscellaneous:
* DynamoDB: transact_write_items() no longer throws a ValidationException when passing multiple set actions, only when passing multiple set clauses
* DynamoDB: transact_write_items() no longer throws an Exception when ExpressionAttributeNames are not provided
(Both bugs were introduced in 5.0.10)

* IOT-data: update_thing_shadow() now calculates the delta correctly
* ResourceGroupsTagging: get_resources() now supports EFS resources

-----
Docker Digest for 5.0.10: _sha256:bfb9cd2a437fc7c754b3a6a66b7fb528ec1a53e0c683e8b75514bff81543cf55_

General:
* CloudFormation now supports cfn-lint v1, as well as v0

New Services:

* FSX:
* create_file_system()
* delete_file_system()
* describe_file_systems()
* tag_resource()
* untag_resource()

* OpenSearch Serverless:
* batch_get_collection()
* create_collection()
* create_security_policy()
* create_vpc_endpoint()
* delete_collection()
* get_security_policy()
* list_collections()
* list_security_policies()
* list_tags_for_resource()
* tag_resource()
* untag_resource()
* update_security_policy()

* Shield:
* create_protection()
* delete_protection()
* describe_protection()
* list_protections()
* list_tags_for_resource()
* tag_resource()
* untag_resource()

New Methods:
* Sagemaker:
* create_cluster()
* delete_cluster()
* describe_cluster()
* list_clusters()
* list_cluster_nodes()

Miscellaneous:
* CognitoIDP: admin_list_groups_by_user() now supports pagination
* DynamoDB: transact_write_items() now validates the number of SET expressions
* DynamoDB: update_item() now validates unused ExpressionAttributeValues
* DynamoDB: query() now supports pagination when querying Global Indexes
* EC2: describe_images() - feat: support filtering images by ExecutableUsers=['self']
* EC2: describe_route_tables() now supports the filter `route.transit-gateway-id`
* EC2: update_security_group_rule_descriptions_ingress() now supports updating multiple descriptions
* EKS: create_nodegroup() now supports the `taints`-parameter
* ELBv2: add_listener_certificates() now validates when adding too many certificates (> 25)
* ELBv2: describe_target_health() now handles unknown/deregistered/terminated instances better
* ResourceGroupsTaggingAPI: get_resources() now supports ResourceType=s3:bucket
* RDS: Clusters now have the `creating`-status on create, and `available` immediately after - in line with AWS
* SSM: get_parameter() now supports ARN's for the Name-parameter

-----
Docker Digest for 5.0.9: _sha256:df61e4e76344017f6c82924a3dd1cdd4dcbac4095cf234c6d6fb0a0f800fbeff_

General:
* Fixed an InfiniteRecursion-bug when accessing S3-buckets that was introduced in 5.0.8

New Methods:
* SSO-Admin:
* list_accounts_for_provisioned_permission_set()
* list_instances()
* list_permission_sets_provisioned_to_account()
* provision_permission_set()
* update_instance()

Miscellaneous:
* DynamoDB: query() now handles pagination correctly on a GSI without a range key
* IAM: create_policy() now returns tags correctly
* S3: list_objects(): The default value for MaxKeys can now be configured, using an environment variable:
MOTO_S3_DEFAULT_MAX_KEYS=1

-----
Docker Digest for 5.0.8: _sha256:cfcd97074011bd563cdbeebac35ed710581a23cb2be07ab9b67aa00298fc3369_

General:
* Improved support for non-generic partitions (China, GovCloud, ISO-regions).
All ARN's now contain the correct partition for resources created in those regions.

New Services:
* NetworkManager:
* create_global_network()
* describe_global_networks()
* create_core_network()
* create_global_network()
* delete_core_network()
* list_core_networks()
* get_core_network()
* tag_resource()
* untag_resource()

Miscellaneous:
* ResilienceHub: list_app_assessments() can now return pre-configured results
* ResourceGroupTagging: get_resources() now returns results when filtering on "lambda:function"
* S3: delete_object_tagging()/put_object_tagging() now send an EventBridge notification