v2 Getting Started (AWS)

src/content/docs/aws/capabilities/cloud-sandbox/ephemeral-instances.md

@@ -87,7 +87,7 @@ If you have created a Cloud Pod from an older version of LocalStack, you need to
 
 ## Ephemeral Instances CLI
 
-The Ephemeral Instances CLI is included in the [LocalStack CLI installation](/aws/getting-started/installation/#installing-localstack-cli), so no additional installations are needed to start using it.
+The Ephemeral Instances CLI is included in the [LocalStack CLI installation](/aws/getting-started/installation/#install-localstack-cli), so no additional installations are needed to start using it.
 If you're a licensed user, setting the `LOCALSTACK_AUTH_TOKEN` as an environment variable is recommended to access all features of the Ephemeral Instances CLI.
 
 Access the Ephemeral Instances CLI by running the `localstack ephemeral` command from your terminal.

src/content/docs/aws/capabilities/security-testing/custom-tls-certificates.mdx

@@ -30,7 +30,7 @@ They all can be summarised as:
 
 ## Creating a custom docker image
 
-If you run LocalStack in a docker container (which includes using [the CLI](/aws/getting-started/installation/#installing-localstack-cli), [docker](/aws/getting-started/installation/#docker), [docker-compose](/aws/getting-started/installation/#docker-compose), or [helm](/aws/getting-started/installation/#helm)), to include a custom TLS root certificate a new docker image should be created.
+If you run LocalStack in a docker container (which includes using [the CLI](/aws/getting-started/installation/#install-localstack-cli), [docker](/aws/getting-started/installation/#docker-compose), [docker-compose](/aws/getting-started/installation/#docker-compose), or [helm](/aws/getting-started/installation/#helm-kubernetes)), to include a custom TLS root certificate a new docker image should be created.
 
 Create a `Dockerfile` containing the following commands:
 

src/content/docs/aws/capabilities/state-management/cloud-pods.mdx

@@ -28,7 +28,7 @@ You can save and load the persistent state of Cloud Pods, you can use the [Cloud
 LocalStack provides a remote storage backend that can be used to store the state of your running application and share it with your team members.
 You can interact with the Cloud Pods over the storage backend via the LocalStack Web Application.
 
-Cloud Pods CLI is included in the [LocalStack CLI installation](/aws/getting-started/installation/#installing-localstack-cli), so there's no need for additional installations to begin using it.
+Cloud Pods CLI is included in the [LocalStack CLI installation](/aws/getting-started/installation/#install-localstack-cli), so there's no need for additional installations to begin using it.
 If you're a licensed user, we suggest setting the `LOCALSTACK_AUTH_TOKEN` as an environment variable.
 This enables you to access the complete range of LocalStack Cloud Pods features.
 
@@ -451,7 +451,7 @@ localstack pod list s3-storage-aws
 
 :::note
 Full S3 remotes support is available in the CLI from version 3.2.0.
-If you experience any difficulties, update your [LocalStack CLI](/aws/getting-started/installation/#updating-localstack-cli).
+If you experience any difficulties, update your [LocalStack CLI](/aws/getting-started/installation/#update-localstack-cli).
 :::
 
 ### ORAS remote storage

src/content/docs/aws/getting-started/ai-workflows.mdx

@@ -0,0 +1,43 @@
+---
+title: AI & Agent Workflows
+description: Integrate LocalStack with AI coding assistants, MCP servers, and agent-driven infrastructure automation.
+template: doc
+sidebar:
+  order: 5
+---
+
+LocalStack provides a secure, emulated environment for developing and testing AI-assisted workflows. You can iterate on AI-generated infrastructure code and agentic deployment tasks without incurring cloud costs or risking production AWS environments by using a local cloud sandbox.
+
+## Capability Map
+
+| Use Case | Recommended Tooling |
+| :--- | :--- |
+| **AI Assistant Resource Management** | [LocalStack MCP Server](/aws/tooling/mcp-server/) |
+| **Autonomous Infrastructure Deployment** | [LocalStack Skills](https://github.com/localstack/skills) |
+| **Local IaC Validation** | LocalStack + `tflocal` / `cdklocal` / `awslocal` |
+
+
+## Model Context Protocol (MCP) Integration
+
+The LocalStack MCP Server connects compatible AI clients (such as Claude, Cursor, or Windsurf) to your local cloud environment. This integration allows AI agents to manage the full local cloud lifecycle, including container management, resource deployment, and log analysis.
+
+:::note[Official MCP Documentation]
+For detailed configuration instructions, prerequisite checks, and the complete tool reference, read our [LocalStack MCP Server guide](https://docs.localstack.cloud/aws/tooling/mcp-server/). You don't need to start LocalStack manually before using MCP; agents can initialize the container using the management tools provided by the server.
+:::
+
+
+## Agent-Driven Automation with Skills
+
+[LocalStack Skills](https://github.com/localstack/skills) provide pre-defined agent skill definitions for automating AWS architecture deployments. These skills allow agents to scaffold environments, iterate on architecture designs, and manage LocalStack state autonomously.
+
+Skills implementation scenarios:
+- **Rapid Prototyping**: Scaffold new local environments without manual infrastructure coding.
+- **Agent-First Development**: Establish LocalStack as a primary deployment target for autonomous agents.
+- **Architecture Iteration**: Test complex architectural changes in a risk-free, local sandbox.
+
+Refer to the [LocalStack Skills repository](https://github.com/localstack/skills) for available skill definitions and setup instructions.
+
+
+## Next steps
+
+You have explored the integration patterns for AI and agent-driven development. Proceed to the [Auth Token guide](/aws/getting-started/auth-token/) to configure your licensing and unlock advanced LocalStack features.

src/content/docs/aws/getting-started/auth-token.mdx

@@ -1,228 +1,105 @@
 ---
 title: Auth Token
-description: Configure your Auth Token to access and activate LocalStack.
+description: Configure and manage LocalStack Auth Tokens for local development and CI/CD environments.
 template: doc
 sidebar:
-  order: 3
+  order: 6
 ---
 
 import { Code, Tabs, TabItem } from '@astrojs/starlight/components';
 
-## Introduction
+The Auth Token is a mandatory credential required to pull the `localstack-pro` image and activate service entitlements. It links your local instance to your workspace license and enables access to the full suite of emulated AWS services.
 
-The Auth Token is required to activate the LocalStack for AWS core cloud emulator. It identifies and authenticates users outside the LocalStack Web Application.
-It primarily accesses your workspace and advanced services & features.
+## Token Types
 
-Auth tokens come in two types: a **Developer Auth Token** and a **CI Auth Token**:
+| Token Type | Scope | Use Case |
+| :--- | :--- | :--- |
+| **Developer Token** | Individual | Local development workstations. Managed per user. |
+| **CI Auth Token** | Workspace | Automated pipelines and shared runners. Managed by workspace admins. |
 
-- The **Developer Auth Token** is linked to a specific user within a specific workspace.
-  Every user has their own Auth Token.
-  It cannot be deleted but can be rotated for security reasons if needed.
-- The **CI Auth Token** is not associated with any specific user and is designed for use in CI environments and other non-developer contexts.
-  These tokens are stored in the workspace and can be managed by members with appropriate permissions.
+Manage both token types on the [Auth Tokens page](https://app.localstack.cloud/workspace/auth-tokens) in the LocalStack Web Application.
 
-Both the **Developer Auth Token** and **CI Auth Token** can be managed on the [Auth Tokens page](https://app.localstack.cloud/workspace/auth-tokens).
-
-:::danger
-
-- It's crucial to keep your Auth Token confidential.
-  Do not include it in source code management systems, such as Git repositories.
-- Be aware that if an Auth Token is committed to a public repository, it is at risk of exposure, and could remain in the repository's history, even if attempts are made to rewrite it.
-- In case your Auth Token is accidentally published, immediately rotate it on the [Auth Token page](https://app.localstack.cloud/workspace/auth-tokens).
-  :::
-
-## Managing your License
-
-To use LocalStack, a license is required.
-You can get a license by registering on the [LocalStack Web Application](https://app.localstack.cloud/sign-up).
-Choose between a 14-day trial or explore additional features with our paid offering.
-During the trial period, you are welcome to use all the features of LocalStack.
-
-After initiating your trial or acquiring a license, proceed to assign it to a user by following the steps outlined below:
-
-- Visit the [Users & Licenses page](https://app.localstack.cloud/workspace/members).
-- Select a user in the **Workspace Members** section for license assignment.
-- Define user's role via the **Member Role** dropdown.
-  Single users automatically receive the **Admin** role.
-- Toggle **Advanced Permissions** to set specific permissions.
-  Single users automatically receive full permissions.
-- Click **Save** to complete the assignment.
-  Single users assign licenses to themselves.
-
-![Assigning a license](/images/aws/assigning-a-license.png)
-
-If you have joined a workspace, you need to be assigned a license by the workspace administrator.
-In case of switching workspaces or licenses, you need to make sure that you are assigned to the correct license.
-
-:::note
-If you do not assign a license, you will not be able to use LocalStack even if you have a valid Auth token.
+:::danger[Credential Security]
+Auth Tokens provide full access to your license and workspace. **Do not commit tokens to version control.** If a token is exposed, rotate it immediately via the Web Application to invalidate existing sessions.
 :::
 
-To view your own assigned license, visit the [My License page](https://app.localstack.cloud/workspace/my-license).
-You can further navigate to the [Auth Token page](https://app.localstack.cloud/workspace/auth-tokens) to view your **Developer Auth Token** and **CI Auth Token**.
-
-## Configuring your Auth Token
-
-LocalStack requires the `LOCALSTACK_AUTH_TOKEN` environment variable to contain your Auth Token.
-You can configure your Auth Token in several ways, depending on your use case.
-The following sections describe the various methods of setting your Auth Token.
+## Configuration Methods
 
-:::danger
+Authentication requirements vary based on your chosen execution method.
 
-- It's crucial to keep your Auth Token confidential.
-  Do not include it in source code management systems, such as Git repositories.
-- Be aware that if an Auth Token is committed to a public repository, it's at risk of exposure, and could remain in the repository's history, even if attempts are made to rewrite it.
-- In case your Auth Token is accidentally published, immediately rotate it on the [Auth Token page](https://app.localstack.cloud/workspace/auth-tokens).
-  :::
+### 1. lstk (Automated)
+The `lstk` CLI automates the authentication lifecycle. On initial execution, it triggers a browser-based OAuth flow and stores the resulting token in your system keyring. No manual environment variable configuration is required.
 
-### LocalStack CLI
-
-You should set the `LOCALSTACK_AUTH_TOKEN` environment variable either before or during the startup of LocalStack using the `localstack` command-line interface (CLI).
+```bash
+lstk start
 
-<Tabs>
-  <TabItem label="macOS/Linux">
-    <Code
-      code={`localstack auth set-token <YOUR_AUTH_TOKEN>\nlocalstack start`}
-      lang="shell"
-    />
-  </TabItem>
-  <TabItem label="Windows">
-    <Code
-      code={`localstack auth set-token <YOUR_AUTH_TOKEN>\nlocalstack start`}
-      lang="powershell"
-    />
-  </TabItem>
-</Tabs>
+```
 
-:::note
+### 2. LocalStack CLI
 
-1. You can alternatively set the `LOCALSTACK_AUTH_TOKEN` environment variable in your shell session.
-   This ensures the Auth Token is transmitted to your LocalStack container, enabling key activation.
-2. The `localstack auth set-token` command is only available for `localstack` CLI and cannot be used with a Docker/Docker Compose setup.
-   :::
+If you use the standard CLI, set your token using the `auth` command. This persists the credential in your local configuration.
 
-You have the option to run your LocalStack container in the background by appending the `-d` flag to the `localstack start` command.
+### 3. Docker & Docker Compose
 
-The `localstack` CLI automatically detects the Auth Token and appropriately conveys it to the LocalStack container.
+For direct container execution, inject the token as an environment variable.
 
-:::note
-If you are using LocalStack with an Auth Token, it's necessary to download the [LocalStack for AWS image](/aws/capabilities/config/docker-images#localstack-for-aws-image), which includes Pro services and several advanced features.
-:::
+**Docker CLI:**
 
-### Docker
-
-To start LocalStack via Docker, you need to provide the Auth Token using the `-e` flag, which is used for setting environment variables.
-
-```bash {5}
+```bash
 docker run \
   --rm -it \
-  -p 4566:4566 \
-  -p 4510-4559:4510-4559 \
-  -e LOCALSTACK_AUTH_TOKEN=${LOCALSTACK_AUTH_TOKEN:- } \
+  -e LOCALSTACK_AUTH_TOKEN=${LOCALSTACK_AUTH_TOKEN} \
   localstack/localstack-pro
-```
-
-For more information about starting LocalStack with Docker, take a look at our [Docker installation](/aws/getting-started/installation/#docker) guide.
 
-### Docker Compose
-
-To start LocalStack using `docker compose`, you have to include the `LOCALSTACK_AUTH_TOKEN` environment variable in your `docker-compose.yml` file:
-
-```yaml
-environment:
-  - LOCALSTACK_AUTH_TOKEN=${LOCALSTACK_AUTH_TOKEN- }
 ```
 
-You can manually set the Auth Token, or use the `export` command to establish the Auth Token in your current shell session.
-This ensures the Auth Token is transmitted to your LocalStack container, enabling key activation.
-
-### CI Environments
-
-CI environments require a CI Auth Token.
-Developer Auth Tokens cannot be used in CI.
-CI Auth Tokens are available on the [Auth Tokens page](https://app.localstack.cloud/workspace/auth-tokens) and are configured similarly to Developer Auth Tokens.
-
-To set the CI Auth Token, add the Auth Token value in the `LOCALSTACK_AUTH_TOKEN` environment variable of your CI provider, and refer to it when starting LocalStack in your CI workflow.
-You can find detailed examples in our [LocalStack in CI documentation](/aws/integrations/continuous-integration/).
+**Docker Compose:**
 
-## Rotating the Auth Token
-
-Your personal Auth Token provides full access to your workspace and LocalStack license.
-It's important to treat auth tokens as confidential, avoiding sharing or storing them in source control management systems (SCMs) like Git.
-
-If you believe your Auth Token has been compromised or becomes known to someone else, reset it without delay.
-When you reset a token, the old one is immediately deactivated, losing its ability to access your license or workspace.
-It is not possible to restore previous tokens.
+```yaml
+services:
+  localstack:
+    image: localstack/localstack-pro
+    environment:
+      - LOCALSTACK_AUTH_TOKEN=${LOCALSTACK_AUTH_TOKEN}
 
-To rotate your Auth Token, go to the [Auth Token page](https://app.localstack.cloud/workspace/auth-tokens) and select the **Reset Auth Token** option.
+```
 
-## Licensing configuration & activation checkup
+## License Assignment
 
-To avoid logging any licensing-related error messages, set `LOG_LICENSE_ISSUES=0` in your environment.
-Refer to our [configuration guide](/aws/capabilities/config/configuration/#localstack-for-aws) for more information.
+An Auth Token is only valid if a license is assigned to your user identity or workspace.
 
-The simplest method to verify if LocalStack is active is by querying the health endpoint for a list of running services:
+**Assignment Workflow:**
 
-<Tabs>
-  <TabItem label="macOS/Linux">
+1. Navigate to the [Users & Licenses page](https://app.localstack.cloud/workspace/members).
+2. Identify the target user in **Workspace Members**.
+3. Select the appropriate **Member Role** (Admins receive full permissions by default).
+4. Save the configuration to activate the license for that identity.
 
-    ```bash
-    curl http://localhost:4566/_localstack/info | jq
-    ```
+:::note
+An active Auth Token will fail to initialize the container if a valid license has not been assigned to the associated user.
+:::
 
-  </TabItem>
-  <TabItem label="Windows">
 
-    ```bash
-    Invoke-WebRequest -Uri http://localhost:4566/_localstack/info | ConvertFrom-Json
-    ```
+## Activation Verification
 
-  </TabItem>
-</Tabs>
+Verify the activation status by querying the LocalStack info endpoint:
 
-The following output would be retrieved:
+**Successful Activation Output:**
 
-```bash
+```json
 {
-  "version": "3.0.0:6dd3f3d",
   "edition": "pro",
-  "is_license_activated": true,
-  "session_id": "7132da5f-a380-44ca-8897-6f0fdfd7b1c9",
-  "machine_id": "0c49752c",
-  "system": "linux",
-  "is_docker": true,
-  "server_time_utc": "2023-11-21T05:41:33",
-  "uptime": 161
+  "is_license_activated": true
 }
-```
 
-The `edition` field is always `pro` and the `is_license_activated` field is set to `true`.
-Another way to confirm this is by checking the logs of the LocalStack container for a message indicating successful license activation:
-
-```bash
-[...] Successfully activated license
 ```
 
-Otherwise, check our [troubleshooting](#troubleshooting) section.
-
-## FAQ
 
-### How do I activate older versions of LocalStack (Before v3.0)?
+## Next steps
 
-Prior to the introduction of Auth Tokens, LocalStack used **API keys** managed through the `LOCALSTACK_API_KEY` environment variable for activation.
+You have successfully completed the Getting Started sequence! 
+Proceed to the [FAQ](/aws/getting-started/faq/) for troubleshooting common scenarios, or explore our [supported local AWS services](/aws/services/) to begin building.
 
-For backwards compatibility, we've updated our back-end to accept new Auth Tokens within the `LOCALSTACK_API_KEY` variable.
-You can use the new Auth Token in the same way you previously used the API key.
-
-### When will the legacy API keys be phased out?
-
-In early 2025, we will begin phasing out legacy API keys entirely.
-After the sunsetting period, legacy API and legacy CI keys will no longer activate or work with LocalStack.
-
-During the sunsetting period, the legacy service will experience scheduled downtimes.
-These are planned to encourage users to transition to new Auth Tokens while minimizing impact for those who have not yet updated.
-
-The downtime schedule will be communicated well in advance, allowing users ample time to switch to the new Auth Tokens.
 
 ## Troubleshooting
 
@@ -273,4 +150,5 @@ If the result shows a status other than `status: NOERROR`, your machine is unabl
 Certain corporate DNS servers may filter requests to specific domains.
 Kindly reach out to your network administrator to safelist `localstack.cloud` domain.
 
-If you have any further problems concerning your license activation, or if the steps do not help, do not hesitate to [contact us](https://localstack.cloud/contact/).
+If you have any further problems concerning your license activation, or if the steps do not help, don't hesitate to [contact us](https://localstack.cloud/contact/).
+