diff --git a/stdlib/aws/aws.cue b/stdlib/aws/aws.cue
index 2e0a3ba5..8c462c7a 100644
--- a/stdlib/aws/aws.cue
+++ b/stdlib/aws/aws.cue
@@ -10,11 +10,13 @@ import (
 // AWS Config shared by all AWS packages
 #Config: {
 	// AWS region
-	region: string @dagger(input)
+	region: dagger.#Input & { string }
 	// AWS access key
-	accessKey: dagger.#Secret @dagger(input)
+	accessKey: dagger.#Input & { dagger.#Secret }
 	// AWS secret key
-	secretKey: dagger.#Secret @dagger(input)
+	secretKey: dagger.#Input & { dagger.#Secret }
+	// AWS localstack mode
+	localMode: dagger.#Input & { string | *null }
 }
 
 // Re-usable aws-cli component
@@ -30,6 +32,9 @@ import (
 				"package": jq:        "=~1.6"
 				"package": curl:      true
 				"package": "aws-cli": "=~1.18"
+				if config.localMode != null {
+					"package": "py3-pip": true
+				}
 			}
 		},
 		op.#Exec & {
@@ -40,14 +45,37 @@ import (
 				"-eo",
 				"pipefail",
 				"-c",
-				#"""
-					aws configure set aws_access_key_id "$(cat /run/secrets/access_key)"
-					aws configure set aws_secret_access_key "$(cat /run/secrets/secret_key)"
+				if config.localMode == null {
+                    #"""
+                    aws configure set aws_access_key_id "$(cat /run/secrets/access_key)"
+                    aws configure set aws_secret_access_key "$(cat /run/secrets/secret_key)"
 
-					aws configure set default.region "$AWS_DEFAULT_REGION"
-					aws configure set default.cli_pager ""
-					aws configure set default.output "json"
-					"""#,
+                    aws configure set default.region "$AWS_DEFAULT_REGION"
+                    aws configure set default.cli_pager ""
+                    aws configure set default.output "json"
+                    """#,
+                }
+                if config.localMode != null {
+                    #"""
+                    # Download awscli v3 and override aws
+                    pip install awscli-local[v2]
+                    mv /usr/bin/awslocal /usr/bin/aws
+
+                    # Configure
+                    mkdir -p ~/.aws/
+
+                    # Set up ~/.aws/config
+                    echo "[default]" > ~/.aws/config
+                    echo "region = $AWS_DEFAULT_REGION" >> ~/.aws/config
+                    echo "cli_pager =" >> ~/.aws/config
+                    echo "output = json" >> ~/.aws/config
+
+                    # Set up ~/.aws/credentials
+                    echo "[default]" > ~/.aws/credentials
+                    echo "aws_access_key_id = $(cat /run/secrets/access_key)" >> ~/.aws/credentials
+                    echo "aws_secret_access_key = $(cat /run/secrets/secret_key)" >> ~/.aws/credentials
+                    """#,
+				}
 			]
 			mount: "/run/secrets/access_key": secret: config.accessKey
 			mount: "/run/secrets/secret_key": secret: config.secretKey