Releases: aws-powertools/powertools-lambda-python
v2.26.1
Summary
This patch release fixes a regression when using prefix stripping with middlewares on the event handler. It also fixes a mistyped field on the Kinesis Firehose event source, and a problem when getting multiple encrypted SSM parameters.
Huge thanks to @roger-zhangg and @sean-hernon for helping us identifying and fixing these issues.
Changes
- fix(event_handler): Router prefix mismatch regression after Middleware feat (#3302) by @leandrodamascena
- fix(event_source): kinesis subsequenceNumber str type to int (#3275) by @roger-zhangg
- fix(parameters): Respect POWERTOOLS_PARAMETERS_SSM_DECRYPT environment variable when getting multiple ssm parameters. (#3241) by @sean-hernon
📜 Documentation updates
- chore(deps): bump squidfunk/mkdocs-material from
772e14e
tof486dc9
in /docs (#3299) by @dependabot - chore(deps): bump squidfunk/mkdocs-material from
df9409b
to772e14e
in /docs (#3265) by @dependabot - docs(event-handler): fixed SchemaValidationMiddleware link (#3247) by @jvnsg
- docs(customer-reference): add Vertex Pharmaceuticals as a customer reference (#3210) by @leandrodamascena
- chore(deps): bump squidfunk/mkdocs-material from
cb38dc2
todf9409b
in /docs (#3216) by @dependabot
🔧 Maintenance
- chore(deps-dev): bump ruff from 0.1.4 to 0.1.5 (#3315) by @dependabot
- chore(deps-dev): bump the boto-typing group with 3 updates (#3314) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#3313) by @dependabot
- chore(deps-dev): bump aws-cdk-lib from 2.104.0 to 2.105.0 (#3309) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3310) by @dependabot
- chore(deps): bump actions/dependency-review-action from 3.1.1 to 3.1.2 (#3308) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.104.0 to 2.105.0 (#3307) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3305) by @dependabot
- chore(deps): bump actions/dependency-review-action from 3.1.0 to 3.1.1 (#3301) by @dependabot
- chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.0 to 3.0.1 (#3300) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
772e14e
tof486dc9
in /docs (#3299) by @dependabot - chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 2 updates (#3298) by @dependabot
- chore(deps-dev): bump ruff from 0.1.3 to 0.1.4 (#3297) by @dependabot
- feat(event_handler): add ability to expose a Swagger UI (#3254) by @rubenfonseca
- chore(deps-dev): bump aws-cdk-lib from 2.103.1 to 2.104.0 (#3291) by @dependabot
- chore(deps-dev): bump sentry-sdk from 1.33.1 to 1.34.0 (#3290) by @dependabot
- chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 2.1.5 to 3.0.0 (#3289) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.103.1 to 2.104.0 (#3288) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3287) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#3282) by @dependabot
- chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 2.1.4 to 2.1.5 (#3281) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#3278) by @dependabot
- chore(deps-dev): bump sentry-sdk from 1.32.0 to 1.33.1 (#3277) by @dependabot
- chore(deps-dev): bump the boto-typing group with 1 update (#3273) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.83.0 to 0.83.1 (#3274) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.103.0 to 2.103.1 (#3264) by @dependabot
- chore(deps-dev): bump aws-cdk-lib from 2.103.0 to 2.103.1 (#3263) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
df9409b
to772e14e
in /docs (#3265) by @dependabot - chore(deps-dev): bump aws-cdk from 2.102.0 to 2.103.0 (#3259) by @dependabot
- chore(deps-dev): bump ruff from 0.1.2 to 0.1.3 (#3257) by @dependabot
- chore(deps-dev): bump aws-cdk-lib from 2.102.0 to 2.103.0 (#3258) by @dependabot
- chore(deps): bump actions/setup-node from 3.8.1 to 4.0.0 (#3244) by @dependabot
- chore(deps-dev): bump pytest from 7.4.2 to 7.4.3 (#3249) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 2 updates (#3248) by @dependabot
- chore(deps-dev): bump ruff from 0.1.1 to 0.1.2 (#3250) by @dependabot
- feat(event_handler): generate OpenAPI specifications and validate input/output (#3109) by @rubenfonseca
- chore(deps-dev): bump the boto-typing group with 2 updates (#3242) by @dependabot
- chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#3245) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.82.2 to 0.83.0 (#3243) by @dependabot
- chore(deps-dev): bump ruff from 0.1.0 to 0.1.1 (#3235) by @dependabot
- chore(deps-dev): bump the boto-typing group with 1 update (#3231) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.101.1 to 2.102.0 (#3232) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.82.0 to 0.82.2 (#3229) by @dependabot
- chore(deps): bump datadog-lambda from 4.80.0 to 4.81.0 (#3228) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.81.0 to 0.82.0 (#3224) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.101.0 to 2.101.1 (#3223) by @dependabot
- chore(deps): bump urllib3 from 1.26.17 to 1.26.18 (#3222) by @dependabot
- chore(deps-dev): bump urllib3 from 1.26.17 to 1.26.18 in /layer (#3221) by @dependabot
- chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#3220) by @dependabot
- chore(deps): bump release-drafter/release-drafter from 5.24.0 to 5.25.0 (#3219) by @dependabot
- chore(deps-dev): bump ruff from 0.0.292 to 0.1.0 (#3213) by @dependabot
- chore(deps-dev): bump aws-cdk-lib from 2.100.0 to 2.101.1 (#3217) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.100.0 to 2.101.0 (#3214) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
cb38dc2
todf9409b
in /docs (#3216) by @dependabot - chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3215) by @dependabot
- chore(deps-dev): bump the boto-typing group with 2 updates (#3211) by @dependabot
This release was made possible by the following contributors:
@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @jvnsg, @leandrodamascena, @roger-zhangg, @rubenfonseca and @sean-hernon
v2.26.0
v2.26.0 Release notes
Summary
This release adds richer exception details to the logger utility, support for VPC Lattice Payload V2, smarter model inference in the parser utility, expanded ARM64 Lambda Layer support on additional regions, and fixes some bugs!
⭐ Huge thanks to our new contributors: @Tom01098, @stevrobu, and @pgrzesik!
Richer exception details
Docs: logger
The logger utility now logs exceptions in a structured format to simplify debugging. Previously, exception tracebacks appeared as a single string containing the raw stack trace frames. Developers had to parse each frame manually to extract file names, line numbers, function names, etc.
With the new serialize_stacktrace
flag, the logger prints stack traces as structured JSON. This clearly surfaces exception details like filenames, lines, functions, and statements per frame. The structured output eliminates the need to parse traceback strings, improving observability and accelerating root cause analysis.
Amazon VPC Lattice Payload V2
Docs: event handler, parser
Amazon VPC Lattice is a fully managed application networking service that you use to connect, secure, and monitor the services for your application across multiple accounts and virtual private clouds (VPC). You can register your Lambda functions as targets with a VPC Lattice target group, and configure a listener rule to forward requests to the target group for your Lambda function.
With this seamless integration, you can now leverage the performance benefits of Amazon VPC Lattice Payload V2 directly in your event handlers. The latest release enables handling Lattice events using the familiar event handler API you already know, including critical features like CORS support and response serialization.
Model inference in the parser utility
Docs: parser
The event_parser
decorator previously required you to duplicate the type when using type hints. Now, the event_parser
decorator can infer the event type directly from your handler signature. This avoids having to redeclare the type in the event_parser
decorator.
Changes
🌟New features and non-breaking changes
- feat(parser): infer model from type hint (#3181) by @Tom01098
- feat(logger): new stack_trace field with rich exception details (#3147) by @stevrobu
- feat(event_handler): add support to VPC Lattice payload v2 (#3153) by @stephenbawks
- feat(layers): add arm64 support in more regions (#3151) by @leandrodamascena, @rubenfonseca
📜 Documentation updates
- fix(logger): force Logger to use local timezone when UTC flag is not set (#3168) by @roger-zhangg
- docs(event_handler): add information about case-insensitive header lookup function (#3183) by @pgrzesik
- chore(deps): bump squidfunk/mkdocs-material from
a4cfa88
tocb38dc2
in /docs (#3189) by @dependabot - chore(deps): bump gitpython from 3.1.35 to 3.1.37 in /docs (#3188) by @dependabot
- docs(contributing): initial structure for revamped contributing guide (#3133) by @heitorlessa
- chore(deps): bump squidfunk/mkdocs-material from
cbfecae
toa4cfa88
in /docs (#3175) by @dependabot - chore(deps): bump squidfunk/mkdocs-material from
e5f28aa
tocbfecae
in /docs (#3157) by @dependabot - chore(deps): bump squidfunk/mkdocs-material from
06673a1
toe5f28aa
in /docs (#3134) by @dependabot - chore(deps): bump squidfunk/mkdocs-material from
b41ba6d
to06673a1
in /docs (#3124) by @dependabot
🐛 Bug and hot fixes
- fix(parameter): improve AppConfig cached configuration retrieval (#3195) by @leandrodamascena
🔧 Maintenance
- fix(logger): force Logger to use local timezone when UTC flag is not set (#3168) by @roger-zhangg
- chore(deps-dev): bump the boto-typing group with 1 update (#3196) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#3198) by @dependabot
- chore(deps): bump aws-xray-sdk from 2.12.0 to 2.12.1 (#3197) by @dependabot
- chore(deps-dev): bump sentry-sdk from 1.31.0 to 1.32.0 (#3192) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
a4cfa88
tocb38dc2
in /docs (#3189) by @dependabot - chore(deps): bump gitpython from 3.1.35 to 3.1.37 in /docs (#3188) by @dependabot
- feat(logger): new stack_trace field with rich exception details (#3147) by @stevrobu
- chore(deps-dev): bump aws-cdk from 2.99.1 to 2.100.0 (#3185) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#3177) by @dependabot
- chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#3178) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.80.4 to 0.81.0 (#3179) by @dependabot
- docs(contributing): initial structure for revamped contributing guide (#3133) by @heitorlessa
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3174) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
cbfecae
toa4cfa88
in /docs (#3175) by @dependabot - chore(deps-dev): bump the boto-typing group with 1 update (#3170) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.80.3 to 0.80.4 (#3166) by @dependabot
- chore(deps-dev): bump urllib3 from 1.26.16 to 1.26.17 in /layer (#3163) by @dependabot
- chore(deps): bump urllib3 from 1.26.16 to 1.26.17 (#3162) by @dependabot
- chore(deps-dev): bump ruff from 0.0.291 to 0.0.292 (#3161) by @dependabot
- chore(deps): bump fastjsonschema from 2.18.0 to 2.18.1 (#3159) by @dependabot
- chore(deps): bump actions/setup-python from 4.7.0 to 4.7.1 (#3158) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.99.0 to 2.99.1 (#3155) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3156) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
e5f28aa
tocbfecae
in /docs (#3157) by @dependabot - chore(deps-dev): bump aws-cdk from 2.98.0 to 2.99.0 (#3148) by @dependabot
- chore(deps-dev): bump types-requests from 2.31.0.5 to 2.31.0.6 (#3145) by @dependabot
- chore(deps): bump pydantic from 1.10.12 to 1.10.13 (#3144) by @dependabot
- chore(deps-dev): bump the boto-typing group with 2 updates (#3143) by @dependabot
- feat(data_masking): add new sensitive data masking utility (#2197) by @seshubaws
- chore(deps-dev): bump aws-cdk from 2.97.0 to 2.98.0 (#3139) by @dependabot
- chore(deps-dev): bump types-requests from 2.31.0.3 to 2.31.0.5 (#3136) by @dependabot
- chore(deps-dev): bump the boto-typing group with 1 update (#3135) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
06673a1
toe5f28aa
in /docs (#3134) by @dependabot - chore(deps-dev): bump ruff from 0.0.290 to 0.0.291 (#3126) by @dependabot
- chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 (#3128) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.96.2 to 2.97.0 (#3129) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3127) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.80.2 to 0.80.3 (#3125) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
b41ba6d
to06673a1
in /docs (#3124) by @dependabot
This release was made possible by the following contributors:
@Tom01098, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena, @rubenfonseca, @pgrzesik, @roger-zhangg, @seshubaws, @stephenbawks and @stevrobu
v2.25.1
Summary
This is a patch release to address a bug in @metrics.log_metrics
decorator to support functions with arbitrary arguments/kwargs, and a minor typing fix in Logger for explicit None
return types.
🌟 Huge thanks to two new contributors who reported and fixed both bugs @FollowTheProcess and @thegeorgeliu
Changes
📜 Documentation updates
- chore(deps): bump squidfunk/mkdocs-material from
4ff781e
tob41ba6d
in /docs (#3117) by @dependabot - chore(deps): bump squidfunk/mkdocs-material from
c4890ab
to4ff781e
in /docs (#3110) by @dependabot
🐛 Bug and hot fixes
- fix(logger): add explicit None return type annotations (#3113) by @FollowTheProcess
- fix(metrics): support additional arguments in functions wrapped with log_metrics decorator (#3120) by @thegeorgeliu
🔧 Maintenance
- chore(deps): bump squidfunk/mkdocs-material from
4ff781e
tob41ba6d
in /docs (#3117) by @dependabot - chore(deps-dev): bump the boto-typing group with 3 updates (#3118) by @dependabot
- chore(deps-dev): bump types-requests from 2.31.0.2 to 2.31.0.3 (#3114) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3115) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3108) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
c4890ab
to4ff781e
in /docs (#3110) by @dependabot - chore(deps-dev): bump cfn-lint from 0.79.11 to 0.80.2 (#3107) by @dependabot
- chore(deps-dev): bump ruff from 0.0.289 to 0.0.290 (#3105) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.96.1 to 2.96.2 (#3102) by @dependabot
- chore(deps-dev): bump the boto-typing group with 1 update (#3101) by @dependabot
This release was made possible by the following contributors:
@FollowTheProcess, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot] and @thegeorgeliu
v2.25.0
Summary
This release simplifies data transformation with Amazon Kinesis Data Firehose, and handling secret rotation events from Amazon Secrets Manager.
🌟 Huge welcome to our new contributor @TonySherman. Tony documented how to use Event Handler with micro Lambda functions.
Data transformation
When using Kinesis Firehose, you can use a Lambda function to perform data transformation. For each transformed record, you can choose to either:
- A) Put them back to the delivery stream (default)
- B) Drop them so consumers don't receive them (e.g., data validation)
- C) Indicate a record failed data transformation and should be retried
To make this process easier, you can now use KinesisFirehoseDataTransformationResponse
and serialization functions to quickly encode payloads into base64 data for the stream.
Example where you might want to drop unwanted records from the stream.
from json import JSONDecodeError
from typing import Dict
from aws_lambda_powertools.utilities.data_classes import (
KinesisFirehoseDataTransformationRecord,
KinesisFirehoseDataTransformationResponse,
KinesisFirehoseEvent,
event_source,
)
from aws_lambda_powertools.utilities.serialization import base64_from_json
from aws_lambda_powertools.utilities.typing import LambdaContext
@event_source(data_class=KinesisFirehoseEvent)
def lambda_handler(event: KinesisFirehoseEvent, context: LambdaContext):
result = KinesisFirehoseDataTransformationResponse()
for record in event.records:
try:
payload: Dict = record.data_as_json # decodes and deserialize base64 JSON string
## generate data to return
transformed_data = {"tool_used": "powertools_dataclass", "original_payload": payload}
processed_record = KinesisFirehoseDataTransformationRecord(
record_id=record.record_id,
data=base64_from_json(transformed_data),
)
except JSONDecodeError:
# our producers ingest JSON payloads only; drop malformed records from the stream
processed_record = KinesisFirehoseDataTransformationRecord(
record_id=record.record_id,
data=record.data,
result="Dropped",
)
result.add_record(processed_record)
# return transformed records
return result.asdict()
Rotating secrets
When rotating secrets with Secrets Manager, it invokes your Lambda function in four potential steps:
createSecret
. Create a new version of the secret.setSecret
. Change the credentials in the database or service.testSecret
. Test the new secret version.finishSecret
. Finish the rotation.
You can now use SecretsManagerEvent
to more easily access the event structure, and combine Parameters to get secrets to perform secret operations.
from aws_lambda_powertools.utilities import parameters
from aws_lambda_powertools.utilities.data_classes import SecretsManagerEvent, event_source
secrets_provider = parameters.SecretsProvider()
@event_source(data_class=SecretsManagerEvent)
def lambda_handler(event: SecretsManagerEvent, context):
# Getting secret value using Parameter utility
# See https://docs.powertools.aws.dev/lambda/python/latest/utilities/parameters/
secret = secrets_provider.get(event.secret_id, VersionId=event.version_id, VersionStage="AWSCURRENT")
if event.step == "setSecret":
# Perform any secret rotation logic, e.g., change DB password
# Check more examples: https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas
print("Rotating secret...")
return secret
Changes
🌟New features and non-breaking changes
- feat(event_source): add Kinesis Firehose Data Transformation data class (#3029) by @roger-zhangg
- feat(event_sources): add Secrets Manager secret rotation event (#3061) by @roger-zhangg
📜 Documentation updates
- docs(event_handler): fix typing in micro function example (#3098) by @leandrodamascena
- docs(we-made-this): fix broken Twitch video embeds (#3096) by @leandrodamascena
- docs(event_handler): add micro function examples (#3056) by @TonySherman
- feat(event_source): add Kinesis Firehose Data Transformation data class (#3029) by @roger-zhangg
- feat(event_sources): add Secrets Manager secret rotation event (#3061) by @roger-zhangg
- chore(deps): bump squidfunk/mkdocs-material from
dd1770c
toc4890ab
in /docs (#3078) by @dependabot
🔧 Maintenance
- chore(deps-dev): bump aws-cdk from 2.96.0 to 2.96.1 (#3093) by @dependabot
- chore(typing): move backwards compat types to shared types (#3092) by @heitorlessa
- refactor(parameters): BaseProvider._get to also support Dict (#3090) by @leandrodamascena
- chore(deps): bump docker/setup-qemu-action from 2.2.0 to 3.0.0 (#3081) by @dependabot
- chore(deps): bump docker/setup-buildx-action from 2.10.0 to 3.0.0 (#3083) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.79.10 to 0.79.11 (#3088) by @dependabot
- chore(deps-dev): bump sentry-sdk from 1.30.0 to 1.31.0 (#3086) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.95.1 to 2.96.0 (#3087) by @dependabot
- chore(deps-dev): bump the boto-typing group with 1 update (#3085) by @dependabot
- chore(deps-dev): bump ruff from 0.0.288 to 0.0.289 (#3080) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.79.9 to 0.79.10 (#3077) by @dependabot
- chore(deps-dev): bump hvac from 1.2.0 to 1.2.1 (#3075) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
dd1770c
toc4890ab
in /docs (#3078) by @dependabot - chore(deps-dev): bump ruff from 0.0.287 to 0.0.288 (#3076) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.95.0 to 2.95.1 (#3074) by @dependabot
- chore(deps): bump actions/dependency-review-action from 3.0.8 to 3.1.0 (#3071) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.94.0 to 2.95.0 (#3070) by @dependabot
- chore(automation): remove previous labels when PR is updated (#3066) by @sthulb
This release was made possible by the following contributors:
@TonySherman, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena, @roger-zhangg and @sthulb
v2.24.0
Summary
This release brings custom serialization/deserialization to Idempotency, and Middleware support in Event Handler (API Gateway REST/HTTP, ALB, Lambda Function URL, VPC Lattice). Oh didn't I say some bug fixes too? 🙏
🌟 Big welcome to the new contributors: @adriantomas, @aradyaron, @nejcskofic, @waveFrontSet
Idempotency custom serialization
Docs
🌟 Huge thanks to @aradyaron!!
Previously, any function annotated with @idempotent_function
will have its return type as a JSON object - this was challenging for customers using Pydantic, Dataclasses, or any custom types.
You can now use output_serializer
to automatically serialize the return type for Dataclasses or Pydantic, and bring your own serializer/deserializer too!
from aws_lambda_powertools.utilities.idempotency import (
DynamoDBPersistenceLayer,
IdempotencyConfig,
idempotent_function,
)
from aws_lambda_powertools.utilities.idempotency.serialization.pydantic import PydanticSerializer
from aws_lambda_powertools.utilities.parser import BaseModel
from aws_lambda_powertools.utilities.typing import LambdaContext
dynamodb = DynamoDBPersistenceLayer(table_name="IdempotencyTable")
config = IdempotencyConfig(event_key_jmespath="order_id") # see Choosing a payload subset section
class OrderItem(BaseModel):
sku: str
description: str
class Order(BaseModel):
item: OrderItem
order_id: int
class OrderOutput(BaseModel):
order_id: int
@idempotent_function(
data_keyword_argument="order",
config=config,
persistence_store=dynamodb,
output_serializer=PydanticSerializer,
)
# order output is inferred from return type
def process_order(order: Order) -> OrderOutput:
return OrderOutput(order_id=order.order_id)
def lambda_handler(event: dict, context: LambdaContext):
config.register_lambda_context(context) # see Lambda timeouts section
order_item = OrderItem(sku="fake", description="sample")
order = Order(item=order_item, order_id=1)
# `order` parameter must be called as a keyword argument to work
process_order(order=order)
Middleware in Event Handler
Docs
🌟 Huge thanks to @walmsles for the implementation and marvelous illustrations!!
You can now bring your own middleware to run logic before or after requests when using Event Handler.
The goal continues to be having built-in features over middlewares, so you don't have to own boilerplate code. That said, we recognize we can't virtually cover every use case - that's where middleware comes in!
Example using per-route and global middlewares
import middleware_global_middlewares_module
import requests
from aws_lambda_powertools import Logger
from aws_lambda_powertools.event_handler import APIGatewayRestResolver, Response
app = APIGatewayRestResolver()
logger = Logger()
app.use(middlewares=[middleware_global_middlewares_module.log_request_response])
@app.get("/todos", middlewares=[middleware_global_middlewares_module.inject_correlation_id])
def get_todos():
todos: Response = requests.get("https://jsonplaceholder.typicode.com/todos")
todos.raise_for_status()
return {"todos": todos.json()[:10]}
@logger.inject_lambda_context
def lambda_handler(event, context):
return app.resolve(event, context)
Changes
- refactor(batch): type response() method (#3023) by @adriantomas
🌟New features and non-breaking changes
- feat(event_handler): add Middleware support for REST Event Handler (#2917) by @walmsles
- feat(idempotency): add support to custom serialization/deserialization on idempotency decorator (#2951) by @aradyaron
📜 Documentation updates
- feat(event_handler): add Middleware support for REST Event Handler (#2917) by @walmsles
- feat(idempotency): add support to custom serialization/deserialization on idempotency decorator (#2951) by @aradyaron
- chore(deps): bump squidfunk/mkdocs-material from
f4764d1
todd1770c
in /docs (#3044) by @dependabot - chore(deps): bump squidfunk/mkdocs-material from
b1f7f94
tof4764d1
in /docs (#3031) by @dependabot - chore(deps): bump squidfunk/mkdocs-material from
97da15b
tob1f7f94
in /docs (#3021) by @dependabot
🐛 Bug and hot fixes
- fix(parser): change ApproximateCreationDateTime field to datetime in DynamoDBStreamChangedRecordModel (#3049) by @waveFrontSet
- fix(event_handler): expanding safe URI characters to include +$& (#3026) by @nejcskofic
🔧 Maintenance
- chore(deps-dev): bump pytest from 7.4.1 to 7.4.2 (#3057) by @dependabot
- chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#3053) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3052) by @dependabot
- chore(deps-dev): bump hvac from 1.1.1 to 1.2.0 (#3054) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.79.8 to 0.79.9 (#3046) by @dependabot
- chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 (#3041) by @dependabot
- chore(deps-dev): bump mkdocs-material from 9.2.6 to 9.2.7 (#3043) by @dependabot
- chore(deps-dev): bump pytest from 7.4.0 to 7.4.1 (#3042) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
f4764d1
todd1770c
in /docs (#3044) by @dependabot - chore(deps-dev): bump aws-cdk from 2.93.0 to 2.94.0 (#3036) by @dependabot
- chore(deps-dev): bump ruff from 0.0.286 to 0.0.287 (#3035) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.79.7 to 0.79.8 (#3033) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
b1f7f94
tof4764d1
in /docs (#3031) by @dependabot - chore(deps-dev): bump mkdocs-material from 9.2.5 to 9.2.6 (#3032) by @dependabot
- chore(deps-dev): bump sentry-sdk from 1.29.2 to 1.30.0 (#3028) by @dependabot
- chore(deps-dev): bump the boto-typing group with 11 updates (#3027) by @dependabot
- chore(deps): bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#3022) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
97da15b
tob1f7f94
in /docs (#3021) by @dependabot - chore(deps-dev): bump the boto-typing group with 1 update (#3013) by @dependabot
- chore(deps-dev): bump ruff from 0.0.285 to 0.0.286 (#3014) by @dependabot
This release was made possible by the following contributors:
@adriantomas, @aradyaron, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @nejcskofic, @walmsles and @waveFrontSet
v2.23.1
Summary
This patch release primarily addresses a fix for customers who utilize default tags and metric-specific tags within the Datadog Metrics provider. Tags are now merged seamlessly, effectively resolving precedence conflicts that can arise when using tags with the same key.
The newly generated metric is now:
{
"m": "SuccessfulBooking",
"v": 1,
"e": 1692736997,
"t": [
"product:ticket"
"flight:AB123",
]
}
🌟 Huge thanks to @ecokes for reporting and reproducing it.
Changes
- fix(ci): revert aws credentials action (#3010) by @rubenfonseca
📜 Documentation updates
- chore(deps): bump squidfunk/mkdocs-material from
cd3a522
to97da15b
in /docs (#2987) by @dependabot
🐛 Bug and hot fixes
- fix(ci): change SAR assume role options (#3005) by @rubenfonseca
- fix(metrics): preserve default_tags when metric-specific tag is set in Datadog provider (#2997) by @leandrodamascena
- fix(event_handler): make invalid chars a raw str to fix invalid escape sequence (#2982) by @rubenfonseca
🔧 Maintenance
- chore(deps): bump aws-actions/configure-aws-credentials from 2.2.0 to 3.0.0 (#3000) by @dependabot
- chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#2999) by @dependabot
- fix(metrics): preserve default_tags when metric-specific tag is set in Datadog provider (#2997) by @leandrodamascena
- chore(deps): bump slsa-framework/slsa-github-generator from 1.8.0 to 1.9.0 (#2992) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.92.0 to 2.93.0 (#2993) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
cd3a522
to97da15b
in /docs (#2987) by @dependabot - chore(deps-dev): bump mkdocs-material from 9.2.0 to 9.2.3 (#2988) by @dependabot
- chore(deps-dev): bump mkdocs-material from 9.1.21 to 9.2.0 (#2984) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#2983) by @dependabot
- chore(deps-dev): bump ruff from 0.0.284 to 0.0.285 (#2977) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#2978) by @dependabot
This release was made possible by the following contributors:
@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @leandrodamascena and @rubenfonseca
v2.23.0
Summary
This release adds the most requested feature ever: observability providers. You can now send custom metrics to Datadog using the same optimized development experience Powertools for AWS Lambda offers.
Also, you can now use our provided Lambda Layer in the new AWS Israel region (il-central-1).
⭐ ⭐ Huge thanks to Petar Lishov and Roger Zhang for your help!
External observability providers
Three years ago, we launched Powertools for AWS Lambda Python, making it easier to instrument your code with distributed tracing (Tracer), structured logging (Logger), and custom metrics (Metrics).
With the community, we’ve grown way past Observability and into several best practices, including 16 major features integrating with 15+ AWS services.
Today, we couldn’t be happier to share what we’ve been working with the community for the last 4 months. You can now switch back and forth between CloudWatch EMF and Datadog for creating custom metrics, with minimal friction.
We will continue to develop our main integration with Amazon CloudWatch EMF and AWS X-Ray. That said, this release opens up possibilities for integrating with other AWS Lambda observability partners within Powertools for AWS Lambda.
We would love to hear from you on which observability provider we should prioritize next!
Changes
- refactor(metrics): move from protocol to ABC; split provider tests (#2934) by @leandrodamascena
🌟New features and non-breaking changes
- feat(metrics): add Datadog observability provider (#2906) by @roger-zhangg
- feat(event_handler): allow stripping route prefixes using regexes (#2521) by @royassis
- feat(layers): add new comercial region Israel(Tel Aviv) (#2907) by @leandrodamascena
- feat(metrics): support to bring your own metrics provider (#2194) by @roger-zhangg
📜 Documentation updates
- docs(roadmap): add GovCloud and China region item (#2960) by @heitorlessa
- docs(metrics): update Datadog integration diagram (#2954) by @aal80
- feat(metrics): add Datadog observability provider (#2906) by @roger-zhangg
- feat(event_handler): allow stripping route prefixes using regexes (#2521) by @royassis
- chore(deps): bump gitpython from 3.1.31 to 3.1.32 in /docs (#2948) by @dependabot
- chore(docs): include the environment variables section in the utilities documentation (#2925) by @barreeeiroo
- chore(docs): disable line length rule using older syntax (#2920) by @heitorlessa
- feat(layers): add new comercial region Israel(Tel Aviv) (#2907) by @leandrodamascena
- docs(roadmap): update roadmap themes (#2915) by @heitorlessa
- feat(metrics): support to bring your own metrics provider (#2194) by @roger-zhangg
- docs(batch): explain record type discrepancy in failure and success handler (#2868) by @duc00
- docs(navigation): remove nofollow attribute for internal links (#2867) by @leandrodamascena
- docs(tutorial): add support for Python 3.11 (#2860) by @leandrodamascena
- chore(deps): bump squidfunk/mkdocs-material from
33e28bd
tocd3a522
in /docs (#2859) by @dependabot - docs(batch): new visuals and error handling section (#2857) by @heitorlessa
- docs(navigation): add nofollow attribute (#2842) by @leandrodamascena
🐛 Bug and hot fixes
- fix(parser): API Gateway V2 request context scope field should be optional (#2961) by @leandrodamascena
- refactor(e2e): support fail fast in get_lambda_response (#2912) by @heitorlessa
- fix(metrics): proxy service and namespace attrs to provider (#2910) by @leandrodamascena
- fix(logger): strip xray_trace_id when explicitly disabled (#2852) by @heitorlessa
🔧 Maintenance
- chore(deps): bump actions/setup-node from 3.8.0 to 3.8.1 (#2970) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#2971) by @dependabot
- chore(deps-dev): bump the boto-typing group with 3 updates (#2967) by @dependabot
- chore(deps-dev): bump radon from 5.1.0 to 6.0.1 (#2964) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.91.0 to 2.92.0 (#2965) by @dependabot
- chore(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8 (#2963) by @dependabot
- docs(metrics): update Datadog integration diagram (#2954) by @aal80
- chore(deps-dev): bump cfn-lint from 0.79.6 to 0.79.7 (#2956) by @dependabot
- chore(deps): bump actions/setup-node from 3.7.0 to 3.8.0 (#2957) by @dependabot
- chore(deps-dev): bump xenon from 0.9.0 to 0.9.1 (#2955) by @dependabot
- feat(metrics): add Datadog observability provider (#2906) by @roger-zhangg
- chore(deps): bump pypa/gh-action-pypi-publish from 1.8.9 to 1.8.10 (#2946) by @dependabot
- chore(deps): bump gitpython from 3.1.31 to 3.1.32 in /docs (#2948) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.90.0 to 2.91.0 (#2947) by @dependabot
- chore(deps-dev): bump the boto-typing group with 1 update (#2944) by @dependabot
- chore(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.9 (#2943) by @dependabot
- chore(deps-dev): bump ruff from 0.0.283 to 0.0.284 (#2940) by @dependabot
- chore(docs): include the environment variables section in the utilities documentation (#2925) by @barreeeiroo
- chore(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7 (#2941) by @dependabot
- chore(deps-dev): bump ruff from 0.0.282 to 0.0.283 (#2937) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.89.0 to 2.90.0 (#2932) by @dependabot
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#2933) by @dependabot
- chore(deps-dev): bump the boto-typing group with 4 updates (#2928) by @dependabot
- chore(deps): bump slsa-framework/slsa-github-generator from 1.7.0 to 1.8.0 (#2927) by @dependabot
- chore(maintenance): enables publishing docs and changelog, running e2e tests only in the main repository (#2924) by @ivica-k
- chore(docs): disable line length rule using older syntax (#2920) by @heitorlessa
- docs(roadmap): update roadmap themes (#2915) by @heitorlessa
- chore(ci): enable protected branch auditing (#2913) by @heitorlessa
- chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 2 updates (#2904) by @dependabot
- chore(deps-dev): bump ruff from 0.0.281 to 0.0.282 (#2905) by @dependabot
- feat(metrics): support to bring your own metrics provider (#2194) by @roger-zhangg
- chore(deps-dev): bump ruff from 0.0.280 to 0.0.281 (#2891) by @dependabot
- chore(deps-dev): bump sentry-sdk from 1.28.1 to 1.29.0 (#2900) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.79.5 to 0.79.6 (#2899) by @dependabot
- chore(deps-dev): bump the boto-typing group with 11 updates (#2901) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.30 to 1.18.31 in /layer/scripts/layer-balancer (#2889) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.88.0 to 2.89.0 (#2887) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.38.1 to 1.39.0 in /layer/scripts/layer-balancer (#2890) by @dependabot
- chore(deps-dev): bump mkdocs-material from 9.1.19 to 9.1.21 (#2894) by @dependabot
- chore(ci): group dependabot updates (#2896) by @heitorlessa
- chore(deps-dev): bump mypy-boto3-logs from 1.28.1 to 1.28.15 (#2880) by @dependabot
- chore(deps-dev): bump mypy-boto3-appconfigdata from 1.28.0 to 1.28.15 (#2879) by @dependabot
- chore(deps-dev): bump mypy-boto3-lambda from 1.28.11 to 1.28.15 (#2878) by @dependabot
- chore(deps-dev): bump mypy-boto3-xray from 1.28.0 to 1.28.15 (#2881) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.29 to 1.18.30 in /layer/scripts/layer-balancer (#2875) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.38.0 to 1.38.1 in /layer/scripts/layer-balancer (#2876) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.19.0 to 1.19.1 in /layer/scripts/layer-balancer (#2877) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.79.4 to 0.79.5 (#2870) by @dependabot
- docs(navigation): remove nofollow attribute for internal links (#2867) by @leandrodamascena
- chore(deps-dev): bump mypy-boto3-cloudformation from 1.28.10 to 1.28.12 (#2864) by @dependabot
- chore(deps-dev): bump mypy-boto3-cloudwatch from 1.28.0 to 1.28.12 (#2865) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.79.3 to 0.79.4 (#2862) by @dependabot
- chore(deps-dev): bump mypy-boto3-appconfig from 1.28.0 to 1.28.12 (#2861) by @dependabot
- chore(deps-dev): bump mypy-boto3-ssm from 1.28.0 to 1.28.12 (#2863) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
33e28bd
tocd3a522
in /docs (#2859) by @dependabot - chore(deps-dev): bump cfn-lint from 0.78.2 to 0.79.3 (#2854) by @dependabot
- docs(navigation): add nofollow attribute (#2842) by @leandrodamascena
- chore(deps-dev): bump mypy-boto3-lambda from 1.28.0 to 1.28.11 (#2845) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.28 to 1.18.29 in /layer/scripts/layer-balancer (#2844) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.37.1 to 1.38.0 in /layer/scripts/layer-balancer (#2843) by @dependabot
- chore(deps-dev): bump mypy-boto3-dynamodb from 1.28.0 to 1.28.11 (#2847) by @dependabot
- chore(deps): bump pydantic from 1.10.11 to 1.10.12 ...
v2.22.0
Summary
This release follows the newly announced Python 3.11 runtime in AWS Lambda 🚀. It also adds a revamped Batch Processing documentation, along with numerous bug fixes.
⭐ Huge thanks to new contributors: @94Sip and @duc00 for helping us improve Batch's documentation
Batch Processing documentation
This release adds a new error handling section, contextual information in key code snippets, and several new diagrams to improve understanding about Batch Processors and AWS Lambda Report Item Batch Failure feature.
Changes
🌟New features and non-breaking changes
- feat(general): add support for Python 3.11 (#2820) by @rubenfonseca
📜 Documentation updates
- docs(navigation): add nofollow attribute (#2842) by @leandrodamascena
- feat(general): add support for Python 3.11 (#2820) by @rubenfonseca
- docs(parameters): improve readability on error handling get_parameter… (#2833) by @heitorlessa
- docs(community): new batch processing article (#2828) by @ran-isenberg
🐛 Bug and hot fixes
- fix(logger): strip xray_trace_id when explicitly disabled (#2852) by @heitorlessa
- fix(parameters): distinct cache key for single vs path with same name (#2839) by @heitorlessa
🔧 Maintenance
- chore(deps-dev): bump cfn-lint from 0.78.2 to 0.79.3 (#2854) by @dependabot
- docs(navigation): add nofollow attribute (#2842) by @leandrodamascena
- chore(deps-dev): bump mypy-boto3-lambda from 1.28.0 to 1.28.11 (#2845) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.28 to 1.18.29 in /layer/scripts/layer-balancer (#2844) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.37.1 to 1.38.0 in /layer/scripts/layer-balancer (#2843) by @dependabot
- chore(deps-dev): bump mypy-boto3-dynamodb from 1.28.0 to 1.28.11 (#2847) by @dependabot
- chore(deps): bump pydantic from 1.10.11 to 1.10.12 (#2846) by @dependabot
- chore(deps-dev): bump mypy-boto3-cloudformation from 1.28.0 to 1.28.10 (#2837) by @dependabot
- chore(deps-dev): bump ruff from 0.0.279 to 0.0.280 (#2836) by @dependabot
- chore(ci): add baking time for layer build (#2834) by @heitorlessa
- feat(general): add support for Python 3.11 (#2820) by @rubenfonseca
- chore(ci): build changelog on a schedule only (#2832) by @heitorlessa
- chore(deps-dev): bump ruff from 0.0.278 to 0.0.279 (#2822) by @dependabot
- chore(deps): bump actions/setup-python from 4.6.1 to 4.7.0 (#2821) by @dependabot
- chore(deps-dev): bump cfn-lint from 0.78.1 to 0.78.2 (#2823) by @dependabot
This release was made possible by the following contributors:
@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena, @ran-isenberg and @rubenfonseca
v2.21.0
Summary
We are happy to announce the official support for Pydantic V2. 🚀🚀🚀🚀
This offers you the flexibility to choose between Pydantic v1 and v2 with no breaking changes. This 3-week significant effort wouldn’t be possible without many Pydantic experts from our community, and the Pydantic team for fixing a regression - thank you!!
New public reference. A big thank you to @ovahal at Jit Security.
⭐ Huge thanks to our new contributor: @tinti!
Support for Pydantic v2
Pydantic recently released version 2, bringing a plethora of exciting improvements and enhancements.
We did an extensive research on breaking changes between v1 and v2 to provide a smooth transition, when using Powertools for AWS Lambda (Python) Parser models and envelopes.
Changes
🌟New features and non-breaking changes
- feat(parser): add support for Pydantic v2 (#2733) by @leandrodamascena
📜 Documentation updates
- feat(parser): add support for Pydantic v2 (#2733) by @leandrodamascena
- docs(customer-reference): add Jit Security as a customer reference (#2801) by @leandrodamascena
- fix(docs): remove redundant code in the tutorial section (#2796) by @tinti
- chore(deps): bump squidfunk/mkdocs-material from
a28ed81
to33e28bd
in /docs (#2797) by @dependabot
🐛 Bug and hot fixes
🔧 Maintenance
- feat(parser): add support for Pydantic v2 (#2733) by @leandrodamascena
- chore(deps-dev): bump aws-cdk from 2.87.0 to 2.88.0 (#2812) by @dependabot
- chore(deps-dev): bump types-requests from 2.31.0.1 to 2.31.0.2 (#2806) by @dependabot
- chore(deps-dev): bump mypy-boto3-s3 from 1.28.3.post2 to 1.28.8 (#2808) by @dependabot
- chore(deps-dev): bump types-python-dateutil from 2.8.19.13 to 2.8.19.14 (#2807) by @dependabot
- chore(deps-dev): bump mypy-boto3-secretsmanager from 1.28.3.post1 to 1.28.3.post2 (#2794) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
a28ed81
to33e28bd
in /docs (#2797) by @dependabot - chore(deps-dev): bump mkdocs-material from 9.1.18 to 9.1.19 (#2798) by @dependabot
- chore(deps-dev): bump mypy-boto3-s3 from 1.28.3.post1 to 1.28.3.post2 (#2793) by @dependabot
- chore(security): improve debugging for provenance script (#2784) by @heitorlessa
- chore(deps-dev): bump mypy-boto3-secretsmanager from 1.28.3 to 1.28.3.post1 (#2785) by @dependabot
- chore(deps-dev): bump mypy-boto3-s3 from 1.28.3 to 1.28.3.post1 (#2786) by @dependabot
This release was made possible by the following contributors:
@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena and @tinti
v2.20.0
Summary
This release introduces signed and verifiable builds for PyPi, and a new documentation section to make our automation practices, maintainers playbook, and soon a re-imagined contributing guide more visible.
Love automation and CI/CD? We did an interview to walk through what's now documented under our new Automation section:
Verifying signed builds
As of today's release, you can now publicly verify our builds came from a trusted source to further strengthen supply chain security. We created a new Security section in our documentation with steps you can take to verify releases.
You can skip this part if you're not interested in the supply chain security space
For the past few months, we've been working hard to improve our operational and security posture. The biggest chunk of work was introducing Open Source Security Foundation (OSSF) Scorecard project to generate security health metrics, proactive security alerts, and attest we've been following OSSF Best Practices.
We couldn't be happier with the results.
Through the research, we've learned about SLSA as a framework to produce verifiable reproducible builds within our release pipeline. This enables our more security conscious customers to guarantee our releases came from this repository and every step can be publicly traced back.
Provenance step within our release pipeline to attest its reproducibility and authenticity
Changes
- refactor(parser): convert functional tests to unit tests (#2656) by @leandrodamascena
🌟New features and non-breaking changes
- feat(metrics): support to set default dimension in EphemeralMetrics (#2748) by @leandrodamascena
📜 Documentation updates
- docs(process): explain our integration automated checks; revamp navigation (#2764) by @heitorlessa
- chore(ci): introduce provenance and attestation in release (#2746) by @heitorlessa
- feat(metrics): support to set default dimension in EphemeralMetrics (#2748) by @leandrodamascena
- docs(batch): fix custom batch processor example (#2714) by @heitorlessa
- docs(maintainers): add cicd pipeline diagram (#2692) by @heitorlessa
- docs(contributing): add code integration journey graph (#2685) by @heitorlessa
- chore(ci): enforce pip --require-hashes to maybe satistify scorecard (#2679) by @heitorlessa
- chore(deps): bump squidfunk/mkdocs-material from
3837c0f
toa28ed81
in /docs (#2669) by @dependabot - chore(ci): use deps sha for docs and gitpod images based on ossf findings (#2662) by @heitorlessa
🐛 Bug and hot fixes
- fix(logger): ensure logs stream to stdout by default, not stderr (#2736) by @heitorlessa
- fix(docs): ensure alias is applied to versioned releases (#2644) by @sthulb
- fix(docs): ensure version alias is in an array to prevent "you're not viewing the latest version" incorrect message (#2629) by @sthulb
🔧 Maintenance
- chore(deps-dev): bump mypy-boto3-secretsmanager from 1.28.0 to 1.28.3 (#2773) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.37.0 to 1.37.1 in /layer/scripts/layer-balancer (#2769) by @dependabot
- chore(deps-dev): bump sentry-sdk from 1.28.0 to 1.28.1 (#2772) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.27 to 1.18.28 in /layer/scripts/layer-balancer (#2770) by @dependabot
- chore(deps): bump actions/setup-python from 4.6.1 to 4.7.0 (#2768) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.18.1 to 1.19.0 in /layer/scripts/layer-balancer (#2771) by @dependabot
- chore(deps-dev): bump mypy-boto3-s3 from 1.28.0 to 1.28.3 (#2774) by @dependabot
- docs(process): explain our integration automated checks; revamp navigation (#2764) by @heitorlessa
- chore(deps-dev): bump cfn-lint from 0.77.10 to 0.78.1 (#2757) by @dependabot
- chore(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8 (#2754) by @dependabot
- chore(deps-dev): bump pytest-asyncio from 0.21.0 to 0.21.1 (#2756) by @dependabot
- chore(deps): bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#2755) by @dependabot
- chore(deps-dev): bump ruff from 0.0.277 to 0.0.278 (#2758) by @dependabot
- chore(streaming): replace deprecated Version classes from distutils (#2752) by @leandrodamascena
- chore(ci): introduce provenance and attestation in release (#2746) by @heitorlessa
- chore(deps-dev): bump sentry-sdk from 1.27.1 to 1.28.0 (#2741) by @dependabot
- chore(deps-dev): bump mypy-boto3-secretsmanager from 1.27.0 to 1.28.0 (#2739) by @dependabot
- chore(deps-dev): bump mypy-boto3-dynamodb from 1.27.0 to 1.28.0 (#2740) by @dependabot
- chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 2.1.3 to 2.1.4 (#2738) by @dependabot
- chore(deps-dev): bump mypy-boto3-xray from 1.27.0 to 1.28.0 (#2720) by @dependabot
- chore(deps-dev): bump mypy-boto3-ssm from 1.27.0 to 1.28.0 (#2724) by @dependabot
- chore(deps-dev): bump mypy-boto3-logs from 1.27.0 to 1.28.1 (#2723) by @dependabot
- chore(deps-dev): bump mypy-boto3-s3 from 1.27.0 to 1.28.0 (#2721) by @dependabot
- chore(deps-dev): bump mypy-boto3-appconfig from 1.27.0 to 1.28.0 (#2722) by @dependabot
- chore(deps): bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#2718) by @dependabot
- chore(governance): update active maintainers list (#2715) by @heitorlessa
- chore(ci): prevent sast codeql to run in forks (#2711) by @heitorlessa
- chore(user-agent): support patching botocore session (#2614) by @roger-zhangg
- chore(deps-dev): bump mypy-boto3-cloudwatch from 1.27.0 to 1.28.0 (#2697) by @dependabot
- chore(deps-dev): bump aws-cdk from 2.86.0 to 2.87.0 (#2696) by @dependabot
- chore(deps-dev): bump mypy-boto3-lambda from 1.27.0 to 1.28.0 (#2698) by @dependabot
- chore(deps-dev): bump mypy-boto3-appconfigdata from 1.27.0 to 1.28.0 (#2699) by @dependabot
- chore(deps-dev): bump mypy-boto3-cloudformation from 1.27.0 to 1.28.0 (#2700) by @dependabot
- chore(deps-dev): bump sentry-sdk from 1.27.0 to 1.27.1 (#2701) by @dependabot
- chore(ci): address ossf scorecard findings on npm, pip, and top-level permission leftover (#2694) by @heitorlessa
- docs(maintainers): add cicd pipeline diagram (#2692) by @heitorlessa
- chore(deps): bump actions/setup-node from 3.6.0 to 3.7.0 (#2689) by @dependabot
- docs(contributing): add code integration journey graph (#2685) by @heitorlessa
- chore(deps-dev): bump ruff from 0.0.276 to 0.0.277 (#2682) by @dependabot
- chore(ci): enforce pip --require-hashes to maybe satistify scorecard (#2679) by @heitorlessa
- chore(ci): add gitleaks in pre-commit hooks as an extra safety measure (#2677) by @step-security-bot
- chore(deps): bump pydantic from 1.10.10 to 1.10.11 (#2671) by @dependabot
- chore(deps-dev): bump typed-ast from 1.5.4 to 1.5.5 (#2670) by @dependabot
- chore(deps): bump squidfunk/mkdocs-material from
3837c0f
toa28ed81
in /docs (#2669) by @dependabot - chore(deps-dev): bump ruff from 0.0.275 to 0.0.276 (#2655) by @dependabot
- chore(deps-dev): bump sentry-sdk from 1.26.0 to 1.27.0 (#2652) by @dependabot
- chore(deps): migrate from retry to retry2 to address CVE-2022-42969 (#2665) by @heitorlessa
- chore(ci): use sast on every commit on any supported language (#2646) by @heitorlessa
- chore(ci): use deps sha for docs and gitpod images based on ossf findings (#2662) by @heitorlessa
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.17.8 to 1.18.27 in /layer/scripts/layer-balancer (#2651) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.24.6 to 1.37.0 in /layer/scripts/layer-balancer (#2653) by @dependabot
- chore(deps): bump golang.org/x/sync from 0.1.0 to 0.3.0 in /layer/scripts/layer-balancer (#2649) by @dependabot
- chore(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.6 (#2650) by @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.16.16 to 1.18.1 in /layer/scripts/layer-balancer (#2654) by @dependabot
- chore(ci): improves dependabot based on ossf scorecard recommendations (#2647) by @step-security-bot
- chore(ci): propagate checkout permission to nested workflows (#2642) by @heitorlessa
- chore(ci): enforce top-level permission to minimum fail-safe permission as per openssf (#2638) by @step-security-bot
- chore(ci): prevent merging PRs that do not meet minimum requirements (#2639) by @heitorlessa
- chore(deps-dev): bump mypy-boto3-appconfigdata from 1.26.70 to 1.27.0 (#2636) by @dependabot
- chore(deps): bump pydantic from 1.10.9 to 1.10.10 (#2624) by @dependabot
- chore(deps-dev): bump mypy-boto3-dynamodb from 1.26.158 to 1.26.164 (#2622) by @dependabot
This release was made possible by the following contributors:
@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena, @roger-zhangg, @step-security-bot and @sthulb