Skip to content

Releases: aws-powertools/powertools-lambda-python

v2.24.0

08 Sep 13:37
@github-actions github-actions
v2.24.0
2f2bda7
Compare
Choose a tag to compare
v2.24.0

Summary

This release brings custom serialization/deserialization to Idempotency, and Middleware support in Event Handler (API Gateway REST/HTTP, ALB, Lambda Function URL, VPC Lattice). Oh didn't I say some bug fixes too? 🙏

🌟 Big welcome to the new contributors: @adriantomas, @aradyaron, @nejcskofic, @waveFrontSet

Middleware launch

Idempotency custom serialization

Docs
🌟 Huge thanks to @aradyaron!!

Previously, any function annotated with @idempotent_function will have its return type as a JSON object - this was challenging for customers using Pydantic, Dataclasses, or any custom types.

You can now use output_serializer to automatically serialize the return type for Dataclasses or Pydantic, and bring your own serializer/deserializer too!

from aws_lambda_powertools.utilities.idempotency import (
    DynamoDBPersistenceLayer,
    IdempotencyConfig,
    idempotent_function,
)
from aws_lambda_powertools.utilities.idempotency.serialization.pydantic import PydanticSerializer
from aws_lambda_powertools.utilities.parser import BaseModel
from aws_lambda_powertools.utilities.typing import LambdaContext

dynamodb = DynamoDBPersistenceLayer(table_name="IdempotencyTable")
config = IdempotencyConfig(event_key_jmespath="order_id")  # see Choosing a payload subset section


class OrderItem(BaseModel):
    sku: str
    description: str


class Order(BaseModel):
    item: OrderItem
    order_id: int


class OrderOutput(BaseModel):
    order_id: int


@idempotent_function(
    data_keyword_argument="order",
    config=config,
    persistence_store=dynamodb,
    output_serializer=PydanticSerializer,
)
# order output is inferred from return type
def process_order(order: Order) -> OrderOutput:
    return OrderOutput(order_id=order.order_id)


def lambda_handler(event: dict, context: LambdaContext):
    config.register_lambda_context(context)  # see Lambda timeouts section
    order_item = OrderItem(sku="fake", description="sample")
    order = Order(item=order_item, order_id=1)

    # `order` parameter must be called as a keyword argument to work
    process_order(order=order)

Middleware in Event Handler

Docs
🌟 Huge thanks to @walmsles for the implementation and marvelous illustrations!!

image

You can now bring your own middleware to run logic before or after requests when using Event Handler.

The goal continues to be having built-in features over middlewares, so you don't have to own boilerplate code. That said, we recognize we can't virtually cover every use case - that's where middleware comes in!

Example using per-route and global middlewares

import middleware_global_middlewares_module
import requests

from aws_lambda_powertools import Logger
from aws_lambda_powertools.event_handler import APIGatewayRestResolver, Response

app = APIGatewayRestResolver()
logger = Logger()

app.use(middlewares=[middleware_global_middlewares_module.log_request_response])


@app.get("/todos", middlewares=[middleware_global_middlewares_module.inject_correlation_id])
def get_todos():
    todos: Response = requests.get("https://jsonplaceholder.typicode.com/todos")
    todos.raise_for_status()

    return {"todos": todos.json()[:10]}


@logger.inject_lambda_context
def lambda_handler(event, context):
    return app.resolve(event, context)

Changes

🌟New features and non-breaking changes

  • feat(event_handler): add Middleware support for REST Event Handler (#2917) by @walmsles
  • feat(idempotency): add support to custom serialization/deserialization on idempotency decorator (#2951) by @aradyaron

📜 Documentation updates

  • feat(event_handler): add Middleware support for REST Event Handler (#2917) by @walmsles
  • feat(idempotency): add support to custom serialization/deserialization on idempotency decorator (#2951) by @aradyaron
  • chore(deps): bump squidfunk/mkdocs-material from f4764d1 to dd1770c in /docs (#3044) by @dependabot
  • chore(deps): bump squidfunk/mkdocs-material from b1f7f94 to f4764d1 in /docs (#3031) by @dependabot
  • chore(deps): bump squidfunk/mkdocs-material from 97da15b to b1f7f94 in /docs (#3021) by @dependabot

🐛 Bug and hot fixes

  • fix(parser): change ApproximateCreationDateTime field to datetime in DynamoDBStreamChangedRecordModel (#3049) by @waveFrontSet
  • fix(event_handler): expanding safe URI characters to include +$& (#3026) by @nejcskofic

🔧 Maintenance

  • chore(deps-dev): bump pytest from 7.4.1 to 7.4.2 (#3057) by @dependabot
  • chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#3053) by @dependabot
  • chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 1 update (#3052) by @dependabot
  • chore(deps-dev): bump hvac from 1.1.1 to 1.2.0 (#3054) by @dependabot
  • chore(deps-dev): bump cfn-lint from 0.79.8 to 0.79.9 (#3046) by @dependabot
  • chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 (#3041) by @dependabot
  • chore(deps-dev): bump mkdocs-material from 9.2.6 to 9.2.7 (#3043) by @dependabot
  • chore(deps-dev): bump pytest from 7.4.0 to 7.4.1 (#3042) by @dependabot
  • chore(deps): bump squidfunk/mkdocs-material from f4764d1 to dd1770c in /docs (#3044) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.93.0 to 2.94.0 (#3036) by @dependabot
  • chore(deps-dev): bump ruff from 0.0.286 to 0.0.287 (#3035) by @dependabot
  • chore(deps-dev): bump cfn-lint from 0.79.7 to 0.79.8 (#3033) by @dependabot
  • chore(deps): bump squidfunk/mkdocs-material from b1f7f94 to f4764d1 in /docs (#3031) by @dependabot
  • chore(deps-dev): bump mkdocs-material from 9.2.5 to 9.2.6 (#3032) by @dependabot
  • chore(deps-dev): bump sentry-sdk from 1.29.2 to 1.30.0 (#3028) by @dependabot
  • chore(deps-dev): bump the boto-typing group with 11 updates (#3027) by @dependabot
  • chore(deps): bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#3022) by @dependabot
  • chore(deps): bump squidfunk/mkdocs-material from 97da15b to b1f7f94 in /docs (#3021) by @dependabot
  • chore(deps-dev): bump the boto-typing group with 1 update (#3013) by @dependabot
  • chore(deps-dev): bump ruff from 0.0.285 to 0.0.286 (#3014) by @dependabot

This release was made possible by the following contributors:

@adriantomas, @aradyaron, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @nejcskofic, @walmsles and @waveFrontSet

Contributors

walmsles, waveFrontSet, and 4 other contributors
Assets 3
Loading

v2.23.1

25 Aug 16:17
@github-actions github-actions
v2.23.1
c325f49
Compare
Choose a tag to compare
v2.23.1

Summary

This patch release primarily addresses a fix for customers who utilize default tags and metric-specific tags within the Datadog Metrics provider. Tags are now merged seamlessly, effectively resolving precedence conflicts that can arise when using tags with the same key.

image

The newly generated metric is now:

{
    "m": "SuccessfulBooking",
    "v": 1,
    "e": 1692736997,
    "t": [
        "product:ticket"
        "flight:AB123",
    ]
}

🌟 Huge thanks to @ecokes for reporting and reproducing it.

Changes

📜 Documentation updates

  • chore(deps): bump squidfunk/mkdocs-material from cd3a522 to 97da15b in /docs (#2987) by @dependabot

🐛 Bug and hot fixes

🔧 Maintenance

  • chore(deps): bump aws-actions/configure-aws-credentials from 2.2.0 to 3.0.0 (#3000) by @dependabot
  • chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 (#2999) by @dependabot
  • fix(metrics): preserve default_tags when metric-specific tag is set in Datadog provider (#2997) by @leandrodamascena
  • chore(deps): bump slsa-framework/slsa-github-generator from 1.8.0 to 1.9.0 (#2992) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.92.0 to 2.93.0 (#2993) by @dependabot
  • chore(deps): bump squidfunk/mkdocs-material from cd3a522 to 97da15b in /docs (#2987) by @dependabot
  • chore(deps-dev): bump mkdocs-material from 9.2.0 to 9.2.3 (#2988) by @dependabot
  • chore(deps-dev): bump mkdocs-material from 9.1.21 to 9.2.0 (#2984) by @dependabot
  • chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#2983) by @dependabot
  • chore(deps-dev): bump ruff from 0.0.284 to 0.0.285 (#2977) by @dependabot
  • chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#2978) by @dependabot

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @leandrodamascena and @rubenfonseca

Contributors

rubenfonseca, leandrodamascena, and 2 other contributors
Assets 3
Loading

v2.23.0

18 Aug 17:17
@github-actions github-actions
v2.23.0
275116c
Compare
Choose a tag to compare
v2.23.0

Summary

This release adds the most requested feature ever: observability providers. You can now send custom metrics to Datadog using the same optimized development experience Powertools for AWS Lambda offers.

carbon (18)

Also, you can now use our provided Lambda Layer in the new AWS Israel region (il-central-1).

⭐ ⭐ Huge thanks to Petar Lishov and Roger Zhang for your help!

External observability providers

Docs

Three years ago, we launched Powertools for AWS Lambda Python, making it easier to instrument your code with distributed tracing (Tracer), structured logging (Logger), and custom metrics (Metrics).

With the community, we’ve grown way past Observability and into several best practices, including 16 major features integrating with 15+ AWS services.

Today, we couldn’t be happier to share what we’ve been working with the community for the last 4 months. You can now switch back and forth between CloudWatch EMF and Datadog for creating custom metrics, with minimal friction.

We will continue to develop our main integration with Amazon CloudWatch EMF and AWS X-Ray. That said, this release opens up possibilities for integrating with other AWS Lambda observability partners within Powertools for AWS Lambda.

We would love to hear from you on which observability provider we should prioritize next!

Changes

🌟New features and non-breaking changes

📜 Documentation updates

🐛 Bug and hot fixes

🔧 Maintenance

  • chore(deps): bump actions/setup-node from 3.8.0 to 3.8.1 (#2970) by @dependabot
  • chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#2971) by @dependabot
  • chore(deps-dev): bump the boto-typing group with 3 updates (#2967) by @dependabot
  • chore(deps-dev): bump radon from 5.1.0 to 6.0.1 (#2964) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.91.0 to 2.92.0 (#2965) by @dependabot
  • chore(deps): bump actions/dependency-review-action from 3.0.7 to 3.0.8 (#2963) by @dependabot
  • docs(metrics): update Datadog integration diagram (#2954) by @aal80
  • chore(deps-dev): bump cfn-lint from 0.79.6 to 0.79.7 (#2956) by @dependabot
  • chore(deps): bump actions/setup-node from 3.7.0 to 3.8.0 (#2957) by @dependabot
  • chore(deps-dev): bump xenon from 0.9.0 to 0.9.1 (#2955) by @dependabot
  • feat(metrics): add Datadog observability provider (#2906) by @roger-zhangg
  • chore(deps): bump pypa/gh-action-pypi-publish from 1.8.9 to 1.8.10 (#2946) by @dependabot
  • chore(deps): bump gitpython from 3.1.31 to 3.1.32 in /docs (#2948) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.90.0 to 2.91.0 (#2947) by @dependabot
  • chore(deps-dev): bump the boto-typing group with 1 update (#2944) by @dependabot
  • chore(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.9 (#2943) by @dependabot
  • chore(deps-dev): bump ruff from 0.0.283 to 0.0.284 (#2940) by @dependabot
  • chore(docs): include the environment variables section in the utilities documentation (#2925) by @barreeeiroo
  • chore(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.7 (#2941) by @dependabot
  • chore(deps-dev): bump ruff from 0.0.282 to 0.0.283 (#2937) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.89.0 to 2.90.0 (#2932) by @dependabot
  • chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#2933) by @dependabot
  • chore(deps-dev): bump the boto-typing group with 4 updates (#2928) by @dependabot
  • chore(deps): bump slsa-framework/slsa-github-generator from 1.7.0 to 1.8.0 (#2927) by @dependabot
  • chore(maintenance): enables publishing docs and changelog, running e2e tests only in the main repository (#2924) by @ivica-k
  • chore(docs): disable line length rule using older syntax (#2920) by @heitorlessa
  • docs(roadmap): update roadmap themes (#2915) by @heitorlessa
  • chore(ci): enable protected branch auditing (#2913) by @heitorlessa
  • chore(deps): bump the layer-balancer group in /layer/scripts/layer-balancer with 2 updates (#2904) by @dependabot
  • chore(deps-dev): bump ruff from 0.0.281 to 0.0.282 (#2905) by @dependabot
  • feat(metrics): support to bring your own metrics provider (#2194) by @roger-zhangg
  • chore(deps-dev): bump ruff from 0.0.280 to 0.0.281 (#2891) by @dependabot
  • chore(deps-dev): bump sentry-sdk from 1.28.1 to 1.29.0 (#2900) by @dependabot
  • chore(deps-dev): bump cfn-lint from 0.79.5 to 0.79.6 (#2899) by @dependabot
  • chore(deps-dev): bump the boto-typing group with 11 updates (#2901) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.30 to 1.18.31 in /layer/scripts/layer-balancer (#2889) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.88.0 to 2.89.0 (#2887) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.38.1 to 1.39.0 in /layer/scripts/layer-balancer (#2890) by @dependabot
  • chore(deps-dev): bump mkdocs-material from 9.1.19 to 9.1.21 (#2894) by @dependabot
  • chore(ci): group dependabot updates (#2896) by @heitorlessa
  • chore(deps-dev): bump mypy-boto3-logs from 1.28.1 to 1.28.15 (#2880) by @dependabot
  • chore(deps-dev): bump mypy-boto3-appconfigdata from 1.28.0 to 1.28.15 (#2879) by @dependabot
  • chore(deps-dev): bump mypy-boto3-lambda from 1.28.11 to 1.28.15 (#2878) by @dependabot
  • chore(deps-dev): bump mypy-boto3-xray from 1.28.0 to 1.28.15 (#2881) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.29 to 1.18.30 in /layer/scripts/layer-balancer (#2875) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.38.0 to 1.38.1 in /layer/scripts/layer-balancer (#2876) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.19.0 to 1.19.1 in /layer/scripts/layer-balancer (#2877) by @dependabot
  • chore(deps-dev): bump cfn-lint from 0.79.4 to 0.79.5 (#2870) by @dependabot
  • docs(navigation): remove nofollow attribute for internal links (#2867) by @leandrodamascena
  • chore(deps-dev): bump mypy-boto3-cloudformation from 1.28.10 to 1.28.12 (#2864) by @dependabot
  • chore(deps-dev): bump mypy-boto3-cloudwatch from 1.28.0 to 1.28.12 (#2865) by @dependabot
  • chore(deps-dev): bump cfn-lint from 0.79.3 to 0.79.4 (#2862) by @dependabot
  • chore(deps-dev): bump mypy-boto3-appconfig from 1.28.0 to 1.28.12 (#2861) by @dependabot
  • chore(deps-dev): bump mypy-boto3-ssm from 1.28.0 to 1.28.12 (#2863) by @dependabot
  • chore(deps): bump squidfunk/mkdocs-material from 33e28bd to cd3a522 in /docs (#2859) by @dependabot
  • chore(deps-dev): bump cfn-lint from 0.78.2 to 0.79.3 (#2854) by @dependabot
  • docs(navigation): add nofollow attribute (#2842) by @leandrodamascena
  • chore(deps-dev): bump mypy-boto3-lambda from 1.28.0 to 1.28.11 (#2845) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.28 to 1.18.29 in /layer/scripts/layer-balancer (#2844) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.37.1 to 1.38.0 in /layer/scripts/layer-balancer (#2843) by @dependabot
  • chore(deps-dev): bump mypy-boto3-dynamodb from 1.28.0 to 1.28.11 (#2847) by @dependabot
  • chore(deps): bump pydantic from 1.10.11 to 1.10.12 ...
Read more

Contributors

heitorlessa, aal80, and 7 other contributors
Assets 3
Loading

v2.22.0

27 Jul 20:03
@github-actions github-actions
v2.22.0
3bcaf35
Compare
Choose a tag to compare
v2.22.0

Summary

This release follows the newly announced Python 3.11 runtime in AWS Lambda 🚀. It also adds a revamped Batch Processing documentation, along with numerous bug fixes.

⭐ Huge thanks to new contributors: @94Sip and @duc00 for helping us improve Batch's documentation

Batch Processing documentation

Docs

This release adds a new error handling section, contextual information in key code snippets, and several new diagrams to improve understanding about Batch Processors and AWS Lambda Report Item Batch Failure feature.

New Error Handling section

New sequence diagrams

Changes

🌟New features and non-breaking changes

📜 Documentation updates

🐛 Bug and hot fixes

  • fix(logger): strip xray_trace_id when explicitly disabled (#2852) by @heitorlessa
  • fix(parameters): distinct cache key for single vs path with same name (#2839) by @heitorlessa

🔧 Maintenance

  • chore(deps-dev): bump cfn-lint from 0.78.2 to 0.79.3 (#2854) by @dependabot
  • docs(navigation): add nofollow attribute (#2842) by @leandrodamascena
  • chore(deps-dev): bump mypy-boto3-lambda from 1.28.0 to 1.28.11 (#2845) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.28 to 1.18.29 in /layer/scripts/layer-balancer (#2844) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.37.1 to 1.38.0 in /layer/scripts/layer-balancer (#2843) by @dependabot
  • chore(deps-dev): bump mypy-boto3-dynamodb from 1.28.0 to 1.28.11 (#2847) by @dependabot
  • chore(deps): bump pydantic from 1.10.11 to 1.10.12 (#2846) by @dependabot
  • chore(deps-dev): bump mypy-boto3-cloudformation from 1.28.0 to 1.28.10 (#2837) by @dependabot
  • chore(deps-dev): bump ruff from 0.0.279 to 0.0.280 (#2836) by @dependabot
  • chore(ci): add baking time for layer build (#2834) by @heitorlessa
  • feat(general): add support for Python 3.11 (#2820) by @rubenfonseca
  • chore(ci): build changelog on a schedule only (#2832) by @heitorlessa
  • chore(deps-dev): bump ruff from 0.0.278 to 0.0.279 (#2822) by @dependabot
  • chore(deps): bump actions/setup-python from 4.6.1 to 4.7.0 (#2821) by @dependabot
  • chore(deps-dev): bump cfn-lint from 0.78.1 to 0.78.2 (#2823) by @dependabot

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena, @ran-isenberg and @rubenfonseca

Contributors

rubenfonseca, heitorlessa, and 5 other contributors
Assets 3
Loading

v2.21.0

21 Jul 15:41
@github-actions github-actions
v2.21.0
34aae13
Compare
Choose a tag to compare
v2.21.0

Summary

We are happy to announce the official support for Pydantic V2. 🚀🚀🚀🚀

This offers you the flexibility to choose between Pydantic v1 and v2 with no breaking changes. This 3-week significant effort wouldn’t be possible without many Pydantic experts from our community, and the Pydantic team for fixing a regression - thank you!!

New public reference. A big thank you to @ovahal at Jit Security.

⭐ Huge thanks to our new contributor: @tinti!

Support for Pydantic v2

Docs

Pydantic recently released version 2, bringing a plethora of exciting improvements and enhancements.

We did an extensive research on breaking changes between v1 and v2 to provide a smooth transition, when using Powertools for AWS Lambda (Python) Parser models and envelopes.

image

Changes

🌟New features and non-breaking changes

📜 Documentation updates

🐛 Bug and hot fixes

  • fix(docs): remove redundant code in the tutorial section (#2796) by @tinti

🔧 Maintenance

  • feat(parser): add support for Pydantic v2 (#2733) by @leandrodamascena
  • chore(deps-dev): bump aws-cdk from 2.87.0 to 2.88.0 (#2812) by @dependabot
  • chore(deps-dev): bump types-requests from 2.31.0.1 to 2.31.0.2 (#2806) by @dependabot
  • chore(deps-dev): bump mypy-boto3-s3 from 1.28.3.post2 to 1.28.8 (#2808) by @dependabot
  • chore(deps-dev): bump types-python-dateutil from 2.8.19.13 to 2.8.19.14 (#2807) by @dependabot
  • chore(deps-dev): bump mypy-boto3-secretsmanager from 1.28.3.post1 to 1.28.3.post2 (#2794) by @dependabot
  • chore(deps): bump squidfunk/mkdocs-material from a28ed81 to 33e28bd in /docs (#2797) by @dependabot
  • chore(deps-dev): bump mkdocs-material from 9.1.18 to 9.1.19 (#2798) by @dependabot
  • chore(deps-dev): bump mypy-boto3-s3 from 1.28.3.post1 to 1.28.3.post2 (#2793) by @dependabot
  • chore(security): improve debugging for provenance script (#2784) by @heitorlessa
  • chore(deps-dev): bump mypy-boto3-secretsmanager from 1.28.3 to 1.28.3.post1 (#2785) by @dependabot
  • chore(deps-dev): bump mypy-boto3-s3 from 1.28.3 to 1.28.3.post1 (#2786) by @dependabot

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena and @tinti

Contributors

tinti, heitorlessa, and 2 other contributors
Assets 3
Loading

v2.20.0

14 Jul 13:20
@github-actions github-actions
v2.20.0
2e746d7
Compare
Choose a tag to compare
v2.20.0

Summary

This release introduces signed and verifiable builds for PyPi, and a new documentation section to make our automation practices, maintainers playbook, and soon a re-imagined contributing guide more visible.

Love automation and CI/CD? We did an interview to walk through what's now documented under our new Automation section:

image

Verifying signed builds

Docs

As of today's release, you can now publicly verify our builds came from a trusted source to further strengthen supply chain security. We created a new Security section in our documentation with steps you can take to verify releases.

You can skip this part if you're not interested in the supply chain security space

For the past few months, we've been working hard to improve our operational and security posture. The biggest chunk of work was introducing Open Source Security Foundation (OSSF) Scorecard project to generate security health metrics, proactive security alerts, and attest we've been following OSSF Best Practices.

We couldn't be happier with the results.

Open Source Security Foundation Best Practices

Through the research, we've learned about SLSA as a framework to produce verifiable reproducible builds within our release pipeline. This enables our more security conscious customers to guarantee our releases came from this repository and every step can be publicly traced back.

Provenance step within our release pipeline to attest its reproducibility and authenticity

image

Changes

🌟New features and non-breaking changes

📜 Documentation updates

  • docs(process): explain our integration automated checks; revamp navigation (#2764) by @heitorlessa
  • chore(ci): introduce provenance and attestation in release (#2746) by @heitorlessa
  • feat(metrics): support to set default dimension in EphemeralMetrics (#2748) by @leandrodamascena
  • docs(batch): fix custom batch processor example (#2714) by @heitorlessa
  • docs(maintainers): add cicd pipeline diagram (#2692) by @heitorlessa
  • docs(contributing): add code integration journey graph (#2685) by @heitorlessa
  • chore(ci): enforce pip --require-hashes to maybe satistify scorecard (#2679) by @heitorlessa
  • chore(deps): bump squidfunk/mkdocs-material from 3837c0f to a28ed81 in /docs (#2669) by @dependabot
  • chore(ci): use deps sha for docs and gitpod images based on ossf findings (#2662) by @heitorlessa

🐛 Bug and hot fixes

  • fix(logger): ensure logs stream to stdout by default, not stderr (#2736) by @heitorlessa
  • fix(docs): ensure alias is applied to versioned releases (#2644) by @sthulb
  • fix(docs): ensure version alias is in an array to prevent "you're not viewing the latest version" incorrect message (#2629) by @sthulb

🔧 Maintenance

  • chore(deps-dev): bump mypy-boto3-secretsmanager from 1.28.0 to 1.28.3 (#2773) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.37.0 to 1.37.1 in /layer/scripts/layer-balancer (#2769) by @dependabot
  • chore(deps-dev): bump sentry-sdk from 1.28.0 to 1.28.1 (#2772) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.27 to 1.18.28 in /layer/scripts/layer-balancer (#2770) by @dependabot
  • chore(deps): bump actions/setup-python from 4.6.1 to 4.7.0 (#2768) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.18.1 to 1.19.0 in /layer/scripts/layer-balancer (#2771) by @dependabot
  • chore(deps-dev): bump mypy-boto3-s3 from 1.28.0 to 1.28.3 (#2774) by @dependabot
  • docs(process): explain our integration automated checks; revamp navigation (#2764) by @heitorlessa
  • chore(deps-dev): bump cfn-lint from 0.77.10 to 0.78.1 (#2757) by @dependabot
  • chore(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8 (#2754) by @dependabot
  • chore(deps-dev): bump pytest-asyncio from 0.21.0 to 0.21.1 (#2756) by @dependabot
  • chore(deps): bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#2755) by @dependabot
  • chore(deps-dev): bump ruff from 0.0.277 to 0.0.278 (#2758) by @dependabot
  • chore(streaming): replace deprecated Version classes from distutils (#2752) by @leandrodamascena
  • chore(ci): introduce provenance and attestation in release (#2746) by @heitorlessa
  • chore(deps-dev): bump sentry-sdk from 1.27.1 to 1.28.0 (#2741) by @dependabot
  • chore(deps-dev): bump mypy-boto3-secretsmanager from 1.27.0 to 1.28.0 (#2739) by @dependabot
  • chore(deps-dev): bump mypy-boto3-dynamodb from 1.27.0 to 1.28.0 (#2740) by @dependabot
  • chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 2.1.3 to 2.1.4 (#2738) by @dependabot
  • chore(deps-dev): bump mypy-boto3-xray from 1.27.0 to 1.28.0 (#2720) by @dependabot
  • chore(deps-dev): bump mypy-boto3-ssm from 1.27.0 to 1.28.0 (#2724) by @dependabot
  • chore(deps-dev): bump mypy-boto3-logs from 1.27.0 to 1.28.1 (#2723) by @dependabot
  • chore(deps-dev): bump mypy-boto3-s3 from 1.27.0 to 1.28.0 (#2721) by @dependabot
  • chore(deps-dev): bump mypy-boto3-appconfig from 1.27.0 to 1.28.0 (#2722) by @dependabot
  • chore(deps): bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#2718) by @dependabot
  • chore(governance): update active maintainers list (#2715) by @heitorlessa
  • chore(ci): prevent sast codeql to run in forks (#2711) by @heitorlessa
  • chore(user-agent): support patching botocore session (#2614) by @roger-zhangg
  • chore(deps-dev): bump mypy-boto3-cloudwatch from 1.27.0 to 1.28.0 (#2697) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.86.0 to 2.87.0 (#2696) by @dependabot
  • chore(deps-dev): bump mypy-boto3-lambda from 1.27.0 to 1.28.0 (#2698) by @dependabot
  • chore(deps-dev): bump mypy-boto3-appconfigdata from 1.27.0 to 1.28.0 (#2699) by @dependabot
  • chore(deps-dev): bump mypy-boto3-cloudformation from 1.27.0 to 1.28.0 (#2700) by @dependabot
  • chore(deps-dev): bump sentry-sdk from 1.27.0 to 1.27.1 (#2701) by @dependabot
  • chore(ci): address ossf scorecard findings on npm, pip, and top-level permission leftover (#2694) by @heitorlessa
  • docs(maintainers): add cicd pipeline diagram (#2692) by @heitorlessa
  • chore(deps): bump actions/setup-node from 3.6.0 to 3.7.0 (#2689) by @dependabot
  • docs(contributing): add code integration journey graph (#2685) by @heitorlessa
  • chore(deps-dev): bump ruff from 0.0.276 to 0.0.277 (#2682) by @dependabot
  • chore(ci): enforce pip --require-hashes to maybe satistify scorecard (#2679) by @heitorlessa
  • chore(ci): add gitleaks in pre-commit hooks as an extra safety measure (#2677) by @step-security-bot
  • chore(deps): bump pydantic from 1.10.10 to 1.10.11 (#2671) by @dependabot
  • chore(deps-dev): bump typed-ast from 1.5.4 to 1.5.5 (#2670) by @dependabot
  • chore(deps): bump squidfunk/mkdocs-material from 3837c0f to a28ed81 in /docs (#2669) by @dependabot
  • chore(deps-dev): bump ruff from 0.0.275 to 0.0.276 (#2655) by @dependabot
  • chore(deps-dev): bump sentry-sdk from 1.26.0 to 1.27.0 (#2652) by @dependabot
  • chore(deps): migrate from retry to retry2 to address CVE-2022-42969 (#2665) by @heitorlessa
  • chore(ci): use sast on every commit on any supported language (#2646) by @heitorlessa
  • chore(ci): use deps sha for docs and gitpod images based on ossf findings (#2662) by @heitorlessa
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.17.8 to 1.18.27 in /layer/scripts/layer-balancer (#2651) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.24.6 to 1.37.0 in /layer/scripts/layer-balancer (#2653) by @dependabot
  • chore(deps): bump golang.org/x/sync from 0.1.0 to 0.3.0 in /layer/scripts/layer-balancer (#2649) by @dependabot
  • chore(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.6 (#2650) by @dependabot
  • chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.16.16 to 1.18.1 in /layer/scripts/layer-balancer (#2654) by @dependabot
  • chore(ci): improves dependabot based on ossf scorecard recommendations (#2647) by @step-security-bot
  • chore(ci): propagate checkout permission to nested workflows (#2642) by @heitorlessa
  • chore(ci): enforce top-level permission to minimum fail-safe permission as per openssf (#2638) by @step-security-bot
  • chore(ci): prevent merging PRs that do not meet minimum requirements (#2639) by @heitorlessa
  • chore(deps-dev): bump mypy-boto3-appconfigdata from 1.26.70 to 1.27.0 (#2636) by @dependabot
  • chore(deps): bump pydantic from 1.10.9 to 1.10.10 (#2624) by @dependabot
  • chore(deps-dev): bump mypy-boto3-dynamodb from 1.26.158 to 1.26.164 (#2622) by @dependabot

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena, @roger-zhangg, @step-security-bot and @sthulb

Contributors

sthulb, heitorlessa, and 4 other contributors
Assets 3
Loading

v2.19.0

30 Jun 12:10
@github-actions github-actions
v2.19.0
7fb8d4d
Compare
Choose a tag to compare
v2.19.0

Summary

In this new release we added:

  • support for Amazon VPC Lattice integrations
  • a new way to decode nested messages from SQS events
  • tons of documentation updates for the Idempotency utility

⭐ Huge thanks to our new contributor: @rafaelgsr!

Amazon VPC Lattice integration

Docs: event handler, parser

Amazon VPC Lattice is a fully managed application networking service that you use to connect, secure, and monitor the services for your application across multiple accounts and virtual private clouds (VPC). You can register your Lambda functions as targets with a VPC Lattice target group, and configure a listener rule to forward requests to the target group for your Lambda function.

We have added support for handling events from Amazon VPC Lattice in the event handler, using the same API as existing event handlers. This includes important functionalities like CORS support and response header serialization.

carbon (13)

In addition, we added the corresponding Pydantic Parser model for the VPC Lattice event:

carbon (14)

Decoding nested messages from SQS events

SQS events can encapsulate events originated in other AWS resources, such as S3 and SNS. To improve the experience when creating Lambda functions to handle those events, we created a new method to decoded those nested events easily. For instance, this is how you access the nested S3 event from an SQS event:

carbon (15)

Changes

🌟New features and non-breaking changes

📜 Documentation updates

🐛 Bug and hot fixes

🔧 Maintenance

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @hjgraca, @leandrodamascena, @rafaelgsr, @ran-isenberg and @rubenfonseca

Contributors

rubenfonseca, rafaelgsr, and 4 other contributors
Assets 2
Loading

v2.18.0

23 Jun 13:27
@release-drafter release-drafter
v2.18.0
f68a1ec
Compare
Choose a tag to compare
v2.18.0

Summary

This release adds support for A/B testing in Feature Flags, and the ability to enable/disable compression for custom responses in Event Handler.

⭐ Huge thanks to our new contributor: @ajwad-shaikh

Feature Flags

Docs

You can now run experiments on a percentage of customers (e.g., A/B testing) with the new MODULE_RANGE action.

image
image

Event Handler

Docs

You can now enable GZIP compression with custom responses. This is useful when you only want to compress certain responses, or override compression for non-200 HTTP status code.

image

Changes

🌟New features and non-breaking changes

  • feat(feature_flags): add modulo range condition for segmented experimentation support (#2331) by @ajwad-shaikh

📜 Documentation updates

  • docs(homepage): fix .NET repository link (#2549) by @hjgraca
  • docs(homepage): add Open Source Security Foundation badge; update links to new url (#2545) by @heitorlessa
  • docs(navigation): make Key Feature the first section (#2517) by @leandrodamascena
  • feat(feature_flags): add modulo range condition for segmented experimentation support (#2331) by @ajwad-shaikh

🐛 Bug and hot fixes

🔧 Maintenance

This release was made possible by the following contributors:

@ajwad-shaikh, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @hjgraca, @leandrodamascena and @sthulb

Contributors

sthulb, hjgraca, and 4 other contributors
Assets 2
Loading

v2.17.0

16 Jun 11:01
@github-actions github-actions
v2.17.0
e0ddbb9
Compare
Choose a tag to compare
v2.17.0

Summary

This release is full of new features and important bug fixes:

  • we now treat missing idempotency keys as non-idempotent transactions (no-op)
  • we now proritize the most specific route in event handler
  • new event source data classes for Amazon VPC Lattice Events and AWS Config Rules
  • new parser support for CloudFormation Custom Resources
  • better typing support when bringing your own Logger formatter
  • tons of documentation fixes and improvements

⭐ Huge thanks to new contributors: @abbasyadollahi @erikayao93 and @stephenbawks!

Idempotency

We now handle scenarios where the idempotency key might be optional by skipping the persistence storage layer operations (CRUD).

Here’s an example where uniqueness is dictated by X-Idempotency-Key header, but it might be optional:

carbon (9)

Imagine we have three disctinct requests, where the headers key looks like this:

  • First request: {"headers": {"X-Idempotency-Key": "7ca32179-f88f..."}}
  • Second request: {"headers": {}}
  • Third request: {"headers": {}}

With this fix, the first request will follow the current idempotency mechanism while the second and third request will not trigger any idempotency mechanism to prevent unwanted side effects (e.g., idempotency key of None is hashed).

Prioritizing most specific routes in event handler

We made a significant change in the way routes are matched on the event handler by giving priority to the most specific routes.

Consider the following code:

carbon (10)

With this fix, a GET request to /studies/fetch will now match the fetch_studies handler, even though it was declared last.

Support for VPC Lattice and AWS Config Rule events

Docs: Amazon VPC Lattice, AWS Config Rules

We made it easier to work with events comming from Amazon VPC Lattice and AWS Config Rules.

carbon (11)

carbon (12)

Changes

🌟New features and non-breaking changes

📜 Documentation updates

🐛 Bug and hot fixes

  • fix(idempotency): treat missing idempotency key as non-idempotent transaction (no-op) when raise_on_no_idempotency_key is False (#2477) by @leandrodamascena
  • fix(event_handler): prioritize static over dynamic route to prevent order of route registration mismatch (#2458) by @rubenfonseca

🔧 Maintenance

  • chore(deps-dev): bump mkdocs-material from 9.1.15 to 9.1.16 (#2470) by @dependabot
  • chore(deps-dev): bump flake8-comprehensions from 3.12.0 to 3.13.0 (#2471) by @dependabot
  • chore(deps-dev): bump cfn-lint from 0.77.8 to 0.77.9 (#2472) by @dependabot
  • chore(deps): bump aws-actions/configure-aws-credentials from 2.1.0 to 2.2.0 (#2469) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.83.1 to 2.84.0 (#2460) by @dependabot
  • chore(deps-dev): bump mypy-boto3-s3 from 1.26.127 to 1.26.153 (#2452) by @dependabot
  • chore(deps-dev): bump cfn-lint from 0.77.7 to 0.77.8 (#2451) by @dependabot
  • chore(deps): bump docker/setup-buildx-action from 2.6.0 to 2.7.0 (#2450) by @dependabot
  • feat(logger): type log record in LambdaPowertoolsFormatter with TypedDict (#2419) by @erikayao93
  • chore(deps-dev): bump pytest from 7.3.1 to 7.3.2 (#2443) by @dependabot
  • chore(deps-dev): bump filelock from 3.12.0 to 3.12.2 (#2446) by @dependabot
  • chore(deps-dev): bump ijson from 3.2.0.post0 to 3.2.1 (#2441) by @dependabot
  • chore(deps-dev): bump mypy-boto3-dynamodb from 1.26.115 to 1.26.152 (#2444) by @dependabot
  • chore(deps): bump actions/checkout from 3.5.2 to 3.5.3 (#2431) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.83.0 to 2.83.1 (#2432) by @dependabot
  • docs(navigation): standardize link targets to enhance customer experience (#2420) by @leandrodamascena
  • chore(deps-dev): bump cfn-lint from 0.77.6 to 0.77.7 (#2414) by @dependabot
  • chore(deps): bump pydantic from 1.10.8 to 1.10.9 (#2405) by @dependabot
  • chore(deps-dev): bump sentry-sdk from 1.25.0 to 1.25.1 (#2408) by @dependabot
  • chore(deps-dev): bump mypy-boto3-cloudformation from 1.26.147 to 1.26.149 (#2410) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.82.0 to 2.83.0 (#2406) by @dependabot
  • chore(deps-dev): bump mypy-boto3-logs from 1.26.53 to 1.26.149 (#2409) by @dependabot
  • chore(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (#2404) by @dependabot
  • chore(deps): bump docker/setup-buildx-action from 2.5.0 to 2.6.0 (#2403) by @dependabot
  • docs(maintainers): visual representation of release process (#2399) by @heitorlessa
  • chore(ci): fix PR labeling permission scope (#2396) by @heitorlessa
  • chore(ci): document all github action workflows and enforce least-privilege (#2395) by @heitorlessa

This release was made possible by the following contributors:

@abbasyadollahi, @dependabot, @dependabot[bot], @erikayao93, @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena, @ran-isenberg, @rubenfonseca and @stephenbawks

Contributors

rubenfonseca, heitorlessa, and 6 other contributors
Assets 2
Loading

v2.16.2

06 Jun 10:04
@release-drafter release-drafter
v2.16.2
a4c75a0
Compare
Choose a tag to compare
v2.16.2

Summary

This patch release primarily address a regression for custom builds that remove METADATA directory from installations, e.g., Serverless Framework with python-requirements plugin.

We have switched to bumping versions statically as of this release - SAM, CDK, Console, and Layer customers weren't affected.

Huge thanks to @bronzeson for reporting it, and @CJTurpie for reproducing it with Serverless framework plugin.

Changes

📜 Documentation updates

  • fix(parameters): AppConfigProvider when retrieving multiple unique configuration names (#2378) by @leandrodamascena

🐛 Bug and hot fixes

  • fix(shared): move to static version bumping to prevent issues with customers custom builds (#2386) by @heitorlessa
  • fix(parameters): AppConfigProvider when retrieving multiple unique configuration names (#2378) by @leandrodamascena

🔧 Maintenance

  • chore(typing): add setLevel and addHandler to Logger for mypy/pyright (#2388) by @heitorlessa
  • fix(shared): move to static version bumping to prevent issues with customers custom builds (#2386) by @heitorlessa
  • chore(deps-dev): bump mypy-boto3-cloudformation from 1.26.108 to 1.26.147 (#2383) by @dependabot
  • chore(deps-dev): bump mypy-boto3-lambda from 1.26.122 to 1.26.147 (#2382) by @dependabot
  • chore(deps-dev): bump sentry-sdk from 1.24.0 to 1.25.0 (#2374) by @dependabot
  • chore(deps-dev): bump aws-cdk from 2.81.0 to 2.82.0 (#2373) by @dependabot

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa and @leandrodamascena

Contributors

heitorlessa, leandrodamascena, and 3 other contributors
Assets 2
Loading