A developer toolkit to implement Serverless best practices and increase developer velocity.
This release adds Security Schemes support for generated OpenAPI / Swagger UI, and a new feature to manipulate idempotent responses. ππ And of course, you know it, fixes in typing and documentation. π
π Tons of things in this release was only possible because of our community. π A huge thank you to @walmsles, @Wurstnase, @SZubarev, @Emerson-MM-Filho, @nlykkei, @amyc92 and many others for your support and collaboration!
You can now add security scheme annotations to your generated OpenAPI documentation (HTTP headers, API keys, OAuth 2 and OpenID connect). Additionally, you can configure the built-in Swagger UI to use OAuth 2 when generating requests.
π Huge thanks to @nlykkei for helping us shape this feature!
You can now set up a response_hook
in the IdempotentConfig
class to manipulate the returned data when an operation is idempotent. The hook function will be called with the current deserialized response object and the idempotency record.
This can be used for changing something in the response, inject headers, emit custom metrics, and many other use cases.
π Thank you @walmsles for leading the design and implementation of this!
6b124e1
to 521644b
in /docs (#4141) by @dependabot065f3af
to 6b124e1
in /docs (#4055) by @dependabot3307665
to 065f3af
in /docs (#4052) by @dependabot@Emerson-MM-Filho, @SZubarev, @Wurstnase, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena, @rubenfonseca and @walmsles
We're excited to introduce some significant new features and improvements in this release:
We also made enhancements to our OpenAPI and type checking, and fixed some bugs!
β Huge thanks to our new contributors: @rafrafek, @xquek, and @par6n!
In response to our customer requests, Powertools now provides an enhanced experience for effortlessly creating and updating Parameters and Secrets. Recognizing the critical importance of parameters and secrets management, we created this new feature to empower customers with a seamless experience in managing their sensitive information.
A big thank you to @stephenbawks for their dedicated effort in implementing this new feature.
Some customers may need to create metrics with specific timestamps, to address this use case we've added the capability set custom metrics with specific timestamps to improve customer flexibility. Previously, this was not possible and all metrics were generated with the current timestamp.
We've created a new flag to enable seamless processing of messages from different group IDs. Activating this flag ensures that messages from a failed group ID are returned to SQS, allowing uninterrupted processing of messages from subsequent group IDs.
Thank you @duc00, for highlighting such an important matter and contributing to the improvement of this utility.
Customers now have the ability to utilize CloudWatchAlarmEvent
, which provides Type hinting and code completion support for this event, enhancing the development experience.
Last but not least, we've made significant improvements to our OpenAPI utility and fixed bugs to ensure a smoother experience. See all the latest improvements and bugfix in the changes section.
6c81a89
to 3307665
in /docs (#4017) by @dependabot3678304
to 6c81a89
in /docs (#3973) by @dependabot@TonySherman, @dependabot, @dependabot[bot], @eldritchideen, @github-actions, @github-actions[bot], @leandrodamascena, @par6n, @rafrafek, @rubenfonseca, @stephenbawks and @xquek
This patch release squashes a couple of bugs:
Huge thanks to @aitchnyu, @robk1234 and @palfrey for reporting and helping us fix these issues!
Changes
π Bug and hot fixes
π§ Maintenance
This release was made possible by the following contributors:
@dependabot, @dependabot[bot], @github-actions, @github-actions[bot] and @rubenfonseca
Weβre super excited to introduce a brand new utility to author Agents for Amazon Bedrock! ππ
Agents for Amazon Bedrock is a feature to build and deploy conversational agents that can interact with your customers using Large Language Models (LLM) and AWS Lambda functions.
Building on top of the Event Handler validation framework and the OpenAPI generation feature introduced in December, we created a new utility to:
Here's an agent with an action to schedule a meeting, ensuring that a valid email was passed in by the user:
Check out our brand new docs on the feature and let us know what you think!
Oh and we also fixed some bugs :) Thank you @kbakk and @aminalaee for your contributions!
49d1bfd
to 7be068b
in /docs (#3872) by @dependabot43b898a
to 49d1bfd
in /docs (#3857) by @dependabot@aminalaee, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot] and @rubenfonseca
This patch release removes Data Masking dependencies from our managed Lambda Layer, explicitly aws-encryption-sdk
who depend on cffi
. The issue is that cffi
has to be compiled to each specific Python version while we didn't.
We are investigating the creation of a new layer per each Python version to bring back Data Masking dependencies. As of now, to use Data masking, you'll need to bring aws-encryption-sdk
as part of your dependencies until then.
@TonySherman, @Wurstnase, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa and @leandrodamascena
Patch release to fix a regression introduced in v2.33 when running Event Handler REST API locally (unit test)...spotted by @jonathan-Chang π!
Huge thanks to Jonathan for reporting on Discord and helping triage all the way through.
@dependabot, @dependabot[bot], @github-actions, @github-actions[bot] and @heitorlessa
This release adds a new list intersection set of actions in Feature Flags, hot new community content, and tons of bugs squashed!
π Huge thanks to community friends (recurring contributors): @gwlester on new feature flag list intersection, @ericbn on docs layer ARN automation bug, and @ran-isenberg on two hot new content!
Thanks to @Rogalek for the feature request!
You can now toggle feature flags on three new actions:
ALL_IN_VALUE
. Toggle a given flag if all list items provided are also available in the schema.
{
"my_feature": {
"default": false,
"rules": {
"tenant_id is in allowed list": {
"when_match": true,
"conditions": [
{
"action": "ALL_IN_VALUE",
"key": "tenant_id",
"value": [
"Εukasz",
"Gerald",
"Leandro",
"Heitor"
]
}
]
}
}
}
}
ANY_IN_VALUE
. Toggle a given flag if any list item provided is also available in the schema.
{
"my_feature": {
"default": false,
"rules": {
"tenant_id is in allowed list": {
"when_match": true,
"conditions": [
{
"action": "NONE_IN_VALUE",
"key": "tenant_id",
"value": [
"Εukasz",
"Gerald",
"Leandro",
"Heitor"
]
}
]
}
}
}
}
NONE_IN_VALUE
. Toggle a given flag is no list item provided is available in the schema.
{
"my_feature": {
"default": false,
"rules": {
"tenant_id is in allowed list": {
"when_match": true,
"conditions": [
{
"action": "NONE_IN_VALUE",
"key": "tenant_id",
"value": [
"Εukasz",
"Gerald",
"Leandro",
"Heitor"
]
}
]
}
}
}
}
62d3668
to 43b898a
in /docs (#3801) by @dependabot6a72238
to 62d3668
in /docs (#3756) by @dependabot62d3668
to 43b898a
in /docs (#3801) by @dependabot6a72238
to 62d3668
in /docs (#3756) by @dependabot@dependabot, @dependabot[bot], @dreamorosi, @ericbn, @github-actions, @github-actions[bot], @gwlester, @heitorlessa, @hjgraca, @ran-isenberg and @rubenfonseca
This release officially drops support for Python 3.7 in Powertools for AWS, followed by AWS Lambda runtime deprecation. We also published our versioning policy under Processes section to give you further transparency.
π Huge thanks to a new contributor @Wurstnase (mypy fix)
π₯ Nathan Hanks's new blog post features how he used the Metrics
feature to boost app engagement
e0d6c67
to 6a72238
in /docs (#3735) by @dependabota4a2029
to e0d6c67
in /docs (#3708) by @dependabote0d6c67
to 6a72238
in /docs (#3735) by @dependabota4a2029
to e0d6c67
in /docs (#3708) by @dependabot@Wurstnase, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena and @ran-isenberg
We are pleased to announce our first security feature: Data Masking. You can now encrypt, decrypt, or irreversibly erase sensitive information to protect data confidentiality.
We also made enhancements to our OpenAPI utility, and fixed some bugs!
β Huge thanks to our new contributor: @maauk
You can now encrypt, decrypt, or irreversibly erase sensitive information to protect data confidentiality.
We partnered with the AWS Crypto team to offer a thin layer on top of the AWS Encryption SDK and Amazon KMS, optimized to run on AWS Lambda ephemeral environments.
At launch, Data Masking solves three common use cases, with a fourth one (field encryption) coming.
It wouldn't be awesome if we didn't mention that we spent a few months crafting several code snippets, use cases, diagrams, and a simplified terminology to help you digest common industry security practices.
Enough with the talk :) Here's a working code snippet with these use cases combined.
from __future__ import annotations
import os
from aws_lambda_powertools import Logger
from aws_lambda_powertools.utilities.data_masking import DataMasking
from aws_lambda_powertools.utilities.data_masking.provider.kms.aws_encryption_sdk import (
AWSEncryptionSDKProvider,
)
from aws_lambda_powertools.utilities.typing import LambdaContext
KEY_ONE = os.getenv("KMS_KEY_ARN", "")
KEY_TWO = os.getenv("KMS_KEY_TWO_ARN", "")
logger = Logger()
encryption_provider = AWSEncryptionSDKProvider(keys=[KEY_ONE, KEY_TWO]) # encrypt/decrypt operations
data_masker = DataMasking(provider=encryption_provider)
@logger.inject_lambda_context
def lambda_handler(event: dict, context: LambdaContext) -> dict:
data: dict = event.get("body", {})
logger.info("Erasing fields email, address.street, and company_address")
erased: dict = data_masker.erase(data, fields=["email", "address.street", "company_address"]) # values become '*****'
# tenant_id being optional metadata that must match in decrypt for further protection
encrypted: str = data_masker.encrypt(data, tenant_id=event.get("tenant_id", ""))
decrypted: dict = data_masker.decrypt(data, tenant_id=event.get("tenant_id", ""))
return erased
ββ Huge thanks to @seshubaws for the extensive work on this feature!
Our enhanced OpenAPI utility now enables you to seamlessly incorporate headers into your API specifications.
from typing import List
from aws_lambda_powertools.event_handler import APIGatewayRestResolver
from aws_lambda_powertools.event_handler.openapi.params import Header
from aws_lambda_powertools.shared.types import Annotated
from aws_lambda_powertools.utilities.typing import LambdaContext
app = APIGatewayRestResolver(enable_validation=True)
@app.get("/hello")
def get_hello(header2: Annotated[List[str], Header()], header1: Annotated[str, Header()]):
print(header2)
def lambda_handler(event: dict, context: LambdaContext) -> dict:
return app.resolve(event, context)
9aad7af
to a4a2029
in /docs (#3679) by @dependabot58eef6c
to 9aad7af
in /docs (#3670) by @dependabot9aad7af
to a4a2029
in /docs (#3679) by @dependabot58eef6c
to 9aad7af
in /docs (#3670) by @dependabot@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @leandrodamascena, @maauk and @seshubaws
We're excited to introduce two significant new features in our Idempotency utility:
We also made enhancements to our OpenAPI and Event Sources utilities, and fixed some bugs!
β Huge thanks to our new contributors: @sbailliez, @Thomas-McKanna, and @dastra!
You can now seamlessly switch between DynamoDB and Redis as a persistence storage layer. This allows you to leverage the Idempotency utility in previously unavailable scenarios, such as handling responses over 400kb.
We remain committed to making efforts to introduce new backends, and we would love to hear from you on which backend we should prioritize next!
β β Huge thanks to @roger-zhangg for your help!
AWS has recently introduced support for ReturnValuesOnConditionCheckFailure
, a feature designed to streamline conditional write operations and reducing costs in Amazon DynamoDB. With this enhancement, Powertools for AWS Lambda now optimistically attempts to write items to DynamoDB. If the item already exists, it seamlessly returns it from DynamoDB without requiring an additional operation.
S3 Batch Operations are now supported on the Event Source utility. When using S3 Batch Operations, a Lambda function can be used to execute various operations. For each task, you can choose to either:
A) Return the task as a success (default) B) Return the task as temporarily failed (e.g., due to a timeout when connecting to other services) and enable automatic retries. C) Return the task as permanently failed, resulting in job failure.
This example illustrates how you can return different status based on your specific execution logic.
You can now define additional response models within the OpenAPI schema utility, allowing you to leverage existing Pydantic data models and classes.
Last but not least, you can now effortlessly download the OpenAPI schema file directly from the SwaggerUI.
2f29d71
to 58eef6c
in /docs (#3633) by @dependabot2f29d71
to 58eef6c
in /docs (#3633) by @dependabot@Thomas-McKanna, @dastra, @dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @leandrodamascena, @roger-zhangg, @rubenfonseca and @sbailliez