Powertools for AWS Lambda (Python) (original) (raw)
Homepage
Powertools for AWS Lambda (Python) is a developer toolkit to implement Serverless best practices and increase developer velocity.
- Features
Adopt one, a few, or all industry practices. Progressively.
All features
* 
Support this project
Become a public reference customer, share your work, contribute, use Lambda Layers, etc.
Support
* Available languages
Powertools for AWS Lambda is also available in other languages
Java, TypeScript, and .NET
Install¶
You can install Powertools for AWS Lambda (Python) using your favorite dependency management, or Lambda Layers:
PipLambda LayerLambda Layer (GovCloud)Serverless Application Repository (SAR)Alpha releases
Lambda Layer is a .zip file archive that can contain additional code, pre-packaged dependencies, data, or configuration files. We compile and optimize all dependencies, and remove duplicate dependencies already available in the Lambda runtime to achieve the most optimal size.
For the latter, make sure to replace {region} with your AWS region, e.g., eu-west-1, and the {python_version} without the period (.), e.g., python313 for Python 3.13.
| Architecture | Layer ARN |
|---|---|
| x86_64 | arn:aws:lambda:{region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-{python_version}-x86_64:7 |
| ARM | arn:aws:lambda:{region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-{python_version}-arm64:7 |
AWS ConsoleAWS SSM Parameter StoreInfrastructure as Code (IaC)Inspect Lambda Layer contents
You can add our layer using the AWS Lambda Console (direct link):
- Under Layers, choose
AWS layersorSpecify an ARN - Click to copy the correct ARN value based on your AWS Lambda function architecture and region
We offer Parameter Store aliases for releases too, allowing you to specify either specific versions or use the latest version on every deploy. To use these you can add these snippets to your AWS CloudFormation or Terraform projects:
CloudFormation
Sample Placeholders:
{arch}is eitherarm64(Graviton based functions) orx86_64{python_version}is the Python runtime version, e.g.,python3.13forPython 3.13.{version}is the semantic version number (e,g. 3.1.0) for a release orlatest
| MyFunction: Type: "AWS::Lambda::Function" Properties: ... Layers: - {{resolve:ssm:/aws/service/powertools/python/{arch}/{python_version}/{version}}} |
|---|
Terraform
Using the aws_ssm_parameter data provider from the AWS Terraform provider allows you to lookup the value of parameters to use later in your project.
| data "aws_ssm_parameter" "powertools_version" { name = "/aws/service/powertools/python/{arch}/{python_version}/{version}" } resource "aws_lambda_function" "test_lambda" { ... runtime = "python3.13" layers = [data.aws_ssm_parameter.powertools_version.value] } |
|---|
Are we missing a framework? please create a documentation request.
Thanks to the community, we've covered most popular frameworks on how to add a Lambda Layer to an existing function.
x86_64arm64
SAMServerless frameworkCDKTerraformPulumiAmplify
| AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: MyLambdaFunction: Type: AWS::Serverless::Function Properties: Runtime: python3.12 Handler: app.lambda_handler Layers: - !Sub arn:aws:lambda:${AWS::Region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:14 |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 | service: powertools-lambda provider: name: aws runtime: python3.12 region: us-east-1 functions: powertools: handler: lambda_function.lambda_handler architecture: arm64 layers: - arn:aws:lambda:${aws:region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:14 |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | from aws_cdk import Aws, Stack, aws_lambda from constructs import Construct class SampleApp(Stack): def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) powertools_layer = aws_lambda.LayerVersion.from_layer_version_arn( self, id="lambda-powertools", layer_version_arn=f"arn:aws:lambda:{Aws.REGION}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:14", ) aws_lambda.Function( self, "sample-app-lambda", runtime=aws_lambda.Runtime.PYTHON_3_12, layers=[powertools_layer], code=aws_lambda.Code.from_asset("lambda"), handler="hello.handler", ) |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | terraform { required_version = "~> 1.0.5" required_providers { aws = "~> 3.50.0" } } provider "aws" { region = "{region}" } resource "aws_iam_role" "iam_for_lambda" { name = "iam_for_lambda" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.amazonaws.com" }, "Effect": "Allow" } ] } EOF } resource "aws_lambda_function" "test_lambda" { filename = "lambda_function_payload.zip" function_name = "lambda_function_name" role = aws_iam_role.iam_for_lambda.arn handler = "index.test" runtime = "python3.12" layers = ["arn:aws:lambda:{region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:14"] source_code_hash = filebase64sha256("lambda_function_payload.zip") } |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | import json import pulumi import pulumi_aws as aws role = aws.iam.Role( "role", assume_role_policy=json.dumps( { "Version": "2012-10-17", "Statement": [ {"Action": "sts:AssumeRole", "Principal": {"Service": "lambda.amazonaws.com"}, "Effect": "Allow"}, ], }, ), managed_policy_arns=[aws.iam.ManagedPolicy.AWS_LAMBDA_BASIC_EXECUTION_ROLE], ) lambda_function = aws.lambda_.Function( "function", layers=[ pulumi.Output.concat( "arn:aws:lambda:", aws.get_region_output().name, ":017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:14", ), ], tracing_config={"mode": "Active"}, runtime=aws.lambda_.Runtime.PYTHON3D12, handler="index.handler", role=role.arn, architectures=["x86_64"], code=pulumi.FileArchive("lambda_function_payload.zip"), ) |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | # Create a new one with the layer ❯ amplify add function ? Select which capability you want to add: Lambda function (serverless function) ? Provide an AWS Lambda function name: ? Choose the runtime that you want to use: Python ? Do you want to configure advanced settings? Yes ... ? Do you want to enable Lambda layers for this function? Yes ? Enter up to 5 existing Lambda layer ARNs (comma-separated): arn:aws:lambda:eu-central-1:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:14 ❯ amplify push -y # Updating an existing function and add the layer ❯ amplify update function ? Select the Lambda function you want to update test2 General information - Name: ? Which setting do you want to update? Lambda layers configuration ? Do you want to enable Lambda layers for this function? Yes ? Enter up to 5 existing Lambda layer ARNs (comma-separated): arn:aws:lambda:eu-central-1:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:14 ? Do you want to edit the local lambda function now? No |
|---|
SAMServerless frameworkCDKTerraformPulumiAmplify
| 1 2 3 4 5 6 7 8 9 10 11 12 | AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: MyLambdaFunction: Type: AWS::Serverless::Function Properties: Architectures: [arm64] Runtime: python3.12 Handler: app.lambda_handler Layers: - !Sub arn:aws:lambda:${AWS::Region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-arm64:14 |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 | service: powertools-lambda provider: name: aws runtime: python3.12 region: us-east-1 functions: powertools: handler: lambda_function.lambda_handler architecture: arm64 layers: - arn:aws:lambda:${aws:region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-arm64:14 |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | from aws_cdk import Aws, Stack, aws_lambda from constructs import Construct class SampleApp(Stack): def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: super().__init__(scope, construct_id, **kwargs) powertools_layer = aws_lambda.LayerVersion.from_layer_version_arn( self, id="lambda-powertools", layer_version_arn=f"arn:aws:lambda:{Aws.REGION}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-arm64:14", ) aws_lambda.Function( self, "sample-app-lambda", runtime=aws_lambda.Runtime.PYTHON_3_12, layers=[powertools_layer], architecture=aws_lambda.Architecture.ARM_64, code=aws_lambda.Code.from_asset("lambda"), handler="hello.handler", ) |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | terraform { required_version = "~> 1.0.5" required_providers { aws = "~> 3.50.0" } } provider "aws" { region = "{region}" } resource "aws_iam_role" "iam_for_lambda" { name = "iam_for_lambda" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.amazonaws.com" }, "Effect": "Allow" } ] } EOF } resource "aws_lambda_function" "test_lambda" { filename = "lambda_function_payload.zip" function_name = "lambda_function_name" role = aws_iam_role.iam_for_lambda.arn handler = "index.test" runtime = "python3.12" layers = ["arn:aws:lambda:{region}:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-arm64:14"] architectures = ["arm64"] source_code_hash = filebase64sha256("lambda_function_payload.zip") } |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | import json import pulumi import pulumi_aws as aws role = aws.iam.Role( "role", assume_role_policy=json.dumps( { "Version": "2012-10-17", "Statement": [ {"Action": "sts:AssumeRole", "Principal": {"Service": "lambda.amazonaws.com"}, "Effect": "Allow"}, ], }, ), managed_policy_arns=[aws.iam.ManagedPolicy.AWS_LAMBDA_BASIC_EXECUTION_ROLE], ) lambda_function = aws.lambda_.Function( "function", layers=[ pulumi.Output.concat( "arn:aws:lambda:", aws.get_region_output().name, ":017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-arm64:14", ), ], tracing_config={"mode": "Active"}, runtime=aws.lambda_.Runtime.PYTHON3D12, handler="index.handler", role=role.arn, architectures=["arm64"], code=pulumi.FileArchive("lambda_function_payload.zip"), ) |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | # Create a new one with the layer ❯ amplify add function ? Select which capability you want to add: Lambda function (serverless function) ? Provide an AWS Lambda function name: ? Choose the runtime that you want to use: Python ? Do you want to configure advanced settings? Yes ... ? Do you want to enable Lambda layers for this function? Yes ? Enter up to 5 existing Lambda layer ARNs (comma-separated): arn:aws:lambda:eu-central-1:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-arm64:14 ❯ amplify push -y # Updating an existing function and add the layer ❯ amplify update function ? Select the Lambda function you want to update test2 General information - Name: ? Which setting do you want to update? Lambda layers configuration ? Do you want to enable Lambda layers for this function? Yes ? Enter up to 5 existing Lambda layer ARNs (comma-separated): arn:aws:lambda:eu-central-1:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-arm64:14 ? Do you want to edit the local lambda function now? No |
|---|
You can use AWS CLI to generate a pre-signed URL to download the contents of our Lambda Layer.
| AWS CLI command to download Lambda Layer content | |
|---|---|
| 1 | aws lambda get-layer-version-by-arn --arn arn:aws:lambda:eu-west-1:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:14 --region eu-west-1 |
You'll find the pre-signed URL under Location key as part of the CLI command output.
Lambda Layer is a .zip file archive that can contain additional code, pre-packaged dependencies, data, or configuration files. We compile and optimize all dependencies, and remove duplicate dependencies already available in the Lambda runtime to achieve the most optimal size.
For the latter, make sure to replace {python_version} without the period (.), e.g., python313 for Python 3.13.
AWS GovCloud (us-gov-east-1)
| Architecture | Layer ARN |
|---|---|
| x86_64 | arn:aws-us-gov:lambda:us-gov-east-1:165087284144:layer:AWSLambdaPowertoolsPythonV3-{python_version}-x86_64:7 |
| ARM | arn:aws-us-gov:lambda:us-gov-east-1:165087284144:layer:AWSLambdaPowertoolsPythonV3-{python_version}-arm64:7 |
AWS GovCloud (us-gov-west-1)
| Architecture | Layer ARN |
|---|---|
| x86_64 | arn:aws-us-gov:lambda:us-gov-west-1:165093116878:layer:AWSLambdaPowertoolsPythonV3-{python_version}-x86_64:7 |
| ARM | arn:aws-us-gov:lambda:us-gov-west-1:165093116878:layer:AWSLambdaPowertoolsPythonV3-{python_version}-arm64:7 |
We provide a SAR App that deploys a CloudFormation stack with a copy of our Lambda Layer in your AWS account and region.
Compared with the public Layer ARN option, the advantage is being able to use a semantic version. Make sure to replace {python_version} without the period (.), e.g., python313 for Python 3.13.
| App | ARN | Architecture |
|---|---|---|
| aws-lambda-powertools-python-layer-v3-{python_version}-x86-64 | arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-{python_version}-x86-64 | X86_64 |
| aws-lambda-powertools-python-layer-v3-{python_version}-arm64 | arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-{python_version}-arm64 | ARM64 |
Don't have enough permissions? Expand for a least-privilege IAM policy example
Credits to mwarkentin for providing the scoped down IAM permissions.
| Least-privileged IAM permissions SAM example | |
|---|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | AWSTemplateFormatVersion: "2010-09-09" Resources: PowertoolsLayerIamRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "cloudformation.amazonaws.com" Action: - "sts:AssumeRole" Path: "/" PowertoolsLayerIamPolicy: Type: "AWS::IAM::Policy" Properties: PolicyName: PowertoolsLambdaLayerPolicy PolicyDocument: Version: "2012-10-17" Statement: - Sid: CloudFormationTransform Effect: Allow Action: cloudformation:CreateChangeSet Resource: - arn:aws:cloudformation:us-east-1:aws:transform/Serverless-2016-10-31 - Sid: GetCfnTemplate Effect: Allow Action: - serverlessrepo:CreateCloudFormationTemplate - serverlessrepo:GetCloudFormationTemplate Resource: # this is arn of the Powertools for AWS Lambda (Python) SAR app - arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64 - Sid: S3AccessLayer Effect: Allow Action: - s3:GetObject Resource: # AWS publishes to an external S3 bucket locked down to your account ID # The below example is us publishing Powertools for AWS Lambda (Python) # Bucket: awsserverlessrepo-changesets-plntc6bfnfj # Key: *****/arn:aws:serverlessrepo:eu-west-1:057560766410:applications-aws-lambda-powertools-python-layer-v3-python313-x86-64-3.0.9/aeeccf50-****-****-****-********* - arn:aws:s3:::awsserverlessrepo-changesets-*/* - Sid: GetLayerVersion Effect: Allow Action: - lambda:PublishLayerVersion - lambda:GetLayerVersion Resource: - !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:aws-lambda-powertools-python-layer-v3* Roles: - Ref: "PowertoolsLayerIamRole" |
If you're using Infrastructure as Code, here are some excerpts on how to use SAR:
SAMServerless frameworkCDKTerraform
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: AwsLambdaPowertoolsPythonLayer: Type: AWS::Serverless::Application Properties: Location: ApplicationId: arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64 SemanticVersion: 3.0.9 # change to latest semantic version available in SAR MyLambdaFunction: Type: AWS::Serverless::Function Properties: Runtime: python3.13 Handler: app.lambda_handler Layers: # fetch Layer ARN from SAR App stack output - !GetAtt AwsLambdaPowertoolsPythonLayer.Outputs.LayerVersionArn |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | service: powertools-lambda provider: name: aws runtime: python3.13 region: us-east-1 functions: powertools: handler: lambda_function.lambda_handler layers: - !GetAtt AwsLambdaPowertoolsPythonLayer.Outputs.LayerVersionArn resources: - AwsLambdaPowertoolsPythonLayer: Type: AWS::Serverless::Application Properties: Location: ApplicationId: arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64 SemanticVersion: 3.0.9 |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | from aws_cdk import Stack, aws_lambda, aws_sam from constructs import Construct POWERTOOLS_BASE_NAME = "AWSLambdaPowertools" # Find latest from github.com/aws-powertools/powertools-lambda-python/releases POWERTOOLS_VER = "3.0.9" POWERTOOLS_ARN = ( "arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64" ) class SampleApp(Stack): def __init__(self, scope: Construct, id_: str) -> None: super().__init__(scope, id_) # Launches SAR App as CloudFormation nested stack and return Lambda Layer powertools_app = aws_sam.CfnApplication( self, f"{POWERTOOLS_BASE_NAME}Application", location={"applicationId": POWERTOOLS_ARN, "semanticVersion": POWERTOOLS_VER}, ) powertools_layer_arn = powertools_app.get_att("Outputs.LayerVersionArn").to_string() powertools_layer_version = aws_lambda.LayerVersion.from_layer_version_arn( self, f"{POWERTOOLS_BASE_NAME}", powertools_layer_arn, ) aws_lambda.Function( self, "sample-app-lambda", runtime=aws_lambda.Runtime.PYTHON_3_13, function_name="sample-lambda", code=aws_lambda.Code.from_asset("lambda"), handler="hello.handler", layers=[powertools_layer_version], ) |
|---|
Credits to Dani Comnea for providing the Terraform equivalent.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | terraform { required_version = "~> 0.13" required_providers { aws = "~> 3.50.0" } } provider "aws" { region = "us-east-1" } resource "aws_serverlessapplicationrepository_cloudformation_stack" "deploy_sar_stack" { name = "aws-lambda-powertools-python-layer" application_id = data.aws_serverlessapplicationrepository_application.sar_app.application_id semantic_version = data.aws_serverlessapplicationrepository_application.sar_app.semantic_version capabilities = [ "CAPABILITY_IAM", "CAPABILITY_NAMED_IAM" ] } data "aws_serverlessapplicationrepository_application" "sar_app" { application_id = "arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64" semantic_version = var.aws_powertools_version } variable "aws_powertools_version" { type = string default = "3.0.9" description = "The Powertools for AWS Lambda (Python) release version" } output "deployed_powertools_sar_version" { value = data.aws_serverlessapplicationrepository_application.sar_app.semantic_version } # Fetch Powertools for AWS Lambda (Python) Layer ARN from deployed SAR App output "aws_lambda_powertools_layer_arn" { value = aws_serverlessapplicationrepository_cloudformation_stack.deploy_sar_stack.outputs.LayerVersionArn } |
|---|
Every morning during business days (~8am UTC), we publish a prerelease to PyPi to accelerate customer feedback on unstable releases / bugfixes until they become production ready.
Here's how you can use them:
Local development¶
Powertools for AWS Lambda (Python) relies on the AWS SDK bundled in the Lambda runtime. This helps us achieve an optimal package size and initialization. However, when developing locally, you need to install AWS SDK as a development dependency to support IDE auto-completion and to run your tests locally:
A word about dependency resolution
In this context, [aws-sdk] is an alias to the boto3 package. Due to dependency resolution, it'll either install:
- (A) the SDK version available in Lambda runtime
- (B) a more up-to-date version if another package you use also depends on
boto3, for example Powertools for AWS Lambda (Python) Tracer
Lambda Layer¶
Lambda Layer is a .zip file archive that can contain additional code, pre-packaged dependencies, data, or configuration files. We compile and optimize all dependencies for Python versions from 3.9 to 3.13, as well as for both arm64 and x86_64 architectures, to ensure compatibility. We also remove duplicate dependencies already available in the Lambda runtime to achieve the most optimal size.
x86_64arm64
Click to expand and copy any regional Lambda Layer ARN
Python 3.9Python 3.10Python 3.11Python 3.12Python 3.13
Click to expand and copy any regional Lambda Layer ARN
Python 3.9Python 3.10Python 3.11Python 3.12Python 3.13
Want to inspect the contents of the Layer?
The pre-signed URL to download this Lambda Layer will be within Location key in the CLI output. The CLI output will also contain the Powertools for AWS Lambda version it contains.
| AWS CLI command to download Lambda Layer content | |
|---|---|
| 1 | aws lambda get-layer-version-by-arn --arn arn:aws:lambda:eu-west-1:017000801446:layer:AWSLambdaPowertoolsPythonV3-python312-x86_64:14 --region eu-west-1 |
SAR¶
Serverless Application Repository (SAR) App deploys a CloudFormation stack with a copy of our Lambda Layer in your AWS account and region.
Compared with the public Layer ARN option, SAR allows you to choose a semantic version and deploys a Layer in your target account.
Click to expand and copy SAR code snippets for popular frameworks
You can create a shared Lambda Layers stack and make this along with other account level layers stack.
SAMServerless frameworkCDKTerraform
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: AwsLambdaPowertoolsPythonLayer: Type: AWS::Serverless::Application Properties: Location: ApplicationId: arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64 SemanticVersion: 3.0.9 # change to latest semantic version available in SAR MyLambdaFunction: Type: AWS::Serverless::Function Properties: Runtime: python3.13 Handler: app.lambda_handler Layers: # fetch Layer ARN from SAR App stack output - !GetAtt AwsLambdaPowertoolsPythonLayer.Outputs.LayerVersionArn |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | service: powertools-lambda provider: name: aws runtime: python3.13 region: us-east-1 functions: powertools: handler: lambda_function.lambda_handler layers: - !GetAtt AwsLambdaPowertoolsPythonLayer.Outputs.LayerVersionArn resources: - AwsLambdaPowertoolsPythonLayer: Type: AWS::Serverless::Application Properties: Location: ApplicationId: arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64 SemanticVersion: 3.0.9 |
|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | from aws_cdk import Stack, aws_lambda, aws_sam from constructs import Construct POWERTOOLS_BASE_NAME = "AWSLambdaPowertools" # Find latest from github.com/aws-powertools/powertools-lambda-python/releases POWERTOOLS_VER = "3.0.9" POWERTOOLS_ARN = ( "arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64" ) class SampleApp(Stack): def __init__(self, scope: Construct, id_: str) -> None: super().__init__(scope, id_) # Launches SAR App as CloudFormation nested stack and return Lambda Layer powertools_app = aws_sam.CfnApplication( self, f"{POWERTOOLS_BASE_NAME}Application", location={"applicationId": POWERTOOLS_ARN, "semanticVersion": POWERTOOLS_VER}, ) powertools_layer_arn = powertools_app.get_att("Outputs.LayerVersionArn").to_string() powertools_layer_version = aws_lambda.LayerVersion.from_layer_version_arn( self, f"{POWERTOOLS_BASE_NAME}", powertools_layer_arn, ) aws_lambda.Function( self, "sample-app-lambda", runtime=aws_lambda.Runtime.PYTHON_3_13, function_name="sample-lambda", code=aws_lambda.Code.from_asset("lambda"), handler="hello.handler", layers=[powertools_layer_version], ) |
|---|
Credits to Dani Comnea for providing the Terraform equivalent.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | terraform { required_version = "~> 0.13" required_providers { aws = "~> 3.50.0" } } provider "aws" { region = "us-east-1" } resource "aws_serverlessapplicationrepository_cloudformation_stack" "deploy_sar_stack" { name = "aws-lambda-powertools-python-layer" application_id = data.aws_serverlessapplicationrepository_application.sar_app.application_id semantic_version = data.aws_serverlessapplicationrepository_application.sar_app.semantic_version capabilities = [ "CAPABILITY_IAM", "CAPABILITY_NAMED_IAM" ] } data "aws_serverlessapplicationrepository_application" "sar_app" { application_id = "arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64" semantic_version = var.aws_powertools_version } variable "aws_powertools_version" { type = string default = "3.0.9" description = "The Powertools for AWS Lambda (Python) release version" } output "deployed_powertools_sar_version" { value = data.aws_serverlessapplicationrepository_application.sar_app.semantic_version } # Fetch Powertools for AWS Lambda (Python) Layer ARN from deployed SAR App output "aws_lambda_powertools_layer_arn" { value = aws_serverlessapplicationrepository_cloudformation_stack.deploy_sar_stack.outputs.LayerVersionArn } |
|---|
Credits to mwarkentin for providing the scoped down IAM permissions below.
| Least-privileged IAM permissions SAM example | |
|---|---|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | AWSTemplateFormatVersion: "2010-09-09" Resources: PowertoolsLayerIamRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "cloudformation.amazonaws.com" Action: - "sts:AssumeRole" Path: "/" PowertoolsLayerIamPolicy: Type: "AWS::IAM::Policy" Properties: PolicyName: PowertoolsLambdaLayerPolicy PolicyDocument: Version: "2012-10-17" Statement: - Sid: CloudFormationTransform Effect: Allow Action: cloudformation:CreateChangeSet Resource: - arn:aws:cloudformation:us-east-1:aws:transform/Serverless-2016-10-31 - Sid: GetCfnTemplate Effect: Allow Action: - serverlessrepo:CreateCloudFormationTemplate - serverlessrepo:GetCloudFormationTemplate Resource: # this is arn of the Powertools for AWS Lambda (Python) SAR app - arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-v3-python313-x86-64 - Sid: S3AccessLayer Effect: Allow Action: - s3:GetObject Resource: # AWS publishes to an external S3 bucket locked down to your account ID # The below example is us publishing Powertools for AWS Lambda (Python) # Bucket: awsserverlessrepo-changesets-plntc6bfnfj # Key: *****/arn:aws:serverlessrepo:eu-west-1:057560766410:applications-aws-lambda-powertools-python-layer-v3-python313-x86-64-3.0.9/aeeccf50-****-****-****-********* - arn:aws:s3:::awsserverlessrepo-changesets-*/* - Sid: GetLayerVersion Effect: Allow Action: - lambda:PublishLayerVersion - lambda:GetLayerVersion Resource: - !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:aws-lambda-powertools-python-layer-v3* Roles: - Ref: "PowertoolsLayerIamRole" |
Quick getting started¶
| Hello world example using SAM CLI | |
|---|---|
| 1 | sam init --app-template hello-world-powertools-python --name sam-app --package-type Zip --runtime python3.11 --no-tracing |
Features¶
Core utilities such as Tracing, Logging, Metrics, and Event Handler will be available across all Powertools for AWS Lambda languages. Additional utilities are subjective to each language ecosystem and customer demand.
| Utility | Description |
|---|---|
| Tracing | Decorators and utilities to trace Lambda function handlers, and both synchronous and asynchronous functions |
| Logger | Structured logging made easier, and decorator to enrich structured logging with key Lambda context details |
| Metrics | Custom Metrics created asynchronously via CloudWatch Embedded Metric Format (EMF) |
| Event handler: AppSync | AppSync event handler for Lambda Direct Resolver and Amplify GraphQL Transformer function |
| Event handler: API Gateway, ALB and Lambda Function URL | Amazon API Gateway REST/HTTP API and ALB event handler for Lambda functions invoked using Proxy integration, and Lambda Function URL |
| Middleware factory | Decorator factory to create your own middleware to run logic before, and after each Lambda invocation |
| Parameters | Retrieve parameter values from AWS Systems Manager Parameter Store, AWS Secrets Manager, or Amazon DynamoDB, and cache them for a specific amount of time |
| Batch processing | Handle partial failures for AWS SQS batch processing |
| Typing | Static typing classes to speedup development in your IDE |
| Validation | JSON Schema validator for inbound events and responses |
| Event source data classes | Data classes describing the schema of common Lambda event triggers |
| Parser | Data parsing and deep validation using Pydantic |
| Idempotency | Idempotent Lambda handler |
| Data Masking | Protect confidential data with easy removal or encryption |
| Feature Flags | A simple rule engine to evaluate when one or multiple features should be enabled depending on the input |
| Streaming | Streams datasets larger than the available memory as streaming data. |
Environment variables¶
Info
Explicit parameters take precedence over environment variables
| Environment variable | Description | Utility | Default |
|---|---|---|---|
| POWERTOOLS_SERVICE_NAME | Sets service name used for tracing namespace, metrics dimension and structured logging | All | "service_undefined" |
| POWERTOOLS_METRICS_NAMESPACE | Sets namespace used for metrics | Metrics | None |
| POWERTOOLS_METRICS_FUNCTION_NAME | Function name used as dimension for the ColdStart metric metrics | Metrics | None |
| POWERTOOLS_METRICS_DISABLED | Disables all metrics emitted by Powertools metrics | Metrics | None |
| POWERTOOLS_TRACE_DISABLED | Explicitly disables tracing | Tracing | false |
| POWERTOOLS_TRACER_CAPTURE_RESPONSE | Captures Lambda or method return as metadata. | Tracing | true |
| POWERTOOLS_TRACER_CAPTURE_ERROR | Captures Lambda or method exception as metadata. | Tracing | true |
| POWERTOOLS_TRACE_MIDDLEWARES | Creates sub-segment for each custom middleware | Middleware factory | false |
| POWERTOOLS_LOGGER_LOG_EVENT | Logs incoming event | Logging | false |
| POWERTOOLS_LOGGER_SAMPLE_RATE | Debug log sampling | Logging | 0 |
| POWERTOOLS_LOG_DEDUPLICATION_DISABLED | Disables log deduplication filter protection to use Pytest Live Log feature | Logging | false |
| POWERTOOLS_PARAMETERS_MAX_AGE | Adjust how long values are kept in cache (in seconds) | Parameters | 5 |
| POWERTOOLS_PARAMETERS_SSM_DECRYPT | Sets whether to decrypt or not values retrieved from AWS SSM Parameters Store | Parameters | false |
| POWERTOOLS_DEV | Increases verbosity across utilities | Multiple; see POWERTOOLS_DEV effect below | false |
| POWERTOOLS_LOG_LEVEL | Sets logging level | Logging | INFO |
Optimizing for non-production environments¶
We will emit a warning when this feature is used to help you detect misuse in production.
Whether you're prototyping locally or against a non-production environment, you can use POWERTOOLS_DEV to increase verbosity across multiple utilities.
When POWERTOOLS_DEV is set to a truthy value (1, true), it'll have the following effects:
| Utility | Effect |
|---|---|
| Logger | Increase JSON indentation to 4. This will ease local debugging when running functions locally under emulators or direct calls while not affecting unit tests. However, Amazon CloudWatch Logs view will degrade as each new line is treated as a new message. |
| Event Handler | Enable full traceback errors in the response, indent request/responses, and CORS in dev mode (*). |
| Tracer | Future-proof safety to disables tracing operations in non-Lambda environments. This already happens automatically in the Tracer utility. |
| Metrics | Disables Powertools metrics emission by default. However, this can be overridden by explicitly setting POWERTOOLS_METRICS_DISABLED=false, which takes precedence over the dev mode setting. |
Debug mode¶
As a best practice for libraries, Powertools module logging statements are suppressed.
When necessary, you can use POWERTOOLS_DEBUG environment variable to enable debugging. This will provide additional information on every internal operation.
There are many ways you can help us gain future investments to improve everyone's experience:
- Become a public reference
Add your company name and logo on our landing page.
GitHub Issue template
* 
Share your work
Blog posts, video, and sample projects about Powertools for AWS Lambda.
GitHub Issue template
* 
Join the community
Connect, ask questions, and share what features you use.
Discord invite
Becoming a reference customer¶
Knowing which companies are using this library is important to help prioritize the project internally. The following companies, among others, use Powertools:
Using Lambda Layers¶
Layers help us understand who uses Powertools for AWS Lambda (Python) in a non-intrusive way.
When using Layers, you can add Powertools for AWS Lambda (Python) as a dev dependency to not impact the development process. For Layers, we pre-package all dependencies, compile and optimize for storage and both x86_64 and ARM architecture.
Tenets¶
These are our core principles to guide our decision making.
- AWS Lambda only. We optimise for AWS Lambda function environments and supported runtimes only. Utilities might work with web frameworks and non-Lambda environments, though they are not officially supported.
- Eases the adoption of best practices. The main priority of the utilities is to facilitate best practices adoption, as defined in the AWS Well-Architected Serverless Lens; all other functionality is optional.
- Keep it lean. Additional dependencies are carefully considered for security and ease of maintenance, and prevent negatively impacting startup time.
- We strive for backwards compatibility. New features and changes should keep backwards compatibility. If a breaking change cannot be avoided, the deprecation and migration process should be clearly defined.
- We work backwards from the community. We aim to strike a balance of what would work best for 80% of customers. Emerging practices are considered and discussed via Requests for Comment (RFCs)
- Progressive. Utilities are designed to be incrementally adoptable for customers at any stage of their Serverless journey. They follow language idioms and their community’s common practices.