|
Hi,
AWS re:Invent brought a wave of powerful new
serverless capabilities, and we’ve been working
at record pace to bring them into the Serverless
Framework. Many of the features announced at AWS
re:Invent are already available for you to use
today in Serverless Framework v4, and more are
coming soon. Below is a rundown of the features
we’ve implemented and practical guides on how to
start using them in your serverless applications
right now.
Join us on Monday, December 15th at 10 am
Pacific on
YouTube, Twitch, or X for a live stream
as we show how you can use the major features
from AWS re:Invent in your Serverless Framework
services.
Are you interested in building, not just using
the Serverless Framework? If so, we are hiring
full-time Serverless Framework developers - please apply here.
As always, we're accessible. You can chat
with us anytime for support, feedback, or
partnership inquiries. Email us or schedule a meeting.
Last chance - Offer Ends on Friday: 20%
Discount
We’re offering 20% off all Serverless Framework Subscriptions for
Reserved Credits when you sign up before Friday, December 12, 2025.
-
Who qualifies: Available to new customers and renewing customers with Reserved Credits. Renewal customers
qualify for this promotional discount if
seeking a 2 or 3-year term.
-
Discount persists upon renewal: The 20% discount automatically carries
over to your first renewal for 2 and 3-year
subscriptions.
-
Budget flexibility: Secure your reduced rate now and choose
to start your subscription and invoicing in
January 2026, aligning with next year’s budget
cycle.
If you're interested, email us at sales@serverless.com or book a meeting.
New regions & runtimes: New Zealand,
Node.js 24, Python 3.14, Java 25
AWS re:Invent Announcements:
Docs: Providers
The Framework now ships first‑class support
for nodejs24.x, python3.14, and java25 runtimes and adds support for the new ap-southeast-6 AWS region, so you can move production
workloads onto the latest Lambda platforms
closer to your users.
provider:
name: aws
region: ap-southeast-6
runtime: nodejs24.x # or python3.14 or java25
HTTP response streaming for APIs
AWS re:Invent Announcement: Building responsive APIs with Amazon API
Gateway response streaming
Docs: Enabling response streaming for proxy
integrations
Framework now supports response streaming for
API Gateway HTTP APIs. Use it to stream logs,
long‑running reports, or partial responses to
the client without waiting for the full payload
to be ready. This is perfect for streaming AI
Agent responses without needing to use Lambda
Function URLs.
functions:
streamer:
handler: handler.stream
events:
- http:
path: stream
method: get
response:
transferMode: STREAM
Lambda tenant isolation mode
AWS re:Invent Announcements:
Docs: Tenant Isolation
Running multi‑tenant workloads on AWS Lambda?
You can now opt into the new AWS Lambda tenant
isolation mode via the Framework to create
distinct Lambda compute environments per tenant
when appropriate, helping reduce noisy‑neighbor
effects and isolating high‑traffic customers
more cleanly.
functions:
processTenant:
handler: src/tenant.handler
tenancy:
mode: per_tenant
Richer API Gateway controls: security policy
& endpoint access
AWS re:Invent Announcement: Enhancing API security with Amazon API
Gateway TLS security policies
Docs: Security Policy
You can now configure API Gateway security
policy (e.g., minimum TLS version) and endpoint
access mode directly in serverless.yml. That means stricter defaults for
internet‑facing endpoints and private endpoints
that are reachable only from your VPC or private
integrations.
provider:
name: aws
apiGateway:
endpoint:
securityPolicy: SecurityPolicy_TLS13_2025_EDGE
accessMode: strict
AWS CLI Login & MFA
AWS re:Invent Announcement: Simplified developer access to AWS with ‘aws
login’
Setting up AWS credentials is now much easier
with the new aws login
command. If you are using the Serverless
Framework for the first time you'll now
have the option to use this command instead of
manual setup of credentials.
? AWS Credentials Set-Up Method:
› Sign in with AWS CLI (Recommended)
Save AWS Credentials in a Local Porfile
Skip & Set Later (AWS SSO, ENV Vars)
The CLI now also supports MFA Prompting when
using an AWS Profile:
serverless deploy --aws-profile my-mfa-profile
Serverless Framework improvements didn't
stop with the AWS re:Invent announcements -
we've added a range of new features like
per-function IAM role mode, IPv6 dual-stack
support, Fn::ForEach intrinsic, and Built‑in API
Gateway Service Proxy.
Per‑function IAM role mode
Docs: Per Function IAM Roles
Building on per‑function IAM roles, you can now
switch the whole service into perFunction
mode so the shared service‑wide execution role
is not created and each function gets its own
dedicated role. That makes it easier to enforce
least privilege at scale and avoid service‑role
policy size limits.
provider:
name: aws
iam:
role:
mode: perFunction
functions:
ddbConsumer:
handler: handler.ddbConsumer
events:
- stream:
type: dynamodb
arn: arn:aws:dynamodb:${aws:region}:${aws:accountId}:table/Orders/stream/2025-11-30T12:00:00.000
# Gets its own role with CloudWatch Logs permissions and
# DynamoDB Streams permissions (GetRecords, GetShardIterator, etc.)
# scoped to the configured stream ARN.
queueWorker:
handler: handler.queueWorker
events:
- sqs:
arn: arn:aws:sqs:${aws:region}:${aws:accountId}:user-events-queue
# Gets a separate role with CloudWatch Logs permissions and
# SQS permissions to receive messages, delete them, and read
# queue attributes from the configured queue.
IPv6 dual‑stack support
Docs: VPC
VPC configuration now supports ipv6AllowedForDualStack, making it easier to embrace dual‑stack
networking.
provider:
vpc:
ipv6AllowedForDualStack: true
securityGroupIds:
- securityGroupId1
- securityGroupId2
subnetIds:
- subnetId1
- subnetId2
Fn::ForEach intrinsic for DRY
CloudFormation
We’ve added support for the | 