Developer Enablement — AWS Lambda

AWS will deprecate the Lambda python3.9 runtime on 15 December 2025, blocking new function publishes by 9 March 2026 and leaving no path to deploy fixes on Amazon Linux 2 once the update freeze hits.¹ Teams still pinned to Python 3.9 must accelerate upgrades to Python 3.10 or 3.11 runtimes before the managed environment refuses package updates.

Python 3.9 itself exited upstream security support on 31 October 2025, so Lambda customers have barely six weeks between the language EOL and AWS’s deprecation date to finish remediation.² Waiting until the February or March block windows risks stranded production code, failed CI/CD deploys, and audit findings for running unpatched interpreters.

Impact on serverless delivery

• Deployment risk: After 9 March 2026 Lambda will reject updates to python3.9 functions, preventing hotfixes and emergency patches even if teams accept the security debt.¹
• Package and dependency testing: Python 3.11 introduces new bytecode specializations and asyncio improvements, so platform engineers must requalify third-party libraries, Lambda layers, and AWS SDK integrations during the upgrade.
• Compliance posture: Auditors will expect proof that critical workloads migrated to a supported runtime because Python 3.9 stopped receiving source-level security fixes at the end of October 2025.²

Actions for the next two sprints

1. Inventory all Lambda functions, Step Functions tasks, and container images that still target python3.9, grouping them by business criticality and deployment frequency.
2. Build parallel environments on Python 3.11 (or 3.10 for compatibility) to run regression tests, update Lambda layers, and validate cold-start performance before promoting the new runtime to production.
3. Update infrastructure-as-code templates, CI/CD pipelines, and monitoring dashboards to enforce the new runtime and capture evidence for security and compliance reviews ahead of the December 2025 deprecation.¹²

Best practices for teams

Development teams should adopt practices that ensure code quality and maintainability during and after this transition:

• Code review focus areas: Update code review checklists to include checks for deprecated patterns, new API usage, and migration-specific concerns. Establish review guidelines for changes that span multiple components.
• Documentation updates: Ensure README files, API documentation, and architectural decision records reflect the changes. Document rationale for setup choices to aid future maintenance.
• Version control practices: Use feature branches and semantic versioning to manage the transition. Tag releases clearly and maintain changelogs that highlight breaking changes and migration steps.
• Dependency management: Lock dependency versions during migration to ensure reproducible builds. Update package managers and lockfiles systematically to avoid version conflicts.
• Technical debt tracking: Document any temporary workarounds or deferred improvements introduced during migration. Create backlog items for post-migration cleanup and improvement.

Consistent application of development practices reduces risk and accelerates delivery of reliable software.

Maintenance outlook

If you are affected, plan for ongoing maintenance and evolution of systems affected by this change:

• Support lifecycle awareness: Track support timelines for dependencies, runtimes, and platforms. Plan upgrades before end-of-life dates to maintain security patch coverage.
• Continuous improvement: Establish feedback loops to identify improvement opportunities. Monitor performance metrics and user feedback to guide iterative improvements.
• Knowledge management: Build team expertise through training, documentation, and knowledge sharing. Ensure institutional knowledge is preserved as team composition changes.
• Upgrade pathways: Maintain awareness of future versions and breaking changes. Plan incremental upgrades rather than large leap migrations where possible.
• Community engagement: Participate in relevant open source communities, user groups, or vendor programs. Stay informed about roadmaps, good practices, and common pitfalls.

preventive maintenance planning reduces technical debt accumulation and ensures systems remain secure, performant, and aligned with business needs.

• Test coverage analysis: Review existing test suites to identify gaps in coverage for affected functionality. Prioritize test creation for high-risk areas and critical user journeys.
• Regression testing: Establish full regression test suites to catch unintended side effects. Automate regression runs in CI/CD pipelines to catch issues early.
• Performance testing: Conduct load and stress testing to validate system behavior under production-like conditions. Establish performance baselines and monitor for degradation.
• Security testing: Include security-focused testing such as SAST, DAST, and dependency scanning. Address identified vulnerabilities before production deployment.
• User acceptance testing: Engage teams in UAT to validate that changes meet business requirements. Document acceptance criteria and sign-off procedures.

A full testing strategy provides confidence in changes and reduces the risk of production incidents.

Engineering practices

Development standards should be updated to reflect any new requirements, good practices, or technical considerations introduced by this development. Code review criteria, testing requirements, and documentation standards should address the specific implications for software quality and maintainability.

Team training and knowledge sharing should ensure developers understand the technical details and their responsibilities for implementing required changes correctly. Documentation should capture setup decisions and rationale to support future maintenance and troubleshooting.

Migration Planning Considerations

Python 3.9 to 3.11+ migration requires assessment of dependency compatibility and language feature usage. Organizations should inventory Lambda functions identifying Python version dependencies and testing requirements. Staged migration enables validation of function behavior in newer runtime environments before production cutover.

CI/CD pipeline updates should accommodate multiple runtime versions during transition periods. Automated testing across target runtime versions identifies compatibility issues early in the development cycle.

Security and Performance Benefits

Runtime upgrades provide security patches addressing vulnerabilities in older Python versions. Performance improvements in newer runtimes may reduce function execution times and associated costs. Organizations should document security and performance baselines enabling quantification of upgrade benefits.

Migration Planning Considerations

Security and Performance Benefits

Migration Planning

Python 3.9 to 3.11+ requires dependency compatibility assessment. Staged migration validates function behavior.

Security Benefits

Runtime upgrades provide security patches. Performance improvements may reduce execution times and costs.

Cost Optimization

Runtime migration offers opportunity for Lambda optimization review. Memory allocation, timeout settings, and cold start mitigation should be evaluated alongside runtime updates. Provisioned concurrency configurations may require adjustment based on new runtime characteristics.

Monitoring and Observability

Enhanced monitoring ensures migration success validation. CloudWatch metrics, X-Ray tracing, and application logs provide visibility into function behavior changes. Baseline metrics before migration enable comparison and issue identification.

Similar analysis

Additional analysis covering similar themes.

Developer · Credibility 79/100 · November 12, 2025

Google Cloud Functions

Google Cloud Functions. NET 6 retirement means migrating to. NET 8 or later. Cloud function runtimes have limited support windows. Keep your serverless workloads on supported runtimes.

Developer · Credibility 91/100 · November 7, 2025

Developer Enablement — Azure Functions

Azure Functions in-process model is retiring in November 2025. If you are running. NET functions using the in-process hosting model, you need to migrate to the isolated worker model. Microsoft has been warning about this…

Developer · Credibility 82/100 · October 31, 2025

Developer Enablement — Python

Python 3.9 reaches its end of life on 31 October 2025, ending upstream security patches and pushing platform owners to migrate builds, functions, and data pipelines to supported interpreters before ecosystem support and…

Developer · Credibility 86/100 · October 5, 2025

Python and Runtime upgrades

Python 3.9 reaches end-of-life this month, ending security fixes and requiring platform teams to complete migrations to Python 3.10+ before the final 3.9.20 security release ships.

Developer · Credibility 86/100 · October 1, 2025

October 1, 2025

Python 3.9 reached end-of-life in October 2025. No more security patches. If you are running production workloads on 3.9, you are accumulating risk. Python 3.10, 3.11, and 3.12 are your supported options. The good news…

Continue in the Developer pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Secure Software Supply Chain Tooling Guide

  Engineer developer platforms that deliver verifiable provenance, SBOM distribution, vendor assurance, and runtime integrity aligned with SLSA v1.0, NIST SP 800-204D, and CISA SBOM…

• Developer Enablement & Platform Operations Guide

  Plan AI-assisted development, secure SDLC controls, and runtime upgrades using our research on GitHub Copilot, GitHub Advanced Security, and major language lifecycles.

• Continuous Compliance CI/CD Guide

  Implement CI/CD pipelines that satisfy NIST SP 800-218, OMB M-24-04 secure software attestations, FedRAMP continuous monitoring, and CISA Secure-by-Design guidance while preserving…

Further reading

1. AWS Lambda Runtimes — docs.aws.amazon.com
2. Python 3.9 Schedule — python.org
3. AWS Well-Architected — aws.amazon.com