Developer Enablement Briefing — November 10, 2025

Executive briefing: AWS will deprecate the Lambda python3.9 runtime on 15 December 2025, blocking new function publishes by 9 March 2026 and leaving no path to deploy fixes on Amazon Linux 2 once the update freeze hits.¹ Teams still pinned to Python 3.9 must accelerate upgrades to Python 3.10 or 3.11 runtimes before the managed environment refuses package updates.

Python 3.9 itself exited upstream security support on 31 October 2025, so Lambda customers have barely six weeks between the language EOL and AWS’s deprecation date to finish remediation.² Waiting until the February or March block windows risks stranded production code, failed CI/CD deploys, and audit findings for running unpatched interpreters.

Impact on serverless delivery

• Deployment risk: After 9 March 2026 Lambda will reject updates to python3.9 functions, preventing hotfixes and emergency patches even if teams accept the security debt.¹
• Package and dependency testing: Python 3.11 introduces new bytecode specialisations and asyncio improvements, so platform engineers must requalify third-party libraries, Lambda layers, and AWS SDK integrations during the upgrade.
• Compliance posture: Auditors will expect proof that critical workloads migrated to a supported runtime because Python 3.9 stopped receiving source-level security fixes at the end of October 2025.²

Actions for the next two sprints

1. Inventory all Lambda functions, Step Functions tasks, and container images that still target python3.9, grouping them by business criticality and deployment frequency.
2. Build parallel environments on Python 3.11 (or 3.10 for compatibility) to run regression tests, update Lambda layers, and validate cold-start performance before promoting the new runtime to production.
3. Update infrastructure-as-code templates, CI/CD pipelines, and monitoring dashboards to enforce the new runtime and capture evidence for security and compliance reviews ahead of the December 2025 deprecation.¹²