Use nodejs18 in custom-resources

[svoychik]

Closes: #12133
similar to #11359
As NodeJS 16 security support recently ended all internal lambda functions have to be migrated to the latest LTS nodejs18
I made changes in the same way they were done in https://github.com/serverless/serverless/pull/11367/files

[Mmarzex]

@svoychik Thanks for looking at this. However we can't just increment the runtime version. These custom resource handlers use aws-sdk v2 which is not bundled with node18 lambda functions. In order to change this, you'd need to update the custom resource handlers to use v3 of the AWS SDK.

[svoychik]

@svoychik Thanks for looking at this. However we can't just increment the runtime version. These custom resource handlers use aws-sdk v2 which is not bundled with node18 lambda functions. In order to change this, you'd need to update the custom resource handlers to use v3 of the AWS SDK.

Thanks for the response. I can take a look on the adjustments required for aws-sdk3, and the changes in this PR If you don’t mind

[Mmarzex]

Go for it @svoychik 👍

[svoychik]

@Mmarzex I went through the repo to find the code that is used by those custom lambda functions. Please, take a look at my code and whether my changes make sense.
awsRequest function and its util file were a bit tricky. I believe that eventually the function can be replaced with retry mechanisms available on aws-sdk client level (link)

[svoychik]

@Mmarzex Hi, Could you give me some feedback on this, please?

[gupta-abhi26]

Hey guys,

is there any ETA when this will be merged?

[CodeByTwo]

Can someone please action this ASAP. Node16 is now end of life

[gupta-abhi26]

@svoychik

can you please resolve the conflicts ? 😄

[gupta-abhi26]

@svoychik

can you please resolve the conflicts ? 😄

Any updates, guys ?

[mikeprimm]

Just got notices from AWS on end-of-support for node 16 runtime - end of standard support is 11 Mar 2024 (deprecated support ending 11 Apr 2024). I'd suggest move fixed value to nodejs 20.x (now latest runtime) (or use the runtime from the provider->runtime setting)

EDIT: notice has different date than the lambda runtime page, but still coming relatlively soon - and node16 has been out of support since September 2023.

"As described in the Lambda runtime support policy [2], end of support for language runtimes in Lambda happens in several stages. Starting on June 12, 2024, Lambda will no longer apply security patches and other updates to the Node.js 16 runtime used by Lambda functions, and functions using Node.js 16 will no longer be eligible for technical support. Also, Node.js 16 will no longer be available in the Console, although you can still create and update functions using Node.js 16 via AWS CloudFormation, the AWS CLI, AWS SAM, or other tools. Starting July 15, 2024, you will no longer be able to create new Lambda functions using the Node.js 16 runtime. Starting August 15, 2024, you will no longer be able to update existing functions using the Node.js 16 runtime."

[kris8889]

Please resolve this ASAP. node 16.x AWS end-of-support for node 16 runtime is very near.

[svoychik]

Since there hasn't been any activity from the serverless team on this issue, I suggest removing the custom serverless lambda. Here's a guide for eliminating the api-gw lambda, shortly speaking you have 2 options:

1. Disable those logs for API GW
2. Enable the roleManagedExternally flag, and manage api-gw permissions by yourself. More info on roleManagedExternally here

Guidance on the second option:
Why this lambda was needed overall? Custom lambda grants API-GW serverlessApiGatewayCloudWatchRole to write logs to the Cloudwatch. https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html

In your serverless.yml, set 'roleManagedExternally' to true, like this:

provider:
  logs:
    restApi:
      level: INFO
      fullExecutionData: false
      roleManagedExternally: true

From now on, you will need to manage those permissions yourself. However, keep in mind that the permissions granted by the custom lambda earlier will not disappear. This means that the API Gateway will continue to send logs until you clean up the AWS environment. To explicitly grant these permissions, you can implement a custom script using CloudFormation, Terraform, or AWS CDK.

[mikeprimm]

The lambda is also used for S3 and for Cognito User Pool - anyone work out a similar workaround to avoid them as @svoychik nicely outlined for API GW?

[tonivdv]

@Mmarzex are you waiting for @svoychik to resolve the merge conflicts?

[smiley717]

Good to read here, any updates for this issue? @Mmarzex

[phongvuhyuet]

any update on this? we need this ASAP since Node.js 16 support in Lambda will end on June 12, 2024

[Mmarzex]

Hi everyone, this is now available in the v4.0 alpha

[Trav55555]

@Mmarzex will this be available in 3.x?

[jonasduever]

As of now, we cannot migrate to sls v4 (which is still in alpha!) until Jul 15, 2024. Probably others also have to see if they get "approval" for the sls v4 licensing changes or not, evaluate alternatives, adapt their code to v4 and test it, and so on.

Not merging this to v3 would shorten the deadline for all those decisions drastically, from "end of 2024" to "mid of July", and would force people to upgrade earlier than they actually can or should.

Please let us know what you plan to do with this PR - thanks!

[Trav55555]

As of now, we cannot migrate to sls v4 (which is still in alpha!) until Jul 15, 2024. Probably others also have to see if they get "approval" for the sls v4 licensing changes or not, evaluate alternatives, adapt their code to v4 and test it, and so on.

Not merging this to v3 would shorten the deadline for all those decisions drastically, from "end of 2024" to "mid of July", and would force people to upgrade earlier than they actually can or should.

Please let us know what you plan to do with this PR - thanks!

Same issue here

[sergioissi]

Are there any updates on this PR @Mmarzex @medikoo @eahefnawy ? we are 2 months away from the deadline on Aws. since v4 is still in alpha it would be useful to have it on v3

thank you guys for all!

[medikoo]

@sergioissi thanks for asking. I'm personally no longer with Serverless Inc. and I don't have the necessary rights to approve and push any work here. I believe @eahefnawy @ac360 and @Mmarzex are the right contacts for that

[wesyoung]

FYSA- #12133 (comment)

(local plugins style work-around, EDIT: to at-least get rid of notice for existing stacks-)

[jonasduever]

Update from AWS:

Runtime deprecation for Node.js 16
In response to customer feedback, AWS is delaying the deprecation of the Node.js 16 runtime until 9 months after the end of community LTS. The Node.js 16 runtime will be deprecated on the date provided in the Supported Runtimes table. As stated in the preceding note, between the end of LTS on September 11, 2023 and the deprecation date, Lambda will only apply OS patches to the runtime. No security patches for the language runtime will be applied during this period.

Delaying the deprecation of Node.js 16 gives customers using this runtime the opportunity to migrate their functions directly to Node.js 20, skipping Node.js 18.

(Don't get me wrong - this is not a reason not to include this PR into v3! There won't be any Node.js security patches for example. Just wanted to let you know about the update.)

[roland-pep]

we're still waiting for this

[xoapit]

Are there any plans to merge this PR? @Mmarzex

[pd-alex]

+1

[xoapit]

Because @svoychik is not available to resolve conflicts so I have recreated a new PR, pls review and merge it #12445 @Mmarzex @eahefnawy @ac360

[mdchrist]

Can we get an update on this?

[ValeryP]

Any updates, guys @eahefnawy @ac360 and @Mmarzex?

[wayne-t]

Are we able to merge it now? 6/12 is only 2 weeks away.