aws-powertools
diff --git a/‎.github/workflows/bootstrap_region.yml
Lines changed: 96 additions & 0 deletions b/‎.github/workflows/bootstrap_region.yml
Lines changed: 96 additions & 0 deletions
diff --git a/‎.github/workflows/update_ssm.yml
Lines changed: 85 additions & 0 deletions b/‎.github/workflows/update_ssm.yml
Lines changed: 85 additions & 0 deletions
diff --git a/‎docs/Dockerfile
Lines changed: 1 addition & 1 deletion b/‎docs/Dockerfile
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/index.md
Lines changed: 27 additions & 0 deletions b/‎docs/index.md
Lines changed: 27 additions & 0 deletions
diff --git a/‎docs/requirements.in
Lines changed: 1 addition & 1 deletion b/‎docs/requirements.in
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/requirements.txt
Lines changed: 3 additions & 3 deletions b/‎docs/requirements.txt
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/utilities/parser.md
Lines changed: 1 addition & 0 deletions b/‎docs/utilities/parser.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎examples/app/package.json
Lines changed: 4 additions & 4 deletions b/‎examples/app/package.json
Lines changed: 4 additions & 4 deletions
diff --git a/‎examples/snippets/package.json
Lines changed: 5 additions & 5 deletions b/‎examples/snippets/package.json
Lines changed: 5 additions & 5 deletions
diff --git a/‎layers/package.json
Lines changed: 2 additions & 2 deletions b/‎layers/package.json
Lines changed: 2 additions & 2 deletions
@@ -0,0 +1,96 @@
+# bootstraps new regions
+#
+# PURPOSE
+# Ensures new regions are deployable in future releases
+#
+# JOB 1 PROCESS
+#
+# 1. Installs CDK
+# 2. Bootstraps region
+#
+# JOB 2 PROCESS
+# 1. Sets up Go
+# 2. Installs the balance script
+# 3. Runs balance script to copy layers between aws regions
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        options:
+          - beta
+          - prod
+        description: Deployment environment
+      region:
+        type: string
+        required: true
+        description: AWS region to bootstrap (i.e. eu-west-1)
+
+name: Region Bootstrap
+run-name: Region Bootstrap ${{ inputs.region }}
+
+permissions:
+  contents: read
+
+jobs:
+  cdk:
+    name: Install CDK
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    environment: layer-${{ inputs.environment }}
+    steps:
+      - id: credentials
+        name: AWS Credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
+        with:
+          aws-region: ${{ inputs.region }}
+          role-to-assume: ${{ secrets.REGION_IAM_ROLE }}
+          mask-aws-account-id: true
+      - id: workdir
+        name: Create Workdir
+        run: |
+          mkdir -p build/project
+      - id: cdk-install
+        name: Install CDK
+        working-directory: build
+        run: |
+          npm i aws-cdk@2.178.0
+      - id: cdk-project
+        name: CDK Project
+        working-directory: build/project
+        run: |
+          npx cdk init app --language=typescript
+          AWS_REGION="${{ inputs.region }}" npx cdk bootstrap
+
+  copy_layers:
+    name: Copy Layers
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    environment: layer-${{ inputs.environment }}
+    steps:
+      - id: credentials
+        name: AWS Credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
+        with:
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.REGION_IAM_ROLE }}
+          mask-aws-account-id: true
+      - id: go-setup
+        name: Setup Go
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        with:
+          go-version: '>=1.23.0'
+      - id: go-env
+        name: Go Env
+        run: go env
+      - id: go-install-pkg
+        name: Install
+        run: go install github.com/aws-powertools/actions/layer-balancer/cmd/balance@latest
+      - id: run-balance
+        name: Run Balance
+        run: balance -read-region us-east-1 -write-region ${{ inputs.region }} -write-role ${{ secrets.BALANCE_ROLE_ARN }} -layer-name AWSLambdaPowertoolsTypeScriptV2 -dry-run=false
@@ -0,0 +1,85 @@
+# SSM Parameters update
+#
+# PROCESS
+# Creates parameters in regional AWS accounts for each layer we create, using the inputs to target specific releases
+# * environment: will prefix /beta/ into the parameter
+# * write_latest: will create a latest alias instead of a version number in the parameter
+# * package_version: semantic version number of the released layer (3.x.y)
+# * layer_version: this is sequential layer version from the ARN
+#
+# A successful parameter would look similar to:
+#   /aws/service/powertools/python/arm64/python3.8/3.1.0
+# And will have a value of:
+#   arn:aws:lambda:eu-west-1:094274105915:layer:AWSLambdaPowertoolsPythonV3-python38-arm64:4
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Environment to deploy to
+        type: choice
+        options:
+          - Beta
+          - Prod
+        required: true
+
+      write_latest:
+        description: Write to the latest path
+        type: boolean
+        required: false
+
+      package_version:
+        description: Semantic Version of published layer
+        type: string
+        required: true
+
+      layer_version:
+        description: Layer version
+        type: string
+        required: true
+
+name: SSM Parameters
+run-name: SSM Parameters - TypeScript
+
+permissions:
+  contents: read
+
+jobs:
+  typescript:
+    runs-on: ubuntu-latest
+    environment: SSM
+    strategy:
+      matrix:
+        region: ["af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3",
+            "ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3",
+            "ap-southeast-4", "ca-central-1", "ca-west-1", "eu-central-1", "eu-central-2",
+            "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3",
+            "il-central-1", "me-central-1", "me-south-1", "sa-east-1", "us-east-1",
+            "us-east-2", "us-west-1", "us-west-2", "ap-southeast-5"
+          ]
+
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - id: transform
+        run: |
+          echo 'CONVERTED_REGION=${{ matrix.region }}' | tr 'a-z\-' 'A-Z_' >> "$GITHUB_OUTPUT"
+      - id: creds
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
+        with:
+          aws-region: ${{ matrix.region }}
+          role-to-assume: ${{ secrets[format('{0}', steps.transform.outputs.CONVERTED_REGION)] }}
+          mask-aws-account-id: true
+      - id: write-version
+        env:
+          prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
+        run: |
+          aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite
+
+      - id: write-latest
+        if: inputs.write_latest == true
+        env:
+          prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
+        run: |
+          aws ssm put-parameter --name ${{ env.prefix }}/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite
@@ -1,5 +1,5 @@
 # version 9.5.35
-FROM squidfunk/mkdocs-material@sha256:7e841df1cfb6c8c4ff0968f2cfe55127fb1a2f5614e1c9bc23cbc11fe4c96644
+FROM squidfunk/mkdocs-material@sha256:c62453b1ba229982c6325a71165c1a3007c11bd3dd470e7a1446c5783bd145b4
 
 COPY requirements.txt /tmp/
 RUN pip install --require-hashes -r /tmp/requirements.txt
@@ -129,6 +129,16 @@ You can use Powertools for AWS Lambda (TypeScript) by installing it with your fa
                     - !Sub arn:aws:lambda:${AWS::Region}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:19
             ```
 
+            You can also use AWS SSM Parameter Store to dynamically add Powertools for AWS Lambda. The `{version}` placeholder is the semantic version number (e,g. 2.1.0) for a release or `_latest_`.
+
+            ```yaml hl_lines="5"
+            MyLambdaFunction:
+              Type: AWS::Serverless::Function
+                Properties:
+                  Layers:
+                    - {{resolve:ssm:/aws/service/powertools/typescript/generic/all/{version}}}
+            ```
+
             If you use `esbuild` to bundle your code, make sure to exclude `@aws-lambda-powertools/*` and `@aws-sdk/*` from being bundled since the packages are already present the layer:
 
             ```yaml hl_lines="5-14"
@@ -195,6 +205,23 @@ You can use Powertools for AWS Lambda (TypeScript) by installing it with your fa
             }
             ```
 
+            You can use [data sources](https://developer.hashicorp.com/terraform/language/data-sources) to resolve the SSM Parameter Store in your code, allowing you to pin to `_latest_` or a specific Powertools for AWS Lambda version.
+
+            ```terraform
+              data "aws_ssm_parameter" "powertools_version" {
+                # Replace {version} with your chosen Powertools for AWS Lambda version or latest
+                name = "/aws/service/powertools/python/generic/all/{version}"
+              }
+
+              resource "aws_lambda_function" "test_lambda" {
+                ...
+
+                runtime = "nodejs22.x"
+
+                layers = [data.aws_ssm_parameter.powertools_version.value]
+              }
+            ```
+
         === "Pulumi"
 
             ```typescript hl_lines="11"
 
@@ -1,4 +1,4 @@
 mike==1.1.2
-mkdocs-material==9.6.2
+mkdocs-material==9.6.3
 mkdocs-git-revision-date-plugin==0.3.2
 mkdocs-exclude==1.0.2
@@ -235,9 +235,9 @@ mkdocs-get-deps==0.2.0 \
 mkdocs-git-revision-date-plugin==0.3.2 \
     --hash=sha256:2e67956cb01823dd2418e2833f3623dee8604cdf223bddd005fe36226a56f6ef
     # via -r requirements.in
-mkdocs-material==9.6.2 \
-    --hash=sha256:71d90dbd63b393ad11a4d90151dfe3dcbfcd802c0f29ce80bebd9bbac6abc753 \
-    --hash=sha256:a3de1c5d4c745f10afa78b1a02f917b9dce0808fb206adc0f5bb48b58c1ca21f
+mkdocs-material==9.6.3 \
+    --hash=sha256:1125622067e26940806701219303b27c0933e04533560725d97ec26fd16a39cf \
+    --hash=sha256:c87f7d1c39ce6326da5e10e232aed51bae46252e646755900f4b0fc9192fa832
     # via -r requirements.in
 mkdocs-material-extensions==1.3.1 \
     --hash=sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443 \
 
@@ -85,6 +85,7 @@ Parser comes with the following built-in schemas:
 | **SesSchema**                                | Lambda Event Source payload for Amazon Simple Email Service                           |
 | **SnsSchema**                                | Lambda Event Source payload for Amazon Simple Notification Service                    |
 | **SqsSchema**                                | Lambda Event Source payload for Amazon SQS                                            |
+| **TransferFamilySchema**                     | Lambda Event Source payload for AWS Transfer Family events                            |
 | **VpcLatticeSchema**                         | Lambda Event Source payload for Amazon VPC Lattice                                    |
 | **VpcLatticeV2Schema**                       | Lambda Event Source payload for Amazon VPC Lattice v2 payload                         |
 
 
@@ -30,7 +30,7 @@
   "devDependencies": {
     "@types/aws-lambda": "^8.10.147",
     "@types/node": "22.13.1",
-    "aws-cdk-lib": "^2.177.0",
+    "aws-cdk-lib": "^2.178.1",
     "constructs": "^10.4.2",
     "source-map-support": "^0.5.21",
     "tsx": "^4.19.2",
@@ -44,12 +44,12 @@
     "@aws-lambda-powertools/metrics": "^2.13.1",
     "@aws-lambda-powertools/parameters": "^2.13.1",
     "@aws-lambda-powertools/tracer": "^2.13.1",
-    "@aws-sdk/client-ssm": "^3.741.0",
-    "@aws-sdk/lib-dynamodb": "^3.741.0",
+    "@aws-sdk/client-ssm": "^3.743.0",
+    "@aws-sdk/lib-dynamodb": "^3.743.0",
     "@middy/core": "^4.7.0",
     "@types/aws-lambda": "^8.10.147",
     "@types/node": "22.13.1",
-    "aws-cdk": "^2.177.0",
+    "aws-cdk": "^2.178.1",
     "constructs": "^10.4.2",
     "esbuild": "^0.24.2",
     "typescript": "^5.7.3"
 
@@ -32,11 +32,11 @@
     "@aws-lambda-powertools/parameters": "^2.13.1",
     "@aws-lambda-powertools/parser": "^2.13.1",
     "@aws-lambda-powertools/tracer": "^2.13.1",
-    "@aws-sdk/client-appconfigdata": "^3.741.0",
-    "@aws-sdk/client-dynamodb": "^3.741.0",
-    "@aws-sdk/client-secrets-manager": "^3.741.0",
-    "@aws-sdk/client-ssm": "^3.741.0",
-    "@aws-sdk/util-dynamodb": "^3.741.0",
+    "@aws-sdk/client-appconfigdata": "^3.743.0",
+    "@aws-sdk/client-dynamodb": "^3.743.0",
+    "@aws-sdk/client-secrets-manager": "^3.743.0",
+    "@aws-sdk/client-ssm": "^3.743.0",
+    "@aws-sdk/util-dynamodb": "^3.743.0",
     "@middy/core": "^4.7.0",
     "aws-sdk": "^2.1692.0",
     "aws-sdk-client-mock": "^4.1.0",
 
@@ -40,8 +40,8 @@
     "source-map-support": "^0.5.21"
   },
   "dependencies": {
-    "aws-cdk": "^2.177.0",
-    "aws-cdk-lib": "^2.177.0",
+    "aws-cdk": "^2.178.1",
+    "aws-cdk-lib": "^2.178.1",
     "esbuild": "^0.24.2",
     "tsx": "^4.19.2"
   }