Skip to content

fix(terraform): update CKV_AWS_363 deprecated Lambda runtime list to include nodejs18.x#7531

Open
dbuaon wants to merge 1 commit intobridgecrewio:mainfrom
dbuaon:fix/ckv-aws-363-lambda-runtimes
Open

fix(terraform): update CKV_AWS_363 deprecated Lambda runtime list to include nodejs18.x#7531
dbuaon wants to merge 1 commit intobridgecrewio:mainfrom
dbuaon:fix/ckv-aws-363-lambda-runtimes

Conversation

@dbuaon
Copy link
Copy Markdown

@dbuaon dbuaon commented Apr 28, 2026
edited
Loading

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

CKV_AWS_363 checks whether AWS Lambda functions are using deprecated runtimes.

nodejs18.x reached AWS Lambda end-of-support on September 1, 2025, but it was still commented out in the deprecated runtime list with a TODO note.

This PR updates CKV_AWS_363 to treat nodejs18.x as a deprecated runtime for both Terraform and CloudFormation checks.

Changes

  • Added nodejs18.x to the deprecated Lambda runtime list.
  • Removed stale TODO comments related to nodejs18.x.
  • Applied the update to both Terraform and CloudFormation CKV_AWS_363 checks.
  • Added/updated tests to validate the new deprecated runtime behavior.

Fix

Update the Lambda function runtime to a supported version such as nodejs20.x, nodejs22.x, or another actively maintained runtime.

Validation

Local commands executed:

  • python -m pytest -q -n0 tests/terraform/checks/resource/aws/test_LambdaDeprecatedRuntime.py
  • python -m pytest -q -n0 tests/cloudformation/checks/resource/aws/test_LambdaDeprecatedRuntime.py

Observed results:

  • Terraform CKV_AWS_363 tests pass locally.
  • CloudFormation CKV_AWS_363 tests pass locally.
  • nodejs18.x is now reported as a deprecated Lambda runtime.
  • Supported runtimes such as nodejs20.x and nodejs22.x remain valid.

Related issue

Fixes #7416

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

@dbuaon
Copy link
Copy Markdown
Author

dbuaon commented Apr 28, 2026

Hi maintainers, this PR updates CKV_AWS_363 to include nodejs18.x now that it has reached AWS Lambda end-of-support.

The change is intentionally small and limited to the deprecated runtime list, with the stale TODO comments removed from both Terraform and CloudFormation checks.

Happy to adjust if you prefer a different policy update format.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Lambda Runtimes are not representative with what has been deprecated, support wise, from AWS

1 participant

@dbuaon