DEV Community: ntoledo319

Migrating AWS Lambda from Node.js 20 to 22 — every breaking change

ntoledo319 — Mon, 22 Jun 2026 21:11:30 +0000

AWS deprecates Lambda runtimes on a 3-phase schedule: Phase 1 ends security patches, Phase 2 blocks creating new functions, Phase 3 blocks updating existing ones. Once Phase 3 hits, a frozen function's only path forward is a full redeploy on a new runtime. nodejs20.x is on that track; nodejs22.x is the target (LTS, maintained into 2027).

Most code moves cleanly. Here's the set that doesn't.

1. `aws-sdk` v2 is no longer bundled

On nodejs16.x and earlier, AWS preinstalled the v2 SDK. From nodejs18.x onward, only v3 (@aws-sdk/*) is bundled. So:

Error: Cannot find module 'aws-sdk'

Fix: migrate to modular v3 clients, e.g. const { S3Client } = require('@aws-sdk/client-s3'). v3 also returns promises directly (no .promise()), and response shapes differ. Quick unblock: bundle aws-sdk in your package (adds cold-start weight).

2. Import assertions → import attributes

Node 22 ships the finalized spec, which renamed assert to with:

// Node 20 (valid)  -> Node 22 (broken)
import cfg from './config.json' assert { type: 'json' };
// Node 22 (valid)
import cfg from './config.json' with { type: 'json' };

3. Native addons must be rebuilt

Error: The module was compiled against a different Node.js version using NODE_MODULE_VERSION

Native modules (sharp, bcrypt, better-sqlite3…) are tied to the Node ABI. Rebuild on the target version, or bump to a release with a Node 22 prebuild. Dead packages (node-sass, fibers) must be replaced.

4. OpenSSL 3

Node 17+ ships OpenSSL 3, which rejects legacy hashing some older tooling relies on:

Error: error:0308010C:digital envelope routines::unsupported

Fix: upgrade the tool (webpack 5, react-scripts 5+). --openssl-legacy-provider is a stopgap only.

5. `crypto.createCipher` removed

crypto.createCipher / createDecipher were removed in Node 22 — switch to createCipheriv with an explicit key + IV (scrypt/pbkdf2 + randomBytes).

I wrote an open-source CLI (lambda-lifeline) that scans for all of these, codemods what's mechanical, patches your IaC, and stages a canary with rollback — plus a free browser scanner that flags them in your config in ~30 seconds, nothing uploaded: eolkits.com/scan.

Full guide with every case + captured output: eolkits.com/blog/migrating-lambda-nodejs-20-to-22

Amazon Linux 2 is EOL on June 30, 2026 — here's everything that breaks

ntoledo319 — Mon, 22 Jun 2026 21:10:09 +0000

Amazon Linux 2 reaches end of life on June 30, 2026. After that: no security patches, no new AMIs, no extras updates. Anything still pinned to AL2 in a launch template, EKS node group, ECS task, Beanstalk platform, or container base image is running unpatched from that day on.

Here's what actually changes when you move to Amazon Linux 2023 — the stuff that breaks boot scripts and CI.

What changes on AL2023

Area	Amazon Linux 2	Amazon Linux 2023
Package manager	`yum`	`dnf` (a `yum` symlink remains)
Extras	`amazon-linux-extras`	removed — packages are default, version-namespaced (`python3.11`, `nginx1.24`), or in SPAL
Time sync	`ntpd`	`chronyd`
Firewall	`iptables`	`nftables`
Python	2.7 and 3.x	3.x only — no Python 2
glibc	2.26	2.34

The errors you'll hit (and the fix)

amazon-linux-extras: command not found — it doesn't exist on AL2023. Install directly with dnf, version-namespaced, or via SPAL.
Failed to start ntpd.service: Unit ntpd.service not found — use chronyd instead.
/usr/bin/env: 'python2': No such file or directory — there's no Python 2; port the script to python3.
Error: Unable to find a match: <package> — the package was renamed/version-namespaced/moved to SPAL. dnf search for the real name.

The migration checklist

Inventory every AL2 AMI, launch template, EKS node group, ECS task, Beanstalk platform, and container base image.
Rebuild the base AMI on AL2023 (Packer / EC2 Image Builder).
Package manager: move yum usage to dnf, drop amazon-linux-extras.
Services: ntpd → chronyd, iptables → nftables.
Python: port python2 scripts/shebangs to python3.
Test boot, app start, networking, and time sync on a canary.
Roll out staged (5 → 25 → 50 → 100%) with a tested rollback.

I got tired of grepping for this by hand, so I built a free scanner — drop your Terraform / CloudFormation / Packer / Ansible into the browser and it flags every AL2 reference and the errors above, with the AWS source for each. Nothing is uploaded. Try it free → eolkits.com/scan. There's also an MIT CLI that does the codemods, and a paid audit if you want it done for you.

Full checklist with the per-error fixes: eolkits.com/amazon-linux-2-eol-checklist