AWS Bedrock AgentCore, S3 File Mounts, Python & Install Improvements

This headline is something we are genuinely excited about: native support for AWS Bedrock AgentCore, making the Serverless Framework the fastest way to build and deploy production AI agents on AWS. Read on for the full picture.

V4 has come a long way. If your team is still on V3, now is a great time to make the move - the gap in features, performance, and security has grown considerably, and everything in this update is V4-only. A Subscription includes 24/7 support from our team. If you want to talk through what a Subscription looks like for your team, schedule a few minutes with us - we are happy to help.

• Austen and the Serverless Inc team.

AWS Bedrock AgentCore is Now Built-in

Docs: AWS Bedrock AgentCore

Building a production AI agent is harder than it looks - not because of the AI part, but because of everything around it.

If your instinct is to reach for Lambda, you will get surprisingly far. But the moment your agent needs to hold a multi-turn conversation, run a complex tool chain that takes several minutes, handle a 30 MB file, or stream tokens back to a user in real time, Lambda starts to crack. Its 15-minute execution limit kills long-running agentic loops mid-task. Its stateless design means every invocation starts fresh, so you end up bolting on DynamoDB session storage, S3 round-trips for larger payloads, custom streaming infrastructure, and your own auth middleware. That is weeks of undifferentiated infrastructure work before you have written a single line of actual agent logic.

AWS built AgentCore to solve exactly this. It is a purpose-built serverless compute platform for AI agents - not a general-purpose function runner, but a runtime designed around how agents actually behave. Under the hood, each user session runs in a dedicated Firecracker microVM: hardware-level isolation (not just container isolation), 2 vCPU and 8 GB of RAM, with a session lifetime of up to 8 hours. The container stays warm between turns in a conversation, so state lives in memory - no serialization, no round-trips to a database. Streaming is built in. JWT authentication is built in. Tool execution with MCP and Agent-to-Agent (A2A) protocol support is built in. The 100 MB payload limit means you can send a large document directly without a pre-signed S3 workaround.

Compared to Lambda, the tradeoffs are clear: Lambda remains the right choice for short, stateless, high-volume function invocations. AgentCore is the right choice when your agent runs for minutes, maintains conversational context, needs per-session isolation for security, or has to handle the kinds of workloads real users generate. For teams moving AI agents from prototype to production, it removes the infrastructure problem entirely so you can focus on the agent itself.

With v4.33 of the Serverless Framework, AgentCore support is now built in. Using a new top-level ai block in your serverless.yml, you can define agents, tools, memory, browsers, and code interpreters. The Framework compiles everything to CloudFormation with least-privilege IAM roles, builds and uploads Docker images to ECR, and supports both JavaScript and Python runtimes. No manual orchestration, no boilerplate.

New CLI commands ship alongside this integration:

• sls invoke -a <agentName> - invoke an agent directly, with support for JSON and SSE streaming

• sls logs -a <agentName> - tail or query agent logs

• sls dev - live dev mode for agents with hot-reload

We have included 20+ example agents covering LangGraph workflows, MCP servers, browser automation, code interpreters, and more.

functions:
  calculatorFunction:
    handler: handlers/calculator.handler

ai:
  tools:
    calculator:
      function: calculatorFunction
      toolSchema:
        - name: calculate
          inputSchema:
            type: object
            properties:
              expression:
                type: string
            required:
              - expression

  agents:
    assistant:
      memory:
        expiration: 30

# Deploy the agent
sls deploy

# Invoke with streaming
sls invoke -a assistant -d "What is 2+2?"

# Tail agent logs
sls logs -a assistant --tail

S3 Files Support for Lambda File System Mounts

Docs: File System Configuration

Lambda functions can now mount Amazon S3 Files directly as a local file system path, in addition to the existing EFS support. This opens up a straightforward way to give your functions access to large datasets, model weights, or shared assets stored in S3 - without downloading them at runtime.

The Framework auto-detects the file system type from literal ARNs. For CloudFormation references, set type: s3files explicitly. IAM permissions (s3files:ClientMount and s3files:ClientWrite) are generated automatically, and VPC configuration is validated. Existing EFS setups are fully backward compatible.

functions:
  hello:
    handler: handler.hello
    fileSystemConfig:
      localMountPath: /mnt/s3data
      arn: arn:aws:s3files:us-east-1:111111111111:file-system/fs-abc123/access-point/fsap-abc123
    vpc:
      securityGroupIds:
        - sg-xxx
      subnetIds:
        - subnet-xxx

When using CloudFormation references, specify the type explicitly:

functions:
  hello:
    handler: handler.hello
    fileSystemConfig:
      localMountPath: /mnt/s3data
      arn: !GetAtt MyS3FilesAccessPoint.AccessPointArn
      type: s3files
    vpc:
      securityGroupIds:
        - sg-xxx
      subnetIds:
        - subnet-xxx

Faster, Smaller Framework Installs

Starting with v4.36, the Serverless Framework installer no longer fetches dependencies from npm at install time. Everything needed ships in a single download. This makes installs faster, more reliable (no dependency on npm registry availability), and saves approximately 42 MB of disk space per framework version.

Existing projects require no changes. If you are on an older installer, you will pick up the faster install path automatically the next time you update or fetch a new version. To also get the disk space savings, run serverless update or reinstall the serverless npm package.

Python Improvements

uv dependency groups and optional extras. Four new custom.pythonRequirements options give you precise control over which extras and groups are included in your deployment package, mirroring the existing Poetry group support. Dev dependencies are always excluded by default.

custom:
  pythonRequirements:
    uvOptionalDependencies: # → uv export --extra <name>
      - heavy
    uvWithGroups:           # → uv export --group <name>
      - prod
    uvWithoutGroups:        # → uv export --no-group <name>
      - test
    uvOnlyGroups:           # → uv export --only-group <name>
      - lambda

Layer-only services now work correctly. Services that declared custom.pythonRequirements.layer with no functions: block previously produced an empty CloudFormation stack. That is fixed.

Windows ZIP path fix. ZIP archive entries are now written with POSIX-style / separators on every platform, resolving import mismatches at runtime for Windows users.

Improvements & Bug Fixes

Recent releases include a number of usability and reliability fixes:

• TypeScript config deadlock resolved. Multi-file TypeScript configurations (serverless.ts importing other .ts files via relative imports) could deadlock during command startup, most reproducible in AWS CodeBuild. Fixed in v4.36.1.

• esbuild plugin version conflicts resolved. Projects pinning a specific esbuild version no longer hit Host version does not match binary version errors when running serverless invoke local. Both esbuild instances now resolve their own platform binaries independently.

• esbuild deploy fix. sls deploy --package no longer fails with MISSING_ARTIFACT_FILE when using the esbuild builder.

• Duplicate PATH entries from installer fixed. The installer no longer appends a new PATH line to shell config on every run.

• AppSync field directive fixes. @canonical, @hidden, and @renamed now work correctly on field definitions in AppSync Merged API configurations.

• Dev mode Node.js runtime matching. Dev mode now matches the remote Lambda shim runtime to your local Node.js version instead of always defaulting to nodejs20.x.

• Rich TypeScript type documentation. All configuration schema properties now include JSDoc annotations (description, @example, @default, @deprecated, @since), enabling better hover tooltips and inline docs in IDEs.

Security

This release period included a number of proactive security fixes across the Framework and its dependencies:

• Hardened the installer against supply chain attacks: replaced axios, axios-proxy-builder, and tunnel with Node.js built-in fetch() and undici.ProxyAgent. Remaining dependencies are pinned to exact versions. A 3-day minimum release age (min-release-age=3) is now enforced via .npmrc to prevent npm from resolving to freshly published packages.

• Locked transitive dependencies in distributed packages via npm-shrinkwrap.json, pinning the full dependency tree to exact versions.

• Patched an infinite-loop CVE in the installer runtime (CVE-2026-33814).

• Lodash upgraded to v4.18.1, resolving prototype pollution vulnerabilities.

• Multiple additional dependency security patches applied across hono, fast-xml-parser, minimatch, uuid, urllib3, follow-redirects, fastify, and others.

The Serverless Framework is free for individuals and organizations under $2M in annual revenue. For larger teams, learn about our Subscription plans or schedule a meeting with us.