Upgrading To The Latest Version

Upgrading S3 Protector Lambda

    Upgrade Process Overview

    The diagram below illustrates upgrade steps:

    Publish S3 Protector Lambda Version

    Publishing a version of the S3 Protector Lambda allows updating it without interruptions to the existing traffic.

    Procedure

    1. Go to AWS Lambda console and select existing Protegrity S3 Protector Lambda.

    2. Go to Lambda ConfigurationEnvironment variables.

    3. Record environment variables values. You will use them later to configure upgraded Lambda Function. You can use the aws cli command below to save the function variables into the local json file:

    aws lambda get-function-configuration --function-name \
arn:aws:lambda:<aws_region>:<aws_account>:function:<function_name> \
--query Environment > <function_name>_env_config.json

    1. Click Actions in top right portion of the screen. Select Publish new version. Click Publish.

    2. Record the Lambda version number. It will be displayed at the top of the screen. You can also retrieve it from the Lambda function view, under Versions tab.

    S3 Protector Lambda version number: ___________________

    Run Protect Service Upgrade

    In this step, the Protect service including Lambda $LATEST version will be updated using Cloud Formation template. The Lambda version created in previous step will be used to serve existing traffic during the upgrade process.

    Procedure

    1. Go to AWS Cloud Formation and select existing Protegrity deployment stack.

    2. Select Update Stack > Make a direct update.

    3. Select Replace existing template > Upload a template file.

    4. Upload pty_s3_protector_cf.json file and select Next.

    5. Update LambdaFunctionProductionVersion parameter with S3 Protector Lambda version number recorded in step 3.

    6. Click Next until Review window and then select Update stack.

    7. Wait for the Cloud Formation to complete.

    8. Go back to Lambda console and select S3 Protector Lambda.

    9. Go to ConfigurationEnvironment variables. Replace placeholder values with values recorded in previous step.

      Alternatively, you can run the following aws cli command to update function configuration using json file saved in the previous steps:

    aws lambda update-function-configuration --function-name \
arn:aws:lambda:<aws_region>:<aws_account>:function:<function_name> \
--environment file://./<function_name>_env_config.json

    1. Navigate to Aliases tab. Verify that Production alias points to the lambda version you specified in the cloud formation template.

    2. The upgraded S3 Protector Lambda is configured with a sample policy. Run Agent Lambda Function before continuing with next steps.

    Finalize Upgrade

    In this step, the S3 Protector Lambda will be configured to serve traffic using $LATEST version upgraded in the previous step.

    Procedure

    1. Go back to Protegrity AWS Cloud Formation deployment stack.

    2. Select Update Stack > Make a direct update.

    3. Select Use existing template and then choose Next

    4. Update LambdaFunctionProductionVersion parameter with the following value: $LATEST.

    5. Click Next until Review window and then select Update stack.

    6. Go back to Lambda console and select S3 Protector Lambda.

    7. From the Lambda console, verify that Latest alias points to $LATEST version.

    8. Test your function to make sure it works as expected.

    9. If you need to rollback to older version of S3 Protector Lambda, you can re-run the cloud formation with LambdaFunctionProductionVersion parameter set to the previous version of S3 Protector Lambda.


    Last modified : January 06, 2026