Cerbos PDP v0.47.0: AWS Lambda support, Git-aware Hub uploads, and smarter schema diagnostics

Authorization should be as portable and reliable as your code. The new Cerbos PDP v0.47.0 makes that easier than ever. This release adds native AWS Lambda support, tighter integration between Git and Cerbos Hub, and clearer schema diagnostics to simplify policy development and CI/CD pipelines.

If you already run Cerbos PDP in containers, Kubernetes, or sidecar mode, this update expands your deployment options and cuts time-to-diagnosis when policies misbehave.

AWS Lambda support brings Cerbos to serverless architectures

Cerbos PDP v0.47 introduces first-class support for AWS Lambda, giving teams two ways to deploy:

• Standalone Lambda function. Run Cerbos as a function receiving authorization requests directly through API Gateway.
• Lambda extension. Embed Cerbos beside your function as a lightweight decision engine.

Both patterns enable fine-grained, policy-based authorization inside serverless and event-driven environments without managing persistent infrastructure. For teams running bursty workloads or handling unpredictable API traffic, this can reduce latency and operating cost.

Read more about this here.

Git-aware Hub uploads simplify policy versioning

Managing policy versions manually is tedious. v0.47.0 introduces Git-aware commands in cerbosctl so your commit messages are automatically picked up and included when updating a Cerbos Hub policy store.

• Automatic commit metadata. When run inside a Git repo, cerbosctl now captures commit SHA, author, and timestamp when uploading policy.
• Selective uploads. New flags let you upload only files changed in a given commit range.
• Improved CI/CD flows. These features make it easier to tie policy updates to pull requests and automated pipelines.

This closes a long-standing gap between policy lifecycle management and infrastructure automation. With Git metadata visible in Cerbos Hub, you gain full traceability from source → build → deploy.

Schema diagnostics get clearer and more actionable

Policy authors often lose time debugging vague schema errors. Cerbos PDP v0.47 enhances compiler diagnostics to pinpoint missing or mismatched schema references.

Now, instead of a generic failure message, you’ll see which schema was referenced, where it was missing, and what the expected type looked like. This makes complex policy sets, especially those using nested schemas, easier to maintain.

Smaller improvements that add up

Beyond the headline features, this release includes several quality-of-life and performance updates:

• Traffic distribution control. New service.trafficDistribution field enables finer routing of evaluation requests when deployed via Helm.
• Improved Hub observability. PDP now emits additional log messages for Hub connections and synchronization events.
• Refined query-plan deduplication. Reduces evaluation overhead in multi-action checks.
• Updated dependencies. Core libraries upgraded to latest Go 1.23 and Node 20 compatibility levels.
• AWS SAR packaging. The new Lambda distributions are available through the AWS Serverless Application Repository for one-click deployment.

Each of these supports the same goal: make Cerbos more predictable and operationally simple.