Import fails in AWS Lambda Python 3.8 runtime due to `cryptography`

[felixhammerl]

When trying to import jwt in AWS Lambda with a python 3.8 with cryptography on a recent version, the following error is thrown.

[ERROR] Runtime.ImportModuleError: Unable to import module 'src/handler/authorizer': /lib64/libc.so.6: version `GLIBC_2.28' not found (required by /var/task/cryptography/hazmat/bindings/_rust.abi3.so)

Expected Result

Module gets imported

Actual Result

Import error (see above)

Reproduction Steps

import jwt

System Information

$ python -m jwt.help

{
  "cryptography": {
    "version": "38.0.1"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.8.12"
  },
  "platform": {
    "release": "21.2.0",
    "system": "Darwin"
  },
  "pyjwt": {
    "version": "2.4.0"
  }
}

Workaround

$ pipenv install cryptography==3.4.8

[felixhammerl]

Please note that this is not strictly an issue with the pyjwt library. However, I can hardly be the only person running into this, so I'd like to open the discussion here.

Any fix will likely have to happen upstream.

[eva-mueller-coremedia]

My AWS lambda (Python 3.9) ran into the same error when using

pyjwt==2.5.0
pyjwt[crypto]==2.5.0
cryptography==38.0.1

The following downgrade worked for me:

cryptography==37.0.4

AWS Lambda Python 3.9 uses an Amazon Linux 2 which itself

comes with GCC 7.3, Glibc 2.26, and Binutils 2.29.1

I also found this issue: https://github.com/pyca/cryptography/issues/6391#issuecomment-1110124861 And an AWS blogpost: https://aws.amazon.com/premiumsupport/knowledge-center/lambda-python-package-compatible/

So I think you can either use

cryptography==37.0.4

or use --platform manylinux2010_x86_64 --only-binary=:all: when installing cryptography

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

[lucasboscatti]

@eva-mueller-coremedia it worked for me. Thank you!