AWS Lambda Layer Version

This page shows how to write Terraform and CloudFormation for Lambda Layer Version and write them securely.

aws_lambda_layer_version (Terraform)

The Layer Version in Lambda can be configured in Terraform with the resource name aws_lambda_layer_version. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

lambda_layers.tf#L1
resource "aws_lambda_layer_version" "lambda_layer_pymysql" {
  layer_name = "lambda_layer_pymysql"
  s3_bucket = var.lambda_layers_bucket
  s3_key = var.lambda_layer_pymysql_artifact
  compatible_runtimes = ["python3.8"]
}
lambda.tf#L79
resource "aws_lambda_layer_version" "reliability_lib" {
  filename            = "/tmp/reliability_lib.zip"
  layer_name          = "reliability_lib_packages"
  source_code_hash    = data.archive_file.reliability_lib.output_base64sha256
  compatible_runtimes = ["nodejs12.x", "nodejs14.x"]
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a Lambda Layer Version resource. Lambda Layers allow you to reuse shared bits of code across multiple lambda functions. For information about Lambda Layers and how to use them, see [AWS Lambda Layers][1]

Tips: Best Practices for The Other AWS Lambda Resources

In addition to the aws_lambda_permission, AWS Lambda has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_lambda_permission

Ensure to limit your Lambda function permission as much as possible

It is better for limiting the Lambda function permission to set `source_arn` if the ARN can be specified to grant permissions.

Review your AWS Lambda settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::Lambda::LayerVersion (CloudFormation)

The LayerVersion in Lambda can be configured in CloudFormation with the resource name AWS::Lambda::LayerVersion. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

Module.yml#L85
    Type: AWS::Lambda::LayerVersion
    Properties:
      CompatibleRuntimes:
        - dotnetcore2.1
      Content:
        { S3Bucket: !Ref LayerBucket, S3Key: !Ref ChromeZipS3Key }
source.yml#L7
    Type: AWS::Lambda::LayerVersion
    Properties:
      Content: ../../lambdas/layers/service_wrappers
      Description: Service wrappers for boto3 SDK
      LayerName: service_wrappers
      CompatibleRuntimes:
template.yml#L3
    Type: AWS::Lambda::LayerVersion
    Properties:
      Content:
        S3Bucket:
          Ref: AssetParameters5b980c3a65c1a797109094d3326214d38b23bf416049d4bdc07b64c255980690S3BucketA9EEE905
        S3Key:
serverless.yml#L20
      Type: AWS::Lambda::LayerVersion
      UpdateReplacePolicy: Retain
staging-lambda-layers.yml#L18
    Type: 'AWS::Lambda::LayerVersion'
    Properties:
      LayerName: 'apprise'
      Description: 'apprise Lambda Layer for Python 3.8'
      LicenseInfo: 'MIT'
      CompatibleRuntimes:
layers_with_intrinsics.json#L30
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "Content": {
          "S3Bucket": "sam-demo-bucket",
          "S3Key": "layer.zip"
        },
layers_with_intrinsics.json#L30
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "Content": {
          "S3Bucket": "sam-demo-bucket",
          "S3Key": "layer.zip"
        },
layers_with_intrinsics.json#L18
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "Content": {
          "S3Bucket": "sam-demo-bucket",
          "S3Key": "layer.zip"
        },
layers_with_intrinsics.json#L18
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "Content": {
          "S3Bucket": "sam-demo-bucket",
          "S3Key": "layer.zip"
        },
layers_with_intrinsics.json#L18
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "Content": {
          "S3Bucket": "sam-demo-bucket",
          "S3Key": "layer.zip"
        },

Parameters

Explanation in CloudFormation Registry

The AWS::Lambda::LayerVersion resource creates a Lambda layer from a ZIP archive.

Frequently asked questions

What is AWS Lambda Layer Version?

AWS Lambda Layer Version is a resource for Lambda of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Lambda Layer Version?

For Terraform, the Vizzyy/stunning-disco and cds-snc/forms-staging-terraform source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the LambdaSharp/SharpPuppets, tomashil/unit-testing-workshop and blakegreendev/cdk-twitter-blog source code examples are useful. See the CloudFormation Example section for further details.