AWS

How to Create and Share Lambda Layers

Lambda layer is a smart way to package the dependencies and libraries that simplify the serverless deployment. Layer is actually a zip file that contains all the dependencies. It shrinks down the size of the deployment package and makes your deployment more robust. Sometimes, it is needed to use the multiple lambda function for your application and every lambda function requires some same libraries, for example requests library. In that case, you need to create the layer which has the request library and attach the layer with your lambda functions. In this blog, we will study how to create the lambda layer and how to use it in your lambda function.

Creating Lambda Layer

AWS provides the following four ways to create the layers in lambda:

  • AWS Console
  • CloudFormation
  • Lambda API
  • SAM (Serverless Application Model)

In this blog, we will use the AWS console to create the lambda layer which includes the requests module. In order to create the layer, create an empty directory first to add the code for the layer.

ubuntu@ubuntu:~$ mkdir demo_requests

Go to the newly created directory and install the requests module.

ubuntu@ubuntu:~$ cd demo_requests
ubuntu@ubuntu:~$ pip3 install requests -t .

This command installs the requests library in this folder. In order to use this requests module as a layer, zip this folder first using the following command:

ubuntu@ubuntu:~$ zip -r demo_requests.zip demo_requests

After creating a zip file of the module, go to your lambda console and click on the Layers tab from the left side panel.

It opens the lambda layers console. You can add your layer by clicking on the create layer button.

A new page appears to enter the details of the lambda layer. Provide the name and description of the layer. For this demo, we use the demo_layer as the name of the layer.

Now, there are two options to provide the code to the layer – one is to upload a zip file and the other one is to upload the code from the S3 console. For this demo, we upload the zip file which includes the requests module.

For compatible architecture options, leave it blank and do not check any box for this option. As our layer code includes a requests module which is a Python module, the runtime for this layer is python. After entering all the required layer configuration, click on the create button to create the layer.

Using Lambda Layer in Your Lambda Function

In the previous section, we created a lambda layer which includes a requests module. Now, in this section, we add this lambda layer in our lambda function. In order to add a lambda layer in the lambda function, click on the lambda function and scroll down to the layers section.

Click on the Add a layer button to add a new layer to your lambda function. It opens a new page which asks for lambda layer details. There are three types of lambda layer sources:

  • AWS layers
  • Custom layers
  • Specify an ARN

In order to add a layer to the lambda function that we created in our account, we need to select the Custom layers option as layer source. After selecting the layer source, from the list, select a layer that you created in the previous section and click on the Add button to add the layer in your lambda function.

Now, after adding the layer, you do not need to install the requests module in your lambda function as we import the requests module via the lambda layer.

Sharing Lambda Layers

By default, the lambda layer is private and can only be used within your AWS account. But, you can manage the permissions of your lambda layer using the command line interface to share the layers with another AWS account or organization. AWS console does not have the feature of sharing the lambda layers with other AWS accounts. The add-layer-version-permission method is used to share the layers using the command line interface. In the coming sections of the blog, we will see how we can share the lambda layers with other AWS accounts or organizations.

Sharing Lambda Layer to Specific AWS Account

In order to share the lambda layer, the add-layer-version-permission method of command line interface is used. You need to specify the name of the layer that you want to share the statement-id, version-number, and AWS account ID to which you want to share the layer. The following is the command to share the lambda layer with another AWS account using the command line interface:

ubuntu@ubuntu:~$ aws lambda add-layer-version-permission \
  --layer-name demo_layer \
  --action lambda:GetLayerVersion \
  --statement-id statement-1 \
  --version-number 1
  --principal <aws account id> \

Sharing Lambda Layer Publicly

In order to share a lambda layer on your AWS account publicly to be accessible across all the AWS accounts, you just need to change the principal parameter of the command which is used in the previous section. Instead of specifying an AWS account ID, you need to use a “*” as principal to share the lambda layer publicly across all the AWS accounts.

ubuntu@ubuntu:~$ aws lambda add-layer-version-permission \
  --layer-name demo_layer \
  --statement-id statement-2 \
  --action lambda:GetLayerVersion \
  --principal * \
  --version-number 1

Sharing Lambda Layer with all AWS Accounts in an Organization

Just like an AWS account, the lambda layers can also be shared with all the AWS accounts in an organization. In order to share the lambda layer with all accounts in an organization, you need to add the organization-id parameter in the add-layer-version-permission command. Here is the command to share the lambda layer to all AWS accounts in an organization:

ubuntu@ubuntu:~$ aws lambda add-layer-version-permission \
  --layer-name demo_layer \
  --statement-id statement-3 \
  --action lambda:GetLayerVersion \
  --principal * \
  --organization-id <organization id> \
  --version-number 1

Conclusion

In this blog, we studied how to create and share the lambda layer to reuse the small chunks of our code into different lambda functions. We learned how to create a zip file of a Python requests library and created a lambda layer using this zip file. After creating the lambda layer, we added this lambda layer to our lambda function to increase the code reusability. Also, we discussed how we can share the lambda layers with specific AWS accounts and all the accounts in an Organization.

About the author

Zain Abideen

A DevOps Engineer with expertise in provisioning and managing servers on AWS and Software delivery lifecycle (SDLC) automation. I'm from Gujranwala, Pakistan and currently working as a DevOps engineer.