Posted inAWS

Using AWS SAM to Define and Share Lambda Layers

No Comments

AWS Lambda layers simplify code management by enabling you to share libraries, runtimes, and other resources across multiple functions. This post dives into how AWS SAM defines Lambda layers and how to share layers with others.

AWS SAM

Defining Lambda Layers in AWS SAM

Lambda Layers

AWS SAM uses the AWS::Serverless::Function resource to define Lambda functions, and you can include

layers as a property of your functions. Layers are added as a list of ARNs, each specifying the layer version.

Example: Including a Layer in a Lambda Function

Here’s a sample SAM template snippet:

MyLambdaFunction:
  Type: AWS::Serverless::Function
  Properties:
    CodeUri: myFunction/
    Handler: app.handler
    MemorySize: 128
    Layers:
      - !Ref SharpLayerARN

In this example:

  • CodeUri points to the function code.
  • Layers lists ARNs of the layers to include. These can be created separately and referenced in the template.

Sharing Lambda Layers

By default, Lambda layers are private to your account. However, you can share them with other AWS accounts or make them public.

Sharing a Layer Using the AWS CLI

To share a layer, use the add-layer-version-permission command:

aws lambda add-layer-version-permission \
  --layer-name node-sharp \
  --principal '*' \
  --action lambda:GetLayerVersion \
  --version-number 3 \
  --statement-id public \
  --region us-east-1

Parameters Explained:

  • --layer-name: The name of the layer.
  • --principal: The account ID or * to make it public.
  • --action: Permission action; for layers, it’s always lambda:GetLayerVersion.
  • --version-number: Specifies the layer version.
  • --statement-id: A unique identifier for the permission.
  • --region: The AWS Region where the layer is deployed.

Viewing Layer Permissions

To verify the permissions of a layer version, use the get-layer-version-policy command:

aws lambda get-layer-version-policy \
  --layer-name node-sharp \
  --version-number 3 \
  --region us-east-1

Removing Layer Permissions

To delete permissions associated with a layer version, use the remove-layer-version-permission command:

aws lambda remove-layer-version-permission \
  --layer-name node-sharp \
  --statement-id public \
  --version-number 3 \
  --region us-east-1

After removing permissions, attempting to retrieve the policy with get-layer-version-policy results in an error.

Best Practices for Sharing Layers

  1. Lock Layer Versions: Layers are immutable once published, ensuring consistency for dependent Lambda functions.
  2. Use Descriptive Names: Clearly name layers and versions for easy identification.
  3. Minimize Public Sharing: Only make layers public if they’re safe and intended for broad usage.
  4. Test Layers Thoroughly: Verify functionality in a test environment before sharing.

AWS Lambda layers streamline dependency management by enabling code reuse across functions. They’re powerful for reducing function deployment size and sharing OS-specific binaries or common libraries. While layers are private by default, AWS CLI commands make it easy to share with specific accounts or publicly.

To learn more about Lambda layers, check out the AWS Lambda Layers Documentation.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *