AWSGlossary

Lambda Layers: What They Are and How to Use Them

Definition

AWS Lambda Layers are reusable ZIP archives that package shared code, libraries, custom runtimes, or configuration and can be attached to multiple Lambda functions. Instead of bundling the same dependencies into every function's deployment package, you publish them once as a layer and reference the layer from each function. At invocation, Lambda extracts the layer's contents into the execution environment under /opt, where your function code can read and import them. Layers reduce duplication, speed deployments, and enforce consistency across a serverless fleet.

How It Works

A Lambda Layer is a ZIP file (up to 250 MB unzipped, including all layers plus function code) structured so that its contents end up under /opt inside the Lambda execution environment. Different runtimes look in different subdirectories:

  • Node.js/opt/nodejs/node_modules
  • Python/opt/python or /opt/python/lib/python3.x/site-packages
  • Java/opt/java/lib
  • Ruby/opt/ruby/gems
  • C# (.NET)/opt on LD_LIBRARY_PATH
  • All runtimes/opt/bin is on PATH, and /opt/lib is on LD_LIBRARY_PATH.

You create a layer with the PublishLayerVersion API (or the console, SAM, or CDK), giving it a name and a ZIP payload. Each publish creates a new layer version (immutable). Functions reference a specific layer version ARN; you can attach up to 5 layers to a single function (counted against the 250 MB unzipped combined limit).

Lifecycle and sharing

  • Versioning — layer versions are immutable; publishing a new bundle creates a new version number. Functions are pinned to specific versions for deterministic deploys.
  • Cross-account sharing — you can grant another AWS account or AWS Organization the right to use a layer version via AddLayerVersionPermission. Common for internal platform teams and shared utilities.
  • Region-scoped — layers live in a single region; cross-region use requires republishing the layer in each region.
  • AWS-managed layers — AWS publishes several useful layers, including the scikit-learn / NumPy / SciPy bundle, AWS Lambda Powertools (Node/Python/.NET/Java), and the AWS SDK for Pandas (awswrangler).
  • Compatible runtimes and architectures — a layer declares which runtimes (e.g., python3.11) and architectures (x86_64, arm64) it supports, so Lambda prevents mismatched attachments.

Key Features and Limits

  • Max unzipped size: 250 MB across all layers + function code combined.
  • Max layers per function: 5.
  • Immutable versions: every publish creates a new version number.
  • Permissions: layer policies allow cross-account and cross-organization sharing.
  • Architectures: layers can target x86_64, arm64, or both.
  • Extraction location: /opt at invocation time.
  • Lambda Extensions run as layers — external extensions receive lifecycle events via the Extensions API and typically run observability agents (Datadog, New Relic, Honeycomb) or secrets cachers (AWS Parameters and Secrets Lambda Extension).
  • Does not reduce cold-start cost — layer contents are still bundled into the execution environment; they are downloaded and extracted at cold start like any other package bytes.
  • Not a replacement for container images when bundles exceed 250 MB — use container images (up to 10 GB) instead.

Common Use Cases

  1. Shared business libraries — a platform team publishes a layer with logging, metrics, auth, and config helpers; every Lambda imports from it.
  2. Custom runtimes — run Rust, Swift, or COBOL on Lambda by packaging the runtime bootstrap in a layer.
  3. Observability agents — Datadog, New Relic, Lumigo, and AWS Distro for OpenTelemetry (ADOT) ship layers that hook into Lambda Extensions.
  4. Secrets caching — the AWS Parameters and Secrets Lambda Extension layer caches Parameter Store / Secrets Manager values inside the execution environment to cut GetParameter calls.
  5. Data-science dependencies — scikit-learn, pandas, NumPy are often too big for a per-function ZIP but fit neatly in a reusable layer.
  6. Consistent static assets or configuration — shared JSON schemas, certificates, or GeoIP databases mounted at /opt.

Pricing Model

Layers themselves are free. You pay the standard Lambda costs for the functions that use them — invocations, duration at your memory tier, and any Provisioned Concurrency. The layer's bytes count toward the 250 MB unzipped package limit and therefore toward cold-start download and extract time, but there is no separate charge per layer or per attachment.

Cross-account sharing is free. Cross-region deployments require re-publishing in each region (but the storage is still free).

Pros and Cons

Pros

  • Single source of truth for shared code — fewer drift bugs across functions.
  • Faster function deploys when only the function code changes (CI doesn't need to re-bundle dependencies).
  • First-class cross-account sharing supports platform-team models.
  • Extensions API unlocks ecosystem tools (Datadog, New Relic, Powertools, secrets caching).

Cons

  • Still bound by the 250 MB package limit — very large ML models won't fit.
  • 5-layer cap; platform teams with many shared concerns hit it quickly.
  • Versioning burden — bumping a shared layer means updating every dependent function (usually automated via CI or CDK).
  • Cold-start impact is the same as bundling the code directly.
  • Not cross-region — republish per region.

Comparison with Alternatives

| | Lambda Layers | Container Images | Bundled ZIP dependencies | Git submodules | | --- | --- | --- | --- | --- | | Max size | 250 MB unzipped (combined) | 10 GB image | 250 MB | N/A | | Runtime support | All Lambda runtimes | All (custom base image) | All | Build-time only | | Cross-account sharing | Yes | Via ECR permissions | No | Git ACL | | Cold-start cost | Same as bundled | Sometimes faster with layer caching | Same as bundled | N/A | | Best for | Shared libs, runtimes, Extensions | Big bundles, ML models, custom OS | Simple single-function deploys | Source-code sharing, not runtime |

For bundles that exceed 250 MB (e.g., a Stable Diffusion or sklearn-heavy Lambda), container images are the right answer. For Extensions and sub-250 MB shared code, layers remain the simplest option.

Exam Relevance

  • Developer Associate (DVA-C02) — know the 250 MB unzipped limit, the 5 layers per function cap, that layer contents land under /opt, and that layers are the mechanism for custom runtimes and Lambda Extensions.
  • Solutions Architect Associate (SAA-C03) — recognize layers as the lightweight option for shared code vs container images for large bundles.
  • DevOps Professional (DOP-C02) — CI/CD strategies for layer versioning, cross-account sharing, and rolling out layer updates without breaking dependent functions.

Common exam trap: questions about a 1 GB ML model on Lambda — layers cannot hold that; the right answer is a container image (up to 10 GB) or an external store like EFS mounted to the function.

Frequently Asked Questions

Q: What's the difference between a Lambda Layer and a Lambda Extension?

A: A Lambda Layer is a package-distribution mechanism: it delivers files to /opt in the execution environment. A Lambda Extension is a runtime component — a process running alongside your function that uses the Extensions API to receive lifecycle events (INIT, INVOKE, SHUTDOWN). Extensions are usually shipped as layers (the layer provides the extension binary to /opt/extensions), so in practice you often hear "the Datadog layer" — meaning a layer whose purpose is to install a Datadog extension. The two concepts are complementary: layers deliver; extensions run.

Q: Do Lambda Layers reduce cold-start time?

A: Not by themselves. A layer's bytes still count toward your function's package size, which is downloaded and extracted at cold start just like bundled dependencies. Layers' real benefits are organizational: single source of truth for shared code, faster CI when function code changes but deps don't, and cross-account sharing for platform teams. To actually reduce cold starts, shrink the total package, use Graviton (arm64), enable SnapStart (supported runtimes), or use Provisioned Concurrency.

Q: Can I share a layer across AWS accounts?

A: Yes. Call AddLayerVersionPermission on a specific layer version and grant lambda:GetLayerVersion to another AWS account ID, to an AWS Organizations organization ID, or to * (public). Consumers then reference the layer by its ARN. This pattern is common for internal platform teams that publish a shared layer in a central account and let workload accounts pull it. Layers are still region-scoped — republish in each region where consumers run.

This article reflects AWS features and pricing as of 2026. AWS services evolve rapidly — always verify against the official AWS Lambda Layers documentation before making production decisions.

Published: 4/17/2026 / Updated: 4/17/2026

This article is for informational purposes only. AWS services, pricing, and features change frequently — always verify details against the official AWS documentation before making production decisions.

More in Compute

Lambda Function URL: Direct Invocation & Use Cases

What is a Lambda Function URL? A dedicated HTTPS endpoint for direct Lambda function invocation. Learn its benefits and when to use it.

Lambda SnapStart: Reduce Cold Starts & Improve Performance

AWS Lambda SnapStart optimizes function startup time by caching initialized states. Learn how it works and when to use this performance feature.

AWS App Runner: Deploy Containerized Apps Easily

AWS App Runner is a fully managed service for deploying containerized web apps and APIs. Go from source code to scalable apps in minutes. Learn when to use it.

Elastic GPUs: How It Worked & When to Use It

Amazon Elastic GPUs (now Elastic Graphics) offered network-based graphics acceleration for EC2. Learn about its features and historical use cases.

EC2 Instance Store: High Performance Temporary Storage

EC2 Instance Store offers temporary, block-level storage physically attached to your EC2 instance for high I/O performance. Learn when to use it.

View all Computeterms →