Lambda Layers

Posted Sunday, February 4, 2024.

I was making a Lambda using SPM (which required a generic amazonlinux2 runtime because there is no supported Swift runtime yet). I wanted to run some openssl commands from this lambda (specifically openssl smime), but was getting a not found error. Turns out you can add functionality like dependencies using Layers.

Note: The SPM archive plugin allows --base-docker-image custom-swift-image-with-openssl --disable-docker-image-update to use your own base image (custom-swift-image-with-openssl) which could have openssl installed on it but at the time this was not working so I had to investigate other methods which led me to layers


First, make a dockerfile:

FROM amazonlinux:2

WORKDIR /tmp/layer
RUN yum install openssl11 zip -y

CMD mkdir -p bin && \
mkdir -p lib && \
cp /bin/openssl11 ./bin/openssl && \
cp /usr/lib64/ ./lib && \
cp /usr/lib64/ ./lib && \
cp /usr/lib64/ ./lib && \
zip -r ./* && \
rm -rf lib bin

Extract the Layer

Then build and run the image to extract the layer:

mkdir -p ./Layer
docker image build -t openssl-layer .
docker run --rm -v ./Layer:/tmp/layer openssl-layer

Upload the Layer

Under Lambda settings go to Layers. Upload your layer, choose the appropriate architectures and compatible runtimes (in this case it would be amazonlinux 2).

Use the Layer & Use

Add the layer to your lambda. Now the lambda can openssl smime ....

Tagged With: