AWS CDK(Cloud Development Kit) comes with lambda-layer-awscli which allows you to build your private AWS Lambda layer with AWS CLI executable. This repository demonstrates how to create your own AWS Lambda layer with AWS CLI in AWS CDK.
import { App, CfnOutput, Construct, Stack, StackProps } from '@aws-cdk/core';
import * as layer from '@aws-cdk/lambda-layer-awscli';
export class MyStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps = {}) {
super(scope, id, props);
const awscliLayer = new layer.AwsCliLayer(this, 'AwsCliLayer');
new CfnOutput(this, 'LayerVersionArn', { value: awscliLayer.layerVersionArn })
const devEnv = {
account: process.env.CDK_DEFAULT_ACCOUNT,
region: process.env.CDK_DEFAULT_REGION,
const app = new App();
new MyStack(app, 'awscli-layer-stack', { env: devEnv });
After deployment, the AWS Lambda layer version ARN will be returned and you can use this ARN in your Lambda functions in the same AWS region.
awscli-layer-stack.LayerVersionArn = arn:aws:lambda:us-east-1:123456789012:layer:AwsCliLayerF44AAF94:34
The AwsCliLayer from AWS CDK upstream does not allow you to pass custom Dockerfile(see the built-in Dockerfile). To customize the layer, we simply create our own AwsCliLayer
construct class in our CDK application with our custom Dockerfile
cd src/custom-layer
# edit and customize the Dockerfile under the `custom-layer` directory
# login ECR public
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin
# generate the from Dockerfile
Now prepare your custom AwsCliLayer
construct class and run cdk deploy
to generate your own layer.
import { App, CfnOutput, Construct, Stack, StackProps } from '@aws-cdk/core';
import * as layer from '@aws-cdk/lambda-layer-awscli';
import * as customlayer from './custom-layer/custom-layer';
export class CustomLayerStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps = {}) {
super(scope, id, props);
const awscliLayer = new customlayer.AwsCliLayer(this, 'CustomAwsCliLayer');
new CfnOutput(this, 'LayerVersionArn', { value: awscliLayer.layerVersionArn });
// for development, use account/region from cdk cli
const devEnv = {
account: process.env.CDK_DEFAULT_ACCOUNT,
region: process.env.CDK_DEFAULT_REGION,
const app = new App();
new CustomLayerStack(app, 'custom-awscli-layer-stack', { env: devEnv });
This sample code is made available under the MIT-0 license. See the LICENSE file.