How to use a Lambda Layer

Terraform to deploy a lambda function with a layer, this deploys Boto3 as a layer, a bit strange but I needed the functionality to create an “Additional Checksum” with an s3 copy, this was not included in the version of Boto3 deployed with Lambda/Python.

lambda.tf

data "archive_file" "lambda-archive" {
  type        = "zip"
  source_file = "lambda/src/main.py"
  output_path = "lambda/packages/lambda_function.zip"
}

resource "aws_lambda_function" "lambda-function" {
  filename         = "lambda/packages/lambda_function.zip"
  function_name    = "layered-test"
  role             = aws_iam_role.role_for_lambda.arn
  handler          = "main.handle"
  source_code_hash = data.archive_file.lambda-archive.output_base64sha256
  runtime          = "python3.7"
  timeout          = 15
  memory_size      = 128
  layers           = [aws_lambda_layer_version.boto3_layer.arn]
}

resource "aws_lambda_layer_version" "boto3_layer" {
  filename            = "lambda/packages/boto3_v1.25.2.zip"
  layer_name          = "boto3_v1.25.2"
  source_code_hash    = filebase64sha256("lambda/packages/boto3_v1.25.2.zip")
  compatible_runtimes = ["python3.6", "python3.7"]
}

iam.tf

resource "aws_iam_role" "role_for_lambda" {
  name = "role-lambda"
  path = "/"
  permissions_boundary = "arn:aws:iam::987612344321:policy/permbound-Developer"
  assume_role_policy = "${file("assumerolepolicy.json")}"
  tags = {
    tag-key = "tag-value"
    }
  }

resource "aws_iam_role_policy_attachment" "lambda_basic_execution_policy_attachement" {
  role       = aws_iam_role.role_for_lambda.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

assumerolepolicy.json

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Terraform",
            "Effect": "Allow",
            "Action": "lambda:*"
        }
    ]
}