* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Computing](https://www2.paloaltonetworks.com/blog/category/cloud-computing-2/)
* Securing AWS Lambda Layer...

# Securing AWS Lambda Layers with Prisma Cloud

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecuring-aws-lambda-layers%2F)  
[](https://twitter.com/share?text=Securing+AWS+Lambda+Layers+with+Prisma+Cloud&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecuring-aws-lambda-layers%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecuring-aws-lambda-layers%2F&title=Securing+AWS+Lambda+Layers+with+Prisma+Cloud&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/securing-aws-lambda-layers/&ts=markdown)  
\[\](mailto:?subject=Securing AWS Lambda Layers with Prisma Cloud)  
Link copied  
By [Avi Shulman](https://www.paloaltonetworks.com/blog/author/avi-shulman/?ts=markdown "Posts by Avi Shulman")  
May 04, 2021  
3 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)  
[AWS Lambda](https://www.paloaltonetworks.com/blog/tag/aws-lambda/?ts=markdown)

Serverless architectures have created a new level of abstraction in cloud computing, allowing applications to be built from small, single-purpose pieces of code called functions. Developers frequently leverage third-party code libraries within these functions. Taking the concept one step further, AWS developed Lambda layers that allow separate functions to [share a single library](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html), thus reducing the overall size of a function's package and enabling faster deployment.

While Lambda layers are an incredibly helpful tool for developers, they can also contain vulnerabilities and cause compliance issues. To help customers continue to use these technologies securely, Prisma Cloud now lets users scan Lamba layers as part of their overall serverless function scanning.

## What is a Lambda Layer?

In a distributed and event-driven environment, serverless functions usually have a [single, dedicated purpose](https://www.paloaltonetworks.com/blog/prisma-cloud/automate-cloud-remediation-serverless-functions/). For example, a function might be used for processing an email or analyzing log messages.

To avoid code duplication, developers will build these functions using third-party code libraries. These libraries are often broadly applicable, meaning that they might be used by multiple functions within an application. So, the next question many developers had was whether they could easily share those libraries easily among functions. That's exactly what AWS was solving for when it introduced Lambda layers back in 2018.

A Lambda layer is essentially a way to share code and data among functions. It's a .zip archive that might contain libraries, data, a custom runtime and other dependencies.

Lambda layers have a separate deployment process from the functions themselves. When you deploy your function, you can state in the function's configuration which specific Lambda layer you want to leverage as part of the function's execution. In runtime, the Layers are extracted to the /opt directory within the function. You can refer to this path in your function's code.

## Scanning Lambda Layers in Prisma Cloud

When you add a serverless account, the "Scan Lambda Layers" toggle is on by default. All you have to do is onboard your accounts, and Prisma Cloud will do the rest.
![Creating a function scan scope that includes Lambda layers](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/05/word-image-10.png)
Creating a function scan scope that includes Lambda layers.

The scan results for the Lambda layers will appear in a separate tab, as seen in the screenshot below. Here you can quickly see any specific vulnerabilities or compliance issues that were identified within each layer.
![Lambda layers output in the Prisma Cloud console](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/05/word-image-11.png)
Lambda layers output in the Prisma Cloud console.

After detecting a vulnerable Lambda layer, the next step would be to search for the functions that utilize that layer. Then you can remediate the issue(s) by deploying a new, updated version of that layer and reconfiguring the functions to point to the updated version.

## Conclusion

Using Lambda layers, sharing data and code among functions has never been easier. That said, it's also easier than ever to share vulnerable libraries among those functions and applications. [Serverless scanning with Prisma Cloud](https://www.paloaltonetworks.com/blog/prisma-cloud/protect-serverless-functions/) helps ensure you don't neglect your Lambda layers when securing your serverless perimeter.

For technical reference, you can read the [serverless function scanning](https://docs.prismacloudcompute.com/docs/compute_edition_21_04/vulnerability_management/serverless_functions.html) section in our documentation. And you can learn more about securing diverse architectures into runtime with our latest ebook, [Why and How to Add Runtime Defense to Your Cloud Security Strategy](https://www.paloaltonetworks.com/resources/whitepapers/add-runtime-defense-cloud-security.html).

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Open Source License Detection and Expanded Git Repo Scanning](https://www2.paloaltonetworks.com/blog/cloud-security/open-source-license-detection-expanded-git-repo-scanning/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Better Together With IBM and Prisma Cloud Compute Edition](https://www2.paloaltonetworks.com/blog/cloud-security/better-together-ibm-prisma-cloud/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Automating Visibility and Protection for Cloud VMs](https://www2.paloaltonetworks.com/blog/cloud-security/automating-visibility-protection-cloud-vms/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud Automatically Secures Unprotected Cloud Workloads](https://www2.paloaltonetworks.com/blog/2021/04/april-2021-release-prisma-cloud/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Manage your Unmanaged Cloud with Prisma Cloud and Cortex Xpanse](https://www2.paloaltonetworks.com/blog/cloud-security/manage-unmanaged-cloud-prisma-cloud-and-cortex-xpanse/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Prisma Cloud Secures Containerized Apps on AWS-Optimized Bottlerocket](https://www2.paloaltonetworks.com/blog/cloud-security/secure-containerized-app-aws-bottlerocket/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language