aws-lambda: calculateLayersHash includes all stack layers instead of only function's layers

[florianPat]

Describe the bug

The calculateLayersHash function in function-hash.js uses lambda._layers to calculate the function's hash. However, _layers contains all
layers registered in the stack if the layer is imported, not just the layers attached to that specific function. This causes unrelated functions' hashes to change when adding layers to other functions.

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Library Version

No response

Expected Behavior

calculateLayersHash should only include layers that are actually attached to the specific function, not all layers in the stack.

Current Behavior

The hash calculation includes all layers from lambda._layers, which contains all layers registered in the stack. This means:

• Adding a layer to Function B changes Function A's hash
• Function versions are created even if the function did not change, which leads to a "currentVersion already exists" cloudformation error on deployment, and the stack rolls back

Reproduction Steps

typescript
import * as cdk from 'aws-cdk-lib';
import * as lambda from 'aws-cdk-lib/aws-lambda';

const stack = new cdk.Stack(app, 'TestStack');

// Create two layers
const layer1 = lambda.LayerVersion.fromLayerVersionArn(
stack, 'Layer1',
'arn:aws:lambda:us-east-1:123456789012:layer:my-layer-1:1'
);

const layer2 = lambda.LayerVersion.fromLayerVersionArn(
stack, 'Layer2',
'arn:aws:lambda:us-east-1:123456789012:layer:my-layer-2:1'
);

// Function A with layer1
const functionA = new lambda.Function(stack, 'FunctionA', {
runtime: lambda.Runtime.NODEJS_18_X,
handler: 'index.handler',
code: lambda.Code.fromInline('exports.handler = async () => {}'),
layers: [layer1],
});

// Function B with layer2
const functionB = new lambda.Function(stack, 'FunctionB', {
runtime: lambda.Runtime.NODEJS_18_X,
handler: 'index.handler',
code: lambda.Code.fromInline('exports.handler = async () => {}'),
layers: [layer2],
});

// Debug: functionA._layers contains BOTH layer1 and layer2
// This causes functionA's hash to include layer2 even though it's not attached

Possible Solution

No response

Additional Information/Context

The issue is in the calculateLayersHash function in function-hash.js which iterates over
lambda._layers instead of the actual layers attached to the function (which should be retrieved from the CloudFormation properties) with the feature flag LAMBDA_RECOGNIZE_LAYER_VERSION which is enabled by default.

AWS CDK Library version (aws-cdk-lib)

2.234.1

AWS CDK CLI version

2.1101.0

Node.js Version

v24.4.1

OS

Linux

Language

TypeScript

Language Version

No response

Other information

No response

[pahud]

Hi @florianPat,

Thank you for reporting this issue! You've identified a legitimate bug in the calculateLayersHash function. The problem is that when the LAMBDA_RECOGNIZE_LAYER_VERSION feature flag is enabled (default), the hash calculation incorrectly uses fn._layers which contains all layers registered in the stack for imported layers, rather than just the layers attached to the specific function.

This causes the issues you described:

• Function A's hash changes when Layer 2 is added to Function B
• Unnecessary version creation leading to "currentVersion already exists" CloudFormation errors

The fix should modify the hash calculation to use only the layers actually attached to the function, likely by extracting them from the CloudFormation properties instead of the internal _layers array.

This is a great candidate for a community contribution! The fix would involve:

1. Modifying the calculateFunctionHash function to pass function-specific layers
2. Ensuring the layers are extracted from the actual function configuration
3. Adding tests to verify the fix

Thanks for helping improve the CDK! 🚀