diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml
index 37e250298dd..f3adac5be2a 100644
--- a/.github/workflows/publish_layer.yml
+++ b/.github/workflows/publish_layer.yml
@@ -67,8 +67,7 @@ jobs:
     with:
       stage: "BETA"
       artefact-name: "cdk-layer-artefact"
-    secrets:
-      target-account-role: ${{ secrets.AWS_LAYERS_BETA_ROLE_ARN }}
+      environment: "layer-beta"
 
   deploy-prod:
     needs:
@@ -77,5 +76,4 @@ jobs:
     with:
       stage: "PROD"
       artefact-name: "cdk-layer-artefact"
-    secrets:
-      target-account-role: ${{ secrets.AWS_LAYERS_PROD_ROLE_ARN }}
+      environment: "layer-prod"
diff --git a/.github/workflows/reusable_deploy_layer_stack.yml b/.github/workflows/reusable_deploy_layer_stack.yml
index 7c3cd2946e8..8a2c2130d2f 100644
--- a/.github/workflows/reusable_deploy_layer_stack.yml
+++ b/.github/workflows/reusable_deploy_layer_stack.yml
@@ -13,6 +13,9 @@ on:
       artefact-name:
         required: true
         type: string
+      environment:
+        required: true
+        type: string
     secrets:
       target-account-role:
         required: true
@@ -20,6 +23,7 @@ on:
 jobs:
   deploy-cdk-stack:
     runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
     defaults:
       run:
         working-directory: ./layer
@@ -58,7 +62,7 @@ jobs:
         uses: aws-actions/configure-aws-credentials@v1
         with:
           aws-region: ${{ matrix.region }}
-          role-to-assume: ${{ secrets.target-account-role }}
+          role-to-assume: ${{ secrets.AWS_LAYERS_ROLE_ARN }}
       - name: Setup Node.js
         uses: actions/setup-node@v3
         with: