diff --git a/cdk-infra/lib/constructs/worker/worker-construct.ts b/cdk-infra/lib/constructs/worker/worker-construct.ts
index 53d75c9fa..90ec0b7b7 100644
--- a/cdk-infra/lib/constructs/worker/worker-construct.ts
+++ b/cdk-infra/lib/constructs/worker/worker-construct.ts
@@ -7,12 +7,13 @@ import {
   FargateTaskDefinition,
   LogDrivers,
 } from 'aws-cdk-lib/aws-ecs';
-import { Effect, IRole, PolicyStatement, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
+import { AnyPrincipal, Effect, IRole, PolicyStatement, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
 import { LogGroup } from 'aws-cdk-lib/aws-logs';
 import { IQueue } from 'aws-cdk-lib/aws-sqs';
 import { Construct } from 'constructs';
 import path from 'path';
 import { getEnv, isEnhanced } from '../../../utils/env';
+import { FileSystem } from 'aws-cdk-lib/aws-efs';
 
 interface WorkerConstructProps {
   dockerEnvironment: Record<string, string>;
@@ -72,12 +73,43 @@ export class WorkerConstruct extends Construct {
       },
     };
 
+    const fileSystem = new FileSystem(this, 'snootyCacheFileSystem', {
+      vpc,
+    });
+
+    fileSystem.addAccessPoint('cache/', {
+      path: '/cache',
+    });
+
+    fileSystem.addToResourcePolicy(
+      new PolicyStatement({
+        actions: ['elasticfilesystem:ClientMount'],
+        principals: [new AnyPrincipal()],
+        conditions: {
+          Bool: {
+            'elasticfilesystem:AccessedViaMountTarget': 'true',
+          },
+        },
+      })
+    );
+
+    fileSystem.grantReadWrite(taskRole);
+
+    const VOLUME_NAME = 'efsVolume';
     const taskDefLogGroup = new LogGroup(this, 'workerLogGroup');
     const taskDefinition = new FargateTaskDefinition(this, 'workerTaskDefinition', {
       cpu: 4096,
       memoryLimitMiB: 8192,
       taskRole,
       executionRole,
+      volumes: [
+        {
+          name: VOLUME_NAME,
+          efsVolumeConfiguration: {
+            fileSystemId: fileSystem.fileSystemId,
+          },
+        },
+      ],
     });
 
     const updateTaskProtectionPolicy = new PolicyStatement({
@@ -93,14 +125,20 @@ export class WorkerConstruct extends Construct {
 
     taskRole.addToPolicy(updateTaskProtectionPolicy);
 
-    taskDefinition.addContainer('workerImage', {
-      image: ContainerImage.fromAsset(path.join(__dirname, '../../../../'), containerProps),
-      environment: dockerEnvironment,
-      logging: LogDrivers.awsLogs({
-        streamPrefix: 'autobuilderworker',
-        logGroup: taskDefLogGroup,
-      }),
-    });
+    taskDefinition
+      .addContainer('workerImage', {
+        image: ContainerImage.fromAsset(path.join(__dirname, '../../../../'), containerProps),
+        environment: dockerEnvironment,
+        logging: LogDrivers.awsLogs({
+          streamPrefix: 'autobuilderworker',
+          logGroup: taskDefLogGroup,
+        }),
+      })
+      .addMountPoints({
+        sourceVolume: VOLUME_NAME,
+        containerPath: '/cache',
+        readOnly: false,
+      });
 
     const env = getEnv();
 
diff --git a/cdk-infra/package-lock.json b/cdk-infra/package-lock.json
index d2462491b..beb97daaa 100644
--- a/cdk-infra/package-lock.json
+++ b/cdk-infra/package-lock.json
@@ -9,7 +9,7 @@
       "version": "0.1.0",
       "dependencies": {
         "@aws-sdk/client-ssm": "^3.342.0",
-        "aws-cdk-lib": "2.73.0",
+        "aws-cdk-lib": "2.121.1",
         "constructs": "^10.0.0",
         "source-map-support": "^0.5.21"
       },
@@ -21,7 +21,7 @@
         "@swc/helpers": "^0.5.1",
         "@types/jest": "^29.4.0",
         "@types/node": "18.14.6",
-        "aws-cdk": "2.73.0",
+        "aws-cdk": "2.121.1",
         "esbuild": "^0.18.3",
         "jest": "^29.5.0",
         "regenerator-runtime": "^0.13.11",
@@ -44,19 +44,19 @@
       }
     },
     "node_modules/@aws-cdk/asset-awscli-v1": {
-      "version": "2.2.138",
-      "resolved": "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.138.tgz",
-      "integrity": "sha512-1GPAkidoyOFPhOZbkaxnclNBSBxxcN8wejpSMCixifbPvPFMvJXjMd19Eq4WDPeDDHUEjuJU9tEtvzq3OFE7Gw=="
+      "version": "2.2.201",
+      "resolved": "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.201.tgz",
+      "integrity": "sha512-INZqcwDinNaIdb5CtW3ez5s943nX5stGBQS6VOP2JDlOFP81hM3fds/9NDknipqfUkZM43dx+HgVvkXYXXARCQ=="
     },
     "node_modules/@aws-cdk/asset-kubectl-v20": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/@aws-cdk/asset-kubectl-v20/-/asset-kubectl-v20-2.1.1.tgz",
-      "integrity": "sha512-U1ntiX8XiMRRRH5J1IdC+1t5CE89015cwyt5U63Cpk0GnMlN5+h9WsWMlKlPXZR4rdq/m806JRlBMRpBUB2Dhw=="
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/@aws-cdk/asset-kubectl-v20/-/asset-kubectl-v20-2.1.2.tgz",
+      "integrity": "sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg=="
     },
-    "node_modules/@aws-cdk/asset-node-proxy-agent-v5": {
-      "version": "2.0.114",
-      "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v5/-/asset-node-proxy-agent-v5-2.0.114.tgz",
-      "integrity": "sha512-xXSptpTYIlxQyTpVud2N6/vzHaAsUSWtDrPxdEZoIJESuZJZKLP69PhELwG/NsD6WtxpWYa6LO6s2qvJhRUjew=="
+    "node_modules/@aws-cdk/asset-node-proxy-agent-v6": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz",
+      "integrity": "sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg=="
     },
     "node_modules/@aws-crypto/crc32": {
       "version": "3.0.0",
@@ -2823,9 +2823,9 @@
       }
     },
     "node_modules/aws-cdk": {
-      "version": "2.73.0",
-      "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.73.0.tgz",
-      "integrity": "sha512-4ZnY+OS83goCzv+1sCEpNTNiXWjY6KBzic2RNUObzpHjUskRSwUCtaeiv6OyZ55DZoP0tneAmWIBXHfixJ7iQw==",
+      "version": "2.121.1",
+      "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.121.1.tgz",
+      "integrity": "sha512-T8UFuNGDnXNmcHagCGeQ8xQA3zU/o2ENuyGXO/ho+U3KyYs7tnWIr++ovrp2FvhiBpmBv6SuKiueBA6OW7utBw==",
       "dev": true,
       "bin": {
         "cdk": "bin/cdk"
@@ -2838,9 +2838,9 @@
       }
     },
     "node_modules/aws-cdk-lib": {
-      "version": "2.73.0",
-      "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.73.0.tgz",
-      "integrity": "sha512-r9CUe3R7EThr9U0Eb7kQCK4Ee34TDeMH+bonvGD9rNRRTYDauvAgNCsx4DZYYksPrXLRzWjzVbuXAHaDDzWt+A==",
+      "version": "2.121.1",
+      "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.121.1.tgz",
+      "integrity": "sha512-wrOHDDQqVuH2tRTH7p2LaMPVI3V2bqr8X//Qrhy+hOFA04u2MVetQYev+NgMXPjNzU9IGX2wy1Fs9Y/ntq2sQA==",
       "bundleDependencies": [
         "@balena/dockerignore",
         "case",
@@ -2854,17 +2854,17 @@
         "yaml"
       ],
       "dependencies": {
-        "@aws-cdk/asset-awscli-v1": "^2.2.97",
-        "@aws-cdk/asset-kubectl-v20": "^2.1.1",
-        "@aws-cdk/asset-node-proxy-agent-v5": "^2.0.77",
+        "@aws-cdk/asset-awscli-v1": "^2.2.201",
+        "@aws-cdk/asset-kubectl-v20": "^2.1.2",
+        "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.1",
         "@balena/dockerignore": "^1.0.2",
         "case": "1.6.3",
-        "fs-extra": "^9.1.0",
-        "ignore": "^5.2.4",
+        "fs-extra": "^11.2.0",
+        "ignore": "^5.3.0",
         "jsonschema": "^1.4.1",
         "minimatch": "^3.1.2",
-        "punycode": "^2.3.0",
-        "semver": "^7.3.8",
+        "punycode": "^2.3.1",
+        "semver": "^7.5.4",
         "table": "^6.8.1",
         "yaml": "1.10.2"
       },
@@ -2925,14 +2925,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/aws-cdk-lib/node_modules/at-least-node": {
-      "version": "1.0.0",
-      "inBundle": true,
-      "license": "ISC",
-      "engines": {
-        "node": ">= 4.0.0"
-      }
-    },
     "node_modules/aws-cdk-lib/node_modules/balanced-match": {
       "version": "1.0.2",
       "inBundle": true,
@@ -2987,26 +2979,25 @@
       "license": "MIT"
     },
     "node_modules/aws-cdk-lib/node_modules/fs-extra": {
-      "version": "9.1.0",
+      "version": "11.2.0",
       "inBundle": true,
       "license": "MIT",
       "dependencies": {
-        "at-least-node": "^1.0.0",
         "graceful-fs": "^4.2.0",
         "jsonfile": "^6.0.1",
         "universalify": "^2.0.0"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=14.14"
       }
     },
     "node_modules/aws-cdk-lib/node_modules/graceful-fs": {
-      "version": "4.2.10",
+      "version": "4.2.11",
       "inBundle": true,
       "license": "ISC"
     },
     "node_modules/aws-cdk-lib/node_modules/ignore": {
-      "version": "5.2.4",
+      "version": "5.3.0",
       "inBundle": true,
       "license": "MIT",
       "engines": {
@@ -3073,7 +3064,7 @@
       }
     },
     "node_modules/aws-cdk-lib/node_modules/punycode": {
-      "version": "2.3.0",
+      "version": "2.3.1",
       "inBundle": true,
       "license": "MIT",
       "engines": {
@@ -3089,7 +3080,7 @@
       }
     },
     "node_modules/aws-cdk-lib/node_modules/semver": {
-      "version": "7.3.8",
+      "version": "7.5.4",
       "inBundle": true,
       "license": "ISC",
       "dependencies": {
@@ -3158,7 +3149,7 @@
       }
     },
     "node_modules/aws-cdk-lib/node_modules/universalify": {
-      "version": "2.0.0",
+      "version": "2.0.1",
       "inBundle": true,
       "license": "MIT",
       "engines": {
diff --git a/cdk-infra/package.json b/cdk-infra/package.json
index 71416e9a9..8f1bf843f 100644
--- a/cdk-infra/package.json
+++ b/cdk-infra/package.json
@@ -21,7 +21,7 @@
     "@swc/helpers": "^0.5.1",
     "@types/jest": "^29.4.0",
     "@types/node": "18.14.6",
-    "aws-cdk": "2.73.0",
+    "aws-cdk": "2.121.1",
     "esbuild": "^0.18.3",
     "jest": "^29.5.0",
     "regenerator-runtime": "^0.13.11",
@@ -31,7 +31,7 @@
   },
   "dependencies": {
     "@aws-sdk/client-ssm": "^3.342.0",
-    "aws-cdk-lib": "2.73.0",
+    "aws-cdk-lib": "2.121.1",
     "constructs": "^10.0.0",
     "source-map-support": "^0.5.21"
   }