问题
I have some lambda functions and I usually grant access to thirds devs to my AWS account.
They eventually can request my lambda functions for working or testing purposes but I want to prevent them to download the source code.
Is there a way to manage who can download (or not) my lambda files ?
回答1:
This will come down to the specifics of how they test the lambda; specially, how your lambda is configured and the users access permissions. Typically there is 3 scenarios that could play out here:
If you have a non-zipped lambda and the IAM user is granted console management access then the answer is no. There is no method to prevent them copying the code.
If you have a non-zipped lambda and the user is only provided Cli permissions then you can restrict their right on IAM to prevent getting the source code.
If you have a zipped lambda and save the source code resides in S3, then you can restrict IAM permissions on the user to prevent downloading the lambda code. This applies to both Users with Console Management access and/or Cli access.
Note: General rule of thumb here is if they can see the code they can copy it. Which means it will be awfully hard for them to 'test' the code. If they are a 3rd party, you're much better putting in place a contractual agreement to prevent them retaining any copy of the code beyond the purposes of the project
来源:https://stackoverflow.com/questions/61501258/how-to-prevent-devs-to-download-lambda-function