To view lambda image source code

Hello, I have two AWS accounts where in the server account ecr I store the container image and in the client account, I use this image for a lambda. Assuming the client has full access only to the client account, does the client have access to the image (maybe after doing some manipulation to the lambda config/ setting) so that somehow he can access the source code?

Sujets

Sans serveur Calcul Framework AWS Well-Architected Gestion et gouvernance

Balises

AWS Lambda Sécurité AWS Account Management

Langue

English

Jehan

demandé il y a 3 mois188 vues

1 réponse

Le plus récent
Le plus de votes
La plupart des commentaires

Ces réponses sont-elles utiles ? Votez pour la bonne réponse pour aider la communauté à bénéficier de vos connaissances.

If you are deploying a Lambda function to an account (yours or the customers) where your customer has permissions to access Lambda then they can view, update or execute the Lambda function in line with the permissions they have in that account. Accessing the source code is included in "view".

EXPERT

Brettski-AWS

répondu il y a 3 mois

Jehan
il y a 3 mois
There is no view in lambda if it's an image right? how can they view/ update the code there then?
Brettski-AWS EXPERT
il y a 3 mois
To answer that question I'd need to know specifically what permissions the customer has and what you mean by "it's an image". Could you explain further in detail?
Jehan
il y a 3 mois
Thank you for your input on the matter. To give you more information, the Customers have full access to their account (client account) where lambda is set up. But the lambda uses a docker image (https://docs.aws.amazon.com/lambda/latest/dg/images-create.html ) from another account (server account) where cross-account policies allowing actions: "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer".
Brettski-AWS EXPERT
il y a 3 mois
If the image is download into a customer account then they have access to it.

Contenus pertinents

My account is not recognized
juan ortega
demandé il y a un an
account is currently blocked and not recognized as a valid account
Yves Boah
demandé il y a un an
the logon attempt failed
rePost-User-7377810
demandé il y a un an
Création image AMI fait passer instance EC2 en erreur
Erwan
demandé il y a un an
Comment puis-je résoudre l'erreur « You have exceeded the allowed number of AWS accounts. » (Vous avez dépassé le nombre autorisé de comptes AWS.) pour AWS Organizations ?
AWS OFFICIELA mis à jour il y a un an
Comment puis-je résoudre l'erreur « Lambda n'est pas autorisé à accéder à l'image ECR… » associée à une fonction Lambda avec une image de conteneur ?
AWS OFFICIELA mis à jour il y a un an
Pourquoi le message d’erreur « The snapshot is currently in use by an AMI » s’affiche-t-il lorsque je tente de supprimer mon instantané Amazon EBS ?
AWS OFFICIELA mis à jour il y a 4 mois
Comment utiliser les images de conteneurs avec Lambda ?
AWS OFFICIELA mis à jour il y a 2 ans