To view lambda image source code

Hello, I have two AWS accounts where in the server account ecr I store the container image and in the client account, I use this image for a lambda. Assuming the client has full access only to the client account, does the client have access to the image (maybe after doing some manipulation to the lambda config/ setting) so that somehow he can access the source code?

トピック

サーバーレス計算する AWS Well-Architected Framework 管理とガバナンス

タグ

AWS Lambda セキュリティ AWS アカウントマネジメント

言語

English

Jehan

質問済み 3ヶ月前187ビュー

1回答

新しい順
投票が多い順
コメントが多い順

これらの回答は役に立ちましたか？コミュニティがあなたの知識を活用できるように、正解に賛成票を投じてください。

If you are deploying a Lambda function to an account (yours or the customers) where your customer has permissions to access Lambda then they can view, update or execute the Lambda function in line with the permissions they have in that account. Accessing the source code is included in "view".

エキスパート

Brettski-AWS

回答済み 3ヶ月前

Jehan
3ヶ月前
There is no view in lambda if it's an image right? how can they view/ update the code there then?
Brettski-AWS エキスパート
3ヶ月前
To answer that question I'd need to know specifically what permissions the customer has and what you mean by "it's an image". Could you explain further in detail?
Jehan
3ヶ月前
Thank you for your input on the matter. To give you more information, the Customers have full access to their account (client account) where lambda is set up. But the lambda uses a docker image (https://docs.aws.amazon.com/lambda/latest/dg/images-create.html ) from another account (server account) where cross-account policies allowing actions: "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer".
Brettski-AWS エキスパート
3ヶ月前
If the image is download into a customer account then they have access to it.

To view lambda image source code

関連するコンテンツ