To view lambda image source code

Hello, I have two AWS accounts where in the server account ecr I store the container image and in the client account, I use this image for a lambda. Assuming the client has full access only to the client account, does the client have access to the image (maybe after doing some manipulation to the lambda config/ setting) so that somehow he can access the source code?

Topics

Serverless Compute AWS Well-Architected Framework Management & Governance

Tags

AWS Lambda Security AWS Account Management

Language

English

Jehan

asked 2 months ago173 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

If you are deploying a Lambda function to an account (yours or the customers) where your customer has permissions to access Lambda then they can view, update or execute the Lambda function in line with the permissions they have in that account. Accessing the source code is included in "view".

EXPERT

Brettski-AWS

answered 2 months ago

Jehan
2 months ago
There is no view in lambda if it's an image right? how can they view/ update the code there then?
Brettski-AWS EXPERT
2 months ago
To answer that question I'd need to know specifically what permissions the customer has and what you mean by "it's an image". Could you explain further in detail?
Jehan
2 months ago
Thank you for your input on the matter. To give you more information, the Customers have full access to their account (client account) where lambda is set up. But the lambda uses a docker image (https://docs.aws.amazon.com/lambda/latest/dg/images-create.html ) from another account (server account) where cross-account policies allowing actions: "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer".
Brettski-AWS EXPERT
2 months ago
If the image is download into a customer account then they have access to it.

Relevant content

Cross Account ECR Image Sharing
Avishka-Perera
asked a year ago
ECR Image Docker works locally but "The provided image is invalid" in Lambda
alan
asked 9 months ago
"Container image support for Lambda" pricing with ECR
Accepted Answer
R_Lai
asked 3 years ago
Will Lambda deployed from image pull the ECR image on every startup
amersaw
asked 2 years ago
How can I troubleshoot the “Lambda does not have permission to access the ECR image...” error for a Lambda function with a container image?
AWS OFFICIALUpdated a year ago
How do I share WorkSpaces images or BYOL images with other AWS accounts?
AWS OFFICIALUpdated 2 years ago
How do I use container images with Lambda?
AWS OFFICIALUpdated 2 years ago
How can I allow a secondary account to push or pull images in my Amazon ECR image repository?
AWS OFFICIALUpdated 2 years ago
How to use the AWS CLI to collect Cost Explorer Forecasting data per account for all accounts in an AWS Organization
EXPERT
Fernando_F
published 10 months ago
Why do I get an error "The snapshot is currently in use by AMI" when I try to delete an EBS snapshot, even though there is no AMI on the account?
EXPERT
dnyanesh-db
published 4 months ago