- Newest
- Most votes
- Most comments
Hello.
This is not recommended because the size of the Lambda function must be at least 3 MB to display the same as the image.
https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html
Therefore, I think it is a good idea to control Lambda functions using IAM policies so that IAM users cannot update them.
I think it would be better to control the IAM user policy to deny "UpdateFunctionCode".
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html
You could make most of your code not directly visible in the console by abstracting it into a Lambda Layer, which also help you with code reuse by allowing you share code/libraries between lambda functions
However this is really just security through obscurity, so you would still need to implement an IAM policy to limit access.
There is a way to hide environment variables for lambdas: https://repost.aws/knowledge-center/lambda-environment-variables-iam-access
But to hide lambda code you will you probably need to place them in separate account and manage access to it.
Another mechanism is to provide an SCP which doesn’t hide the code but does not allow a user to update the code. A good video here: https://youtu.be/FqGzuh7jCAo?feature=shared
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
My lambda size is greater than 3 MB (5.65MB) but it's visible.