By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How to hide code in AWS Lambda function?

0

I have created AWS Lambda functions using CI/CD through GitHub+CodePipeline+CloudFormation but my code is visible in AWS Lambda console but I want to hide it. Because I don't want anyone to make changes in my function and that's the reason for which I have implemented it by CI/CD. I want my code to show in this way like Enter image description here

3 Answers
4

Hello.

This is not recommended because the size of the Lambda function must be at least 3 MB to display the same as the image.
https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html

Therefore, I think it is a good idea to control Lambda functions using IAM policies so that IAM users cannot update them.
I think it would be better to control the IAM user policy to deny "UpdateFunctionCode".
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html

profile picture
EXPERT
answered a year ago
profile picture
EXPERT
reviewed a year ago
  • My lambda size is greater than 3 MB (5.65MB) but it's visible.

0

You could make most of your code not directly visible in the console by abstracting it into a Lambda Layer, which also help you with code reuse by allowing you share code/libraries between lambda functions

However this is really just security through obscurity, so you would still need to implement an IAM policy to limit access.

AWS
answered a year ago
profile picture
EXPERT
reviewed a year ago
profile picture
EXPERT
reviewed a year ago
0

There is a way to hide environment variables for lambdas: https://repost.aws/knowledge-center/lambda-environment-variables-iam-access

But to hide lambda code you will you probably need to place them in separate account and manage access to it.

Another mechanism is to provide an SCP which doesn’t hide the code but does not allow a user to update the code. A good video here: https://youtu.be/FqGzuh7jCAo?feature=shared

profile picture
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions