How to hide code in AWS Lambda function?
I have created AWS Lambda functions using CI/CD through GitHub+CodePipeline+CloudFormation but my code is visible in AWS Lambda console but I want to hide it. Because I don't want anyone to make changes in my function and that's the reason for which I have implemented it by CI/CD.
I want my code to show in this way like
- Newest
- Most votes
- Most comments
Hello.
This is not recommended because the size of the Lambda function must be at least 3 MB to display the same as the image.
https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html
Therefore, I think it is a good idea to control Lambda functions using IAM policies so that IAM users cannot update them.
I think it would be better to control the IAM user policy to deny "UpdateFunctionCode".
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html
You could make most of your code not directly visible in the console by abstracting it into a Lambda Layer, which also help you with code reuse by allowing you share code/libraries between lambda functions
However this is really just security through obscurity, so you would still need to implement an IAM policy to limit access.
There is a way to hide environment variables for lambdas: https://repost.aws/knowledge-center/lambda-environment-variables-iam-access
But to hide lambda code you will you probably need to place them in separate account and manage access to it.
Another mechanism is to provide an SCP which doesn’t hide the code but does not allow a user to update the code. A good video here: https://youtu.be/FqGzuh7jCAo?feature=shared
Relevant content
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
My lambda size is greater than 3 MB (5.65MB) but it's visible.