To view lambda image source code

Hello, I have two AWS accounts where in the server account ecr I store the container image and in the client account, I use this image for a lambda. Assuming the client has full access only to the client account, does the client have access to the image (maybe after doing some manipulation to the lambda config/ setting) so that somehow he can access the source code?

主题

无服务器计算 AWS 架构完善的框架管理与治理

标签

AWS Lambda 安全 AWS 账户管理

语言

English

Jehan

已提问 3 个月前188 查看次数

1 回答

最新
投票最多
评论最多

这些答案有用吗？为正确答案投票，以帮助社区从您的知识中受益。

If you are deploying a Lambda function to an account (yours or the customers) where your customer has permissions to access Lambda then they can view, update or execute the Lambda function in line with the permissions they have in that account. Accessing the source code is included in "view".

专家

Brettski-AWS

已回答 3 个月前

Jehan
3 个月前
There is no view in lambda if it's an image right? how can they view/ update the code there then?
Brettski-AWS 专家
3 个月前
To answer that question I'd need to know specifically what permissions the customer has and what you mean by "it's an image". Could you explain further in detail?
Jehan
3 个月前
Thank you for your input on the matter. To give you more information, the Customers have full access to their account (client account) where lambda is set up. But the lambda uses a docker image (https://docs.aws.amazon.com/lambda/latest/dg/images-create.html ) from another account (server account) where cross-account policies allowing actions: "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer".
Brettski-AWS 专家
3 个月前
If the image is download into a customer account then they have access to it.

To view lambda image source code

相关内容