To view lambda image source code

Hello, I have two AWS accounts where in the server account ecr I store the container image and in the client account, I use this image for a lambda. Assuming the client has full access only to the client account, does the client have access to the image (maybe after doing some manipulation to the lambda config/ setting) so that somehow he can access the source code?

主題

無伺服器運算 AWS Well-Architected Framework 管理與治理

標籤

AWS Lambda 安全性 AWS Account Management

語言

English

Jehan

已提問 3 個月前檢視次數 187 次

1 個回答

最新
最多得票
最多評論

這些答案是否有幫助？支持正確答案，以幫助社區從您的知識中受益。

If you are deploying a Lambda function to an account (yours or the customers) where your customer has permissions to access Lambda then they can view, update or execute the Lambda function in line with the permissions they have in that account. Accessing the source code is included in "view".

專家

Brettski-AWS

已回答 3 個月前

Jehan
3 個月前
There is no view in lambda if it's an image right? how can they view/ update the code there then?
Brettski-AWS 專家
3 個月前
To answer that question I'd need to know specifically what permissions the customer has and what you mean by "it's an image". Could you explain further in detail?
Jehan
3 個月前
Thank you for your input on the matter. To give you more information, the Customers have full access to their account (client account) where lambda is set up. But the lambda uses a docker image (https://docs.aws.amazon.com/lambda/latest/dg/images-create.html ) from another account (server account) where cross-account policies allowing actions: "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer".
Brettski-AWS 專家
3 個月前
If the image is download into a customer account then they have access to it.

To view lambda image source code

相關內容