Hide Aws Lambda function inline code

3
votes

I have created a AWS lambda function and uploaded zipped version of .py file from my local machine using "upload Zip file" option.But when the lambda function is invoked the code is visible on the inline editor.I dont want code to be visible on inline editor as it gives a chance to someone to edit the code..

Please suggest!!

2
amazon-web-servicesaws-lambda
What exactly is your concern? Is it that somebody with access to your AWS account could modify the code? If that's the case, then "hiding" it would not solve the problem - anybody with access to your account would be able to download it, modify it and re-upload it. If that's not your concern, could you please explain a bit better what exactly it is?Bruno Reis
@Bruno Reis I'll upload zip in s3 and restrict access to bucket..but when lambda is triggered code is getting visible in inline editor..shiv455
The "inline editor" -- you are talking about the editor in the AWS console? If yes, then it does not make sense that you consider this to be a problem. If no, then please explain what the "inline editor" is.Michael - sqlbot
Other users of your account will only be able to see the code if they have IAM privileges to do so. If you can't control those or don't want anyone else to be able to see your code, use your own account.Karen B

2 Answers

3
votes

The code for Lambda functions will always be available to either edit in the inline editor or download (Actions > Download function code).

I'm assuming your concern might be secrets or credentials that might be present in the code, then the issue here isn't that the code is readable or downloadable from the console but that you're not sufficiently protecting them. Take a look at the following question on Stack Overflow which answers this: How to (properly) use external credentials in an AWS Lambda function?

You can still restrict access to Lambda for other IAM users in your AWS account with an access policy statement like this:

{
  "Action": "lambda:*",
  "Effect": "Deny",
  "Resource": "arn:aws:lambda:<region>:<account>:*"
}

Or be more specific if you simply want do deny access to listing and displaying Lambda functions with lambda:GetFunction, lambda:GetFunctionConfiguration.

-2
votes

Maybe late here, but I faced this same problem.

What Worked for me :

  • Increased the size of the ZIP to >10MB (You can add any extra directory to the zip if code doesn't sum up to 10 MB).
  • Zipped the files and kept the index.js (for node runtime, you may use .py) in the root directory.
  • Uploaded file on S3 (direct uploading your ZIP also works).

On Saving the Function you will see the following:

ⓘ The deployment package of your Lambda function "function_name" is too large to enable inline code editing. However, you can still invoke your function right now.

Only concern is, it may add up to your S3 bills (~10 MB).