I have some lambda functions which uses some environment variables. I understand that we can use AWS KMS to encrypt them and then from AWS console they will not be visible.
In my case using KMS is not possible so I was wondering if there is some other way, probably by restricting at IAM level so that a user should not see env variables.
I have already tried removing GetFunction
and GetFunctionConfiguration
from policy. It works but the problem is, user is not able to see other things because now GetFunctionConfiguration
is not allowed.
Is there any fine grain permission setting which can only hide env variables from the AWS Lambda console?
Thanks in advance.