Is there a way in AWS to restrict other users from viewing a specific Lambda function? It seems like currently, if anyone creates a function it will allow everyone else to view them. Is there a way to essentially make them private?
Asked
Active
Viewed 740 times
2
-
@MarkoMackic what are you talking about? The question makes perfect sense. https://aws.amazon.com/lambda/ – Mark B Apr 27 '16 at 20:05
-
Ok :) Thanks for informing me :) I'll delete my previous comment :) – Marko Mackic Apr 27 '16 at 20:22
2 Answers
1
If you check the Lambda API permissions in the official documentation then you will see that you can not restrict Lambda ListFunctions API based on resource. And you can not specify conditions also when listing.
| Action | Resource | Condition |
|---|---|---|
| GetAccountSettings,ListFunctions,ListTags,TagResource,UntagResource | * | None |
But you can enhance security with checking this AWS Blog regarding granular access to Lambda functions https://aws.amazon.com/premiumsupport/knowledge-center/granular-access-lambda/
Burak Cansizoglu
- 156
- 2
0
I think it is not possible to restrict lambda:ListFunctions to only list some of the functions. However it is possible to deny a user access to a specific function by assigning him an IAM like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1461787276585",
"Action": [
"lambda:ListVersionsByFunction",
"lambda:ListAliases",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListEventSourceMappings",
"lambda:GetPolicy"
],
"Effect": "Deny",
"Resource": "<your-function-arn>"
}
]
}
birnbaum
- 4,718
- 28
- 37