如何防止开发者下载lambda函数? [英] How to prevent devs to download lambda function?

问题描述

我有一些lambda函数，通常我将对第三方开发人员的访问权限授予我的AWS账户.

I have some lambda functions and I usually grant access to thirds devs to my AWS account.

他们最终可以为工作或测试目的请求我的lambda函数，但我想阻止他们下载源代码.

They eventually can request my lambda functions for working or testing purposes but I want to prevent them to download the source code.

是否可以管理谁可以下载(或不下载)我的lambda文件?

Is there a way to manage who can download (or not) my lambda files ?

推荐答案

这将取决于他们如何测试lambda的细节.特别是lambda的配置方式以及用户的访问权限.通常，这里会出现3种情况:

This will come down to the specifics of how they test the lambda; specially, how your lambda is configured and the users access permissions. Typically there is 3 scenarios that could play out here:

1. 如果您具有未压缩的lambda，并且IAM用户获得了授予控制台管理访问权限，那么答案是否定的.没有没有阻止方法复制代码的方法.

1. If you have a non-zipped lambda and the IAM user is granted console management access then the answer is no. There is no method to prevent them copying the code.

如果您具有非压缩 lambda，并且仅 个用户提供了 Cli权限，那么您可以限制有权使用IAM以防止获取源代码.

If you have a non-zipped lambda and the user is only provided Cli permissions then you can restrict their right on IAM to prevent getting the source code.

如果具有压缩的lambda并将源代码保存在S3中，则您可以限制用户的IAM权限以防止下载lambda代码.这适用于具有控制台管理访问权限和/或 Cli访问权限的用户.

If you have a zipped lambda and save the source code resides in S3, then you can restrict IAM permissions on the user to prevent downloading the lambda code. This applies to both Users with Console Management access and/or Cli access.

注意:这里的一般经验法则是，如果他们看到可以复制的代码，则可以.这意味着他们很难测试"代码.如果他们是第三方，那么最好签订合同协议，以防止他们保留超出项目目的的任何代码副本.

这篇关于如何防止开发者下载lambda函数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！