Is there a way in AWS to restrict other users from viewing a specific Lambda function? It seems like currently, if anyone creates a function it will allow everyone else to view them. Is there a way to essentially make them private?
2
-
@MarkoMackic what are you talking about? The question makes perfect sense. aws.amazon.com/lambdaMark B– Mark B2016-04-27 20:05:24 +00:00Commented Apr 27, 2016 at 20:05
-
Ok :) Thanks for informing me :) I'll delete my previous comment :)Marko Mackic– Marko Mackic2016-04-27 20:22:34 +00:00Commented Apr 27, 2016 at 20:22
Add a comment
|
2 Answers
If you check the Lambda API permissions in the official documentation then you will see that you can not restrict Lambda ListFunctions API based on resource. And you can not specify conditions also when listing.
| Action | Resource | Condition |
|---|---|---|
| GetAccountSettings,ListFunctions,ListTags,TagResource,UntagResource | * | None |
But you can enhance security with checking this AWS Blog regarding granular access to Lambda functions https://aws.amazon.com/premiumsupport/knowledge-center/granular-access-lambda/
Comments
I think it is not possible to restrict lambda:ListFunctions to only list some of the functions. However it is possible to deny a user access to a specific function by assigning him an IAM like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1461787276585",
"Action": [
"lambda:ListVersionsByFunction",
"lambda:ListAliases",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListEventSourceMappings",
"lambda:GetPolicy"
],
"Effect": "Deny",
"Resource": "<your-function-arn>"
}
]
}
