Reputation: 503
Allow Lambda execution only by another Lambda
I've got the following problem: I've written a Lambda function which should not be called by an API Gateway, Kinesis Firehose Transformation and so on.
The only way how this Lambda should be called is by another Lambda function.
How can i restrict this access?
Best regards
Upvotes: 1
Views: 348
Answers (1)
Reputation: 269101
It isn't really a matter of "restricting access", it's really a matter of "not allowing" access in the first place.
By default, all users, functions etc have no permissions. For a user or service to call a Lambda function, it must be explicitly given that permission. So... don't give anything that permission!
"But," you say, "I'm granting lambda:invoke on Resource: * to all my users!"
Well, that's not a very good idea, then!
If that's the case, it might be easiest to have the Lambda function check how it was invoked and exit if it is not how you want it to be called.
Alternatively, you'll have to change how you grant invoke permission to your users and services.
Upvotes: 4
Related Questions
- AWS Lambda - invoke restrictions
- Can I limit concurrent invocations of an AWS Lambda?
- How to restrict access to a lambda
- Restrict users from viewing Lambda function
- Isolate AWS lambda function
- aws - how to get one lambda to call another
- Control AWS Lambda concurrent execution with SNS
- Prevent AWS Lambda flooding
- How to allow invoking an AWS Lambda function only from EC2 instances inside a VPC
- Lambda execution role