All geek questions in one place

AWS Lambda: Is it safe to store data on an AWS Lambda local drive?

I have the following basic security issues related to AWS Lambda:

  • Where is AWS Lambda data stored if, for example, I'm trying to store data on a local drive?
  • Can I encrypt data on Lambda?

thanks

+5
source share
4 answers

One important side effect for the / tmp lambda functions is that the containers of the Lambda function are reused, and the scratch space is not always erased. If the call uses a container that was created due to a previous call (this happens if you execute several Lambda functions in quick succession), the scratched space is common.

This slightly changed the functionality for me.

+11
source

I store temporary data in my lambda function, never had a problem.

  • Save data in / tmp, you may not have access to other dirs
  • Temporary data - as the name indicates - is only available for this lambda call
  • If the data is sensitive, encrypt it (if encryption libraries are not provided by default for this language, make sure you pack the library)
+5
source

Files stored on local Lambda volumes should only be intended for temporary short-term storage and should not last longer than your only call to the Lambda function.

If you need to store data for a long time, use a database such as DynamoDB, or use Amazon S3.

If you must store data on a local volume, you can encrypt it, but you must do it yourself. Also note that the next time you call the function, the data is likely to disappear.

+3
source

If you are "protected" ask who will have access to data, then the answer will be anyone who can call lambda. If you β€œprotect” are also wondering if this is a durable storage, then the answer will be no. Lambda functions have access only to the /tmp ephemeral folder. There is no guarantee that two consecutive calls of the same lambda function will be executed on the same physical machine. However, if a function is called twice within a short period of time, it can be executed on the same computer, and then the file that was saved by the first call may be available for the second call. If you decide to use this temporary file storage, you should also know that there are some limitations on how much data can be saved.

+2
source

Source: https://habr.com/ru/post/1242218/

More articles:


All Articles