Lambda Functions and Layers - Security Overview of AWS Lambda

Lambda Functions and Layers

With Lambda, you can run code virtually with zero administration of the underlying infrastructure. You are responsible only for the code that you provide Lambda, and the configuration of how Lambda runs that code on your behalf. Today, Lambda supports two types of code resources: Functions and Layers.

A function is a resource which can be invoked to run your code in Lambda Functions can include a common, or shared, resource called Layers. Layers can be used to share common code or data across different functions or AWS accounts. You are responsible for the management of all the code contained within your functions or layers. When Lambda receives the function or layer code from a customer, Lambda protects access to it by encrypting it at-rest using AWS Key Management Service (AWS KMS) and in-transit by using TLS 1.2+.

You can manage access to your functions and layers through AWS Lambda policies, or through resource-based permissions. For a full list of supported IAM features on IAM, see AWS Services that work with IAM.

You can also control the entire lifecycle of your functions and layers through Lambda's control plane APIs. For example, you can choose to delete your function by calling DeleteFunction, or revoke permissions from another account by calling RemovePermission.