Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Lambda: Is it secure to store data on AWS Lambda local Disk?

Tags:

amazon-web-services

amazon-s3

aws-lambda

I have following basic security related questions regarding AWS Lambda service:

  1. Where does AWS Lambda store data if for example I try to store data on local disk?
  2. Is is possible to encrypt the data on Lambda?

Thanks

like image 767
obaid Avatar asked Feb 03 '16 16:02

obaid

People also ask

Is Lambda storage encrypted?

Lambda always encrypts files that you upload to Lambda, including deployment packages and layer archives. Amazon CloudWatch Logs and AWS X-Ray also encrypt data by default, and can be configured to use a customer managed key.

Can we store data in AWS Lambda?

Today, we are announcing that AWS Lambda now allows you to configure ephemeral storage ( /tmp ) between 512 MB and 10,240 MB. You can now control the amount of ephemeral storage a function gets for reading or writing data, allowing you to use AWS Lambda for ETL jobs, ML inference, or other data-intensive workloads.

What is the best way to store the data used across multiple Lambda functions?

Amazon EFS for Lambda Amazon EFS is a fully managed, elastic, shared file system that integrates with other AWS services. It is durable storage option that offers high availability. You can now mount EFS volumes in Lambda functions, which makes it simpler to share data across invocations.

2 Answers

One important sidenote to the /tmp of Lambda functions is that the Lambda function containers are re-used and scratch space is not always erased. If an invocation uses a container that was spun up because of a previous invocation (this happens if you execute a few Lambda function in quick succession), the scratch space is shared.

This screwed up a functionality for me once.

like image 56
Luc Hendriks Avatar answered Oct 16 '22 07:10

Luc Hendriks

I store temporary data in my lambda function, never had any issue.

  • Store your data in /tmp, you may not have access to other dirs
  • The temporary data - as the name indicates - is available only for that invocation of lambda
  • If the data is sensitive, encrypt it (if the encryption libraries are not provided by default for that language, make sure you package the library)
like image 20
helloV Avatar answered Oct 16 '22 07:10

helloV
Sign in to Comment

Related questions

Method PUT is not allowed by Access-Control-Allow-Methods in preflight response, from AWS API Gateway
How to set the password of a cognito user as the admin?
GUI in Amazon EC2 Linux instance
Extra folder appended to my web root on AWS
Amazon SNS For Apple - Error loading apple credentials from file
Change S3 Bucket Storage class to S3 Infrequent Access
Webpack and AWS Lambda issue - handler missing on module
Passing NODE_ENV to docker to run package.json scripts
Method of finding instances attached to ELB
Optional secondary indexes in DynamoDB
script to download file from Amazon S3 bucket
Amazon CloudWatchLogs putLogEvents in PHP gives error tooOldLogEventEndIndex
Configure DynamoDB stream trigger with insert only
AWS Route 53 integration with Cloudfront error (403)
Terraform error - RDS Cluster FinalSnapshotIdentifier is required when a final snapshot is required
redis-cli connection to Amazon ElastiCache Redis cluster hangs up
AWS - Accessing instances in private subnet using EIP
Renaming a file with Amazon S3 PHP SDK
How to select a file from aws s3 by using wild character
Uploading Base64 encoded image to Amazon s3 using java

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!