The policy only grants $keyUser access to the key, not the lambda itself. The lambda code still has to authenticate as $keyUser at some point. Where is that done?
Ok, that's what I thought. You don't really need the $keyUser statement. For using the key, it would probably be more portable to grant access to a role instead of a user anyway.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Nice work. The lambda doesn't seem to be using
keyUser
's credentials though? Does its service role have access to the key as well?Key access is given in lamdba policy.
The policy only grants
$keyUser
access to the key, not the lambda itself. The lambda code still has to authenticate as$keyUser
at some point. Where is that done?With that Policy, an inline policy for Lamdba is created and assigned to the execution role to have access to key. Lamdba doesn't use KeyUser.
Ok, that's what I thought. You don't really need the
$keyUser
statement. For using the key, it would probably be more portable to grant access to a role instead of a user anyway.