@nemo yeah I suppose polling is the only real way to do that with lambdas. You have a 15 minute window, so there is plenty of time.
What's stopping someone from updating the lambda after the invocation and before it's verified though?
@me Good point - (thinking..) So you run a wrong copy, but incorrectly validate it as correct because the code was updated in the interim.
Could be guarded against by checking for any recent changes as untrustworthy perhaps. Only changes/configuration older than your invocation initiation should be valid. If it fails, we don't send the data.
@nemo if this is ultimately built on trusting AWS, then function versions are usually immutable
://docs.aws.amazon.com/lambda/lat
This could also be extended to docker image hashes too theoretically.
Edited 1y ago
@me I thought you could overwrite a given “revision”.
There isn’t a way to invoke a function via a specific immutable version or hash identifier afaik.
The challenge is to find the smallest AWS construction that would allow this. Docker forces ECR, which brings a bigger surface area, but definitely under consideration.
@nemo from their docs it _seems_ like you can't update the code for a given version number. It'll monotonically update the version with each code deployment. They have function alias which are named version, but those are separate (it seems)
Also each version has it's own ARN, so you can invoke a specific version of the function via aws's invoke API potentially.