bug: aws_lambda_functions stores functional presigned url

[getglad]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

aws_lambda_functions uses GetFunction under the hood. GetFunction returns a presigned URL that allows the bearer of the URL to download the functions source code for 10 minutes.

Relevant links below:

• https://www.cloudquery.io/docs/plugins/sources/aws/tables/aws_lambda_functions

• cloudquery/plugins/source/aws/resources/services/lambda/functions.go

  Line 99 in 5188adb

  funcResponse, err := svc.GetFunction(ctx, &lambda.GetFunctionInput{

• https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunction.html
• https://docs.aws.amazon.com/lambda/latest/dg/API_FunctionCodeLocation.html

Expected Behavior

CQ should remove this URL from the destination writing.

CloudQuery (redacted) config

N/A

Steps To Reproduce

1. Create a Lambda function with a code package (ie, the "Hello World" example will work for this example)
2. Have CQ write a aws_lambda_functions table against the account/region where the function exists
3. The value is a JSON blob - check value at aws_lambda_functions -> code -> Location
4. Within 10 minutes of CQ making the API call, make a GET request against the URL

CloudQuery (redacted) logs

There are no relevant logs

CloudQuery version

3.14.5

Additional Context

For what it is worth, GetLayerVersion and GetLayerVersionByArn have this behavior, but it does not appear CQ uses those calls.

Pull request (optional)

• I can submit a pull request