chore: revert ensure docker file runs as non root user (#33004)

Reverts #32976 After discussing with team, I'm going to revert the original PR. This is because we notice that CDK when bundling supports the following feature: https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_lambda_nodejs/ICommandHooks.html ``` beforeBundling: Commands in this hook run before the bundling process begins, outside the Docker container. These are executed on the local machine. beforeInstall: Commands in this hook run inside the Docker container before npm install or npm ci commands are executed. afterBundling: Commands in this hook run inside the Docker container after the bundling process completes. ``` This means that users can provide custom commands to run inside the docker container and we do not know what current users run. They could provide a command that require root access and this will be a regression once released.
aws · Jan 18, 2025 · 28067b0 · 28067b0
1 parent d8cd4bd
commit 28067b0
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 8 deletions.
diff --git a/packages/@aws-cdk/aws-lambda-go-alpha/lib/Dockerfile b/packages/@aws-cdk/aws-lambda-go-alpha/lib/Dockerfile
@@ -12,7 +12,4 @@ ENV GOPROXY=direct
 RUN mkdir $GOPATH && \
   chmod -R 777 $GOPATH
 
-# Switch to a non-root user
-USER nobody
-
 CMD [ "go" ]
diff --git a/packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile b/packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile
@@ -36,7 +36,4 @@ RUN \
 # Ensure no temporary files remain in the caches
     rm -rf /tmp/pip-cache/* /tmp/poetry-cache/*
 
-# Switch to a non-root user
-USER nobody    
-
 CMD [ "python" ]
diff --git a/packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile b/packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile
@@ -47,6 +47,4 @@ RUN mkdir /tmp/bun-cache && \
     chmod -R 777 /tmp/bun-cache && \
     echo -e "[install.cache]\ndir = \"/tmp/bun-cache\"\ndisable = true" >> /home/user/.bunfig.toml
 
-USER nobody
-
 CMD [ "esbuild" ]