AWS Lambda billing control when PR raised by the evil-minded

I am developing apache incubator nemo, and we are hoping to include tests for AWS lambda function recently.

As far as I’m concerned, CI tests covering Lambda function invocation means every PR raise/update goes to your bill.

Especially we can’t deny when evil minded ones can raise a PR which invokes AWS services with hardly any limits.

How do you solve this problem? What about we introduce some limits on that?

What is your goal here? Do you want to accept PRs from the general public or not? Do you want them to be subject to the usual checks?

Also: how are your app and the “AWS lambda function” related? AFAICS, it’s effectively an external service as far as the app is concerned. Does a request to it require some kind of authentication for you to be billed?

I don’t know your setup, but if AWS Lambda is set up as a deployment target, PR builds will not trigger deployments.