How secure is using the /tmp directory in an AWS lambda?

It is somewhat safe to use /tmp in Lambda, meaning that your /tmp folder will not be shared with other AWS clients. At the same time:

1. There is no evidence that any disk space allocated for /tmp is actually wiped. Since AWS Lambda doesn't provide low-level block access to the underlying disk, it's safe enough, but not military-grade. RAM memory is wiped:

Lambda scrubs the memory before assigning it to an execution environment, which effectively guards against memory sharing between functions that belong to the same account and different customer accounts.

So for high-security applications, you might consider keeping your decrypted content in memory.

2. Keep in mind that /tmp is not recreated/cleared on each Lambda invocation. Quite the opposite, if your Lambda runs several times in a short period of time the invocations will run in the same context and /tmp content will be preserved. That's a feature, not a bug.

After a Lambda function is executed, AWS Lambda maintains the execution context for some time in anticipation of another Lambda function invocation.

Each execution context provides 512 MB of additional disk space in the /tmp directory. The directory content remains when the execution context is frozen, providing transient cache that can be used for multiple invocations. You can add extra code to check if the cache has the data that you stored.

If you really care about the security aspect of Lambda, I suggest you read Security Overview of AWS Lambda: An In-Depth Look at Lambda Security whitepaper.