Single use execution environment with scoped credentials for on-demand code execution

What is claimed is: 1. A computer implemented method comprising: under control of a computer hardware processor configured with specific computer executable instructions, receiving, from a first computing device associated with a user profile, first code instructions for execution in an on-demand code execution system; receiving, from a second computing device associated with the user profile, a code-execution request to execute the first code instructions in the on-demand code execution system, the code-execution request associated with the user profile; generating a credential for the user profile, the credential authorizing access for a resource associated with the code-execution request; executing, in the on-demand code execution system, the first code instructions in a first execution environment on a virtual machine instance, wherein executing the first code instructions further comprises: requesting access to the resource using the credential, wherein requesting access to the resource further comprises: transmitting, to a data source, a data retrieval request for the resource, the data retrieval request comprising the credential; receiving access to the resource; and transmitting, to the data source, an update to the resource including the credential; and invalidating the credential, wherein invalidating the credential further comprises: designating, at the data source, that the credential is invalid for further use with the data source, wherein the credential is no longer valid for at least accessing the resource. 2. The computer implemented method of claim 1 , wherein the resource comprises a data item. 3. The computer implemented method of claim 2 , wherein the data item comprises at least one of a data object, a row in a database, or an entry in a key-value database. 4. The computer implemented method of claim 2 , wherein the code-execution request comprises data indicative of at least the resource, and wherein generating the credential further comprises: generating custom data for the resource based at least on the data indicative of the data item, the credential comprising the custom data. 5. A system comprising: a data storage medium; and one or more computer hardware processors in communication with the data storage medium, the one or more computer hardware processors configured to execute computer-executable instructions to at least: receive, from a first computing device associated with a first user profile, first code instructions for execution in an on-demand code execution system; receive, from a second computing device associated with the first user profile, a code-execution request to execute the first code instructions in the on-demand code execution system, the code-execution request associated with the first user profile; generate a first credential for the first user profile, the first credential authorizing access for a resource associated with the code-execution request; execute, in the on-demand code execution system, the first code instructions in a first execution environment on a virtual machine instance, wherein to execute the first code instructions, the one or more computer hardware processors is further configured to: request access to the resource using the first credential, wherein to request access to the resource, the one or more computer hardware processors is further configured to: transmit, to a data source, a data retrieval request for the resource, the data retrieval request comprising the first credential; receive access to the resource; and transmit, to the data source, an update to the resource including the first credential; and invalidate the first credential, wherein to invalidate the first credential, the one or more computer hardware processors is further configured to: designate, at the data source, that the first credential is invalid for further use with the data source. 6. The system of claim 5 , wherein the one or more computer hardware processors is further configured to: request, from a credential service, a second credential for a third-party service, wherein to execute the first code instructions, the one or more computer hardware processors is further configured to: transmit, to the third-party service, a command comprising the second credential. 7. The system of claim 6 , wherein the request for the second credential is for a second user profile different than the first user profile, and wherein the second credential provides permissions for the second user profile with the third-party service. 8. The system of claim 6 , wherein the second credential provides a single use of the third-party service. 9. The system of claim 5 , wherein to invalidate the first credential, the one or more computer hardware processors is further configured to: decrement a number of times the first credential can be used. 10. The system of claim 9 , wherein to decrement the number of times the first credential can be used, the one or more computer hardware processors is further configured to: update a policy associated with the first credential to reflect a decremented value for the number of times the first credential can be used. 11. A system comprising: a data storage medium; and one or more computer hardware processors in communication with the data storage medium, the one or more computer hardware processors configured to execute computer-executable instructions to at least: receive, from a first computing device associated with a user profile, first code instructions for execution in an on-demand code execution system; receive, from a second computing device associated with the user profile, a code-execution request to execute the first code instructions in the on-demand code execution system, the code-execution request associated with the user profile; generate a credential for a first resource associated with the code-execution request; execute, in the on-demand code execution system, the first code instructions in a first execution environment on a virtual machine instance, wherein to execute the first code instructions, the one or more computer hardware processors is further configured to: request access to the first resource using the credential, wherein to request access to the first resource, the one or more computer hardware processors is further configured to: transmit, to a data source, a data retrieval request for the first resource, the data retrieval request comprising the credential; receive access to the first resource; and transmit, to the data source, an update to the first resource including the credential; and invalidate the credential, wherein to invalidate the credential, the one or more computer hardware processors is further configured to: designate, at the data source, that the credential is invalid for further use with the data source, wherein the credential is no longer valid for at least accessing the first resource. 12. The system of claim 11 , wherein the first resource comprises at least one of a network connection or a network daemon. 13. The system of claim 11 , wherein the credential provides a permission for the first code instructions to update the first resource. 14. The system of claim 11 , wherein to generate the credential comprises, the one or more computer hardware processors is further configured to: generate a custom policy for the first resource, wherein the custom policy indicates that access to the first resource expires after execution of the code-execution request. 15. The system of claim 14 , wherein to generate the credential comprises, the one or more