Reputation: 126
AWS serverless and javascript - is it secure?
So I am digging into the 'serverless' architecture and after going over a tutorial about angular as front-end and nodejs lambdas available by an API I am not sure if it is secure at all. The angular website that I did makes calls to AWS api which is linked to lambda function. Because it is angular and it is visible to the client's browser, important secret keys such as - AWSCognito.config.update({accessKeyId: 'something', secretAccessKey: 'something'}); can be seen.
When creating those keys, AWS lets you see them once and then hides the secretAccessKey so I guess it is not quite reasonable to leave it in a js file? I am still learning the fundamentals of AWS so let me know what do you think and what is the best solution, thanks!
Upvotes: 1
Views: 67
Answers (1)
Reputation: 943979
Because it is javascript and it is all visible to the client
That isn't true.
JavaScript is a programming language.
JavaScript you send to the browser to run on the browser is visible to the owner of the browser. You seem to be conflating this with "All JavaScript".
JavaScript you send to AWS to run on AWS is not visible to the owner of the browser.
Upvotes: 4
Related Questions
- serverless s3 AccessDenied
- AWS simple serverless architecture recomendation
- Is Amazon serverless really serverless? Where to store API keys
- Secure access directly from web app to amazon s3?
- AWS ServerLess Web App Example
- Can we use plugins like Helmet.js and body-parser to secure a serverless function? If not, any alternatives?
- Is my server-side content safe?
- Serving content from S3 securely
- Correct Usage of Amazon Web Services S3 for Server - Side Scripting
- Pure Javascript app + Amazon S3?