Can I use "aws-toolkit for VSCode" to keep my credentials safely there while I am doing app development?

Question

I am working on a Flutter + Typescript-NodeJS application and I need to use Amazon S3 directly from inside my Flutter and also NodeJS code. What I am doing now is keeping my access and secret keys within a .env file inside my project but I think this is not the safest way to do it. So I researched and found out there is an extension for VSCode named AWS-Toolkit that gives you the access to work with your AWS server from inside the VSCode, but I couldn't find an example to see how can I use it for my specific "keeping my credentials safe" issue?

For example, how should I replace such a code that uses .env file:

const accessKeyId = process.env.AWS_ACCESS_KEY_ID
const secretAccessKey = process.env.AWS_SECRET_ACCESS_KEY

Answer 1

The AWS Toolkit for VSCode extension reads your AWS credentials from the same shared config and credentials files used by the AWS CLI.

The toolkit's debugging support for SAM applications allows access to the shared AWS credential profiles when debugging a Lambda function. The aws key in the launch.json debug configuration lets you configure which shared profile to use:

// launch.json
{
  "type": "aws-sam",
  "request": "direct-invoke",
  "name": "debug my great function",
  "invokeTarget": {
    "target": "code",
    "projectRoot": "${workspaceFolder}/path/to/lambda",
    "lambdaHandler": "func.handler"
  },
  "lambda": {
    "runtime": "nodejs18.x",
    "payload": { "json": { "foo": "bar" } },
    "environmentVariables": { "FOO_ENV": "bar-env" }
  },
  "aws": {
    "credentials": "profile:my-profile",
    "region": "us-east-1"
  },
},

As far as the client side goes, you should of course not expose AWS credentials to your app at all.