Building Security Conscious Video Streaming Infrastructure on AWS, Lesson 1: Don't Hardcode Security Credentials

In my time at AWS I have observed some of the security challenges that customers face when building workflows and growing their businesses, so the lessons that I will put forth are real-world, and timely. There will be five installments in this series and although AWS Media Services are the focus of these lessons learned, I think it is important to take a wholistic view when looking at designing a security conscious streaming video workflow. In this series, we will touch on suggested best practices related to developer tools, storage, content delivery, monitoring and alarms, automating responses to events, billing, and we will finish up with the AWS Well Architected Framework. It's not just one thing that will keep your infrastructure (and business) safe; but, a collection of services and best practices, working together. So, let's get started with Lesson 1, for this week.

Lesson 1: Don't Hardcode Security Credentials

Avoid embedding streaming service security credentials in your project code. Even a single oversight can have repercussions, especially if you lose track of your GIT repository's branches. Instead, use AWS Secrets Manager to safeguard your credentials, granting access only to authorized users or services. This keeps your secrets intact while enabling swift development.

Code from AWS SDK for JavaScript v3

Secrets Manager Documentation

I hope this information helps keep your code safe in your day to day development routine. I have attached the documentation for AWS Secrets Manger, as well as links to sample code, and the AWS Software Development Kit (AWS SDK) for your review. Now, let me throw in a qualifier - there are many AWS services you can use to build security conscious architecture, and when you look into AWS Secrets Manager, you will see many related services that can be used in conjunction with Secrets Manager. My point is that if customers use, at the very least, the services mentioned in this series, they could provide a very meaningful level of protection for their services. I encourage everyone reading this document to dive deep and explore all the options available.

I will come back soon and debut the next installment of our series, "Protect Your Buckets."