By using AWS re:Post, you agree to the Terms of Use

Is it safe to use plain Javascript for aws-sdk?

0

Hello guys, I wanna know one thing is it safe to use plain JavaScript for AWS integration, I mean without NodeJS or any server like putting AWS keys on that page and all stuff or is it compulsory to use NodeJS as a backend?

1 Answers
1
Accepted Answer

It is not a must to use Node.js as backend to store credentials. When setting credentials in a browser, make sure not to hard code credentials (e.g., access/secret keys for IAM users). Also, always grant the least privilege required for your task.

We do not recommend hard coding your AWS credentials in your scripts. Hard coding credentials poses a risk of exposing your access key ID and secret access key.

The recommended way to obtain AWS credentials for your browser scripts is to use the Amazon Cognito Identity credentials object, AWS.CognitoIdentityCredentials. Amazon Cognito enables authentication of users through third-party identity providers.

answered 22 days ago
  • Like I saw documentation of AWS Webpack can we use that and store all the credentials in .env file is it safe or not?, and with webpack we build bundle.js that way is secure?

  • You can store credentials that way and the instruction is provided here. But it's for Node.js. For front end code, again don't hard code credentials. Also, I am assuming you would use IAM user credentials there. Make sure to rotate credentials on a regular basis and secure access to the application server. If you are running that on an EC2 instance, you can simply attach an instance profile so there is no need to use long term (IAM user) credentials. It auto rotates credentials for an IAM role (short-term credentials).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions