Is it safe to use plain Javascript for aws-sdk?

Question

Hello guys, I wanna know one thing is it safe to use plain JavaScript for AWS integration, I mean without NodeJS or any server like putting AWS keys on that page and all stuff or is it compulsory to use NodeJS as a backend?

Accepted Answer

It is not a must to use Node.js as backend to store credentials. When setting credentials in a browser, make sure not to hard code credentials (e.g., access/secret keys for IAM users). Also, always grant the least privilege required for your task.
> We do not recommend hard coding your AWS credentials in your scripts. Hard coding credentials poses a risk of exposing your access key ID and secret access key.
- [Setting Credentials in a Web Browser](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-browser.html)
> The recommended way to obtain AWS credentials for your browser scripts is to use the Amazon Cognito Identity credentials object, AWS.CognitoIdentityCredentials. Amazon Cognito enables authentication of users through third-party identity providers.

- [Using Amazon Cognito Identity to Authenticate Users](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-browser-credentials-cognito.html)

Is it safe to use plain Javascript for aws-sdk?

Relevant questions

How to use AWS Tranlsation if I only have plain text, not CSV, not Memory files?

Javascript as a Game client for a Gamelift Server

Is it really supported to use alerting on "AWS Elasticsearch"?

Is it safe to share Signed Url of s3 content specifically for images which has AWSAccessKeyId and signature on it ?

Amazon Workspaces (Windows) : Is it possibile to use Google G Suite IdP for SSO ?

NodeJs server SDK

Using AWS Textract with Javascript SDK in a browser

Is it possible to use AWS RDS SQL Server as an AAG target from on premise primary?