Mastodon
Mohammad Faisal

Feb 17, 2021

1 min read
I am very new to AWS, but I have a question.
11
2

Srinivas

Yes you are absolutely right. Exposing them in frontend is surely a bad idea.

Here is the security measures you can take....

You can restrict the permissions attached to that particular IAM user and prevent from doing anything other than accessing S3

Then you can update the CORS policy and allow only your trusted domain from which your application will access S3.

So even if someone gets the accessKey and secretkey they will not be able to do anything fishy.

More from Mohammad Faisal

Software Engineer | ReactJS | NodeJS | AWS - https://www.mohammadfaisal.dev/

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohammad Faisal

Mohammad Faisal

3.9K Followers

Software Engineer | ReactJS | NodeJS | AWS - https://www.mohammadfaisal.dev/

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech