Yes you are absolutely right. Exposing them in frontend is surely a bad idea. Here is the security measures you can take.... You can restrict the permissions attached to that particular IAM user and… - Mohammad Faisal - Medium

I am very new to AWS, but I have a question.

Srinivas

Mohammad Faisal

Feb 17, 2021

--

Yes you are absolutely right. Exposing them in frontend is surely a bad idea.

Here is the security measures you can take....

You can restrict the permissions attached to that particular IAM user and prevent from doing anything other than accessing S3

Then you can update the CORS policy and allow only your trusted domain from which your application will access S3.

So even if someone gets the accessKey and secretkey they will not be able to do anything fishy.

Mohammad Faisal

Written by Mohammad Faisal

Software Engineer | ReactJS | NodeJS | AWS - https://www.mohammadfaisal.dev/

Recommended from Medium

JSON is incredibly slow: Here’s What’s Faster!

Vaishnav Manoj
in
DataX Journal

JSON is incredibly slow: Here’s What’s Faster!

Unlocking the Need for Speed: Optimizing JSON Performance for Lightning-Fast Apps and Finding Alternatives to it!

16 min readSep 28

--

124

My favorite coding question to give candidates

Carlos Arguelles

My favorite coding question to give candidates

A coding question, from the viewpoint of an Google/Amazon/Microsoft interviewer

11 min readNov 12

--

47

Lists

Staff Picks

516 stories473 saves

Stories to Help You Level-Up at Work

19 stories328 saves

Self-Improvement 101

20 stories958 saves

Productivity 101

20 stories867 saves

I Found A Very Profitable AI Side Hustle

Paul Rose

I Found A Very Profitable AI Side Hustle

And it’s perfect for beginners

6 min readOct 18

--

201

NASA Just Shut Down Quantum Computer After Something Insane Happened!

The Pareto Investor

NASA Just Shut Down Quantum Computer After Something Insane Happened!

Houston, We Have a Problem!

3 min readNov 9

--

142

Awesome Terminal Applications

Mohammad Faisal
in
Level Up Coding

Awesome Terminal Applications

Sharpen the axe before you cut the wood.

4 min readNov 13

--

21

The ChatGPT Hype Is Over — Now Watch How Google Will Kill ChatGPT.

AL Anany

The ChatGPT Hype Is Over — Now Watch How Google Will Kill ChatGPT.

It never happens instantly. The business game is longer than you know.

6 min readSep 1

--

600

See more recommendations

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams