I am working on building a Kinesis video stream and for that purpose, I need to define my AWS Key and Secret in source code, as you can see the official demo here by awslabs https://awslabs.github.io/amazon-kinesis-video-streams-webrtc-sdk-js/examples/
I would not like to paste my original AWS key and secret in source code, so can I use temporary credentials there?
Suppose, a user opens source code of web page and sees that Temporary AWS credentials, now what actions they can perform? Can they perform all actions as normal AWS credentials perform?
If a user can see the IAM credentials (whether temporary or permanent) then yes they can perform the actions that are allowed via policies for those credentials.
You can of course use temporary credentials, in fact you could create a Cognito user with an unauthenticated user to generate these temporary credentials when they are needed. Just ensure they're locked down to the minimal permissions needed to reduce blast radius.