This May be a stupid question, But is it safe to access AWS Secrets from my React front end app (Hosted on AWS Amplify) In this manner ?
These Secrets are obviously not intended to be public so I dont want to use Amplify Env Variables option.
If this is not the appropriate way of loading API Secrets and keys to a Front End Application, then what is ?
var AWS = require('aws-sdk'),
region = "us-east-2",
secretName = "MNTSWP",
secret,
decodedBinarySecret;
// Create a Secrets Manager client
var client = new AWS.SecretsManager({
region: region
});
client.getSecretValue({SecretId: secretName}, function(err, data) {
if (err) {
if (err.code === 'DecryptionFailureException')
throw err;
else if (err.code === 'InternalServiceErrorException')
throw err;
else if (err.code === 'InvalidParameterException')
throw err;
else if (err.code === 'InvalidRequestException')
throw err;
else if (err.code === 'ResourceNotFoundException')
throw err;
}
else {
if ('SecretString' in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, 'base64');
decodedBinarySecret = buff.toString('ascii');
}
}
// Your code goes here.
});
Because your front end runs in a web browser, because the code can easily be examined by moderately technical users, you cannot keep credentials (such as your AWS credentials) there safely. If you do that, not only are your secrets exposed, but your AWS credentials are exposed, and an attacker can do a lot of damage with those (and there are tools to scan for AWS keys).
Honestly there aren't really solid ways to protect credentials in a front-end application, so you can: