Can I store temporary AWS Credentials (Key, Secret, and sessionToken) obtained from AWS STS service in Javascript source code?

Question

I am working on building a Kinesis video stream and for that purpose, I need to define my AWS Key and Secret in source code, as you can see the official demo here by awslabs https://awslabs.github.io/amazon-kinesis-video-streams-webrtc-sdk-js/examples/

I would not like to paste my original AWS key and secret in source code, so can I use temporary credentials there?

Suppose, a user opens source code of web page and sees that Temporary AWS credentials, now what actions they can perform? Can they perform all actions as normal AWS credentials perform?

score 1 · Accepted Answer · answered Aug 15 '20 at 07:13

If a user can see the IAM credentials (whether temporary or permanent) then yes they can perform the actions that are allowed via policies for those credentials.

You can of course use temporary credentials, in fact you could create a Cognito user with an unauthenticated user to generate these temporary credentials when they are needed. Just ensure they're locked down to the minimal permissions needed to reduce blast radius.

Can I store temporary AWS Credentials (Key, Secret, and sessionToken) obtained from AWS STS service in Javascript source code?

1 Answers1