How to secure Front-End message pushing into AWS SQS

Question

An ajax call can be made to push message to SQS from front end browser facing app directly without any interaction of server based backend. example using below API call

https://sqs.us-east-2.amazonaws.com/123456789012/TestQueue/?Action=SendMessage&MessageBody=This+is+a+test+message

How to secure this API call, because even if the user is authenticated on the Front End app, this End point(SQS API) can be grabbed and used for false messaging by anyone who has this end point. Is there a way to secure it or there need to be a server based backend between Browser and SQS where an authentication mechanism can be accomplished.??

score 1 · Accepted Answer · answered Sep 08 '22 at 07:10

1

Often you would use AWS HTTP API in-front of your SQS. HTTP API has build in support for SQS integration. For more versitle solution you would put AWS REST API (not HTTP API) in front of your SQS. This gives you much more options, such as throttling support for excessive requests.

answered Sep 08 '22 at 07:10

Marcin

215,873
14
235
294

1

Thanks.proxy approach makes sense. – engg Sep 08 '22 at 16:31

How to secure Front-End message pushing into AWS SQS

1 Answers1