I'm working with multiple microservices on AWS, some deployed with Lambda and others in ECS clusters, and I've been able to share environment variables seamlessly. Now, I need access to just two of these environment variables from my frontend applications, but I'm running into some challenges. Using the AWS SDK directly exposes the values in the browser's network tab, which isn't secure. I could set up pipelines to manage these variables, but that would require constant redeployment with CircleCI every time a variable changes, and I really want to avoid that. I'm looking for a more efficient and secure way to achieve this. Any suggestions would be greatly appreciated!
2 Answers
If you're using Next.js, consider resolving your parameters through a server action or API route. It can help keep them out of the client side. If that's not an option for you, another route is to set up an AWS Cognito identity pool for user authentication. This way, you can fetch the parameters securely without exposing IAM user credentials to the client.
You could also assign a role to your ECS task that has the required permissions to fetch the parameters. This way, the task can retrieve them directly without exposing anything to the client side.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads