It shows how to generate and use temparary security credential using AWS STS.

Overview

AWS STS를 이용한 Temparary security credential 활용하기

Lambda의 Function URL와 같이 IAM을 이용하여 REST api를 호출할때는 보안상 Temparary security credential를 고려해 볼 수 있습니다. 여기에서는 AWS CLI 또는 Amazon Lambda를 이용해 Temparary security credential을 생성하여 Lambda Function URL을 호출할때 사용하고, Crypto와 AWS SDK를 이용해 REST API로 S3를 호출하는 예제를 제공합니다.

Temporary security credential

AWS Security Token Service (AWS STS) creates and provides trusted users with temporary security credentials that can control access to your AWS resources. Temporary security credentials work almost identically to the long-term access key credentials that your IAM users can use, with the following differences:

Temporary security credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, AWS no longer recognizes them or allows any kind of access from API requests made with them.

Temporary security credentials are not stored with the user but are generated dynamically and provided to the user when requested. When (or even before) the temporary security credentials expire, the user can request new credentials, as long as the user requesting them still has permissions to do so.

AWS CLI를 이용한 Temparary security credential 생성하기

AWS CLI를 이용한 temparary secruity credential에서는 AWS CLI를 이용한 temparary security creential을 생성하는 방법을 설명합니다.

Lambda 를 이용하여 Temparary security credential 생성하기

lambda-for-sts에서는 lambda를 이용하여 STS에 접속해, temparary security credential를 얻어오는 과정을 설명합니다.

Temparary security credential로 Lambda Function URL 호출하기

Temparary Security credential 을 이용하여 Lambda Function URL 접속에 따라 Lambda Function URL로 Temparary security credential을 이용해 API를 호출 할 수 있습니다.

AWS REST API Authentication

Lambda에서 Crypto 이용하여 S3 파일 리스트 확인

Crypto를 이용한 AWS REST API Authentication와 같이 Signing AWS requests with Signature Version 4을 이용하여 S3에 저장된 파일 정보를 읽어 올 수 있습니다.

Lambda에서 AWS SDK를 이용하여 S3 파일 리스트 확인

AWS SDK를 이용한 AWS REST API Authentification와 같이 AWS SDK를 이용하여 S3에 저장된 파일정보를 읽어 올 수 있습니다. Lambda는 Temparary security credential을 Environment variable로 사용하므로 별도 구현없이 AWS SDK 안전하게 REST API를 호출 할 수 있습니다.

Node.JS Client에서 Temparary security credential를 이용하여 S3 파일 리스트 확인

Node.JS로 된 독립된 Client가 Temparary security credential을 이용하여 S3에 있는 파일 리스트를 확인 합니다.

Node.JS Client에서 Temparary security credential를 이용하여 Lambda Function URL에 요청

Node.JS로 된 독립된 Client가 Temparary security credential을 이용하여 Lambda Funtion URL에 접속을 요청하고 응답을 확인 할 수 있습니다.

Reference

Temporary security credentials in IAM

You might also like...

A serverless AWS expense tracker API. AWS Lambda functions, API gateway, and Dynamodb are among the ingredients.

AWS-Serverless-API A serverless AWS expense tracker API. AWS Lambda functions API gateway Dynamodb Endpoints Create a new expense: Method: POST Body f

Jul 16, 2022

A monorepo that uses the AWS Cloud Development Kit to deploy and configure nanomdm on AWS lambda.

NanoMDM on AWS This repo builds and configures a nanomdm server to run on AWS lambda. It uses the Cloud Development Kit and tries to follow best pract

May 26, 2022

Lumos is an AWS Lambda visualizer and open source alternative to AWS CloudWatch.

Lumos is an AWS Lambda visualizer and open source alternative to AWS CloudWatch.

Lumos Lambda Metrics Visualizer Table of Contents About Lumos Techologies Used Getting Started Key Lambda Metrics How to Contribute License Contributo

Nov 5, 2022

An Amazon Kendra REST API CDK example with an API Gateway, including authentication with AWS Cognito and AWS X-Ray Tracing

An Amazon Kendra REST API CDK example with an API Gateway, including authentication with AWS Cognito and AWS X-Ray Tracing

Amazon Kendra Web Service CDK Sample Amazon Kendra has a robust JSON API for use with the AWS SDK (software development kit), but does not expose endp

Nov 28, 2022

Everynode allows you to run any version of Node.js in AWS Lambda, in any commercial AWS region

Everynode allows you to run any version of Node.js in AWS Lambda, in any commercial AWS region

Run Any Node.js Version in AWS Lambda Everynode allows you to run any version of Node.js in AWS Lambda, in any commercial AWS region. We add support f

Dec 15, 2022

Deploy an Architect project from GitHub Actions with keys gathered from aws-actions/configure-aws-credentials

Deploy an Architect project from GitHub Actions with keys gathered from a specific AWS IAM Role federated by an IAM OIDCProvider. CloudFormation to cr

Apr 6, 2022

a stack-separated way to bringing together common AWS services useful in a fullstack application that uses AWS Amplify libraries

Fullstack CDK Helpers This project helps developers create common AWS services that are useful in creating fullstack applications. Backend services ar

Nov 26, 2022

A quick and easy to use security reconnaissance webapp tool, does OSINT, analysis and red-teaming in both passive and active mode. Written in nodeJS and Electron.

A quick and easy to use security reconnaissance webapp tool, does OSINT, analysis and red-teaming in both passive and active mode. Written in nodeJS and Electron.

ᵔᴥᵔ RedJoust A quick and easy to use security reconnaissance webapp tool, does OSINT, analysis and red-teaming in both passive and active mode. Writte

Oct 31, 2022

A demonstration app for Fresh that shows how to use SSR, the islands functionality, APIs and more

Fresh Pokemon Demo Code This is a demonstration app for Fresh that shows how to use SSR, the islands functionality, APIs and more. You do need to conn

Dec 18, 2022
Owner
John Park
Software Engineer
John Park
Under the Sea is an official AWS workshop delivered by AWS SAs and AWS Partners to help customers and partners to learn about AIOps with serverless architectures on AWS.

Under the Sea - AIOps with Serverless Workshop Under the Sea is an exciting MMORPG developed by the famous entrepreneur behind Wild Rydes, the most po

AWS Samples 4 Nov 16, 2022
Learn Web 2.0 and Web 3.0 Development using Next.js, Typescript, AWS CDK, AWS Serverless, Ethereum and AWS Aurora Serverless

Learn Web 2.0 Cloud and Web 3.0 Development in Baby Steps In this course repo we will learn Web 2.0 cloud development using the latest state of the ar

Panacloud Multi-Cloud Internet-Scale Modern Global Apps 89 Jan 3, 2023
MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are still part of a flow in the AWS cloud remote.

MerLoc MerLoc is a live AWS Lambda function development and debugging tool. MerLoc allows you to run AWS Lambda functions on your local while they are

Thundra 165 Dec 21, 2022
AWS Lambda & Serverless - Developer Guide with Hands-on Labs. Develop thousands line of aws lambda functions interact to aws serverless services with real-world hands-on labs

AWS Lambda & Serverless - Developer Guide with Hands-on Labs UDEMY COURSE WITH DISCOUNTED - Step by Step Development of this Repository -> https://www

awsrun 35 Dec 17, 2022
LunaSec - Open Source Security Software built by Security Engineers. Scan your dependencies for Log4Shell, or add Data Tokenization to prevent data leaks. Try our live Tokenizer demo: https://app.lunasec.dev

Our Software We're a team of Security Engineers on a mission to make awesome Open Source Application Security tooling. It all lives in this repo. Here

LunaSec 1.2k Jan 7, 2023
The open-source security lake platform for AWS

The open-source security lake platform for AWS. Website | Docs | Community What is Matano? Matano is an open source security lake platform for AWS. It

Matano 586 Jan 3, 2023
In this project we made a Tv shows webpage where you can like or comment the different shows.

JS Capstone Project In this project we made a Tv shows webpage where you can like or comment the differents shows. Built With HTML CSS JavaScript Lint

Lucas Bonnefon 4 Mar 16, 2022
TV Shows Web App - A web application based on an external API which contains information about TV shows

TV Shows Web App - A web application based on an external API which contains information about TV shows. th web app let you like the shows that you like the most and comment what you think about them making use of an involvement API to save this interaction information.

Williams Colmenares 14 Dec 17, 2022
TV Shows Web App - A web application based on an external API which contains information about TV shows

TV Shows Web App - A web application based on an external API which contains information about TV shows. th web app let you like the shows that you like the most and comment what you think about them making use of an involvement API to save this interaction information.

Williams Colmenares 14 Dec 17, 2022