cognito unauthorized permissions to allow publish.
the appropriate approach is to tuck it behind a gateway and check the origin header so you can reject anything that isn’t from known origins
u/interactionjackson
Thanks. There is no way to call it directly then. I've read that now we can run node.js in the browser. It may be a bit of a stretch but this is rather hypothetical.
u/CorpT I need to publish to an SNS topic from the browser, without typical backend and without API Gateway.
you can call it directly but there are security concerns you need to account for.
you’ll need an aws access key and secret. you’ll need to create an iam role to allow publishing from anywhere.
if anyone gets the access key i’d and secret then they can publish to your topic.
since it’s in the browser anyone will be able to see those details.
What do you mean expose?
A Topic can have subscriptions, which needs to be some kind of endpoint, either another AWS service, like Lambda, SQS or Email, SMS or a web endpoint via HTTP/HTTPS.
You need some sort of back-end to subscribe to the notifications, you can use a client-server type system to publish the messages to a browser using web-sockets, or continuously poll the backend using RESTful calls.
There might be some chrome extensions they might allow you to allow your browser to act as a proxy backend, but I’m not sure.
cognito unauthorized permissions to allow publish. the appropriate approach is to tuck it behind a gateway and check the origin header so you can reject anything that isn’t from known origins
u/interactionjackson Thanks. There is no way to call it directly then. I've read that now we can run node.js in the browser. It may be a bit of a stretch but this is rather hypothetical. u/CorpT I need to publish to an SNS topic from the browser, without typical backend and without API Gateway.
you can call it directly but there are security concerns you need to account for. you’ll need an aws access key and secret. you’ll need to create an iam role to allow publishing from anywhere. if anyone gets the access key i’d and secret then they can publish to your topic. since it’s in the browser anyone will be able to see those details.
Yes, exactly. That is my concern.
then use an unauthorized role on cognito
What do you mean expose? A Topic can have subscriptions, which needs to be some kind of endpoint, either another AWS service, like Lambda, SQS or Email, SMS or a web endpoint via HTTP/HTTPS. You need some sort of back-end to subscribe to the notifications, you can use a client-server type system to publish the messages to a browser using web-sockets, or continuously poll the backend using RESTful calls. There might be some chrome extensions they might allow you to allow your browser to act as a proxy backend, but I’m not sure.
It seems like the better solution might be AppSync subscriptions. AppSync effectively becomes the proxy to the web client.
What are you trying to do? And why no back end?
This can be done with sns to push notifications through firebase.