Question on Amplify config
andreimcristof opened this issue · comments
Andrei commented
Hi, this is a question, not an issue:
In the step "Configure AWS Amplify", in the Serverless Stack guide, all the config is placed in an config.js in the /src folder.
My question is: is it not a security flaw, to expose such infrastructure details like S3 Bucket Name and Cognito IDs in the js file, and send them to the browser? I understand exposing the API urls and region, but is it ok to also expose the rest of that config.js file?
Thanks in advance,
Jay commented
Those are completely fine. The access to those resources are restricted by authentication. And we don't allow unauthenticated access to them.
Andrei commented
Thank you!