Why you shouldn't use the AWS SDK in your front-end
Disclaimer: this article (as the title suggests) is full of personal opinions and does not necessarily reflect hard facts.
Why I was using AWS SDK in the Front-end
In this project, I was using the AWS SDK primarily for authorization using Amazon Cognito. I was able to store an authorization token in the frontend, which automatically granted the client access to privileged AWS resources, such as a Lambda function used to fetch user information. The advantage of doing authorization is in the frontend is that the backend only has to handle the core logic of the program, without the hassle of validating the client’s identity each time a request is made.
Why you shouldn’t use AWS SDK in the Front-end
However, this approach is not only insecure but also inefficient. Here’s why I’d generally recommend against using AWS SDK in the frontend of your website:
console.log(localStorage)and see your access tokens, the site is probably not secure — it’s probably vulnerable to attacks like Cross-Site Scripting (XSS).
On another note, calling asynchronous functions (such as Lambda functions) in the front-end creates complicated problems with timing while rendering the user interface, where everything usually runs synchronously. It often requires excessively checking for undefined values and writing messy code with callbacks.
Side note: every AWS function now supports promises, as noted in this AWS blog post. This should help anyone becoming frustrated (as I was) with way too many nested callbacks.