How can we use AWS Kinesis in a web browser?

Question

How can we use AWS Kinesis in a web browser?

I'm interested in AWS Kinesis Stream and wondering if I can use it to send users' activity logs directly from their browsers to AWS.

AWS provides a JavaScript SDK which is executable in a web browser but, according to its document, the SDK requires credential information because of which, I think, it's not secure to use it in my use case.

Should I put proxy servers between their browsers and AWS Kinesis? Or is there any secure way to use AWS Kinesis in such a case?

Answer 1

You have couple of options to use the JS SDK directly from the browsers of your users without embedding credentials in your code or force your users to log in into a service:

The first one is to use AWS Cognito. You can embed couple of line of code in your JS code that will identify the identity pool you want to use. On the service side you define the role for unauthenticated users to be able to write to Kinesis. You can see more details in this blog post: https://blogs.aws.amazon.com/javascript/post/Tx1F7FO6GDAIXD3/Authentication-with-Amazon-Cognito-in-the-Browser

The second option is to put API-Gateway between your users and the Kinesis stream. The gateway is a managed service that you can define as "open" with no authentication and the gateway can be the one with the permission to write to your Kinesis stream. The simplest way is to use a Lambda function that will be able also to transform/clean the events before putting them to the stream. See more details in the service documentations: http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html