将消息从 S3 中托管的网页发送到 SQS 队列
[英]Sending message from webpage hosted in S3 to SQS queue
问题描述
I'm trying to figure out a way to do my first project on AWS.
我正在想办法在 AWS 上完成我的第一个项目。
I have this page http://nlprism.sciusanalytics.com/ hosted in an S3 bucket.我将此页面http://nlprism.sciusanalytics.com/托管在 S3 存储桶中。 After the user writes a URL and posts it, I want to pass this URL as a message to an SQS queue, which will then call a Lambda function.在用户写入 URL 并发布后,我想将此 URL 作为消息传递给 SQS 队列,然后该队列将调用 Lambda 函数。 What's the appropriate way to do the post to the SQS queue from the page?从页面发布到 SQS 队列的合适方法是什么? I thought about embedding some javascript in the page which sends the message to SQS when the user clicks submit, but then I would need to hardcode my SQS credentials in the webpage, so that's likely not the way to go.我考虑在页面中嵌入一些 javascript,当用户单击提交时将消息发送到 SQS,但随后我需要在网页中硬编码我的 SQS 凭据,所以这可能不是要走的路。
1 个解决方案
解决方案1
1 已采纳 2019-03-22 22:39:21
If you create an IAM user, and the only permissions it has is to post messages to that one queue, then it really doesn't matter if someone discovers your credentials in your javascript - the worst they can do is post messages to your queue, which they can do already because it doesn't appear that your page has any authentication - so if someone was looking to pollute your queue, they can do it thru your webpage (even if you manage to hide the credentials), or by accessing the queue directly.如果您创建了一个 IAM 用户,并且它拥有的唯一权限是将消息发布到该队列,那么是否有人在您的 javascript 中发现您的凭据并不重要 - 他们能做的最糟糕的事情就是将消息发布到您的队列,他们已经可以这样做,因为您的页面似乎没有任何身份验证 - 因此,如果有人想要污染您的队列,他们可以通过您的网页(即使您设法隐藏凭据)或通过访问直接排队。
If you had a server behind your webpage, you would have more options to hide the credentials, but even then, since the page isn't protected, anyone can post as often as they want right thru your page.如果您的网页后面有一个服务器,您将有更多选项来隐藏凭据,但即便如此,由于该页面不受保护,任何人都可以通过您的页面随时发布信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.