Vfrdtyky

I am developer fairly new to AWS detailed Usage. In AWS, I have implemented a sample Serverless Architecture flow/application. The services used for layers are Dynamodb(DB)-Lamda(DAO)-API Gateway(API)-S3 Bucket(Presentation.)

I need to secure the API Gateway.

How can I:

1. How to externalize IAM User credentials file using Javascript SDK instead of putting IAM User crentials in code, : a) In local windows b) for S3 Bucket.


2. If I use credentials file, how would the JavaScript SDK Code know to use my AWS Account? From the IAM User credentials?


3. Is there a way to create the credentials file using AWS Console, I do not yet know to use AWS CLI?

I checked implemented and implemented 3 ways out of from here for API Security: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html

1) Cognito User Pool 2) Usage Plan+API Key 3) IAM User Authentication : I Set AWS_IAM as Authorization type for api Gateway. I created an IAM User, attached an IAM policy with permission to Invoke the api. I followed this:
https://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html
and https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html

I feel that IAM User Authentication is the most secure, as we make SigV4 signed request. My specific question here is about putting and retrieving the IAM User credentials in an external file mentioned in documentation as ~/.aws/credentials. In general, please guide me further.

I am presently using JavaScript SDK, loading in Browser. In my local Windows System, I created the credentials file under C:UsersUSERNAME.awscredentials, in the format given as in here:https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/setup-credentials.html

I tried using the Javascript SDK CredentialProviderChain
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CredentialProviderChain.html#constructor-property

My code is

var chain = new AWS.CredentialProviderChain();

            chain.resolve(function(err, credentials)

            {

                console.log(err);

                console.log(credentials);

            });

I get "No Providers" error. I read in a comment for similar question that If using Javascript SDK loading in browser we cannot retrieve credentails from C:UsersUSERNAME .awscredentials file.

I have read related AWS documentations, not mentioning here.

Note: Later I need to implement code to be used in mobile app. If I implement sample using JavaScript, I need to guide the App Developer. I do not know Android by myself.

Update
As a step forward in using Javascript SDK, I have found these 2 links which i am studying:
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-browser.html
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-browser-credentials-cognito.html
Note, that I want to use IAM Authentication rather than Cognito authentication. Is Cognito authentication to be used if the final target is mobile apps ? Please guide.

Update
Using Javascript SDK, I Implemented this: a) Used an identity Pool b) Used Cognito User Pool as an Identity Provider. c) Wrote code to Log in a User Pool User, obtained ID Token. d) Obtained Temporary AWS Credentials using the Identity Pool.

So the question is : a) Is Authentication+Authorization using Identity Provider+Identity Pool, the only way to implement IAM Security for API Gateway ? b) How to implement security only using IAM Credentials ie is there way ahead without Authentication only using Authorization ?