I have a code at my local machine, with which I want to call an AWS Lambda function.
I have configured AWS API Gateway as doorway to Lambda function, but I am concerned about security when sending credentials as query string parameters.
So could anyone suggest nest approach to pass credentials to Lambda function even if there is another way than API Gateway, but I want to send it dynamically.
There are several options.
1) If you have AWS credentials on the machine with your client, you could use basic SDK (e.g. API C# SDK JavaScript SDK)
2) If you want to use the API Gateway, you can use Lambda Authorizer (Documentation). Credentials must be obtained from somewhere (e.g. AWS Cognito).
3) One option is to use API keys. Generate key for your client installations and include it with your API calls. See: Documentation
These are just some options, I'm sure there are others. Best option depends also on your requirements (e.g. number of clients, installation method, how are they authorized and so on).
If your client needs to run only on your machine, I would go with option 1.
HTTPS encryption protects the parameters. You just make sure you are connecting to the correct server and don't accept certificate exceptions.
Establish a mechanism to have one of the query parameters changing over time in a non predictable way.
You should use the AWS Parameter Store, which is specifically designed to hold secrets needed for accessing cloud resources so that the secrets need never leave the cloud.
