Building Security Conscious Video Streaming Infrastructure on AWS, Lesson 1: Don't Hardcode Security Credentials

3 minute read
Content level: Intermediate

Welcome to this multi-part series aimed at empowering startups, DIY enthusiasts, recent graduates, and established businesses to build a robust video streaming infrastructure on AWS. The goal? To ensure your infrastructure is resilient against external threats, without compromising the agility required in today's fast-paced business environments. Too often, in a rush to showcase results, security measures get sidelined. In this article, we'll arm you with best practices to avoid common pitfalls.

In my time at AWS I have observed some of the security challenges that customers face when building workflows and growing their businesses, so the lessons that I will put forth are real-world, and timely. There will be five installments in this series and although AWS Media Services are the focus of these lessons learned, I think it is important to take a wholistic view when looking at designing a security conscious streaming video workflow. In this series, we will touch on suggested best practices related to developer tools, storage, content delivery, monitoring and alarms, automating responses to events, billing, and we will finish up with the AWS Well Architected Framework. It's not just one thing that will keep your infrastructure (and business) safe; but, a collection of services and best practices, working together. So, let's get started with Lesson 1, for this week.

Lesson 1: Don't Hardcode Security Credentials

Avoid embedding streaming service security credentials in your project code. Even a single oversight can have repercussions, especially if you lose track of your GIT repository's branches. Instead, use AWS Secrets Manager to safeguard your credentials, granting access only to authorized users or services. This keeps your secrets intact while enabling swift development.

Code from AWS SDK for JavaScript v3

Code sample

Secrets Manager Documentation

I hope this information helps keep your code safe in your day to day development routine. I have attached the documentation for AWS Secrets Manger, as well as links to sample code, and the AWS Software Development Kit (AWS SDK) for your review. Now, let me throw in a qualifier - there are many AWS services you can use to build security conscious architecture, and when you look into AWS Secrets Manager, you will see many related services that can be used in conjunction with Secrets Manager. My point is that if customers use, at the very least, the services mentioned in this series, they could provide a very meaningful level of protection for their services. I encourage everyone reading this document to dive deep and explore all the options available.

I will come back soon and debut the next installment of our series, "Protect Your Buckets."

1 Comment

This is quite an insightful topic and pretty timely as well. When it comes to the subject of workloads/contents delivery, the subject of "security" can never be over-emphasized. Great job!

replied 6 months ago