alt Hacker NewsAs written, I do think that's naive. Being sure the person/browser is authorized doesn't mean that the signals you get are actions they intended.
Suppose that in normal use a user can visit a certain URL which triggers a dangerous effect. An attacker could trick the user into performing the action by presenting a link to them titled "click here for free stuff."
There are various ways to protect against that (e.g. CORS, not using GET methods) but backend cloud credential management does not give it to you for free.
And that same user is already trusted to have admin access to the entire organizational AWS credentials - I did say it was an internal management site.
The lambda itself only has limited permissions to the backend. The user can’t do anything if the lambda only has permission to one database and certain rights to those tables, one S3 bucket, etc.
Heck with Postgres on AWS you can even restrict a Cognito user to only have access to rows based on the logged in user.
And the database user it’s using only has the minimum access to just do certain permissions.