Recent AWS Customer Success Stories & Videos

More AWS Customer Success Stories...

« Fine-Grained Access Control for Amazon DynamoDB | Main | AWS Identity and Access Management Policy Simulator »


Feed You can follow this conversation by subscribing to the comment feed for this post.

Dave Winer

Jeff, why not provide a simple app in a web page that does everything, including the login, so we can get started without having to figure out one of the most complicated things on the net -- identity!

You must have that working in a test app, please share it with us.

I want this stuff in my software, asap. Make it easy for us. ;-)


Dan Kibler


As you eluded to, it looks like you could create some pretty sophisticated server-less applications with these limited features. I'm going to give it a try. Is there any sample code for doing the identity federation part in JavaScript?


Peter Moon

Hi Dave,

Here is the Getting Started guide for the SDK:
It explains setting up web identity federation with Facebook login and gives you a sample app that allows you to upload an image to S3 and view it once it's done.
Hope this helps!


Dale Roberts

Without any server side code to sanitize user input, how can you deal with security. I'm thinking at the simplest, someone uploading massive files to S3 or running horrible queries against a database.

I love the idea of what's possible without any infrastructure to manage but wonder if it doesn't leave you open to abuse ("you" being the person paying for the buckets and DBs etc).

Thomas Bachmann

At first I was very excited and had been waiting for this kind of SDK for a long time. Dale brought up a very good point, any suggestions on how to solve the validation problem?

Having only JS on the client talk to AWS an attacker can simply modify the client side validation scripts (JS) to accept everything and the AWS service will not complain about it. There are almost no policies at IAM that go into the direction of
- limiting an S3 object's size or
- allowed space per user or
- number of files per user or
- only allow certain DynamoDB queries or
- only allow certain number of DynamoDB rows per user.

This limits the areas to use the AWS SDK for JS a lot for me.


Hi Jeff!

According to post:

> You can create and populate S3 buckets...

How can I create a bucket programmatically and how can I enable CORS in browser application with this API without AWS console?

Thank you!


sample code missing script src="" script



I have scoured the resources in this post, but cannot figure out how to use DynamoDB via the Browser only SDK.

What and where do I put credentials in order to query a DynamoDB table?

There are code samples in the AWS JS Dev Center for listing DynamoDB tables, but no mention of how to where to put an access keys.

I love the idea of these services, but without docs to get fully started with all services, I'm afraid it's no use to me.

Ric Harvey


First thanks for the article and blog as a whole, its a great resource.

Could you provide us with an example of the login federation for google, facebook, twitter, etc and the AWS IAM please. This part has massive potential and can't wait to see some real world examples!

Cheers Ric


Can we expect the file size to be lower in the future? Currently, 500k is really a lot for building in the browser applications. Angularjs is 80k for instance.

Actually, I only need SQS but even when building the sdk with SQS only, the file size is still over 200k.


To be accurate the file size is 502K unminified / 256K minified :)

The comments to this entry are closed.

Featured Events

The AWS Report

Brought to You By

Jeff Barr (@jeffbarr):

Jinesh Varia (@jinman):

Email Subscription

Enter your email address:

Delivered by FeedBurner

April 2014

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30