[swyx]

as a frontend dev new to this stuff - how do you keep your lambdas secure? literally anyone can see your secrets?

I'm gonna go through your code, thanks for sharing, just wanted to ask in case you have a big picture insight about how serverless auth/security is best done. this stuff freaks me out because i know nothing about it.

[callekabo]

I'm afraid I don't follow. What secrets are you referring to? Secrets in the code running on the lambda can't be seen by anyone. If you mean secrets to invoke the lambda I usually have lambdas be completely open (no auth required) or have users log in with cognito and use aws-sdk invoke the lambda, which takes care of auth for me.