I built a mobile application using React Native and Expo Go. This application makes use of 1 serverless AWS Lambda function. Currently, this application invokes the Lambda function through the use of the AWS JavaScript SDK (@aws-sdk/client-lambda). In order to provide the accessKeyId and secretAccessKey, I created a user with programmatic access in AWS IAM with an inline policy attatched, giving the permission to the user only to invoke the specific function that is needed.
As I am currently looking to deploy this application, I was wondering if it is okay for me to deploy this application using these access keys, or if there is a more secure way of authenticating the applicaiton in order for it to invoke the Lambda function.
Thanks!
My current setup is an IAM User with programmatic access (access keys) and an inline policy only allowing the user to invoke the Lambda function that is needed. This currently works, but I am worried this is not a good security practice and that I should instead authenticate the application with an alternative way.