jrogatis
commented
6 years ago nop @smiller171 this is correct, is isued to log at AWS email service, that we use to manage email invites.
Closed smiller171 closed 6 years ago
jrogatis
commented
6 years ago nop @smiller171 this is correct, is isued to log at AWS email service, that we use to manage email invites.
smiller171
commented
6 years ago @jrogatis no, this is not correct. While it "works" AWS APIs, including the SES APIs should always be authenticated with IAM access keys or roles, never with username and password. Instructing people to use username and password for this task is a security nightmare for a number of reasons, including that the user can't enable MFA if you want this to work.
jrogatis
commented
6 years ago @smiller171 I got the main idea. But that's an app to run from FCC environment. and that's the specs. I can argue with FCC dev-ops and back to this issue.
The readme currently tells the user to use their AWS username and password in their config file. This is extremely dangerous (if it works at all?) API keys should be used, not username and password.
https://github.com/freeCodeCamp/meeting-for-good/blame/316f32f5cd5d7300bc5e77f4f8186f72c2f3d415/README.md#L31-L32