You run an architecture where you have a Lambda function that uploads images to S3 bucket and stores information on the images in DynamoDB. You would like to expose the function to users so they can invoke it. Your friend Carlos suggests you expose the credentials to the Lambda function. What's your take on that?
Answer
That's a big no. You shouldn't let users direct access to your Lambda function.
The way to go here and expose the Lambda function to users is to to an API Gateway endpoint.