This apparently is so simple question but I have been trying hard and came accross many questions and articles but none of them really answers this.
There are many ways to design the architecture after the log is ingested and transferred to AWS. We can use ES, Kinesis and other services.
My problem is how to transfer the application client logs to AWS securly, anywhere, could be S3, Lambda, Kindesis, ElasticSearch. We can surely have an endpoint exposed but that will be open. How to authenticate this to make sure malicious users don't spam our logs? what is the best way to ingest and transfer logs to AWS from mobile applicatios?
Creat an API that collect logs and ingest to kinesis expose it with API gateway use API keys aur authentication API to generate bearer token.
In application create functionality that make API call.
We did this in one of our application successfully
One way is to use Amplify SDK on the client application to log
securely.
Have a look at this link:
https://medium.com/swlh/add-monitoring-to-your-amplify-app-by-using-amplify-framework-d4c43b2bb84b
Related
I have been doing some research about using some AWS service as OAUTH2 for our application running in 3 docker containers (backend, frontend, database). Backend has an API which is not open to public obviously and accessible only within docker network. We are looking for extending our app with a chat service, which we want to implement as a service, so we build our app following microservices architecture, since we will add other services later on. So when user logs into our app, his session will be also "shared" with chat service.
Our chat service will be using sockets and since sockets require direct connection to user resources, we can not just implement an integration layer which will supply all resources required by chat service, but we have to either:
implement sockets within our application API (which we dont want to do, we want it as microservice),
open API endpoints for chat service to use, but this option requires OAUTH2 and thats what we try to deal with.
I am not sure if there is some other way to handle this and be also ready for a long run, but if this works, which AWS service would fit the best for us to use, which would play OAUTH2 role for handling security in this matter?
I also checked this post but it didn't help me much in my case. I'm open to any suggestions, I've checked AWS lambda, AWS cognito, AWS amplify, pretty confusing, many features, we don't want to overload the architecture with features we don't need.
What exactly is the thing you want? User accounts managed by AWS? Use cognito.
Users logging in with Apple, Facebook, Etc? Use cognito again.
Just have some backend code that once a user logs in, create a token or session so they can chat with that.
There are many youtube videos on AWS cognito but a lot of them suck. The best one is written in React but before they came out with hooks. Here is part one. https://www.youtube.com/watch?v=EaDMG4amEfk
I'm trying to create an external API using AWS API Gateway that will give users access to data stored in multiple databases. The APIs will mostly be accessed through scripts rather than through a web UI.
Are there any AWS services I can use to manage user access to my API?
I've read a little bit about Amazon Cognito and OAuth 2 but at a glance it seems like those might be more targeted towards cases with a UI for users to interact with. Is there a way to create and manage API keys with AWS?
Thanks in advance for your help!
You can use API Gateway Lambda Authorizer to write your custom login integration. For example a lambda that check in one Database if the user:password (passed as authorization header) exists in table in DynamoDB or SQL.
I am currently working on a web portal for a foundation. Applicants for a grant will receive access data in advance independently of this portal. New applications will then be created and processed in the portal itself. Once an application is complete, it is sent off. Later the application will be approved or rejected.
There are a number of technical specifications on which I have no influence. The frontend should be implemented using Html+Javascript. The backend should use the Amazon Web Services (AWS). If there is a need to program something for the backend - then C# should be used.
I know how to implement the classic client-server solution. At the moment, however, AWS offers me an unmanageable set of services. And here I'm hoping for suggestions as to which of the services I should take a closer look at. Ideally, no complete 'server solution' should run on a virtual server. Instead, Lambda functions are mentioned again and again. So would Amazon RDS and AWS Lambda be a sensible and sufficient combination? Did I miss something?
Thank you very much for your suggestions.
One solution would be to use AWS S3 to server HTML, CSS, JS, Images and other static content. You could use AWS Lambda via AWS API Gateway to serve as a backend. AWS Lambda would then connect to AWS RDS or AWS DynamoDB if you would prefer a NoSQL solution.
Image taken from AWS Github repo
You can get a more detailed description of how to set this up at
https://github.com/aws-samples/aws-serverless-workshops/tree/master/WebApplication/
I have Requirement of developing a REST API with DB on AWS with Our custom Jar, that will be processing the data coming in the request, once processed we will give a response the result comes from our jar.
We have :
Our Java application that will process the data.
Need to develop Authorisation platform for a various client using REST API.
Need to log all the transaction that is requested and how many are rejected and processed successfully.
We are thinking to deploy the complete application on AWS, so I am looking for best study material on developing and Deployment on AWS that is free (budget issue).
Please suggest where should I start as I am a newbie on the cloud platform.
Thanks in advance for the help.
To save on cost with AWS, try to go serverless architecture.
Use:
S3: to host your front end code by making your bucket a website
Lambda: to host your backend code to insert and retrive from database. You get 1 million requers free per month
Api Gateway: it would provide an interface to access lambda function and detailed logging can be done to cloud watch. It also provides with Authorization with API keys and Cognito user pools.
DynamoDb: it is aws managed database, that give you 15 free read write provisioned throughput
You can start with this
https://medium.com/byteagenten/serverless-architecture-with-aws-adcaa3415acd?source=linkShare-22ecbac0bdc-1526628767
Well, I have a web page (PHP) that is running on-premise and it's accessed from different countries. I would like to catch some data and store it somewhere. I can handle internally with the team the data and the format of the file to catch the info. But we would like to get leverage of AWS to store it in S3. So we notice that we need an intermedium layer to avoid use AWS credentials required for S3.
as this page is on the internet and it's consumed by a user thru web for sure we don't want to include anything for credentials embedded in the site. So likely Kinesis data firehose as consumer role could just catch the data send by our page and then internally store it in S3.
Question
I see that exist an SDK for Kinesis but it requires AWS credentials. We really need a kind of link where we need the data produced and AWS handles the rest. But I don't know why I require to set up AWS credentials using the SDK. Does it mean then that our website will load and live with our credentials? I don't feel this approach secure. I appreciate the comments.
You can use API Gateway Kinesis Proxy to avoid using credentials or even aws-sdk in your webpages.
https://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-kinesis.html
This way you don't need to expose any credentials and control permissions with a role.
If you are worried about having a security issue and if the users are authenticated, you can use custom authorizers to authorize the url.
https://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html
If it is public facing, then just the above integration should work.
Hope it helps.