How to create AWS Cloud HSM using java code - amazon-web-services

I am looking for creating aws Cloud HSM using Java sdk.
Does anyone already done? looking for some example.
I can create by using AWS CLI but I want to do it through Java sdk.
Thank you.

AWS CLI is a wrapper around AWS API and the call you are likely looking for is CreateHSM Here is the corresponding Java SDK method
In most cases, if you already know how to do something via CLI - just follow the link to API Reference from the CLI command documentation page and then to SDK of you choice (Java). They all are built on top of the same REST API, so given the example for one it's just a syntax difference on how to work with another.

Related

Browser authentication for AWS SDK for JavaScript using IAM credentials

I have a simple shell script which issues several commands using awscli and displays information to the screen. It depends on having correct settings in ~/.aws/config and ~/.aws/credentials. I want to distribute it to about 10 users who have IAM accounts with limited privileges. However I don't want to use the shell - I want something cross-platform, easy to use for the users and easy for me to update. So I decided that I want to create a simple web application in JS instead, using the AWS SDK.
It seems that this use case is specifically supported by AWS, the first bullet point under "Common Use Cases" in What Is the AWS SDK for JavaScript? is "Build a custom console to AWS services in which you access and combine features across Regions and services to best meet your organizational or project needs" which exactly describes what I want to do.
The problem is that I can't find the relevant documentation on how to perform the user authentication. All the examples that I was able to find talk about some "Amazon Cognito" service and discuss much more complicated use cases, such as authenticating pools of external users through an external authentication provider and mapping them to IAM roles, which sounds too complicated for what I want to do. Is there a way to just authenticate the users that I have with their IAM user/password, and authorize them to access the AWS services based on their existing IAM permissions? Or is using Cognito, creating additional roles, etc. mandatory?
While writing this question I found out another question about AWS Amplify and now I'm even more confused. Is AWS Amplify what I would want to use?
You can write a web app using the AWS SDK for JavaScript that invokes various AWS Services. You do NOT need to use AWS Amplify to create a web app.
A Web application that uses the AWS SDK for JavaScript uses creds like any other AWS app. Here is an AWS tutorial that shows how to use the AWS SDK for JavaScript to write a basic web app that invokes the AWS SQS service. It will hopefully point you in the right direction.
Creating an example messaging application
This topic covers Prerequisites and other information, such as creating the required AWS resources, you need to know to write a web app using the AWS SDK for JavaScript.
Also - the link you referenced was the JavaScript V2 DEV Guide. Its better to use the AWS JavaScript V3 DEV Guide.

Using Amplify and SAM together?

I'm having some confusion here and wanted to see if someone can set me straight.
I'm using Amplify for a Vue app. It calls API Gateway which calls Lambda and all of this is set up manually but I want to use the power of IaaS and do it with SAM.
Amplify CLI includes the ability to add APIs/Functions and in turn creates the CloudFormation Templates and Stack, which is nice. However this doesn't seem to create the Amplify app itself aside from creating an empty app connected to no repo and of course the CLI only stretches to so many services.
I see that it IS possible to configure an Amplify app in CloudFormation. And SAM comes with command line tools that'd be useful as well. What is the correct way to set all this up??
Can I create a SAM template for Amplify creation that works with the Stack created by Amplify to make API/Functions rather than manually building the SAM Template without auto generated assistance? Then if I add non-Amplify-supported Services later I can add them to the SAM as well.
I'm having a time trying to navigate SAM/CF/CDK/Amplify haha
I hope this helps. Lets start with your easier issues:
I'm having a time trying to navigate SAM/CF/CDK/Amplify haha
Yea.
AWS CF (Cloudformation) is aws's go at giving use a way to create(/rud) AWS resources using a templating engine. Its rather massive. And odd. Here's an example from the User Guide
Here is a JSON template to Create a simple DynamoDB table.
Here is that same template from the Designer Link next to it
Here is a pastebin version : 1QNXGTdZ
If the above brings up questions like, Why are both templates different? You are not alone. Overall, CF is massive but pretty neat as it lets you create/rud AWS resources
AWS SAM (Serverless Application Model) IMO is version of CF that is a lot simpler/easier. Here you can CRUD AWS Resources and organize them in a stack.
Note: SAM uses CF under the hood.
Amplify is a framework to make working with cognito (login) , aws js sdks, and more. It can take your vue/react app and add services such as, api, authentication, and document (dynamodb). For a node app, it stores config information in a file calls "aws-exports.js". Amplify can also help you deploy and store your codebase.
If you create any resources using the amplify cli, it uses CF under the hood. I believe all the files get stored in folder named ".amplify". IMO, its not fun as its hard to manage things later on using Amplify CLI or AWS console.
Can I create a SAM template for Amplify creation that works with the Stack created by Amplify to make API/Functions rather than manually building the SAM Template without auto generated assistance?
Yes. Just keep on using that Amplify CLI. Once that stops being fun use the AWS Console.
Then if I add non-Amplify-supported Services later I can add them to the SAM as well.
Also yes. You can create a new SAM stack any time with lambda's, userpools, etc and them connect to them with your Amplify applications new found AWS SDKs.
From my limited experience:
give AWS SAM a shot. Its simple and easier to get than CF
I never use the Amplify CLI anymore. It was neat in the start, but I've outgrown it as running the commands gives me a headache in comparsion to the SAM template defintions

Access the AWS RDS describe db snapshot API

I am trying to access the aws rds api to describe db snapshots. I plan on having this be parsed so that I can list all the available aws snapshots by id using groovy. However the biggest problem I am having is getting the api in the first place. I took a look at AWS's reference on this topic but I can't seem to figure out how to generate the pre-signed portion of the request with credentials. I am not sure why that part is even necessary. Why can't the user authenticate using the Access key ID and the Secret access key combination?
The reference:
https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSnapshots.html
The section with the issue:
https://rds.us-west-2.amazonaws.com/
?Action=DescribeDBSnapshots
&IncludePublic=false
&IncludeShared=true
&MaxRecords=100
&SignatureMethod=HmacSHA256
&SignatureVersion=4
&Version=2014-09-01
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIADQKE4SARGYLE/20140421/us-west-2/rds/aws4_request
&X-Amz-Date=20140421T194732Z
&X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
&X-Amz-Signature=4aa31bdcf7b5e00dadffbd6dc8448a31871e283ffe270e77890e15487354bcca
If groovy is a hard requirement, I'd look into something like this https://grails.org/plugin/aws-sdk
If you're comfortable with Java, I'd say use the official AWS-SDK
If you're scripting this out, you could also use the official AWS cli tool and do something like
aws rds describe-db-snapshots [OPTIONS]
From there you could use a tool like jq to zero-in and parse out your specific ID's. You can find more documentation here.
The way you'd authorize with the SDK is either through environment variables (the preferred approach) or probably hardcoding your KEY and SECRET (big no no)
I think rather than trying to directly communicate with the API directly you should make use of the built in wrappers that AWS provide.
If you're accessing this with a supported programmatic language take a look at the AWS SDKs. There are currently officially supported libraries for:
C++
Go
Java
JavaScript
.NET
NodeJS
PHP
Python
Ruby
If your language of choice is not covered there may be a third party solution already. Alternatively take a look at the AWS CLI to resolve your problem.
For your specific action describe-db-snapshots you can get a list of all IDs by running the below, then parse as JSON.
aws rds describe-db-snapshots --query 'DBSnapshots[*].DBSnapshotIdentifier' --format json

Is there a way of creating AWS EC2 instance with postman?

I want to create an EC2 instance with Postman but, I couldn't find anything on the internet? Is there a way of doing this? or should I use aws-cli instead?
Everything in AWS is an API that can be hit directly or via CLI or SDK. All those do is make the same calls you'd have to make. The advantage to using the CLI or SDK is that they manage the auth for you, which is no trivial matter. The following document gives you a place to start looking at all the options for using AWS APIs.
Making API Requests

Create a complete Alexa skill with AWS or ASK CLI

Is it possible to create a custom Alexa skill with the back-end Lambda (code) completely from AWS/ASK CLI? The Lambda interacts with DynamoDB, so it would be ideal to include the provisioning of the DynamoDB backend via the CLI too.
It's not possible to do it with DynamoDB provisioning (otherwise, yes, please check this page).
Here's a feature request for supporting DynamoDB provisioning in the CLI (please vote up!)
Yes, it's very much possible. Here is the documentation. If you use Visual Studio Code then there is an extension that integrates ask cli with it.