The "AWS Services in Scope by Compliance Program" list does not contain AWS parameter store service. Is parameter service a PCI compliant one?
AWS Parameter Store is part of AWS Systems Manager. AWS Systems Manager is PCI compliant.
Related
I am already experienced with the Microsoft Azure Device Provisioning Service, which enables my devices to register themselfes through e.g. Certificates in the Microsoft Azure IoT Hub. That makes of course enrollment of thousand of devices easier.
I have no experience in Google Cloud Platform and i have seen that there is MQTT Broker and an IOT Core Service within GCP.
But i didnt get it and it does not seem to be, that the IOT Core Service offers a similar functionality to the Microsoft Azure Device Provisioning Service.
Is this correct? Or how could i enroll lots of devices in an GCP IoT Architecture with automatic device registry and "distribution" over multiple IoT Core Services?
You could take a look at the Registeries and Device APIs to do the same. Having said that, one api call equals creation of one device.
I got some problems when try to use AWS IOT Core.
Suppose that I have thousands iot devices and 1 mobile app, 1 backend server.
My thought is I'll provide a common key for devices which has connect policy only, then when their fist connection with aws iot, it wil automate register new credentials with more roles like publish/subscribe.
Is that right?
I've follow some guide on aws documents like JITR but still not work.
My thought is I'll provide a common key for devices which has connect policy only, then when their fist connection with aws iot, it wil automate register new credentials with more roles like publish/subscribe.
It must to register with AWS IoT via certificate signed by your own certificate(CA).
AWS IoT allows the use of a single certificate for an unlimited number of devices to simplify testing but this pattern is strongly discouraged for production use.
I am new to AWS IOT. I'm working on a project where I use BeagleBone boards as device gateways which will connect to AWS IoT. I wish to use either the C or C++ device SDKs on the boards to communicate with AWS IoT.
The problem I have is with the provisioning and authentication phase. It is easy to create a "thing" via AWS IoT cloud, generate keys, X.509 certificates for the device and then copy them to the device.
However, it would be ideal to generate the keys and certificate on the device itself during provisioning (this is possible of course), but then automatically communicate with AWS IoT via the SDKs and assign the X.509 certificate to a "thing" already registered there.
Is there any API for doing this? I feel there is a lack of application examples out there. Thanks in advance for any suggestions.
I am trying to setup the backend services for consumer IoT device which includes the following activities (4 main high level services). These services are ultimately consumed by a web application or from mobile application through REST API's.
Instead of reinventing the wheel, I am evaluating AWS offerings which should partially or fully match these services. With my limited knowledge and research, I was able to find few AWS offering that matches, however they may not be complete and the most appropriate ones, and hence need advice. Below are the services and my findings.
Self user registration - Cognito with User Pools
Device provisioning (Adding/attaching one or more devices to a user) - No idea on how to handle this with AWS. Can we add the devices as user attributes ? or should we handle them at AWS IoT offering ?
Authentication & Authorization of users and devices - Again Cognito
Secure MQTT broker service for communication between device and users - AWS IoT seems to be matching, however I am not very much aware on configuring them and setting up user level access controls through API's. Can we use AWS IoT here ?
Device provisioning can be generally done in three ways:
Manually, by defining an IoT things in IoT Services. Certificates should be placed on IoT devices.
By using AWS IoT SDKs. AWS Credentials (or Temporary Security Credentials) is needed.
Using AWS CLI.
In IoT services, you can put devices together by adding them in a same group. User can access to the IoT device's data in two ways:
IoT devices save data in Databases and user can access databases and retrieve data.
Defining the application(Mobile App, ...) as an IoT device and putting it in the same group, so the application can subscribe/publish to the topics of different devices. Consider that, all IoT devices have credentials (CA, private and public key) which should be place on IoT devices and it will be needed during communication with AWS Broker. Also the policies for each device should be attached correctly.
Just curious to understand if there are any logical reasoning behind in naming AWS products and services. For example, it has been named as AWS Lambda and not Amazon Lambda & it is Amazon S3 and not AWS S3.
If you hover over the Products menu in AWS homepage, you can see list of all products and services at a glance prefixed with both 'Amazon' and 'AWS'.
Managed to find an answer on naming analogy for AWS products and services from another similar question posted here. Response provided by a Senior Technical Trainer working at Amazon Web Services.
The pattern is that utility services are prefixed with AWS, while
standalone services are prefixed by "Amazon".
Services prefixed with AWS typically use other services, for example:
• AWS Elastic Beanstalk, AWS OpsWorks and AWS CloudFormation launch
other services
• AWS Lambda is triggered by other services
• AWS Data Pipeline moves data between other services
• AWS CloudFormation launches
other services
The AWS documentation page is a great reference for
determining the official name of a service.
As far as I understand, the prefix AWS is used for PaaS ( Platform as a Service) and prefix Amazon is used for IaaS (Infrastructure as a Service). The term AWS(Amazon Web Service) is used whenever it is offered in terms of service/platform, where as Amazon is used whenever a hardware resource/infrastructure is provided.
For example: In the product page of AWS site, in compute category the Amazon EC2 is IaaS providing compute capacity where as AWS Elastic BeanStalk is PaaS which is a platform for deploying web services and web-apps/wesites, likewise AWS Lambda is PaaS for server-less computing which lets us run code without provisioning or managing servers. Similarly in Storage category Amazon S3 is an IaaS which provides storage capabilities where as AWS Snownball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud,which is kind of PaaS.
Although this is just a logical assumption, as we never really know about how Amazon has named it's products and services. So please forgive if there are difference of opinions regarding this.
In one of AWS Meetups it was told that Amazon itself uses few of its cloud services and these are named with 'Amazon' prefix.
I am not sure how much of this is true..
Web Service definition (wiki):
A web service (WS) is either:
a service offered by an electronic device to another electronic device, communicating with each other via the Internet, or
a server (n.e. an Operating System Service) running on a computer device, listening for requests at a particular port over a network, serving web documents (HTML, JSON, XML, images).
Context: Web Service, initially designed as a replacement for Remote Procedure Call (RPC) was a revolutionary idea during the Internet Boom based mainly on XML. Amazon's philosophy was to manage all the ERP and Customer request using IT (Web Services) instead of traditional paper based processes (or RPC or not automated tools). The same approach was then applied from books to compute resources (that's how S3 and EC2 products came to be).
Any service designed to be used by the customer mainly through an API (or Web Service - today it will be called API first product ) it is part AWS collection of services, and when the service is seen as a traditional product (like replacement of a service that you would install on your desktop or use it from Cloud, mainly through an UI) is part of Amazon collection of services. Today we can see exceptions to this rule. Initially this was the thought of Jeff Bezos. To understand more about his philosophy, read: The Secret of Amazon success internal APIs:
Think about what Bezos was asking! Every team within Amazon had to interact using Web Services.
Anyone who doesn’t do this will be fired. Thank you; have a nice day!