I have a server using intensively AWS SNS. Of course I have multiple environments (dev, QA, production, custom, etc.)
Knowing that SNS let you register only one endpoint per token (so, AFAIK, I can't have two differents Endpoints with the same token, even if created from different PlatformApplication), how could I manage separation between my different environments?
EDIT: all our environment are in the same AWS IAM account.
SNS does allow you to subscribe multiple HTTP/HTTPS endpoints to a single Topic but it sounds like you need an SNS topic per environment so that the dev Topic dispatches requests to a dev HTTP endpoint.
The recommended AWS strategy for multiple environments in 2017 is to use multiple accounts -- one per environment. You can use consolidated billing for all of your accounts.
If you separated them then you would wind up creating an SNS topic for each environment and each would publish requests to the appropriate endpoint for that environment.
The single account solution would be to create one Topic per environment and to update your app config or environment variables to use the ARN appropriate to the environment.
If your platformApplication is android, then you can use the same GCM/FCM server key to create multiple platformApplicationARNs with different names(one per env I'd assume).
If it is iOS, you would have a dev key and a prod key for one application. I doubt you will be able to create multiple platformApplicationARNs with the same key using different names. Try it, if it works you're set!
Next, you should be able to register the same deviceToken with each of these different platformApplicationARNs.(I have tried this, it worked). This behaviour is similar to one mobile device registering to different applications for notifications.
Related
I like to create multiple environments in AWS Account rather than multiple accounts, how can this be done?
Use-case for this is each environment can have its own stack, so each environment will have DynamoDB, Lambda, services etc.
I could not find any documentation on how to create multiple environments in AWS Account
Currently, I am using these services in AWS:
EC2 instance
S3 bucket
SES for transactional mails
I access S3 and SES services in the backend using an AWS_ACCESS_KEY_ID, and an AWS_SECRET_ACCESS_KEY which basically means I cannot share those keys with the developers.
I would like to create a separate development environment that doesn't give access to those services in production.
I have made some research and I found-out that I can create a whole new account for development environment and then synchronize billing between the two especially that I have AWS credits.
Before investing time in that, I wonder if it's possible to achieve my goal with using a separate IAM identity.
I’m currently using cloudformation(JSON template) to manage different aws services.
The Aws services I use include S3, Lambda, API Gateway, Amplify, Dynamodb, IAM, Cognito.
The development phase is almost finished, now I'm finding ways to build UAT environments by using the existing cloudformation template.
Different ways come into my mind.
1.Create cloudformation stacks after switching to different countries
But some services like S3 are cross-country services.
If I create another S3 bucket with the same name, the bucket might not be successfully created.
2.Create new IAM User for creating cloudformation stacks
I am currently using the Root User account for the Service Management in the development stage(I know it's bad practise though). I can create a new IAM user(e.g. UAT_Admin) to create the UAT environment.
These are all methods I can think of. I need a method for the environment management for later creating UAT environments, and even the Production environment in the future.
Any comments or suggestions?
For greatest separation of different development environments (dev, testing, uat, prod) often different accounts are used. This provides greatest separation of resources without risking that someone from testing will accidentally delete/modify production services.
To make it easier to work with different accounts AWS provides AWS Organizations as well as AWS CloudFormation StackSets. The StackSets would enable you to use same template accorss different accounts.
I'm running SpringBoot applications that use AWS resources from two different AWS accounts (depending on the project—each application only needs resources from one of the two AWS accounts).
I have two different profiles set up in my AWS config file (a default one and a secondary one). When I use AWS CLI, I just specify --profile=secondary and everything is happily working.
I can't seem to find any way to specify the secondary profile for a SpringBoot Application using AWS Java SDK. What are my options?
This can be achieved using ProfileCredentialsProvider(String profile) where profile is, the question's case, secondary.
I'm looking for the best approach for organizing sending emails via Amazon SES in development and production environment.
Is it possible to separate two SES accounts (one for production, one for development) within one account ID? Development using production SES account is not an option because SES pushes events to queues (deliveries, bounces etc) which are processing all the time.
The solutions which I see at the moment are:
Create completely new Amazon account with only one service active (SES).
I read something about IAM policies but I'm not sure is it a good direction.
I read something about sandbox but if I good understand it only exists for new accounts (?)
Maybe someone heard/resolve that problem with more elegance solution?
You could setup your production SES in one AWS region (like us-east-1), and your test SES in a different region (like us-west-2). I'm not sure if this would be better or more elegant than using two separate AWS accounts. It depends on your exact needs.
When you setup SES in a region it will be in sandbox mode until you request AWS take it out of sandbox mode.
When you setup your deployment environments, it would be better if you create a separate AWS account for production and another one for testing and staging. You can setup consolidated billing and AWS organizations to simplify the management of multiple accounts. In addition, you can get a test domain for testing and staging deployments, where you can configure it with SES to send mails.
Answering your questions in order
Create separate accounts not only for SES, a separate one for production deployment.
Using IAM alone you won't be able to manage isolated triggers in SES.
In any account Sandbox is default for SES, You need to contact AWS support and increase the limits.