I'd like to play with the specific Amazon API that would allow me to look at my own customer data -- e.g. order history. Can anyone tell me which of the numerous APIs I should research?
Check the Web Service API Reference page for more information.
Related
This apparently is so simple question but I have been trying hard and came accross many questions and articles but none of them really answers this.
There are many ways to design the architecture after the log is ingested and transferred to AWS. We can use ES, Kinesis and other services.
My problem is how to transfer the application client logs to AWS securly, anywhere, could be S3, Lambda, Kindesis, ElasticSearch. We can surely have an endpoint exposed but that will be open. How to authenticate this to make sure malicious users don't spam our logs? what is the best way to ingest and transfer logs to AWS from mobile applicatios?
Creat an API that collect logs and ingest to kinesis expose it with API gateway use API keys aur authentication API to generate bearer token.
In application create functionality that make API call.
We did this in one of our application successfully
One way is to use Amplify SDK on the client application to log
securely.
Have a look at this link:
https://medium.com/swlh/add-monitoring-to-your-amplify-app-by-using-amplify-framework-d4c43b2bb84b
I'm trying to create an external API using AWS API Gateway that will give users access to data stored in multiple databases. The APIs will mostly be accessed through scripts rather than through a web UI.
Are there any AWS services I can use to manage user access to my API?
I've read a little bit about Amazon Cognito and OAuth 2 but at a glance it seems like those might be more targeted towards cases with a UI for users to interact with. Is there a way to create and manage API keys with AWS?
Thanks in advance for your help!
You can use API Gateway Lambda Authorizer to write your custom login integration. For example a lambda that check in one Database if the user:password (passed as authorization header) exists in table in DynamoDB or SQL.
I've built an application which is connected with Amazon Cognito to take the sign in and sign-ups of users. Currently, application support three different subscriptions (Free, Basic, Premium). If the user signs in for basic Subscriptions, I want to give them least access to DynamoDB for download the parts of applications which is required to run the application service.
How to connect DynamoDB with Cognito directly
I am not sure, what's the best approach to follow this scenario?
(Please note- this is not a mobile-based application, so do not give suggestion to use AWS Amplify or relatable services)
When I was first learning about Cognito, I had made the same set of assumptions you are currently making. I knew that User Pools could act as my application's user directory, and Identity Pools would magically unlock all my authorization needs. I was mistaken :)
At the risk of oversimplifying, AWS Cognito exists to answer two questions:
Who are you? (authentication)
What can you do? (authorization)
Cognito addresses these concerns with two distinct offerings: User Pools (authentication) and Identity Pools (authorization).
At a high level, User Pools let you handle user registration, authentication, account recovery, and supports authentication with third-party identity providers like Facebook, Google, etc. Sounds like you might have this part figured out.
Cognito Identity Pools, on the other hand, provides a way to authorize users to use various AWS services. You can think of it as a vending machine for handing out AWS credentials. For example, if you needed to give your users access to upload a file to an S3 bucket or to invoke an endpoint in API Gateway, you could do so with an Identity Pool. You can even allow item-level access to DynamoDB based on an Amazon Cognito ID. However, this might not work the way you expect since your application users are probably not directly connecting to DynamoDB.
In most web/mobile applications, users are not connecting directly to DynamoDB. Instead, they are interacting with a web/mobile app that communicates to the back-end of your application via an API. That API would then communicate with DynamoDB. If your stack is in AWS, the path may look something like this:
Client (web/mobile app) <-> API Gateway <-> Lambda <-> DynamoDB
In this architecture, your users would authenticate via Cognito. Cognito would then authorize the user to make calls to API Gateway. API Gateway would execute your lambda, which would then interact with DynamoDB. The "user" of DynamoDB in this example is your Lambda, not the user of your application.
That last bit is important, so I'll repeat it: Unless your users are directly connecting to DynamoDB (not recommended), they are not the "user" operating on DynamoDb. Therefore, restricting DynamoDB access based on a user's Cognito ID is not going to be an option for you.
So, what can you do? Your application needs to provide the business logic around what effect your users can have on DynamoDB. Perhaps free users have read-only access to a specific partition, while premium users can modify the same partition. That logic has to be handled directly by you.
I know you said you weren't looking for Amplify suggestions since your application is not mobile-based. However, Amplify offers SDKs that aren't specific to mobile development. The folks at Serverless have made a fantastic tutorial on building a full-stack serverless web app, which includes a very readable chapter on serverless auth with Cognito. They use Amplify in a web app to integrate with Cognito, S3, and API Gateway. If that's something you are trying to do, I'd recommend checking it out.
Can anyone please tell me how to use Google Cloud DLP API and can I track my local system using these Google Cloud API like track info which is flow from Facebook, Gmail, Skype etc.?
Do you mean you want to track data flowing between those systems? I'm not aware of a way to inject yourself between them.
If you want to track what is being sent out on your local network and are looking for design ideas - one such idea could be to use a local proxy that you have configured to send all traffic through something like https://cloud.google.com/dlp/docs/reference/rpc/google.privacy.dlp.v2#inspectcontentrequest so that you can send up alerts if there is anything surprising.
Gmail also has a version of Cloud DLP built in for gsuite customers to automatically monitor/prevent employees from sending email with specific finding types.
I have to build an online bookstore using AWS using SQS, SES and RDS services as homework but Im at a standstill. I read through the documentations about these services provided by Amazon but I cannot figure out how to make them communicate with each other and how to set up instances with the named services. SQS should be the backbone of this store. RDS should contain users and products in stock and SES is used to notification for the customer. I search google as thoroughly as I could but could not find anything related to my problem. If anyone could give me some pointers or lead me to some reading I may have missed I would be most grateful.
These services talk to each other, but they are functionally separate. You connect to and populate an RDS database the same way you'd connect to and populate any remote MySQL database. SQS and SES both are driven through the AWS API, which you tap into using the Amazon API tools:
http://aws.amazon.com/developertools?_encoding=UTF8&jiveRedirect=1
You just create your Amazon AWS account, get your access credentials, put them into the environment variables (read the READMEs in the tools downloads) and start using them.
hope that helps.