I'm finding the Amplify SDKs for iOS difficult to work with, likely because we don't seem to fit in with their target audience. Amplify offers mobile developers a BaaS solution, and as such the Amplify SDK is heavily-geared towards this use case. Our team however has dedicated DevOps engineers who use Terraform to provision AWS resources. While their documentation states that it is possible to use the Amplify SDK with pre-existing resources, I'm finding it clunky at best -- having to manually configure the amplifyconfiguration.json file with limited documentation is frustrating, and I've had a lot of difficulty getting the Auth SDK to work with our Cognito setup. That, along with the vendor lock-in, is making me reconsider our decision to integrate the Amplify SDK in our mobile clients.
Which leads me to my question: are there any obvious disadvantages to using open-source client-side libraries to integrate with AWS resources instead of the Amplify SDK? Considering that we don't have any need for the BaaS aspect of Amplify and are only really needing OAuth via Cognito and GraphQL via AppSync, could we get away with using libraries like AppAuth and Apollo to forego Amplify entirely?
There are different components of Amplify although it isn't obvious at first:
Devops Tools in AWS console to automate, deployment certificates etc in the Amplify part of the Console
There is the CLI tool chain used to deploy and manage the app, as well as generating the the Cloudformation templates.
Lastly and most importantly there are the Amplify client libraries, which work great with Cognito.
You can simply use the client libraries on your own, and call (in the Javascript example; Amplify.configure(). They can be used to do Cognito alone if you wish, (we have done this too, we don't use the cli deploy our front-end).
You don't need to use their REST client either, but you would need to capture the Authentication event and relevant token, and use it appropriately in your requests.
In summary, it sounds like you don't wan to use the whole Amplify platform, simply their client libraries which you can do as you would any other library. Copy their Cognito sign-in example for your framework, and configure Amplify manually instead (user-pool-id, appclient, domain) of using the cli to generate a project and credentials.
Related
I am new to serverless architecture. I am about to create a banking application. Is it a good idea to develop my whole system using 100% serverless architecture (using AWS Lambda) or should it be a hybrid combination of both Serverless and Kubernetes Clustering. Thanks in advance
So long as you set your IAM access policies accordingly, secure your API Gateway endpoints with rotating keys on KMS, while using Cognito to provide JWT authentication for your users, then the short answer is yes (IMO). I have implemented quick and secure solutions with the new AWS secrets solution to store and rotate application secrets quickly and easily, if you're working on a banking app they also have a great HSM service that I think you will find valuable. I personally have no problem with AWS "lock-in", I value my time and peace of mind. You might want to check this out https://aws.amazon.com/security/
I have two set of RestAPIs used for same application developed on two different frameworks.
One on SpringBoot secured using OAuth 2. Second set of APIs developed on Jooby microframework of RestAPIs.
Since the services on Jooby are not secure how can i do that? So that both set of APIs are secured.
The Login is working in conjunction with SpringBoot App and OAuth 2.0 and same user credentials should be used for jooby apis as well. Does it make sense to put some sort of gateway common for both the set of apis?
Well, security is a broad topic and frameworks implement security guidelines and support when becoming mature. Even I don't have any prior experiences with Jooby, after referring their documents I found a couple of support libraries and extensions.
Moreover, you can follow this great Github repo as a checklist and implement what relevant to your context.
If you can provide more implementation details about your login, I can give a more specific answer. But it seems common gateway isn't really necessary and you can use authentication credentials such as tokens directly with your Jooby API's as well. See pac4j which is listed under Jooby documents.
The documentation at https://developers.google.com/actions/deploy/release-environments states "To handle release channels in your fulfillment, you should provide different fulfillment URLs (for example, one fulfillment URL for the beta and another URL for the production version of your Action)." However, there are no instructions on how this should be accomplished.
When I created my Actions on Google project, a Firebase project was created to which I upload JavaScript that supports those actions via requests to our backend service. That Firebase project provides the URL used by my Beta release for fulfillment. I now need to create an Alpha project that points to a different Firebase project to which I will upload new versions of support for requests to different versions of our backend service. I do not see a way to accomplish this. Do I need to create an entirely new Actions on Google project that has its own URL for fulfillment or is there some better way to accomplish this task?
I tried creating manually creating a separate Firebase project to host the Alpha code but that did not work. I later learned that when you create a Actions on Google project that it is intimately connected to the Firebase project created for it and cannot be pointed to another.
The problem is all in the configuration space of Actions on Google and Firebase. There is no code to show.
I would expect that some approach similar to that provided by the Alexa Developer Console and the Amazon Lambda Management Console would be available. In that approach, I have Alpha, Beta, and Production versions of the Alexa Skill and each of them points to a different version of the lambda function each of which has an appropriate value to indicate the environment that the lambda function is executing upon. This allows me to allocate requests to the correct backend service (alpha, beta, production).
I don't see a way to accomplish that in the Actions on Google/Firebase world.
If you are using Dialogflow, the Actions on Google release levels have corresponding environments. So you should be able to set a different fulfillment URL for each environment to point at the different project.
I'm trying to create a redistributable web application that will integrate with Google Analytics through the Google Reporting API. Customer will install the application on their server.
I'm following this tutorial (I'm using PHP, but I believe this is not of importance for my question)
https://developers.google.com/analytics/resources/tutorials/hello-analytics-api
This works fine. No issues there.
However I can't figure out one missing element:
The tutorial starts with sending me to the Google APIs console where I have to create and configure a new API project and create and configure a client ID.
That's a lot of work that requires fairly technical knowledge (redirect url, selecting correct API, error-prone copy-and-pasting, etc.)
So my questions:
Is there an API so I can programmatically set this up for my user?
If that's not possible, is there a more user-friendly way to obtain Analytics reporting that is future-proof? (I noticed they are currently deprecating a few older APIs)
Unfortunately that's AFAIK not possible.
You could go one of the following ways:
Move client_id and client_secret to some configuration file and help your customer with deployment.
Show a one-time setup wizard for your app and guide your customer step-by-step. There you can at least provide him with the right callback URLs.
Regard your application as "installed application" and instrument curl or something similar for sending the requests.
For iOS developers, we have two options to user Amazon S3 service with
ASIHttpRequest S3
AWS SDK for iOS
Seem like they are doing the same thing to provide interface to use S3 service.
My question is what is the difference between them if have ?
Thanks
AWS SDK supports more options for IAM (Identity and Access Management), policies and STS (temporary or "federated" users). Additionally, it provides support for services other than S3.
If you just need to move data to/from S3 I believe ASI is the way to go. If you're doing anything that uses other AWS services, or requires anything beyond standard ID/SECRET authentication, the SDK is the way to go.
I have used ASI in a large application for access to S3 and SimpleDB and a few other things. I found that there are a few bugs, etc. Performance is good, though. So I am trying the AWS-sdk for next project. I think in the long run that the official SDK will be better, as Amazon appears to spend money on supporting (and writing?) it.