Hello I have a iOS App and want to send my Logs to a Lambda Function.
I have the ARN Name of the Lambda Function. Where do I have to put this ARN that the Logs getting send to the Lambda?
Many Thanks
Marc
You can use the invoke API in Lambda Invoker to specify the function name. You find the API details here:
https://github.com/aws-amplify/aws-sdk-ios/blob/master/AWSLambda/AWSLambdaInvoker.h#L225
I would imagine you should make your Lambda an API that your app can PUT/POST the logs to.
AWS just released a feature to allow Lambdas to be directly hooked against an ALB (No need for APIGW).
https://aws.amazon.com/blogs/networking-and-content-delivery/lambda-functions-as-targets-for-application-load-balancers/
There is no need for your App to know about AWS at all. It just needs a restful API to send data to.
Another alternative is to use Amazon Pinpoint SDK in your app and post custom events
https://docs.aws.amazon.com/pinpoint/latest/developerguide/integrate-events.html
Related
I have an iOS Shopping App and want that the customers smartphones send Logs (when a crash happens for example) to an AWS Lambda function.
How can I avoid that other Apps than my own App can send Logs to this Lambda Function? I need some kind of authentification.
Theres a great tutorial on something like this here
Basically you need to go through the process of setting up a Lambda authorizer, which is a multifaceted approach to authorization and can serve any need.
The docs are particularly verbose about this subject.
I am use Grape for create API and use AWS SNS, at the moment I want send request for confirmation but my API code is not executed. The request is sent (I'm looking at the logs), but the code does not work. However it's work via POSTMAN. Found an article where it is implemented through the controller, I did the same and it worked for me, could you tell me please, why is not the code executed for API?
Did you test this through a curl? Please check content type
let's say I've created slack app and I have client id and secret.
What is the easiest way to get SLACK_APP_TOKEN in my hands that will be able to create channel?
If you want a proper access token that is related to your Slack App the only way to get it is to install your Slack app with the OAuth process as described here in the Slack documentation. You will need a mini website with a script (e.g. PHP) to perform the installation.
The so called test token will also allow you use the Slack API (e.g. to create a channel), provided that the user that created the test token has that right on your Slack. It is the easiest to obtain, but it will always be linked to a user account, not a Slack app. And you can not request specific scopes for it. So for most applications its better to use a Slack App and get a proper access token by installing it.
If you are looking for an example for an installer script, here is a complete script in PHP. It will run on any webserver that supports PHP. Its very basic, but it will work just fine.
I was just wondering if there was a simple function to create a customer in the Stripe API from my app in Swift? Instead of having to create a manual HTTP post request to my server, "createCustomer.php", and then retrieve the results (This is what I do right now).
I tried to search this up on Google, but I can't seem to find anything. I simply want the user to save their card details for later user, that's why I am in need of creating a customer.
Thanks in advance!
Except for payment information tokenization (which is done via Stripe's iOS or Android SDKs in mobile apps, and Checkout or Stripe.js in web apps), all API requests must be sent from a backend server.
The reason is that aside from token creation, all other API requests must be sent using your secret API key. You cannot embed or share the secret API key with your mobile app in any way, as it would then be possible for an attacker to retrieve it and use it to issue API requests on your behalf.
This is why there is no Swift function to create a customer -- the customer creation must be done from your backend, using the server-side language of your choice.
TLDR: All I want to do is secure my cloud function in Parse so that it only accepts requests from my iOS app. How can I do that?
Longer version:
I recently got started with using Parse for a client side app I'm building using a Google API.
Before using Parse, my issue was that the Google API calls from my app were not secure. I tried a Man in the middle attack on my app, and I was able to successfully get the bundle id and app id (Google claims some form of security is achieved by ensuring that the call is from the correct bundle id that you can specify on their console). So despite using SSL, seems like it was easy to get this information. Now this Google API is paid, so someone could easily abuse my key when I release my app and raise my bills.
I was anyways also thinking of doing some lightweight work in the backend, so I figured to use Parse. Now the call to the Google API is done in Cloud Code. But a new problem I'm facing is how to secure calls to the Cloud function I've defined in Parse? The Parse App ID and Client Key aren't secure at all.
All of Parse's blogs keep talking about creating users and defining ACLs etc. But in my case, there is no data in my Parse app and there is no user per se. It simply calls the Google API and returns the result. All I want to do is secure my cloud function so that it only accepts requests from my iOS app. How can I do that?
The inherent security risk here is that any key you store in your app is vulnerable, for that reason encryption is also vulnerable. My recommendation is to use the automatic user in Parse on your iOS app, you could even throttle excessive requests/abuse by a single user. By creating and using a user you are able to gain the benefits of ACL which appears the best security option available in Parse currently. At that point you send the automatic user in your cloud code request and verify it's a valid iOS user.