Getting started with AWS backend for iOS - ios

I've been coding on iOS for awhile. I'm getting started to use AWS as a cloud backend to store my user's data for my iOS app as well as a server that can handle real time event in multiplayer mode. I understand that there are many services like Amazon Cognito that allows user login via public providers, Dynamo DB that provides noSQL storage, EC2 that help me create server instances. However, I'm really confuse on how I can actually get started.
Here's some stuff that I really need help on:
I don't really want to use public providers like facebook for my users to sign in/sign up. I'd really prefer it if there could be relational database that is similar to how I cache data on local sqlite files using core data.
And I also need some help on getting my ID tokens for those services if I choose not to use cognito, or must I?
I would really appreciate it if you guys can give me some clues on how I can get started on these. Thank you so much! :D

Depending on how you expect your app to evolve there are several approaches you can take.
Option 1: Minimal scalability / low cost
All you really need is a single free EC2 micro instance. On the instance you can build a full LAMP stack in seconds. Once you have built it you can start writing an application to handle your app in your preferred language. Ruby is a la mode but any language will work. Your database will be stored on the actual instance. If you go with this route, one thing you should do is use an elastic IP address so that if your server ever goes down you can point the elastic IP to another instance. You should also periodically backup your server.
Option 2: Maximum scalability / variable cost
Use RDS to store your database. This will mean that any EC2 instance will be able to reach your data so you can have an unlimited number of servers. Then build an EC2 instance just like in option 1 but point your application to the RDS instance. Use a load balancer in front of your EC2 instance to scale up in response to changes in utilisation. And the elastic IP address should point to the load balancer.
Building a LAMP stack on EC2
Open the EC2 console
Select launch instance
Pick the Linux AMI offered by Amazon and a micro instance
Create a .pem key (keep is safe on your system or you will not be able to access your instance)
Select the default security group
Open your terminal window and type: ssh -i path_to_pem ec2-user#your_instance_public_address
In the EC2 instance type sudo yum update
Then type sudo yum install httpd24 php55 php55-mysqlnd mysql55
sudo apachectl start
You now can navigate to the public address of your instance in safari and assuming I did not forget any steps you should see the apache welcome page.

Related

Securing a publicly available RDS backend for a Heroku app

We currently have an RoR app hosted at Heroku, with an AWS RDS backend. Currently, the RDS instance is available to all inbound traffic. To only allow traffic from my Heroku app, can I whitelist the applicable IP blocks here:
https://ip-ranges.amazonaws.com/ip-ranges.json
...or is an add-on like Proximo or QuotaGuard my only option?
Additionally, are there security concerns for having an RDS instance available to all incoming traffic, given that the RDS instance is password protected?
As Jarmod’s comment suggests, it’s not advised to expose your database to the world, even if it’s password protected and the communication is encrypted. It’s not that your data is entirely exposed, but when dealing with sensitive information, it’s advised to control who can request access to the data in addition to the user/password authorization.
Unfortunately, when you run on Heroku you don’t have too many options. Even Heroku’s own Postgresql database is publically accessible if you know it’s url/endpoint.
If you want to improve security, you’ve two options:
1) Use an outbound proxy addon
As you suggested, you can use a proxy addon such as Proximo or Fixie and configure AWS security groups to only accepts connections from the proxy's static IPs.
I’ve detailed the downsides of this approach in my reply to: “How to properly determine Amazon AWS Heroku subnets?”
2) Migrate your application from Heroku to AWS
Depending on your company size and product maturity, it might be a good idea to consider a migration from Heroku to AWS.
When your application’s stack is run entirely from within AWS, you’ll have much more control over security and can decide how far you want to go to protect your data.
I helped a few clients with similar migrations and security was one of the top 3 reasons to migrate from Heroku to AWS.
Hope that helps.

Connect to an Amazon EC2 instance from an ios application

I am trying to make an ios application that uses Amazon Web Services as its backend. I have an MySQL database in RDS and want to query this database from the app to retrieve content for the app. After some research, it looks like I should approach this by adding my own API for querying the database to an EC2 instance. Then, rather than directly accessing the RDS instance from the app, I access the API on the EC2 instance which accesses the RDS instance for me. Firstly, is this the way to go? I'm open to other suggestions too.
Here's what I have done so far, after reading this post:
Installed apache and php on my EC2 instance.
Obtained an elastic IP address for my EC2 instance.
Added a file (let's call it retrieve-data.php) to apache that uses my RDS instance endpoint, username, and password to query the database and return data.
From my ios application, I can then send an http request to elastic_ip_address_of_my_ec2_instance/retrieve-data.php to get the data from my RDS database in my app. Is this the way to go? Can this be improved upon in any way?
Edit: changing this answer to whats in my comment below;
The solution is what is suggested in How to connect amazon RDS in iOS, which is installing a webserver on the EC2 instance and writing a web app to make your RDS calls for you. This will involve some kind of web programming, there's a simple explanation here in the top comment. Then you can use RestKit to implement the calls from your app to the EC2 instance: github.com/RestKit/RestKit
For anyone who might find this useful, below is a summary of the steps you can take to get this all set up.
Set-up:
There are three options covered in the below steps:
A = NO domain name, NO load balancing
B = YES domain name, NO load balancing
C = YES domain name, YES load balancing
(A+B+C) Create an EC2 instance.
(A+B+C) Install all the necessities on your instance. At the very least, you'll want apache2 and whatever language(s) you wish to use for any backend scripts you want to run on your instance. I've used php.
(A+B) If you don't want to get a domain name to use to access your EC2 instance, or if you want a domain name but don't need load balancing, you'll want to get an elastic IP address for your instance. This can be easily done through AWS. (C) If you want to use a domain name and load balancing, you won't need an elastic IP address. Go ahead and get yourself a domain name. I used namecheap.com. They currently (August, 2015) have .xyz TLDs for just $1.18 USD/year.
(A+B+C) Add your backend files to the apache web server you installed on your EC2 instance in step 2.
(B+C) Set up a hosted zone in Amazon Route 53. NOTE: Route 53 is NOT included in the AWS free tier and is therefore NOT FREE. The costs are here. (B only) Add A record(s) to your Route 53 hosted zone that point to the elastic IP of your EC2 instance.
(B+C) Transfer the name servers of your domain name to the 3-5 name servers Route 53 gave you after completing step 5. The transfer will be done from the site you registered your domain name with.
(C) Set up load balancing for your EC2 instance(s) in AWS. Note your load balancer's end point.
(C) Add alias record(s) to your Route 53 hosted zone that point to your load balancer's end point.
Accessing your files on EC2
Let's say you have a php script myscript.php that you saved to your server in step 4. To run this script on your EC2 server after finishing the set up, you can do the following:
A - Open up a web browser and enter the following into the address bar: elastic_IP_of_your_EC2_instance/myscript.php
B+C - Open up a web browser and enter the following into the address bar: yourdomain.com/myscript.php
Hope this is helpful!

AzureWorkerHost get the uri after startup for Neo4jClient

I am trying to create a ASP.Net with neo4jclient project to be hosted on the Azure and am kind of unable to grasp how to do the following:
get hold of an neo4j rest endpoint address once the worker role has started. I think I am seeing a different address each time the emulator spins up a instance of worker role. I believe that i'll need this to create an client somewhat like this
neo4jClient = new GraphClient(new Uri("http ://localhost:7474/db/data"));
so any thoughts on how to get hold of the uri after the neo4j is deployed by AzureWorkerHost.
Also how is the graph database persisted on the blob store, in the example its always deploying a new instance of pristine db in the zip and updating, which is probably not correct. I am unable to understand where to configure this.
BTW I am using the Neo4j 2.0 M06 and when it runs in emulator, I get an endpoint somewhat like this http://127.255.0.1:20000 in the emulator log but i am unable to access it from my base machine.
any clue what might be going on here?
Thanks,
Kiran
AzureWorkerHost was a proof of concept that hasn't been touched in a year.
The GitHub readme says:
Just past alpha. Some known deficiencies still. Not quite beta.
You likely don't want to use it.
The preferred way of hosting on Azure these days seems to be IaaS approach inside a VM. (There's a preconfigured one in VM Depot, but that's a little old now too.)
Or, you could use a hosted endpoint from somebody like GrapheneDB.
To answer you question generally though, Azure manages all the endpoints. The worker roles says "hey, I need an endpoint to bind to!" and Azure works that out for it.
Then, you query this from the Web role by interrogating Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.Roles.
You'll likely not want to use the AzureWorkerHost for a production scenario, as the instances in the deployed configuration will destroy your data when they are re-imaged.
Please review these slides that illustrate step-by-step deployment of a Windows Azure Virtual Machine image of Neo4j community edition.
http://de.slideshare.net/neo4j/neo4j-on-azure-step-by-step-22598695
A Neo4j 2.0 Community Virtual Machine image will be released with the official release build of Neo4j 2.0. If you plan to use more than 30GB of data storage, please be aware that the currently supported VM image in Windows Azure's image depot must be configured from console through remote SSH to Linux.
Continue with your development using http://localhost:7474/ and then setup the VM when you are ready for a staging or production build to be deployed.
Also you can use Heroku's free Neo4j database deployment but you must configure the basic authentication for your GraphClient connection in Neo4jClient.

Using a VPN to get a static IP on Heroku

I need to connect to an API with my Heroku/Rails app where I need to have a static IP.
I know about the add-on proximo - https://devcenter.heroku.com/articles/proximo - but it is insanely priced, so that's out of the question.
Most people in my situation ends up deploying to EC2 instead and using a an Elastic IP as their static IP. I've also tried this and it works, but I find the whole flow of playing around with EC2 really cumbersome.
I've read in some answers that it is possible to set up an EC2 server and use it as a proxy for your Heroku/Rails app - Heroku Static IP for SFTP - but it sounds very cryptic for a person who is not very server-savvy.
Can someone give a step-to-step tutorial on how to set up your Heroku/Rails app to use your EC2 instance as a proxy?
In short: I would just switch to AWS. There is a little bit of a learning curve but it's not too difficult. Here is a presentation I gave on it geared toward front-end devs:
https://speakerdeck.com/krunkosaurus/intro-to-scaling-your-web-app-on-the-cloud-with-aws-for-frontend-developers-part-1
Amazon has 9 regions each with 3-5 "Availability Zones". I know that Heroku uses AWS but am not sure if you get to decide (or know) which AWS region and AZ your actual server is hosted.
Whatever it is, you should host your proxy server in the same Region (better yet, even the same Availability Zone). Setting up an EC2 there is easy just use the web console and be sure to give it an Elastic IP so the adress doesn't ever change. Then point your DNS away from your Heroku instance (dyno?) to this EC2 instance. From there you can either install Nginx or HAProxy.
I've just setup QuotaGuard Static as a more robust, better value static IP service that can be used by Heroku apps.
It's hosted on EC2 so you get the low latency benefits without having to start managing servers.
Hello you can use this answer to see how to use NGINX as a reverse proxy.
https://stackoverflow.com/a/27874505/1345865
http://blog.talenox.com/post/107675614745/how-to-setup-static-ip-on-heroku
Fixie is very affordable option for getting static IP address on Heroku. The documentation section has a lot of examples for different languages and frameworks, including Ruby.

How to provide saas customer with server snapshot for business continuity concerns

I'm proposing a SaaS solution to a prospective client to avoid the need for local installation and upgrades. The client uploads their input data as needed and downloads the outputs, so data backup and maintenance is not an issue, but continuity of the online software service is a concern for them.
Code escrow would appear to be overkill here and probably of little value. I was wondering is there an option along the lines of providing a snapshot image of a cloud server that includes a working version of the app, and for that to be in the client's possession for use in an emergency where they can no longer access the software.
This would need to be as close to a point and click solution as possible - say a one page document with a few steps that a non web savvy IT person can follow - for starting up the backup server image and being able to use the app. If I were to create a private AWS EBS snapshot / AMI that includes a working version of the application, and they created an AWS account for themselves, might they be able to kick that off easily enough?
Update:the app is on heroku at the moment so hopefully it'd be pretty straightforward to get it running in amazon EC2.
Host their app at any major PAAS providers, such as EngineYard or Heroku. Check their code into a private Github repository that you can assign them as the owner. That way they have access to the source code and can create a new instance quickly using the repository as the source.
I don't see the need to create an entire service mirror for a Rails app, unless there are specific configuration needs that can't be contained in the project or handled through capistrano.

Resources