For iOS developers, we have two options to user Amazon S3 service with
ASIHttpRequest S3
AWS SDK for iOS
Seem like they are doing the same thing to provide interface to use S3 service.
My question is what is the difference between them if have ?
Thanks
AWS SDK supports more options for IAM (Identity and Access Management), policies and STS (temporary or "federated" users). Additionally, it provides support for services other than S3.
If you just need to move data to/from S3 I believe ASI is the way to go. If you're doing anything that uses other AWS services, or requires anything beyond standard ID/SECRET authentication, the SDK is the way to go.
I have used ASI in a large application for access to S3 and SimpleDB and a few other things. I found that there are a few bugs, etc. Performance is good, though. So I am trying the AWS-sdk for next project. I think in the long run that the official SDK will be better, as Amazon appears to spend money on supporting (and writing?) it.
Related
I'm finding the Amplify SDKs for iOS difficult to work with, likely because we don't seem to fit in with their target audience. Amplify offers mobile developers a BaaS solution, and as such the Amplify SDK is heavily-geared towards this use case. Our team however has dedicated DevOps engineers who use Terraform to provision AWS resources. While their documentation states that it is possible to use the Amplify SDK with pre-existing resources, I'm finding it clunky at best -- having to manually configure the amplifyconfiguration.json file with limited documentation is frustrating, and I've had a lot of difficulty getting the Auth SDK to work with our Cognito setup. That, along with the vendor lock-in, is making me reconsider our decision to integrate the Amplify SDK in our mobile clients.
Which leads me to my question: are there any obvious disadvantages to using open-source client-side libraries to integrate with AWS resources instead of the Amplify SDK? Considering that we don't have any need for the BaaS aspect of Amplify and are only really needing OAuth via Cognito and GraphQL via AppSync, could we get away with using libraries like AppAuth and Apollo to forego Amplify entirely?
There are different components of Amplify although it isn't obvious at first:
Devops Tools in AWS console to automate, deployment certificates etc in the Amplify part of the Console
There is the CLI tool chain used to deploy and manage the app, as well as generating the the Cloudformation templates.
Lastly and most importantly there are the Amplify client libraries, which work great with Cognito.
You can simply use the client libraries on your own, and call (in the Javascript example; Amplify.configure(). They can be used to do Cognito alone if you wish, (we have done this too, we don't use the cli deploy our front-end).
You don't need to use their REST client either, but you would need to capture the Authentication event and relevant token, and use it appropriately in your requests.
In summary, it sounds like you don't wan to use the whole Amplify platform, simply their client libraries which you can do as you would any other library. Copy their Cognito sign-in example for your framework, and configure Amplify manually instead (user-pool-id, appclient, domain) of using the cli to generate a project and credentials.
I don't think I have seen related threads on the forum.
I have a JSON database stored on AWS S3 and I would like to query it from iOS. I don't think Athena can be used on iOS and the only tutorials available between ios and s3 are uploading, or downloading files.
Another solution I think may be possible is to setup an API gateway with a Lambda function, then networking the browser links with iOS (I have not been able to do so, it is probably more complex and doable).
So, how to query a S3 database from ios ?
I am new to serverless architecture. I am about to create a banking application. Is it a good idea to develop my whole system using 100% serverless architecture (using AWS Lambda) or should it be a hybrid combination of both Serverless and Kubernetes Clustering. Thanks in advance
So long as you set your IAM access policies accordingly, secure your API Gateway endpoints with rotating keys on KMS, while using Cognito to provide JWT authentication for your users, then the short answer is yes (IMO). I have implemented quick and secure solutions with the new AWS secrets solution to store and rotate application secrets quickly and easily, if you're working on a banking app they also have a great HSM service that I think you will find valuable. I personally have no problem with AWS "lock-in", I value my time and peace of mind. You might want to check this out https://aws.amazon.com/security/
I need a backend to store location updates and messages, I was thinking of using JSON to connect to the Amazon S3 server and to fetch and store data.
How many clients could be connected to this server? Is there a way to link a MYSQL server to Amazon S3 for login and users accounts?
S3 is not a database store; you write/delete/replace an entire object.
You want AWS RDS. Amazon manages the DB (MySQL supported). Skim the reference architectures for something applicable to your needs. Scale them down; they're designed to make use of as many AWS services as possible.
http://aws.amazon.com/rds/
http://aws.amazon.com/architecture/
Other option is Amazon Dynamo DB. This is an infinite-scale nosql db with a fully managed REST API. You dont worry about the data size growth, speed etc. AWS take care of all these.
http://aws.amazon.com/dynamodb/.
Even in this case, you need to have some code running in the backend, which receives your REST calls from the iOS and writes to the Dynamo.
Other even easier solutions are https://parse.com/ and https://www.firebase.com/
These are solutions specifically for your kind of needs - Make a mobile backend Datastore. They give client SDK, which has a very great value in terms of offline synch. You just invoke the SDK from the apps and will synch with the backend datasore when the connections are available - reduces your code complexity a lot !
Imagine the following use case:
You have a basecamp style application hosting files with S3. Accounts all have their own files, but stored on S3.
How, therefore, would a developer go about securing files so users of account 1, couldn't somehow get to files of account 2?
We're talking Rails if that's a help.
S3 supports signed time expiring URLs that mean you can furnish a user with a URL that effectively lets only people with that link view the file, and only within a certain time period from issue.
http://www.miracletutorials.com/s3-amazon-expiring-urls/
If you want to restrict control of those remote resources you could proxy the files through your app. For something like S3 this may defeat the purpose of what you are trying to do, but it would still allow you to keep the data with amazon and restrict access.
You should be careful with an approach like this as it could cause your ruby thread to block while it is proxying the file, which could become a real problem with the application.
Serve the files using an EC2 Instance
If you set your S3 bucket to private, then start up an EC2 instance, you could serve your files on S3 via EC2, using the EC2 instance to verify permissions based on your application's rules. Because there is no charge for EC2 to transfer to/from S3 (within the same region), you don't have to double up your bandwidth consumption costs at Amazon.
I haven't tackled this exact issue. But that doesn't stop me from having an opinion :)
Check out cancan:
http://github.com/ryanb/cancan
http://railscasts.com/episodes/192-authorization-with-cancan
It allows custom authorization schemes, without too much hassle.