Amazon Web Services provides a number of Software Development Toolkits (SDK’s) that will help the programmer make the most of Amazons exposed APIs for the various services that they provide in the cloud. While the AWS (Amazon Web Services) console is good for day to day administration and control over the services you have set up in Amazon, the API exposes additional methods that can be used to extend the services security and use that cannot be accomplished through the AWS console.
The SDK’s are used by programmers to extend services or to automate processes to reduce the amount of system administration time to accomplish repeated tasks. The developer can use the SDK for large scale programmatic use of the Amazon Cloud, or some of these can be scripted by the system administrator to reduce the time it takes to accomplish routine tasks.
Many of the SDK’s include sample code that should be reviewed for security and for authentication processes before being used to ensure that they meet with all company and legal requirements for information security. Sample code is usually built to demonstrate a task or function, but not necessarily written as secure code that should be or could be used in production environments. The SDKs have specific examples for various tasks, and each of the SDKs have different examples depending on the language. There are SDKs for Dot Net, Java, IOS, Android, Ruby and PHP that covers many of the ways that AWS can be used from mobile programming through scripting of system administration tasks. By providing these SDKs, programmers can work in their language of choice and only haivn to learn the specific calls, functions, and hooks within the SDK to accomplish specific tasks. Regardless of your programming language of choice though, it is a good idea to go through the SDK’s to see examples of what can be done with the Amazon Web Services APIs.
Visual Studio Dot Net
The Visual Studio Dot Net SDK includes code samples of Amazon S3 (Simple Storage Service), managing Amazon EC2, authentication, policy, and other programmatic aspects of starting, starting, and provisioning services in the cloud. This SDK is primarily focused on administrative tasks rather than service oriented tasks. Using this SDK for programming administrative tasks would be of use to any enterprise that is primarily Windows Server based. There are many calls using JSON and REST to make sure that the data is dynamic and updated without needing to manually refresh the administration UI when using this SDK for administrative tasks. Most of the AWS services are represented in the download file, and dot net programmers will immediately understand how to use this. The main download can be compiled as a master administrative task system that can then be ported to being web based.
Programmers should follow secure programming standards when using this SDK to ensure that only authorized people have access to the functionality that is presented in this toolkit. It is always a good idea to run your code through FXCop or other tool inside of Visual Studio to see what coding issues have cropped up during the writing of the code. It is also a good idea to understand secure coding practices in Dot Net, and follow Microsoft guidelines for writing secure code.
The IOS (Apple Devices) SDK is focused more on mobile systems than on system administration tasks. While there is a code set for monitoring the output from Cloud Watch, the more interesting aspect of this SDK is the use of the Token Vending Machine to provide temporary credentials over an IOS application to manage user authentication. There are two types of authentication samples in this, one for anonymous access to systems with a security token, and an authenticated client token where the user has logged in and all the actions are then done within the context of the users security token. Regardless of what mobile operating system you use, this is a good example of using both kinds of security tokens using REST. There is another example for Android as well in the Android SDK.
Other good examples of code that are in the SDK is an application that shows how to code for uploading media (video, picture) using S3, and then replicating that through CloudFront. This is a good way of knowing how to program your originating server as an S3 bucket, and pushing that media item into the world, and leveraging CloudFront to ensure global access to the item. This would be good to know if you are doing something like Instagram, or even sharing photos taken at a remote site and uploaded to CloudFront for consumption at the home office or on the road. There is also a social game program where data is shared between IOS devices when playing games on the Iphone or Ipad. All these code snippets are in Objective C, and will be familiar with anyone working with the Apple Developer Program. As with all sample code there are many good ideas in them, but you should ensure that you are not embedding security tokens in the code, or credential information in the code because of the ability to reverse engineer those security sets out of the program.
The Android SDK is also focused on the mobile market and how to program an Android application to take advantage of simple DB, and other functions to support the application. There is also the Android equivalent of the Token Vending Machine code as an example of how to do authorization for anonymous and registered user access. This also uses the REST protocol set to show how authentication can be completed using the initial anonymous and then authenticated client process like you see with mobile applications like Instagram and others. The Android SDK is very similar to the IOS SDK including what examples are provided. The good part of this is that you can get an example of that these programs look like in both objective C and Android Java code bases. This should give the developer enough of an example to learn how to program these kinds of activities using Java or C# based on what is in these example code sets.
When working with Android the Android SDK from Google also works with Eclipse as the IDE. Adding the Android SDK the AWS Java SDK and the AWS Android SDK there will be access to many examples for writing code that will work with mobile devices. As Android continues to gain in popularity, what you write in Objective C with IOS can be used as a basis for working the same mobile application on the Android system. The programmer should be thinking that they will be developing a cross platform application when doing the initial design of the programs functionality. Because there are examples for identity management in both systems, as well as similarity in how Android and IOS examples work,, it would be possible to build out a framework for the application, and move the majority of the operations over to the web. Stack overflow looked at this concept and came to the conclusion that it would be possible to code a framework application and use a Content Management Based (CMS) system to help make both programs work similarly in the cloud environment.
The focus of the Java SDK is using Eclipse as the IDE (Individual Developer Environment), which is beneficial to the programmer because Android also uses Eclipse as the base for the Android SDK from Google. Being able to tie these two, SDK’s along with the Android SDK from Amazon will give the programmer many very good examples on how to program mobile applications for Java and for Android. By downloading the Eclipse Toolkit along with the Java SDK, you also have access to a large code repository on GitHub to help you code in this environment, and do meaningful work quickly. The Java SKD is a very well documented SDK, with many good examples of how to manage both mobile and server based applications. The dependency though is that this works with the Eclipse IDE, and if the programmer is not familiar with the IDE then they will have to move to Eclipse. Although the SDK should be able to be pulled into any Java IDE on the market, Amazon does specify that there are specific toolkits made for Eclipse that might not be supported by other developer environments.
The Java SDK focuses on both mobile and on programmatic aspects of working on the system administration side of the AWS APIs. There is also a Token Vending Machine set of code in the developer sample code sets for Java.
Overall the focus on Java is very complete with a lot of very good sample code to go through that is easily customized for the tasks that need to be coded. From code examples for simpleDB, SQS, social systems, and other code examples, you can develop a very complete idea of what it will be like to program specific mobile and non-mobile applications in Java. If you are interesting in coding for Simple Pay, which is an Amazon based payment system, you can get a very good feel for developing programs that include in-app payments through a payment gateway. Of all the code sets the Java SDK is the most complete and the one that would of most use to mobile developers. While the IOS and Android SDK’s are good, adding all the extra tools, code sets, and API examples to Eclipse is going to give the developer the best idea of how to program for mobile systems.
The Ruby SDK is probably the smallest of the SDKs in the code example system. You can download the SDK from Amazon or through GitHub. The SDK is primarily focused on administrative tasks, starting and stopping Amazon services, setting up interfaces and setting EC2 instances for zones, failover, and other administrative processes. This is more of a back end style SDK without many good examples of what can be done with the SDK outside of administrative tasking. What makes this a good SDK though is something called “Ruby Gems”. The idea behind this is that a Ruby gem handles common tasks, such as authentication, request retries, XML processing, error handling and other common processes as part of a preset code package that can be easily integrated into your ruby code. These preset packages are good for automating code tasks like interfaces, error catching and other common issues when working with Ruby as a programming language. The Introduction to AWS for Ruby Developers in the Amazon support article section can help the programmer understand more about programming with Ruby for Amazon Web Services.
The PHP SDK is a good intermediate level SDK for a programmer who knows how to program using object oriented PHP. You will need PHP 5.2 or later with SimpleXML, JSON, PCRE, SPL and cURL. PHP is a very good programming language for developing entire web sites to work on both the web and mobile devices. Tying this into any IDE is very simple in terms of being able to use the code sets with the programming environment of choice. The other added source of information on how to use this is that Amazon has a number of very good screen casts that can be watched to show specific examples of coding and coding practices for using S3 and EC2. This is also a very complete set of instructions on how to use this SDK with various front end and back end examples of what to code and how to code for the Amazon Web Services system.
When working with each individual service, you will have access to the APIs for that service. Each one of the APIs has its own set of flags that can be set allowing specific processes to be started, stopped, monitored, or otherwise managed by using a programming interface rather than the AWS Console. For management and monitoring, each of these APIs provides a series of things that can be done, a series of error codes, and programmatic responses that need to be sent or received by the program. Programming for Amazon Web Services relies on being able to program REST and JSON style code sets that can both send and receive data from the system to advise what the status of each of the processes are.
When you are writing your code one of the drawbacks to the Amazon Web Services system is that they use an HTML based error code set with multiple different meanings for each error code. This requires being able to program and capture not just the error code (I.E. HTML error code 400) for each service, but also the text data that goes along with those error codes so that the programs that are written by the company are easier to debug. It is also a good idea to sign up for the Cloud Watch monitoring program when working in the cloud because specific triggers for specific events can be captured, and used to trigger scripts or processes to start when a specific event happens. Depending on the time of service or uptime requirements automating error code responses to do specific actions is a way to off load administrative tasks to automation.
One other drawback to using the programmatic aspects of Amazon Web Services is that you must use your Amazon Secret when using these programs. A lot of the Amazon code examples have the programmer embed the key pairs, shared secrets, and secrets into the code set to make sure the automation works without having to have users input a username, password, or their shared secrets. The good part is that you could use Amazon’s Identity Management Service (IAM) to store the Amazon API permission keys by working with the users login to ensure that users, programs, and administrators can access the right parts of the Amazon cloud services you are using without compromising the overall whole architecture of the Amazon system. If you lose your keys or they become compromised, if they are embedded in the programs you will run into two compliance and security issues.
The first issue is that if they keys become compromised you will have to go through all the code to remove and replace the compromised keys. The other problem is with compliance because embedding login credentials is not a safe programming habit to have. It is too easy to pull down individual files on the internet including Java Script, PHP pages, and in some cases configuration files that have user credentials embedded in them. Once there is a valid account including secret keys to the Amazon Web Services system, you could lose complete control of the entire infrastructure, or worst, have all the data stolen and have to do a breach report in line with local reporting laws. Breach notification laws vary by state, and it is highly recommended that you know how these laws work across state boundaries. Your cloud computing zones and how they were configured will have an influence on breach notification laws in the event that a hacking event happens because of poor coding practices.
Cloud computing presents interesting problems when a computer is hacked in the cloud, especially jurisdictional issues that run state by state. For example, if you have your Headquarters in Seattle, but your data center for cloud computing is in LA and Virginia, you might have to follow all three breach reporting laws. In the process, you will need to know if all the credentials were pulled out of code that had these credentials embedded in them and what data could have possibly been exposed because of that coding practice. This gets more complicated when working with CloudFront because effectively you will be doing international breach notification. It is very important to use something like IAM to store credentials for users and when and where possible the Token Vending Machine for users and the programmatic aspects of working with code in the cloud.
When programming you are going to want to use the developer forums for support and to get questions answered, and it would be a good idea to also use StackOverflow as a primary source for programming questions. There are amazing examples of very good code sets inside the SDK’s provided by Amazon that will let the programmer leverage the APIs when doing administrative tasks, or delivering data to customer mobile applications. You should choose the right SDK for the tasks that the company wants to have, and flesh out the minimum framework using the API references for what you are going to call. The Java, Android, IOS and Dot Net SDKs are the most mature with the most examples of programmatic tasks that can be accomplished when working with Amazon Web Services APIs. It is going to be easy to get stuck though and need help when programming. There are many resources to help you out with learning how to program for the cloud environment, It is recommended that the programmer become familiar with and participate in the Amazon developer forums.
From a programmer viewpoint, almost every programming question and programming error that can be imagined has already been discussed. Stack Overflow is also a good resource for programmers seeking help with developing for AWS. If the company is going to be continually developing using AWS it would be worth getting a premium support account with Amazon so that developers have access to programmers at Amazon to help them finish the projects they have started.
This entry passed through the Full-Text RSS service — if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: Gaza Blitz – Turmoil And Tragicomedy At The BBC.
(Cross-posted @ Managing Intellectual Property & IT Security)