Just came to my attention that there are now more regions supporting Cognito. Is it possible to move a user pool from one region to another?
AWS Cognito, does not replicate ( moving or sharing) the user pools across the regions at the moment, if your users / clients are closer to the region then there will be a minimum propagation delays and users will have a better speed to get the resources from the data center.
If you want to authenticate your users across the region that will be possible by the API they have provided (For example, in javascript sdk you need to mention the region while setting up API for authentication and accessing resources).
For the folks tuning in now , As of June 2020 cognito supports multi-region user pools.
https://aws.amazon.com/about-aws/whats-new/2020/04/introducing-multi-region-user-pools/
Related
I provide SES Services to many of my clients in different regions of the world. So their apps send out emails through my AWS SES account. It has become a problem to trace out how to measure their usage and stats, IAM wise or some other ways and then be able to bill them for what they have consumed. There must be a way to break stats into some kind of Sub Accounts or something
Can someone help regarding this ?
You have two options for such fine-grained monitoring, according to the official docs:
Feedback notifications
This option allows the most detailed reporting for your billing needs. However, it also requires more work on your part, because you need to build handlers (i.e. lambda functions) which will log sending/bounces/complaints in some persistence (i.e. DynamoDB table). More details here.
Event publishing
This option uses CloudWatch for persistence and you have the (probably) familiar CloudWatch UI for reporting. You will have to enforce (somehow) your clients to use a AWS specific SMTP header or SendEmail / SendRawEmail API calls. Less work on your part but you need to find a way to make your clients help you. More details here.
I had a question regarding global availability of an API and performance. Basically, we would like to build an API that is central to our business, but it must be highly available and performant globally, meaning, response times of the API should be minimal whether the call is being made in the United States, China, or any other country in the world. The API is actually an interface into a microservice architecture that is domain driven. We are currently using Microsoft Azure as our cloud provider to host these microservices but I wanted to get some suggestions on architecting a solution that makes this performant across the globe. Would we need to deploy services in multiple regions to be able to make this work? If so, how would I route an incoming request to the appropriate region?
I would partition your data by region using username as the partition key. Distribute your microservices and databases around the world in appropriate places, but keep one central login service. As users register with your central registration service, you assign them to a region depending on their home address, IP, or some other geographical indicator. When they return to login the second time (using the central service), you authenticate them and pull their region from the central DB. You can now route all additional traffic to the proper region for the best performance.
You would have to implement a full set of domains in each region.
The Instagram new API policy have become super strict. They are not allowing fetching public content at all. We are literally following all Instagram policies and still cant get approval of public_content.
Is there any workaround or any possibility of fetching the data.
This is the response that I have recieved from instagram
General issues:
Policy Violation (Ad network, Influencer network, Other related): Your
app should not attempt to build an ad network on Instagram, nor
transfer any data that you receive from us (including anonymous,
aggregate, or derived data) to any ad network, data broker, influencer
network, or other advertising or monetization-related service. In
working to build a high quality platform, we ask that you comply with
our Platform Policy
(http://wwww.instagram.com/about/legal/terms/api/).
Yeah, they now grant permissions only to applications with some specific usage cases.
According to Instagram official website, these are:
To help individuals share their own content with 3rd party apps
To help brands and advertisers understand and manage their audience and digital media rights
To help broadcasters and publishers discover content, get digital rights to media, and share media with proper attribution
Note that in order to get public_content permission, you need to fall under the 2nd or the 3rd use case. Otherwise, consider changing your application / service in such way that is now uses basic permission and acquires only your users' media.
There is no valid and legal possibility to fetch public data except for successful passing the Instagram permission review.
This official developer documentation page may be useful to you.
You need to enable scopes invividually for your client https://api.instagram.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=APPCALLBACK&access_token=ACCESSTOKEN&response_type=code&scope=public_content in your browser, using your values for the uppercase words? This should enable your registered client to work with the public_content scope.
https://api.instagram.com/oauth/authorize?client_id=xxxxx&redirect_uri=xxxxx&access_token=xxxxx&response_type=code&scope=public_content
your comment
Read the error message, did you supply a valid client-id from your instagram developer account. Did you setup a redirect_uri for that client? Do you authenticate to instagram to get an access token?
This worked for me this weekend. Double check the values you set in the url and call it directly in your browser.
I have a web application backend for my clients web site. Authorised staff can log in to the backend and view data.
I want to pull some data from Google Analytics to be viewed in the backend, but GA seems to insist that the user is logged in to their Google account themselves using OAuth2
I want to be able to authenticate the server not the user. They already have permission and it seems unnecessary and possibly intrusive to ask them to link their Google accounts to the GA account and possibly even have to create one first.
The server already has to supply a client id, client secret and an api key, so it's not as if there isn't already an authenticated connection.
I'm guessing that there must be a way to pass the Google Analytics account credentials to OAuth2 somehow but I am not that familiar with OAuth2
Is this possible and how would it be done. A simple example or a nudge in the right direction would be appreciated
There are similar questions around but the ones I have found do not answer my question in the way I need.
Yes you need to store the authentication, but you may be able to use Google Analytics Super Proxy for your needs. At the very least you can see its code on how it stores the authentication.
You authenticate once, input the data you need scheduled from the GA Reporting API, then take the data feed and use it to build charts in your intranet. Any user can view those charts without needing to login to GA themselves.
We built a system where we can access all our clients google analytics. I use Google service accounts to do server calls to google Analytics API and grant access to that service account as a user. Some how there is a limitation where each service account reaches a limit to be added in user accounts. (we have more than 2000 clients).
As of now, I am creating multiple service accounts when ever the previous reaches its limit. What is the solution for this?
Thank You,
The Core Reporting API has a quota limit of of 10,000 requests per view (profile) per day.
I suspect what you are doing is trying to display your Google Analytics data to all of your customers. Which isnt really going to work because of the quoat limit. I recomend that you use your service account to download your data into your own system and then display the stored data to your users.
There is no way to increase this quota limit.