I have my APP running on EC2 instance that accept in input a json file and return an elaborated json file as output.
I need to manage many answer to the server, so I'm trying to configure AWS services.
My idea is to create an API Gateway that receive
json file input, write on S3, than SQS read the notification of put and pass the request to the EC2 server, maybe trough a Lambda function.
Than the server write the json elaborated to another S3 bucket and SNS send notification to the client.
Is this a correct way to use AWS services or there is another way?
It seems like very complicated workflow for no good reason. What's the point exactly of using so many services just to for your ec2 instance get that json? You can have direct endpoint to your ec2 instance. If you want API gateway as a wrapper on your endpoints, you can have that too. But just send that json directly to ec2 or api gateway to ec2 instead of api gateway -> s3 -> sqs -> lambda -> ec2.
Related
I'm trying to upload a file into the S3 bucket via AWS API Gateway integration with S3.
I have created an API gateway and integrated it with Amazon S3. I have created both PUT and POST methods. When trying to upload via POST method, I observe internal server error. It works well via PUT method. But I have requirment only for POST method.
I have attached both my Gateway configuration API Gateway configuration and Test results via postman postman test results.
I have an application built around AWS:
a lambda function
an API gateway calling the lambda, must be called with an API key
an S3 bucket as static website, that calls the API gateway
How can I secure the calls to the API gateway so that it cannot be called from anywhere but my S3 bucket ?
Some solutions have already come in my mind like:
proxy : helps hiding the API key, but anyone accessing the proxy can call the API, right ?
IP whitelisting : I can't know the IP range the bucket is using, so I can't do that
Thanks
I have created S3endpoint and added it to route table of a subnet.
Subnet has route to internet and able to open AWS console.
Next a bucket is created with bucket policy limiting access to it through VPC endpoint.
I have IAM user which has full permission to this bucket.
When i access the S3 bucket through S3 console webpage there is an error 'Access Denied' but i am able to upload files to the bucket.
Does S3 endpoint imply that only access will be through AWS CLI \SDKs? and console access is limited?
Does S3 endpoint imply that only access will be through AWS CLI \SDKs?
and console access is limited?
My understanding is that any calls done in the AWS Console will not use the endpoint setup within the VPC, even if you're accessing it via an EC2 instance within the VPC. This is because the UI within the AWS Console does not directly access the S3 API Endpoint, but instead goes through a proxy to reach the endpoint.
If you need to access the S3 bucket via the AWS Console, you'll need to amend your bucket policy.
A client is uploading data we use to AWS S3. I need to find out when the uploads took place in the last week (or month). How could I go about that? If I use aws s3 ls path I get only the date of the last change.
To obtain historical information about Amazon S3 API calls, you can use AWS CloudTrail.
From Logging Amazon S3 API Calls by Using AWS CloudTrail - Amazon Simple Storage Service:
Amazon S3 is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Amazon S3. CloudTrail captures a subset of API calls for Amazon S3 as events, including calls from the Amazon S3 console and from code calls to the Amazon S3 APIs.
To use object-level logging, see: How Do I Enable Object-Level Logging for an S3 Bucket with AWS CloudTrail Data Events? - Amazon Simple Storage Service
I've built an API with Spring Boot and deployed it into an AWS EC2 instance. I want to make this Spring Boot API to be accessible only through AWS API Gateway. I mean no one could bypass AWS API Gateway and call the that API directly. I want to do this in order to be able to apply some policies like throttling and others.
Is possible to make that API to receive calls through AWS API Gateway only?
Your current best option to achieve this is to use the Client-Side SSL feature of API Gateway: http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
Note that if you front your EC2 instances with an ELB you will need to set them to TCP mode and terminate SSL on your EC2 instances.