book

Programming Amazon Web Services

Name: Programming Amazon Web Services
Author: James Murty
ISBN: 9780596551797

by James Murty

March 2008

Intermediate to advanced

604 pages

18h 38m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Programming Amazon Web Services
SPECIAL OFFER: Upgrade this ebook with O’Reilly
A Note Regarding Supplemental Files
Preface
What’s in This Book?
Ruby and Interactive Examples
Conventions Used in This Book
Using Code Examples
Safari® Enabled
How to Contact Us
Acknowledgments

1. Infrastructure in the Cloud
Amazon Web Services for InfrastructureSigning Up for Amazon Web Services
Thinking Like Amazon
Reality Check
Web Services Are Dependent on a Reliable NetworkAmazon Does Not Offer Service Level Agreements for All Its Web ServicesData Security and PrivacySpecialized Infrastructure RequirementsCommunication Channels for Fault Reporting and Resolution
Interfaces: REST and Query Versus SOAP
2. Interacting with Amazon Web Services
REST-Based APIsHTTP Requests and ResponsesREST and Query APIsXML DocumentsInterpreting XML documents with XPathHierarchical object structuresBuilding XML documentsHandlingService Errors
User Authentication
Request DescriptionsSigning Request DescriptionsCommon Service Properties
Performing AWS Requests
REST API ImplementationSending REST requestsRequest authenticationQuery API ImplementationRequest parametersSending query requestsRequest descriptionUtility MethodsTime adjustmentsBase-64 encodingDebug logging
3. S3: Simple Storage Service
S3 OverviewS3 ArchitecturePricing
Interacting with S3
REST APIS3 Implementation StubConstructing S3 URIs
Buckets
Bucket LocationsBucket NamesCreate a BucketLook Up a Bucket’s LocationList Your BucketsDelete a Bucket
Objects
Object Keys and Hierarchical NamingObject MetadataObjects Are ImmutableCreate or Replace an ObjectRetrieving ObjectsRetrieving Objects ConditionallyListing ObjectsObject detailsTruncated listingsSearchingListing parametersListing implementationDemonstrating object searchingDeleting ObjectsCreate Objects from a Web Browser Using POSTHTML form for S3 POSTPolicy Document for S3 POSTGenerate a policy documentGenerate a form
Alternative Hostnames
Access Control Lists
ACL GranteesACL PermissionsRetrieve a Resource’s ACLUpdate a Resource’s ACLCanned Access PoliciesUpdate a Resource’s Canned ACL
Server Access Logging (Beta)
Configuring Server Access LoggingLogging FilesRetrieve Logging SettingsModify Logging SettingsAccess Permissions for Logging
Signed URIs
Distributing Objects with BitTorrent
4. S3 Applications
Share Large Files
Online Backup with AWS::S3
AWS::S3 Ruby LibraryS3Backup ClassList Backed-Up ObjectsFind Files to Back UpBack Up FilesDelete Obsolete ObjectsPutting It All TogetherContent-Length Workaround
S3 Filesystem with ElasticDrive
ChallengesElasticDrive: S3 As a Virtual Block DeviceSetup and configuration
Mediated Access to S3 with JetS3t
JetS3t GatekeeperDeploy the Gatekeeper servletConfigure and test Cockpit LiteAuthorization with HTTP BasicCustomizable authorization modulesImplement a custom authorization moduleNext steps
5. EC2: Elastic Compute Cloud (Beta)
EC2 OverviewEC2 InstancesAMIsThe EC2 EnvironmentPricing
Interacting with EC2
Query APIEC2 Implementation Stub
Keypairs
List KeypairsCreate a KeypairDelete a Keypair
Network Security by IP
Allow IP Traffic
Finding Amazon Machine Images
List Available AMIs
Controlling Instances
Stop Running InstancesStarting InstancesList Running Instances
Log In to an Instance
Security Groups
List Security GroupsCreating Security GroupsDeleting Security GroupsAllow Traffic from EC2 GroupsAllow group trafficDisallow Traffic by IP or Group
Managing and Sharing AMIs
Register an AMIDeregistering an AMIModify Image AttributesDescribe Image AttributesReset AMI AttributesConfirm an Instance’s Product Code
Console Output and Instance Reboot
Console Output SnapshotReboot Running Instances
6. Using EC2 Instances and Images
EC2 Instances in DetailLinux KernelNetwork AddressingDynamic addressing issuesInstance DataInstance data versioningInstance MetadataInstance user dataPerformance
Data Management in EC2
Storage LocationsEphemeral Storage
Modifying an AMI
AMI Security AuditingInstall Amazon’s Bundling ToolsConfigure System ServicesBundling an Instance into an AMIUploading AMI Files to S3
Registering an AMI
Create an AMI from Scratch
Prepare the AMI FilesystemInstall Fedora 7 BaseConfigure NetworkingStartup ScriptsInstall Additional SoftwareCleanupBundle and Register Your AMI
7. EC2 Applications
Dynamic DNSDynDNS: Free Dynamic DNS ServiceEveryDNS.net
On-Demand VPN Server with OpenVPN
OpenVPN Security GroupStart an AMIInstall and Configure OpenVPN on an EC2 InstanceInstall and Configure OpenVPN on a Client ComputerNAT RoutingRun OpenVPN as a Service
Web Photo Album with Gallery 2
Launch an EC2 InstanceInstall an Apache Web Application StackInstall the Gallery 2 ApplicationData Backup to S3Restoring Data from S3Next Steps
8. SQS: Simple Queue Service
SQS OverviewSQS ArchitectureGuidelines for SQS ApplicationsThe Message Life CycleSQS Client RolesPricingAPI Version 2008-01-01Pricing for API version 2008-01-01Changes in API version 2008-01-01
Interacting with SQS
Query APISQS Implementation Stub
Queues
Create a QueueList QueuesDeleting Queues
Messages
Sending MessagesReceiving MessagesDeleting MessagesPeeking at a MessageControlling the Visibility of Messages
Queue Attributes
Retrieve Queue AttributesModify Queue Attributes
Queue Access Control
GranteesPermissionsListing a Queue’s Access Control SettingsAdd an Access Control RuleRevoke an Access Control Rule
9. SQS Applications
Messaging SimulatorCode StubSimulator ReceiverTest the receiverRunning SimulationsSimulation ScenariosGetting startedSimple simulationChecking efficiencyMultiple batches
Distributed Application Services with BOTO
The Boto Services FrameworkArchitectureServicesMessage queuesMessage formatStart service scriptToward a Generic ServiceMessage formatMultiCommandServiceVisibilityThreadBootstrap Service StartupBuilding a Distributed ApplicationCreate a custom service instanceBundle the service instance to an AMITesting the MultiCommandServiceImageMagick examplesFFmpeg example
Automated Management of EC2 Instance Pools with Lifeguard
Estimating LoadManaging the PoolInstallation and TestingManaging a Pool of MultiCommandService InstancesStatus notifications from MultiCommandServiceA pool manager compatible with MultiCommandService AMIsConfiguring LifeguardAutomation achieved
10. FPS: Flexible Payments Service (Beta)
FPS OverviewTransaction ParticipantsTransaction Walk-ThroughAmazon Payments AccountsPayment Instructions and TokensThe Co-branded UI (CBUI) PipelineBrandingHandling responsesPayment MethodsPricing
Interacting with FPS
Production and Sandbox EnvironmentsQuery APIFPS Implementation StubService Response MessagesCommon fieldsService errorsIdempotent Transactions
Managing Your Tokens
Gatekeeper Language BasicsInstall Payment Instructions (Create a Token)View Installed Payment InstructionsRetrieve a TokenList the Tokens in Your AccountCancel a TokenView a Token’s Usage Limits
Acquiring Third-Party Tokens
Generating CBUI Request URIsInterpreting CBUI Result URIsVerifying a CBUI result URIUsing a web browser to obtain CBUI resultsUsing a simple web server to interpret CBUI resultsAcquire a SingleUse Sender TokenAcquire a Multiuse Sender TokenAcquire a Recurring Sender TokenAllow a Third Party to Modify a Token
Pay Now Widgets
The Anatomy of a Pay Now WidgetGenerate a Pay Now HTML FormInterpreting Pay Now Widget Result URIs
11. FPS Transactions and Accounts
Performing FPS TransactionsTransaction FeesTransaction ReferencesPerform a PaymentRetrieve Transaction DetailsHandling Transaction ResultsRetry a Declined TransactionGet ResultsDiscard ResultsPerform a RefundReserve Credit Card FundsSettle a Reserved Transaction
Account Management and Information
Retrieve Your Account BalanceAccount Activity
12. FPS Advanced Topics
Gatekeeper Language GuideHow FPS Evaluates Gatekeeper RulesSample Gatekeeper DocumentsCaller instructionsRecipient instructionsRefund sender instructionsSender instructionsSender statements for MultiUse or Recurring tokensGatekeeper Language SyntaxAssertionsAssignmentsValue expressionsGatekeeper VariablesPrivate variablesGlobal variables
Micropayments with FPS
Drawbacks of Micropayment InstrumentsThe Prepaid Payment InstrumentAcquire a Prepaid TokenFund a prepaid instrumentRetrieve balanceRetrieve liabilityList your prepaid instrumentsPostpaid Payment InstrumentAcquire a postpaid tokenRetrieve debt balanceRetrieve outstanding debt balanceSettle debtWriteOffDebtList your postpaid instruments
Building a Marketplace Application
Charging Fees for Access to Your MarketplaceAcquire a Recipient Token
Subscribing to FPS Event Notifications
Subscribe to NotificationsUnsubscribe from Notifications
13. SimpleDB (Beta)
SimpleDB OverviewA Simple Database, Not an RDBMSPricing
Interacting with SimpleDB
Query APISimpleDB Implementation StubService Response Messages
Domains
Create a DomainList Your DomainsDelete a Domain
Items and Attributes
Attribute ParametersRetrieve an Item’s AttributesCreate or Update an ItemDelete an Item’s Attributes
Representing Data in SimpleDB
Boolean EncodingDate EncodingInteger EncodingFloat EncodingAutomated Encoding and Decoding of Values
Performing Queries
Perform a SimpleDB QuerySimpleDB Query Expression SyntaxPredicatesPredicate operatorsSet operations
Stock Price Database: A Mini SimpleDB Application
Obtain Historic Stock Price DataLoad Stocks Data into SimpleDBQuery and Retrieve Stock DataCaching SimpleDB with Memcached
A. AWS Resources
AWS Online ResourcesAmazon DevPay (Limited Beta)
Client Tools
Multiple ServicesS3EC2
API Libraries
Multiple ServicesS3EC2SQS
Third-Party AWS Solutions
Multiple ServicesS3EC2FPS
B. AWS API Error Codes
S3: Simple Storage Service
EC2: Elastic Compute Cloud
SQS: Simple Queue Service
FPS: Flexible Payments Service
SimpleDB
Index
About the Author
Colophon
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from Programming Amazon Web Services

Security Groups

The EC2 environment provides a network security mechanism that acts as a firewall for incoming connections. The environment does not allow network traffic to reach an instance unless that traffic has been explicitly permitted.

The network security firewall is managed using security groups, which are named collections of access rules that specify which incoming (ingress) network connections the EC2 environment should allow to pass through to running instances. Security groups only control inbound network traffic; they will not prevent outbound traffic.

Security groups can contain two kinds of rules: IP rules and group rules.

IP rules

IP access rules, also known as CIDR rules, control traffic originating from outside or inside the EC2 environment. These rules specify the kinds of IP network traffic that will be allowed based on three constraints:

Protocol (TCP, UDP, or ICMP)
Target port range
Originating IP address range

We discussed IP rules and the API operation that applies to them in more detail earlier on, in the section Allow IP Traffic.”

Group rules

Group access rules control traffic originating from other instances within the EC2 environment. These rules define permissions based on which security groups an instance belongs to, rather than its IP address. Group rules are much less granular than IP rules and will automatically allow incoming network traffic, using any protocol or port number, from an instance belonging to a permitted security group.

Group rules are a convenient ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780596515812Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Programming Amazon Web Services

by James Murty

Security Groups

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.