AWS S3 permissions

A quick tip on aws S3 permissions to a specific folder in a bucket.

{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"s3:Put*",
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::nameofmybucket/profile/*"
]
}]
}

Try to avoid bucket root level permission as much as possible. Also, try to use cognito if the client wants to directly access aws resources.

Advertisements

Validating digits session on server side to build secure apps

Digits is a  service from twitter which helps you onboard your mobile app users with simple phone number authentication and it’s for free 🙂

If you have a mobile app that onboard the user using digits service and you want to validate the session generated by digits on your server side then this blog is for you.

The app communicates with the server using REST APIs. Send the token and secret generated by the twitter to the server using the REST API. Twitter provides verify credentials API to validate the sessions generated by Digits at the server side.

Dive into the server side component developed using node.js
Fill in all the details related to digits.
var token = "";
var token_secret = "";
var consumer_key = "";
var consumer_secret = "";
var oauth =
{
consumer_key: consumer_key
, consumer_secret: consumer_secret
, token: token
, token_secret: token_secret
};

Make the verify_credentials API call to validate the session information.
function callback(error, response, body) {
if (!error && response.statusCode == 200) {
console.log("success");
} else {
console.log("error: ", error);
}
}
var request = require('request');
var url = "https://api.twitter.com/1.1/account/verify_credentials.json";
request.get({ url: url, oauth: oauth }, callback);

Note: I have used request package to make the HTTP requests from the server.

Monitoring Memory Utilisation of aws EC2 instance in CloudWatch

Connect to your EC2 instance using ssh.
ssh -i ec2-user@my_ec2_ip_address

Install following perl packages
sudo yum install -y perl-Switch perl-DateTime perl-Sys-Syslog perl-LWP-Protocol-https

Download the monitoring scripts
curl http://aws-cloudwatch.s3.amazonaws.com/downloads/CloudWatchMonitoringScripts-1.2.1.zip -O

Install the monitoring scripts
unzip CloudWatchMonitoringScripts-1.2.1.zip
rm CloudWatchMonitoringScripts-1.2.1.zip
cd aws-scripts-mon

run the following command to check the memory utilisation.
./mon-get-instance-stats.pl --recent-hours=12

In order to push this data periodically to cloud watch, we need to create an IAM user with relevant permissions, then schedule a cron job to periodically push the data to aws cloud watch.

Create a new IAM user and provide him access to the ec2 instance and cloud watch. Make a note of the aws credentials i.e. access key and secret key. You need this later. Make sure the IAM user has following access.

cloudwatch:PutMetricData
cloudwatch:GetMetricStatistics
cloudwatch:ListMetrics
ec2:DescribeTags

For the purpose of the demo, you can provide full access to EC2 and CloudWatch (This is not recommended for production.)

run the following command
cp awscreds.template awscreds.con

open the file  awscreds.conf and enter the key & secret.
The content of the file should look something like this

AWSAccessKeyId=AKAWSACESSKEYSA
AWSSecretKey=z/NOAWSSECRETkeyzt

Run the following command to push the data to cloud watch
./mon-put-instance-data.pl --mem-util --mem-used --mem-avail

Now, configure the cron tab to automate this process at eveny 5 minutes interval.
crontab -e
*/5 * * * * ~/aws-scripts-mon/mon-put-instance-data.pl --mem-util --disk-space-util --disk-path=/ --from-cron

In your aws console, go to cloud watch section, and select Metrics => custom namespaces => Linux System. Select the required metrics.

aws_cloud_watch_memory.png

 

Detailed documnetation from aws can be found here

Installing node.js on amazon EC2 instance

Launch an EC2 instance of type Amazon Linux AMI from your aws console.

SSH into your ec2 instance
ssh -i ec2-user@my_ec2_ip_address

Update the instance
sudo yum update -y

#install developer tools
sudo yum groupinstall -y "Development Tools"

Install the node using nvm as it allows you to switch between any version of the node 🙂
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.32.0/install.sh | bash
. ~/.nvm/nvm.sh
nvm install 4.4.5
node -e "console.log('Running Node.js ' + process.version)"

Install pm2
npm install pm2 -g --save

pull the source code in ec2 instance. run your node app using pm2
pm2 start app.js --name="api"

Setting git on aws EC2 instance

Launch an EC2 instance of type Amazon Linux AMI from your aws console.

SSH into your ec2 instance
ssh -i ec2-user@my_ec2_ip_address

Update the instance
sudo yum update -y

install developer tools
sudo yum groupinstall -y "Development Tools"

install git
sudo yum install git

checkout the source code
git clone https://my.git.repo.git
cd my_local_git_folder
git checkout -f branch_to_checkout