I would like to use Amplify instead of amazon-cognito-identity-js in my lambda functions (to sync the cognito users with their profiles i store into another database).
On the client side everything works fine, but i am not able to use it on the server side.
I don't find any resources on the internet, and i am fighting since 2 hours trying to make it works, i start wondering if we are supposed to do that.
Does someone know how to configure Amplify by requiring only #aws-amplify/auth?
Auth.configure is not a function
Amplify Auth is actually designed to work with the browser. So it's not suitable for your lambda.
If you're using node then you will need to refer to the AWS SDK for JS instead.
Related
I have a desktop app that will be distributed to users, and part of its code (which the user might be able to access) has to perform an API call to a third-party web service. However, this requires the API keys to be embedded into the source code, which causes some obvious security issues.
The main solution I've found while researching on the subject is to have a backend server between the user and the third-party API endpoint. So, I've been looking into Firebase for a while and it seems that this solution can be implemented using Firestore and Cloud Functions.
But, I wasn't able to find any clear examples that achieve something like this, and since I have no previous experience with Firebase or just backend programming in general, I would like to know if I'm on the right track and get more details about how to get it done, or if there are better alternatives for solving this issue. Any input is appreciated, thx.
You can use the firebase cloud functions as you mentioned. Your desktop application will be communicating with the cloud function - simple API call. Here you can find examples how to implement and deploy functions and test it locally https://firebase.google.com/docs/functions/get-started. Your cloud function will hold the API keys (it is backend so it will be secure if you dont expose it explicitly. Also the backend to backend communication is considered as secure). Finally, this cloud function will call the third party service and return some data back to the desktop app if needed. So you are on the right track, that is how the design should look like. If you need some help with cloud functions, you can also contact me directly.
I have a backend system built in AWS and I'm utilizing CloudWatch in all of the services for logging and monitoring. I really like the ability to send structured JSON logs into CloudWatch that are consistent and provide a lot of context around the log message. Querying the logs and getting to the root of an issue is simple or just exploring the health of the environment - makes CloudWatch a must have for my backend.
Now I'm working on the frontend side of things, mobile applications using Xamarin.Forms. I know AWS has Amplify but I really wanted to stick with Xamarin.Forms as that's a skill set I've already got and I'm comfortable with. Since Amplify didn't support Xamarin.Forms I've been stuck looking at other options for logging - one of them being Microsoft's AppCenter.
If I go the AppCenter route I'll end up having to build out a mapping of the AppCenter installation identifier and my users between the AWS environment and the AppCenter environment. Before I start down that path I wanted to ask a couple questions around best practice and security of an alternative approach.
I'm considering using the AWS SDK for .Net, creating an IAM Role with a Policy that allows for X-Ray and CloudWatch PUT operations on a specific log group and then assigning it to an IAM User. I can issue access keys for the user and embed them in my apps config files. This would let me send log data right into CloudWatch from the mobile apps using something like NLog.
I noticed with AppCenter I have to provide a client secret to the app, which wouldn't be any different than providing an IAM User access key to my app for pushing into CloudWatch. I'm typically a little shy about issuing access keys from AWS but as long as the Policy is tight I can't think of any negative side-effects... other than someone flooding me with log data should they pull the key out of the app data.
An alternative route I'm exploring is instead of embedding the access keys in my config files - I could request them from my API services and hold it in-memory. Only downside to that is when the user doesn't have internet connectivity logging might be a pain (will need to look at how NLog handles sinks that aren't currently available - queueing and flushing)
Is there anything else I'm not considering or is this approach a feasible solution with minimal risk?
I want to call my firebase function HTTP API from another server -- which does not have an email and password (or any other firebase authentication method).
I want to be able to run a task like read/write in Firestore, however still protect the API. I would like to create some sort of programmatic keys like AWS does for calling their APIs. But, how to do this in firebase ? How can we generate such programmatic keys to communicate between one server to another?
It seems that the best available option that you might try - because it doesn't seem to have an official way to do it - it's by using API keys to perform the verification and security of your calls. As clarified in the official documentation Using API Keys, this is not supported by all Google applications, but Cloud Endpoints should work.
Considering that, you can use Cloud Endpoints in integration with your Cloud Functions, to provide security via API keys. You can find more information on how to achieve that in this article here.
Another alternative you may want to try, it's using a JWT token - as clarified here - as a header in your API calls. This way, you will be working with authetnication via keys - not exactly as in AWS, but it's a start - so you can secure your calls. :)
Anyway, if you don't find this useful, I would recommend you to raise a Feature Request in Google's Feature Tracker, so they can check about the possibility of further implementation in such functionality.
Let me know if the information helped you!
I am looking to make an app that would have its Backend on another service like AWS or some other. This app would be having many features and functionalities.
But for chat feature, I am exploring options and wondering that would I be able to integrate Firebase in my app.
I have read about Firebase Functions to add more functionality at the backend and also the installation of Firebase Admin to servers.
But still I am not convinced about their capabilities and exactly what all I can do with them.
It would be great if someone who has experience with Firebase help me out figuring if going with it is the best case for me or is there something else I should look into.
So first you can't use Firebase in combination with AWS or Azure etc. Firebase is based on Google Cloud and is the interface between the mobile client (the running app on the client's smartphone) and the backend (your Firebase project).
What I use is, for example, Firebase Cloud Messaging, to simply notify one or multiple users by trigger an HTTP Request from my own web server.
I also made some apps to store the data in FireStore or in the Realtime-Database, so that I don't have to set up a whole new infrastructure. And this is basically the goal of Firebase that you can simply start with your app, without carrying about that.
So what I've heard about Firebase is that you currently cannot install Firebase on a server of your choice and you have to use Google Cloud.
Hopefully, you can do something with my answer. If you have further questions feel free to ask them.
I am using Firebase for my new project. This will be used on both Android and IOS. As you can guess I don't want to write the same code over and over again for both OS.
I am considering to code most of the work with Javascript on the cloud functions. In order to do that I need to use HTTP Requests to call my functions since firebase doesn't support any other way to call cloud functions.
There is two question in my head about this.
Is this possible and does it makes sense?
Since I've been using HTTP Requests all the time isn't that make my app open to listening with tools like Wireshark etc if there are multiple users on the same network? (I know Firebase now supports SSL but do I have to but a domain and license for that?)
What is the best way to do it in an engineer's perspective?
You can certainly move more of your app logic into Cloud Functions. But it's not really true that the only way to invoke a Cloud Function is via HTTP. You can also push data into your database to invoke a database trigger. I gave a talk on this at Google I/O yesterday about how I made a game with all the logic in Cloud Functions. You can watch it here.