Case study on how to manipulate AWS DynamoDB as well as IAM / STS with their JavaScript SDK in the Browser.
I keep notes in memo and comments a lot, so please download and read it if you're really interested. It's a powerpoint, and if that's a problem, please let me know. I'll try convert it to PDF or some other open / free formats.
Licensed under CC-BY / MIT (demo project).
20. 太多 Gotcha
每層服務、各層之間都要考慮
複雜度可能變 M x N
2014/5/19
CC-BY 3.0, Cliff Chao-kuan Lu
<clifflu@gmail.com> 20
21. 2014/5/19
CC-BY 3.0, Cliff Chao-kuan Lu
<clifflu@gmail.com> 21
example.com
ELB
Route53 CF
S3
Static
Content
Shared
Env
Auto Scaling
group
AMI
AZ 2
Web Servers S1 Secondary
S2 Secondary
Config
AZ 1
Web Servers
S1 Primary S2 Primary
Config
AZ 3
Web Servers
Config +
Arbitor
mongod
22. 將麻煩留給 AWS
◦ 第三方與服務端授權
◦ Scaling / HA
2014/5/19
CC-BY 3.0, Cliff Chao-kuan Lu
<clifflu@gmail.com> 22
23. 促成符合 SOA Pattern 之架構
2014/5/19
CC-BY 3.0, Cliff Chao-kuan Lu
<clifflu@gmail.com> 23
Web Page
HTML
CSS
JS
Authentic
ate &
Authorize
Services
1. Auth Request
3. Authorized Identity
2. Access Token
24. 容易整合其他服務
IAM
STS: Security Token Service
WIF: Web Identity Federation
DynamoDB, S3, …
自有服務,SOA 嘛 O.o/
2014/5/19
CC-BY 3.0, Cliff Chao-kuan Lu
<clifflu@gmail.com> 24
39. 只接受下列驗證機制
◦ 表三家:Amazon, Facebook, Google
◦ SAML
說明列表
IAM Partners
2014/5/19
CC-BY 3.0, Cliff Chao-kuan Lu
<clifflu@gmail.com> 39
40. Trust Relationships
◦ Identity Provider
◦ Client ID
Permissions
2014/5/19
CC-BY 3.0, Cliff Chao-kuan Lu
<clifflu@gmail.com> 40
41. 用戶可透過第三方驗證與 IAM:STS,
WIF 授予調用 AWS API 之權限
2014/5/19
CC-BY 3.0, Cliff Chao-kuan Lu
<clifflu@gmail.com> 41
42. WIF Playground
Login with amazon
AWS Documentation
◦ Using IAM
◦ Using STS
◦ SDK for JavaScript
2014/5/19
CC-BY 3.0, Cliff Chao-kuan Lu
<clifflu@gmail.com> 42