I have an amazon cloud drive account and i can upload/download files using the amazon cloud drive web interface.
However I want to integrate this service using the amazon clouddrive api. I tried to register an application to amazon, i created a security profile, I successfully whitelisted the security profile to clouddrive according the documentation but all my rest requests are failing.
Can you point me any step by step valid example about how to integrate the amazon clouddrive api in a third party application ?
Best Regards,
Aurelian
The security profile was not properly filled out and for this reason all the amazon cloud drive api request failed.
In the security profile I used http protocol instead https for all links. So the following links:
Allowed Origins
Allowed Return URLs
Consent Privacy Notice URL
must be HTTPS, otherwise all the REST queries will fail.
Related
I want to expose the Internal APIs through Azure API Management however the gateway is unable to access resources within the virtual network.
Below is my VNet configuration
Below is my API Management Network settings
I have created a Azure VM as shown below
and deployed the Spring Boot application as shown below
Tried configuring the APIs in the API Management however the gateway is unable to access the above internal URL
How do I fix this?
Update:
If I save the API definition and upload on APIM it works without any issues.
When you create an API in APIM from portal, if you put the OpenAPI (swagger) spec URI in the field shown in the screen, it has to be publicly accessible (not necessarily the API itself, but the spec). It's because you are browsing the Azure portal from internet and portal UI form simply tries to access the file from your client side browser before uploading. I agree that it could be nicer if APIM could access it from the server side, but unfortunately that's not the case at this moment. Consider it as a simple feature which either allows to to upload file from your machine or from a URL publicly accessible.
EDIT*: Looks like VNET is not into picture in management plane.
In this case, you can just download the swagger file itself and use the "Select a file" option.
I have a click once windows application which already has authentication n Authorization built in. Earlier i used to deploy it on physical server n share the location with users so that they can install it n use it. But now we have decided to deploy it on azure PAAS service (App service ). But currently url is geting access by anyone which i want to restrict. Currently my organization AD is not synced with Azure AD. So not able to use Azure AD for authentication.
Kindly provide some better solutions other than restricting users based on IP.
If it's a file download you can put it on Azure Blob storage for download and generate short-time SAS tokens.
While IP address restrictions and Azure AD authentication would be one-efficient approach for your scenario. Since you do not want to go that route (due to environment limitations), If you wish you could authenticate users with the specified provider (Microsoft Account, Facebook, Google, Twitter or Any OpenID Connect provider). App Service provides built-in authentication and authorization support, so you can sign in users and access data by writing minimal or no code.
App Service uses federated identity, in which a third-party identity provider manages the user identities and authentication flow for you. You can also use multiple sign-in providers.
So the simple process could be:
The option is Log in with . App Service redirects all anonymous requests to /.auth/login/<provider> for the provider you choose. If the anonymous request comes from a native mobile app, the returned response is an HTTP 401 Unauthorized.
Kindly checkout step-step instructions on the process/workflow:
Configure your App Service or Azure Functions app to use Microsoft Account login
If your WebApp is on VNet, you can have service endpoints enabled for Microsoft.Web, through access restrictions.
See- Advanced usage of authentication and authorization in Azure App Service
I developed an internal portal that is relevant to the engineering team. I restricted access to the portal by implementing Sign in With Google and as expected it is only accessible to our organization email-ids only. Now, I want to host the portal and we use Google Cloud Platform. I want to further restrict access to the portal within the organization.
What are the possible solutions to host the portal internally using Google Cloud Platform? If I host the portal and gave access to public, what could be the possible security implications?
If I understand well your concept, you are running a Web portal to authenticate your organization users to access your Frontend application, which retrieves information on a GCS bucket to be displayed on this Web page.
In this situation, the Identity-Aware Proxy (docs) that could fit your needs.
The IAP lets you manage access to applications running in the App Engine standard environment, App Engine flexible environment, Compute Engine, and GKE. IAP establishes a central authorization layer for applications accessed by HTTPS, so you can adopt an application-level access control model instead of using network-level firewalls or VPNs. When you turn on IAP, you must also use signed headers or the App Engine standard environment Users API to secure your app.
In this link you can see a quick example of how you can control access to your web apps and VMs in GCP using the IAP feature.
I'm new to Google Cloud and trying to understand the relationship between a Google Cloud endpoint and a back-end app on App Engine.
It looks like when I deploy my application (gcloud app deploy) I get a URL that looks something like https://my-service-dot-my-app#appspot.com/path/operation/etc. Is this URL going through the cloud endpoint, or right to the container?
When I call the service in this way I don't see any traffic to the cloud endpoint. In fact when I try to access the service using what I think is the cloud endpoint it just gives me a 404 (https://my-app#appspot.com/path/operation/etc). Why can't I access with the endpoint? Permissions?
My initial thought was that the endpoint was something separate that routes traffic to the back-end. However, when I do something like change the security configuration in openapi.yaml and just redeploy the endpoint definition (gcloud endpoints services deploy openapi.yaml), this does not seem to actually have any effect.
For example, the initial deployment had Firebase security. I removed it and redeployed the endpoint definition but security remains on when calling the service. Seems I have to redeploy the back-end to disable security.
Any insight would be appreciated.
Cloud Endpoint is a security layer in front of your API. It acts as a proxy and performs security checks (based on API Key, OAuth, SAML,...) and routing to the correct Endpoint. The endpoint definition is based on OpenAPI 2 (not 3, be careful!). There is new advance feature like rate limit and soon billing.
Initially integrated to AppEngine, this product has been open sourced and can be deployed on Cloud Run, Cloud Function and on GKE/Kubernetes. A similar paid and more powerful product is Apigee.
I wrote an article for using Endpoint deployed on Cloud Run, with API Key security and which route requests to Cloud Run, Cloud Function and App Engine.
Cloud Endpoint also offers a developer portal to allow your customer, prodiver and developer to view your API specification and to test it dynamically on line.
I hope these elements provide you a better overview of Cloud Endpoint to abstract your underlying API deployment.
I believe we need to address a few points before providing the correct way forward:
For your first question:
Is this URL going through the cloud endpoint, or right to the container?
Deploying an application to App Engine will generate an #appspot URL for the app. This URL is used to access the application directly, and it will remain available to the internet unless you enable Cloud IAP, or set any other restrictions to the service.
For your second question:
Why can't I access with the endpoint?
If you are referring to the https://my-app#appspot.com/path/operation/etc, there can be a lot of reasons for it to not work, it will depend on which step of the setup process you are.
Normally for setting up Cloud Endpoints with OpenAPI, with an App Engine backend, you need to limit access to the #appspot URL, but also deploy an Extensible Service Proxy (ESP) to Cloud Run to access it later.
Conclusion:
Now, for actually achieving this setup, I suggest you follow the Getting Started with Endpoints for App Engine standard environment.
As per the guide, the following is the full task list required to set Endpoints for an App Engine Standard backend, using Cloud Endpoints:
1 - Configure IAP to secure your app.
2 - Deploy the ESP container to Cloud Run.
3 - Create an OpenAPI document that describes your API, and configure
the routes to your App Engine.
4 - Deploy the OpenAPI document to create a managed service.
5 - Configure ESP so it can find the configuration for your service.
Keep in mind that once you set up the ESP configuration, any calls will need to go through the [YOUR-GATEWAY-NAME].a.run.app.
If you happen to be stuck in any particular step, please provide what you have done so far.
I hope this helps.
Is this URL going through the cloud endpoint, or right to the container?
App engines are container based deployments on Google's infrastructure. The url are created when you deploy it and please note its not API.
When I call the service in this way I don't see any traffic to the cloud endpoint
I dont think a Cloud Endpoint is created by default
One way to check if a Cloud Endpoint is created is to check if its API is enabled in your project or a service account is created in IAM page
To configure a Cloud Endpoint for App engine, following this procedure
I'm trying to serve my cloud storage content using custom domain over https. Currently, I'm using Amazon S3 with CloudFront to deliver the content using custom domain over https. But S3 with CloudFront is costly, So I'm now searching for an alternative.
Is Azure or Google Cloud natively support to serve content using custom domain over https. Without using CDN?
At the moment, google cloud storage only support HTTP. As per documentation To serve your content through a custom domain over SSL, set up a load balancer, use a third-party Content Delivery Network with Cloud Storage, or serve your static website content from Firebase Hosting instead of Cloud Storage.
I was able to find this blog which might help you on the setup.
With that being said, if you are looking for functionality like this you may also try with App Engine, as by default, HTTPS connections on your custom domain will automatically be enabled using managed SSL certificates. You can visit this link for more details. Also, there is a there is a feature request submitted to support auto managed SSL with GCLB.
Is Azure or Google Cloud natively support to serve content using
custom domain over https. Without using CDN?
Azure allows you to map a custom domain to your blob storage endpoint. Using this, you can serve the content stored in blob storage using a custom domain. You can read more about it here: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-custom-domain-name
However please note that this will not work over https. For https, you will need to use Azure CDN.
The OP's needs will be met by using Firebase as mentioned in passing by #KarthickN.
Firebase is a Google product which deploys your own domain name site automatically through SSL (https). You can first push your site onto one of the remote git repositories and use CI/CD for Firebase to deploy. You don't need to worry about CDN as firebase will use Google's global edge servers. Small usage is free then move onto paid plans as your needs grow plans
I answered a similar question here.