Posted tagged ‘amazon’

Amazon AWS Region Endpoints in Europe

June 1, 2010

To use the Cloudfork classes for services located in Europe (Ireland), you need to change the serviceUrl property such as:

|sdb|
sdb := CFSimpleDB new.
sdb serviceUrl: 'http://sdb.eu-west-1.amazonaws.com'
Service URL
SimpleDB sdb.eu-west-1.amazonaws.com
SQS eu-west-1.queue.amazonaws.com
EC2 eu-west-1.ec2.amazonaws.com
SNS sns.eu-west-1.amazonaws.com
S3 Set Bucket location constraint to EU
RDS rds.eu-west-1.amazonaws.com

A comprehensive list can be found over at Elastician

Secure access to AWS from VisualWorks

July 9, 2009

Cloudfork implements the REST API of the Amazon Web Services using both secure (https) and non-secure (http) communication. In order to use the https protocol to access S3,SimpleDB,SQS or EC2, you need to prepare the Smalltalk image by registering a trusted certificate. Without that certificate, your application will produce an error saying “CA Not in Trust Registry!” (CA = Certificate Authority). The steps below describe how to register the correct certificate in a VisualWorks (or WebVelocity) image.

Install HTTPS
Unless already loaded in your image, you need to install the HTTPS parcel (use Parcel Manager).

Export Certificate
Amazon WebServices uses the following root certificate “VeriSign Class 3 Secure Server CA”. You can verify this by inspecting the chain object in the debugger that can be opened if you have a failed secure test.

One way to get this certificate file is to export it from the list of certificates known to your Internet Browser. For FireFox users, open Preferences>Advanced>Encryption>View Certificates. Under VeriSign, Inc., select the certifcate, export it using the format “X.509 Certificate with chain (PEM)” and name it “VeriSignClass3SecureServerCA.pem”.

Import Certificate
The following script will import the Base-64 encoded certificate file.

| certificate registry |
registry := Security.X509.X509Registry default.
certificate := Security.X509.Certificate fromFile:'VeriSignClass3SecureServerCA.pem'.
registry addCertificate: certificate.

Please be aware of what is stated in the VisualWorks SecurityGuide.pdf (page 72): “Adding a CA certificate to your registry is deceivingly simple and does not convey the degree of trust actually involved in that action. Be sure to understand what it is you are trusting a CA to do and ensure that it matches the security requirements of your application.”

Run the Tests
Results of the secure Cloudfork Integration tests should all be in the green now.


Follow

Get every new post delivered to your Inbox.