Monday, February 4, 2019

AWSvAzure - Object Storage - Valet Key Pattern Part 1


So far in this series, we've covered a lot of the technical aspects of object storage and have explored how they are implemented in both cloud providers. For this post, I'd like to examine a cloud architecture pattern called the valet key pattern, and discuss how to implement this in both Azure and AWS. In this post, lets talk about what the valet key pattern is.

Please note that most of this content is based off of the cloud architecture patterns book. https://docs.microsoft.com/en-us/azure/architecture/patterns/valet-key

Traditionally, web applications have always acted as a gateway for user access to protected resources. This becomes quite apparent when you think about databases that back these applications. They are a protected resource, and the web application provides limited access for users to interact with those database resources.

Databases are not the only resources that web applications can act as a gateway for. For many applications, other services such as storage could be in use. Think about an application that ingests video for downstream processing/hosting. Other examples could be APIs that place transactions to back-end systems.

On-premises systems architecture would general hide these types of protected resources from external access. This is obviously a security best practice, especially when the same "storage" engine is being used for all types of data. In the cloud, however, it is possible to create resources for only a specific purpose. Further to this, cloud resources such as storage and queues are already available on the internet by default. The protection mechanism of those resources have shifted from network controls to user based controls.

Because of this, both internal facing and external facing web applications can make use of the valet key pattern. The pattern looks something like this:

 
Effectively, instead of the web application proxying access to protected resources, it acts as a gatekeeper for credentials/access decision only. Let's take the example of a user wanting to upload an image for processing purposes.

  1. User requests access to upload a file for processing
  2. Application checks the request (authentication and authorization)
  3. Application provides a temporary access token that grants the user appropriate permissions to perform the requested action
  4. User interacts with the protected service to perform the desired action

There are obviously pros and cons to the above approach, which I won't dive in to here. Most of them are trying to strike a balance between usability of the solution and bandwidth/performance considerations.

In terms of object storage, this pattern is applicable in both AWS and Azure. For AWS, we will be using the secure token service to provide a temporary token and we will take a look at signed URLs. For Azure, we will simply provision a shared access signature with the required permissions.

 










31 comments:

  1. Replies
    1. Great Article
      Cloud Computing Projects


      Networking Projects

      Final Year Projects for CSE


      JavaScript Training in Chennai

      JavaScript Training in Chennai

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. These organizations have qualified specialists who can do everything to ensure one's car stays clean consistently, on the off chance that one has a bustling timetable and no opportunity to squander. Car valeting Galway

    ReplyDelete
  3. Thank you so much for sharing this nice informations.
    android training institutes in coimbatore

    data science course in coimbatore

    data science training in coimbatore

    python course in coimbatore

    python training institute in coimbatore

    Software Testing Course in Coimbatore

    CCNA Course in Coimbatore

    ReplyDelete
  4. It's very useful article with inforamtive and insightful content and i had good experience with this information.Enroll today to get free access to our live demo session which is a great opportunity to interact with the trainer directly which is a placement based Salesforce training India with job placement and certification . I strongly recommend my friends to join this Salesforce training institutes in hyderabad practical course, great curriculum Salesforce training institutes in Bangalore with real time experienced faculty Salesforce training institutes in Chennai. Never delay to enroll for a free demo at Salesforce training institutes in Mumbai who are popular for Salesforce training institutes in Pune.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Myself so glad to establish your blog entry since it's actually quite instructive. If it's not too much trouble continue composing this sort of web journal and I normally visit this blog. Examine my administrations.
    Go through these Salesforce Lightning Features course. Found this Salesforce CRM Using Apex And Visualforce Training worth joining. Enroll for SalesForce CRM Integration Training Program and practice well. 

    ReplyDelete
  7. I am so happy to found your blog post because it's really very informative. Please keep writing this kind of blogs and I regularly visit this blog. Have a look at my services.  
    This is really the best Top 20 Salesforce CRM Admin Development Interview Questions highly helpful. I have found these Scenario based Salesforce developers interview questions and answers very helpful to attempt job interviews. Wow, i got this scenario based Salesforce interview questions highly helpful.    

    ReplyDelete
  8. Thanks for Sharing This Article.It is very so much valuable content. I hope these Commenting lists will help to my website
    workday studio online training
    best workday studio online training
    top workday studio online training

    ReplyDelete
  9. Did you know that you can easily view the contents of your phone on your TV without a cable? With a screen mirror app you can easily do the screen mirroring from Android to TV. Check out www.screenmirroring.me to find out more.

    ReplyDelete
  10. Really infomational and educative article thanks publisher for sharing this wonderful info i have shared this article on my blog tecktak flippzilla
    and whatsaup, and Best smart tv

    ReplyDelete
  11. With special privileges and services, UEFA BET offers opportunities for small capitalists. Together ufa with the best websites that collect the most games With a minimum deposit starting from just 100 baht, you are ready to enjoy the fun with a complete range of betting that is available within the website

    ufabet , our one another option We are a direct website, not through an agent, where customers can have great confidence without deception The best of online betting sites is that our Ufa will give you the best price

    ReplyDelete
  12. อีกทั้งเรายังให้บริการ เกมสล็อต ยิงปลา แทงบอลออนไลน์ รองรับทุกการใช้งานในอุปกรณ์ต่าง ๆ HTML5 คอมพิวเตอร์ แท็บเล็ต สมาทโฟน คาสิโนออนไลน์ และมือถือทุกรุ่น เล่นได้ตลอด 24ชม. ไม่ต้อง Downloads เกมส์ให้ยุ่งยาก ด้วยระบบที่เสถียรที่สุดในประเทศไทย

    ReplyDelete
  13. หาคุณกำลังหาเกมส์ออนไลน์ที่สามารถสร้างรายได้ให้กับคุณ เรามีเกมส์แนะนำ เกมยิงปลา รูปแบบใหม่เล่นง่ายบนมือถือ คาสิโนออนไลน์ บนคอม เล่นได้ทุกอุปกรณ์รองรับทุกเครื่องมือ มีให้เลือกเล่นหลายเกมส์ เล่นได้ทั่วโลกเพราะนี้คือเกมส์ออนไลน์แบบใหม่ เกมยิงปลา

    ReplyDelete
  14. Germany's famous media build hit the news "Indigo Blue Lions" Chelsea Premier League club strong. England put the name Mohamed Salah, striker, semi-wing of the Egyptian national team of "Reds" Liverpool is one of the goals of adding an army to Stamford Bridge this summer. ufabet

    ReplyDelete
  15. Internet slots (Slot Online) may be the release of a gambling machine. Slot machine As pointed out Used to produce electronic gaming systems referred to as web-based slots, as a result of the improvement era, folks have considered gamble by way of computers. Will achieve slot online games making internet gambling online games Via the internet network process Which players are able to play through the slot plan or maybe will play Slots with the system provider's site Which internet slots gaming systems are actually on hand in the type of taking part in policies. It's similar to taking part in on a slot machine. Each of those realistic pictures and also sounds are likewise thrilling since they go to living room in the casino in the world.บาคาร่า
    ufa
    ufabet
    แทงบอล
    แทงบอล
    แทงบอล

    ReplyDelete
  16. pgslot ซึ่งเกมคาสิโนออนไลน์เกมนี้เป็นเกมที่เรียกว่าเกม สล็อตเอ็กซ์โอ คุณรู้จักเกมส์เอ็กซ์โอหรือไม่ 90% ต้องรู้จักเกมส์เอ็กซ์โออย่างแน่นอนเพราะในตอนนี้เด็กนั้นเราทุกคนมักที่จะเอาก็ได้ขึ้นมา สล็อต เล่นเกมส์เอ็กซ์โอกับเพื่อนเพื่อนแล้วคุณรู้หรือไม่ว่าในปัจจุบันนี้เกมส์เอ็กซ์โอนั้นกลายมาเป็นเกมซะลอสออนไลน์ที่ให้บริการด้วยเว็บคาสิโนออนไลน์คุณสามารถเดิมพันเกมส์เอ็กซ์โอกับเว็บคาสิโนออนไลน์ได้โดยที่จะทำให้คุณนั้นสามารถสร้างกำไรจากการเล่นเกมส์เดิมพันออนไลน์ได้เราแนะนำเกมส์ชนิดนี้ให้คุณได้รู้จักก็เพราะว่าเชื่อว่าทุก

    ReplyDelete
  17. Be that as it may, the essential advantages of DAS incorporate minimal expense and effortlessness. Since it needn't bother with parts of organization storage frameworks like switches, switches and fitting cabling and associations. The downside of DAS is that it isn't available by numerous client gatherings and only each client in turn is permitted. Emergency Water Storage Bladders manufacturer

    ReplyDelete