Amazon S3 Server Side Encryption (SSE)

Amazon S3 announced a new encryption feature Server Side Encryption (SSE). Amazon S3 SSE provides you the ability to encrypt data stored at rest in Amazon S3. With Amazon S3 SSE, you can encrypt data on upload simply by adding an additional request header when writing the object to Amazon S3. Decryption happens automatically when data is retrieved.

Amazon S3 Server Side Encryption employs strong multi-factor encryption. Each object is encrypted with a unique key. As an additional safeguard, this key is itself encrypted with a regularly rotated master key. Amazon S3 Server Side Encryption uses one of the strongest block ciphers available — 256-bit Advanced Encryption Standard (AES-256) — to encrypt your data. For customers seeking to comply with certain regulations such as PCI and HIPAA, Amazon S3 Server Side Encryption may be used as part of an overall strategy to encrypt sensitive data for regulatory or compliance reasons.

You can start using Amazon S3 Server Side Encryption today using the AWS Management Console or the Amazon S3 API.

To use Amazon S3 SSE from the AWS Management Console:

1. Under the Amazon S3 tab, use the upload dialog to add files to be uploaded.

2. In the “Set Details” section of the upload dialog, set the “Use Server Side Encryption” checkbox property.

3. Start Upload. The files will be encrypted and stored in Amazon S3.

If you prefer to manage your own encryption keys, you can also make use of the client libraries for encryption provided by Amazon.

Amazon S3 Server Side Encryption has no additional charge for Amazon S3 customers.

Read More:

Server Side Encryption
Class AmazonS3EncryptionClient

A -> Attitude
S -> Skill
K -> Knowledge
Don’t criticize…. discovery best deal that can help you to resolve Issues! 😛

AWS CloudFront with PHP

Amazon CloudFront is a web service for content delivery (CDN). It integrates with other Amazon Web Services EC2 / S3 to give developers and businesses an easy way to distribute content to end users with low latency and high data transfer speeds.

http://aws.amazon.com/cloudfront/

Digital Inspiration – Thanks to http://www.labnol.org… it always provides help for all latest technologies 🙂

You can follow basic steps here to setup CloudFront with Amazon S3 with your domain…
How to Setup Amazon S3 with CloudFront as a Content Delivery Network

You can download Cloudfront keys from AWS account
https://aws-portal.amazon.com/gp/aws/developer/account/index.html?action=access-key

<?php
 
error_reporting(E_ALL);

$file="svnlabs.flv"; // file on Amazon S3

function rsa_sha1_sign($policy, $private_key_filename) {
    $signature = "";

    // load the private key
    $fp = fopen($private_key_filename, "r");
    $priv_key = fread($fp, 8192);
    fclose($fp);
    $pkeyid = openssl_get_privatekey($priv_key);

    // compute signature
    openssl_sign($policy, $signature, $pkeyid);

    // free the key from memory
    openssl_free_key($pkeyid);

    return $signature;
}

function url_safe_base64_encode($value) {
    $encoded = base64_encode($value);
    // replace unsafe characters +, = and / with the safe characters -, _ and ~
    return str_replace(
        array('+', '=', '/'),
        array('-', '_', '~'),
        $encoded); 
}



function encode_query_params($stream_name) {

    return str_replace(
        array('?', '=', '&'),
        array('%3F', '%3D', '%26'),
        $stream_name);
}


/// Download from here... https://aws-portal.amazon.com/gp/aws/developer/account/index.html?action=access-key

$private_key_filename = 'pk-XXXXXXXXXXXXXXXXXXXX.pem';
$key_pair_id = 'XXXXXXXXXXXXXXXXXXXX';
$cloudfront= 'http://svnlabs.cloudfront.net/';

$file_location = "$cloudfront$file";

$expires = time() + 3;  // 3 min from now
$remote_ip = $_SERVER['REMOTE_ADDR'];

$policy = 
'{'.
    '"Statement":['.
        '{'.
            '"Resource":"'. $file_location . '",'.
            '"Condition":{'.
                '"IpAddress":{"AWS:SourceIp":"' . $remote_ip . '/32"},'.
                '"DateLessThan":{"AWS:EpochTime":' . $expires . '}'.
            '}'.
        '}'.
    ']' .
'}';

$encoded_policy = url_safe_base64_encode($policy);
 
$signature = rsa_sha1_sign($policy, $private_key_filename);
 
$encoded_signature = url_safe_base64_encode($signature);
$streamer="?Policy=$encoded_policy&Signature=$encoded_signature&Key-Pair-Id=$key_pair_id" 

?>
<html>
<head>
<title>CloudFront Implementation in PHP</title> 
</head>
<body>
<a href='<?php echo "$file_location$streamer"; ?>'><?php echo "$file_location$streamer"; ?></a> 
</body> 
</html>

A Master inspires you by his being & learning happens. 😉

I have Cloud Power

Amazon Web Services

AWS is an IaaS platform and provides maximum freedom for developers in choice of the OS, middleware and development environment.
Google App Engine + Google Apps

Google App Engine is used as SaaS, it provides free limited resources (disk space and bandwidth), GAE supports programming languages – PHP, Python and Java.

Facebook

Nothing to explain it is the place where (almost all) clients live with sharing content.

Rackspace

Rackspace is like Amazon cloud in IaaS and cost is quite reasonable.

Scalr.net


Scalr will provision new servers on-the-fly to handle spikes in demand, and decommission them when no longer needed to lower cost.. then your website and web application can grow to millions of users with little work.

RightScale


Cloud Computing Management Platform…Join thousands of companies managing their applications in the cloud with RightScale.

IBM Cloud

IBM Cloud is used in large companies and resource-intensive processes for managing software development, testing, storage and processing of huge data.

VMWare vCloud

VMWare Cloud is leader in virtualization.

Force.com

Force.com is provider of SaaS applications. Salesforce allows to create system and independent cloud applications.

Ghost Cloud

It provides private hard disk across the Internet for your files from any computer or cell phone and world-class backup and security.

Glide Cloud

Force.com is provider of SaaS applications. Salesforce allows to create system and independent cloud applications.

ZeroPC

Any Browser + Cloud Computing + Pay-As-You-Go = ZeroPC.

eyeOS

eyeOS have Ubiquity, Flexibility, Integration, Simplicity, Collaboration, Privacy, Security, Low Costs.

AirSet

AirSet – Share with Facebook Friends, Coordinate Schedules, Store & Back Up Files, Sync to Mobile Devices, Work from Anywhere.

My Gladinet Drive

SaaS built using a PaaS (Google App Engine) and using IaaS (Amazon EC2)

SaaS = PaaS + IaaS

Historical Method - VaR Cloud App.png

Tools for Development, Testing and Implementation:
* Amazon Web Services (AWS)
* Google App Engine (GAE)
* Google Chart Libraries
* Eclipse IDE

VaR Cloud Presentation SVNLabs

References:
Google AppEngine: http://code.google.com/appengine/
Amazon EC2: http://aws.amazon.com/ec2/
Google Chart: http://code.google.com/apis/chart/

“A lamp does not speak. It introduces itself through it’s light. Achievers never expose themselves. But their achievements expose them..!!!”

JSP S3Upload

JavaScript is good alternative to bypass AWS bucket policies 😉

<%@ include file="config.jsp" %>
<%@page import="java.util.Calendar"%>
<%@page import="java.util.Date"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<title>S3 Upload - JSP Demo</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<script src="sha1.js"></script>
<script src="webtoolkit.base64.js"></script>
<script src="script.js"></script>

<script>

function uploadS3()
{
var awsid = '<%=awsAccessKey %>';
var awskey = '<%=awsSecretKey %>';

var fileField = document.getElementById("file").value;

var policyText = '{"expiration": "2015-01-01T12:00:00.000Z","conditions": [{"bucket": "<%=bucket %>" },{"acl": "<%=acl %>" },["eq", "$key", "'+fileField+'"],["starts-with", "$Content-Type", "text/"],]}'; 

var policyBase64 = Base64.encode(policyText);

var signature = b64_hmac_sha1(awskey, policyBase64);

document.getElementById("policy").value = policyBase64;
document.getElementById("signature").value = signature;
document.getElementById("key").value = fileField;

//document.getElementById("postform").submit();

document.getElementById("result").innerHTML = '<a href="http://s3.amazonaws.com/<%=bucket %>/'+fileField+'">http://s3.amazonaws.com/<%=bucket %>/'+fileField+'</a>'; 

}

</script>

</head><body>

<strong>Uploading to Amazon S3</strong>

<div class="main">

<p>

<form id="postform" action="http://s3.amazonaws.com/<%=bucket %>" method="post" onsubmit="return uploadS3();" enctype="multipart/form-data">
<input type="hidden" name="key" id="key" value="" />
<input type="hidden" name="acl" id="acl" value="<%=acl %>" />
<input type="hidden" name="content-type" id="content-type" value="text/plain" />
<input type="hidden" name="AWSAccessKeyId" id="AWSAccessKeyId" value="<%=awsAccessKey %>" />
<input type="hidden" name="policy" id="policy" value="" />
<input type="hidden" name="signature" id="signature" value="" />
<input name="file" id="file" type="file" />
<input name="submit" value="Upload" type="submit" />
</form>

<div id="result"></div>

</p>
</div>

</body></html>
PHP based S3 Upload Tool: http://svnlabs.com/demo/s3/

You are great if you can find your faults, Greater if you can correct them, But greatest if you accept others with their faults.

fbsocialmarketing.com

FB Social Marketing is a Social Media Marketing company specializing in the development of Facebook Fan Pages for your business.

Be sure to check out complete line of training videos.

I have partnered with Shelle Kind of fbsocialmarketing.com and we have released the Amazon S3 / EC2 Solution for Facebook fanpage apps.

How to Setup Elastic Load Balancing on AWS

Amazon S3 & Facebook Fanpage app

I want to link Amazon S3 https object like “https://s3.amazonaws.com/bucket/index.html” to facebook iframed fan page…
But it returned error….

405 Method Not Allowed
Code: MethodNotAllowed
Message: The specified method is not allowed against this resource.
ResourceType: OBJECT
Method: POST
RequestId: XXXXXXXXXXXXX
HostId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

OR

PreconditionFailedAt least one of the pre-conditions you specified did not holdBucket POST must be of the enclosure-type multipart/form-data….. 🙁

OR

<Error>
<Code>PreconditionFailed</Code>
<Message>At least one of the pre-conditions you specified did not hold</Message>
<Condition>Bucket POST must be of the enclosure-type multipart/form-data</Condition>
<RequestId>F681CE6EB61CFAA3</RequestId>
<HostId>hMQd22w34G0TpwISr1gQDB/TdUniRjhJ355Scc9RxOWreDDb5XWYwEFzutkhjX72</HostId>
</Error>

After few searches I got link…. but not helpful 🙁
http://www.hyperarts.com/blog/facebook-secure-browsing-https-iframe-tabs-mixed-content-warnings/

Finally, I got good article on AWS Forum..
https://forums.aws.amazon.com/thread.jspa?messageID=228930

I came to know that facebook loads the requested HTTPS S3 URL “https://s3.amazonaws.com/bucket/index.html” by sending a form POST and injected some content into the iframe, but S3 have POST for file uploading only… so it returned “MethodNotAllowed”

Bucket Policies won’t work in this condition… 🙁

Now, I have few options to use S3 HTTPS Object “https://s3.amazonaws.com/bucket/index.html” in facebook iframed fan page…

1. Run a HTTPS Apache server that can load S3 HTTPS Object with POST method and supply to fan page 🙂
2. Load S3 HTTPS Object using another iframe on any server… see code below

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="https://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Facebook Fan Page - Amazon S3</title>
</head>

<body>
<iframe frameborder="0" style="width: 520px; height: 800px;" src="https://s3.amazonaws.com/svwpmu/index.html" scrolling="no"></iframe>
</body>
</html>

You can check videos released on blog 9th May 2011 for more detailed installation…

I have partnered with Shelle Kind of facebook social marketing and we have released the Amazon S3 / EC2 Solution for Facebook fanpage apps.

Partner: Shelle-K | Custom graphic and web developer

When MIND is weak situation is a PROBLEM, when MIND is balanced situation is CHALLENGE, when MIND is strong situation is an OPPORTUNITY 😉
 

Amazon E-Commerce Service or ECS

Amazon’s ECS is very good service for accessing Amazon’s product database. We can register to this web service quickly, It provides a free access key to access Amazon Store.

Amazon have rich set of web services 🙂 Web Services are used to access DATA over cross platform environments.

Using ECS-driven websites and applications, we can earn commissions by advertising items for sale by Amazon.

Amazon E-Commerce Service can be used to get the information from amazon such as product name, images, availability, ratings, description, specifications, similar products, and more.

We can use PHP to consume web service using PEAR, REST, SOAP and XML etc.

Try: https://github.com/Exeu/Amazon-ECS-PHP-Library

There is one thing which gives radiance to everything. It is the idea of something around the corner.