|
|
|
|
|
|
by aluskuiuc
4451 days ago
|
|
|
That said; the AWS APIs offer a lot of tools to hand keys to clients with extremely limited scope, both in API access and time boundaries. For example; a game could be given access keys that allow it to write a high score only to a particular row of a DynamoDB table, the one corresponding to that user. Direct device->AWS use can make a lot of scaling issues very simple without needing a middleman service on every request. However this does not obviate the need for a federation brokering-type service that auths the device, calls AWS to get a time-limited token with permissions scoped just so, and hands that back to the client. AWS provides Amazon/Google/FB web identity federation for just this use case: http://aws.amazon.com/iam/details/manage-federation/. |
|
|
And I'm sure it does wonders for locking in clients to AWS APIs ;)
As for scalability, there's no inherent scalability issue with middlemen services. There's potentially some added lag (not necessarily), but a pure middleman service (with maybe a bit of caching) is an "embarrassingly parallel" workload. If it gets slow, you just add more servers. And they could be Amazon EC2 servers, nothing bad about that! :)