I'm doing a project in which I am using the TI CC3200 LaunchPad to detect my bedroom's temperature, real-time. I followed all the AWS IOT C SDK to my Windows machine, downloaded the security keys / certificates, and created a new "thing"in my AWS IOT console. However, it's not clear what are the actual steps to run the sample application and truly test the connection of my device to the Amazon cloud.
I'd suggest to not use bare CC3200, at least for the beginning. There are ready to use CC3200 solutions, like MWS (see here ), probably you can find something else. But AFAIK MWS (or even this) is able to connect AWS. Later, then you will understand how it works you can decide either continue to use MWS (etc) or rewrite everything from scratch.
Related
Problem. I'm looking for an agile way to shoot a docker container (stored on GCR.IO) to a managed service on GCP:
one docker container gcr.io/project/helloworld with private data (say, Cloud SQL backend) - can't face the real world.
a bunch of IPs I want to expose it to: say [ "1.2.3.4" , "2.3.4.0/24" ].
My ideal platform would be Cloud Run, but also GAE works.
I want to develop in agile way (say deploy with 2-3 lines of code), is it possible run my service secretly and yet super easily? We're not talking about a huge production project, we're talking about playing around and writing a POC you want to share securely over the internet to a few friends making sure the rest of the world gets a 403.
What I've tried so far.
The only think that works easily is a GCE vm with docker-friendly OS (like cos) where I can set up firewall rules. This works, but it's a lame docker app on a disposable VM. Machine runs forever and dies at reboot unless I stabilize it on cron/startup. Looks like I'm doing somebody else's job.
Everything else I've tried so far failed:
Cloud Run. Amazing but can't set up firewall rules on it, or Cloud Director, .. seems to work only with IAP which is painful to set up.
GAE. Works with multiple IPs and can't detach public IPs or firewall it. I managed to get the IP filtering within the app but seems a bit risky. I don't [want to] trust my coding skills :)
Cloud Armor. Only supports a HTTPS Load Balancer which I don't have. Nor I have MIGs to point to. I want simplicity.
Traffic Director and need a HTTP L7 balancer. But I have a docker container, on a single pod. Why do I need a LB?
GKE. Actually this seems to work: [1] but it's not fully managed (I need to create cluster, pods, ..)
Is this a product deficiency or am I looking at the wrong products? What's the simplest way to achieve what I want?
[1] how do I add a firewall rule to a gke service?
Please limit your question to one service. Not everyone is an expert on all Google Cloud services. You will have a better chance of a good answer for each service if they are separate questions.
In summary, if you want to use Google Cloud Security Groups to control IP based access you need to use a service that runs on Compute Engine as security groups are part of the VPC feature set. App Engine Standard and Cloud Run do not run within your project's VPC. This leaves you with App Engine Flex, Compute Engine, and Kubernetes.
I would change strategies and use Google Cloud Run managed by authentication. Access is controlled by Google Cloud IAM via OAuth tokens.
Cloud Run Authentication Overview
I have agreed with the John Hanley’s reply and I have up-voted his answer.
Also, I’ve learned that you are looking how to restrict access to your service through GCP.
By setting a firewall rules, You can limit access to your service by limiting the Source IP range as Allowed source, so that only this address will be allowed as source IP.
Please review another thread in Server Fault [1], stating how to “Restrict access to single IP only”.
https://serverfault.com/questions/901364/restrict-access-to-single-ip-only
You can do quite easily with a Serverless NEG for Cloud Run or GAE
If you're doing this in Terraform you can follow this article
I am trying to interface with Azure IoT Central - I already have a subscription and whatnot. Does this exist? I am intending to get data from my Raspberry Pi and post it to Azure Iot Central.
I found the C API used to connect to Azure IoT Hub and managed to get it working successfully. But this is not what I am looking for since Azure IoT Central provides a very nice way to present the data collected from these tools.
I also found Python API https://learn.microsoft.com/en-us/azure/iot-central/howto-connect-raspberry-pi-python. This is good but I was hoping for a C api for this. I'll be using the Python for now.
Okay - after some research, the same API can be used! The tricky part is to get the correct connection string. I tried to play around manually but it was not working. Luckily Microsoft supply a tool that allows you to generate a connection string.
https://github.com/Azure/dps-keygen/tree/master/bin/windows
Provide the correct data ScopeID, DeviceID and Primary key, get the connection string and use your already existing Azure IoT hub API.
I just when trough this tutorial about Using
Firebase and App Engine Standard Environment in an Android App
It was grate but I wonder now can anyone upload and replace my servlet code. Like do I need to set up some firewall somewhere. I read the docs
about
Using Networks and Firewalls
but I cannot see any hands-on how to apply this, it´s really advanced and if someone could break it down, what I need to do to only allow me to access the code.
I´m a bit new to this but when working with this tutorial
Build an Android App Using Firebase and the App Engine Flexible
Environment
I got this email from CloudPlatform-noreply saying I must maintain a Firewalls :
Dear Developer, We noticed that your Google Cloud Project has open
project firewalls. This could make your instance vulnerable to
compromises since anyone on the internet can access and establish a
connection to the instance. The following project has open firewalls:
Playchat (ID: playchat-4cc1d) Google Cloud Platform provides the
flexibility for you to configure your project to your specific needs.
We recommend updating your settings to only allow access to the ports
that your project requires. You can review your project's settings by
inspecting the output of gcloud compute firewall-rules or by visiting
the firewall settings page on the GCP Console. Learn more about using
firewalls and secure connections to VM instances.
What do I need to be afraid of here - what does "since anyone on the internet can access and establish a connection to the instance." really mean?
I want my Firebase signed in users to be able to access only
Source code deployment
The only people that can deploy source code to your app are ones that you've given access to in the IAM permissions pages in the Cloud Platform Console. People there need Owner or have the specific role of "App Engine Admin" or "App Engine Deployer".
Connecting to your instances
If you are using the App Engine standard environment there are no virtual machine instances. The standard environment is purely a platform as a service, not your typical hosting environment with servers.
If you are using the App Engine flexible environment, your code does run on virtual machine instances. However, those instances by default are locked down. You can enable SSH for debugging purposes. These connections however use the tokens via your authorized gcloud installation to connect. All this is just to say, that by default your instances are locked down and even in the debug mode they are still pretty secure.
Overall, your code is secure by default. Protecting your resources is actually probably more about protecting your Gmail account and thus its connected resources like your Cloud Platform projects. Protect your account with two-factor authentication, don't give people more access to your project than they require, and lastly don't enable debugging unless you need it and even then close it down when you're done.
Greeting for the days..
I need some help from you all actually after 10 days of leave i am back with my work and i found there are some changes in aws iot console for registering a device(thing) on aws iot. While registering a device on cloud i am getting only Node.js, Java and python SDks but i need embedded c sdk please help me to get embedded c sdk. If i am trying to use my previous embedded c sdk(or from github embedded c sdk) then i am getting error like this
"ERROR: main L#176 Error(-4) connecting to a32na51unlbk0b.iot.us-east-1.amazonaws.com:8883" and some time like this "ERROR: main L#176 Error(-28) connecting to a32na51unlbk0b.iot.us-east-1.amazonaws.com:8883".
I am using aws embedded c sdk with raspberry pi3. Previously sdk was working properly but no longer now.
From the SDK documentation this looks like, SSL Connection error.
I hope you are not using the right certificate files to connect to aws,
http://aws-iot-device-sdk-embedded-c-docs.s3-website-us-east-1.amazonaws.com/aws__iot__error_8h.html
It seems it can't find your endpoint.
First check your endpoint from console or CLI. Then check if you set it correct in AWS_IOT_MQTT_HOST in aws_iot_config.h.
This question is cross-posted on bitcoin.stackexchange, stackoverflow and bitcointalks.
I'm planning to build an application on Google App Engine that will heavily make use of Bitcoin trading. I've been Googling along a little but I couldn't find whether it is possible to run Bitcoin itself on App Engine (with Java). I have some experience with App Engine, but limited to a pure web-app centered usage.
I've read about a few people that have made applications using Bitcoin with App Engine as well that are hosting Bitcoin separately on an Amazon EC2 instance.
So, does anyone here either has experience with running Bitcoin in App Engine for Java or would anyone have an idea how this could possibly be done?
I know there are a lot of Bitcoin applications out there, I'd like to know how these manage their Bitcoin traffic.
I'm trying to avoid needing a separate Amazon service running all the time next to App Engine.
In fact, receiving Bitcoin can easily be done by using passive APIs like blockexplorer or blockchain, so I'm considering to find a reliable API to handle my outgoing payments. But this approach causes extreme dependency on this API service, which I actually want to avoid as much as possible.
I think you summed up the possiblities already.
depend on an external service providing notifications for
transactions and sending them i would advise against this.
have a second server running permanently and connect to it using json-rpc
running any type of p2p node on app engine will fail, because of the threading limitations on GAE.
a third possibility would be to use a stratum/electrum supernode, that way you are dependant on a 3rd party service, but at least it is well documented and you can set up one yourself easily. AFAIK, stratum is based on http.
source: i programmed a GAE app dealing with bitcoins about 6 monts ago. (using the second server approach)