Add Thesis

Application of Amazon Web Services in software development

Written by E. Tham, M. Werlinder

Paper category

Bachelor Thesis


Computer Science




2.2 Amazon Web Services Amazon Web Services is a platform that provides cloud computing services, including computing capabilities, databases, storage, machine learning, analysis, development tools, and so on. The next section will introduce the infrastructure of the AWS cloud, followed by the Amazon Web Services used in this project. 2.2.1 AWS cloud computing infrastructure The AWS cloud computing structure consists of regions, which are composed of two or more availability zones. Each area is a separate geographic area, such as "us-east-1" in Northern Virginia or "ap-northeast-1" in Tokyo. All available areas can be seen on Amazon's page [5]. Availability zone is a collection of data centers. Availability zones are physically separated from each other in an area, but connected by low-latency links, as shown in Figure 1. Finally, each area has multiple edge locations to reduce the latency of developers/customers requesting resources stored in these areas. 2.2.2 AWS Lambda AWS Lambda is a service that allows developers to run code or application Lambda functions without configuration and server management [7]. The code and applications deployed or implemented in AWSLambda are collectively referred to as Lambda functions. The service was created in November 2014 and works by being triggered by different events. For example, these events can be Amazon Alexa or websites that send requests to AWS Lambda functions [23]. Lambda can also interact with other AWS resources (see Figure 2), such as CloudWatch. When the Lambda function is executed, AWS Lambda handles the amount of resources required to execute the Lambda function on its server. Lambda can handle as many incoming requests as it can, because it can make its own copy to handle other requests. Lambdai is one of many Amazon Web Services. Compared with AWS EC2, it is mainly used to build smaller applications. Lambda can be programmed in the following languages: Node.js, Python, Java, Go, and C#. [7] Lambda allows users to focus only on coding aspects when developing products without worrying about any other parts, such as the infrastructure and computing power when building a good application. [7] 2.2.3 Alexa & Alexa SkillAlexa is Amazon’s voice The service can understand and extract words in the following languages: English, French, German and Japanese. Ama-zon allows developers to use Alexa to develop different skills. For example, the skill can be a program that allows the user to book a taxi. Due to laws and privacy measures, Alexa is not always online and listening. Instead, Alexa uses the wake word, which is Alexa. So in order to activate a skill, the following sentence must be "Alexa open specific-skill-name". Lambda is usually the back-end logic of Alexa Skill. 2.2.4 AWS Identity and Access Management AWS Identity and Access Management (IAM) [33] is a web service used to manage and protect access to AWS resources. The goal of IAMs is to be able to control the authentication of users and which resources they have access to. This includes features such as allowing other users to share access to your AWS account, assigning different permissions to different users for different resources, and adding two-factor authentication to your AWS account and other individual users. For more information, see [33]. To understand the IAM infrastructure (see Figure 4), it is necessary to introduce the following concepts: "subject", "action", "resource", and "policy". A principal is an entity that can perform operations on resources through the AWS Management Console, AWS Application Programming Interface (AWS API), or AWS CLI. Examples of principles are users, roles, and applications. Operations are operations defined by AWS services, and resources are entities that exist in the service, such as S3 buckets and IAM users. When the principal wants to take an action, it sends a request to AWS, which contains the "request context"; collecting request information from different sources. This prompts IAM to evaluate whether the request context is authenticated and authorized to take specific actions on the requested resource. During authorization, IAM will get the value of the request context and check if any policies match it. A policy is an entity that can be attached to principals or resources to define the permissions they have. For more information, see [21]. In IAM, policies are stored as JSON objects that contain specifications about allowing or denying permissions for resources or principals. After the requested authentication and authorization are completed, the operation will be performed. When the AWS account is created for the first time, the AWS account rootuser identity is also created [33]. The root user has full access to all AWS services and can be accessed by logging in with your email address and custom password. It is not recommended to use the root user for simpletasks because it has the highest authorization. Therefore, the root user should only be used to create the first IAM user. These are users in the AWS account to which the root user has assigned specific permissions. Each created IAM user has its own unique credential, which contains the key access ID and secret access key by default. To log in to AWSconsole with an IAM user account, use the following login URL [17]: If you want to delegate access to your resources to another account, user, application, or service without having to uniquely associate credentials with a specific identity, then one option is to use IAM roles. Read Less