Can Amazon actually read my code stored at AWS? - heroku

I don't know if this is the right place to ask, but I'm developing a web application, and I suggested using AWS. Nevertheless, my bosses are concerned about Amazon being able to read/steal our code. I don't know why Amazon would want to get my code, but it's not me the one which is worried about that.
I guess there should be some kind of encryption, or at least a legal clause at the AWS user contract where it says that Amazon won't do that or you will be able to sue them. The thing is I haven't been able to find this information so far.
Does anyone know where to find this information? I really want them to let me use AWS, since I think it is a great opportunity to learn about this technology.
Bonus: I know there are similar services, such as Heroku, or Openstack. I will also accept the kind of information resource I'm searching for any other similar services. But unless anyone can point that AWS is not the best option out there, I'd rather stick to AWS.

A) You should assume they can read your code B) you should also assume they don't care about your code.
Edit: Possibly more useful resources w/regards to AWS security
http://aws.amazon.com/articles/1697
http://aws.amazon.com/compliance/

Related

Advantages of having endpoints as AWS Lambdas

I read on one company's job ad that they're currently in a process of "building new endpoints as Lambdas" and this got me thinking.
What are the advantages of such approach? Does this work like sort of a proxy that deals with security or is there sth completely different that I'm unaware of?
To give a brief answer, it's hard to say what it means in their case. Usually aws lambda apis are really fast to build and really easy to maintain simply because of aws lambda nature - FaaS which is function as a service.
The whole point of that is to develop fast and efficient, without thinking how back end and servers should be implemented.
Not to mention that lambda can be integrated with every other aws service, which is real power.

Looking for help on how to manage microservices in Golang

Currently, I deal with microservices on a daily basis at my 9-5. Most everything that I touch is written in PHP, and as only a software engineer, SysOps manages everything that has to do with apps running, etc. I have a little familiarity in how the infrastructure and build pipeline is setup, but I still am not a SysOps or DevOps guy.
With that said, I love Golang and for a side project, I am creating a fairly large web application with a lot of moving parts. Writing and designing the code is easy as I have learned a lot from my day job, but deploying and managing Golang web apps (as they are executables) is quite different than updating files for apache to serve.
I have researched a lot on how I would build and deploy my microservice apps, but I keep on thinking of more problems that will need to be solved along the way. I have tinkered with the idea of using Docker for all of this, but I would rather not have the added complexity of learning that and managing storage for all of the images as that could be large.
Is there a best practice or a good way to manage Golang applications after they have been deployed? I would need a way to keep track of all the microservice processes to be able to see if they are still up and to be able to stop them when a new build is going to be deployed.
As for the setup, just assume that all the microservices will be run on the server, not in a container or in a VM. They will all need to be managed, but also able to act upon independently. Jenkins will be used for building and deploying. I will be using Consul for service discovery and possibly configuration, and most likely health checks on the services. I'm thinking of having each microservice register itself to consul when started and deregister when stopping.
Again, I am looking for a solution that is hopefully not just "Docker". I also had thoughts into creating a deploy service that manages the services (add and remove), as well as registering them in Consul. So if I cannot find a better solution, I might go that path. Any help is appreciated.
** Sorry if my question was confusing, but since a couple people answered on the wrong topic at hand, I will try to clarify. I don't need any help making the microservices, or even know anything about them. I brought that point up as to why I need to ask my question. Basically what I need is just the ability to manage the running go processes of all my microservices so I can do deployments and be able to stop and start processes to update the code. It is easier when you have to worry about one app, but when you can have up to 10-15 difference microservices they become harder to keep track of. After my own research, it seems that Supervisord is what I am looking for, but I'm not sure. That is the direction I am going in with this question. Thanks.
Golang is great to use for microservices, but I would say there is not so big difference of managing golang or other languages microservices.
What I would say is golang specific:
you don't need to install anything on servers since golang is compiled to single library
you can take advantage of std lib golang rpc package and gob binary decoding, instead of usin 3rd party solution (gorpc, protocol buffer etc)
Other than that you need to use your own judgement. There is plenty of ways of doing one things in microservices world; one day you will implement solution A but when after 3 month you will see that its better to do B, do that.
In internet, there is so much reading about microservices. I will recommend you 2 good resurces: https://books.google.co.uk/books/about/Building_Microservices.html?id=RDl4BgAAQBAJ&source=kp_cover&redir_esc=y&hl=en
And article: http://highscalability.com/blog/2014/4/8/microservices-not-a-free-lunch.html
Remember, microservices are not a golden bullet, they often can help making application easier to maintain and grow, but from the other side require lot of additional work, consequence in specifying API contracts and strong devops culture.

Considering Google Compute Engine to supplement our AWS stack, some comparison questions

We're exploring using GCE alongside out AWS deployment and I've a few questions coming from AWS.
It doesn't seem like the GCE Load Balancers support SSL (as in encrypting http traffic into https via the load balancer). I saw in the docs that its something that's coming .. does anyone know any good workarounds and possibly the timelines for actual support of this?
We use SQS on AWS a fair bit, and would like to use something simillar on GCE. There looks like there is Task Queues, but we've had a lot of trouble making them work in Ruby, for various issues, the docs seem somewhat lacking even trying to test them out in the builtin "try it out" tool. Does anyone have experience with having them work that could point us to a) a working ruby client library for it b) perhaps more complete docs (we have not even been able to issue a single authenticated request to them)
PubSub, we use SNS on AWS, and would like something simillar on GCE. Is PubSub the answer? It seems like its in invitation only beta right now? Any idea how we can get in and play with it?
Thank you.

Wondering who gets to see my source/data in the cloud

Let us assume I have few ideas that I don't want stolen and I am willing to pay a reasonable price.
There are instances like this:
http://www.pcmag.com/article2/0,2817,2369188,00.asp
or the facebook story, or the early apple/xerox story.
which could happen in cloud services like ec2, heroku, linode, azure etc.
Assuming I have a good mix of interpreted/compiled code, how can I protect my source and ideas from being stolen? I know I am not really idea rich nor is there some source thief on the loose. I just have this nagging feeling about putting source code in the cloud, which I am sure some of you also have or didn't care much about.
Would disk encryption help? What are my choices (other than building my own mini data center?)
If you are hosting your code in the cloud at some point you will need to trust your host. Otherwise you'll be doing the hosting yourself. True, any host that has your code may be able to take the code and use it, but if you choose a host that seems trustworthy, has a good reputation, and many other satisfied customers you can probably wager that your code will be secure.
Encrypting things on disk might help - it depends what you're encrypted and how you use it. Do you need your data to be unencrypted at some point to work on it? Is your data only transferred from one place to another? How much damage could an adversary do if they got a hold of your data?
You may be interested in this answer, which outlines several options.

getting started with Single Sign On / Windows Authentication

First off, The Problem:
We have a Web App with a Flash front-end that talks to our ASP.NET web service via SOAP which then deals with all of our server side code (C#).
Right now, we implement a simple user sign on in our application, storing the info in our MSSQL DB.
A client has requested what I understand to be Windows authentication through our application using the currently logged in user.
So, I have been tasked with investigating this. Nobody, including myself, has any experience in this area.
I have been reading up on some basic Active Directory information, and some simple tutorials. I understand how to get access to the directory using ADSI through code. What I'm really interested in seeing is how the entire thing should be architected. I don't want to throw together a hacky solution.
Does anyone know of a good tutorial for this kind of thing or have any advice on getting started? More importantly, does this even sound viable?
I know I haven't given much information, but feel free to ask and I will provide answers.
Thanks.
Edit:
Will, to give you an idea of the scope of this, the network will include every computer in a large hospital. So yes, this is huge. Clearly I need to start small. I would like to come up with something that will work at my office first. Maybe ~10 Windows computers on a single domain. One Domain Controller.
I am also open to any good books on the subject.
If you are going to tie into Active Directory you will want to take a look at the System.DirectoryServices namespace. The implementations can vary wildly depending on your system architecture, but this should give you a good starting point.
Enjoy!

Resources