How to talk to AWS S3
When it comes to talking to the Amazon Web Services (AWS) S3 system, as with any third-party application or web service, a developer can either make connections to the S3 Application Programming Interface (API) directly or use one of several program-friendly Software Developer Kits (SDKs).
When using the API directly, the developer must implement a connection language such as cURL or some other HTTP call to connect to the various API endpoints (such as performing a DELETE HTTP request on a bucket name, or a POST HTTP request to a bucket with file data). This can be considered more free form and “raw” for a developer, as it gives them a wide range of implementations; if an environment allows for making HTTP requests, the API can be contacted directly.
On the other side, using a program-friendly SDK can have its own benefits, such as a cleaner handling of processes that are best performed under-the-hood and making these API calls object-oriented.
An example of an under-the-hood process would be the act of authorizing a request with a given key and secret, which is necessary when communicating with AWS S3.
Connecting to AWS from FileMaker
The Cloud Manipulator makes use of the Amazon AWS C++ SDK, which provides developers with an object-oriented toolkit for accessing many of the features present in the entire purview of the AWS API.
Due to the scope of the Cloud Manipulator plug-in, the feature set for the AWS C++ SDK has been limited to just the Core features, their native utilities, and the S3 toolkit for communicating with S3 services. With the SDK compiled as C++ code, the plug-in is inherently portable between the Windows and Mac platforms and can fit seamlessly into a FileMaker plug-in format.
One key component of any S3 integration is the process of authentication because without authentication no communication can take place. The algorithm that Amazon requires any third-party developer to use to communicate is quite complex, and so the use of an SDK makes that process so much easier. For an example, see the algorithm summary below, pulled from the AWS S3 API Reference:
The “signature” at the end is the authentication string that must be passed with every request, via an Authorization header, to tell S3 that the request is authorized.
In the AWS C++ SDK, this process is achieved with:
Aws::S3::S3Client client = Aws::S3::S3Client(Aws::Auth::AWSCredentials(accessKey, accessSecret));
This simple function call instantiates an S3Client object as defined within the Aws::S3 code namespace, using a set of AWS credentials built with a provided access key and access key secret.
The key and secret are provided by the user, who can retrieve them from their AWS account’s “Security Credentials” section and then fed into the function above via the developer’s application. The S3Client object provides the methods responsible for communicating with any facet of the S3 API, using developer-friendly method stubs and descriptive comments and explanations.
Compared to the summary, which the developer would have to perform once for every request that needs to be signed if they are communicating with the AWS S3 API directly, using the SDK’s method is a huge boon to the developer, reducing a lengthy and complicated process down to simply making a single function call and providing the required bits of information.
Without the use of the SDK or a plug-in like the Cloud Manipulator, the developer would need to run the calculations using the language of their choice and may have difficulty troubleshooting the generation of the signature if there is any malformed or missing piece of information at any of the stages in the summary.
Amazon Web Services S3 Abilities
There is much more that the S3 API allows once the critical hurdle of generating the authentication string has been jumped. S3 allows for numerous operations, including but not limited to:
- Pulling a list of buckets associated with the authenticated user
- Deleting an empty bucket
- Gathering properties from a bucket, such as the Access Control List (ACL) or the bucket policy
- Downloading and uploading object files
- Moving objects from one bucket to another, or from one subfolder to another
- Performing a multipart upload for large files
- And much more!
Why SDKs (and Plug-ins) are King
With the power of the API and the accessibility of the SDK, S3 allows a developer to come up with novel ways to add in cloud-based storage for their own programs and solutions.
The Cloud Manipulator plug-in, on the other hand, eliminates the need of pulling apart the API or digging through documentation for an SDK in order to integrate a FileMaker solution with Amazon S3. With a call to PCCM_UseCredentials, the plug-in connects to S3 and ensures that every subsequent call, whether to PCCM_ListAllFolders or PCCM_PostObject, will be signed and authenticated as expected by Amazon, making integrations a cinch.
For more information and to download a demo, check out https://www.productivecomputing.com/products/aws-filemaker-integration/.