Encryption in Amazon Simple Queue Service (SQS)

encryption-locks

As I come from .Net background, I have always used MSMQ which is obviously very good. Now a days I am working a bit with Amazon Simple Queue Service(SQS) and I find it very cool.

Amazon Simple Queue Service (SQS) is a fully-managed message queuing service for reliably communicating among distributed software components and micro services – at any scale.

Recently Amazon has added one more useful feature into SQS which is Server-Side Encryption.

In the context of Message Queuing, encryption is the process for encoding and decoding messages, ensuring they cannot be read or used by unauthorized persons so now Amazon SQS is even more secured than before.

It gives you ability to store encrypted messages in either standard queue or FIFO queue. You can add it while creating new queue or you can set it in any existing queue as well.

AWS by default provides standr key for all customers which is unique and it is called  Customer Master Key (CMK). You can use this key or you can create your own keys for encryption. If you choose to use your own keys, don’t forget to update your KMS key policies so that they allow for encryption and decryption of messages.

sqs_set_encrypt_2

So what exactly it encrypts in SQS?

It encrypts the body of a message in an Amazon SQS queue.

It doesn’t encrypt the following components:

  • Queue metadata (queue name and attributes)
  • Message metadata (message ID, timestamp, and attributes)
  • Per-queue metrics

Give it a try!

Advertisements

Amazon AppStream 2.0

appstream4

Have you ever had dream of using your desktop application from anywhere you want to, like running it from browser or from your proffered device? Well then your dream has already came true.

Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows you to stream desktop applications from AWS to any device running a web browser, without rewriting them.

Though desktop application are meant to be used on desktop but today people want this to be used from anywhere and from their preferred device.

It is possible but to achieve this,organizations need to maintain multiple versions of their desktop applications, and take additional measures to secure applications and data.

So orgnaization either needs to modify their application in such a way that it runs on browser or continue to maintain and support complex desktop applications.

Amazon AppStream 2.0 comes as a savior here.

Below are some benefits of Amazon AppStream 2.0:

  • Native browser applications without the need to rewrite them
  • Run Desktop Applications on Any Device
  • A single version of each of your apps, which makes application management easier
  • Consistent, Scalable Performance
  • Secure Applications and Data
  • Instant-On Access

Amazon Appstream 2.0 currently allows you to try by yourself.

Below is the landing page when you open TryIt page:

appstream3

Then I selected Eclipse:

appstream1

appstream2

I was running Eclipse a few seconds later, no installation or setup needed:

It also allows you to set resolution as per your need and also allows you to work on full screen to give you experience as if you are working on your desktop application.

Below are few recently added features in Amazon AppStream 2.0:

Fleet Auto Scaling – This feature allows you to use the CloudWatch metrics to scale your fleet up and down in response to changes in demand. This allows you to deliver applications as economically as possible, while still providing instant access.

Image Builder – You can build your own AppStream 2.0 images that contain your choice of applications.

SAML 2.0 Authentication – You can use your existing SAML 2.0 compliant directory with AppStream 2.0. Your users can use their existing credentials to log in.

Fleet Management – You have additional management options for the instances that run your applications.

CloudWatch Metrics – You can observe and monitor seven Amazon CloudWatch metrics, including the size and overall utilization of your fleets.

Try it by yourself 🙂

New features in Amazon Quicksight

Amazon Quicksight now has some more cool features. Out of those, below are few features which I found very useful.

1) Export to CSV

amazon3

One of the most useful newly added feature is capability of exporting to CSV. This feature was requested by many people and finally Amazon Quicksight is equiped with export to CSV feature

You can now export your data to CSV by selecting the visual you want to export, clicking on the top-right menu icon, and choosing Export to CSV.

2) Possible connectivity with Microsoft Active Directory

amazonBy this feature, you can now connect Quicksight with your on promise AD using Quicksight AD connector. AD connector acts as a proxy which sends the credentials which have been entered for sign in to your on promise AD for validation purpose.

So now users who has their on promise AD credentials, can not log in into Quicksight using existing AD credentials.

Using Managed Microsoft AD, you can easily provision users across multiple cloud and on-premises domains using trust relationships provisioned with the respective ADs.

3) Aggregate filters for SPICE data sets

amazon2

With this feature, you can now put different aggregate filters for SPICE data sets. For example from your data set you want to figure out how many customers has bill amount more than 20k per month.

Apart from this, Quicksight also added some features like KPI charts by which you can present a single aggregated value from a measure, and also comparisons against another measure or over a time period and Custom ranges for Microsoft Excel spreadsheets which automatically detects the cell range of your table in the sheet when you upload an Excel spreadsheet.

To learn more about Quicksight, have a look here.