Replicating the entire app.

[Piper]

Hi.

What would you charge for replicating the entire app on my App Engine
account?

Its just because I need one single feature; the ability to have every
request randomly use one of a set of AWS keys.

Ben

[C Sowa]

Have you taken a look at http://sowacs.appspot.com/AWS/Downloads/#python
? That download includes the code for a fully operational, but basic,
Google App Engine / Python "personal" query signing service.
"Personal" in the sense that it is intended for use with requests
containing one or more previously configured AWS Access Key Ids, so
that that AWS Id / Key pairs can be simply listed in the code. If,
for example, you listed 10 Id / Key pairs, and then sent your requests
with an Id randomly selected from that same set, you would achieve the
end result that you described.

Another approach would be to randomly assign both the Id and Key at
the time the request is received. The problem here is that in this
case, anyone could sign their requests using such a service. It is
similar to scenario (2) described here: http://sowacs.appspot.com/AWS/AWSQS_question_20090529.htm
, to which AWS/PAA responded that this sort of usage would violate
their license / terms. If, however, you could ensure that no third
parties accessed this service, you would be fine.

If you could answer a few questions, it would help me to better
understand your request:

- What is the reasoning for randomly selecting Id / Keys ?
- What is an example use case ?
- What is a rough outline of the processing that you envision, in
which a signing service fits ?
- How stable is the set of Id / Key pairs that you will use ?

As for replicating the AWSQS application and the costs involved, that
issue is best deferred for a bit pending a few more details. It seems
like this would exceed your needs, as I understand them so far.

[Piper]

I would have used you're Python code, but what you wrote in the
caution "you'll still have to set up the GAE development environment"
threw me off.

"Another approach would be to randomly assign both the Id and Key at
the time the request is received. The problem here is that in this
case, anyone could sign their requests using such a service. It is
similar to scenario (2) described here: http://sowacs.appspot.com/AWS/AWSQS_question_20090529.htm
, to which AWS/PAA responded that this sort of usage would violate
their license / terms. If, however, you could ensure that no third
parties accessed this service, you would be fine."

This approach is best for me, although I have no idea how to implement
it. There is little risk of it being exposed to the public as the
requests won't be from a consumer facing site.

I can also set it to allow requests from my IP only.

Now for your question:

What is the reasoning for randomly selecting Id / Keys?

Because while I do not plan to make many requests a day, I do need to
make many at once. (A total of about 400.) Amazon throws a 503 if I
try that on a single Key.

Ben

On Aug 25, 10:39 am, C Sowa <sow...@gmail.com> wrote:
> On Aug 25, 12:10 am, Piper <47digi...@gmail.com> wrote:
>
> > Hi.
>
> > What would you charge for replicating the entire app on my App Engine
> > account?
>
> > Its just because I need one single feature; the ability to have every
> > request randomly use one of a set of AWS keys.
>
> > Ben
>

> Have you taken a look athttp://sowacs.appspot.com/AWS/Downloads/#python

[C Sowa]

On Aug 25, 11:22 am, Piper <47digi...@gmail.com> wrote:
>
> Now for your question:
> What is the reasoning for randomly selecting Id / Keys?
> Because while I do not plan to make many requests a day, I do need to
> make many at once. (A total of about 400.) Amazon throws a 503 if I
> try that on a single Key.
>

Yes, I thought that was what you were getting at. Unfortunately, the
use of multiple AWS Access Key Ids is unlikely to work. Historically
- although the wording has changed more recently - the limitation was
one request per minute _per_client_IP_address_.


Currently:

Amazon.com Product Advertising API License Agreement
https://affiliate-program.amazon.com/gp/advertising/api/detail/agreement.html

4.(p) You will not exceed, or if you build and release an application
that calls the Product Advertising API, each copy of that application
that is installed by an end user will not exceed, 1 call per second or
send files to or from the Product Advertising API that are greater
than 40K without our prior written approval.


Some additional older information that may help clarify:

- AWS forums response from 2005.02.25:
http://developer.amazonwebservices.com/connect/message.jspa?messageID=21130#21130
- 'Working With the "One-Second" Rule'
http://www.a2sdeveloper.com/page-working-with-the-one-second-rule.html


This handling of the limit has a couple of curious potential side
effects:

1. If you are using more than one application accessing AWS/PAA from a
single machine, the limit applies to the aggregate of all calls; e.g.,
one "rogue" application could cause the rest to fail, and that
includes calls made to the API directly from webpages.

2. If you are running an application that accesses AWS/PAA from inside
a NAT'ing firewall/router, which is common in many organizations,
_all_ applications accessing AWS/PAA from within that firewall are
seen by AWS as coming from the same IP address (or perhaps a small
pool). In effect, the AWS/PAA limit will apply to the organization as
a whole - including API accesses from webpages that any user may have
viewed.


I haven't found anything describing these possible situations; they
need testing, but I strongly suspect that this is the case. Also
never explicitly mentioned anywhere is anything about limits being
applied _per_AWS_Access_Key_Id_. I think all of these issues need
clarification by AWS/PAA personnel.

I think if you ran two or more instances simultaneously from your
location, each using a different Id / Key pair, you would be able to
verify these issues fairly quickly. A single website host sending
making AWS/PAA calls will be seen as a single IP address.

If things work out this way, great - you also have a good idea what
your solution may be: simply alternate or rotate through the set of
Id / Key pairs that you want to use. Randomness is not required.

Based on limited infornation, It doesn't sound like you need the
massive scalability potential of a Google App Engine based service.
Are there response time performance requirements that you are trying
to meet ? You could also look at the Perl & ASP classic examples at
http://sowacs.appspot.com/AWS/Downloads/ if perhaps setting up a
service on your website host makes more sense than getting into GAE
implementation.

My intent with the GAE "caution" was to make sure people understood
what they were getting into up front. But if you look at
http://appengine.google.com/ , you may find it's not all that
complicated - at least, not any more than setting any other SDK
environment.

I can certainly help you out if you have concluded that this is the
way you want to go. If you want to proceed, please contact me
directly using "reply to author", or you can get my email address from
my profile, and we can make arrangements from there.