nobeastsofierce - Fotolia

Using REST APIs in AWS connects services, creates concerns

APIs help developers connect services, but also create security and management concerns. This excerpt from 'Mastering AWS Development' explores REST API commands for AWS.

APIs allow separate services or software programs to connect and communicate with one another. And they play a key role in deploying a public cloud, where IT teams can use up to several dozen tools and features.

While application programming interfaces (APIs) are necessary elements of the public cloud, they come with complexities around security and management. The Amazon API Gateway integrates with the AWS ecosystem to smooth some of the rough edges involved with using REST APIs, but IT teams must be ready to dig into configuration parameters and certificates to ensure they have safe, reliable connections between services.

Mastering AWS Development, a book by Uchit Vyas, explores application development and deployment in AWS. In this chapter excerpt, Vyas walks readers through using REST APIs in AWS, using commands as examples.

Working with AWS using REST APIs

AWS consists of real web services; they all are restricted over HTTP with different abstraction levels, like the different APIs. Some AWS services can be controlled using the SOAP API, some using the Query API, some by using REST APIs. When you are going to access Amazon S3 or other AWS services using REST, you must provide the following items in your request so the request can be authenticated:

AWS access key ID: Every request must hold the access key ID of the uniqueness you are using to send your request.

Signature: Each request must contain a valid request signature.

Time stamp and date: Each request must contain the date and time the request was created.

The general steps for authenticating a request are as follows:

Create a request that contains the following components: Access key ID, Action, Timestamp, Parameters.

Check the signature using your secret access key, as shown here:

Send the request to AWS service by including your access key ID and the signature in your request.

AWS will retrieve your Access key ID to check your secret access key.

AWS will compute a signature from the request data and the secret access key using the similar algorithm that you used to analyze the signature you sent in the request.

If the signature generated by AWS matches the one you have sent with the request, the request is considered as an authentic request.

This way, AWS is working for the authentication of a user and requests raised by user. After the authentication, you can proceed with API tools installation and configuration.

Getting started with API tools

There are multiple AWS services that have API available for use. In this chapter, you will learn about the basics of EC2 API and DynamoDB API in depth. To start with EC2 API, you will need the X.509 certificate (you can find it under the AWS Access Identifiers page, in the X.509 Certificates section). Once this is done, you will need to download that certificate and the private key file. If you are a new to AWS, you should use IAM roles. We will go here with X.509 certificate.

To start with EC2 APIs, you should have basic knowledge of the following: XML, web services, HTTP requests.

One or more programming languages, such as Java, PHP, Perl, Python, Ruby, C#, or C++.

There are basic terms that will be frequently used in the API:

Endpoints: This is simply a URL that will serve as an entry point for a web service.

Available libraries: These libraries offer basic functions that without human intervention take care of tasks such as cryptographically signing your requests, retrying requests, and handling error responses so that it will be easier for you to get started.

Eventual consistency: The Amazon EC2 API follows an eventual consistency model, due to the distributed personality of the system supporting the API. This means that the result of an API command you run that will affect your Amazon EC2 resources might not be immediately visible to the subsequent commands you run.

Installing API tools

To install API tools, follow the given steps. I am doing this on an Ubuntu machine, but for RedHat or OS X users, the command will vary:

Run the following command:

sudo apt-get install ec2-api-tools

If you do not have the latest Ubuntu release, the packages may be a bit old. So, add repository details by following commands:

sudo apt-add-repository ppa:awstools-dev/awstools

sudo apt-get update

sudo apt-get install ec2-api-tools

Set the environment variables your shell profile by adding the following lines to your ~/.bashrc file if you use Bash as your shell:

export EC2_KEYPAIR=<your keypair name> # name only, not the file name

export EC2_URL=https://ec2.<your ec2 region>

export EC2_PRIVATE_KEY=$HOME/<where your private key is>/pk-XXXXXXXXXX.pem

export EC2_CERT=$HOME/<where your certificate is>/cert-XXXXXXXXXXXX.pem

export JAVA_HOME=/usr/lib/jvm/java-6-openjdk/

You are set up the API tools configuration. Now, you have to create one "keypair" that will be used to connect the instances using SSH. You can use the ec2-add-keypair utility to create the key and register your key with Amazon:

ec2-add-keypair uchit-keypair

This will print out the private key that you will have to save in a file:

cat > ~/.ec2/id_rsa-uchit-keypair

Running your first instance

To start an EC2 instance using API, you can use the following to create new instance using AMI. You should know the required AMI ID to launch you instance from that ID. To search AMI, you can use the following command:

ec2-describe-images –a

It will give you the whole list of AWS AMIs. To launch any instance with a specific AMI ID, you can use following command for reference:

ec2-run-instances ami-e348af8a -k uchit-keypair

Example of EC2 API

Here is a sample code to create EC2 instances with Amazon AWS SDK using APIs. This code will create an instance on AWS with configuration specified by you:

// for connecting to ec2

InputStream credentialsAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("");

Preconditions.checkNotNull(credentialsAsStream, "File '' NOT found in the classpath");

AWSCredentials credentials = new PropertiesCredentials(credentialsAsStream);


AmazonEC2 ec2 = new AmazonEC2Client(credentials);



// to create ec2 instances

RunInstancesRequest runInstancesRequest = new RunInstancesRequest()


.withImageId("ami- 62201116 ")





To create an EC2 instance, you need to provide configuration parameters as described in the preceding code.

Use the following code for creating an instance:




RunInstancesResult runInstances = ec2.runInstances(runInstancesRequest);


// to tag ec2 instances

List<Instance> instances = runInstances.getReservation().getInstances();

int idx = 1;

for (Instance instance : instances) {

  CreateTagsRequest createTagsRequest = new CreateTagsRequest();

  createTagsRequest.withResources(instance.getInstanceId()) //

      .withTags(new Tag("Name", "ec2-api-test" + idx));





Editor's note: Packt Publishing also provides a free e-book download of Mastering AWS Development for SearchAWS readers.

Next Steps

How to create successful REST API designs

Test your REST and API code knowledge

Access cloud resources through Amazon API

Dig Deeper on AWS cloud development

App Architecture
Cloud Computing
Software Quality