The state-of-the-art update to the Claris FileMaker platform for 2024 (FileMaker 21) introduces several valuable functions, along with an enhancement to the curl options. Notably, the “–aws-sigv4” flag, which has long been to be had in standard curl libraries, is now supported in FileMaker.
What does this imply for builders? It simplifies integration with various AWS (Amazon Web Services) services. Previously, making AWS API calls required manually calculating the ideal HTTP headers for the version 4 signature. With this new curl choice, builders can let the curl library handle signature technology mechanically.
The potential use instances are extensive. AWS offers tons extra than just digital machines and item storage (S3); it includes services like Rekognition for photograph processing, Secrets Manager, serverless computing with Lambda capabilities, and Generative AI, among others.
AWS Planning
When coping with AWS money owed and resources, it’s important to devise ahead. As an AWS Advanced Tier Partner, Soliant has a crew of certified professionals who can provide satisfactory practices and recommendation.
Principle of Least Privilege
Start by implementing the principle of least privilege while creating credentials for API calls. Credentials must simplest furnish get admission to to the vital sources. In AWS, this is frequently managed via IAM (Identity and Access Management) regulations. While a graphical interface is available for coverage creation, you may also write them in JSON. IAM policies default to “deny” all actions and most effective “allow” unique ones required for your API calls.
Although it can be tempting to create credentials with Administrator get right of entry to for flexibility, it’s vital to scope permissions carefully. Create a tailor-made IAM coverage and attach it to the correct function or consumer.
Some AWS-built rules can be used, but ensure they’re appropriately scoped. For example, a default policy might grant get entry to to all sources, even as you could most effective need get admission to to a specific Lambda characteristic.
Best Practices for AWS Credentials
Several situations arise whilst integrating with AWS services.
A commonplace exercise is to inherit credentials from the IAM role assigned to an example, box, or feature. These credentials are brief-lived and rotate automatically, requiring an additional HTTP header for the safety token alongside the get admission to key ID and mystery get right of entry to key.
You also can request temporary credentials from the STS (Secure Token Service) scoped for your needs, that is useful in case your AWS enterprise spans more than one debts.
Instance Metadata Service
Applications can gain IAM credentials via the Instance Metadata Service (IMDS), handy domestically from the instance strolling FileMaker Server. The preliminary version of IMDS lets in HTTP calls to a local endpoint, whilst IMDSv2 requires an extra token for get right of entry to. It’s encouraged that each one times use IMDSv2 to mitigate external utility vulnerabilities.
From a FileMaker software, you could get entry to these credentials through using the “Perform Script On Server” script step to call the neighborhood cope with. This way, you may use on-call for credentials on your AWS API calls without storing them for your application.
IAM Users
In some instances, you could need to create IAM users for standalone FileMaker files no longer hosted on an AWS server. While that is viable, warning ought to be fascinated with those credentials.
Opinions may additionally vary on managing these credentials, whether thru script variables or custom functions. Ideally, keep away from hardcoding them, particularly if compliance standards should be met. If vital, use a dedicated desk with FileMaker’s encryption features.
Microservices vs. Curl Options
Using microservices can simplify development, casting off the want to manipulate IAM credentials or complex regulations. Supported SDKs are also premiere to opposite-engineering curl alternatives for AWS services. They permit for quicker progress and better documentation.
For workflows concerning webhooks, queued messages can be despatched on demand, warding off the need for continuous polling. Longer procedures, like audio transcription, can notify the server upon of entirety as opposed to requiring polling.
For obligations like producing pre-signed URLs, the “–aws-sigv4” flag may not suffice, as different curl options might be wished. SDKs often include integrated methods for this prolonged capability.
Ultimately, the selection between options depends for your specific use case and necessities.
AWS Account vs. Service Access
AWS can be daunting to architect efficaciously. While it’s easy to get began, organising root and person money owed, monitoring utilization, and coping with billing are crucial fine practices.
If your corporation already has an AWS account, acquiring assets from inner IT can gift demanding situations because of regulatory necessities.
If coping with an account is not possible, don’t forget the usage of an MSP (Managed Service Provider). Our team of certified Solution Architects is prepared to help and might host infrastructure inside our managed FileMaker provider on AWS, Soliant.Cloud.
Example Implementation
Here’s a simple instance of a way to set curl alternatives for a URL insert in FileMaker:
” –request GET” &
” –aws-sigv4 \”aws:amz:{region}:{service}\”” &
” –user \”” & $aws.AccessKeyId & “:” & $aws.SecretAccessKey & “\””
In that case, replace the zone with the AWS location and replace it with the appropriate AWS role. The URL might look like “https://your_bucket_name.S3.Amazonaws.Com/item_name.Png”. The “–aws-sigv4” flag ensures accurate request headers. Also, it will be named “x-amz-safety-token” if you use certificates from IMDS or STS.
This curl option is compatible with S3-compatible services such as Cloudflare R2 and Wasabi. While the results of basic API calls may be accurate, finding better values can be difficult, and while there is proper documentation in the AWS SDK, direct API name documentation may not be available
Transportation of goods
In summary, here are the most important points for your development and planning.
Scope credentials provide minimum privileges
Handle certificates responsibly
Choose the best method of development for your use case
Configure your AWS environment properly or work with an MSP