Start-up companies attempting to shake the market in a flash and preparing for the onslaught of millions of happy users usually won't spend time or resources tending a server farm whose operation needs a knack for patches, reliability, and scaling. Streaming services such as Netflix and Spotify make no secret of the fact that large parts of their infrastructure run on rented clouds operated by Amazon Web Services (AWS). Although that makes them dependent on the operator, apparently even industry giants gain advantages by outsourcing infrastructure.

Choice

If you want to start off on a small scale and take your first few steps in the direction of cloud deployment, you first face a tangled mess of different service offerings and the emotional hurdle of credit card-based server operation. Amazon only takes your money, however, if you go beyond the scope of their free tier [1].

When I recently decided to make my surveillance video motion detection method [2] publicly available in the cloud, After reading about event-driven serverless applications [3] and building single-page apps on AWS [4], I was surprised, on the one hand, how quickly you can set up a web service at the command line and, on the other, the amazingly confusing number of configuration tweaks you need to adjust.

Storage by the Bucket

Amazon stores everything that defines a web service – the code that runs when a browser points to it and the configuration of access permissions – in its Simple Storage Service (S3). Because AWS also can deliver files to a web server as static content on request, this is often the first step into the world of clouds; more complex tasks then follow, such as setting up databases, operating back-end servers, or verifying user IDs.

At console.aws.amazon.com, the console is the central entry point (Figure 1) where you enter your Amazon ID; online shoppers will probably already have registered a credit card there. The Services tab then takes the newcomer to a page that lists a couple of dozen Amazon server offerings; you need to select IAM (identity and access management) here to be able to create a new user and assign the necessary permissions for cloud operation.

Figure 1: A new user on AWS is given the golden key to the city.

If you checked the Programmatic access box in Figure 1, you are given an access ID and a secret access key, which you can use later to configure the cloud working with your account via the aws command-line tool.

On the following page, you grant rights by assigning policies. From the tangled mess of a few dozen boxes, you will want to pick the Attach existing policies directly option and select the AdministratorAccess policy so you can create new S3 buckets in which to store your code files (Figure 2). Later on, as a good security practice, installed application policies with less far-reaching rights are available (i.e., for going live with new releases). Policies can also be combined strategically with the help of roles.

Figure 2: A user with AdministratorAccess rights can set up new S3 buckets.

When you press the button to confirm, the console outputs an access ID for later identification and a secret access key, much like a password (Figure 3). The aws command-line tool itself is written in Python. On Ubuntu or Debian, you can then use:

Figure 3: Using the access ID and secret access key, users can access your account with scripts.

sudo apt-get install python-pip
sudo pip install awscli

to install the tool. For it to be able to access the cloud servers later, the command-line call in Figure 4 configures the local ~/.aws/credentials file with the values received earlier; subsequent calls to aws functions later on will find the access parameters there and pass them into the AWS gatekeeper.

Figure 4: The aws command-line client receives the key ID and secret key for future online access and saves it locally.

The call also defines region US-east-1 as the data center closest to you from among Amazon's selection of data centers worldwide. Not all data centers offer the same services; thus, you need to clarify in advance whether the nearest one meets all your requirements.

Server Trick

The sequence in Figure 5 creates a new S3 bucket to hold files (e.g., index.html) as a static test page and uses the sync command to drop the file into the bucket. The sub-command website then defines index.html as the web server's entry point and error.html as the error message file. After that, Amazon will happily serve up the page at the designated entry point, as if it were behind a normal web server (Figure 6).

Figure 5: The aws tool creates an S3 bucket, copies index.html to it, and configures the static website.

Figure 6: An index.html file in a newly created S3 bucket is used for a test web server.

It is your own responsibility to define easier-to-remember DNS records outside the amazonaws.com domain; a CNAME entry with your choice of provider will then point users to the cloud server.