Amazon AWS

Functional Specification

Version 0.1

Owner: Mihai Tusa

 Functional Specification

1 Table of Contents
Introduction .................................................................................... Error! Bookmark not defined.

General Description.......................................................................................................................................3

Scope .............................................................................................................................................................4

User Stories ............................................................................................................................... 5

User story name #1 - #n ................................................................................................................................5

Non Functional Requirements .................................................................................................... 8

Security ..........................................................................................................................................................8

Reviewers .................................................................................................................................. 8

Confidential Page 2 of 8
 Functional Specification

INTRODUCTION
General description
Amazon Web Services (AWS) is a secure cloud services platform, offering compute power,
database storage, content delivery and other functionality to help businesses scale and grow. It used
to build sophisticated applications with increased flexibility, scalability and reliability.

Amazon AWS has a modular architecture with various services. Our interest are in following
areas:

1. Elastic Compute Cloud EC2;

2. Identity and Access Management - IAM
3. Simply Storage Service - S3
4. Virtual Private Cloud VPC

Elastic Compute Cloud - EC2

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute
capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
Amazon EC2s simple web service interface allows you to obtain and configure capacity with minimal
friction. It provides you with complete control of your computing resources and lets you run on
Amazons proven computing environment. Amazon EC2 reduces the time required to obtain and
boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as
your computing requirements change. Amazon EC2 changes the economics of computing by
allowing you to pay only for capacity that you actually use. Amazon EC2 provides developers the
tools to build failure resilient applications and isolate themselves from common failure scenarios.
Requests sent to EC2 are made through EC2 API using SOAP protocol. EC2 API can be obtained from
a context builder within JClouds library.

Identity and Access Management - IAM

AmazonS Identity and Access Management (IAM) is a web service that helps you securely control
access to AWS resources for your users. You use IAM to control who can use your AWS resources
(authentication) and what resources they can use and in what ways (authorization).Requests sent
to EC2 are made through EC2 API using SOAP protocol. EC2 API can be obtained from a context
builder within JClouds library.

Confidential Page 3 of 8
 Functional Specification

Simple Storage Service S3

Amazon Simple Storage Service (S3) is storage for the Internet. It is designed to make web-scale
computing easier for developers. Amazon S3 has a simple web services interface that you can use
to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any
developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure
that Amazon uses to run its own global network of web sites. The service aims to maximize benefits
of scale and to pass those benefits on to developers. There are several core concepts of Amazon S3,
such as buckets and objects, and a certain way to work with these resources using the Amazon S3
application programming interface (API).

Virtual Private Cloud VPC

Amazon Virtual Private Cloud (VPC) enables you to launch Amazon Web Services (AWS)
resources into a virtual network that you've defined. This virtual network closely resembles a
traditional network that you'd operate in your own data center, with the benefits of using the
scalable infrastructure of AWS.

Scope
Operations Orchestration Content Amazon integration uses an old library called Symphony
and also a combination of flow steps filled with JavaScript to format the request headers and
perform Amazon signature on them.

In long term we want to have an Amazon integration that uses a generic and open-sorce library
named JClouds (by Google) that can handle the latest signature mechanism, to provide a neat
encoding easier to understand, follow and contribute on it from others.

In the short term we need to provide to our partners operations that are in open-source
repository and that can be reused in their products. For now we need to cover provisioning scenarios
that are related to Amazon AWS EC2 area (Instances, Images, Volumes) and VPC area (Network).
For the moment the S3 and IAM areas are out of scope.

Confidential Page 4 of 8
 Functional Specification

USER STORIES

Operations
Each operation will have at least the below inputs depending on API. If a API call needs more
inputs than the default ones, we will get in details on each one later on:

Inputs:
provider: required - Cloud provider on which the instance is
endpoint: required Endpoint to which first request will be
identity: optional - Amazon Access Key ID
credential: optional - Amazon Secret Access Key corresponding to the Amazon Access Key ID
proxy_host: optional - proxy server used to access provider services
proxy_port: optional proxy port used to access provider services
region: optional region where instance resides or operation took place

Outputs:
return_result: The operation outcome including execution logs.
return_code: If the operation succeded will return 0, otherwise will return -1.
error_message: error message if there was an error when executing, empty otherwise.

1. EC2 API - Instances

An instance is a virtual server in the cloud. Amazon EC2 provides a wide selection of instance
types optimized to fit different use cases. Instance types comprise varying combinations of CPU,
memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix
of resources for your applications. Each instance type includes one or more instance sizes, allowing
you to scale your resources to the requirements of your target workload.
Methods that associated with EC2 API Instances are showed in image bellow. Those methods
allow us to implement (besides other actions):
1.1. Describe Instances in Region with Advance Filtering Support (already implemented
AGM 12788);
1.2. Run Instances in Region (already implemented, needs to be enhanced);
1.3. Terminate Instances in Region (already implemented);

Confidential Page 5 of 8
 Functional Specification

1.4. Modify Instance Attribute (already implemented);

1.5. Start Instances in Region (already implemented);
1.6. Stop Instances in Region (already implemented);
1.7. Reboot Instances in Region (already implemented).

2. EC2 API AMIs

An Amazon Machine Image (AMI) provides the information required to launch an instance. An
AMI is needed to launch an instance. Many instances can be launched from a specified AMI. Also
instances can be launched from many different AMIs.

An AMI includes the following:

A template for the root volume for the instance (for example, an operating system, an
application server, and applications)
Launch permissions that control which AWS accounts can use the AMI to launch instances
A block device mapping that specifies the volumes to attach to the instance when it's
launched

Methods that associated with AMI API are showed in image bellow. Those methods allow us to
implement (besides other actions):
2.1. Create Image in Region (already implemented bucket AGM 12791);
Confidential Page 6 of 8
 Functional Specification

2.2. De-register Image in Region (already implemented bucket AGM 12791);

2.3. Describe Images in Region with Advance Filtering Support (currently under development
AGM 12789);
2.4. Get Launch Permissions for Image in Region (already implemented bucket AGM
12791);
2.5. Add Launch Permissions to Image in Region (already implemented bucket AGM
12791);
2.6. Remove Launch Permissions for Image in Region (already implemented bucket AGM
12791);
2.7. Reset Launch Permissions for Image in Region (already implemented bucket AGM
12791).

3. EBS API Volumes

An Amazon EBS volume is a durable, block-level storage device that you can attach to a single
EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates,
such as the system drive for an instance or storage for a database application. EBS volumes persist
independently from the running life of an EC2 instance. After a volume is attached to an instance,
you can use it like any other physical hard drive. Amazon EBS provides the following volume types:
General Purpose SSD (gp2), Provisioned IOPS SSD (io1), Throughput Optimized HDD (st1), Cold HDD
(sc1), and Magnetic (standard). They differ in performance characteristics and price, allowing you to
tailor your storage performance and cost to the needs of your applications.

We need to implement:
3.1. Attach Volume (AGM 12373);
3.2. Detach Volume (AGM 12374);
3.3. Create Volume (AGM 12372);
3.4. Create Volume from Snapshot (AGM 12375).

Confidential Page 7 of 8
 Functional Specification

4. EBS API Snapshots

After writing data to an EBS volume, you can periodically create a snapshot of the volume to
use as a baseline for new volumes or for data backup.

We need to implement:

4.1. Create snapshot (AGM 12376);

4.2. Delete snapshot (AGM 12377).

NON FUNCTIONAL REQUIREMENTS

Security

The Amazon AWS security relies on signature mechanism that is described here:
http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html#signing-
request-intro

REVIEWERS
1. Revnic Lucian FA CloudSlang;
2. Musca Lucian Security owner;
3. Peer Meshi CloudSlang Manager;
4. Dinita Adrian R&D Manager.

Obs.: Everybody is invited to make comments, give feedback on this FS or related to the
operations that are already implemented.

Confidential Page 8 of 8