Skip to end of metadata
Go to start of metadata

CSG workflow overview:

  1. Developers request access to AWS services that aren’t accessible through Farms: Lambda, Elastic Container Services (ECS), Route53, Glacier, API Gateway, Simple Notification Service (SNS), Simple Email Service (SES), Redshift, and DynamoDB

  2. Users with permission Account Management > Cloud Service Access Requests can view who has requested which services, and approve or deny access

  3. Developers whose request is approved get access to the endpoint, key, and secret they need to access the services. These keys and secrets work on the Scalr hosted endpoint which acts as an HTTP proxy, and Scalr handles the authentication to the cloud service.

  4. Applications use the service, and Scalr provides access via the CSG.

Please review the Client Configuration Requirements section at the bottom of this page to ensure proper application configuration.

End user experience:

An end user interested in using the Cloud Service Gateway will need to begin by ensuring they have appropriate rights, and then accessing their Environment of choice.  After gaining access to the environment, select the user drop down in the upper right corner of your display.  Next, select Cloud Services.

Within the Cloud Services Tab, you will see your currently active and pending requests.  We will initiate a new request by selecting Request Access:

You will then be presented with a dialogue box to select our target Cloud:

After selecting your desired Cloud, select one or more Cloud Services you need to access:

Once the request has been initiated, you will be returned to the Cloud Services Tab.  The new pending request will be presented in the list.  Once a request has been approved, select the Details icon to view additional details:

Access details will be presented in a new pop-up.  Use the information presented here to configure and leverage access to your approved Cloud Services:

Please Note: Upon initial Approval and access of the Details menu, a one time Secret Key will be provided to the end user.  This key MUST be saved as it will never be presented again.

All subsequent access of the Details page will show only usage details without the Secret Key:


Client configuration requirements:

Client must support SNI

API client / CLI must support SNI in order to establish a proper TLS connection with Cloud Service Gateway. If you don't have SNI support you'll get the following error client side: 

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)  

The server side error in the cloud-service-gateway.log would look like the following:

 << Cannot establish TLS with queue.amazonaws.com:443 (sni: None): TlsException('Cannot validate certificate hostname without SNI',)

AWS-CLI / AWS-SDK / Boto - Python 2.7.9+ and Python3 works without any need for additional configuration.

Please note: Regardless of AWS CLI version, you would still need Python 2.7.9+ due to the requirement for SNI support in Python.