License key generation request is logged to CloudWatch for auditing purposes.Lambda function uses data sent in the REST payload to generate a message and signs the message using a private key within KMS.
API Gateway invokes a lambda function to generate a license key.Lambda authorizer validates the token with Okta.API Gateway sends the auth token to a Lambda authorizer function.Client sends request with auth token to licensing REST API hosted on API Gateway.AWS Cloudwatch for system logging and asymmetric key usage auditingĪnd here are the steps our employees take to create the license keys:.AWS Key Management Service (KMS) to manage our asymmetric key and run cryptographic algorithms.Imply is currently a heavy AWS shop, so we decided to go with AWS serverless functionality using the following components: It’s easy to use, has implicit high availability, and is self auto-scaling and -provisioning. In light of all this unused CPU time, a serverless architecture looked attractive. A licensing service isn’t something that requires constant access by a user.
While some services may need to handle high throughput or sustainable traffic all day, our licensing service would be used relatively infrequently. In deciding which architecture to use, we looked at the assumed traffic for the service. Also, having the private key held by a third party somewhat defeats the object. We decided to build the service ourselves, as there aren’t that many available off the shelf.
News Capturing the spotlight on Imply and Druid in the news.Īs with any company producing software for commercial use, we want to protect it from unauthorized access and prevent it from being pirated.
Partners Building an ecosystem to support modern analytics applications.Values Discover what makes Imply shine…Our Imployees and shared values.Company Explore Imply and get to know our story and leaders.