Should the AWS Token Vending Machine be deployed on its own instance or can I merge it with my apps instance?

Question

I'm sorry if this is a weird question. I have read plenty of stuff to deploy my own server for an iphone application using amazon web services.

The Problem I am facing right now is that I want to use the Token Vending Machine system to give access to the mobile devices to upload or retrieve things from their respective accounts. So here is the structure I thought about:

1) The device connects to the TVM servlet to get temporary access to SimpleDB and S3.

2) The device will now authenticate itself against a simpleDB domain which contains users and passwords.

3) The server will send a Unique ID to the device.

4) The device will use this unique ID to upload a photograph on S3.

5) If the response from the upload is successful the device will now add some information which includes the unique ID and other fields on the SimpleDB.

My confusion is regarding the EC2 Instances that I require for this. I think I can use a single java app with servlets to do most of this procedure, but if I want to use the authentication with token vending machine should I launch a second instance? The example from amazon itself uses its own instance for the token vending machine and simply gets the authorization to access the databases directly. But I will need some server side logic which is why I need my own server side processing to redirect these Uploads and Downloads.

Additionally if someone would be so kind to tell me if this structure makes sense. I am totally new to server/database things, so I cant really tell what is a good structure. I have read the best practices and tips for the amazon services I need. But I'm still uncertain.

Thanks for your Feedback and support.

Answer 1

First of all, this structure makes sense. IMHO, there are at least two paths you can follow:

1) Performing a single deployment using Elastic Beanstalk.
If you choose this path, I think the simpler approach would be to follow most of the Token Vending Machine for Identity Registration - Sample Java Web Application from AWS, modifying the source code in order to add your server-side logic, by either changing the current servlets code or by adding one or more new servlets which will do the job. You can then build the .war and deploy it directly using Elastic Beanstalk, following the suggestions in the link above. A fundamental concept is that you can see Elastic Beanstalk as something as an "application server as a service", making several deployment aspects easier for you.

2) Launching one or more EC2 instances with the application server of your choice (Tomcat, JBoss, WebLogic, etc). This way, you will have more flexibility for designing the deployment of your application (an EC2 instance is much like a virtual machine in the cloud, and you can install pretty much what you want into it, configure firewall rules, etc.). You can either a)deploy the TVM in a separate instance, or b)in the same instance as b.1)either a new app or b.2)as the same app as your server-side logic (similar to the example using the Elastic Beanstalk).Your choice really depends on the size of your application, the expected load, the coupling between your code and TVM, among other factors.

Your question is very general, and you can follow more than one approach in order to accomplish what you want, so I thought I would give a general overview of two possible paths, hoping to help you taking the first steps. Don't hesitate to clarify whatever is not clear. Hope it helps.