SimpleDB direct client access

One of the useful things about S3 for content storage is that a client can directly make a direct HTTP request to download the object. For instance, this is how Twitter serve up avatar images.

SimpleDB provides an HTTP interface to data. Rather than having to write a proxy that sits inbetween SimpleDB and the client, is it possible for client software (i.e. desktop, mobile) to make calls to read values from a SimpleDB domain, without sharing cred开发者_如何学运维entials that shouldn't be shared? Or is a proxy in-between the only way to go?

Unfortunately there is still no secure way to do this. Not only does this make the untrusted desktop/mobile use case much more difficult than it ought to be, it also does the same for the flash/silverlight client.

I have repeatedly made the request to AWS that they enable the same sort of fine grained access controls that are available in SQS, including the policy language and permission grants to the various criteria like account, IP address, date ranges, etc.

I only hope they decide to implement it.

You can now do this with WebServius (which basically acts as a proxy between SimpleDB and the clients accessing the data). See http://blog.webservius.com/2010/09/14/introducing-amazon-simpledb-integration/

An inexpensive/free tier micro EC2 instance can now also be used to host your own proxy to SimpleDB, with less latency than hosting elsewhere.