A gateway for various cloud notification services.

pinpon is a gateway for various cloud notification services, such as the Amazon AWS SNS service.

Think of pinpon as a hub for dispatching notifications originating from multiple notification sources. Clients of the pinpon service create topics and send notifications via the REST-ish pinpon service, and the pinpon server takes care of the per-service details and communicating with the upstream cloud services.

Advantages of this approach, compared to programming directly to the individual notification services' interfaces, are:

• A common API for all supported notification services.

• The secret credentials required to communicate with each cloud notification service can be kept in a central location (namely, the pinpon server), rather than being distributed to each notification source host, therefore reducing the attack surface.

• Hosts which send notifications via the pinpon gateway can be firewalled from the public Internet. This is especially useful in IoT applications.

Currently-supported notification services:

• Amazon AWS SNS

pinpon

pinpon is a silly little service that implements an Internet-enabled doorbell in Haskell, using Amazon Simple Notification Service to notify subscribers that the button has been pushed. Effectively, it's a simple REST service which, when POSTed to, will send a notification to an SNS topic. You can then build a client application which subscribes to that topic and notifies the user when the doorbell has been pressed. No such client application is included in the pinpon package, but an iOS app may be made available at some point in the future.

The package provides a pinpon-gpio executable, intended for use on Linux systems with GPIO functionality. When the specified GPIO pin is triggered (e.g., via a momentary switch such as this one), pinpon-gpio will POST a notification to the specified pinpon server.

Why not simply build the Amazon SNS functionality into the pinpon-gpio executable and eliminate the pinpon REST service? Chiefly because the host system running the pinpon-gpio executable may be particularly vulnerable to physical attacks (after all, it is presumably hooked up to a doorbell button that is exposed in a public space). I did not feel comfortable storing my Amazon AWS credentials on such a device, nor even allowing such a device to communicate directly with the public Internet. By proxying the AWS access via a more physically secure host running the pinpon server on my internal network, I can better protect my AWS credentials and limit network access on the GPIO device to just the pinpon service.