Roblo3 - Unofficial Amazon Web Services SDK for Roblox Lua

Roblo3 - Unofficial AWS SDK for Roblox

Security Disclaimer

Security Disclaimer

It’s no secret that, at best, Roblox has lackluster security tools available for securely storing protected secrets, such as API credentials. For many services, this lackluster security, while not necessarily acceptable, is (for all intents and purposes) “look-the-other-direction-able”, mainly because such services cannot easily rack up high (shockingly high) costs in short periods of time.

However, with AWS, very high costs can be incurred in rather short periods of time (sometimes just overnight while you’re sleeping) without much notice if AWS credentials are compromised. As such, it is up to you (or your development team) if such a risk is acceptable when using the Roblo3 SDK. Additionally, it is up to you to secure your AWS credentials as best as possible, both on the Roblox-side through safe storage of any scripts containing security credentials and the AWS-side through AWS’ Identity and Access Management dashboard.

The Roblo3 Documentation has more information here about how to best secure your credentials from the AWS-side.

Security tips will continue to be added to the documentation over time as best practices are refined and as new Roblox services are added.

Introduction

Introducing Roblo3, an unofficial Amazon Web Services Software (or rather, game) Development Kit for Roblox Lua.

Roblo3 allows for integration of supported AWS Services into your Roblox games, allowing you to leverage the power and extensibility of Amazon Web Services with relative ease.

Roblo3 is different from other AWS integrations by not using what most people would use: an Amazon API Gateway. Instead, Roblo3 makes use of the AWS API Endpoints (ex. https://dynamodb.us-west-2.amazonaws.com).

Roblo3 automatically sends and receives payloads to the AWS API Endpoints; automatically generating authorization signatures that conform to AWS Signature Version 4, and automatically parsing and translating responses from the API Endpoints into data natively useable by your scripts.

Additionally, Roblo3 is also open source, allowing all to contribute feature requests, bug reports, as well as review of the code base for security vulnerabilities and even contributions to the code base.

Roblo3 aims to support as many AWS services as possible over time, as well as support as much of each service’s API as possible. More AWS services (and more actions for existing integrations) will be added as time goes on. Note that some services may not be integrated due to limitations posed by either Lua 5.1 or the Roblox Engine.

Supported Services

Supported Services

Services currently supported by the Roblo3 SDK:

  • Amazon DynamoDB (support for basic CRUD operations and GetTableInfo only)

Planned Services

Planned Services

Services currently planned to be integrated (not necessarily in order):

  • AWS Lambda
  • Amazon Simple Queue Service
  • Amazon Simple Notification Service
  • Amazon CloudWatch Logging

Roblo3 makes use of BoatBomber’s HashLib module, found here. Go support him and/or the module; without the HashLib module, the making of Roblo3 would not have been possible.

Links

Getting Started

To get started, download the .rbxmx file from the latest GitHub release and put it into a test place you have available. Follow the instructions found on the documentation here to access the Amazon Resource Name of a DynamoDB table named TestTable in your account; you will likely need to setup a table named TestTable in DynamoDB via the Management Console prior to you getting started.

Other

Why did I make this?

I chose to make this because, as a Web Developer, I love making websites interact with Roblox; and I especially love making websites interact with Roblox that really…probably shouldn’t interact (or at least, not interact easily, as is the case with AWS and Roblox).

Additionally, I’ve always wanted to be able to use Amazon DynamoDB with Roblox without resorting to using API Gateways, mainly due to API Gateways being fairly expensive when used at scale. Because of this, I wanted to integrate DynamoDB first so I can play around with it in Roblox; not to mention, it’s likely one of the more useful services available to be used inside of Roblox.

Why not use an API Gateway?

Don’t get me wrong, Amazon API Gateways are awesome. They allow you to build your own API with your own data that conforms to what you need it to do. However, as mentioned in the previous question, API Gateways can be expensive at scale; $1.00 USD per 1 million requests may not sound expensive, but when used at scale, they can be quite expensive. (This is especially the case if you needed to, for example, call an API every time a player joins or leaves; for instance, if you integrated with an external database.)

How can I trust you?

tl;dr: If you don’t trust me, then don’t. Go verify for yourself that I haven’t added anything nefarious.

I realize that I’m a fairly new developer to the Roblox community (though I have been playing on Roblox since the beginning of 2012); and thus, my trustworthiness is questionable at best. However, for those who know me, I have always been a security-freak; I use strong passwords everywhere, 2FA wherever possible, and a password manager, just to name a few things I do.

I completely understand you if you don’t trust that I haven’t implemented a backdoor or some way for the SDK to send your keys to some external storage resource for me to use. And, if you don’t trust me, then don’t. A good practice with anything of a sensitive nature is always verify for yourself that things are (or aren’t) the case.

In this case, you can trust that I haven’t implemented either a backdoor or access-key-scavenger (my intermediate-at-best programming skills aside), but you can also verify that I haven’t added nefarious things yourself by looking at the source code; it is open source.

Do I need an AWS account to use this?

I would hope the answer to this question is obvious, but just to cover my bases:

Yes, an Amazon Web Services account is required to make use of the Roblo3 SDK. The Roblo3 SDK does not provide access to any test account of any sort; it makes use of AWS security credentials you provide.

Why the name `Roblo3`?

“Roblo3” was chosen as the name as a reference to the official AWS SDK for Python: Boto3. I chose the name “Roblo” because this SDK is made for Roblox, and the “3” at the end because…Boto3 did it.

Can you help me setup something in my AWS account?

Of course! Although I’m neither an export in AWS nor an AWS Solutions Architect, I’m absolutely in love with AWS currently, and I’m more than willing to help you setup something that makes use of the SDK (or an API Gateway if the SDK doesn’t support the service (and I’ll help you transition when/if the SDK does eventually support the service)) and an AWS service.

For your security, I will only help you via messages (either her or Discord); I will never access your AWS account directly.

What are some possible uses for this?

I’m glad you asked!

While I was adding integration with DynamoDB, I thought about what you might want to use the Roblo3 SDK for, and here are two things I came up with:

  • A “backup” system for Roblox’s DataStoreService (DSS). This would essentially save to and load from both DSS and DynamoDB, providing a way of checking to see if data was saved correctly and allowing user recovery if data was lost in one service and not the other. If you combined this with DataStore2 (or perhaps UpdateAsync from DSS), as well as DynamoDB Point-in-time-Recovery and/or On-Demand backups, you could have a very reliable and durable data storage system for player data.* (I may build a module like this in the future…who knows?)
  • Access data for a custom Discord bot that manages ranks based on XP (or something similar). In other words, if you rolled your own Discord bot that managed ranks based on XP and stored its data in a DynamoDB table, you could access that data and show it to users in game–all without resorting to a moderately expensive API Gateway.

*Note that a solution like this does nothing to prevent data load/save failures if DynamoDB itself experiences degraded performance. As mentioned in a couple forum posts before (here and here), Roblox uses DynamoDB under the hood to store all data sent to the DataStoreService. By using the DataStoreService, you are technically using DynamoDB, you just don’t have access to the data outside of your game. Additionally, if DynamoDB experiences any degraded performance or downtime, these will be propagated to the DataStoreService. In order to mitigate this, you’d need to integrate with a service such as MongoDB Atlas (or your own MongoDB server), Google Cloud Firestore, or your own SQL/NoSQL server.

Final Message

If you make anything cool with the Roblo3 SDK, be sure to post it below!

I’ll also post new releases down below, as addendums to this original post, and as new releases on the GitHub. The models will always be posted on GitHub as well as here.

If you’d like to help contribute to the project, you can follow the directions outlined in the documentation here to help out.

Lasly, if you have any further questions, feel free to message me here or on Discord. (My username on Discord is tycoonlover1359#6970.)

Happy developing!

23 Likes

This is a really cool application of my HashLib! Glad to see you passing down that open source love!

8 Likes

I was wondering if you’d be able to include hypothetical examples of AWS integration with Rōblox games within the body of your original post. As a developer primarily experienced with the Rōblox ecosystem, I don’t know of any services they offer that would make me want to create an account with AWS just to add to my game - and neither would most of us.

Moreover, the only piece of your project documented is DynamoDB, which is an excessively costly way to store data. CheckMeIn 3.1 for example uses Trello to track its licensees - and to my limited knowledge, it’s absolutely free to create an app on that site.

I apologize in advance for the long wall of text.

Tl;dr

First point:

  • Backup system for Roblox’s DataStoreService
  • Access DynamoDB tables that are used primarily by other programs or resource (i.e, Discord bots)

Second point:

  • Trello ~= DynamoDB; I caution you against (A) comparing them like this and (B) implementing them in similar applications
  • DynamoDB isn’t the cheapest option available, but for most applications DynamoDB would likely be fine
  • Rolling your own solution is almost always cheaper than using a cloud computing platform, but you do lose out on various benefits.
    • Since we’re on Roblox, you could just spend nothing by not using cloud platforms; Roblox itself is probably good enough for most games.

Final message:

  • I don’t intend to get you to buy these services; I apologize if it sounds like I am
  • I only want to provide a tool for people who want to integrate with these services, and provide counterarguments to people’s points

I’ll do that both here and there. Anyway…

Over the course me implementing DynamoDB, I came up with two potential use cases, though there are likely more (I’m just not creative enough to think of them…):

  • One use case might be as a “backup” system to Roblox’s own DataStoreService (DSS) . That is to say, you could build a module that loads a player’s data from both DSS and DynamoDB, and then compares them. If a discrepancy is found, the game could prompt the player to choose which data they want to keep and which to discard. Combine this with DataStore2 (or maybe even DSS’s own UpdateAsync) and you could have a very reliable and durable data storage system for player data.*
  • Another use case might be if you wanted to access, for example, your Discord bot’s database from your Roblox game (of course, you’d need to have saved your Discord bot’s data in DynamoDB first). If, for example, you rolled your own bot that automatically ranks users based on the amount of XP they have, you could use this SDK to access the amount of XP they have while they’re in game.

These are just a couple potential uses.

*I should not that this would do nothing to prevent data save failures if DynamoDB itself went kaput for a few hours. I don’t believe it’s well known, but the DataStoreService uses DynamoDB as its storage system; effectively, by using DataStoreService, you are technically already using DynamoDB…you just don’t have access to the data outside of your game. In order to mitigate this, you’d have to integrate with something like MongoDB Atlas (or your own MongoDB server), Google Cloud Firestore, or your own SQL/NoSQL server, just to name a few alternatives.

I caution you against comparing DynamoDB to Trello here. From what I’ve heard, Trello is not a reliable database beyond a few hundred (or maybe a thousand or so) cards (cards in this case would be the closet equivalent of a document in a NoSQL database or a row in an SQL database). Moreover, Trello is not a database service and should not be relied upon for such a use case, especially if you have a large dataset; at its heart, Trello is a project/task management solution for individuals and teams.

For smaller datasets, Trello likely works fine. In your example, CheckMeIn 3.1 is likely able to get away with using Trello as its primary database because it won’t have more than a few hundred cards to deal with.

On the flip side, I currently help to manage the Roblox Library (I’m a current Library Manager there). Before I joined the Roblox Library as a librarian back in August of 2016, the library used to have a “computer” where users could submit their books to the library. This computer was hooked up to a Trello board and would create a card every time a new submission was added. I take that, for a while, this solution worked, until they grew and could not keep up with the demand for submissions and cards began piling up. There came a point (I think they had a couple thousand cards at the point, mind you) where the Trello board could no longer be opened due to the number cards that had to be loaded in from Trello. I’m fairly sure these submissions had to be thrown out since there simply wasn’t an easy way of interacting with the board that wasn’t a lag-fest (assuming you managed to open the board at all).

Trello is fine for things like managing admins in an admin script such as Adonis of Kohl’s Admin. This is especially the case since these scripts will mostly be doing reads from the Trello board; very little writing will ever be done. However, if you’re a web developer like me, there will come a time where you will need to use a proper database service like DynamoDB (or even a friendlier solution like Airtable) to store data, as Trello (or its alternatives) simply will not suffice for one reason or another.

Another point you brought up was the cost of DynamoDB. DynamoDB is not that expensive all things considered. It is not the cheapest (Google Cloud Firestore has a lower per-gigabyte cost of storage), but it is cheap to an extent. 25 cents USD per gigabyte stored (beyond your first 25 gigabytes) might sound like a lot, but remember that it’s unlikely for your per-user storage usage to exceed even 1 MB of data; unless you’re storing a large amount of serialized data (i.e., you’re recreating Restaurant Tycoon 2 or Miner’s Haven, just to name a couple places), you’re unlikely to even break a 1 KB of data (this is especially the case if you’re storing simple text, such as the amount of cash someone has).

I should note that I am ignoring the cost of data egress (data transfer out) from AWS. Many, if not all, cloud computing platforms (GCP, Microsoft Azure, and IBM Cloud included; not just AWS) implement data egress charges. Data ingress (data transfer in) is usually free; data egress is what costs money. For AWS, data egress is 9 cents per gigabyte out to the internet, beyond your first gigabyte out per month.

AWS and other cloud platforms are by no means the least expensive way of handling, utilizing, and storing player data. A solution that you do yourself with hardware and software that you own will almost always be cheaper in the long run than integrating with a cloud computing platform. However, you are missing out on features that cloud computing does provide (here are just a few):

  • No need to manage, upgrade, and maintain hardware or software (in fully managed services, anyway);
  • Data stored in these services is highly available and highly durable (these are, respectively, whether or not you can access the data and whether or not the data will exist far in the future);
  • No need to worry about things like DoS/DDoS against your own IP address or server;
  • Service Level Agreements that entitle you to small refunds if you use a service that experiences degraded (or downright unavailable) performance for long periods of time (and you don’t need to worry about figuring out how to fix services that go down; you only need to be patient as their technicians and engineers figure everything out).

I believe I’ve covered most of the points you raised. I should note that I don’t intend on getting you to buy into these services, and I apologize if it sounds like I am; if you don’t want to integrate with AWS (or any other cloud platform), then don’t. I’m merely providing a tool to allow people who do want to integrate with AWS a way of doing so, and also providing counterarguments (for lack of a better word) based on points raised by others in the community.

Happy developing,
~Tycoon

Again, I apologize for the long wall of text. I think this is my longest post yet…

3 Likes

Thank you for bringing me that long wall of text (though it’s funny how you’ve written more for my reply than in the original post). I’m quite assured you were able to explain your counterarguments clearly. AWS however doesn’t just stop at databasing though - and I think you’ve written that to work with Roblo3. The main issue is lack of documentation on your end. Machine-learning enthusiasts and cryptography experts alike might consult the official AWS docs to discover what endpoints they would utilise for their projects. For this reason, I believe you should write additional code examples that use other libraries.

Ohhh…I see what happened now.

I guess I haven’t quite made it clear that, as of version 1.0.0., Roblo3 only supports DynamoDB, hence why all my examples and documentation only refer to it; my apologies for implying differently–I’ve attempted to make this clearer in the original post.

I’m currently in the stages of getting the core functionality of Amazon Simple Queue Service working (i.e., sending and receiving messages), and will be getting the core functions of Lambda, Simple Notification Service, and CloudWatch Logging up soon (these…on the surface anyway, appear to be fairly simple to get working…then again, I also thought that about DynamoDB and then proceeded to spend 4 days getting CRUD operations working… :expressionless: ).

I certainly plan on adding support for the AWS Machine Learning endpoints, as well as pretty much the rest of AWS wherever possible (i.e., storage-related services like S3 might be read-only or non-existent from the SDK, since Roblox has disabled file system manipulation).

2 Likes

Just wanted to see if this was still being updated or supported - I have just started dipping my toes into the AWS environment (at a practitioner level), but I really do believe that AWS’s integration with other services makes it quite attractive, especially for a small team that cannot focus on database operations daily.

One question about Roblo3 - would it be possible to connect to the DynamoDB Local server? I know that it is possible to run a localized DyanmoDB using Docker, and it would be really useful to test out the schemas and possible server interactions without incurring unnecessary costs.

I’m assuming the underlying problem you’re solving is that you want to mock AWS while testing your game?

If so, you’ll want to look at https://github.com/localstack/localstack. You can then point your URL at your localstack instance instead of actual AWS in the module, and it should function the same. There are lots of tutorials online about how to use localstack.

1 Like

Thank you for the reply, will check out the repository. Seems very similar, if not the same as the approach that I was told about.

To clarify, my question is whether or not Roblo3 would accept a local endpoint URL as a parameter, similar to Boto3. The reason I ask is because I didn’t really see the endpoint parameter defined in the init.lua file, other than the basic accesskeyid/secretaccesskey/regionname parameters.

1 Like

Heh…updates…what are those? I should probably do one…eventually…

Anyhow, to answer your question, if the feature isn’t already there I could probably implement it (and probably should) and, assuming Roblox Studio does allow requests to go to local IP addresses (i.e., https://localhost:1234/), then it should work.

Just remember to ensure there’s a difference between your production and development environments (and, more importantly, the endpoints they hit). Attempting to hit https://localhost:1234/ from a Roblox Server (such as if you’re doing a test outside of Studio) will almost certainly error.