Building Mobile Apps on AWS (Featuring Amazon Cognito, Amazon Mobile Analytics, Amazon SNS Mobile...

download Building Mobile Apps on AWS (Featuring Amazon Cognito, Amazon Mobile Analytics, Amazon SNS Mobile Push and more) - Jinesh Varia

of 75

  • date post

    23-Aug-2014
  • Category

    Internet

  • view

    6.114
  • download

    9

Embed Size (px)

description

Build powerful mobile applications using AWS Mobile Services. For the first time, we will discuss how mobile developers can leverage the new cross-platform AWS Mobile Services that we announced today. How they can authenticate and authorize their users using Amazon Cognito, user identity and data synchronization service. We will discuss how Amazon Mobile Analytics service collects, visualizes and understand your mobile app usage at scale, All this is available as a single unified and mobile-optimized easy-to-use SDK so developers can access these new services (and other services like S3, DynamoDB) with just a few lines of code on the client and without the need of owning backend servers. - http://aws.amazon.com/mobile

Transcript of Building Mobile Apps on AWS (Featuring Amazon Cognito, Amazon Mobile Analytics, Amazon SNS Mobile...

  • 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc. Building Cloud-powered Mobile Apps Now Featuring Amazon Cognito, Amazon Mobile Analytics and more Jinesh Varia 7/10/2014
  • How to build a mobile app today?
  • Authenticate users Authorize access Analyze User Behavior Store and share media Synchronize data Deliver media Store shared data Stream real-time dataTrack Retention Send push notifications Manage users and identity providers Securely access cloud resources Sync user prefs across devices Track active users, engagement Manage funnels, Campaign performances Store user-generated photos Media and share them Automatically detect mobile devices Deliver content quickly globally Bring users back to your app by sending messages reliably Store and query fast NoSQL data across users and devices Collect real-time clickstream logs and take actions quickly Your Mobile App
  • Introducing AWS Mobile Services Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push Kinesis Connector DynamoDB Connector S3 Connector SQS ConnectorSES Connector AWS Global Infrastructure (10 Regions, Availability Zones, 51 Edge Locations) Core Building Block Services Mobile Optimized Connectors Mobile Optimized Services Your Mobile App, Game or Device App AWS Mobile SDK, API Endpoints, Management Console Compute Storage Networking Analytics Databases Integrated SDK
  • Cross-platform, Optimized for Mobile Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push Kinesis Connector DynamoDB Connector S3 Connector SQS ConnectorSES Connector User identity & data synchronization service Store any NoSQL data and also map mobile OS specific objects to DynamoDB tables Fast cross-platform Analytics & reporting Service Powerful Cross-platform Push notification service Recorder that can handle intermittent network connection Easily upload, download to S3 and also pause, resume, and cancel these operations Send email reliably from device Access distributed buffering and queuing service
  • Fully Integrated AWS Mobile SDK Common authentication mechanism across all services Automatically handle intermittent network connections Cross-platform Support: Android, iOS, Fire OS (Unity, PhoneGap, Cordova coming soon) Native SDKs optimized for Mobile OS, for example, uses the local offline caching architecture Reduced memory footprint; Pick and choose the service jars you need
  • Authenticate users Authorize access Analyze User Behavior Store and share media Synchronize data Deliver media Store shared data Stream real-time dataTrack Retention Send push notifications Manage users and identity providers Securely access cloud resources Sync user prefs across devices Track active users, engagement Manage funnels, Campaign performances Store user-generated photos Media and share them Automatically detect mobile devices Deliver content quickly globally Bring users back to your app by sending messages reliably Store and query fast NoSQL data across users and devices Collect real-time clickstream logs and take actions quickly Your Mobile App
  • Authenticate users Authorize access Analyze User Behavior Store and share media Synchronize data AWS Mobile SDK Amazon Mobile Analytics Deliver media Amazon Cognito (Sync) AWS Identity and Access Management Amazon Cognito (Identity Broker) Amazon S3 Transfer Manager Amazon CloudFront (Device Detection) Store shared data Amazon DynamoDB (Object Mapper) Stream real-time data Amazon Kinesis (Recorder) Track Retention Amazon Mobile Analytics Send push notifications Amazon SNS Mobile Push Your Mobile App
  • Authenticate users: Amazon Cognito
  • Introducing Amazon Cognito Cross-device and Cross-platform Sync Securely access AWS services from Mobile device Simplifies Identity and Access Management Implement security best practices Your App data is secure, available offline, and kept in sync between devices Asynchronously sync user data across devices and platforms Manage unique identity for your user across identity providers Guest
  • Identity Providers Unique IdentitiesJoe Anna Bob Any Device Any Platform Any AWS Service Helps implement security best practices Securely access any AWS Service from mobile device. It simplifies the interaction with AWS Identity and Access Management Support Multiple Login Providers Easily integrate with major login providers for authentication. Unique Users vs. Devices Manage unique identities. Automatically recognize unique user across devices and platforms. Amazon Cognito Identity Mobile Analytics S3 DynamoDB Kinesis
  • Amazon Cognito for Unauthenticated Identities Unique Identifier for Your Things Headless connected devices can also securely access cloud services. Save Data to the Cloud Save app and device data to the cloud and merge them after login Guest User Access Securely access AWS resources and leverage app features without the need to create an account or logging in Visitor Preferences Cognito Store Guest EC2 S3 DynamoDB Kinesis
  • Private Beta Customer: Location-aware Music App Use Case: Soundtracker is the first geosocial music network allowing people to listen and share their own music stations. By geolocalizing these stations and synching data across device and across OSs, users will have enhanced user experience that listen to what is being streamed around them, and pick up from where they left off. User Preferences Stations Music Albums Authenticated User Guest
  • Getting Started with Cognito in 3 steps Sign up for AWS Account and login to AWS Management Console Download and integrate the Mobile SDK and store and sync user data in a dataset Create identitypool for authenticated and unauthenticated users in the AWS Console
  • Demo: Amazon Cognito Console
  • Amazon Cognito Security Set granular access permissions on AWS resources Get fine-grained access control to cloud resources. Safeguard AWS Credentials No need to embed credentials in the app anymore. Get least-privileged temporary credentials. Helps implement security best practices Securely access any AWS Service. It simplifies the interaction with Security Token Service and removes the need of Token Vending Machine EC2 S3 DynamoDB Kinesis
  • Amazon Cognito Security Architecture User ID (Temp Credentials) DynamoDB End Users Developer App w/SDK Access to AWS Services Cognito Identity Broker Login OAUTH/OpenID Access Token Cognito ID, Temp Credentials S3 Mobile Analytics Cognito Sync Store AWS Management Console Access Token Pool ID Role ARNs
  • Authorize access: Amazon Cognito + AWS IAM + Fine- grained access control
  • Amazon Cognito (Identity Broker) Identitypool Identity Providers Pool of identities that share the same trust policy Access Policy Access to AWS Services identitypool Unauthenticated Identities authenticated identities AWS IAM Roles AWS Account Web Identity Federation S3 DynamoDB Get Delete Put
  • Access Policy for the IAM Role {! "Effect":"Allow",! "Action":["s3:*"],! "Resource":"*"! }! ! {! "Effect": Deny",! "Action": ["dynamodb:*"],! "Resource": "*"! }! ! {! "Effect": "Allow",! "Action": [cognito-sync:*"],! "Resource": "*"! }! Allow Actions: All S3, Sync store Operations Resource: All resources within these services Deny Actions: All DDB Operations Resource: All resources
  • Access Policy Restriction {! "Effect":"Allow",! "Action":["s3:PutObject","s3:GetObject","s3:DeleteObject",! !"s3:ListMultipartUploadParts","s3:AbortMultipartUpload"],! "Resource":"arn:aws:s3:::BUCKET_NAME/*"! } ! {! "Effect":"Allow",! "Action":["s3:ListBucket","s3:ListBucketMultipartUploads"],! "Resource":"arn:aws:s3:::BUCKET_NAME"! }! {! "Effect": "Allow",! "Action": ["dynamodb:GetItem", "dynamodb:Query", "dynamodb:PutItem"],! "Resource": [ "arn:aws:dynamodb:REGION:123456789:table/TABLE_NAME", ! ! "arn:aws:dynamodb:REGION:123456789:table/TABLE_NAME/ ! !index/INDEX_NAME" ]! }! ! Allow Actions: Certain operations Resource: One bucket, table ..
  • Access Policy Restriction {! "Effect":"Allow,! "Action ["s3:PutObject","s3:GetObject","s3:DeleteObj ect,s3:ListMultipartUploadParts","s3:AbortMultipart Upload"],! "Resource":"arn:aws:s3:::BUCKET_NAME/Bob/*"! } ! {! "Effect":"Allow",! "Action":"s3:ListBucket",! "Resource":"arn:aws:s3:::BUCKET_NAME",! "Condition":{"StringLike":{"s3:prefix":Bob/"}}! }! {! "Effect":"Allow",! "Action":["s3:ListBucketMultipartUploads"],! "Resource":"arn:aws:s3:::BUCKET_NAME"! }! Allow Actions: Certain operations Resource: Within a bucket with specific prefix (user)