In this talk from the Dublin Websummit 2014 AWS Technical Evangelist Danilo Poccia discusses building mobile apps on AWS.
This talk includes an introduction to the AWS mobile services that were launched earlier in 2014 and how you can use these services to fulfill common application functions such as authenticating users, synchronizing data and analyzing user behavior, as well as providing direct access to other AWS services from with your Android or iOS applicatons.
3. Authenticate users
Manage users and
identity providers
Authorize access
Securely access
cloud resources
Sync user prefs
across devices
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Send push notifications
Store shared data
Track active users,
engagement
Track Retention Stream real-time data
Manage funnels,
Campaign performances
Store user-generated photos
Media and share them
Automatically detect mobile devices
Deliver content quickly globally
Bring users back to your app by sending
messages reliably
Store and query fast NoSQL data
across users and devices
Collect real-time clickstream logs
and take actions quickly
Your
Mobile
App
4. Authenticate users
Amazon Cognito
(Identity Broker)
Authorize access
AWS Identity and
Access Management
Analyze User Behavior
Store and share media
Synchronize data
AWS Mobile SDK
Amazon Mobile
Analytics
Deliver media
Amazon Cognito
(Sync)
Amazon S3
Transfer Manager
Amazon CloudFront
(Device Detection)
Store shared data
Amazon DynamoDB
(Object Mapper)
Stream real-time data
Amazon Kinesis
(Recorder)
Track Retention
Amazon Mobile
Analytics
Send push notifications
Amazon SNS
Mobile Push
Your
Mobile
App
5. Introducing AWS Mobile Services
Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push
Kinesis Connector DynamoDB Connector S3 Connector SQS Connector SES Connector
AWS Global Infrastructure (10 Regions, Availability Zones, 51 Edge Locations)
Mobile Optimized
Services
Mobile Optimized
Connectors
Core Building Block
Services
Your Mobile App, Game or Device App
AWS Mobile SDK, API Endpoints, Management Console
Compute Storage Networking Analytics Databases
Integrated SDK
6. Cross-platform, Optimized for Mobile
User identity &
data synchronization
service
Fast cross-platform
Analytics & reporting
Service
Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push
Kinesis Connector DynamoDB Connector S3 Connector SQS Connector SES Connector
Store any NoSQL
data and also map
mobile OS specific
objects to
DynamoDB tables
Powerful Cross-platform
Push notification service
Recorder that can
handle intermittent
network connection
Easily upload,
download to S3 and
also pause,
resume, and cancel
these operations
Send email
reliably from
device
Access
distributed
buffering and
queuing service
7. Fully Integrated AWS Mobile SDK
• Common authentication mechanism across
all services
• Automatically handle intermittent network
connections
• Cross-platform Support: Android (with Maven
support), iOS, Fire OS, Xamarin
• Native SDKs optimized for Mobile OS, for
example, uses the local offline caching
architecture
• Reduced memory footprint; Pick and choose
the service jars you need
9. Amazon Cognito
“Your App data is secure, available offline, and kept in sync between devices”
Simplifies Identity and
Access Management
Securely access all
AWS services from
Mobile device
Cross-device and
Cross-platform Sync
Implement security best
practices
Synchronize user’s data
across devices and
platforms
Guest
Your own
Auth
Manage users as
unique identities across
identity providers
10. Unique
Joe Anna Bob Identities
Identity
Providers
Any Device
Any Platform
Any AWS
Service
Amazon Cognito Identity
Support Multiple Login Providers
Easily integrate with major login providers for
authentication.
Unique Users vs. Devices
Manage unique identities. Automatically
recognize unique user across devices and
platforms.
Helps implement security best
practices
Securely access any AWS Service from mobile
device. It simplifies the interaction with AWS
Identity and Access Management
Mobile
Analytics
S3
DynamoDB
Kinesis
Your own
Auth
11. Amazon Cognito for Unauthenticated Identities
Guest User Access
Securely access AWS resources and leverage
app features without the need to create an
account or logging in
Save Data to the Cloud
Save app and device data to the cloud and
merge them after login
Unique Identifier for Your “Things”
“Headless” connected devices can also
securely access cloud services.
Visitor
Preferences
Guest
Cognito
Store
EC2
S3
DynamoDB
Kinesis
12. Getting Started with Cognito in 3 steps
Sign up for AWS Account and login to AWS Management Console
Create identitypool for authenticated and
unauthenticated users in the AWS Console
Download and integrate the Mobile SDK and store and
sync user data in a dataset
13. Amazon Cognito Security Architecture
Cognito ID
(Temp
Credentials)
DynamoDB
End Users
Developer
Access
to AWS
Services
Cognito Identity
Broker
Login OAUTH/OpenID
Access Token
Cognito ID,
Temp
Credentials
S3
Mobile Analytics
Cognito Sync
Store
AWS
Management
Console
Access Token
Pool ID
Role ARNs
App with
AWS Mobile
SDK
Your own
Auth
14. Developer Authenticated Identities
Your
own
Username
And
Password
Your own user authentication system
Several apps prefer to have their own username
and password instead of public identity providers
for authentication.
Easily integrate with existing systems
Implement GetOpenIdTokeForDeveloperIdentity()
using our server-side SDKs like Java, Python,
Ruby etc.
Manage mappings easily
Cognito manages the mappings across login
systems (public or private) using a unique
Cognito ID
16. Access Policy Restriction (Policy Variables)
{
"Effect": "Allow”,
"Action": ["s3:GetObject”,"s3:PutObject”],
"Resource": ["arn:aws:s3:::
myBucket/amazon/snakegame/
${cognito-identity.amazonaws.com:sub}"]
}
Allow
Actions:
S3 Get/Put operations
Resource:
Only to a specific part
of bucket to that identity
17. Access Policy Restriction (Policy Variables)
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem"
],
"Resource": [
"arn:aws:dynamodb:us-west-2:514247453397:
table/msgdemo-geo"
],
"Condition": {
"ForAllValues:StringEquals":
{"dynamodb:LeadingKeys":
["${cognito-identity.amazonaws.com:sub}"]}
}
}
Allow
Actions:
DynamoDB "Write" ops
Resource:
Only if your identity is
in the hash key
19. What have customers told us about
“Synchronized Profile”
People have multiple devices and want to transition between devices.
Implementing a user profile that syncs across devices, OS, apps is hard.
It not only has to work when offline, but easy to integrate with existing apps.
20. Amazon Cognito Sync
User Data
Storage and
Sync
Any Platform
Identity pool
iOS/Android/FireOS
Store App Data, Preferences and State
Save app and device data to the cloud and merge
them after login
Cross-device Cross-OS Sync
Sync user data and preferences across devices
with one line of code
Work Offline
Data always stored in local SQLite DB first.
Works seamlessly when intermittent or no
connectivity
k/v data
21. Amazon Cognito Sync
Offline: The client SDK manages a local SQLite data
store to allow the app to work even when connectivity is
not available.
Fast: The methods to read and write data only interact
with the local SQLite database.
Intelligent Sync: The sync method compares the local
version of the data to the cloud sync store, pushes up
deltas and pulls down new changes.
Flexible Conflict resolution: The sync method first
reads the changes then writes its local changes to the
cloud sync store By default Cognito assumes that the
last write wins. Developers can override and
implement their own conflict resolution programmatically
Local SQLite Cache
22. Amazon Cognito Sync Data Model
AWS
Account
Identitypool
identitypool
Dataset
Pool of identities that
share the same trust policy
IdIdeenntittiyt y Identity
DDaatatasseet t
Unique identifier across
devices, get cached on local devices
as well as saved in the cloud
1:n
1:n
1:n
Dataset synchronized across
devices by simply calling dataset.synchronize()
method
1:n
DDaatatasseet t Key/Value
Key-value and sync count
23. Amazon Cognito Sync Data Model - Example
AWS
Account
1:n
Identitypool
identitypool
1:n
IdIdeenntittiyt y Identity
1:n
Dataset
DDaatatasseet t
Developer has two apps: a game and a productivity app
User
preferences
Game
state
Identitypool1
Productivity
App
Game
App
1:n
DDaatatasseet t Key/Value
25. Integrating Cognito Sync functionality is super easy
Initialize the CredentialsProvider and CognitoClient
provider = new CognitoCachingCredentialsProvider (context, AWS_ACCOUNT_ID,
COGNITO_POOL_ID, COGNTIO_ROLE_UNAUTH, COGNITO_ROLE_AUTH, Regions.US_EAST_1);
cognito = new CognitoSyncManager (context, COGNITO_POOL_ID, Regions.US_EAST_1, provider);
Create or open Dataset and Add Key Values
cognito.openOrCreateDataset(datasetName);
dataset.put(key, value);
Call synchronize on the dataset
dataset.synchronize(new SyncCallback(){..});
26. Integrating Cognito Sync functionality is super easy
Initialize the AWSCognitoSyncClient
AWSCognitoSyncClient *syncClient = [[AWSCognitoSyncClient alloc]
initWithConfiguration: configuration];
Create or open Dataset and Add Key Values
DataSet *dataset = [syncClient openOrCreateDataSet:@"myDataSet"];
NSString *value = [dataset readStringForKey:@"myKey"];
[dataset putString:@"my value" forKey:@"myKey"];
Call synchronize on the dataset
[dataset synchronize];
iOS
27. Amazon Cognito
(Identity Broker)
AWS Identity and
Access Management
Analyze User Behavior
Store and share media
Deliver media
Send push notifications
Store shared data
Track active users,
engagement
Track Retention Stream real-time data
Manage funnels,
Campaign performances
Store user-generated photos
Media and share them
Automatically detect mobile devices
Deliver content quickly globally
Bring users back to your app by sending
messages reliably
Store and query fast NoSQL data
across users and devices
Collect real-time clickstream logs
and take actions quickly
Your
Mobile
App
Authenticate users
Authorize access
Synchronize data
Amazon Cognito
(Sync)
29. Improve Monitoring
and Monetization
of Your Mobile Apps
Danilo Poccia | Technical Evangelist
danilop@amazon.com
@danilop
Web Summit
#AWS Dublin #WebSummit
2014
34. Amazon Cognito
(Identity Broker)
AWS Identity and
Access Management
Analyze User Behavior
Store and share media
Deliver media
Send push notifications
Store shared data
Track active users,
engagement
Track Retention Stream real-time data
Manage funnels,
Campaign performances
Store user-generated photos
Media and share them
Automatically detect mobile devices
Deliver content quickly globally
Bring users back to your app by sending
messages reliably
Store and query fast NoSQL data
across users and devices
Collect real-time clickstream logs
and take actions quickly
Your
Mobile
App
Authenticate users
Authorize access
Synchronize data
Amazon Cognito
(Sync)
35. Amazon S3
Transfer Manager
Send push notifications
Bring users back to your app by sending
messages reliably
Store shared data
Store and query fast NoSQL data
across users and devices
Stream real-time data
Collect real-time clickstream logs
and take actions quickly
Your
Mobile
App
Authenticate users
Amazon Cognito
(Identity Broker)
Authorize access
AWS Identity and
Access Management
Synchronize data
Amazon Cognito
(Sync)
Analyze User Behavior
Amazon Mobile
Analytics
Track Retention
Amazon Mobile
Analytics
Store and share media
Deliver media
Amazon CloudFront
(Device Detection)
AWS Mobile SDK
37. What Customers Told Us About “Push Notifications”
Sending large-scale push notifications, cross-platform is still hard.
Developers want to be able to reach their customers globally and
across all devices.
38. Some Use Cases
Broadcast Direct Closed Loop
Identical messages to
many at once
Unique messages to
individual customers
Targeted and optimized
with analytics
39. Each platform works differently, and push gets even more
complex as you scale to support millions of devices.
Cloud App
Platform Services Mobile Apps
40. Amazon SNS
Cross-platform
Mobile Push
Internet
Apple APNS
Google GCM
Baidu CP
Amazon ADM
Windows WNS and
MPNS
Industry’s First!
New!
iOS
Apple iPhones and iPads
Android Phones and Tablets in China
With Amazon SNS, developers can send push notifications on multiple platforms
and reach mobile users around the world
New features:
Message Expiry Time
Message Attributes
Amazon SNS Mobile Push
Android Phones and Tablets
Kindle Fire Devices
Windows Desktop and Windows Phone
Devices
42. Amazon DynamoDB Connector: Object Mapper
High Scores
Joe 1500
Anna 800
Bob 750
Joe Anna Bob
Simplifies access to Amazon
DynamoDB in you app
Map client-side classes to Amazon
DynamoDB tables
Removes the need to transform
objects into tables and vice versa
43. Amazon DynamoDB: Example @DynamoDBTable(tableName = "Bookstore")
public static class Book {
private int id;
private String isbn, title;
private Boolean hardCover;
@DynamoDBHashKey(attributeName = "id")
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
@DynamoDBAttribute(attributeName="isbn")
public String getIsbn() {
return isbn;
}
...
}
Table: Bookstore
Id isbn Title hardCover
1 22-22222 My First Book Yes
2 43-43234 My Favorite Book No
3 55-12345 My New Book Yes
44. Amazon DynamoDB: Example
// Build a book object
Book book = new Book();
book.setId(17);
book.setIsbn("222-2222222222");
book.setTitle("Some Title");
book.setHardCover(true);
// Save book object to dynmaoDB
mapper.save(book);
// Update item and save object again
book.setTitle("Updated Title");
book.setHardCover(false);
mapper.save(book);
// Load another book
Book anotherBook = mapper.load(Book.class,7);
46. Amazon Kinesis Connector for Mobile Apps
Amazon
Kinesis
S3 Redshift Kinesis
enabled
Apps on
EC2
AWS
Mobile
SDK
For sophisticated
User Behavior
Analysis
Integrated AWS Mobile SDK
Generic batching system that
handles intermittent network
connection and also optimize
battery utilization
For Crash Dump
Analysis
48. Authenticate users
Manage users and
identity providers
Authorize access
Securely access
cloud resources
Sync user prefs
across devices
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Send push notifications
Store shared data
Track active users,
engagement
Track Retention Stream real-time data
Manage funnels,
Campaign performances
Store user-generated photos
Media and share them
Automatically detect mobile devices
Deliver content quickly globally
Bring users back to your app by sending
messages reliably
Store and query fast NoSQL data
across users and devices
Collect real-time clickstream logs
and take actions quickly
Your
Mobile
App
49. Authenticate users
Amazon Cognito
(Identity Broker)
Authorize access
AWS Identity and
Access Management
Analyze User Behavior
Store and share media
Synchronize data
AWS Mobile SDK
Amazon Mobile
Analytics
Deliver media
Amazon Cognito
(Sync)
Amazon S3
Transfer Manager
Amazon CloudFront
(Device Detection)
Store shared data
Amazon DynamoDB
(Object Mapper)
Stream real-time data
Amazon Kinesis
(Recorder)
Track Retention
Amazon Mobile
Analytics
Send push notifications
Amazon SNS
Mobile Push
Your
Mobile
App
50. Key Takeaways
Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push
Kinesis Connector DynamoDB Connector S3 Connector SQS Connector SES Connector
AWS Global Infrastructure (10 Regions, Availability Zones, 51 Edge Locations)
Mobile Optimized
Services
Mobile Optimized
Connectors
Core Building Block
Services
Your Mobile App, Game or Device App
AWS Mobile SDK, API Endpoints, Management Console
Compute Storage Networking Analytics Databases
Integrated SDK
51. Key Takeaways
Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push
Kinesis Connector DynamoDB Connector S3 Connector SQS Connector SES Connector
AWS Global Infrastructure (10 Regions, Availability Zones, 51 Edge
Locations)
Mobile Optimized
Services
Mobile Optimized
Connectors
Core Building Block
Services
Your Mobile App, Game or Device App
AWS Mobile SDK, API Endpoints, Management Console
Compute Storage Networking Analytics Databases
Integrated SDK
Cross Platform
and Optimized
for Mobile
Flexibility
And Freedom
of Choice
Fully integrated
and easy to get
started
52. Get Started for Free!
Amazon Cognito Amazon Mobile
Analytics
Amazon SNS
Mobile Push
Free Tier:
1 Million push messages
every month
Free Tier
(for first 12 months):
1 Million syncs/month +
10GB of storage for
Amazon Cognito
Free Tier:
100 Million events every
month
http://aws.amazon.com/mobile
53. Building Mobile Apps
on AWS
Danilo Poccia | Technical Evangelist
danilop@amazon.com
@danilop