AWS makes development of cross-platform mobile applications easy. With highly-scalable cloud services such as Amazon S3, Amazon DynamoDB and Amazon SNS, mobile developers can build powerful cloud-backed mobile apps with just a few lines of code. In this session, you will learn how to connect directly to these services and how to build a powerful back end for your Android and iOS applications. We will also share some best practices from other successful apps such as Flipboard and Supercell so you can focus on differentiating your app functionality whilst leaving the 'table stakes' with no differentiated value to the cloud.
3. Authenticate users
Manage users and
identity providers
Authorize access
Securely access
cloud resources
Sync user prefs
across devices
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Send push notifications
Store shared data
Track active users,
engagement
Track Retention Stream real-time data
Manage funnels,
Campaign performances
Store user-generated photos
Media and share them
Automatically detect mobile devices
Deliver content quickly globally
Bring users back to your app by sending
messages reliably
Store and query fast NoSQL data
across users and devices
Collect real-time clickstream logs
and take actions quickly
Your
Mobile
App
4. AWS Mobile Services
Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push
Kinesis Connector DynamoDB Connector S3 Connector SQS Connector SES Connector
AWS Global Infrastructure (10 Regions, Availability Zones, 51 Edge Locations)
Mobile Optimized
Services
Mobile Optimized
Connectors
Core Building Block
Services
Your Mobile App, Game or Device App
AWS Mobile SDK, API Endpoints, Management Console
Compute Storage Networking Analytics Databases
Integrated SDK
5. Cross-platform, Optimized for Mobile
User identity &
data synchronization
service
Fast cross-platform
Analytics & reporting
Service
Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push
Kinesis Connector DynamoDB Connector S3 Connector SQS Connector SES Connector
Store any NoSQL
data and also map
mobile OS specific
objects to
DynamoDB tables
Powerful Cross-platform
Push notification service
Recorder that can
handle intermittent
network connection
Easily upload,
download to S3 and
also pause,
resume, and cancel
these operations
Send email
reliably from
device
Access
distributed
buffering and
queuing service
6. Fully Integrated AWS Mobile SDK
• Common authentication mechanism across
all services
• Automatically handle intermittent network
connections
• Cross-platform Support:
Android, iOS, Fire OS
• Native SDKs optimized for Mobile OS, for
example, uses the local offline caching
architecture
• Reduced memory footprint; Pick and choose
the service jars you need
8. Unique
Joe Anna Bob Identities
Identity
Providers
Any Device
Any Platform
Any AWS
Service
Amazon Cognito Identity
Support Multiple Login Providers
Easily integrate with major login providers for
authentication.
Unique Users vs. Devices
Manage unique identities. Automatically
recognize unique user across devices and
platforms.
Helps implement security best
practices
Securely access any AWS Service from mobile
device. It simplifies the interaction with AWS
Identity and Access Management
Mobile
Analytics
S3 DynamoDB Kinesis
9. Amazon Cognito for Unauthenticated Identities
Guest User Access
Securely access AWS resources and leverage
app features without the need to create an
account or logging in
Save Data to the Cloud
Save app and device data to the cloud and
merge them after login
Unique Identifier for Your “Things”
“Headless” connected devices can also
securely access cloud services.
Visitor
Preferences
Guest
Cognito
Store
EC2 S3 DynamoDB Kinesis
10. Getting Started with Cognito in 3 steps
Sign up for AWS Account and login to AWS Management Console
Create identitypool for authenticated and
unauthenticated users in the AWS Console
Download and integrate the Mobile SDK and store and
sync user data in a dataset
11.
12.
13.
14.
15.
16. Amazon Cognito Security Architecture
User ID
(Temp
Credentials)
DynamoDB
End Users
Developer
App w/SDK
Access
to AWS
Services
Cognito Identity
Broker
Login OAUTH/OpenID
Access Token
Cognito ID,
Temp
Credentials
S3
Mobile Analytics
Cognito Sync
Store
AWS
Management
Console
Access
Token
Pool ID
Role ARNs
17. Amazon Cognito (Identity Broker)
Identitypool
Identity
Providers
Pool of identities that
share the same trust policy
Access
Policy
Access to
AWS
Services
identitypool
Authenticated
identities
Unauthenticated
Identities
AWS IAM Roles
AWS
Account
Web Identity
Federation
S3
DynamoDB
Get Delete Put
18. Access Policy Restriction (Policy Variables)
Allow
Actions:
All sync operations
Resource:
Only to that identity
{
"Effect":"Allow",
"Action":"cognito-sync:*",
"Resource":["arn:aws:cognito-sync:us-east-1:
{
"Effect": "Allow”,
"Action": ["s3:GetObject”,"s3:PutObject”],
"Resource": ["arn:aws:s3:::
myBucket/amazon/snakegame/
${cognito-identity.amazonaws.com:sub}"]
}
123456789012:identitypool/
${cognito-identity.amazonaws.com:aud}/identity/
${cognito-identity.amazonaws.com:sub}/*"]
}
Allow
Actions:
S3 Get/Put operations
Resource:
Only to a specific part
of bucket to that identity
20. What have customers told us about
“Synchronized Profile”
People have multiple devices and want to transition between devices.
Implementing a user profile that syncs across devices, OS, apps is hard.
It not only has to work when offline, but easy to integrate with existing apps.
21. Amazon Cognito Sync
User Data
Storage and
Sync
Any Platform
Identity pool
iOS/Android/FireOS
Store App Data, Preferences and State
Save app and device data to the cloud and merge
them after login
Cross-device Cross-OS Sync
Sync user data and preferences across devices
with one line of code
Work Offline
Data always stored in local SQLite DB first.
Works seamlessly when intermittent or no
connectivity
k/v data
22. Amazon Cognito Sync Data Model
AWS
Account
Identitypool
identitypool
Dataset
Pool of identities that
share the same trust policy
Identity
Identity
Identity
Dataset
Dataset
Unique identifier across
devices, get cached on local devices
as well as saved in the cloud
1:n
1:n
1:n
Dataset synchronized across
devices by simply calling dataset.synchronize()
method
1:n
Dataset
Dataset
Key/Value
Key-value and sync count
23. Amazon Cognito Sync Data Model - Example
AWS
Account
1:n
Identitypool
identitypool
1:n
Identity
Identity
Identity
1:n
Dataset
Dataset
Dataset
Developer has two apps: a game and a productivity app
User
preferences
Game
state
Identitypool1
Productivity
App
Game
App
1:n
Dataset
Dataset
Key/Value
24. Integrating Cognito Sync functionality is very simple
Initialize the CredentialsProvider and CognitoClient
provider = new CognitoCredentialsProvider(context, AWS_ACCOUNT_ID,
COGNITO_POOL_ID, COGNTIO_ROLE_UNAUTH, COGNITO_ROLE_AUTH);
cognito = new DefaultCognitoSyncClient(context, COGNITO_POOL_ID, provider);
Create or open Dataset and Add Key Values
cognito.openOrCreateDataset(datasetName);
dataset.put(key, value);
Call synchronize on the dataset
dataset.synchronize(new SyncCallback(){..});
25. Integrating Cognito Sync functionality is very simple
Initialize the AWSCognitoSyncClient
AWSCognitoSyncClient *syncClient = [[AWSCognitoSyncClient alloc]
initWithConfiguration: configuration];
Create or open Dataset and Add Key Values
DataSet *dataset = [syncClient openOrCreateDataSet:@"myDataSet"];
NSString *value = [dataset readStringForKey:@"myKey"];
[dataset putString:@"my value" forKey:@"myKey"];
Call synchronize on the dataset
[dataset synchronize];
iOS
32. What Customers Told Us About “Push Notifications”
Sending large-scale push notifications, cross-platform is still hard.
Developers want to be able to reach their customers globally and
across all devices.
33. Each platform works differently, and push gets even more
complex as you scale to support millions of devices.
Cloud App
Platform Services Mobile Apps
34. Amazon SNS
Cross-platform
Mobile Push
Internet
Apple APNS
Google GCM
Baidu CP
Amazon ADM
Windows WNS and
MPNS
iOS
Apple iPhones and iPads
Android Phones and Tablets in China
With Amazon SNS, developers can send push notifications on multiple platforms
and reach mobile users around the world
New features:
Message Expiry Time
Message Attributes
Amazon SNS Mobile Push
Android Phones and Tablets
Kindle Fire Devices
Windows Desktop and Windows Phone
Devices
35. Developers Love Cross-Platform Features of SNS
Customers love
high scale and
Reliability of SNS
Fast reliable
notification for every
Email received is
powered by SNS
High-profile Startups
trust SNS for their
high-profile launches
Secret.ly
Mature games increase
retention using SNS
Advanced targeted
notifications
bring players back into
the game
Launched its Android
App with SNS, no
provisioning required
Jetpack Joyride
Fruit ninja
37. Key Takeaways
Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push
Kinesis Connector DynamoDB Connector S3 Connector SQS ConnectorSES Connector
AWS Global Infrastructure (10 Regions, Availability Zones, 51 Edge Locations)
Mobile Optimized
Services
Mobile Optimized
Connectors
Core Building Block
Services
Your Mobile App, Game or Device App
AWS Mobile SDK, API Endpoints, Management Console
Compute Storage Networking Analytics Databases
Integrated SDK
38. Key Takeaways
Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push
Kinesis Connector DynamoDB Connector S3 Connector SQS ConnectorSES Connector
AWS Global Infrastructure (10 Regions, Availability Zones, 51 Edge
Locations)
Mobile Optimized
Services
Mobile Optimized
Connectors
Core Building Block
Services
Your Mobile App, Game or Device App
AWS Mobile SDK, API Endpoints, Management Console
Compute Storage Networking Analytics Databases
Integrated SDK
Cross Platform
and Optimized
for Mobile
Flexibility
And Freedom
of Choice
Fully integrated
and easy to get
started
39. Get Started for Free!
Amazon Cognito Amazon Mobile
Analytics
Amazon SNS
Mobile Push
Free Tier:
1 Million push messages
every month
Free Tier (for first 12
months):
1 Million syncs/month +
10GB of storage for
Amazon Cognito
Free Tier:
100 Million events every
month
40. Simple and predictable pay as you go pricing
Amazon Cognito Amazon Mobile
Analytics
Amazon SNS
Mobile Push
Free Tier:
1 Million push messages
every month
Thereafter:
$0.50 for Million
notifications delivered
$0.50 for Million requests
Free Tier (for first 12
months):
1 Million syncs/month +
10GB of storage for
Amazon Cognito
Thereafter:
$0.15 for 10K Syncs
$0.15 per GB for storage
Free Tier:
100 Million events every
month
Thereafter:
$1.00 per Million events
41. Authenticate users
Manage users and
identity providers
Authorize access
Securely access
cloud resources
Sync user prefs
across devices
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Send push notifications
Store shared data
Track active users,
engagement
Track Retention Stream real-time data
Manage funnels,
Campaign performances
Store user-generated photos
Media and share them
Automatically detect mobile devices
Deliver content quickly globally
Bring users back to your app by sending
messages reliably
Store and query fast NoSQL data
across users and devices
Collect real-time clickstream logs
and take actions quickly
Your
Mobile
App
42. Authenticate users
Amazon Cognito
(Identity Broker)
Authorize access
AWS Identity and
Access Management
Analyze User Behavior
Store and share media
Synchronize data
AWS Mobile SDK
Amazon Mobile
Analytics
Deliver media
Amazon Cognito
(Sync)
Amazon S3
Transfer Manager
Amazon CloudFront
(Device Detection)
Store shared data
Amazon DynamoDB
(Object Mapper)
Stream real-time data
Amazon Kinesis
(Object Mapper)
Track Retention
Amazon Mobile
Analytics
Send push notifications
Amazon SNS
Mobile Push
Your
Mobile
App
43. Revolutionize the way people
experience Public Transit
Yovav (Jay) Meydad
VP, Product
57. Minimize latency when serving map tiles Amazon CloudFront
Enhance security
Some of our challenges
Reduce server load and latency Amazon ElastiCache
Better handle dynamic load while
reducing cost
Amazon VPC
Amazon Autoscaling
Create a modular architecture
using SQS as buffers
Amazon SQS
58. Compute
Amazon EC2
DNS Service
Route 53
Disk
Amazon EBS
Queue
Load Balancing
Storage
Amazon S3
NoSQL
SQL DB
Content Delivery
CloudFront
Amazon
DynamoDB
Amazon RDS
Monitoring
CloudWatch
ELB
AWS Services in use
Caching
ElastiCache
Security
VPC
Scaling
AutoScale
Amazon SQS
How to build an app
1. Authentication
2. Authorization
3. Data Storage and Delivery (Upload and Download)
4. Data Analytics
5. Data Synchronization
6. Push Notifications
7. Shared Data
8. Stream real-time data
9.
Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services.
These services are optimized for mobile OS and make it dead easy to get started when using the SDK. They add a lot of functionality for example Kinesis and Analytics automatically buffer records and events to handle intermittent connection. Kinesis support in the SDK, you can directly ingest large amounts of streaming data from around the world to Kinesis Stream which automatically handles shard. SDK is a great wrapper to handle distributed systems issues, such as automatic retries and so on. Our Mobile SDK adds even more functionality above the normal SDK such as resume, cancel in case of S3 etc.
Amazon Cognito is a simple user identity and data synchronization service that makes it easy for developers to securely manage application data for your users across their mobile devices. Developers can create unique identities for your users with information from a number of public login providers
Developers can save application data locally on the device and then securely sync and save this data to the cloud so your application can work online and offline. Developers can save any kind of data in Key/Value pairs such as application preferences or game state in the AWS Cloud, without having to write any backend code or manage any infrastructure.
This means you can focus on creating great application experiences instead of having to worry about building and managing a backend solution to handle identity, network state, storage, and sync.
One of the key benefits of Amazon Cognito is its Identity broker component. It creates a unique identifer and matches it when user’s login with any of the login providers. Developers have the flexibility to choose any login provider, in v1, we support G+, Amazon and Facebook and you can easily integrate using the SDK.
We focus on users and not login providers and manage the user preferences for that users.
Implementing AWS security best practices for accessing cloud resources with Amazon Cognito is easy. Amazon Cognito gives each app a set of temporary, limited privilege AWS credentials for each app user to access all AWS services.
We have seen that 90% users simply consumers of data and only 10% are actually content creators. Unauthenticated guest users are users just like logged in users. We should focus more on them, build services for them, and treat them like users, not second class citizens.
Amazon Cognito simplifies the way your application can access AWS resources in a secure manner, following AWS security best practices, even when your application users are not authenticated. Amazon Cognito creates a random, unique identifier for each unauthenticated guest so you can start saving application data for those users and also leverage the temporary, limited privilege credentials Amazon Cognito provides to access other AWS resources, such as Amazon S3 and Amazon DynamoDB. When your users decide to authenticate using one of the supported public login providers, Amazon Cognito ensures the data you saved against the unauthenticated profile is now associated with the new authenticated profile removing the complexity of managing user conversion.
By registering an unauthenticated user or by sending a login provider token to Amazon Cognito, your application receives a set of temporary, limited privilege credentials from Amazon Cognito to access your AWS resources. Amazon Cognito takes care of all the steps necessary to create a unique identifier for your app’s users and retrieve the AWS credentials. Incorporating AWS security best practices now takes just a few lines of code.
Architecturally, Amazon Cognito has two parts: Cognito identity Broker and Cognito Sync Store. Users first login with login provider of their choice and App with SDK does the rest.
In the past, to access cloud services, developers embed aws credentials which is access key id and secret key within the application, this is highly unsecure because it is easy to unip the apk file and get access to keys.
Now we make it extremely secure by not only create temprory creds that are valid only for one hour but also limiting the access to other data. The users only have access to store and sync in their own dataset.
Once you get the temp cred, you can access other AWS services like S3 to store video, for example, DynamoDB to store shared data like leaderboards, kinesis to store streaming data logs and so on.
We can add a restriction by username/id but our policy is for everyone who assumes the role
As we all know the number of devices per user is going down any time soon. Customers have told us users with multiple devices want to be able to transition between devices seamlessly. They want a roaming synchronized app profile so they can pick up their tablet and continue playing a game at the same level they achieved on their phone. Turns out sync at scale is an hard problem to solve.
Additionally, they want to be able to access their profile even when their device is offline. To date, developers wanting to implement roaming profile functionality in their apps have had to roll their own solution or use a system tied only to a particular login provider. This either requires the developer to do more work or to limit their cross platform story.
With Amazon Cognito developers can synchronize application data across an end user’s devices with a single line of code.
With Amazon Cognito, developers can securely store application data, such as preferences and game state in the AWS cloud. With synchronized application data, developers can give your users a consistent, unified experience on their app across all of their mobile devices.
Developers can use Amazon Cognito directly from their mobile app without building or maintaining any backend infrastructure. Amazon Cognito handles secure application data storage and sync, enabling them to focus on their application experiences, instead of the heavy lifting of creating and managing a user application data sync solution.
It manages the complexity of conflict resolution and intermittent network connectivity by managing offline cache ensuring your application can always deliver a great user experience. Each data set in the Amazon Cognito sync store can be synchronized on all devices associated with an identity simply by calling the synchronize () method.
Today push notifications is the way to get to the app when the user is not using. It is extremely important functionality to drive engagement, retention and overal user experience. Customers tell us that working with diferent push notifications services is painful. They have to maintain serverside database of tokens issued by apple and android, and maintain the infastructure and different APIs. Moreover, sending push notifications to different parts of the world for example china, where there are more than 200 android appstores is extremely hard.
Amazon SNS Mobile Push is a managed, scalable, cross-platform push intermediary service. It abstracts the complexity of different push notification services and allows developers to send push notifications across different mobile endpoints. You can subscribe to topics and and send messages which is then relayed to apple and google notifications services
Customers love
high scale and
Reliability of SNS
Fast reliable notification for every
Email received is powered by SNS
High-profile Startups
trust SNS for their
high-profile launches
Launched its Android
App with SNS, no
provisioning required
Mature games increase
retention using SNS
Advanced targeted
notifications
bring players back into
the game
Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services.
Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services.
Amazon Cognito has a simple pay as you go pricing plan, with no upfront costs. You pay only for what you use.
Authenticating users and generating unique identifiers is free with Amazon Cognito. Upon sign-up, new AWS customers receive 10 GB of cloud sync store and 1,000,000 sync operations per month.
Charges are based on the total amount of data saved in the Amazon Cognito cloud sync store and the number of sync operations performed.
Amazon Analytics is almost free with 100 million events/month and just a 50 cents for millionevents there after.
How to build an app
1. Authentication
2. Authorization
3. Data Storage and Delivery (Upload and Download)
4. Data Analytics
5. Data Synchronization
6. Push Notifications
7. Shared Data
8. Stream real-time data
9.
How to build an app
1. Authentication
2. Authorization
3. Data Storage and Delivery (Upload and Download)
4. Data Analytics
5. Data Synchronization
6. Push Notifications
7. Shared Data
8. Stream real-time data
9.
How to build an app
1. Authentication
2. Authorization
3. Data Storage and Delivery (Upload and Download)
4. Data Analytics
5. Data Synchronization
6. Push Notifications
7. Shared Data
8. Stream real-time data
9.