Professional Documents
Culture Documents
Your
Authorize
access
Mobile Deliver
media
Securely access App Automatically detect mobile devices
cloud resources Deliver content quickly globally
Your
Authorize
access
Mobile Deliver
media
AWS Identity and Amazon CloudFront
App
Access Management (Device Detection)
Guest
Guest
Your
own
Auth
1:60
Iden0ty
Identity Pool: Pool of app users. Can be Pool
shared across apps. 1:n
AssumeRoleWithWebIden0ty
Amazon Cognito Authflow
AssumeRoleWithWebIden0ty
Amazon Cognito Authflow
AssumeRoleWithWebIden0ty
All
this
is
handled
by
the
creden0als
provider.
Unauthenticated Identities
Transitioning to Authenticated
Linking Logins
Merging Identities
Authorize access:
Amazon Cognito + AWS IAM + Fine-grained access control
AWS IAM Roles
Mechanism for delivering temporary credentials
Has two policies
Trust (who can assume role)
Access (what resources the role can access)
3 types roles
AWS Service Roles
Cross-Account Access
Identity Provider Access
Roles for Amazon Cognito
2 roles
Authenticated users
Unauthenticated users
Access to Cognito Sync and Mobile Analytics
Can be modified to support access to any AWS service
Supports policy variables for fine-grained access control
Policy Variables Amazon S3
<!-- Write/Read/Delete individual items -->
{
"Effect":"Allow",
"Action":["s3:PutObject","s3:GetObject","s3:DeleteObject"],
"Resource":"arn:aws:s3:::BUCKET_NAME/${cognito-identity.amazonaws.com:sub}/*"
}
Work Offline
Data persisted to local storage first. Local data is Identity Pool
No Backend
Simple client SDK eliminates need for server side
code.
User
Data
Sync data model
AWS
Account
Identity Pool: Pool of app users. Can be 1:60
shared across apps. Iden0ty
Pool
Identity: An individual user. Consistent
1:n
across identity providers. Can be a guest
Iden0ty
user. Iden0ty
Iden0ty
1:1024
Dataset
Dataset
Record
Amazon Cognito Synchronization
User
Data
Amazon Cognito Synchronization
User
Data
Amazon Cognito Synchronization
onConflict() {
User
Data
}
Amazon Cognito Synchronization
User
Data
Amazon Cognito Synchronization
User User
Data Data
Amazon Cognito Sync Additional Features
Push Synchronization
Integrate with Amazon SNS receive mobile push notifications when data changes.
Focus
on
metrics
that
Scale
to
billions
of
events
Data
collected
are
not
ma@er.
Usage
reports
per
day
from
millions
of
shared,
aggregated,
or
available
within
60
minutes
users.
reused.
of
receiving
data
from
an
app.
Key Business Metrics
(with one line of code)
1. Monthly
Ac0ve
Users
(MAU)
2. Daily
Ac0ve
Users
(DAU)
3. New
Users
4. Daily
Sessions
5. S0cky
Factor
6. 1-Day
Reten0on
7. Avg.
Revenue
per
DAU
8. Daily
Paying
Users
9. Avg.
Paying
DAU
Track
Reten'on
User
reten0on
is
a
key
indicator
to
judge
the
outcome
of
a
marke0ng
campaign,
new
feature
introduc0on,
UX
changes,
app
updates,
etc.
Mobile
Analy0cs
provide
four
charts
to
track
daily
or
weekly
rate
of
returning
users,
aYer
rst
use
of
the
app.
Track Custom Events
Get
behavioral
insights
into
app-specic
ac0ons
that
your
users
take.
Content Content
Amazon
S3
Custom
User requests
Edge location
(cache + network optimizations) Origin
Leverage AWS Edge Locations
London
(2)
Sea@le
New
York
(3)
South
Bend
Amsterdam
(3)
Newark
Dublin
Stockholm
Hayward
Seoul
Tokyo
(2)
Palo
Alto
Warsaw
Chennai
Ashburn
(3)
Milan
Atlanta
Madrid
Osaka
Los
Angeles
(2)
Jacksonville
Taipei
Dallas
(2)
Hong
Kong
(2)
Mumbai
St.Louis
Manila
Rio
de
Janeiro
Sydney
Sao
Paulo
Melbourne
Store Shared Data: Amazon DynamoDB
Amazon DynamoDB Connector: Object Mapper
High
Scores
Simplies
access
to
Amazon
DynamoDB
Joe
1500
in
your
app
Anna
800
Map
client-side
classes
to
Amazon
Bob
750
DynamoDB
tables
Removes
the
need
to
transform
objects
into
tables
and
vice
versa
Joe Anna Bob
Send Push Notifications: Amazon SNS Mobile Push
SNS publishes notifications on your behalf using the credentials you
obtain from each push service.
Apple APNS
Amazon
SNS
Mobile
Push
Google
GCM
Amazon
ADM
SNS encapsulates each device token inside an Amazon Resource
Name (ARN) endpoint.
ARN
1
Token
A
Apple
APNS
ARN
2
Token
B
Amazon
SNS
Mobile
Push
Google
GCM
ARN
3
Token
C
Amazon
ADM
Once you register a device with SNS, SNS proactively consumes
feedback about the corresponding token from the push service.
Token
X
Apple
APNS
ARN
2
Token
B
Amazon
SNS
Token
Y
Mobile
Push
Google
GCM
ARN
3
Token
C
Amazon
ADM
You can publish unique messages to individual devices, or
broadcast identical messages to many devices at once.
Publish
Publish Publish
Publish
Grouping users by SNS Topic
Geography Activity Product
US
West
Coast
Daily
Ac0ves
Flapping
Bird
Rio
1 3
?
Which device is she using?
?
Calling Lambda Functions
Call from mobile or web apps
Wait for a response or send an event and continue
AWS SDK, AWS Mobile SDK, REST API, CLI
Send events from Amazon S3 or SNS:
One event per Lambda invocation, 3 attempts
Process DynamoDB changes or Amazon Kinesis records as events:
Ordered model with multiple records per event
Unlimited retries (until data expires)
Writing Lambda Functions
The Basics
Stock node.js
AWS SDK comes built in and ready to use
Lambda handles inbound traffic
Stateless
Use S3, DynamoDB, or other Internet storage for persistent data
Dont expect affinity to the infrastructure (you cant log in to the box)
Familiar
Use processes, threads, /tmp, sockets,
Bring your own libraries, even native ones
No Infrastructure to Manage
Batching
of
requests
No0ca0on
when
batch
size
is
reached
Handles
any
arbitrary
data
Kinesis
Connector
Authen'cate
users
Store
and
share
media
Amazon Cognito Amazon S3
(Identity) Transfer Manager
Your
Authorize
access
Mobile Deliver
media
AWS Identity and Amazon CloudFront
App
Access Management (Device Detection)
StackOverflow
http://stackoverflow.com/tags/amazon-web-services
GitHub
http://github.com/aws/
http://github.com/awslabs/