This document discusses how to build mobile apps using AWS mobile services like Amazon Cognito, Amazon S3, Amazon DynamoDB, and Amazon SNS. It outlines building several demo apps, including a basic media download/upload app using S3, an app implementing public and private views of media stored in DynamoDB using Cognito for authentication, and a push notification app using SNS. The goals, requirements, and implementation steps are described for integrating these AWS services into mobile apps using the AWS Mobile SDK.
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
1. Delivering Media Mobile Apps
using the AWS Mobile &
Javascript SDKs
Adam Larter, Solutions Architect, Amazon Web Services
alarter@amazon.com
2. Housekeeping
• Presentation ~55 minutes
• Q & A using the questions panel during the presentation
• Reminder – please fill in the survey!
3. Today’s Agenda
• Learn how you can deliver websites and applications that share
state across platforms and devices, using Amazon Cognito
• Learn how to leverage the content repurposing,
storage and delivery capabilities of
Amazon Elastic Transcoder and Amazon S3
• Learn how to create highly scalable
systems by decoupling application
tiers using Amazon SQS and
Amazon Elastic Beanstalk
4. Today’s Agenda (continued)
• Learn how to send push notifications
to mobile devices using Amazon SNS
• Learn how to use the AWS Mobile and
Javascript SDKs to create applications
that manage media
• Learn how to use DynamoDB to create
a shared inventory for media assets
5. v
In this session, we’ll be creating 5 Android apps
to demonstrate various features of AWS
7. v
Authenticate users
Manage users and
identity providers
Authorize access
Securely access
cloud resources
Sync user prefs
across devices
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Send push notifications
Store shared data
Track active users,
engagement
Track Retention Stream real-time data
Manage funnels,
Campaign performances
Store user-generated photos
Media and share them
Automatically detect mobile devices
Deliver content quickly globally
Bring users back to your app by sending
messages reliably
Store and query fast NoSQL data
across users and devices
Collect real-time clickstream
logs and take actions
quickly
Your
Mobile
App
Your mobile
application
8. Introducing AWS Mobile Services
v
Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push
Kinesis Connector DynamoDB Connector S3 Connector SQS Connector SES Connector
AWS Global Infrastructure (11 Regions, 28 Availability Zones, 52 Edge Locations)
Mobile Optimized
Services
Mobile Optimized
Connectors
Core Building Block
Services
Your Mobile App, Game or Device App
AWS Mobile SDK, API Endpoints, Management Console
Compute Storage Networking Analytics Databases
Integrated SDK
9. AWS Mobile Services we’ll focus on today
v
Amazon Cognito
Amazon SNS Mobile Push
Powerful Cross-platform
Push notification service
DynamoDB Connector
S3 Connector
SQS Connector
User identity &
data synchronization
service
Store any NoSQL data and
also map mobile OS specific
objects to DynamoDB tables
Easily upload, download to S3 and
also pause, resume, and cancel
these operations
Access distributed buffering
and queuing service
10. AWS Mobile SDK
v Fully integrated AWS
mobile SDK
Cross-platform,
optimized for mobile
Automatically handles
intermittent and latent
network
Reduced memory
footprint
Common authentication
method across all
services
11. v
Authenticate users
Manage users and
identity providers
Authorize access
Securely access
cloud resources
Sync user prefs
across devices
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Send push notifications
Store shared data
Track active users,
engagement
Track Retention Stream real-time data
Manage funnels,
Campaign performances
Store user-generated photos
Media and share them
Automatically detect mobile devices
Deliver content quickly globally
Bring users back to your app by sending
messages reliably
Store and query fast NoSQL data
across users and devices
Collect real-time clickstream
logs and take actions
quickly
Your
Mobile
App
Your mobile
application
12. v
Authenticate users
Amazon Cognito
(Identity broker)
Authorize access
AWS Identity and
Access Management
Amazon Cognito
(Sync)
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Send push notifications
Store shared data
Amazon Mobile
Analytics
Track Retention Stream real-time data
Amazon Mobile
Analytics
Amazon S3
Transfer Manager
Amazon CloudFront
(Device Detection)
Amazon SNS
Mobile Push
Amazon DynamoDB
(Object Mapper)
Amazon Kinesis
(Recorder)
Your mobile
application
with the AWS
Mobile SDK
14. Our Media App’s wish-list of features
Upload & Download media files to/from S3 buckets
v
Grant anonymous but secure access to AWS resources in our account
Grant authenticated access for users that log in via Public Identity Providers
Send push notifications to mobile devices
Store the media library inventory in the cloud so it can be queried by many users
Provide partitioned access to the media library based on Public and Private views
Synchronise user data across devices
Make all this available across devices (iOS, Android, Kindle) and web
Convert uploaded video files to various mobile/web formats
15. First App: Basic Download/Upload App
v
• Goals:
• User is anonymous – we don’t care who they are, treat them as ‘Public’ or ‘Guest’
• Directly access AWS Simple Storage Service (S3) from the mobile application
• We do not want to upload to a server and then have the server push the file to S3…
• Requirements:
• We need to authenticate the application on the mobile device
• We do not want to bake the AWS credentials in our mobile app!
• Even though users are anonymous, we still want to control access to AWS
16. First App: Basic Download/Upload App
v
Mobile App
S3 Bucket with
test media
Cognito Identity
17. Granting ‘guest’ access to our
‘Public’ users for controlled access to AWS resources
v
Amazon Cognito
18. Amazon Cognito Security Architecture
v
User ID
(Temp
Credentials)
DynamoDB
End Users
Developer
App w/SDK
Access
to AWS Services
Cognito Identity
Broker
Login OAUTH/OpenID
Access Token
Cognito ID,
Temp
Credentials
S3
Mobile Analytics
Cognito Sync
Store
AWS
Management
Console
Access Token
Pool ID
Role ARNs
19. Cognito Identity Example
v
Cognito Identity for Guests
Cognito assigns a unique identifier for each
device when a user is not logged on
Cognito Identity for Authenticated Users
Cognito assigns a unique identifier for each user
when they are authenticated. This will be the
same identifier for this user regardless of which
device they use
22. Create a new Cognito Identity Pool
v
Supplying public identity
providers is optional
For this demo, we will not be
supporting public identity
providers, so we leave them empty
23. Create a new Cognito Identity Pool
v
Enable guest access
For this demo, we will allow ‘anonymous access’
so that unauthenticated users can upload and
download from our S3 bucket
24. Create a new Cognito Identity Pool
v
Create IAM Roles
Create IAM roles for
this Cognito Identity
Pool. We will assign
tight security controls
to these roles later
25. Create a new Cognito Identity Pool
v
And assign a role for
unauthenticated access
26. Create a new Cognito Identity Pool
v
Starter code samples
Cognito conveniently
provides starter code for you
for Android, iOS and .Net!
This is an example of how
you can easily connect your
app to Cognito
29. Setup the required permissions in IAM
v
Default policy created by
Cognito
By default, access to Cognito
Sync and Mobile Analytics is
permitted. This policy has been
generated by the Cognito Create
Identity Pool wizard
30. v
Media in our S3 bucket
S3 Bucket contents
Test file that we will be
downloading via the
TransferManager S3 connector
31. v
S3 Bucket ACLs
Note that the ACLs on the bucket
do not permit ‘Public’ so the asset
is not world-accessible
Media in our S3 bucket
32. v
Let’s give the anonymous ‘guest’ access to our
S3 bucket for read and write
33. Setup the required permissions in IAM
v
Use the Policy Generator
We’ll create our specific S3-
related policy using the Policy
Generator
34. Setup the required permissions in IAM
v
Specify our bucket
Our policy will specify access for
our specific bucket. We’ll allow
GetObject and PutObject
35. Setup the required permissions in IAM
v
Resulting Policy Document
Here’s what the resulting policy
looks like for allowing READ
access to any object in the
specific bucket, and the ability to
WRITE any object
37. Instantiate Cognito Credentials Provider
v
Give Cognito your details
• Account Id
• Identity Pool ARN
• UnAuthenticated access Role ARN
• Authenticated access Role ARN
• The Region you are running Cognito in
38. v
Implementation Note!
This ‘Cognito’ class is just
my convenience wrapper!
I have chosen to implement
this as a Singleton at
App-scope
Your implementation may
be different
The only important thing is
that you instantiate a
CognitoCachingCredentialsProvider
39. Amazon S3 Connector: Transfer Manager
v
S3 Connector
• Multipart upload media (photos, videos, audio)
• Fault tolerant download (e.g. assets)
• No backend required
• Automatic retries
• Pause, resume, cancel functions
• Optimized for native OS
40. Pass Cognito Credentials to the
AWS S3 Transfer Manager constructor
v
Pass the Cognito Provider to the TransferManager S3
connector to construct based on the Cognito-acquired
AWS credentials
41. v
Initiate the download
Set up the download request and go!
42. v
Demo App
First, the Application instantiates a
CognitoCachingCredentialsProvider()
Then initiates a download, followed by an upload
43. Our Media App’s wish-list of features
Upload & Download media files to/from S3 buckets
v
Grant anonymous but secure access to AWS resources in our account
Grant authenticated access for users that log in via Public Identity Providers
Send push notifications to mobile devices
Store the media library inventory in the cloud so it can be queried by many users
Provide partitioned access to the media library based on Public and Private views
Synchronise user data across devices
Make all this available across devices (iOS, Android, Kindle) and web
Convert uploaded video files to various mobile/web formats
45. Next app: Implement Public & Private views
v
• Goals:
• User can be anonymous or they can choose to sign-in via Facebook
• If they are anonymous, we let them see a ‘Public’ view of the media library
• If they choose to sign-in, we let them see their own ‘Private’ view of the library
• Requirements:
• We will use Cognito to help with the Public and Private authentication
• Again, no AWS credentials in our mobile app!
• We want to enforce Fine-Grained Access Control on the database views
46. v
For this demo, we’ll use Facebook as our
Public Identity Provider
47. Next app: Implement Public & Private views
v
Mobile App
DynamoDB
OAUTH/OpenID
Access Token
Cognito Identity
Broker
Cognito ID,
Temp
Credentials
Query for results
filtered by
OwnerId
48. Using Facebook in your App
v
• Great how-to
https://developers.facebook.com/docs/
android/getting-started
57. Secure access to DynamoDB
v
Simply instantiate the
AmazonDynamoDBClient and
specify your Cognito provider as
the credential provider in the
constructor
58. Use the DynamoDB Mapper
v
Use the DynamoDB Mapper
annotations to decorate
your value object
Specify the HashKey,
RangeKey and the individual
Attributes in your value object
that should map to columns in
the DynamoDB table
59. Raw DynamoDB records example
v
Inventory is partitioned
based on the OwnerId
‘public’ is accessible
to the ‘guest’
Cognito Identity
Anything else must
match the identity of
the user accessing
the application
Assigned by
Cognito
automatically
60. Raw DynamoDB records example
v
Range Key
Each OwnerId
has multiple
Filenames
Hash Key
Each OwnerId
identifies a user by
their Cognito identity,
or ‘public’ if they didn’t
log on to Facebook
61. Querying the DynamoDB table from code
v
Querying the DynamoDB table is
simple!
The DynamoDB Mapper will map the
columns in the table to the fields in
your value object and return a typed
list of records ready to iterate
62. v
Demo App
Authenticated access
Guest access
• Gets token from Facebook
Connects to Cognito as anonymous user
• Passes token to Cognito
Gets AWS token and uses that to instantiate
a DynamoDB client
• Impersonates authenticated user
• Queries DynamoDB using the key ‘public’
• Queries DynamoDB using the key that matches
the Cognito Identity of this user
63. Raw DynamoDB records example
v
Inventory is partitioned
based on the OwnerId
‘public’ is accessible
to the ‘guest’
Cognito Identity
Anything else must
match the identity of
the user accessing
the application
64. FGAC on DynamoDB using IAM
Fine-Grained Access Control (FGAC)
v
• Restrict which Actions can be called by the user
• Restrict which DynamoDB Tables can be accessed by the user
• Restrict which rows in the table are accessible by the user
• Control which fields are accessible in the query results
65. FGAC on DynamoDB using IAM
v
The “Unauthenticated”
Role Policy
Control the actions the user
can invoke
66. FGAC on DynamoDB using IAM
v
Control the DynamoDB Table
the user can access
The “Unauthenticated”
Role Policy
67. FGAC on DynamoDB using IAM
v
The “Unauthenticated”
Role Policy
Restrict the Rows in the DynamoDB
table the user can access
68. FGAC on DynamoDB using IAM
v
Use the Cognito Id for this user to restrict
the rows that will be accessible to the user
The “Authenticated”
Role Policy
69. Our Media App’s wish-list of features
Upload & Download media files to/from S3 buckets
v
Grant anonymous but secure access to AWS resources in our account
Grant authenticated access for users that log in via Public Identity Providers
Send push notifications to mobile devices
Store the media library inventory in the cloud so it can be queried by many users
Provide partitioned access to the media library based on Public and Private views
Synchronise user data across devices
Make all this available across devices (iOS, Android, Kindle) and web
Convert uploaded video files to various mobile/web formats
71. SNS application targets
Each platform works differently, and push gets even more complex as you
scale to support millions of devices.
v
Cloud App
Platform Services Mobile Apps
72. SNS application targets
v
Amazon SNS
Cross-platform
Mobile Push
Apple APNS
Google GCM
Baidu CP
Amazon ADM
Windows WNS and MPNS
Apple iPhones and iPads
Android Phones and Tablets
Android Phones and Tablets in China
Kindle Fire Devices
Windows Desktop and Phones
With Amazon SNS, developers can send push notifications on multiple
platforms and reach mobile users around the world
Your application
back-end
73. Next App: SNS Push Notification App
v
• Goals:
• Application automatically registers with Google Cloud Messaging (GCM)
• The device registration Id is then sent to SNS to register as a device endpoint
• The application then subscribes that device endpoint to a well-known SNS topic
This topic is shared by all other devices using the application
• The application then confirms SNS Push Notifications are working by sending
a message to itself via SNS. The user sees a pop-up message.
• Later, whenever a message is sent to the shared SNS Topic,
all devices subscribed receive a pop-up notification
74. Next App: SNS Push Notification App
v
Mobile App
ENDPOINT APP
SNS Topic
SNS Application
TOPIC
Cognito
Create Platform
Endpoint
Subscribe to topic
Publish test
message to our
Endpoint
Push notification
from GCM
SNS
78. On the SNS Dashboard, create a new Topic
v
Note the Topic’s ARN
We will need this in our code to
subscribe the device to the topic
so we can receive notifications
79. Create a Google API Project
and obtain the Google Project ID
v
87. Instantiate Cognito Credentials Provider
v
Give Cognito your details
• Account Id
• Identity Pool ARN
• UnAuthenticated access Role ARN
• Authenticated access Role ARN
• The Region you are running Cognito in
88. Instantiate SNS using Credentials from Cognito
v
Again, this ‘Cognito’ class is just my convenience wrapper
implemented as a Singleton
89. Get the device registration ID from GCM
v
We’re requesting the device
identifier/token for this unique
device, against the Google
Project Id we created earlier
90. And register this device with the SNS App
v
The ‘deviceIdentifier’
is the device
token returned
from GCM for
this unique
device
91. Finally, subscribe the endpoint to the Topic
v
The endpoint is the ARN you got
back from the previous call to
getEndpointArn()
92. v
Demo App
At startup, we register this device
with the SNS Application
Then we subscribe this device
Endpoint to the global SNS Topic
We then send a test message from
the device to ourselves to confirm
the round trip is working
If we subsequently publish to the
global SNS Topic, all devices
subscribed will be notified
93. Our Media App’s wish-list of features
Upload & Download media files to/from S3 buckets
v
Grant anonymous but secure access to AWS resources in our account
Grant authenticated access for users that log in via Public Identity Providers
Send push notifications to mobile devices
Store the media library inventory in the cloud so it can be queried by many users
Provide partitioned access to the media library based on Public and Private views
Synchronise user data across devices
Make all this available across devices (iOS, Android, Kindle) and web
Convert uploaded video files to various mobile/web formats
94. But wait!
v
How did we initiate the
sending of the Push Notification to the
global SNS Topic?
95. Demo web page to send Push Notifications
v
Plain old Javascript and HTML!
The website is a standard HTML site with Javascript. It is
being served from S3, so no back-end servers
The magic comes from the AWS Javascript SDK
96. Demo web page to send Push Notifications
v
Topic ARN
This is the topic we subscribed
our application to when
it started up
Cognito Role
Cognito Identity Pool ID
This is the specific Cognito pool
we want to use for authentication
This is the IAM role we want to use –
we’re using the unauthenticated ‘guest’
role in this demo
99. Our Media App’s wish-list of features
Upload & Download media files to/from S3 buckets
v
Grant anonymous but secure access to AWS resources in our account
Grant authenticated access for users that log in via Public Identity Providers
Send push notifications to mobile devices
Store the media library inventory in the cloud so it can be queried by many users
Provide partitioned access to the media library based on Public and Private views
Synchronise user data across devices
Make all this available across devices (iOS, Android, Kindle) and web
Convert uploaded video files to various mobile/web formats
101. Next App: Shared application data
• Goals: v
• User is authenticated with Facebook
• Each time they modify gadgets in the app, the state of the
gadgets is synchronized with all other devices
using the application (for that user account)
• Verify these shared data changes in a companion web page, where the
user is also authenticated with Facebook, and is the same user principal
103. Add a Web application to FB
v
S3 bucket name
We’re using S3 to serve the web site in this example, but
you can use CloudFront, or EC2, or use a CNAME
104. Javascript code to read Cognito Sync Data
v
Instantiate the CognitoSync object
It will inherit the Cognito credentials from those we obtained
earlier from our call to CognitoIdentityCredentials()
105. Javascript code to read Cognito Sync Data
v
Specify our parameters
We need to specify the DatasetName that we want to connect to,
and the Cognito Identity information as shown
106. Javascript code to read Cognito Sync Data
v
Call CognitoSync::listRecords()
…and provide our params and a
callback
107. Javascript code to read Cognito Sync Data
v
OnSuccess()
…iterate the results and do something
interesting with the data records
108. v
Demo App
Web Page
The web page has access
to the shared data when
authenticated as the
Facebook User
Mobile application
…and the mobile
application has access to
the same shared data if
the user is logged on to
Facebook as the same
user
109. Our Media App’s wish-list of features
Upload & Download media files to/from S3 buckets
v
Grant anonymous but secure access to AWS resources in our account
Grant authenticated access for users that log in via Public Identity Providers
Send push notifications to mobile devices
Store the media library inventory in the cloud so it can be queried by many users
Provide partitioned access to the media library based on Public and Private views
Synchronise user data across devices
Make all this available across devices (iOS, Android, Kindle) and web
Convert uploaded video files to various mobile/web formats
111. Our Final App: Media Manager app
• Goals: v
• User can be an anonymous Guest user and share inventory with all other guest users
• User can authenticate with Facebook and see their own inventory
• User can capture video and upload it to their private inventory, or the public inventory
• Media uploaded is converted into adaptive bitrate formats and thumbnails for preview
• Video can be replayed via CloudFront by touching on the item
• Items can be deleted from the inventory by touching them
113. App Architecture - Delivery
v
Mobile App
DynamoDB
Elastic Beanstalk – Worker Tier
Elastic
Transcoder
SQS Queue
Auto-scaling
Worker Instances
S3 Output Bucket
CloudFront
Distribution
Adaptive bitrate
video stream
114. App Architecture – On Delete
v
Cognito Identity
Mobile App
DynamoDB
S3 Media
Storage Bucket
Elastic Beanstalk – Worker Tier
SQS Queue
Media Deletion
Long-running task
performed
asynchronously from the
user’s perspective
Auto-scaling
Worker Instances
115. Set up transcode pipeline
v
On Completion Event
Elastic Transcoder notifies this SNS topic when
the transcode is complete. We then forward
the notification to our Worker Tier queue.
116. Create transcode jobs via Java SDK
v
Specify the outputs
We are using various presets to create our
transcode outputs, including thumbnails
Create an HLS playlist
HLS is the streaming format we will use in this
demonstration app
Create the job
Call the ETS API to create the
job
119. Create Elastic Beanstalk Application
using the eb tool from the commandline
v
Provide your credentials
Use the Access Key and
Secret Key obtained from
the IAM Console
120. Create Elastic Beanstalk Application
using the eb tool from the commandline
v
Choose your region
We’ll use us-east-1
121. Create Elastic Beanstalk Application
using the eb tool from the commandline
v
Specify names
Provide a name for your
application and a name for the
environment (eg: Production)
122. Create Elastic Beanstalk Application
using the eb tool from the commandline
v
Specify the Tier
We’ll be using a Worker Tier
that manages reading from
the SQS queue for us
123. Create Elastic Beanstalk Application
using the eb tool from the commandline
v
Choose the stack
For this demo, we will be
using Java 7 in a Tomcat
container
124. Create Elastic Beanstalk Application
using the eb tool from the commandline
v
Select environment type
We’ll use a Load Balanced
configuration
125. Create Elastic Beanstalk Application
using the eb tool from the commandline
v
Create an RDS DB?
We don’t need an RDS
database so we skip this
126. Create Elastic Beanstalk Application
using the eb tool from the commandline
v
Finally, choose a Role
Select an IAM Role for
instances in this Worker Tier
to run in
127. v
Now we have our Elastic Beanstalk
Application set up, let’s deploy into it
128. Build and deploy to Elastic Beanstalk
using the AWS CLI tool from the commandline
v
Build WAR
We’re using Maven to build
our WAR
129. Build and deploy to Elastic Beanstalk
using the AWS CLI tool from the commandline
v
Push WAR to S3
We push the resulting WAR
file to our deployment bucket
130. Build and deploy to Elastic Beanstalk
using the AWS CLI tool from the commandline
v
Create Application Version
Create a new version for our
Elastic Beanstalk application
131. Build and deploy to Elastic Beanstalk
using the AWS CLI tool from the commandline
v
Update Environment Version
Update the running version on
our application’s environment
133. Our Media App’s wish-list of features
Upload & Download media files to/from S3 buckets
v
Grant anonymous but secure access to AWS resources in our account
Grant authenticated access for users that log in via Public Identity Providers
Send push notifications to mobile devices
Store the media library inventory in the cloud so it can be queried by many users
Provide partitioned access to the media library based on Public and Private views
Synchronise user data across devices
Make all this available across devices (iOS, Android, Kindle) and web
Convert uploaded video files to various mobile/web formats
135. Introducing: Amazon Lambda
AWS Lambda is a compute service that runs your code in response to events
v
and automatically manages the compute resources for you
AWS Lambda starts running your code within milliseconds of an event such
as a media file uploaded to S3
With AWS Lambda you pay only for the requests served and the compute time
required to run your code
Lambda runs your code on high-availability compute infrastructure
All you need to do is to provide the code to execute in response to an event
136. Using Lambda - Upload
v
Mobile App
S3 Upload Bucket
S3 Output Bucket
Cognito Identity Elastic
DynamoDB
Transcoder
Lambda function to submit
transcode job to Elastic
Transcoder
137. v
With Lambda, there is no need to run your own
fleet of compute instances to implement
our media application!
138. Amazon Lambda
With Lambda you do not have to provision your own instances
v
At launch AWS Lambda supports code written in Node.js
(Other language options will come)
Available now in Preview
Register now at: http://aws.amazon.com/lambda/preview/
139. v
We covered a lot of ground
in this deep-dive session!
140. v
Amazon Cognito
Amazon SNS Mobile Push
Powerful Cross-platform
Push notification service
DynamoDB Connector
S3 Connector
SQS Connector
User identity &
data synchronization
service
Store any NoSQL data and
also map mobile OS specific
objects to DynamoDB tables
Easily upload, download to S3 and
also pause, resume, and cancel
these operations
Access distributed buffering
and queuing service
AWS Mobile Services
141. v
Amazon S3
Amazon Elastic Transcode Service
Highly scalable,
media transcoding
in the cloud
Amazon CloudFront
Amazon Elastic Beanstalk
Amazon Identity and Access Management
Online file storage
web service
Content Delivery Network
(CDN)
Platform as a Service (PaaS)
Securely control access to
AWS services and resources
for your users
AWS Services & Features
142. AWS Mobile SDK
v Fully integrated AWS
mobile SDK
Cross-platform,
optimized for mobile
Automatically handles
intermittent and latent
network
Reduced memory
footprint
Common authentication
method across all
services
143. Online Labs | Training
Gain confidence and hands-on
experience with AWS. Watch free
Instructional Videos and explore Self-
Paced Labs
Instructor Led Classes
Learn how to design, deploy and operate
highly available, cost-effective and secure
applications on AWS in courses led by
qualified AWS instructors
AWS Certification
Validate your technical expertise
with AWS and use practice exams
to help you prepare for AWS
Certification
http://aws.amazon.com/training
Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services.
Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services.
Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services.
Architecturally, Amazon Cognito has two parts: Cognito identity Broker and Cognito Sync Store. Users first login with login provider of their choice and App with SDK does the rest.
In the past, to access cloud services, developers embed aws credentials which is access key id and secret key within the application, this is highly unsecure because it is easy to unip the apk file and get access to keys.
Now we make it extremely secure by not only create temprory creds that are valid only for one hour but also limiting the access to other data. The users only have access to store and sync in their own dataset.
Once you get the temp cred, you can access other AWS services like S3 to store video, for example, DynamoDB to store shared data like leaderboards, kinesis to store streaming data logs and so on.
Architecturally, Amazon Cognito has two parts: Cognito identity Broker and Cognito Sync Store. Users first login with login provider of their choice and App with SDK does the rest.
In the past, to access cloud services, developers embed aws credentials which is access key id and secret key within the application, this is highly unsecure because it is easy to unip the apk file and get access to keys.
Now we make it extremely secure by not only create temprory creds that are valid only for one hour but also limiting the access to other data. The users only have access to store and sync in their own dataset.
Once you get the temp cred, you can access other AWS services like S3 to store video, for example, DynamoDB to store shared data like leaderboards, kinesis to store streaming data logs and so on.
Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services.
Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services.
Such services are fully integrated with the rest of AWS offering, are optimized for mobile use cases, are accessible via a single Mobile SDK and share the same scalable, on-demand, global infrastructure of all our other AWS services.