(mbl310) workshop: build ios apps using aws mobile services | aws re:invent 2014
DESCRIPTION
Learn how to build a powerful iOS app that leverages a variety of AWS services. In this three-hour, demo-heavy workshop, we show how you can build a modern native client app using Apple Swift and the AWS Mobile SDK that uses a number of cross-platform mobile cloud services directly with minimal code on the client. We share best practices for building a highly scalable backend so you can add your own functionality. This is a step-by-step journey where you configure and add components to your architecture, then modify and test your components inside a mobile location-based messaging app. In the end, you will have a mobile app with your own backend consisting of different AWS services including: Amazon Cognito, Amazon Mobile Analytics, Amazon SNS Push Notification, Amazon S3, Amazon CloudFront, Amazon CloudSearch, Amazon DynamoDB, Amazon SQS, and AWS Elastic Beanstalk.TRANSCRIPT
Authenticate users
Authorize access
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Store shared data
Stream real-time dataTrack Retention
Send push notifications
Manage users and
identity providers
Securely access
cloud resources
Sync user prefs
across devices
Track active users,
engagement
Manage funnels,
Campaign performances
Store user-generated photos
Media and share them
Automatically detect mobile devices
Deliver content quickly globally
Bring users back to your app by sending
messages reliably
Store and query fast NoSQL data
across users and devices
Collect real-time clickstream logs
and take actions quickly
Your
Mobile
App
Authenticate users
Authorize access
Analyze User Behavior
Store and share media
Synchronize data
AWS Mobile SDK
Amazon Mobile
Analytics
Deliver media
Amazon Cognito
(Sync)
AWS Identity and
Access Management
Amazon Cognito
(Identity)Amazon S3
Transfer Manager
Amazon CloudFront
(Device Detection)
Store shared dataAmazon DynamoDB
(Object Mapper)
Stream real-time dataAmazon Kinesis
(Recorder)
Track RetentionAmazon Mobile
Analytics
Send push notificationsAmazon SNS
Mobile Push
Your
Mobile
App
Manage authenticated
and guest users across
identity providers
Guest
Identity Management
Synchronize user’s data
across devices and
platforms via the cloud
Data Synchronization
Securely access AWS
services from mobile
devices and platforms
Secure AWS Access
Guest Your own
Auth
Identity
Providers
Unique
IdentitiesJoe Anna Bob
Any Device
Any Platform
Any Service
Helps implement security best
practicesSecurely access any AWS service from a
mobile device. It simplifies the interaction with
IAM.
Support Multiple Login ProvidersEasily integrate with major login providers for
authentication.
Unique Users vs. DevicesManage unique identities. Automatically
recognize unique users across devices and
platforms.
Mobile
AnalyticsAmazon
S3DynamoDB Amazon
Kinesis
Unique Identifier for Your “Things”“Headless” connected devices can also
securely access cloud services.
Save Data to the CloudSave app and device data to the cloud and
merge them after login.
Guest User AccessSecurely access AWS resources and leverage
app features without the need to create an
account or logging in.
Visitor
Preferences
Amazon
Cognito
Sync
Guest
Amazon
EC2
Amazon
S3
DynamoDB
Amazon
Kinesis
Set granular access permissions on AWS
resources
Get fine-grained access control to cloud
resources.
Safeguard AWS Credentials
No need to embed credentials in the app
anymore. Get least-privileged temporary
credentials.
Helps implement security best practices
Securely access any AWS service. It simplifies
the interaction with Amazon Security Token
Service and removes the need of Token
Vending Machine.
Amazon
EC2Amazon
S3DynamoDB Amazon
Kinesis
• Identity Pool: Pool of app users. Can be
shared across apps.
• Identity: An individual user. Consistent
across identity providers. Can be a guest
user.
• Login: Identifier in a login provider.
AWS Account
Dataset
IdentityIdentityIdentity
DatasetLogin
Identity
Pool
1:60
1:n
0:n
Sign up for an AWS account and login to the AWS Management
Console
Download and integrate the AWS Mobile SDK and store
and sync user data in a dataset
Create identitypool for authenticated and unauthenticated
users in the AWS Management Console
Login
AssumeRoleWithWebIdentity
Login
AssumeRoleWithWebIdentity
All this is handled by the credentials provider.
– Identity Provider Access
{
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": { "Federated": "cognito-identity.amazonaws.com" },
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud":
"us-east-1:12345678-dead-beef-cafe-123456790ab"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}
} ]
}
{
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": { "Federated": "cognito-identity.amazonaws.com" },
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud":
"us-east-1:12345678-dead-beef-cafe-123456790ab"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}
} ]
}
Defines that we should trust Amazon Cognito
{
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": { "Federated": "cognito-identity.amazonaws.com" },
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud":
"us-east-1:12345678-dead-beef-cafe-123456790ab"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}
} ]
}
Defines that we should trust identities from our pool
{
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": { "Federated": "cognito-identity.amazonaws.com" },
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud":
"us-east-1:12345678-dead-beef-cafe-123456790ab"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}
} ]
}
Defines that we should trust unauthenticated identities
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [ "*" ]
}]
}
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [ "*" ]
}]
}
Grants access to Analytics and Amazon Cognito Sync
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [ "*" ]
}]
}
May seem too permissive, but Amazon Cognito Sync
prevents identities accessing others data.
${cognito-identity.amazonaws.com:sub}
${cognito-identity.amazonaws.com:sub}
${cognito-identity.amazonaws.com:sub}
${cognito-identity.amazonaws.com:sub}
Will be replaced by the identity ID
${cognito-identity.amazonaws.com:sub}
${cognito-identity.amazonaws.com:sub}
Will be replaced by the identity ID
People have multiple devices and want to transition between devices.
Implementing a user profile that syncs across devices, OS, and apps is hard.
It not only has to work when offline, but it must be easy to integrate with existing apps.
• Store App Data, Preferences, and State
• Work Offline
• No Backend
User
Data
Identity Pool
• Identity Pool: Pool of app users. Can be
shared across apps.
• Identity: An individual user. Consistent
across identity providers. Can be a guest
user.
• Dataset: Per user grouping of data. The
most granular level of sync. Up to 1 MB.
• Record: Key-value pair.
AWS Account
Dataset
IdentityIdentityIdentity
DatasetDataset
Identity
Pool
1:60
1:n
1:20
DatasetDataset
Record
1:1024
Developer Economics | State of the Developer Nation Q3 2014 | © VisionM obile | All rights reserved | www.developereconomics.com/go 27
Developer Economics
State of the Developer Nation Q3 2014
© VisionMobile
timely manner
own their mobile data
Scalable and Generous
Free Tier
Focus on metrics that
matter. Usage reports
available within 60
minutes of receiving data
from an app.
Fast
Scale to billions of
events per day from
millions of users.
Own Your Data
“Easily collect, visualize, and understand your app usage data at scale”
Data collected are not
shared, aggregated, or
reused.
Key Business Metrics
(with one line of code)
1. Monthly Active Users (MAU)
2. Daily Active Users (DAU)
3. New Users
4. Daily Sessions
5. Sticky Factor
6. 1-Day Retention
7. Avg. Revenue per DAU
8. Daily Paying Users
9. Avg. Paying DAU
Track Retention
User retention is a key
indicator to judge the outcome
of a marketing campaign, new
feature introduction, UX
changes, app updates, etc.
Mobile Analytics provide four
charts to track daily or weekly
rate of returning users, after
first use of the app.
Get behavioral insights into app-specific
actions that your users take.
Reports provide a view of how often custom
events occur. You can add further context
with Attributes and Metrics, to each custom
event.
Examples
Track the number of
Likes/Shares, per
article, in a news app
Understand player
abort rates per
level, in a game
Number of songs
played, per user
session, in a music
app
In-app item popularity
in a shopping app
Sign up for an AWS account and create or use an existing
Amazon Cognito ID in the AWS Management Console
View engagement and session activity reports in the
AWS Management Console within minutes
Download and integrate the AWS Mobile SDK with one
line of code (Android/FireOS, iOS)
S3 Connector
Multipart upload media (photos, videos, audio)
Fault tolerant download (e.g., assets)
No backend required
Automatic retries
Pause, resume, cancel functions
Optimized for native OS
Amazon S3 Custom
OR
User requestsEdge location
(cache + network optimizations) Origin
Get content Get content
ContentContent
How Amazon CloudFront Works
Dallas (2)
St.Louis
Miami
JacksonvilleLos Angeles (2)
Palo Alto
Seattle
Ashburn (3)
Newark
New York (3)
Dublin
London (2)
Amsterdam (3)
Stockholm
Frankfurt (3)Paris (2)
Singapore (2)
Hong Kong (2)
Tokyo (2)
Sao Paulo
South Bend
San Jose
Milan
Sydney
Madrid
Seoul
Mumbai
Chennai
Atlanta
Hayward
Rio de Janeiro
Marseille
Warsaw
Osaka
Manila
Taipei
Melbourne
Joe Anna Bob
High Scores
Joe 1500
Anna 800
Bob 750
DynamoDB Connector: Object Mapper
Simplifies access to DynamoDB in
your app
Map client-side classes to
DynamoDB tables
Removes the need to transform
objects into tables and vice versa
Geo Library for DynamoDB
• Amazon Mobile Analytics
• Amazon S3 TransferManager
• DynamoDB Object Mapper
Apple APNS
Google GCM
Amazon ADM
Amazon SNS
Mobile Push
Apple APNS
Google GCM
Amazon ADM
Amazon SNS
Mobile Push
ARN 1
Token A
ARN 2
Token B
ARN 3
Token C
Amazon SNS
Mobile PushToken
Registration
Token
Feedback
Cloud App
Apple APNS
Google GCM
Amazon ADM
Amazon SNS
Mobile Push
ARN 1
Token A
ARN 2
Token B
ARN 3
Token C
Token X
Token Y
Publish
Publish
Publish
Publish
Direct Publishing Broadcast with Amazon SNS Topics
Geography Activity Product
US – West Coast Daily Actives Flapping Bird Rio
Interest Tier Segment
49ers Premium Top 100 Players
• Elastic Beanstalk
– No additional costs, you pay only for the AWS resources you use
– Environment tier
• Web Server (JSON)
• Worker (Amazon SQS)
– Publish with tools you already use
• Eclipse
• Visual Studio
• Git
IIS Node.js PHP Python Ruby Tomcat Docker
Deploy
Your
Backend
Application
Kinesis
Connector
Batching of requests
Notification when batch size is reached
Handles any arbitrary data
https://github.com/awslabs/amazon-kinesis-client
https://github.com/awslabs/amazon-kinesis-client-
python
https://github.com/awslabs/amazon-kinesis-connectors
https://github.com/awslabs/kinesis-storm-spout
Your own UsernameAnd Password
Your own user authentication system
Several apps prefer to have their own username
and password instead of public identity providers
for authentication.
Manage mappings easily
Cognito manages the mappings across login
systems (public or private) using a unique
Amazon Cognito ID.
Easily integrate with existing systems
Implement GetOpenIdTokeForDeveloperIdentity()
using our server-side SDKs like Java, Python,
Ruby etc.
Lo
gin
GetOpenIdTokenForDeveloperIdentity
AssumeRoleWithWebIdentity
acce
ss_
toke
n
GetOpenIdTokenForDeveloperIdentity
AssumeRoleWithWebIdentity
Authenticate users
Authorize access
Analyze User Behavior
Store and share media
Synchronize data
AWS Mobile SDK
Amazon Mobile
Analytics
Deliver media
Amazon Cognito
(Sync)
AWS Identity and
Access Management
Amazon Cognito
(Identity)Amazon S3
Transfer Manager
Amazon CloudFront
(Device Detection)
Store shared dataAmazon DynamoDB
(Object Mapper)
Stream real-time dataAmazon Kinesis
(Recorder)
Track RetentionAmazon Mobile
Analytics
Send push notificationsAmazon SNS
Mobile Push
Your
Mobile
App
• AWS Mobile Homehttp://aws.amazon.com/mobile
• AWS Mobile Bloghttp://mobile.awsblog.com
• Twitter@awsformobile
• Forumshttp://forums.aws.amazon.com
• StackOverflowhttp://stackoverflow.com/tags/amazon-web-services
• GitHubhttp://github.com/aws/
http://github.com/awslabs/
Please give us your feedback on this
presentation
Please give us your feedback on this session.
Complete session evaluations and earn re:Invent swag.
http://bit.ly/awsevals