(mbl310) workshop: build ios apps using aws mobile services | aws re:invent 2014

Authenticate users

Authorize access

Analyze User Behavior

Store and share media

Synchronize data

Deliver media

Store shared data

Stream real-time dataTrack Retention

Send push notifications

Manage users and

identity providers

Securely access

cloud resources

Sync user prefs

across devices

Track active users,

engagement

Manage funnels,

Campaign performances

Store user-generated photos

Media and share them

Automatically detect mobile devices

Deliver content quickly globally

Bring users back to your app by sending

messages reliably

Store and query fast NoSQL data

across users and devices

Collect real-time clickstream logs

and take actions quickly

Your

Mobile

App

Authenticate users

Authorize access



Synchronize data

AWS Mobile SDK

Amazon Mobile

Analytics

Deliver media

Amazon Cognito

(Sync)

AWS Identity and

Access Management

Amazon Cognito

(Identity)Amazon S3

Transfer Manager

Amazon CloudFront

(Device Detection)

Store shared dataAmazon DynamoDB

(Object Mapper)

Stream real-time dataAmazon Kinesis

(Recorder)

Track RetentionAmazon Mobile

Analytics

Send push notificationsAmazon SNS

Mobile Push

Your

Mobile

App

Manage authenticated

and guest users across

identity providers

Guest

Identity Management

Synchronize user’s data

across devices and

platforms via the cloud

Data Synchronization

Securely access AWS

services from mobile

devices and platforms

Secure AWS Access

Guest Your own

Auth

Identity

Providers

Unique

IdentitiesJoe Anna Bob

Any Device

Any Platform

Any Service

Helps implement security best

practicesSecurely access any AWS service from a

mobile device. It simplifies the interaction with

IAM.

Support Multiple Login ProvidersEasily integrate with major login providers for

authentication.

Unique Users vs. DevicesManage unique identities. Automatically

recognize unique users across devices and

platforms.

Mobile

AnalyticsAmazon

S3DynamoDB Amazon

Kinesis

Unique Identifier for Your “Things”“Headless” connected devices can also

securely access cloud services.

Save Data to the CloudSave app and device data to the cloud and

merge them after login.

Guest User AccessSecurely access AWS resources and leverage

app features without the need to create an

account or logging in.

Visitor

Preferences

Amazon

Cognito

Sync

Guest

Amazon

EC2

Amazon

S3

DynamoDB

Amazon

Kinesis

Set granular access permissions on AWS

resources

Get fine-grained access control to cloud

resources.

Safeguard AWS Credentials

No need to embed credentials in the app

anymore. Get least-privileged temporary

credentials.

Helps implement security best practices

Securely access any AWS service. It simplifies

the interaction with Amazon Security Token

Service and removes the need of Token

Vending Machine.

Amazon

EC2Amazon

S3DynamoDB Amazon

Kinesis

• Identity Pool: Pool of app users. Can be

shared across apps.

• Identity: An individual user. Consistent

across identity providers. Can be a guest

user.

• Login: Identifier in a login provider.

AWS Account

Dataset

IdentityIdentityIdentity

DatasetLogin

Identity

Pool

1:60

1:n

0:n

Sign up for an AWS account and login to the AWS Management

Console

Download and integrate the AWS Mobile SDK and store

and sync user data in a dataset

Create identitypool for authenticated and unauthenticated

users in the AWS Management Console

AssumeRoleWithWebIdentity

Login


All this is handled by the credentials provider.

– Identity Provider Access

{

"Version": "2012-10-17",

"Statement": [ {

"Effect": "Allow",

"Principal": { "Federated": "cognito-identity.amazonaws.com" },

"Action": "sts:AssumeRoleWithWebIdentity",

"Condition": {

"StringEquals": {

"cognito-identity.amazonaws.com:aud":

"us-east-1:12345678-dead-beef-cafe-123456790ab"

},

"ForAnyValue:StringLike": {

"cognito-identity.amazonaws.com:amr": "unauthenticated"

}

}

} ]

}

{

"Version": "2012-10-17",

"Statement": [ {

"Effect": "Allow",



"Condition": {

"StringEquals": {



},



}

}

} ]

}

Defines that we should trust Amazon Cognito

{

"Version": "2012-10-17",

"Statement": [ {

"Effect": "Allow",



"Condition": {

"StringEquals": {



},



}

}

} ]

}

Defines that we should trust identities from our pool

{

"Version": "2012-10-17",

"Statement": [ {

"Effect": "Allow",



"Condition": {

"StringEquals": {



},



}

}

} ]

}

Defines that we should trust unauthenticated identities

{

"Version": "2012-10-17",

"Statement": [{

"Action": [

"mobileanalytics:PutEvents",

"cognito-sync:*"

],

"Effect": "Allow",

"Resource": [ "*" ]

}]

}

{

"Version": "2012-10-17",

"Statement": [{

"Action": [


"cognito-sync:*"

],

"Effect": "Allow",

"Resource": [ "*" ]

}]

}

Grants access to Analytics and Amazon Cognito Sync

{

"Version": "2012-10-17",

"Statement": [{

"Action": [


"cognito-sync:*"

],

"Effect": "Allow",

"Resource": [ "*" ]

}]

}

May seem too permissive, but Amazon Cognito Sync

prevents identities accessing others data.

${cognito-identity.amazonaws.com:sub}




Will be replaced by the identity ID

People have multiple devices and want to transition between devices.

Implementing a user profile that syncs across devices, OS, and apps is hard.

It not only has to work when offline, but it must be easy to integrate with existing apps.

• Store App Data, Preferences, and State

• Work Offline

• No Backend

User

Data

Identity Pool

• Identity Pool: Pool of app users. Can be

shared across apps.

• Identity: An individual user. Consistent

across identity providers. Can be a guest

user.

• Dataset: Per user grouping of data. The

most granular level of sync. Up to 1 MB.

• Record: Key-value pair.

AWS Account

Dataset

IdentityIdentityIdentity

DatasetDataset

Identity

Pool

1:60

1:n

1:20

DatasetDataset

Record

1:1024

Developer Economics

State of the Developer Nation Q3 2014

© VisionMobile

timely manner

own their mobile data

Scalable and Generous

Free Tier

Focus on metrics that

matter. Usage reports

available within 60

minutes of receiving data

from an app.

Fast

Scale to billions of

events per day from

millions of users.

Own Your Data

“Easily collect, visualize, and understand your app usage data at scale”

Data collected are not

shared, aggregated, or

reused.

Key Business Metrics

(with one line of code)

1. Monthly Active Users (MAU)

2. Daily Active Users (DAU)

3. New Users

4. Daily Sessions

5. Sticky Factor

6. 1-Day Retention

7. Avg. Revenue per DAU

8. Daily Paying Users

9. Avg. Paying DAU

Track Retention

User retention is a key

indicator to judge the outcome

of a marketing campaign, new

feature introduction, UX

changes, app updates, etc.

Mobile Analytics provide four

charts to track daily or weekly

rate of returning users, after

first use of the app.

Get behavioral insights into app-specific

actions that your users take.

Reports provide a view of how often custom

events occur. You can add further context

with Attributes and Metrics, to each custom

event.

Examples

Track the number of

Likes/Shares, per

article, in a news app

Understand player

abort rates per

level, in a game

Number of songs

played, per user

session, in a music

app

In-app item popularity

in a shopping app

Sign up for an AWS account and create or use an existing

Amazon Cognito ID in the AWS Management Console

View engagement and session activity reports in the

AWS Management Console within minutes

Download and integrate the AWS Mobile SDK with one

line of code (Android/FireOS, iOS)

S3 Connector

Multipart upload media (photos, videos, audio)

Fault tolerant download (e.g., assets)

No backend required

Automatic retries

Pause, resume, cancel functions

Optimized for native OS

Amazon S3 Custom

OR

User requestsEdge location

(cache + network optimizations) Origin

Get content Get content

ContentContent

How Amazon CloudFront Works

Dallas (2)

St.Louis

Miami

JacksonvilleLos Angeles (2)

Palo Alto

Seattle

Ashburn (3)

Newark

New York (3)

Dublin

London (2)

Amsterdam (3)

Stockholm

Frankfurt (3)Paris (2)

Singapore (2)

Hong Kong (2)

Tokyo (2)

Sao Paulo

South Bend

San Jose

Milan

Sydney

Madrid

Seoul

Mumbai

Chennai

Atlanta

Hayward

Rio de Janeiro

Marseille

Warsaw

Osaka

Manila

Taipei

Melbourne

Joe Anna Bob

High Scores

Joe 1500

Anna 800

Bob 750

DynamoDB Connector: Object Mapper

Simplifies access to DynamoDB in

your app

Map client-side classes to

DynamoDB tables

Removes the need to transform

objects into tables and vice versa

Geo Library for DynamoDB

• Amazon Mobile Analytics

• Amazon S3 TransferManager

• DynamoDB Object Mapper

Apple APNS

Google GCM

Amazon ADM

Amazon SNS

Mobile Push

Apple APNS

Google GCM

Amazon ADM

Amazon SNS

Mobile Push

ARN 1

Token A

ARN 2

Token B

ARN 3

Token C

Amazon SNS

Mobile PushToken

Registration

Token

Feedback

Cloud App

Apple APNS

Google GCM

Amazon ADM

Amazon SNS

Mobile Push

ARN 1

Token A

ARN 2

Token B

ARN 3

Token C

Token X

Token Y

Publish

Publish

Publish

Publish

Direct Publishing Broadcast with Amazon SNS Topics

Geography Activity Product

US – West Coast Daily Actives Flapping Bird Rio

Interest Tier Segment

49ers Premium Top 100 Players

• Elastic Beanstalk

– No additional costs, you pay only for the AWS resources you use

– Environment tier

• Web Server (JSON)

• Worker (Amazon SQS)

– Publish with tools you already use

• Eclipse

• Visual Studio

• Git

IIS Node.js PHP Python Ruby Tomcat Docker

Deploy

Your

Backend

Application

Kinesis

Connector

Batching of requests

Notification when batch size is reached

Handles any arbitrary data

https://github.com/awslabs/amazon-kinesis-client

https://github.com/awslabs/amazon-kinesis-client-

python

https://github.com/awslabs/amazon-kinesis-connectors

https://github.com/awslabs/kinesis-storm-spout

https://github.com/awslabs/amazon-kinesis-client

https://github.com/awslabs/amazon-kinesis-client-python

https://github.com/awslabs/amazon-kinesis-connectors

https://github.com/awslabs/kinesis-storm-spout

Your own UsernameAnd Password

Your own user authentication system

Several apps prefer to have their own username

and password instead of public identity providers

for authentication.

Manage mappings easily

Cognito manages the mappings across login

systems (public or private) using a unique

Amazon Cognito ID.

Easily integrate with existing systems

Implement GetOpenIdTokeForDeveloperIdentity()

using our server-side SDKs like Java, Python,

Ruby etc.

Lo

gin

GetOpenIdTokenForDeveloperIdentity

acce

ss_

toke

n

GetOpenIdTokenForDeveloperIdentity

Authenticate users

Authorize access



Synchronize data

AWS Mobile SDK

Amazon Mobile

Analytics

Deliver media

Amazon Cognito

(Sync)

AWS Identity and

Access Management

Amazon Cognito

(Identity)Amazon S3

Transfer Manager

Amazon CloudFront

(Device Detection)

Store shared dataAmazon DynamoDB

(Object Mapper)

Stream real-time dataAmazon Kinesis

(Recorder)

Track RetentionAmazon Mobile

Analytics

Send push notificationsAmazon SNS

Mobile Push

Your

Mobile

App

• AWS Mobile Homehttp://aws.amazon.com/mobile

• AWS Mobile Bloghttp://mobile.awsblog.com

• Twitter@awsformobile

• Forumshttp://forums.aws.amazon.com

• StackOverflowhttp://stackoverflow.com/tags/amazon-web-services

• GitHubhttp://github.com/aws/

http://github.com/awslabs/

http://mobile.awsblog.com

http://forums.aws.amazon.com

http://stackoverflow.com/tags/amazon-web-services

http://github.com/aws/

http://github.com/awslabs/

Please give us your feedback on this

presentation

Please give us your feedback on this session.

Complete session evaluations and earn re:Invent swag.

http://bit.ly/awsevals

http://bit.ly/awsevals

(mbl310) workshop: build ios apps using aws mobile services | aws re:invent 2014

Technology