rapid application development on aws
TRANSCRIPT
![Page 1: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/1.jpg)
Rapid Application Development on AWS
Oren Reuveni, Solutions Architect AWSOren Katz, Solutions Architect AWS
![Page 2: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/2.jpg)
This Session Is About:• “Rapid Application Development on AWS”
• Building and running application without having to manage infrastructure
![Page 3: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/3.jpg)
Amazon API GatewayAWS Lambda Amazon Cognito Amazon DynamoDB
Host the API and route API calls
Execute our app’s business logic
Generate temporary AWS credentials
NoSQL Data store
The Services We Are Going to Use
Amazon Elasticsearch
Analytics Cluster
ServiceCognito User Pools
![Page 4: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/4.jpg)
Full System Architecture slide…
![Page 5: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/5.jpg)
SpoTaxi
![Page 6: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/6.jpg)
SpoTaxi
![Page 7: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/7.jpg)
Amazon DynamoDB• Fully Managed NoSQL• Document Key-Value• Scales to Any Workload• Fast and Consistent• Access Control• Event Driven Programing
![Page 8: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/8.jpg)
Amazon Elasticsearch Service• Easy Cluster Creation and Configuration Management• Near Real Time Analytics• Support for Elk• Security with AWS IAM: Using IAM in our Lambda functions to access ES • Monitoring with Amazon CloudWatch• Auditing with AWS CloudTrail• Integration Option with other AWS Services:
• CloudWatch Logs• Amazon DynamoDB• Amazon S3• Amazon Kinesis
![Page 9: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/9.jpg)
Let’s Build The Data Store Tier…
![Page 10: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/10.jpg)
AWS Lambda• Serverless Event Driven Compute Service• Event Driven Scale • Sub-Second Billing• Bring Your Own Code• Flexible Invocation Paths• Simple Resource Model• Granular Permission Control
• Let’s discuss shortly Lambda and Amazon EC2 Container Service (ECS)
![Page 11: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/11.jpg)
Amazon API Gateway• Host multiple versions and stages of your APIs• Create and distribute Keys to Developers• Leverage Signature version 4 to authorize access to APIs• Throttle and monitor request to protect your backend• Utilize AWS Lambda• Benefits:
• Managed cache to store API respones• Reduced Latency and DDOS protection through Amazon CloudFront• SDK Generation for iOS, Android and JavaScript• Swagger Support• Request/Response Data Transformation• Utilize all services including on premise if you wish.
![Page 12: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/12.jpg)
Amazon Cognito User Pools• Create and maintain a user directory• Sign-in to your web application or mobile app using user pools• Scale to hundreds of millions of users • Design to provide simple secure and low cost options• Use-Cases:
• User Sign-In and Sign-Up• Email or Phone number verification• Forgot password• User profile• SMS-Based MFA
![Page 13: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/13.jpg)
Comprehensive User Scenarios
Email or phone number Verification
Forgot Password
User sign-up and sign-in
Users verify their email address or phone number prior to activating an account
Users can change their password if they forget it
Users sign-up using email, phone number or user name and password.Users can then sign-in.
User Profile Retrieve and update user profiles, including custom attributes
SMS-based MFAIf enabled, users complete Multi-Factor Authentication (MFA) with a confirmation code via SMS as part of sign-in and forgot password flows
![Page 14: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/14.jpg)
Authentication FlowAmazon Cognito
User Pools
Amazon API Gateway
Custom AuthorizerLambda Function
/pets Lambda Function
/n… Lambda Function
Amazon DynamoDB Th
rott
ling
Cach
e
Logg
ing
Mon
itorin
g
Auth
Mobile apps
Lets walk through this step by step…
![Page 15: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/15.jpg)
Amazon Cognito User Pools
Amazon API Gateway
Custom AuthorizerLambda Function
/pets Lambda Function
/n… Lambda Function
Amazon DynamoDB Th
rott
ling
Cach
e
Logg
ing
Mon
itorin
g
Auth
Mobile apps
Step 1: User signs up for an account with our Amazon Cognito User Pool, providing their email, telephone number & password (+ any custom attributes).
Amazon Cognito can automatically verify the user’s email address and/or phone number if required.Sig
nUp(at
tribut
es)
Authentication Flow
![Page 16: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/16.jpg)
Amazon Cognito User Pools
Amazon API Gateway
Custom AuthorizerLambda Function
/pets Lambda Function
/n… Lambda Function
Amazon DynamoDB Th
rott
ling
Cach
e
Logg
ing
Mon
itorin
g
Auth
Mobile apps
Step 2: At some point in the future, the user wants to sign in. We can now authenticate the user.
Authen
ticate
(user,
pass)
Authentication Flow
![Page 17: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/17.jpg)
Amazon Cognito User Pools
Amazon API Gateway
Custom AuthorizerLambda Function
/pets Lambda Function
/n… Lambda Function
Amazon DynamoDB Th
rott
ling
Cach
e
Logg
ing
Mon
itorin
g
Auth
Mobile apps
Optional: If MFA is enabled (either for this user, or all users), Amazon Cognito will SMS or email a one time authentication code to the user.
MFA Co
de
Authentication Flow
![Page 18: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/18.jpg)
Amazon Cognito User Pools
Amazon API Gateway
Custom AuthorizerLambda Function
/pets Lambda Function
/n… Lambda Function
Amazon DynamoDB Th
rott
ling
Cach
e
Logg
ing
Mon
itorin
g
Auth
Mobile apps
Step 3: After a successful authentication, Amazon Cognito responds with a signed JSON Web Token (JWT) containing the user’s details.
JWT To
ken
Authentication Flow
![Page 19: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/19.jpg)
Amazon Cognito User Pools
Amazon API Gateway
Custom AuthorizerLambda Function
/pets Lambda Function
/n… Lambda Function
Amazon DynamoDB Th
rott
ling
Cach
e
Logg
ing
Mon
itorin
g
Auth
Mobile apps
Step 4: You are now ready to call your backend API’s from your mobile application.
The JWT is passed in via the Authorization HTTP header.
GET /pets HTTP/1.1Host: ...Authorization: eyJraWQiOi…
Authentication Flow
![Page 20: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/20.jpg)
Amazon Cognito User Pools
Amazon API Gateway
Custom AuthorizerLambda Function
/pets Lambda Function
/n… Lambda Function
Amazon DynamoDB Th
rott
ling
Cach
e
Logg
ing
Mon
itorin
g
Auth
Mobile apps
Step 5: API Gateway calls your custom authorizer function which validates the JWT token and creates an IAM policy that defines which API resources the user can access (based on their user attributes in the JWT claims).
GET /pets HTTP/1.1Host: ...Authorization: eyJraWQiOi…
Authentication Flow
![Page 21: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/21.jpg)
Amazon Cognito User Pools
Amazon API Gateway
Custom AuthorizerLambda Function
/pets Lambda Function
/n… Lambda Function
Amazon DynamoDB Th
rott
ling
Cach
e
Logg
ing
Mon
itorin
g
Auth
Mobile apps
Step 6: Additionally, the custom authorizer function will need to check that the JWT hasn’t been tampered with.
To do this, it needs the signing public key (JWK) from Amazon Cognito.
GET /pets HTTP/1.1Host: ...Authorization: eyJraWQiOi…
Authentication Flow
![Page 22: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/22.jpg)
Amazon Cognito User Pools
Amazon API Gateway
Custom AuthorizerLambda Function
/bid
/n… Lambda Function
Amazon DynamoDB Th
rott
ling
Cach
e
Logg
ing
Mon
itorin
g
Auth
Mobile apps
Step 7: If authentication was successful, the API call will be passed through to the backend Lambda functions where your logic sits.
Authentication is cached for each token (up to 1 hour).
GET /pets HTTP/1.1Host: ...Authorization: eyJraWQiOi…
Authentication Flow
/find
![Page 23: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/23.jpg)
Let’s Build the Logic/API/Users Mgmt. Tier…
![Page 24: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/24.jpg)
SpoTaxi
![Page 25: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/25.jpg)
SpoTaxi
![Page 26: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/26.jpg)
![Page 27: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/27.jpg)
Appendix Slides…
![Page 28: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/28.jpg)
SpoTaxi
![Page 29: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/29.jpg)
SpoTaxi
![Page 30: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/30.jpg)
SpoTaxi
![Page 31: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/31.jpg)
SpoTaxi
![Page 32: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/32.jpg)
SpoTaxi
![Page 33: Rapid Application Development on AWS](https://reader036.vdocuments.mx/reader036/viewer/2022070603/586fb3f31a28abe57d8b6ed7/html5/thumbnails/33.jpg)
SpoTaxi