Every business needs a mobile app, and AWS has the tools and services to make it easy to design, build and test apps. We will cover authentication, authorisation and quota management using Cognito User pools and Amazon API Gateway; building apps from scratch that integrate with SaaS products using AWS Mobile Hub; testing physical devices using Amazon Device Farm; and reaching out to your customers using Amazon PinPoint.
Speakers:
Ed Lima, Associate Solutions Architect, Amazon Web Services
Arden Packeer, Enterprise Solutions Architect, Amazon Web Services
6. AWS for Mobile App Development
User authN and authZ
Analyse user behaviour
Store and share media
Synchronise data
Deliver media
Amazon Cognito
(Sync)
Amazon Cognito
IAM
(access control)
Amazon S3
Amazon CloudFront
Store data
Amazon DynamoDB
Amazon RDS
Track retention
Amazon Pinpoint
Send push notifications
Amazon SNS Mobile Push
Amazon Pinpoint
Run server-side logic
AWS Lambda
Amazon API Gateway
Amazon Lex
Accept conversational input
Amazon Pinpoint
AWS Mobile SDKs
AWS Mobile Hub
7. Mobile Hub Auto-provisions Mobile Services
AWS
IDENTITY AND ACCESS
MANAGEMENT
AMAZON
S3
AMAZON
CLOUDFRONT
AMAZON
COGNITO
AMAZON
PINPOINT
AMAZON
SNS
AWS
DEVICE FARM
AMAZON
DYNAMODB
AWS
LAMBDA
AMAZON
API GATEWAY
8. Deploy
Deploy your App to AWS
Test
Device Farm: Test Android,
iOS, and Web Apps on Real
Devices in the Cloud
Pinpoint: Collect and
Analyse app analytics
Measure
Develop
Mobile SDK: Build apps for iOS,
Android, Unity and more
Pinpoint, SNS & SES:
Send Push, SMS & Email
notifications
Engage
12. Cognito Identity Management
User Pools
Add sign-up and sign-in with a fully managed
user directory
Your users can sign in through 3rd party identity
providers, such as Facebook, Twitter, and SAML
providers, and you can control access
to AWS resources from your app.
3rd Party Identity Providers
• Facebook, SAML, etc
Managed Identities
• Sign-up, Sign-in, MFA
Federated Identity
15. Cognito User Pools Authorizer
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
Policy
cache
Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudFront
API
Gateway
Cognito User
Pools
403
16. Authentication Flow
Amazon Cognito
User Pools
Amazon API
Gateway
/items Lambda
Function
/n… Lambda
Function
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Mobile / Web
apps
Lets walk through
this step by step…
17. Authentication Flow
Amazon Cognito
User Pools
Amazon API
Gateway
/items Lambda
Function
/n… Lambda
Function
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 1: User signs up for an account
with our Amazon Cognito User Pool,
providing their email, telephone number
& password (+ any custom attributes).
Amazon Cognito can automatically verify
the user’s email address and/or phone
number if required.
Mobile / Web
apps
18. Authentication Flow
Amazon Cognito
User Pools
Amazon API
Gateway
/items Lambda
Function
/n… Lambda
Function
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 2: At some point in the
future, the user wants to sign in.
We can now authenticate
the user.
Mobile / Web
apps
19. Authentication Flow
Amazon Cognito
User Pools
Amazon API
Gateway
/items Lambda
Function
/n… Lambda
Function
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Optional: If MFA is enabled
(either for this user, or all users),
Amazon Cognito will SMS or
email a one time authentication
code to the user.
Mobile / Web
apps
20. Authentication Flow
Amazon Cognito
User Pools
Amazon API
Gateway
/items Lambda
Function
/n… Lambda
Function
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 3: After a successful
authentication, Amazon Cognito
responds with a signed JSON
Web Token (JWT) containing
the user’s details.
Mobile / Web
apps
21. Authentication Flow
Amazon Cognito
User Pools
Amazon API
Gateway
/items Lambda
Function
/n… Lambda
Function
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 4: You are now ready to
call your backend API’s from
your mobile application.
The JWT is passed in via the
Authorization HTTP header.
GET /items HTTP/1.1
Host: ...
Authorization: eyJraWQiOi…
Mobile / Web
apps
22. Authentication Flow
Amazon Cognito
User Pools
Amazon API
Gateway
/items Lambda
Function
/n… Lambda
Function
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 5: API Gateway calls
Cognito User Pool, which
validates the JWT token
GET /items HTTP/1.1
Host: ...
Authorization: eyJraWQiOi…
Mobile / Web
apps
23. Authentication Flow
Amazon Cognito
User Pools
Amazon API
Gateway
/items Lambda
Function
/n… Lambda
Function
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 6: If authentication was
successful, the API call will be
passed through to the backend
Lambda functions where your
logic sits.
Authentication is cached for
each token (up to 1 hour).
GET /items HTTP/1.1
Host: ...
Authorization: eyJraWQiOi…
Mobile / Web
apps
27. Custom Connectors
Build your own connector to connect to AWS or corporate/on-premises resources
Amazon API
Gateway
Custom
connector
<AWS Lambda>
On-premises
systems of
record
CORPORATE NETWORKVPC
INTERNET VPN
ACCESS
CONTROL
(IAM)
30. Test Your App on Real Devices in the AWS Cloud
Upload your Android or iOS app
(native, web, hybrid), configure
a test, and select devices.
We simultaneously test
your app across your
selected devices in our
datacenters.
In minutes, view detailed,
actionable reports that
pinpoint bugs, performance
problems, and other issues.
YOUR
APP +
32. AWS Device Farm
Android and iOS
(Native, Hybrid, Web)
Security & Scale:
Full HW and SW isolation
for 300 unique devices
Flexibility: Support for many
popular frameworks
Integration: Jenkins,
Android Studio,
SDKs, CLI
Reporting: Results,
screenshots, logs,
performance, video
Pay for what you use
36. Group users into
Segments
Schedule and
Quiet Times
Standard and Silent
Notifications
HoldOut Message Variables Two Campaign Types
Campaigns
37. Effective Mobile Engagement at AWS Scale
Increase engagement using both mobile and non mobile data for segmentation
Segment
and target
Message
and engage
Measure
improvement
Analyze
user
behavior