SlideShare a Scribd company logo

Amazon Cognito

Amazon Web Services
Amazon Web Services

AWS Technical Day - Amazon Cognito

Technology
1 of 32
Download to read offline
Authenticate users Authorize access Synchronize app state Manage users and identity providers Securely access cloud resources Sync user prefs across devices Media sharing mobile app Send push notifications Store shared data Store media Store user-generated photos Media and share them Bring users back to your app by sending messages reliably Store and query fast NoSQL data across users and devices Collect real-time clickstream logs and take actions quickly Stream real-time data
Authenticate users Authorize access Synchronize app state Send push notifications Amazon Cognito (Identity Broker) AWS Identity and Access Management Amazon Cognito (Sync) Amazon SNS Mobile Push Store and share media Amazon S3 Transfer Manager Store shared data Amazon DynamoDB (Object Mapper) Stream real-time data Amazon Kinesis (Recorder) Media sharing mobile app
User identity and sync with Amazon Cognito
Amazon Cognito Overview Manage authenticated and guest users across identity providers Identity Management Synchronize user’s data across devices and platforms via the cloud Data Synchronization Securely access AWS services from mobile devices and platforms Secure AWS Access Guest
Amazon Cognito: Use cases
Identity across the web and mobile
State transition
State transition
State transition
Game state
Amazon Cognito: Identity
Amazon Cognito Identity Providers Unique IdentitiesJoe Anna Bob Any Device Any Platform Any AWS Service Helps implement security best practices Securely access any AWS Service from mobile device. It simplifies the interaction with AWS Identity and Access Management Support Multiple Login Providers Easily integrate with major login providers for authentication. Unique Users vs. Devices Manage unique identities. Automatically recognize unique user across devices and platforms. Mobile Analytics S3 DynamoDB Kinesis
Amazon Cognito unauthenticated Unique Identifier for Your “Things” “Headless” connected devices can also securely access cloud services. Save Data to the Cloud Save app and device data to the cloud and merge them after login Guest User Access Securely access AWS resources and leverage app features without the need to create an account or logging in Visitor Preferences Cognito Store Guest EC2 S3 DynamoDB Kinesis
Amazon Cognito Authenticated Flow
Developer Authenticated Identities – Support Any Login
Amazon Cognito: Security best practices
Amazon Cognito Security Set granular access permissions on AWS resources Get fine-grained access control to cloud resources. Safeguard AWS Credentials No need to embed credentials in the app anymore. Get least-privileged temporary credentials. Helps implement security best practices Securely access any AWS Service. It simplifies the interaction with Security Token Service and removes the need of Token Vending Machine EC2 S3 DynamoDB Kinesis
Amazon Cognito: Cloud sync
What have customers told us about “Synchronized Profile” People have multiple devices and want to transition between devices. Implementing a user profile that syncs across devices, OS, apps is hard. It not only has to work when offline, but easy to integrate with existing apps.
Amazon Cognito Sync Features • Store App Data, Preferences and State Save app and user data to the cloud • Work Offline Data persisted to local storage first. Local data is available regardless of connectivity • No Backend Simple client SDK eliminates need for server side code User Data Identity Pool
Sync Data Model • Identity Pool: Pool of app users. Can be shared across apps. • Identity: An individual user. Consistent across identity providers. Can be a guest user. • Dataset: Per user grouping of data. The most granular level of sync. Up to 1MB. • Record: Key/Value pair user data AWS Account Dataset Identity IdentityIdentity Dataset Dataset Identity Pool 1:60 1:n 1:20 Dataset Dataset Record 1:1024
Let’s build our app 2. Identity with Amazon Cognito
Amazon Cognito Security Architecture End Users App with AWS Mobile SDK Access to AWS Services Login OAUTH/OpenID Access Token Cognito ID, Temp Credentials Access Token Pool ID Role ARNs Cognito ID (Temp Credentials) DynamoDB Developer Cognito Identity S3 Mobile Analytics Cognito Sync Store AWS Management Console
Create an unauthenticated identity AWSCognitoCredentialsProvider *credentialsProvider = [AWSCognitoCredentialsProvider credentialsWithRegionType:AWSRegionUSEast1 accountId:@"AWS_ACCOUNT_ID" identityPoolId:@"COGNITO_IDENTITY_POOL" unauthRoleArn:@"arn:aws:iam::AWS_ACCOUNT_ID:role/UNAUTHENTICATED_ROLE" authRoleArn:@"arn:aws:iam::AWS_ACCOUNT_ID:role/AUTHENTICATED_ROLE"]; AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:AWSRegionUSEast1 credentialsProvider:credentialsProvider]; [AWSServiceManager defaultServiceManager].defaultServiceConfiguration = configuration;
Link a social profile, authenticated identities NSString *token = FBSession.activeSession.accessTokenData.accessToken; credentialsProvider.logins = @{ @(AWSCognitoLoginProviderKeyFacebook): token }; • Logins is a Map • Can contain tokens from all supported providers • Amazon • Facebook • Google • Your own identity system
Identity state changes [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(identityIdDidChange:) name:AWSCognitoIdentityIdChangedNotification object:nil]; -(void)identityDidChange:(NSNotification*)notification { NSDictionary *userInfo = notification.userInfo; NSLog(@"identity changed from %@ to %@", [userInfo objectForKey: AWSCognitoNotificationPreviousId], [userInfo objectForKey: AWSCognitoNotificationNewId]); }
Let’s build our app 3. Synchronize app state
Save and sync preferences and state // Create sync client and open dataset AWSCognito *syncClient = [AWSCognito defaultCognito]; AWSCognitoDataset *dataset = [syncClient openOrCreateDataset:@”mediashare"]; // Save the current state of the application [dataset setString:self.currentPhotoName forKey:@”latest_photo"]; [dataset synchronize];

Recommended

Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
Introduction to CloudFront
Introduction to CloudFrontIntroduction to CloudFront
Introduction to CloudFront
Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Amazon Web Services
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
Amazon Web Services
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
Knoldus Inc.
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Mark Bate
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 

Recommended

Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
Introduction to CloudFront
Introduction to CloudFrontIntroduction to CloudFront
Introduction to CloudFront
Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Amazon Web Services
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
Amazon Web Services
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
Knoldus Inc.
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Mark Bate
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services
 
AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
Amazon Web Services
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS Lambda
Amazon Web Services
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)
Amazon Web Services
 
AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2)
zekeLabs Technologies
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure Workloads
Amazon Web Services
 
What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
Simplilearn
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar Series
Amazon Web Services
 
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Amazon Web Services
 
Aws IAM
Aws IAMAws IAM
Aws IAM
Chamali Liyanage
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
Amazon Web Services
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3
Amazon Web Services
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
zekeLabs Technologies
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
Amazon CloudFront 101
Amazon CloudFront 101Amazon CloudFront 101
Amazon CloudFront 101
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Amazon Web Services
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutes
Vladimir Budilov
 

More Related Content

What's hot

AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2)
zekeLabs Technologies
 
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
Simplilearn
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar Series
Amazon Web Services
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 

What's hot (20)

AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
 
Deep Dive on AWS Lambda
Deep Dive on AWS LambdaDeep Dive on AWS Lambda
Deep Dive on AWS Lambda
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)
 
AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2)
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure Workloads
 
What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
AWS Training For Beginners | AWS Certified Solutions Architect Tutorial | AWS...
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar Series
 
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
Deep Dive on Amazon S3 Security and Management (E2471STG303-R1) - AWS re:Inve...
 
Aws IAM
Aws IAMAws IAM
Aws IAM
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 
Amazon CloudFront 101
Amazon CloudFront 101Amazon CloudFront 101
Amazon CloudFront 101
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 

Viewers also liked

amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutes
Vladimir Budilov
 
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
Amazon Web Services
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Amazon Web Services
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Amazon Web Services
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon Cognito
Amazon Web Services
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
Amazon Web Services
 
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Amazon Web Services
 

Viewers also liked (20)

Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutes
 
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
 
Connect2016 Shipping Domino
Connect2016 Shipping DominoConnect2016 Shipping Domino
Connect2016 Shipping Domino
 
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
 
Mobile Applications and The Internet of Things: AWS Lambda & AWS Cognito – Ad...
Mobile Applications and The Internet of Things: AWS Lambda & AWS Cognito – Ad...Mobile Applications and The Internet of Things: AWS Lambda & AWS Cognito – Ad...
Mobile Applications and The Internet of Things: AWS Lambda & AWS Cognito – Ad...
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon Cognito
 
Build and Manage Your APIs with Amazon API Gateway
Build and Manage Your APIs with Amazon API GatewayBuild and Manage Your APIs with Amazon API Gateway
Build and Manage Your APIs with Amazon API Gateway
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
 
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
 
Keynote - Sao Paulo Summit - 2015 - Teresa Carlson
Keynote - Sao Paulo Summit - 2015 - Teresa CarlsonKeynote - Sao Paulo Summit - 2015 - Teresa Carlson
Keynote - Sao Paulo Summit - 2015 - Teresa Carlson
 
Serverless Geospatial Mobile Apps with AWS
Serverless Geospatial Mobile Apps with AWSServerless Geospatial Mobile Apps with AWS
Serverless Geospatial Mobile Apps with AWS
 
Cloud-powered Cross-platform Mobile Apps on AWS
Cloud-powered Cross-platform Mobile Apps on AWSCloud-powered Cross-platform Mobile Apps on AWS
Cloud-powered Cross-platform Mobile Apps on AWS
 
Mobile on AWS
Mobile on AWSMobile on AWS
Mobile on AWS
 
Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh
Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ AnhSlide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh
Slide kinh nghiệm vận hành Cloud trên Amazon - Huỳnh Kỳ Anh
 

Similar to Amazon Cognito

(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
Amazon Web Services
 
Journey Through the Cloud - Mobile & Social Apps
Journey Through the Cloud - Mobile & Social AppsJourney Through the Cloud - Mobile & Social Apps
Journey Through the Cloud - Mobile & Social Apps
Amazon Web Services
 
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKsDay 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Amazon Web Services
 
Delivering Mobile Apps Using AWS Mobile Services
Delivering Mobile Apps Using AWS Mobile ServicesDelivering Mobile Apps Using AWS Mobile Services
Delivering Mobile Apps Using AWS Mobile Services
Amazon Web Services
 
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
Amazon Web Services
 
(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014
(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014
(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014
Amazon Web Services
 
02 cloud poweredmobileappsonaws_short
02 cloud poweredmobileappsonaws_short02 cloud poweredmobileappsonaws_short
02 cloud poweredmobileappsonaws_short
Codemotion
 

Similar to Amazon Cognito (20)

AWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & DemoAWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & Demo
 
Building Mobile Apps on AWS at Websummit Diublin
Building Mobile Apps on AWS at Websummit DiublinBuilding Mobile Apps on AWS at Websummit Diublin
Building Mobile Apps on AWS at Websummit Diublin
 
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...
 
Build Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesBuild Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile Services
 
Building mobile apps on AWS
Building mobile apps on AWSBuilding mobile apps on AWS
Building mobile apps on AWS
 
Building mobile apps on aws
Building mobile apps on awsBuilding mobile apps on aws
Building mobile apps on aws
 
AWS Cloud Kata 2014 | Jakarta - 2-2 Mobile
AWS Cloud Kata 2014 | Jakarta - 2-2 MobileAWS Cloud Kata 2014 | Jakarta - 2-2 Mobile
AWS Cloud Kata 2014 | Jakarta - 2-2 Mobile
 
Build Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesBuild Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile Services
 
Building Cloud-Powered Mobile Apps
Building Cloud-Powered Mobile AppsBuilding Cloud-Powered Mobile Apps
Building Cloud-Powered Mobile Apps
 
Building Cloud-powered Mobile Apps
Building Cloud-powered Mobile AppsBuilding Cloud-powered Mobile Apps
Building Cloud-powered Mobile Apps
 
AWS Webinar - 201 Developing mobile apps with AWS
AWS Webinar - 201 Developing mobile apps with AWSAWS Webinar - 201 Developing mobile apps with AWS
AWS Webinar - 201 Developing mobile apps with AWS
 
Building Cloud-powered Mobile Apps
Building Cloud-powered Mobile AppsBuilding Cloud-powered Mobile Apps
Building Cloud-powered Mobile Apps
 
Journey Through the Cloud - Mobile & Social Apps
Journey Through the Cloud - Mobile & Social AppsJourney Through the Cloud - Mobile & Social Apps
Journey Through the Cloud - Mobile & Social Apps
 
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKsDay 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
 
Delivering Mobile Apps Using AWS Mobile Services
Delivering Mobile Apps Using AWS Mobile ServicesDelivering Mobile Apps Using AWS Mobile Services
Delivering Mobile Apps Using AWS Mobile Services
 
Build high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWSBuild high performing mobile apps, faster with AWS
Build high performing mobile apps, faster with AWS
 
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
(MBL302) Mastering Synchronization Across Mobile Devices, Login Providers, an...
 
(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014
(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014
(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014
 
02 cloud poweredmobileappsonaws_short
02 cloud poweredmobileappsonaws_short02 cloud poweredmobileappsonaws_short
02 cloud poweredmobileappsonaws_short
 
Build Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesBuild Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile Services
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Amazon Cognito

  • 1. Authenticate users Authorize access Synchronize app state Manage users and identity providers Securely access cloud resources Sync user prefs across devices Media sharing mobile app Send push notifications Store shared data Store media Store user-generated photos Media and share them Bring users back to your app by sending messages reliably Store and query fast NoSQL data across users and devices Collect real-time clickstream logs and take actions quickly Stream real-time data
  • 2. Authenticate users Authorize access Synchronize app state Send push notifications Amazon Cognito (Identity Broker) AWS Identity and Access Management Amazon Cognito (Sync) Amazon SNS Mobile Push Store and share media Amazon S3 Transfer Manager Store shared data Amazon DynamoDB (Object Mapper) Stream real-time data Amazon Kinesis (Recorder) Media sharing mobile app
  • 3. User identity and sync with Amazon Cognito
  • 4. Amazon Cognito Overview Manage authenticated and guest users across identity providers Identity Management Synchronize user’s data across devices and platforms via the cloud Data Synchronization Securely access AWS services from mobile devices and platforms Secure AWS Access Guest
  • 6. Identity across the web and mobile
  • 12. Amazon Cognito Identity Providers Unique IdentitiesJoe Anna Bob Any Device Any Platform Any AWS Service Helps implement security best practices Securely access any AWS Service from mobile device. It simplifies the interaction with AWS Identity and Access Management Support Multiple Login Providers Easily integrate with major login providers for authentication. Unique Users vs. Devices Manage unique identities. Automatically recognize unique user across devices and platforms. Mobile Analytics S3 DynamoDB Kinesis
  • 13. Amazon Cognito unauthenticated Unique Identifier for Your “Things” “Headless” connected devices can also securely access cloud services. Save Data to the Cloud Save app and device data to the cloud and merge them after login Guest User Access Securely access AWS resources and leverage app features without the need to create an account or logging in Visitor Preferences Cognito Store Guest EC2 S3 DynamoDB Kinesis
  • 15. Developer Authenticated Identities – Support Any Login
  • 16. Amazon Cognito: Security best practices
  • 17. Amazon Cognito Security Set granular access permissions on AWS resources Get fine-grained access control to cloud resources. Safeguard AWS Credentials No need to embed credentials in the app anymore. Get least-privileged temporary credentials. Helps implement security best practices Securely access any AWS Service. It simplifies the interaction with Security Token Service and removes the need of Token Vending Machine EC2 S3 DynamoDB Kinesis
  • 19. What have customers told us about “Synchronized Profile” People have multiple devices and want to transition between devices. Implementing a user profile that syncs across devices, OS, apps is hard. It not only has to work when offline, but easy to integrate with existing apps.
  • 20. Amazon Cognito Sync Features • Store App Data, Preferences and State Save app and user data to the cloud • Work Offline Data persisted to local storage first. Local data is available regardless of connectivity • No Backend Simple client SDK eliminates need for server side code User Data Identity Pool
  • 21. Sync Data Model • Identity Pool: Pool of app users. Can be shared across apps. • Identity: An individual user. Consistent across identity providers. Can be a guest user. • Dataset: Per user grouping of data. The most granular level of sync. Up to 1MB. • Record: Key/Value pair user data AWS Account Dataset Identity IdentityIdentity Dataset Dataset Identity Pool 1:60 1:n 1:20 Dataset Dataset Record 1:1024
  • 22. Let’s build our app 2. Identity with Amazon Cognito
  • 23. Amazon Cognito Security Architecture End Users App with AWS Mobile SDK Access to AWS Services Login OAUTH/OpenID Access Token Cognito ID, Temp Credentials Access Token Pool ID Role ARNs Cognito ID (Temp Credentials) DynamoDB Developer Cognito Identity S3 Mobile Analytics Cognito Sync Store AWS Management Console
  • 24.
  • 25.
  • 26.
  • 27.
  • 28. Create an unauthenticated identity AWSCognitoCredentialsProvider *credentialsProvider = [AWSCognitoCredentialsProvider credentialsWithRegionType:AWSRegionUSEast1 accountId:@"AWS_ACCOUNT_ID" identityPoolId:@"COGNITO_IDENTITY_POOL" unauthRoleArn:@"arn:aws:iam::AWS_ACCOUNT_ID:role/UNAUTHENTICATED_ROLE" authRoleArn:@"arn:aws:iam::AWS_ACCOUNT_ID:role/AUTHENTICATED_ROLE"]; AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:AWSRegionUSEast1 credentialsProvider:credentialsProvider]; [AWSServiceManager defaultServiceManager].defaultServiceConfiguration = configuration;
  • 29. Link a social profile, authenticated identities NSString *token = FBSession.activeSession.accessTokenData.accessToken; credentialsProvider.logins = @{ @(AWSCognitoLoginProviderKeyFacebook): token }; • Logins is a Map • Can contain tokens from all supported providers • Amazon • Facebook • Google • Your own identity system
  • 30. Identity state changes [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(identityIdDidChange:) name:AWSCognitoIdentityIdChangedNotification object:nil]; -(void)identityDidChange:(NSNotification*)notification { NSDictionary *userInfo = notification.userInfo; NSLog(@"identity changed from %@ to %@", [userInfo objectForKey: AWSCognitoNotificationPreviousId], [userInfo objectForKey: AWSCognitoNotificationNewId]); }
  • 31. Let’s build our app 3. Synchronize app state
  • 32. Save and sync preferences and state // Create sync client and open dataset AWSCognito *syncClient = [AWSCognito defaultCognito]; AWSCognitoDataset *dataset = [syncClient openOrCreateDataset:@”mediashare"]; // Save the current state of the application [dataset setString:self.currentPhotoName forKey:@”latest_photo"]; [dataset synchronize];