Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mobile Application Development

695 views

Published on

Develop faster and smarter using cloud native SDK’s, services and orchestration tools. Embrace agile and automation techniques to improve quality and reduce risk, accelerate innovation.

  • Login to see the comments

  • Be the first to like this

Mobile Application Development

  1. 1. v   Building Mobile and Web Apps using the AWS Mobile and Javascript SDKs Parijat Mishra | Solutions Architect | Amazon Web Services parijat@amazon.com
  2. 2. v   In this session, we’ll be creating Android apps to demonstrate various features of AWS
  3. 3. v   How do we build mobile apps today?
  4. 4. v   Authenticate  users Authorize access Analyze User Behavior Store and share media Synchronize data Deliver media Store shared data Stream real-time dataTrack Retention Send push notifications Manage users and identity providers Securely access cloud resources Sync user prefs across devices Track active users, engagement Manage funnels, Campaign performances Store user-generated photos Media and share them Automatically detect mobile devices Deliver content quickly globally Bring users back to your app by sending messages reliably Store and query fast NoSQL data across users and devices Collect real-time clickstream logs and take actions quickly Your Mobile App Your mobile application
  5. 5. v   Introducing AWS Mobile Services Amazon Cognito Amazon Mobile Analytics Amazon SNS Mobile Push Kinesis Connector DynamoDB Connector S3 Connector SQS Connector SES Connector AWS Global Infrastructure (11 Regions, 28 Availability Zones, 52 Edge Locations) Core Building Block Services Mobile Optimized Connectors Mobile Optimized Services Your Mobile App, Game or Device App AWS Mobile SDK, API Endpoints, Management Console Compute Storage Networking Analytics Databases Integrated SDK
  6. 6. v   Fully integrated AWS mobile SDK Cross-platform, optimized for mobile Automatically handles intermittent and latent network AWS Mobile SDK Reduced memory footprint Common authentication method across all services  
  7. 7. v   Authenticate  users Authorize access Analyze User Behavior Store and share media Synchronize data Deliver media Store shared data Stream real-time dataTrack Retention Send push notifications Manage users and identity providers Securely access cloud resources Sync user prefs across devices Track active users, engagement Manage funnels, Campaign performances Store user-generated photos Media and share them Automatically detect mobile devices Deliver content quickly globally Bring users back to your app by sending messages reliably Store and query fast NoSQL data across users and devices Collect real-time clickstream logs and take actions quickly Your Mobile App Your mobile application
  8. 8. v   Authenticate  users Authorize access Analyze User Behavior Store and share media Synchronize data Deliver media Store shared data Stream real-time dataTrack Retention Send push notifications Amazon Cognito (Identity broker) AWS Identity and Access Management Amazon Cognito (Sync) Amazon Mobile Analytics Amazon Mobile Analytics Amazon S3 Transfer Manager Amazon CloudFront (Device Detection) Amazon SNS Mobile Push Amazon DynamoDB (Object Mapper) Amazon Kinesis (Recorder) Your mobile application with the AWS Mobile SDK
  9. 9. v   Let’s build a Media App! What should it do?
  10. 10. v   Our Media App’s wish-list of features q  Upload & Download media files to/from S3 buckets q  Grant anonymous but secure access to AWS resources in our account q  Grant authenticated access for users that log in via Public Identity Providers q  Send push notifications to mobile devices q  Store the media library inventory in the cloud so it can be queried by many users q  Provide partitioned access to the media library based on Public and Private views q  Synchronise user data across devices q  Make all this available across devices (iOS, Android, Kindle) and web
  11. 11. v   •  Goals: •  User is anonymous – we don’t care who they are, treat them as ‘Public’ or ‘Guest’ •  Directly access AWS Simple Storage Service (S3) from the mobile application •  We do not want to upload to a server and then have the server push the file to S3… •  Requirements: •  We need to authenticate the application on the mobile device •  We do not want to bake the AWS credentials in our mobile app! •  Even though users are anonymous, we still want to control access to AWS First App: Basic Download/Upload App
  12. 12. v   Mobile App S3 Bucket with test media Cognito Identity First App: Basic Download/Upload App
  13. 13. v   Amazon Cognito Granting ‘guest’ access to our ‘Public’ users for controlled access to AWS resources
  14. 14. v   Cognito Identity Example Cognito Identity for Guests Cognito assigns a unique identifier for each device when a user is not logged on Cognito Identity for Authenticated Users Cognito assigns a unique identifier for each user when they are authenticated. This will be the same identifier for this user regardless of which device they use
  15. 15. v   Cognito setup
  16. 16. v   Create a new Cognito Identity Pool
  17. 17. v   Create a new Cognito Identity Pool Supplying public identity providers is optional For this demo, we will not be supporting public identity providers, so we leave them empty
  18. 18. v   Create a new Cognito Identity Pool Enable guest access For this demo, we will allow ‘anonymous access’ so that unauthenticated users can upload and download from our S3 bucket
  19. 19. v   Create a new Cognito Identity Pool Create IAM Roles Create IAM roles for this Cognito Identity Pool. We will assign tight security controls to these roles later
  20. 20. v   Create a new Cognito Identity Pool And assign a role for unauthenticated access
  21. 21. v   Create a new Cognito Identity Pool Starter code samples Cognito conveniently provides starter code for you for Android, iOS and .Net! This is an example of how you can easily connect your app to Cognito
  22. 22. v   Setup the required permissions in IAM
  23. 23. v   Setup the required permissions in IAM Note the default policy
  24. 24. v   Setup the required permissions in IAM Default policy created by Cognito By default, access to Cognito Sync and Mobile Analytics is permitted. This policy has been generated by the Cognito Create Identity Pool wizard
  25. 25. v   Media in our S3 bucket S3 Bucket contents Test file that we will be downloading via the TransferManager S3 connector
  26. 26. v   S3 Bucket ACLs Note that the ACLs on the bucket do not permit ‘Public’ so the asset is not world-accessible Media in our S3 bucket
  27. 27. v   Let’s give the anonymous ‘guest’ access to our S3 bucket for read and write
  28. 28. v   Setup the required permissions in IAM Use the Policy Generator We’ll create our specific S3- related policy using the Policy Generator
  29. 29. v   Setup the required permissions in IAM Specify our bucket Our policy will specify access for our specific bucket. We’ll allow GetObject and PutObject
  30. 30. v   Setup the required permissions in IAM Resulting Policy Document Here’s what the resulting policy looks like for allowing READ access to any object in the specific bucket, and the ability to WRITE any object
  31. 31. v   We’re now set up – let’s start coding!
  32. 32. v   Instantiate Cognito Credentials Provider Give Cognito your details •  Account Id •  Identity Pool ARN •  UnAuthenticated access Role ARN •  Authenticated access Role ARN •  The Region you are running Cognito in
  33. 33. v   Implementation Note! This ‘Cognito’ class is just my convenience wrapper! I have chosen to implement this as a Singleton at App-scope Your implementation may be different The only important thing is that you instantiate a CognitoCachingCredentialsProvider
  34. 34. v   S3 Connector •  Multipart upload media (photos, videos, audio) •  Fault tolerant download (e.g. assets) •  No backend required •  Automatic retries •  Pause, resume, cancel functions •  Optimized for native OS Amazon S3 Connector: Transfer Manager
  35. 35. v   Pass Cognito Credentials to the AWS S3 Transfer Manager constructor Pass the Cognito Provider to the TransferManager S3 connector to construct based on the Cognito-acquired AWS credentials
  36. 36. v   Set up the download request and go! Initiate the download
  37. 37. v   Demo App First, the Application instantiates a CognitoCachingCredentialsProvider() Then initiates a download, followed by an upload
  38. 38. v   Our Media App’s wish-list of features q  Upload & Download media files to/from S3 buckets q  Grant anonymous but secure access to AWS resources in our account q  Grant authenticated access for users that log in via Public Identity Providers q  Send push notifications to mobile devices q  Store the media library inventory in the cloud so it can be queried by many users q  Provide partitioned access to the media library based on Public and Private views q  Synchronise user data across devices q  Make all this available across devices (iOS, Android, Kindle) and web q  Convert uploaded video files to various mobile/web formats
  39. 39. v   Amazon Cognito Now let’s authenticate our users via public identity providers
  40. 40. v   •  Goals: •  User can be anonymous or they can choose to sign-in via Facebook •  If they are anonymous, we let them see a ‘Public’ view of the media library •  If they choose to sign-in, we let them see their own ‘Private’ view of the library •  Requirements: •  We will use Cognito to help with the Public and Private authentication •  Again, no AWS credentials in our mobile app! •  We want to enforce Fine-Grained Access Control on the database views Implement Public & Private views
  41. 41. v   User ID (Temp Credentials) DynamoDB End Users Developer App w/SDK Access to AWS Services Cognito Identity Broker Login OAUTH/OpenID Access Token Cognito ID, Temp Credentials S3 Mobile Analytics Cognito Sync Store AWS Management Console Access Token Pool ID Role ARNs Amazon Cognito Security Architecture
  42. 42. v   Raw DynamoDB records example Range Key Each OwnerId has multiple Filenames Hash Key Each OwnerId identifies a user by their Cognito identity, or ‘public’ if they didn’t log on to Facebook
  43. 43. v   Raw DynamoDB records example Inventory is partitioned based on the OwnerId ‘public’ is accessible to the ‘guest’ Cognito Identity Anything else must match the identity of the user accessing the application Assigned by Cognito automatically
  44. 44. v   Use the DynamoDB Mapper Use the DynamoDB Mapper annotations to decorate your value object Specify the HashKey, RangeKey and the individual Attributes in your value object that should map to columns in the DynamoDB table
  45. 45. v   For this demo, we’ll use Facebook as our Public Identity Provider
  46. 46. v   Mobile App DynamoDB Implement Public & Private views OAUTH/OpenID Access Token Cognito Identity Broker Cognito ID, Temp Credentials Query for results filtered by OwnerId
  47. 47. v   •  Great how-to https://developers.facebook.com/docs/ android/getting-started Using Facebook in your App
  48. 48. v   Create an App on Facebook
  49. 49. v   Create an App on Facebook
  50. 50. v   Create an App on Facebook Cognito needs the App ID The App ID from Facebook is what binds the Identity Pool to the Facebook application
  51. 51. v   Configure Cognito to use Facebook
  52. 52. v   Add an Android application to FB
  53. 53. v   Add an Android application to FB
  54. 54. v   Add an Android application to FB Generate your signing hash from your development environment – check the documentation…
  55. 55. v   We’re now set up – let’s start coding!
  56. 56. v   Secure access to DynamoDB Simply instantiate the AmazonDynamoDBClient and specify your Cognito provider as the credential provider in the constructor
  57. 57. v   Querying the DynamoDB table from code Querying the DynamoDB table is simple! The DynamoDB Mapper will map the columns in the table to the fields in your value object and return a typed list of records ready to iterate
  58. 58. v   Demo App Guest access •  Connects to Cognito as anonymous user •  Gets AWS token and uses that to instantiate a DynamoDB client •  Queries DynamoDB using the key ‘public’ Authenticated access •  Gets token from Facebook •  Passes token to Cognito •  Impersonates authenticated user •  Queries DynamoDB using the key that matches the Cognito Identity of this user
  59. 59. v   Raw DynamoDB records example Inventory is partitioned based on the OwnerId ‘public’ is accessible to the ‘guest’ Cognito Identity Anything else must match the identity of the user accessing the application
  60. 60. v   FGAC on DynamoDB using IAM Fine-Grained Access Control (FGAC) •  Restrict which Actions can be called by the user •  Restrict which DynamoDB Tables can be accessed by the user •  Restrict which rows in the table are accessible by the user •  Control which fields are accessible in the query results
  61. 61. v   FGAC on DynamoDB using IAM Control the actions the user can invoke The “Unauthenticated” Role Policy
  62. 62. v   FGAC on DynamoDB using IAM Control the DynamoDB Table the user can access The “Unauthenticated” Role Policy
  63. 63. v   FGAC on DynamoDB using IAM Restrict the Rows in the DynamoDB table the user can access The “Unauthenticated” Role Policy
  64. 64. v   FGAC on DynamoDB using IAM Use the Cognito Id for this user to restrict the rows that will be accessible to the user The “Authenticated” Role Policy
  65. 65. v   Our Media App’s wish-list of features q  Upload & Download media files to/from S3 buckets q  Grant anonymous but secure access to AWS resources in our account q  Grant authenticated access for users that log in via Public Identity Providers q  Send push notifications to mobile devices q  Store the media library inventory in the cloud so it can be queried by many users q  Provide partitioned access to the media library based on Public and Private views q  Synchronise user data across devices q  Make all this available across devices (iOS, Android, Kindle) and web q  Convert uploaded video files to various mobile/web formats
  66. 66. v   Amazon SNS Push Notifications
  67. 67. v   Each platform works differently, and push gets even more complex as you scale to support millions of devices. Cloud App Platform Services Mobile Apps SNS application targets
  68. 68. v   Amazon SNS Cross-platform
 Mobile Push Apple APNS Google GCM Amazon ADM Windows WNS and MPNS Baidu CP With Amazon SNS, developers can send push notifications on multiple platforms and reach mobile users around the world Android Phones and Tablets Apple iPhones and iPads Kindle Fire Devices Android Phones and Tablets in China Windows Desktop and Phones SNS application targets Your application
 back-end
  69. 69. v   •  Goals: •  Application automatically registers with Google Cloud Messaging (GCM) •  The device registration Id is then sent to SNS to register as a device endpoint •  The application then subscribes that device endpoint to a well-known SNS topic This topic is shared by all other devices using the application •  The application then confirms SNS Push Notifications are working by sending a message to itself via SNS. The user sees a pop-up message. •  Later, whenever a message is sent to the shared SNS Topic, all devices subscribed receive a pop-up notification Next App: SNS Push Notification App
  70. 70. v   Mobile App Next App: SNS Push Notification App SNS Topic SNS Application ENDPOINT APP TOPIC Cognito Create Platform Endpoint Subscribe to topic Publish test message to our Endpoint Push notification from GCM SNS
  71. 71. v   Setup Amazon SNS
  72. 72. v   On the SNS Dashboard, create a new Topic
  73. 73. v   On the SNS Dashboard, create a new Topic
  74. 74. v   Note the Topic’s ARN We will need this in our code to subscribe the device to the topic so we can receive notifications On the SNS Dashboard, create a new Topic
  75. 75. v   Create a Google API Project and obtain the Google Project ID  
  76. 76. v   Enable GCM for Android
  77. 77. v   Create the Server API Key
  78. 78. v   Obtain the Server API Key from Google
  79. 79. v   On the SNS Dashboard, create a new App
  80. 80. v   Specify the API Key you got from Google
  81. 81. v   Note the ARN for this SNS Application
  82. 82. v   We’re now set up – let’s start coding!
  83. 83. v   Instantiate Cognito Credentials Provider Give Cognito your details •  Account Id •  Identity Pool ARN •  UnAuthenticated access Role ARN •  Authenticated access Role ARN •  The Region you are running Cognito in
  84. 84. v   Again, this ‘Cognito’ class is just my convenience wrapper implemented as a Singleton Instantiate SNS using Credentials from Cognito
  85. 85. v   Get the device registration ID from GCM We’re requesting the device identifier/token for this unique device, against the Google Project Id we created earlier
  86. 86. v   And register this device with the SNS App The ‘deviceIdentifier’ is the device token returned from GCM for this unique device
  87. 87. v   Finally, subscribe the endpoint to the Topic The endpoint is the ARN you got back from the previous call to getEndpointArn()
  88. 88. v   Demo App At startup, we register this device with the SNS Application Then we subscribe this device Endpoint to the global SNS Topic We then send a test message from the device to ourselves to confirm the round trip is working If we subsequently publish to the global SNS Topic, all devices subscribed will be notified
  89. 89. v   Our Media App’s wish-list of features q  Upload & Download media files to/from S3 buckets q  Grant anonymous but secure access to AWS resources in our account q  Grant authenticated access for users that log in via Public Identity Providers q  Send push notifications to mobile devices q  Store the media library inventory in the cloud so it can be queried by many users q  Provide partitioned access to the media library based on Public and Private views q  Synchronise user data across devices q  Make all this available across devices (iOS, Android, Kindle) and web
  90. 90. v   How did we initiate the sending of the Push Notification to the global SNS Topic? But wait!
  91. 91. v   Demo web page to send Push Notifications Plain old Javascript and HTML! The website is a standard HTML site with Javascript. It is being served from S3, so no back-end servers The magic comes from the AWS Javascript SDK
  92. 92. v   Demo web page to send Push Notifications Topic ARN This is the topic we subscribed our application to when it started up Cognito Role This is the IAM role we want to use – we’re using the unauthenticated ‘guest’ role in this demo Cognito Identity Pool ID This is the specific Cognito pool we want to use for authentication
  93. 93. v   Demo web page to send Push Notifications
  94. 94. v   Demo web page to send Push Notifications
  95. 95. v   Our Media App’s wish-list of features q  Upload & Download media files to/from S3 buckets q  Grant anonymous but secure access to AWS resources in our account q  Grant authenticated access for users that log in via Public Identity Providers q  Send push notifications to mobile devices q  Store the media library inventory in the cloud so it can be queried by many users q  Provide partitioned access to the media library based on Public and Private views q  Synchronise user data across devices q  Make all this available across devices (iOS, Android, Kindle) and web
  96. 96. v   Amazon Cognito Sharing data between devices
  97. 97. v  •  Goals: •  User is authenticated with Facebook •  Each time they modify gadgets in the app, the state of the gadgets is synchronized with all other devices using the application (for that user account) •  Verify these shared data changes in a companion web page, where the user is also authenticated with Facebook, and is the same user principal Next App: Shared application data
  98. 98. v   Add a Web application to FB
  99. 99. v   Add a Web application to FB S3 bucket name We’re using S3 to serve the web site in this example, but you can use CloudFront, or EC2, or use a CNAME
  100. 100. v   Javascript code to read Cognito Sync Data Instantiate the CognitoSync object It will inherit the Cognito credentials from those we obtained earlier from our call to CognitoIdentityCredentials()
  101. 101. v   Javascript code to read Cognito Sync Data Specify our parameters We need to specify the DatasetName that we want to connect to, and the Cognito Identity information as shown
  102. 102. v   Javascript code to read Cognito Sync Data Call CognitoSync::listRecords() …and provide our params and a callback
  103. 103. v   Javascript code to read Cognito Sync Data OnSuccess() …iterate the results and do something interesting with the data records
  104. 104. v   Demo App Web Page The web page has access to the shared data when authenticated as the Facebook User Mobile application …and the mobile application has access to the same shared data if the user is logged on to Facebook as the same user
  105. 105. v   Our Media App’s wish-list of features q  Upload & Download media files to/from S3 buckets q  Grant anonymous but secure access to AWS resources in our account q  Grant authenticated access for users that log in via Public Identity Providers q  Send push notifications to mobile devices q  Store the media library inventory in the cloud so it can be queried by many users q  Provide partitioned access to the media library based on Public and Private views q  Synchronise user data across devices q  Make all this available across devices (iOS, Android, Kindle) and web q  Convert uploaded video files to various mobile/web formats
  106. 106. v   We covered a lot of ground in this deep-dive session!
  107. 107. v   Amazon Cognito Amazon SNS Mobile Push DynamoDB Connector S3 Connector SQS Connector User identity & data synchronization service Store any NoSQL data and also map mobile OS specific objects to DynamoDB tables Powerful Cross-platform Push notification service Easily upload, download to S3 and also pause, resume, and cancel these operations Access distributed buffering and queuing service AWS Mobile Services
  108. 108. v   Amazon S3 Amazon Elastic Transcode Service Amazon CloudFront Amazon Elastic Beanstalk Amazon Identity and Access Management Online file storage web service Content Delivery Network (CDN) Highly scalable, media transcoding in the cloud Platform as a Service (PaaS) Securely control access to AWS services and resources for your users AWS Services & Features
  109. 109. v   Fully integrated AWS mobile SDK Cross-platform, optimized for mobile Automatically handles intermittent and latent network AWS Mobile SDK Reduced memory footprint Common authentication method across all services  
  110. 110. Online  Labs  |  Training   Gain  confidence  and  hands-­‐on   experience  with  AWS.  Watch  free   Instruc;onal  Videos  and  explore  Self-­‐ Paced  Labs   Instructor  Led  Classes     Learn  how  to  design,  deploy  and  operate   highly  available,  cost-­‐effec;ve  and   secure  applica;ons  on  AWS  in  courses   led  by  qualified  AWS  instructors   Validate  your  technical  exper;se   with  AWS  and  use  prac;ce  exams   to  help  you  prepare  for  AWS   Cer;fica;on   AWS  Cer9fica9on     h<p://aws.amazon.com/training    
  111. 111. v   Thank  You  

×