-
Amazon Cognito Deep DiveAmazon Web Service Japan Solutions
ArchitectAkihiro Tsukada(@akitsukada)2016.03.12 JAWS DAYS 2016
#jawsdays #jawsug
-
AWS
SIWebStartup(CTO)AWSRuby, iOSOOP, SOLID, KISS
@akitsukada
-
User identity and sync withAmazon Cognito
-
AWS
ServerlessBackend
API Gateway
Lambda
ContentDelivery
S3
CloudFront
AppTesting
Device Farm
UserSign-In
Cognito
PushNotifications
SNS
AppAnalytics
Mobile Analytics
RedShift
User DataStorage
S3
Cognito
SDKs
Mobile SDKsiOS
Android
Big Data &Machine Learning
Kinesis
Machine Learning
DynamoDB
Mobile Hub
AWS Global Infrastructure APN Partner Solutions
-
2-Tier
APIAPI
Amazon Cognito/
Amazon DynamoDB
Web DB
Amazon SNS Mpbile Push
AWS Lambda
LB
AWS Lambda
Amazon RDSDB
2-Tier Architecture
-
Focus yourBusiness
on AWS !
-
Amazon Cognito
Your app data is secure, available offline, and kept in sync
between devices
AWS
ID
-
Amazon Cognito
Your app data is secure, available offline, and kept in sync
between devices
AWS
ID
-
ID
ID
Joe Anna Bob
AWS
ID ID Amazon, Facebook, Twitter, Google, OpenID Connect
ID
Amazon Cognito Identity
Mobile Analytics
S3 DynamoDB Kinesis
AWSIAM
-
Amazon Cognito
Amazon Cognito ID(Temp Credentials)
Amazon DynamoDB
End Users
Developer
App with AWS Mobile
SDK
Accessto AWS Services
Amazon Cognito Identity Broker
User Name Password
Amazon Cognito ID, Temp Credentials
Amazon S3
Amazon Mobile Analytics
Amazon Cognito Sync Store
AWS Management Console
TokenPool ID
Role ARNs
User Authentication System
(Running on AWS or not)
Token
-
Developer Authenticated Identity
UsernameAnd Password
IDCognitoIDID
GetOpenIdTokenForDeveloperIdentity()
IDUsernamePassword
-
Amazon CognitoDeveloper Authenticated Identities
Amazon Cognito ID(Temp Credentials)
Amazon DynamoDB
End Users
Developer
App with AWS Mobile
SDK
Accessto AWS Services
Amazon Cognito Identity Broker
Get OpenID Token
User Name Password
Amazon Cognito ID, Temp Credentials
Amazon S3
Amazon Mobile Analytics
Amazon Cognito Sync Store
AWS Management Console
OIDC TokenPool ID
Role ARNs
AWSOK
OIDC Token
OIDC Token
-
Unauthenticated Identities ID
ID ID
AWS IAM Role
ID
VisitorPreferences
Cognito Store
Guest
EC2 S3 DynamoDB Kinesis
-
1. BLEBluetooth Low EnergyBeacon2. 3. BeaconKinesisPUT
KinesisPUT4. Kinesis
Amazon Kinesis
Cognito Identity Broker
Identity PoolRole ARN
Cognito IDTemporaly Credential
PUT
-
STS(Security Token Service)
Sync Identity
AWS IAMAmazonSNSAmazon Kinesis
AWSLambda
-
http://docs.aws.amazon.com/ja_jp/cognito/latest/developerguide/authentication-flow.html
-
http://docs.aws.amazon.com/ja_jp/cognito/latest/developerguide/authentication-flow.html
-
API API Amazon Cognito
ID ID
AssumeRoleSTS ) S3
DELETE
http://docs.aws.amazon.com/ja_jp/cognito/latest/developerguide/authentication-flow.html
-
Amazon Cognito
Your app data is secure, available offline, and kept in sync
between devices
AWS
ID
-
SDK
AWS
AWS
-
AWS
/
-
Amazon Cognito
IAM AWS
AWS Credentials
AWS
EC2 S3 DynamoDB Kinesis
S3
DynamoDB
Get Delete Put
-
Amazon Cognito
Your app data is secure, available offline, and kept in sync
between devices
AWS
ID
-
Amazon Cognito Sync
User Data Storage andSync
Any Platform
iOS/Android/FireOS
k/v data
Identity pool
-
SDK
Amazon Cognito Sync
-
Cognito Sync
Identity Pool: Pool
Identity: ID
Dataset:
Record: Key/Value
AWS Account
Dataset
IdentityIdentityIdentity
DatasetDataset
Identity Pool
1:60
1:n
1:20
DatasetDatasetRecord
1:1024
You
Your App
Your App Users
User Data Container
User Data
-
Cognito Sync
UserDataset
2
GameDataset
Identitypool1
App
GameApp
AWS Account
Dataset
IdentityIdentityIdentity
DatasetDataset
Identity Pool
1:60
1:n
1:20
DatasetDatasetRecord
1:1024
You
Your App
Your App Users
User Data Container
User Data
-
Dataset
Identity20Dataset
Dataset1MBKey/Value Key/Value 1024 base64
HTTPS
-
2Syncronize
synchronize
pull
push
synchronizeOnConnectivity synchronize
-
()
Mobile SDK
Amazon CognitoSync Store
1.
()
Mobile SDK
Amazon SNSMobile Push
2.
3.
Amazon SNS Mobile Push Amazon Cognito Amazon SNS Mobile Push
Amazon Cognito Push Sync
-
Amazon Kinesis Amazon Cognito Amazon Kinesis
Mobile SDK
Amazon CognitoSync Store
1. Amazon Kinesis
2. StreamContent
3.
Amazon Redshift
{"identityPoolId" : "Pool Id"identityId" : "Identity Id
"dataSetName" : "Dataset Name"operation" :
"(replace|remove)"kinesisSyncRecords" : [
{"key" : "Key","value" : "Value","syncCount" :
1,"lastModifiedDate" : 1424801824343,"deviceLastModifiedDate" :
1424801824343,"op": "(replace|remove)" }, ...
],"lastModifiedDate": 1424801824343,"kinesisSyncRecordsURL":
"S3Url","payloadType" : "(S3Url|Inline)","syncCount" : 1 }
Amazon Cognito Stream
-
Mobile SDK Amazon CognitoSync Store
1. AWS Lambda
2. Sync Trigger
Amazon Lambda
3.
Amazon Cognito Events
Key Value 1
Key Value 1
Lambda Function(Node.js)
-
Use cases
-
WebMobile
-
RSS
DynamoDB
App with AWS Mobile
SDK
JavaScriptSDK
S3
1. HTTPS
2. HTMLJS
Cognito Identity
3. FBGoogleID
Cognito Sync
4. MobileSDK
5. Push/Pull
-
100 10GB 12
10000$0.15 10GB1GB$0.15
-
Identity Pool 60Identity PoolIdentity
Identity Pool 128bytes 2048bytesList/Lookup 60
Cognito Identity
Cognito SyncIdentityDataset 20DataSet 10241DataSet 1MBDataSet
128bytesBulk Publish 24
-
Twitter: @awsformobile
http://mobile.awsblog.com/
Amazon Cognito:
https://aws.amazon.com/documentation/cognito/
Amazon Mobile Analytics:
https://aws.amazon.com/documentation/mobileanalytics/
-
AWS http://aws.amazon.com/jp/aws-jp-introduction/
-
Focus yourBusiness
on AWS !
