what’s new with aws mobile services
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Vikram Madan, Sr. Product Manager
Pawel Wojnarowicz, Sr. Product ManagerAugust 11, 2016
What’s New with AWS Mobile ServicesDeep Dive for Amazon Cognito Your User Pools, Amazon SNS Global SMS, and AWS Device Farm
Amazon Cognito Your User Pools
Developing Auth infrastructure for your app
• Need to develop your own user directory to manage your users
• Getting security right for both user data and passwords is complicated
• Scalability of the app is often an afterthought
• Support for multiple social identity providers
• Federation with corporate directories for B2E applications
1
2
3
4
3
5
Amazon Cognito Identity
Federated IdentitiesYour users can sign in through third-party
identity providers, such as Facebook, Twitter, and SAML providers, and you can control access
to AWS resources from your app.
Your User PoolsYou can easily and securely add sign-up and sign-in functionality to your mobile and web
apps with a fully managed service that scales to support 100s of millions of users.
Launched GA on 7/28/2016
4
Comprehensive support for identity use cases
5
Your User Pools
Add user sign-up and sign-in
easily to your mobile and
web apps without worrying
about server infrastructure
Serverless Authentication
and User Management
Verify phone numbers and
email addresses and offer
multi-factor authentication
Enhanced Security
Features
Launch a simple, low-cost,
and fully managed service to
create and maintain a user
directory that can scale to
100s of millions of users
Managed User Directory
1 2 3
6
Comprehensive user flows
Email or phone number verification
Forgot password
User registration and authentication
Users verify their email address or phone number prior to activating an account
Users can change their password if they forget it
Users can sign up using an email, phone number, or username (and password). From there, the user can then sign in to the application.
User profile data User can view and update profile data – including custom attributes
SMS-based MFAUsers complete Multi-Factor Authentication (MFA) by inputting a security code received via SMS as part of the sign-in flow
Customize these user flows using Lambda
7
Custom user flows using Lambda hooks
Category Lambda Hook Example Scenarios
AuthenticationPre Authentication Custom validation to accept or deny the sign-in request
Post Authentication Event logging for custom analytics
Sign-UpPre Sign-up Custom validation to accept or deny the sign-up request
Post Confirmation Custom welcome messages or event logging for custom analytics
Messages Custom Message Advanced customization and localization of messages
8
Custom Auth flow
Amazon Cognito Your User Pools
Custom Authentication Challenges(e.g., CAPTCHA or custom 2nd factors)
1
2 5
9
6
3
4
Extensive admin capabilities
Define customattributes
Set per-app permissions
Set up password policies
Create and manageuser pools
Define custom attributes for your user profiles
Set read and write permissions for each user attribute on a per-app basis
Enforce password policies like minimum length and requirement of certain types of characters
Create, configure, and delete multiple user pools across AWS regions
Require submission of attribute data
Select which attributes must be provided by the user prior to completion of the sign-up process
Search usersSearch users based on a full match or a prefix match of their attributes through the console or admin API
Manage usersConduct admin actions, such as reset user password, confirm user, enable MFA, delete user, and global sign-out
10
Remembered Devices
Remember the devices associated with your users
1How do I reduce the friction that my users face when having to complete the 2nd factor challenge on every sign-in?
How do I build logic to associate devices with my users to achieve my specific business requirements?
2
11
Amazon Cognito User Pools and Amazon API Gateway
Custom Authorizer Function Native Support
User Pools works together with API Gateway toauthorize API requests. You can configure APIGateway to accept ID tokens to authorize usersbased on their presence in a user pool.
You can control access to your APIs using bearertoken authentication strategies, such as OAuthor SAML. The custom authorizer uses bearertokens to determine access privileges.
1 2
12
“Building an AWS serverless platform that manages sensitive customer data requires an authentication strategy that protects the information from unauthorized access. Using the Amazon Cognito user pool feature together with AWS Lambda, we’re developing a flexible, fully integrated solution that can scale effortlessly – a powerful tool that will be critical in keeping our customers’ data secure.”
Feedback from our beta customers
“It is critical for us to provide a secure and simple sign-up and sign-in experience for our tens of millions of end users. With Amazon Cognito, we can enable that without having to worry about building and managing any backend infrastructure.”
13
Demo
14
Amazon Simple Notification Service (SNS)
Global SMS
Current Capabilities of Amazon SNS
Amazon SNS
17
Global and Fast at
Massive Scale
Use via Java, Python, PHP,
Node.js, Objective-C, or
.NET
Send Messages to Any
Device or Endpoint
Support for Multiple
Platforms or Frameworks
Send billions of messages
per day with minimal
latencies across the world
“Fast, Flexible, Global Messaging to Any Device or Endpoint”
Amazon SNS
Send notifications via mobile
push, email, HTTP, or SMS; or
messages to Amazon SQS or
AWS Lambda
1 2 3
The SMS Market
Why is SMS still popular?
19
SMS uses mobile phone numbers
All forms of SMS and MMS use mobile phone numbers to identify a destination
Phone numbers are universally addressable
They can be used to reach a person regardless of geography, network carrier, or time-zone
Phone numbers are a strong identity mechanism
Most phone numbers are assigned after a government ID check, and therefore not owned by
bots
Almost every adult carries a mobile phone
4.77B mobile phones allocated across a total world population of 7.3B
But SMS lacks quality of service intelligence
20
Device
Carrier
Aggregator
Application
SMS does not provide end-to-end delivery acknowledgement
Unlike TCP/IP (or HTTP), Delivery Receipts (DLRs) only provide success / failure until “next-hop”
Legacy Telco value chain is driven by least cost routing
Increases latency, reduces deliverability and conversions
Building a reliable “one-hop” network is hard
21
2,050+ Telecom operators in 220 countries
800+ MNOs, 992 MVNOs, and 260 MNO sub-brands
All “one-hops” are not necessarily reliable
Sometimes a carrier-to-carrier interconnect may be
more reliable than a direct connect
Local regulations differ
Violating these causes interruption of service
Introducing Worldwide SMS
Features
23
200+ Destination Countries and Connectivity to 1100+ Telecom Carriers
Most Connections are “One-Hop”, thereby reducing latency and improving deliverability
Default Opt-In
Frictionless support for Multi-Factor Authentication and One-Time Password use-cases
Optimal Treatment per Traffic Type
Transactional routes optimized for deliverability while Marketing routes optimized for cost
Cost Control
Per-message Price Threshold and AWS Account-level Spend Threshold
Outbound Messaging Only
Inbound message processing for Opt-Out (STOP) or Help (HELP) where required by law
Adaptive worldwide connectivity
24
Device
Carrier
Aggregator
Application
Amazon
SNS
98%
73%
99%
98%
Adaptive routing dynamically picks best route to a destination phone number
SNS always has multiple routes to reach a phone number and picks the best based on deliverability data.
More features
25
Alphanumeric Sender ID Support
Most EU countries. Only numeric Sender ID for North America.
Usage Records
Usage detail records (UDRs) available in a self specified S3 bucket.
“Sticky” Sender ID
SMSs from an AWS account to a recipient’s phone is sent from the same “From” number.
Per-Message Delivery Status
Information such as from, to, disposition, price, and dwell time sent to CloudWatch Logs.
Deliverability Statistics
Per AWS account per traffic-type, as well as overall per traffic-type.
LM-ABCD
Local restrictions solved
26
Message:
11:30 AM
Message:
Gate change alert! Your
flight from Rio de Janeiro
(GIG) to Manaus (MAO) on
Brazilian Airlines flight
#2120 has changed. The
revised departure time is…
From: NX SC 1223
To: 33 6 78 90 12 34
Envover: Bonjour!
• SMS cannot originate from a
standard number
• Amazon SNS switches
automatically to a ‘pre-approved’
delivery code
Carrier Restriction
France
• Character limit is 157, versus the
160 world standard
• Amazon SNS concatenates to
ensure full delivery
Carrier Restriction
Brazil
• Promotional messages are
prohibited from 9 PM – 9 AM
• Amazon SNS buffers messages
until the promotional messaging
time window commences.
Carrier Restriction
India
From: 225-631
Don’t forget about
special deals this
summer!
• Transactional Messages require
a pre-registered communication
code
• Amazon SNS converts the
message source to a known
registered communication code
Carrier Restriction
India
From: LM-ADIDAS
Thank You. Your order#
123ABC has shipped!
Expanded console experience
27
Managing text messaging preferences
28
Managing opted-out phone numbers
29
AWS Device Farm
AWS Device Farm
OverviewNative, hybrid, and web app testing on real Android and
iOS devices in the cloud
31
Remote Access
Select a device View historical sessionsInteract with the device
32
1 2 3
Demo
33
Thank you!