Delivering Mobile Apps Using AWS Mobile Services

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

to today's webinar my name is Adam Lara and I'm a Solutions Architect with them as the web services based in Melbourne Australia today I'd like to talk to you about delivering media mobile apps using the AWS mobile and JavaScript SDKs this webinar is a 300 level presentation so it's aimed at those of you who are already familiar with the cloud and have some specific AWS experience it's also aimed at developers so we're going to be diving deep into some code snippets and demonstration apps so just a bit of housekeeping before we get started today the presentation is going to run about 55 notes and and as you've just heard if you have any questions during the presentation please do use the questions panel where our experts are standing by to answer your queries and at the end of the session I'll be staying online for a little while as well just to help out answer any remaining queries that are outstanding so let's talk take a look at our agenda for the next 55 minutes today we're going to learn how you can deliver websites and applications that share state across platforms and devices using Amazon kognito we're going to learn how to leverage the content repurposing storage and delivery capabilities of Amazon Web Services using the Amazon elastic transcoder and Amazon s3 we're going to learn how to create highly scalable systems by decoupling application tiers using Amazon SQS and Amazon elastic Beanstalk we're going to learn how to send push notifications to mobile devices using Amazon SNS how we can use the AWS mobile and JavaScript SDKs to create applications at manage media and also to learn how to use dynamo DB to create a shared inventory for our media assets in our applications we're going to have a look at five Android apps to demonstrate the various features of AWS but everything we discussed today can be done on iOS and also fire OS so the purpose of this webinar isn't to teach you how to be an Android programmer so what we're going to be looking at Amazon Android is our platform today week we're going to be focusing on the concepts and the uses for the mobile SDKs and for AWS itself so we've got a lot to get through so let's get started so how do we build mobile apps today well as soon as you've got more than one device the cloud is the law logical place for you to store your data AWS provides a great platform for mobile developers regardless of whether located which operating system is running on the device or or what purpose the app is so let's see how you would build an application well our customers tell us that there are a lot of difficult things that they need to get done with their application that don't really differentiate their apps from anyone elses apps so here a few of the things that L our customers tell us that users expect in a real world application so first of all you always need to be able to authenticate your users so you need to manage users and their identities and you also need to integrate with multiple identity providers like Facebook or Google or Amazon and once you've authenticated the users you need to be able to authorize access to cloud resources and other services in the backend such as databases storage and alike but you don't want to embed your cloud credentials in the mobile application itself because if you do it's really easy for somebody to hack and reverse-engineer your application and retrieve your credentials so you don't want to put your credentials in your application now your users are going to be using more than one device everyone's got at least a phone maybe a tablet maybe another phone maybe a desktop PC so people have more than one device that they're carrying around or at least they're they're tethered to customers nowadays expect the application they're using to just know who they are and to remember their preferences and other data from other devices they may be using so if a customer switches from a tablet or mobile phone they want their personalized data to travel with them they don't want to have to re-enter the same preferences and the like so customers need your app to be able to synchronize across multiple devices and multiple platforms and you as a mobile developer need to know how your apps actually doing in the field how your customers using the application what features are hot and what aren't what's your churn rate are you losing customers or gaining them so you need some analytics and statistics you want to be able to have campaign Center around your app and then measure the results of those campaigns for example so if you make a change to your application do you get more customers so you need some some degree of tracking as well your app will also need to leverage functionality from the cloud such as letting a users upload and download content deliver media assets from your application like images and videos and to be able to send push notifications to your customers your application may also need to have access to shared data as well and may need to stream real-time data directly from the app to the cloud for processing so for the most part a lot of what we just talked about is undifferentiated heavy lifting Europe is expected to do all of these things regardless of what the actual theme of your own is so there's a lot of functionality that you it's quite difficult to implement and to manage all this by yourself so that's why AWS has released several mobile optimized services and these are going to be the focus of today's webinar the AWS mobile services will we'll be talking about today Amazon Cognito and Amazon SNS these mobile optimized services make it easy for you to leverage the cloud back-end services directly from your mobile applications so in addition to these mobile optimized services we're also going to have a look at the mobile optimized connectors and these allow you to easily manage connections directly to DynamoDB databases s3 storage and SQS for example so let's quickly go through each of these are services that were going to focus on today Amazon kognito is a user identity and state synchronization service Amazon SNS mobile push is a great way to have cross-platform push notifications sent to any device the DynamoDB connector makes it easy to leverage dynamo DV no sequel in your application directly from a code perspective you can map objects in your app directly to dynamodb tables and that makes it really easy to marshal values between your app code and your dynamo DB instance we're also going to have a look at the s3 connector which lets you easily upload and download assets such as images videos and other assets and to pause and resume transfers and also the sqs connector it makes them really simple to decouple your applications to run at scale the AWS Mobile SDK has recently been revamped and we're now in version two and the SDK gives you a really great platform a common mechanism for authentication across all of your AWS services that you're going to consume in your app and we're going to take a look at that today the odorous mobile SDKs are cross-platform they support iOS Android and fire OS and they automatically handle things like Network retransmission Network latency network outages and all those sort of things that would otherwise be difficult for you to implement yourself and to keep the memory footprint at a minimum you can pick and choose which services you want to support you don't need to include the entire SDK for the just just the features that you need in your application with the mobile optimized services and connectors you don't have to worry about the underlying infrastructure you don't have to manage it yourself and the AWS SDK will handle the undifferentiated heavy lifting for you you can just focus on what makes makes your application special so let's see how these services and connectors fit in with our standard requirements for building a mobile application so you can see here how the various services and connectors will work together for each of those different aspects you have the column Abney - identity broker to authenticate your users and once you've authenticated the users kognito leverages AWS iam Identity and Access Management to allow you to have granular control over who can access exactly which cloud services in AWS and you can do this without embedding your credentials in your application which is really important for security as I mentioned earlier then to synchronize data across your users multiple devices kognito supports a synchronization service which makes it really easy to synchronize any change data on one device to all the other devices owned by a particular user the s3 connector helps us with the uploading and downloading of files we use SNS for push notifications and dynamodb for our database back-end and these are the elements that were going to be focusing on today so let's build ourselves a media your app but what should it do well I've put together a wish list of features for our application we want it to be able to upload and download media files to and from s3 buckets to grant anonymous but secure access to AWS resources in our account to grant or third indicated access for users that log in via part of the guide entity such as Facebook we want to be able to send push notifications to mobile devices to store the media library inventory in the cloud so it can be queried by many users to provide petitioned access to the media library based on a public and private view and to synchronize data across the users Devourer Isis and we want to make all these available across device iOS Android and Kindle and also web pages and we want to be able to convert uploaded video files to various mobile and web formats to make it easy for delivery by screening so we're going to demonstrate all of these features across five different apps today to target each of the pieces of functionality our first app let's have a look at that the goals of this app is to demonstrate upload and download directly to and from s3 the user of the app will be anonymous so we're going to treat them as a public or a guest user but we still want to make sure that we can control what access that they have to our AWS resources so the app is going to upload directly to and from s3 and not you use a back-end server and most importantly we're not going to be making our credentials into our application we actually gonna use Cognito so let's review the architecture so the app will authenticate as the guest user against kognito and be granted restricted but direct access to an s3 bucket it will then download a test file from the bucket and then it's going to re-upload that file to to the bucket using a different file name just to show the file moving in both directions a really simple example our first step is going to use guest access as I mentioned because this is the simplest scenario for our for our first application and we're going to drill down into other modes of authenticating users shortly so let's review Cognito the security architecture around kognito first of all your app connects to an identity provider to get an access token from the divider to identify the actual user so we support what Facebook Google+ login with Amazon today but you could also create your own identity provider delivered your own database of users for your application the token that is retrieved from the identity provider is then passed it to a Cognito identity pool and that's exchanged for a short-lived AWS access token which allows your app to assume an iam role and inherit the permissions granted to that particular role Cognito assigns a cognitive identifier and as you'll see today we're going to make use of that identifier to create public can probe views in our application wonder your app has the ability to do anything that the IAM role grants permission to do for example accessing DynamoDB or s3 directly if you allow it kognito automatically generates a unique identifier for our users as I just mentioned and the identifier looks something like this the identifier will be the same identifier for any particular authenticated user regardless of which device they use to login to but in addition to using a public identity provider to authenticate your you is Amazon kognito also supports guest access and you can use that to allow or not allow different permissions for the guest users of your app then you would grant to authenticated users for example you may want to allow unauthenticated users to delete assets from their the from the let me start again you may want to allow authenticated users to delete assets from their private inventory but to not allow unauthenticated guest users to delete assets from the public inventory so you can use a different motive or thing location and allow different permissions on each of the different users so it gets users are still identified by a string that looks like this but it identifies the device rather than the user because you don't know who the guest user is since they haven't been authenticated so all this makes it really easy if you could implement AWS security best practice and not store any access key or secret key information in your app but to still control exactly what the users of the mobile app can do in your AWS account so let's see how we setup Cognito for this user identity management so from AWS incognito console we select create a new identity pool and give it a name for our first demo we're not going to be using a public identity provider so you can leave these fields blank but you can see here how you could connect the Facebook Google or Amazon identity tokens to your Cognito identity pool and we're going to get into that in our next application but for the moment we're not going to use these down a little further on the page what we do need to do though is to enable unauthenticated identities or guest access so we just tick the box to enable it in the next step you need to select or create the I am roles for the authenticated users and the unauthenticated game excuse us the wizard can create the new iam roles for you with default permissions if you want and we're just going to do that for a moment and the same with the unauthenticated guest user we'll just use the default permissions of the wizard generates for us finally the identity pool is created and you have the opportunity to download some starter code in net Java objective-c for iOS which really makes it easy for you started okay so that wasn't created - I am roles for us one for the authenticated and one for the unauthenticated guest user so let's see what it did for the guest user role so in I am we find the role when we click on it and when we select show against the default role policy and this is what the default role looks like Cognito has granted access to the mobile analytics service which we're not going to dive deep into today and also get access to the cognitive sink permission I will which is service we're going to look at later on today but we need to add some more permissions to allow our demo app to work remember we're going to be downloading a file from s3 so I've chosen a file called puppy JPEG in a bucket on history and here's what that looks like so remember that image because we're going to see it a little bit later in our demo application and here are the permissions that I've set on that particular file basically the file on s3 is not world readable so our app needs to assume a role with appropriate permission to access that file otherwise when you're trying to download it into your app you'll get an access denied so we need to give our unauthenticated guest access guest user access to our apps bucket for read and write in order to allow it to upload and download that puppy image so we click the attach roll policy button in the iam console and we use the policy generator in I am and we're going to add to it we're going to allow two additional actions in this policy and here they are get object and put objects to anything in the Power week bucket as you can see there and this is what the policy actually looks like greating get and put object permissions okay so we're all done setting up so let's have a look at the code the first thing we have to do in our code is to create a cognate location credentials provider object so when you instantiate one of these you need to tell the constructor the AWS account ID the identity pool a RN the unauthenticated access role a RM the authenticated access role a our Efren and the region that you're running Cognito in now just a quick implementation note here this Cognito class is actually just a convenience wrapper so I've chosen to implement this as a single thing but your implementation could be different this is just an example the main thing is that you need to get hold of a Cognito cashing credentials provider objects constructed with the details of your identity pool and the roles that you want to use now for this demo we're going to be using the s3 connector this provides features like multi-part uploader files for example photos videos audio fault-tolerant download there's no back-end required the app has direct access to s3 the connector managers automatic reprise has the ability to pause resume and cancel transfers and it's optimized for the operating system that it's running on so earlier I mentioned that the new SDK version gives you a common authentication mechanism across all the AWS services and here's an example of this see how I'm constructing the s3 transfer manager and then I'm just passing in the AWS Cognito provider object this is the same Cognito location credentials provider that I showed you earlier in my singleton implementation so leveraging the power of Cognito identity management with the connectors in the mobile sdk is as easy as that so now we know up code we can construct a get object request to identify the asset that we're downloading we grab a destination file located on the device and we ask the transfer manager instance to start the download in the background and here's the app there's really simple open action so first the app instantiates the cognitive occasion credentials provider and in it initiates the download via the transfer manager onto the local file system the app then displays the image to prove reserved it downloaded ok and it then reverses the process pushing image back up to the s3 bucket remember we gave the unauthenticated IM role read and write permissions to that bucket and that's how it's managed to do that push up to to s3 so it's a really simple app but it demonstrates some powerful features using Cognito the s3 transfer manager identica access management and the SDK in general so back to our Oh media apps wish list of features there was a really simple app but it really does demonstrate some powerful features of the AWS SD okay so let's refer to our checklist so they have demonstrated upload and download of media files from s3 and also granting anonymous but secure access to AWS resources in your account okay so now let's authenticate our users by our public identity provider rather than using the the guest app so in our next step we will use the cognate so supplied identifier as a means of providing a public and a private view of a media inventory for this app we're not going to show any actual media we want to focus just on the petitioning of the two views in the database we'll get to the media part a little later so we want the user to be able to use our app as the the guest user and see a public view and if they choose to authenticate with an identity provider then we'll show them a private view that only they can see again no AWS credentials are going to be stored in our mobile app and we will enforce fine-grained access control and the database is to secure the content so for this demo we're going to use Facebook as our public identity provider but you could use login with Amazon I know goo or Google+ as well and of course you can implement your own identity provider if you prefer so here's the architecture for this particular application first user authenticates with Facebook or not if they want to use a guest account and then just see the share public view and we then exchange that Facebook token for permissions in AWS use incognito next the app queries dynamo DB using either the kognito identity for the user if they are logged onto Facebook or the word public if they didn't log on so the DynamoDB table looks like this you can see the owner ID is used to petition the data between public and private views so here you can see an example of the kognito identity and the word public so each of those assets are identified by an owner the second one is owned by public and the first one is owned by a particular device ID so here are a couple of links to some great how-tos on how to get started for Android studio and Facebook and the process of integrating all this has a lot of moving parts so you do need to check the documentation for more detailed explanation of the steps but I'm going to quickly run through them now just to give you an idea of what's involved so we create our application on Facebook first we browse to the Facebook developers account and click on add new app and we choose Android we give it a name I'm going to call mine power week webinar up and Facebook is then going to create a unique app ID for us we're going to need to grab this app ID and into the clipboard because we're going to need it for the next step so back over in the Cognito console edit your Cognito identity pool and paste in the facebook app ID for the app you just created remember earlier we left these fields blank because we were only using guest access but now because we want to link the app to our Facebook we want so we want to link facebook and kognito together in our app we need to add the Facebook app ID into the kognito identity pool back on Facebook in the configuration for your new app click on add platform choose Android and tell Facebook what the package name class name of your app is going to be so you're going to also need to provide some key hashes and all that stuff but we're not going to go into the detail here do check the documentation on how to generate this okay so we're all set up let's start coding this application will use the dynamo DB connector in this app to interface with dynamo DB we simply needs to instantiate an Amazon DynamoDB client and pass in our kognito provider in the constructor like we did before with the transfer manager we'll also use the dynamo DB mapper to help us marshal the values from our dynamo DB table into our app via our assets class so as it is just a plain old Java class that I'm using as a value object to use the mapper I simply annotate this various getters and setters like so so you can see here that I'm using the owner ID field to map the owner ID attribute in the dynamo DB table and I'm telling the mapper that this field is the hash key and I've also got a range key to finding my dynamo DB table and I use the dynamo DB range key annotation to tell the mapper how to marshal that field between my value object and on amaetv I've also got a plain old Java attribute there or a field and in my dynamo DB table that matches that that member in the class and I want the mapper to marshal the upload filled in my value objects so I use the dynamo DB attribute annotation so here's my dynamo DB table showing the data in the owner ID field in the file name field note that I'm using as I said before public to denote shared assets that everyone can see if they haven't logged into Facebook and if they have logged in then the owner ID will be set to their Cognito ID so I can use this to keep their inventory private to them remember the kognito ideas assigned automatically by Cognito I don't have to manage that myself the time label uses the owner ID as the hash key and the file name is the range key because each of the owner or IDs that in the table can actually have multiple files against them which is why I'm using the file name as a hash key no big pan is a wrench key okay so to query the table from your application we're going to need to construct an asset value object and we just populate the owner ID with either the Cognito identity or the word public if user isn't logged on so that's what my function get identity ID taking auth into account does so we then construct a dynamo DB query expression based on our asset value object and simply call query as you can see there and it's going to return us a type list of asset objects and it's really as simple as that so let's see this application in action so first the app sets of the Cognito identity for public access and retrieves a temporary access credential from from Cognito and uses that to query dynamo DB so we see a list of assets which we use to populate a ListView we then hit the log on to Facebook button and the app gets our token from Facebook and passes that over to Cornetto requesting the authenticated eye Amaral now when we query dynamo DB and use the Cognito identity as the filter we see only the assets that belong to this user we can also log out again and see the public list of assets again so the key to petitioning the inventory in the single dynamo DB table is that when our user is not authenticated with Facebook then we filter the queries in the word public as the owner ID and if they are authenticated with Facebook then we use the Cognito identity as the filter to show the user only the assets that they own this is an example of how you could implement a public and private view using the the same dynamodb table so here's just a reminder of what that dynamodb table looks like so you can see how our query returned different result sets and populated our list view so you can use I am to implement fine-grained access control on your DynamoDB table this allows you to restrict which actions can be solved by the user for example query or scan restrict which DynamoDB tables can be accessed by the user restrict which discrete rows in those tables are accessible by the user and also to even control which fields are accessible by the query results bar for that user so for our unauthenticated row policy we would want to control the actions the user can invoke on the table as you can see here we restricted to query get item delete item etc here you can see how we restrict the access for this particular DynamoDB table and here's how you can restrict which rows the user can access so for the unauthenticated user we allow the the rows with the word public as the owner ID only but if we switch across to our authenticated world policy the options and the table restrictions are the same but we restrict the rows that match our kognito identity so this variable here will be substituted for the actual users kognito identity at runtime which of course would look something like this so let's see we were with our wish list of features we've now seen how we can grant authenticated access for users that use a public identity provider and we've seen how to store the in between dynamodb and also how to petition that entry into public and private views so let's move on to implementing the next feature push notifications push notifications are complicated to implement across multiple platforms and across devices you need to integrate with several platform services to capture 100% of your audience but with Amazon SNS developers can send push notifications on multiple platforms and reach mobile users around the world and all you have to do is make a single call to an SNS topic SNS will do all the heavy lifting for you so our next step is going to implement push notifications it will automatically register the device with Google Cloud messaging and then create an SNS endpoint for the devices in SNS using the SNS API it will then subscribe to the endpoint to a well-known SNS topic and that topic is going to be shared by all the other devices in our app so it would allow us to even do things like broadcasting a message to all devices in one single API call next the application confirms the SNS push is working by calling the API and sending a push notification to itself via SNS and later we're going to push an ad-hoc message to the device and butt and we're going to do that by sending a message to a shared topic and that's the same topic that we've actually just subscribed the device to and we'll see all that in action shortly so the application architecture looks like this first the a poor thin decades with kognito as usual and we're going to use guest or public access again for this demo just to keep it simple next the app creates an endpoint in SNS which links the device to the Google Cloud messaging application next we have the app subscribed to the well-known group or shared topic and we then send a message to ourselves and we receive that in the application and show a pop up message so let's look at how we set up SNS for this app first we go to the SNS dashboard on the console and we select create new topic we give the topic the name and a description and then SNS creates a topic for us note that the amazon resource to name the AR n for this topic because we're going to need that you know in a couple of steps when we want to subscribe to that the device to that topic or to publish a message to it so we need that airing now we need to go to our google developer account and create a new project check the documentation I have set all that up I'm not going to dive too much into the detail there but you'll end up with a a project number which you're going to need in your Android apps code well you're in the Google console you also need to enable Google Cloud messaging in order for you to send GCM messages to your device now you need to create a new server API key you need these to tell S&S how to identify your Google project again you need to check the documentation on all the details there but it's a fairly simple process so once the API key is created you need to record it somewhere because we're going to need it again okay back in the AWS SNS dashboard click on add new app give the upper name and select the Google Cloud messaging platform from the list and pasting the API key that you just grabbed from the Google console SNS will give you back the platform application a RM which are going to need later in your Android code when you want to register your device with this SNS endpoint okay let's start coding on this one now just to recap we've seen this before but I just want to remind you that again we're going to instantiate this kognito occasion credentials provider objects and we're going to give it the car Agni two identity pool or thent ik ated and unauthenticated roles we want to use and also the region that we're running coordinator in and remember in my example here I've created a singleton but you can implement this any way you like to use SNS from our app we simply instantiate an Amazon SNS client and similar to the dynamo DB and transfer manager examples we construct the object with our Cognito provider in our app we need to request this device's unique identifier from the Google Play services so this code is really really simple you just call register and provide your Google project ID that's the same project ID we've gradually created the Google project a couple of steps ago in the Google developer console now we write the code in our app to register this device where the SNS application we created earlier will use the create platform endpoint request call and give it the AR n for the SNS application that we've just created and also the device identifier we got back from the Google Play service register call what we get back from that call is the AR n for this device under the SNS application and now we subscribe this device to the shared SNS topic we just use a subscribed request object that takes in the SNS topics erm and this devices endpoint AR n so there aren't quite a few steps involved there cutting and pasting from one console to another and into our code but it is fairly straightforward okay now we're done let's take a look at this particular app so after registering with Cognito the app creates an SNS endpoint for this device using the device's identifier it then subscribes to the shared SNS topic and sends a push notification to itself using the API and we see this welcome message pop up we'll clear that out and send a few test notifications to the global share topic we subscribe the app to just confirm it's all working fine and you can see we receive that message a couple of times which the app handles by displaying the message in the pop-up so you can do whatever you want in your app when you receive a message just popping up an alert like this is just one option so you can see it's really easy to send a push message to just one device or send a message to multiple devices who are all subscribed to a particular topic topic and doesn't know how many devices are connected that you can do all that in one call okay so let's check that off our list the SNS push functionality because we've now seen that our implemented but just before we move on how did we actually get the messages pushed to the device how do we publish the message to the global SNS topic that the app was subscribed to well to do that we used a simple web page using plain old JavaScript and HTML I put together a form that allows you to enter the subject message at the the body of the message and also send it off to the SNS to share topic SNS then published the message to all SUBSCRIBE devices as a push notification and all of that was done just by using the AWS SDK for javascript in the browser let's take a look at how that's done so first of all I set up some variables to specify my Cognito identity pool or thent ik ated and unauthenticated roles just like I did in my Java code I also specify the AR n of the SNS topic that I'm going to publish to I initialize a global object AWS config credentials by following the Cognito identity credentials constructor and supplying the relevant parameters that i just defined above and you can see from this code snippet that once that call succeeds i'm authenticated with kognito and I have a Cognito ID just like I did in the Android app to actually send the push notification out I publish a message in a predefined format to the SNS topic and which is the same as in this topic that my Android device has subscribed to here I construct my parameters specifying the actual message to send and the topics are in and then simply call the publish command against my previously created SNS client object so you can see how clinique kognito in the browser makes this really really easy Cognito makes it easy for you to assume an I am role from the webpage and once you have those temporary credentials you can access any of the AWS services that the I am role gives you permission to do so not only SNS push but you could also access s3 or dynamo DB or any other service you want right from your web page so that lets us tick off another of our features cross-platform and cross-device using the AWS SDK for javascript in the browser means that I can use the same programming model as I'm using in the Android application I can use kognito to authenticate my pages access to my AWS services and remove all of that heavy lifting so let's look at and see how we can use Cognito to share data between devices and across platforms so in the next app we're going to authenticate the user with Facebook and then allow them to alter the state of some gadgets in the application so each time they change the value of a gadget we push the state of the application to Cognito with kognito sync and we can then share this data with a web page for example or another device if the user is logged on to Facebook with the same user account so to set this up we go back to the developer portal for Facebook and we create a new website note that we have to tell Facebook what the URL of our website will be in this case I'm just hosting my web page out of s3 so I provide my buckets URL in the JavaScript code we instantiate a Cognito sync object I will inherit the Cognito credentials from those we obtained earlier in our are called to Cognito identity credentials we then set up some parameters that we want to use thinking including in the kognito identity pool and this uses cognitive identity but also the name of a data set that we want to share between devices and platforms further down in our code we asked Cognito to sync our data set by calling list records and when this call succeeds we get back a list of all the key value pairs that are stored for that user in our company to identity pool here we just iterate through the records and print out the keys and values but you can do whatever you want with the data let's take a look at this app in action so it registers with kognito as the guest user as usual but in this app we have to be logged on to Facebook to share data between devices or platforms so I click on the log on to Facebook button after we've logged on as an authenticated user incognito we retrieve the current state of the data and populated the gadgets you can see the same gadget values on the web page on the left this page is also logged in as as the same Facebook user now in the app when I make changes to the gadget values the app automatically syncs with Cognito every time I make a change that's just my design you can do it a little bit differently if you want but you notice that the web page on the Left if I click on the refresh button the value these are updated to match the values set by the Android app so Cognito sync is managing all that for us any change in the gadget values in the app are made available to all the other devices web pages etc that that same user is logged onto using the same Facebook account and of course you can use Google or Amazon as a turn ative public identity provider or you can create your own identity provider as I described earlier ok back to our wish list we can have to go off the requirement to synchronize user data across devices and platforms the final feature that we want to investigate in in our application is the repurposing of media using the elastic transcoder so in this final app the user can either be another the anonymous guest or they can be an authenticated user using Facebook if they don't within the Kate will see they will see a public inventory similar to what we saw in the previous media demo and if they do log on with Facebook then see their own private view of assets so we'll allow them to use the camera to capture some video on automatically upload it to s3 and then we're going to trigger a trance code to convert the uploaded media into a format suitable for straining we're also going to grab a thumbnail of the first frame of the video and we're going to use the elastic transcript service to manage all that repurposing for us will also allow the user to replay any answer that they can see by touching on it and also to delete assets from the inventory by long just touching and selecting a delete function from the menu so a lot of new functionality here but you can see that this implementation is going to build on the previous concepts that we've already seen in the other demos so far so let's have a look at the architecture first the user is going to hit kognito for authentication as usual and we're going to use the device's camera to capture some video and automatically upload that to an s3 bucket once that transfer completes we're going to then add an entry into a dynamodb table and DynamoDB table is going to be used for the the inventory for application we're also at the same time going to send a message into an sqs queue to allow a background worker to to process that message and to manage the file transcoding for us the worker tier which will be deployed using elastic Beanstalk will read the message from sqs and create a transcode job in the elastic transcoder service to process the media file directly from the upload bucket ets will create thumbnails of the video and also derive various quality versions of the video and all of those uploaded files are going to be converted into HLS formats so the video can be streamed over HTTP later all these outputs from the transcribe processing will be pushed into another bucket for media storage when the ETS is finished doing its process it will also see the message to our sq sq to inform almost that it's done a worker tear will process this message and update dynamodb so that the new item will appear in our applications inventory and then when the user touches on an item we will retrieve the media file from the output bucket via cloud front and stream the near to the application the user long touches on an item will show them a menu and let them delete the item from the imagery so to do that we will remove the record from dynamodb and push another message to the sq sq so that the background processing Tia can synchronously clean up the s3 bucket and remove the files that we no longer need so let's set up the transcode pipeline on the elastic transcoder services in the ETS console click create new pipeline and provide the details such as the input and the output buckets and the IAM role to use which gives access for the transcoder to access those input and output buckets in our case we also want to enable the on completion event so that we're notified when a Transco job is done enter the name of a topic that you've created and ensure that the topic forwards into our worker queue work it to your queue we'll be implementing our worker tier in Java the Java code is triggered whenever an appropriate message is sent to the sqs queue that the worker tier is configured to listen to the code that creates a Transco job and submits it to elastic transcoder is all shown here and as you can see it's using the Adria's SDK for Java so here's some example code here we specify the outputs that we want the ETS to create including some thumbnails and in this section we create a playlist which will be in HLS format for streaming to our demo app and here we actually call the create job function and provide our are requesting to the ETS and that's all there is to it so how do we deploy this work at here well in this example we're going to use elastic beanstalk LSD Beanstalk makes the deployment process really really simple I'm going to use the EB tool on the command line to setup my elastic Beanstalk environment you can also use the console as well don't worry that you'd be tool from the AWS website and start it up by running EB in it this command will quickly run a wizard to gather some specific information that needs to be able to build your elastic beanstalk environment first it's going to ask you for your AWS credentials in the form of an access key and secret key then it will ask you which region you want to deploy into now provide the name of the elastic beanstalk application we're going to call it power week worker worker tear and also provide the name of the environment let's assume that this is a production environment so I'm going to call it production next choose the environment tier that you want to use elastic Beanstalk can create a web server tear where you can run standard web workloads using PHP or mount or Java and others or you can also create a worker tier which is what we want to do in this case when you launch the worker to you the base machine has a special daemon installed that will listen to a configurable SQL rescue and when a message arrives it will call into the local webserver and run your code it'll handle the message that it received from sqs and in the case of a Java work at tier like we're going to use here the sqs daemon will actually call into a Java servlet next we need to select what solution stack we want to use there are over 50 options for us to choose from and we're going to choose in this case Amazon Linux running Tomcat next the tool needs to know if you want to use a load balancer solution or a standalone single server we'll want to take advantage of the auto scaling features of AWS in this case so we're going to select a load balanced environment type we also have the option to launch an RDS instance to run a data tier but in our case we'll skip that option for this demonstration and finally we need to select which I am role we want our instances to run under the role what we choose needs to have permission to read from our sq sq as well as whatever other permissions our machines need to do their work based on our use case now we have our elastic Beanstalk applications set up let's deploy into it we simply run the ebee start command and the eb tool will automatically launch our environment for us with a sample application that's ready to go and once that's done we're now ready to deploy our own solution into the running elastic Beanstalk environment so I'm going to do this from the command line just to demonstrate the flexibility of the AWS CLI you can build these commands into automation tools like bamboo or Jenkins if you want but for simplicity let's just look at the command line directly first we need to build our solution because I'm using Java is my solution stack I'm going to build using maven this will create a war file the group that contains my solution next I need to push this war file up to s3 to make it available to elastic Beanstalk for deployment I can do this using the AWS CLI is in s3 copy command like so and once the file is copied to s3 I again use the AWS CLI to ask elastic Beanstalk to create a new application version and provide the details including the location of the war file that i just uploaded and finally I use the AWS CLI again to instruct delisting Beanstalk to update my running production environment to the version that I just uploaded and created so as you can see I can completely script the entire build and deploy process using something as simple as the command line but as I mentioned you can get as sophisticated as you like you could configure an entire continuous integration continuous delivery pipeline to manage the delivery of your applications throughout your entire development and deployment cycle for example you could use it Lesley in stash and bamboo to trigger a full build on each code check in and then have your unit tests run to confirm all as well and then automatically deploy your packaged war file up to f3 you can then automatically have bamboo to a rolling update of your application on the fleet of ec2 instances running in your elastic Beanstalk staging or dev environment ready for user testing AWS provides the CLI and ap is to allow you to create some very powerful tool chain streamlining your development process so here's a very quick look at our final demo application which brings all these concepts together the app starts up in guest mode as usual and then queries dynamodb to get a list of all the public assets in our library I can touch on one of those assets and it will replay full screen on the device streaming by Claire front the elastic transcoder service has transcoded the uploaded user video into HLS which is a kind of a deathly bitrate streaming protocol that can be replayed by androids Kindles and iPhones that was all managed by our application worker TIA next I log on to Facebook and when we then query dynamo DV for all the assets owned by this particular logged on user you can see that after we've logged on the inventory of the videos is different I can long touch on an item to bring up a menu and then select delete clip and this will remove the record from Donna Debbie and send an sqs message into my work it's here to clean up the media files on s3 and also using my test webpage I can send messages to this device specifically or to all devices that observe have subscribed to the shared SNS topic which allows me to do private messages to a user or broadcast messages to all users by the SNS API it's a little difficult to demonstrate the video capture upload and transcribe phase given our time restrictions in this session but all the images that you can see here were captured and transcoded this way using through the real application okay so we're done we've completed the final piece from our application wish list the ability to upload files and have them converted into mobile formats ready for replay so we're ready to ship but before we finish though I wanted to touch on a new announcement from re-invent 2014 Amazon lambda the reason I wanted to mention this is because lambda offers an alternative architecture to the one that I just showed you AWS lambda is a computer service that runs your code in response to events and automatically manages the compute resources for you lambda starts running your code within milliseconds of such an event such as a media file uploaded to s3 in epics with lambda you pay only for the request served and the compute time required to run your code lambda runs your code on highly available computer infrastructure and all you need to do is provide the code to execute in response to an event like in s3 upload so if we were to change our architecture it would look a little bit like this the authentication shouldn't using kognito would remain the same and then the user would capture the video and upload it to s3 as before the app will also update dynamodb so the inventory item appears in the application list but now we can configure a lambda function to be called when the new items are uploaded to s3 so we don't have to use sqx to trigger the workload tier the lander function in will grow an or will run response to that uploaded event and will be given all the details of that uploaded file and can then call into the elastic transcoder to submit job and produce the video outputs so with lambda there's no need to run your fleet of compute instances to implement this entire meteor application with Lambert you don't have to provision your own instances at launch landry is going to support node.js but other languages will follow and you can read it's actually available now you can use it right now in your console just locate lambda on your on your console and you're ready to go it's only available in the u.s. regions at this stage but it's ready to go in preview mode so we've covered a lot of ground in this deep dive session and I wanted to quickly recap on the key takeaways we saw how we could easily use Amazon Cognito to manage our user identity and data synchronization for our mobile and web apps we saw how we could share data between a mobile app and a web page when a user logs on using the same identity provider such as Facebook and the heavy lifting was done for us using cognero sync we saw how we could push out notifications to mobile apps whether they're targeting our single device or thousands of devices at once in a broadcast scenario a dubious SNS made that really easy we also saw how we could use the power of DynamoDB in our app for shared data across mobile devices and platforms we saw how we could easily create a public view for any user who didn't create authentic 8 using Facebook for example and how we could create a private view for each of our users who did log on to Facebook club Neto helped us out there by giving us a unique identifier for each logged on user and we use that identifier to determine the ownership of the media files in our inventory and we filtered our query results based on the currently logged on user we saw how we could use the s3 connector to manage the upload and download of files in our in our applications and in our case those upload and downloaded files were media files we also saw how we could decoupled our application tears by using sqs to send messages between a mobile app and the work at tier crunching away in the background we used s3 the simple storage service to store our media files the elastic transcoder service to derive multiple media formats from our user provided content including HLS for adaptive streaming and JPEG files as thumbnails in our user experience we took advantage of cloud France 53 edge locations around the world to deliver our media files to our users we used Amazon's elastic Beanstalk to quickly reliably a worker tier of compute instances allowing us to focus on writing code rather than managing infrastructure and we secured our application using Amazon Identity and Access Management including fine grained access control of individual records in our dynamo DB table but the real star of the show today was the AWS mobile sdk the ada Boost Mobile SDK for iOS Android and fire OS are fully integrated and support all the services that we've been using in today's session they have native cross-platform support and automatically handle things like Network retransmission latency network outages which otherwise you would have to manage yourself and will be quite difficult they're lightweight so you don't need to include the entire SDK in your app just the features that you need and they give you a common authentication mechanism across all the ada bio services which we've seen in our code snippets today the SDKs together with a mobile optimized services and connectors means that you don't have to worry about the underlying infrastructure the ADA boosts SDKs will handle the undifferentiated heavy lifting for you and you just need to focus on what makes your application special so we've reached the end of this webinar thanks so much for joining the session I hope you found it valuable just a reminder that AWS offers this training and certification to help you develop your skills and to gain recognition for your technical experience with a dreamer services and solutions the ADA boys training and certification program offers additional learning resources including online classes and labs and fully fledged certification programs for more details on AWS training and certification please visit aws.amazon.com forward slash training thank you for attending a quick reminder that if you could please complete the survey form because we'd really like to hear your feedback so that we can improve our webinar program so please complete the survey and let us know what your thoughts of today's webinar this is the fifth session actually it's not the fifth session I've lost count of the number of sessions but there are still a few more sessions to go but I'll just open the the floor now to any questions that come up on our QA panel

Info

Channel: AWS Online Tech Talks

Views: 10,485

Rating: 4.5789475 out of 5

Keywords: Amazon Web Services (Website), Mobile Application Software (Industry), Phone, Management, Technology

Id: Jeww4kD_wzM

Channel Id: undefined

Length: 53min 2sec (3182 seconds)

Published: Wed Mar 18 2015