aws black belt techシリーズ amazon cognito / amazon mobile analytics
DESCRIPTION
AWS Black Belt Tech Webinar 2014 (旧マイスターシリーズ) Amazon Cognito / Amazon Mobile AnalyticsTRANSCRIPT
- 1. Amazon CognitoAmazon Mobile AnalyticsAWS Black Belt Tech Webinar 2014 ()
2. Agenda AWS SDK Amazon Cognito Amazon Cognito Amazon Cognito Identity Broker Amazon Cognito Sync Web Amazon Mobile Analytics Amazon Mobile Analytics Q&A 3. Agenda AWS SDK Amazon Cognito Amazon Cognito Amazon Cognito Identity Broker Amazon Cognito Sync Web Amazon Mobile Analytics Amazon Mobile Analytics 4. IDYourMobileApp 5. AWSAmazon CognitoKinesis ConnectorDynamoDB ConnectorS3 ConnectorSQS ConnectorSES Connector()AWS Mobile SDK, API Endpoints, Management ConsoleSDKAmazon Mobile AnalyticsAmazon SNS Mobile Push 6. Amazon CognitoAmazon Mobile AnalyticsAmazon SNS Mobile PushKinesis ConnectorDynamoDB ConnectorS3 ConnectorSQS ConnectorSES ConnectorNoSQL S3 7. AWS Mobile SDK Android,iOS, Fire OS ( Unity, PhoneGap,Cordova) Mobile OS 8. Amazon SNS Mobile PushYourMobileAppAmazon Cognito(Identity Broker)AWS Identity and Access ManagementAmazon Cognito (Sync)Amazon Mobile AnalyticsAmazon Mobile AnalyticsAmazon S3Transfer ManagerAmazon CloudFront(Device Detection)Amazon DynamoDB(Object Mapper)Amazon Kinesis(Recorder)AWS Mobile SDK 9. Agenda AWS SDK Amazon Cognito Amazon Cognito Amazon Cognito Identity Broker Amazon Cognito Sync Web Amazon Mobile Analytics Amazon Mobile Analytics 10. AWS2-tier AWS AWS 11. SDK EC2 EC2 12. SDK AWS AWS 13. AWS / 14. Agenda AWS SDK Amazon Cognito Amazon Cognito Amazon Cognito Identity Broker Amazon Cognito Sync Web Amazon Mobile Analytics Amazon Mobile Analytics 15. Amazon SNS Mobile PushYourMobileAppAmazon Cognito(Identity Broker)AWS Identity and Access ManagementAmazon Cognito (Sync)Amazon Mobile AnalyticsAmazon Mobile AnalyticsAmazon S3Transfer ManagerAmazon CloudFront(Device Detection)Amazon DynamoDB(Object Mapper)Amazon Kinesis(Recorder)AWS Mobile SDK 16. Amazon Cognito Sync Identity Broker ID ID ID ID Sync Key/Value Guest 17. Amazon SNS Mobile PushYourMobileAppAmazon Cognito(Identity Broker)AWS Identity and Access ManagementAmazon Cognito (Sync)Amazon Mobile AnalyticsAmazon Mobile AnalyticsAmazon S3Transfer ManagerAmazon CloudFront(Device Detection)Amazon DynamoDB(Object Mapper)Amazon Kinesis(Recorder)AWS Mobile SDK 18. Amazon Cognito Identity Broker ID AWS 19. 1: ID ID 2014827Facebook, Google, Amazon IDID IAM Role ID STSWeb Identity Federation STSTVM 20. Token Vending Machine (TVM) / STS 1. Security Token Service1 STS2. 3. 3AWS12 21. 2: IDID ID AWS AWS IAM Role Anonymous TVM ID 22. 1. BLEBluetooth Low EnergyBeacon2. 3. BeaconKinesisPUT KinesisPUT4. KinesisCognito IdentityBrokerAmazonKinesisIdentity PoolRole ARNCognito IDTemporaly CredentialPUT 23. 3: AWS AWS IAM Policy STSTVM 24. Amazon Cognito User ID(TempCredentials)DynamoDBEnd UsersDeveloperApp w/SDKAccessto AWSServicesCognitoIdentity BrokerLoginOAUTH/OpenIDAccess TokenCognito ID, TempCredentialsS3MobileAnalyticsCognito SyncStoreAWSManagemetConsoleAccessTokenPool IDRole ARNs 25. Amazon Cognito (Identity Broker) IdentitypoolIdentityProvidersPool of identities that share the same trust policyAccess PolicyAccess toAWSauthenticatedidentitiesIdentitypoolServicesUnauthenticatedIdentitiesAWS IAM RolesAWS AccountWeb Identity FederationS3DynamoDBGetDeletePut 26. IAM Role{!"Effect":"Allow",!"Action":["s3:*"],!"Resource":"*"!}!!{!"Effect": Deny",!"Action": ["dynamodb:*"],!"Resource": "*"!}!!{!"Effect": "Allow",!"Action": [cognito-sync:*"],!"Resource": "*"!}!AllowActions:All S3, Sync storeOperationsResource:All resources withinthese servicesDenyActions:All DDB OperationsResource:All resources 27. {!"Effect":"Allow",!"Action":["s3:PutObject","s3:GetObject","s3:DeleteObject",!!"s3:ListMultipartUploadParts","s3:AbortMultipartUpload"],!"Resource":"arn:aws:s3:::BUCKET_NAME/*"!} !{!"Effect":"Allow",!"Action":["s3:ListBucket","s3:ListBucketMultipartUploads"],!"Resource":"arn:aws:s3:::BUCKET_NAME"!}!{!"Effect": "Allow",!"Action": ["dynamodb:GetItem", "dynamodb:Query", "dynamodb:PutItem"],!"Resource" : [ "arn:aws:dynamodb:REGION:123456789:table/TABLE_NAME", !! "arn:aws:dynamodb:REGION:123456789:table/TABLE_NAME/! !index/INDEX_NAME" ]!}!!AllowActions:Certain operationsResource:One bucket, table .. 28. {!"Effect":"Allow,!"Action ["s3:PutObject","s3:GetObject","s3:DeleteObject,s3:ListMultipartUploadParts","s3:AbortMultipartUpload"],!"Resource":"arn:aws:s3:::BUCKET_NAME/Bob/*"!} !{!"Effect":"Allow",!"Action":"s3:ListBucket",!"Resource":"arn:aws:s3:::BUCKET_NAME",!"Condition":{"StringLike":{"s3:prefix":Bob/"}}!}!{!"Effect":"Allow",!"Action":["s3:ListBucketMultipartUploads"],!"Resource":"arn:aws:s3:::BUCKET_NAME"!}!AllowActions:Certain operationsResource:Within a bucket withspecific prefix (user) 29. (Policy Variables)AllowActions:All sync operationsResource:Only to that identity{!"Effect":"Allow",!"Action":"cognito-sync:*", !"Resource":["arn:aws:cognito-sync:us-east-1:{!"Effect": "Allow,!"Action": ["s3:GetObject,"s3:PutObject],!"Resource": ["arn:aws:s3:::!!myBucket/amazon/snakegame/!!${cognito-identity.amazonaws.com:sub}"]!}!!123456789012:identitypool/!!${cognito-identity.amazonaws.com:aud}/identity/!!${cognito-identity.amazonaws.com:sub}/*"] !}!AllowActions:S3 Get/Put operationsResource:Only to a specific partof bucket to that identity 30. IDApp ID 31. IAM Role 32. & 33. Identity Pool ID App ID IAM Role 34. IAM {"Version": "2012-10-17","Statement":[{"Effect":"Allow","Action":"cognito-sync:*","Resource":["arn:aws:cognito-sync:us-east-1:123456789012:identitypool/${cognito-identity.amazonaws.com:aud}/identity/${cognito-identity.amazonaws.com:sub}/*"]}]} 35. IAM Identity Pool{"Version": "2012-10-17","Statement":[{"Effect":"Allow","Action":"cognito-sync:*","Resource":["arn:aws:cognito:us-east-1:123456789012:identitypool/*"]}]} 36. Android/iOS Identity Pool AWS SDK for Android/iOS Amazon Cognito credentials provider ID CognitoAWS 37. Androidcom.amazonaws.android.auth.CognitoCredentialsProvider;// Credential Provider CognitoCredentialsProvider credentialsProvider = new CognitoCredentialsProvider(getContext(), // 1234567890, // AWSID us-east-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX, // Identity PoolID arn:aws:iam::XXXXXXXXXX:role/YourRoleName, // IAM RoleARNarn:aws:iam::XXXXXXXXXX:role/YourRoleName // IAM RoleARN);// FacebookMap logins = new HashMap();logins.put("graph.facebook.com", Session.getActiveSession().getAccessToken()); credentialsProvider.withLogins(logins);IDLoaderAsyncTask 38. iOSiOS#import // Credential Provider AWSCognitoCredentialsProvider *credentialsProvider = [AWSCognitoCredentialsProvidercredentialsWithRegionType:AWSRegionUSEast1accountId:@"1234567890", // AWSID identityPoolId:@"us-east-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX", // Identity PoolID unauthRoleArn:@arn:aws:iam::XXXXXXXXXX:role/YourRoleName, //IAM Role ARNauthRoleArn:@arn:aws:iam::XXXXXXXXXX:role/YourRoleName //IAM Role ARN ];// FacebookNSString *token = FBSession.activeSession.accessTokenData.accessToken; credentialsProvider.logins = @{ AWSCognitoLoginProviderKeyFacebook: token };ID 39. Amazon SNS Mobile PushYourMobileAppAmazon Cognito(Identity Broker)AWS Identity and Access ManagementAmazon Cognito (Sync)Amazon Mobile AnalyticsAmazon Mobile AnalyticsAmazon S3Transfer ManagerAmazon CloudFront(Device Detection)Amazon DynamoDB(Object Mapper)Amazon Kinesis(Recorder)AWS Mobile SDK 40. Amazon Cognito Sync OS 41. 1:OS SQLiteIdentity poolk/vdataiOS/Android/FireOS 42. 2: SDKSQLite SQLite Local SQLite Cache 43. 3: 44. Amazon Cognito Sync AWSAccountIdentitypoolIdentitypoolDatasetIdIdeenntittiytyIdentityDDaatatasesettID1:n1:n1:ndataset.synchronize()1:nDDaatatasesettKey/Value 45. Dataset Identity20MB Dataset1MBKey/Value Key/Value 1024 base64 HTTPS 46. Android//CredentialsProviderCognitoSyncClientprovider = new CognitoCredentialsProvider(context, AWS_ACCOUNT_ID, COGNITO_POOL_ID, COGNTIO_ROLE_UNAUTH, COGNITO_ROLE_AUTH);cognito = new DefaultCognitoSyncClient(context, COGNITO_POOL_ID, provider);//DatasetKey/Valuecognito.openOrCreateDataset(datasetName);dataset.put(key, value);//dataset.synchronize(new SyncCallback(){..}); 47. iOSiOS// Credential Provider AWSCognitoCredentialsProvider *credentialsProvider = [AWSCognitoCredentialsProvidercredentialsWithRegionType:AWSRegionUSEast1accountId:@"1234567890", // AWSID identityPoolId:@"us-east-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX", // Identity PoolID unauthRoleArn:@arn:aws:iam::XXXXXXXXXX:role/YourRoleName, //IAM Role ARNauthRoleArn:@arn:aws:iam::XXXXXXXXXX:role/YourRoleName //IAM Role ARN ];AWSCognitoSyncClient *syncClient = [[AWSCognitoSyncClient alloc] initWithConfiguration:configuration];//DatasetKey/ValueDataSet *dataset = [syncClient openOrCreateDataSet:@"myDataSet"];NSString *value = [dataset readStringForKey:@"myKey"];[dataset putString:@"my value" forKey:@"myKey"];//[dataset synchronize]; 48. 2Syncronize synchronize pullpush synchronizeOnConnectivity synchronize 49. Web Web AWS SDK SDK Java.NETPHPNodeJSJavaScriptClient Side Mobile SDKID Sync 50. JavaScript// AWSIDIdentity Pool ID/IAM Role(ARN)// FacebookAWS.config.region = us-east-1; // AWS.config.credentials = new AWS.CognitoIdentityCredentials(AccountId: "YOUR_AWS_ACCOUNT_ID",RoleArn: "arn:aws:iam::6157xxxxxxxx:role/a_valid_aws_role_arn",IdentityPoolId: "YOUR_COGNITO_IDENTITY_POOL_ID,Logins: {graph.facebook.com : facebookResponse.authResponse.accessToken}); // CognitoIDAWS.config.credentials.get(function(err) {if (!err) {console.log("Cognito Identity Id: " + AWS.config.credentials.identityId);}}); 51. JavaScriptSync// Syncvar cognitoSyncClient = new AWS.CognitoSync();cognitoSyncClient.listDatasets({IdentityId: AWS.config.credentials.identityId,IdentityPoolId: "YOUR_COGNITO_IDENTITY_POOL_ID"}, function(err, data) {if ( !err ) {console.log(JSON.stringify(data));}}); 52. 100 10GB 12 10000$0.15 $0.15/GB 53. Agenda AWS SDK Amazon Cognito Amazon Cognito Amazon Cognito Identity Broker Amazon Cognito Sync Web Amazon Mobile Analytics Amazon Mobile Analytics 54. Amazon SNS Mobile PushYourMobileAppAmazon Cognito(Identity Broker)AWS Identity and Access ManagementAmazon Cognito (Sync)Amazon Mobile AnalyticsAmazon Mobile AnalyticsAmazon S3Transfer ManagerAmazon CloudFront(Device Detection)Amazon DynamoDB(Object Mapper)Amazon Kinesis(Recorder)AWS Mobile SDK 55. Amazon Mobile Analytics CSV Amazon Mobile SDK CognitoIdentity PoolIAM 60 / OSAndroid, iOS, FireOS 56. Daily Active Users (DAU), Monthly Active Users (MAU), Sticky Factor (DAU MAU) Session DAU Average Revenue per Daily Active User (ARPDAU) Average Revenue per Paying Daily Active User (ARPPDAU) 1, 3, 7Retention 1, 2, 3 Retention 57. Like/Share 58. IAM Analytics{"Statement": [{"Effect": "Allow", "Action": "mobileanalytics:PutEvents", "Resource": "*"}]} 59. Android AndroidManifest.xml importLogimportimport com.amazonaws.android.mobileanalytics.*;import com.amazonaws.android.auth.CognitoCredentialsProvider;import android.util.Log; 60. Android Mobile Analytics ClientStaticprivate static AmazonMobileAnalytics analytics;private static final int STATE_LOSE = 0;private static final int STATE_WIN = 1; 61. Android// onCreate()CognitoAmazonMobileAnalyticsprotected void onCreate(Bundle savedInstanceState) {super.onCreate(savedInstanceState);CognitoCredentialsProvider cognitoProvider = new CognitoCredentialsProvider(getApplicationContext(),AWS_ACCOUNT_ID,COGNITO_IDENTITY_POOL,"arn:aws:iam::AWS_ACCOUNT_ID:role/UNAUTHENTICATED_ROLE","arn:aws:iam::AWS_ACCOUNT_ID:role/AUTHENTICATED_ROLE");try {AnalyticsOptions options = new AnalyticsOptions(); options.withAllowsWANDelivery(true);analytics = new AmazonMobileAnalytics(cognitoProvider,getApplicationContext(),"yourCompany.yourAppName",options);} catch(InitializationException ex) {Log.e(this.getClass().getName(), "Failed to initialize Amazon Mobile Analytics", ex);}} 62. Android// onPause()onResume()overrideAnalytics// onPause()onResume()@Overrideprotected void onPause() {super.onPause();if(analytics != null) {analytics.getSessionClient().pauseSession();//Attempt to send any events that have been recorded to the Mobile Analytics service.analytics.getEventClient().submitEvents();}}@Overrideprotected void onResume() {super.onPause();if(analytics != null) {analytics.getSessionClient().resumeSession();}} 63. Android // public void onLevelComplete(String levelName, String difficulty, double timeToComplete, int playerState) {// Level Complete// attributeLevelNameDifficulty2metricsTimeToCompleteAnalyticsEvent levelCompleteEvent = analytics.getEventClient().createEvent("LevelComplete").withAttribute("LevelName", levelName).withAttribute("Difficulty", difficulty).withMetric("TimeToComplete", timeToComplete);//attributemetricsaddif (playerState == STATE_LOSE)levelCompleteEvent.addAttribute("EndState", "Lose");else if (playerState == STATE_WIN)levelCompleteEvent.addAttribute("EndState", "Win");//Record the Level Complete eventanalytics.getEventClient().recordEvent(levelCompleteEvent);} 64. Android// onCreate()protected void onCreate(Bundle savedInstanceState) {super.onCreate(savedInstanceState);CognitoCredentialsProvider cognitoProvider = new CognitoCredentialsProvider(getApplicationContext(),AWS_ACCOUNT_ID,COGNITO_IDENTITY_POOL,"arn:aws:iam::AWS_ACCOUNT_ID:role/UNAUTHENTICATED_ROLE","arn:aws:iam::AWS_ACCOUNT_ID:role/AUTHENTICATED_ROLE");try {AnalyticsOptions options = new AnalyticsOptions(); options.withAllowsWANDelivery(true);analytics = new AmazonMobileAnalytics(cognitoProvider,getApplicationContext(),"yourCompany.yourAppName",options);} catch(InitializationException ex) {Log.e(this.getClass().getName(), "Failed to initialize Amazon Mobile Analytics", ex);}this.onLevelComplete("Lower Dungeon", "Very Difficult", 2734, STATE_WIN);} 65. 1 100$1 66. Agenda AWS SDK Amazon Cognito Amazon Cognito Amazon Cognito Identity Broker Amazon Cognito Sync Web Amazon Mobile Analytics Amazon Mobile Analytics 67. Amazon Cognito AWS Amazon Mobile Analytics 68. Twitter: @awsformobile http://mobile.awsblog.com/ Amazon Cognito: https://aws.amazon.com/documentation/cognito/ Amazon Mobile Analytics: https://aws.amazon.com/documentation/mobileanalytics/ 69. Webinar AWS http://aws.amazon.com/jp/aws-jp-introduction/