I have created a chat application using AWS Appsync. My problem is I am not able to identify online and offline users. I was thinking of marking user as active in database when they logged in, however i could not mark them as inactive because i am using single sign on and with no log out feature.
I verified the MQTT connection that subscription creates, but could not find anything relevant. Chat application is web application.
One option you have here is to use DynamoDB TTL. You can write a record to a table to enable presence detection, and use a heartbeat mechanism to upsert these records from your application. DynamoDB will handle deleting the records for you, so you do not need an explicit logout to mark them as inactive.
Related
I have an EC2 service that writes data to a DynamoDB table. I also have an app that is totally unrelated to the service. Now I want the app to display components in its UI based off the status attribute of items in the DynamoDB table.
It looks like I can have the app UI subscribe to a DynamoDB Stream. However, I need data in my table to persist for >24hrs, data in DDB Streams older than 24hrs is susceptible to removal.
I would ideally like a solution where on each new DyanmoDB write/update of the status of an item, I can send a notification to the app telling them of the change which would render a change in their UI. How can I go about making the app constantly listen, and how do I send a notification? I can't have the app directly access the database, it must go through the service.
I am new to AWS.
You do not need longer than 24 hour retention on the stream. Streams are used to emit each modification to your items, so with each change you notify your application.
Two ways I can think of to do this, both use DynamoDB streams and Lambda.
1. SNS
Amazon Simple Notification Service (SNS) is a two way messaging service which you can have your application subscribe to a topic. For every change made to to your DynamoDB table you write that to an SNS topic and your application will receive the changes to render the UI.
https://aws.amazon.com/pub-sub-messaging/
2. API Gateway Websocket
An altern to SNS messaging is API Gateway Websocket which allows your application subscribe to a network connection. This is more useful if you need short lived notification for given events.
https://docs.aws.amazon.com/appsync/latest/devguide/aws-appsync-real-time-create-generic-api-serverless-websocket.html
We are currently developing a cloud solution that would require 2000+ clients to publish events (1-2 per second) into an Event Hub. We built a prototype that gives each client a Shared access policy (Authorization Rule), and creates a SAS token with a publisher policy as defined here
We thus are able to identify the publisher of each event by inspecting the x-opt-publisher system property, and to revoke access to the Event Hub for each client at any time, without having to resort to token expiry and renewal.
However, we recently learned that the maximum amount of SAPs / Authorization rules is 12, so this solution ultimately will not work.
Is there another solution to this problem? Our goals are:
Avoid having to use token refresh, as this would require adding code to all clients.
Being able to revoke access to the Event Hub instantly in case a client either gets compromised, misbehaves, malfunctions due to a bug, or the associated customer's contract is terminated
Avoid having to use a frontend service authenticating the clients, as we are talking about a substantial additional system load (5000 requests per second)
Avoid having to use IoT hub, as the costs are far higher than with our solution, and we do not need all that functionality
Thanks in advance
You don't need to create a dedicated SAS policy for each device or publisher. Please note that a publisher should only own a token signed for itself and should not be able to access the SAS policy key.
Feel free to check the publisher policy document here for more details.
Our team is implementing a Web Application (ReactJS) that utilizes Amazon Cognito service for user sign-up, log-in, log-out.
However, instead of using Cognito's hosted UIs, we created our own login page and used amazon-cognito-identity-js sdk to implement the authentication functionality.
Now, I need to be able to monitor the user activity (for example, which users logged-in from which location). I understand that this can be done by using Cognito's Advanced Security feature.
I have set the user pool's Advanced Security Setting to "Audit Only". However, there are still no Cognito-related metrics showing up in Cloudwatch.
I also tried to follow the instructions described in below site but to no results.
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-advanced-security-app.html
Does anyone have any idea as to what setting I may have missed out?
Any advice is highly appreciated.
Cognito will automatically setup Cloudwatch for your User Pool activity. You just need to go to Cloudwatch > Select "Cognito" from the Services list.
Try to refine the time filter or set the refresh interval to make Cloudwatch regularly fetch the newest metrics.
Hope this answers.
I already have a heavy user table in an existed website and server doesn't host in AWS.
I wanna use AWS Cognito for a mobile app of this site. So, need to check my server first when login/sign in.
But many blogs and examples look like only for serverless service.
I saw Accessing Server-side Resources after Sign-in. But this access server after getting token.
I saw Adding a User Pool Lambda Trigger. But not sure this can fit with my case.
I know I need to test these things first.
But just I wanna get some advice in here first.
So, Please give me advice.
Thanks.
you can do one thing, you can use cognito in application using aws-sdk which will do signin/singup
add trigger of cognito add save data to dynamo DB table or you can send data your database also.
another case if like you can add trigger, it will check for in both cognito and login your table to having user info and then allow the sign in.
OR
You can import your user data to cognito.
Our apps are being developed for both Android and iOS. We are using AWS SNS Mobile Push to push messages to both GCM and APNS. The back end is PHP and so it uses the AWS PHP SDK.
Until now, our system has been saving 1 Endpoint ARN per user. We then broadcast a Mobile Push message directly to this Endpoint ARN.
The question:
It would be strange if a user were logged into our app on multiple devices and did not receive push notifications on all of them. So - we're going to have to change something.
How, in AWS Mobile Push, is the concept of 'one user, multiple devices (and potentially multiple platforms) handled?
Does our system have to maintain a one-to-many association of user-to-EndpointARNs (i.e. start saving multiple EndpointARNs per user so that we may push messages to all of them sequentially)?
Or should I be looking into the 'Topics' concept that Mobile Push provides (I'm confused here - do some people use one topic per user, and then push messages to the topic itself?)..
Lastly - I guess as a bonus question - is it normal for people using the PHP AWS SDK to include both APNS and GCM attributes in the Message payload array? We haven't been keeping track of 'which type of device each user uses'. We've just been saving an Endpoint ARN per user. And I guess the thought was to just cover all our platform bases (APNS, APNS_SANDBOX, GCM) when we're pushing a message to an endpoint.
I've been doing a lot of searching on the 'one user with multiple devices' topic re: Mobile Push with AWS SNS, and really the results have been quite unhelpful.
Help please :(
Thanks!
Once you send SNS Push message , you will get success or failure reason.
Could you please check your logs and share to identify exact issue.
Cloudwatch :
SNS publishes Cloudwatch metrics for number of messages published, number of successful notifications, number of failed notifications and size of data published. Metrics are available on per application basis. You can access Cloudwatch metrics via AWS Management Console or CloudWatch APIs.
Direct addressing:
Direct addressing allows you to deliver notifications directly to a single endpoint, rather than sending identical messages to all subscribers of a topic. This is useful if you want to deliver precisely targeted messages to each recipient. When you register device tokens with SNS, SNS creates an endpoint that corresponds to the token. You can publish to the token endpoint just as you would publish to a topic. You can direct publish either the text of your notification, or a platform-specific payload that takes advantage of platform-specific features such as updating the badge count of your app. Direct addressing is currently only available for push notifications endpoints.
Official documentation, "When a topic is created, Amazon SNS will assign a unique ARN (Amazon Resource Name) to the topic.
https://aws.amazon.com/sns/faqs/
I have a solution for this issue as you already know ARN is associated with single device token so you must be manage it own your own to send push to same user with multiple device.
My approach is to create 2 table in mysql or whatever database you are using
1. For APNS or, APNS_SANDBOX having details like user_id(local), device token, endpoint ARN, status etc (EG : sns_apns)
2. Same for GCM or BAIDU you have to create a table having user details with endpoint ARN(EG : sns_gcm)
Now every time when you send push to a particular user just write a code something like this
Switch($platform) {
case 'APNS':
case 'APNS_SANDBOX':
Select all users from sns_apns by login id.
Create a message and send it to all users having same user id
case 'GCM':
Select all users from sns_gcm by login id.
Create a message and send it to all users having same user id
}
I haven't tried this but to solve your problem I would keep a map of the user's cognito userID and corresponding endpoint ARN for each major app defining transaction done by the user. If the endpoint already exist then no need to save it. But if for this userID another endpoint ARN is notice then save, update, add or associate this new endpointARN with userID in DynamoDB as a #Document attribute. Then at anytime just broadcast to all endpointARN associated to the userID in DynamoDB.
The mysampleapp mobile hub example codes are useful for quick manipulation. For android:
Get the endpointARN in app like this:
PushManager pushManager;
String userDeviceEndPoint;
pushManager = AWSMobileClient.defaultMobileClient().getPushManager();
userDeviceEndPoint = pushManager.getEndpointArn();
You can update DynamoDB using the update save behaviour to ignore if an already existing endpoint is noticed for the user:
DynamoDBMapper mapper = new DynamoDBMapper(ddbClient, new DynamoDBMapperConfig(DynamoDBMapperConfig.SaveBehavior.UPDATE_SKIP_NULL_ATTRIBUTES));
Not sure how to do this in PHP though. Hope this idea helps.