Due to popular demand we are introducing two platforms for doing the BackSpace AWS Certification prep courses. The BackSpace Academy mobile site for IOS and Android.
When you go to https://user.backspace.academy you will be automatically directed to the mobile site if you are using a mobile phone.
We have just released our latest course AWS Certified Developer Associate Level!
With a focus on not only answering questions correctly, but on learning how to build the next generation of Cloud connected apps using the JavaScript SDK in the browser and NodeJS SDK on the server.
Advanced hands-on video labs include:
Setting up a NodeJS Development Environment on AWS EC2
Creating a Low Cost Sync Database for JavaScript Applications with AWS
Programming and Deployment using AWS CloudFormation
Programming Amazon SQS and SNS using the AWS NodeJS SDK
Programming AWS DynamoDB using the AWS NodeJS SDK
Programming AWS ElastiCache Redis using the AWS NodeJS SDK
Programming AWS Lambda
Professionally created lab notes for all labs.
Expert system based exam engine with a question pool of over 800 questions!
Full coverage and testing of all knowledge required for certification.
AWS has just announced another storage class type for S3.
Amazon S3 Standard - Infrequent Access (Standard - IA) is an Amazon S3 storage class for data that is accessed less frequently, but requires rapid access when needed. Standard - IA offers the high durability, throughput, and low latency of Amazon S3 Standard, with a low per GB storage price and per GB retrieval fee. This combination of low cost and high performance make Standard - IA ideal for long-term storage, backups, and as a data store for disaster recovery. The Standard - IA storage class is set at the object level and can exist in the same bucket as Standard, allowing you to use lifecycle policies to automatically transition objects between storage classes without any application changes.
The following table summarizes the durability and availability offered by each of the storage classes.
Storage Class
Durability (designed for)
Availability (designed for)
Other Considerations
STANDARD
99.999999999%
99.99%
None
STANDARD_IA
99.999999999%
99.9%
There is a retrieval fee associated with STANDARD_IA objects which makes it most suitable for infrequently accessed data. For pricing information, see Amazon S3 Pricing.
GLACIER
99.999999999%
99.99% (after you restore objects)
GLACIER objects are not available for real-time access. You must first restore archived objects before you can access them and restoring objects can take 3-4 hours. For more information, see Restoring Archived Objects.
RRS
99.99%
99.99%
None
Our certification courses will be updated this week with the changes.
Today AWS announced the introduction of new auto scaling policies with steps. This is a significant change as no longer does auto scaling need to be a single step response to a CloudWatch alarm. You can now have many steps enabling small changes in capacity to be made in response to small changes in demand and likewise for large changes. The result is highly reactive and smooth response to demand.
We have updated our documentation "Lab Notes - Highly Available and Fault Tolerant Architecture for Web Applications inside a VPC" to v1.02 to reflect this change. Please make sure you understand this before sitting the AWS certification exam.
Trusted Adviser lesson has been added to the Security subject of the BackSpace AWS Certified Solutions Architect Associate course to reflect changes in the AWS certification exam.
New Highly Available and Fault Tolerant VPC Architecture Tutorial Utilising ELB, ENI, Auto Scaling and the new S3 Endpoints and Multi-AZ Aurora Clusters
We have just added a new tutorial to the AWS Certified Solutions Architect Associate Course that applies what you have learned in the lessons and quizzes.
These videos cover the essential hands knowledge in AWS architecture required for certification. Look for them in the AWS Architecture Design Patterns subject.
A big data (Redshift, Kinesis, EMR) subject has been added to the BackSpace AWS Certified Solutions Architect Associate course to reflect changes in the AWS certification exam.
The BackSpace Academy AWS Certified Solutions Architect Associate Course exam engine has now been updated with more questions to reflect changes in the certification exam.
It is now a whopping 800+ questions!
Now that we have our CognitoSync session token we can use this to add, modify or delete CognitoSync dataset records.
To demonstrate we are going to call addRecord to add a record. Open app.js in your editor and add a call to the addRecord in the callback of getCognitoSynToken().
function getCognitoSynToken(){
// Other AWS SDKs will automatically use the Cognito Credentials provider
// configured in the JavaScript SDK.
cognitosync = new AWS.CognitoSync();
cognitosync.listRecords({
DatasetName: COGNITO_DATASET_NAME, // required
IdentityId: COGNITO_IDENTITY_ID, // required
IdentityPoolId: COGNITO_IDENTITY_POOL_ID // required
}, function(err, data) {
if (err){
errorMessage += "listRecords: " + err, err.stack + "_____";
$('#errorConsole').text(errorMessage); // an error occurred
}
else {
COGNITO_SYNC_TOKEN = data.SyncSessionToken;
COGNITO_SYNC_COUNT = data.DatasetSyncCount;
message += "listRecords: " + JSON.stringify(data) + "_____";
message += "DatasetSyncCount: " + COGNITO_SYNC_COUNT + "_____";
$('#appConsole').text(message); // successful response
addRecord();
}
});
}
Now lets add a record user_id that stores the users facebook id. We need to not only pass the CognitoSync session token but also the sync count that we got from the call to listRecords. There is a call to a function createS3() in the callback of addRecord() below, please comment this out for now as we will be building this later.
Now you can build and run your app. You should be able to login to Facebook and add a user record to the dataset.
We can also use our CognitoID credentials to access other AWS resources. Next we will access an S3 bucket and add a folder and file to it.
Access an AWS S3 Bucket
Not only can we use our CognitoID temporary credentials do access CongitoSync, we can use it access many other AWS resources.
First we need to modify our apps IAM role to allow access to S3. It is extremely important when doing this to ensure that the user only has access to a folder with their CognitoID. Otherwise someone can maliciously dump a few terabytes into your S3 bucket or even worse start deleting objects.
Go into the AWS IAM Console.
Click on roles and select the IAM role you created.
Click on Manage Policy
Now change the policy to allow access to a folder in the user's CognitoID. It is very important to ensure that the "Version": "2012-10-17" statement is included otherwise the policy variables will not be recognised. Then click on Apply Policy.
To demonstrate we are going to call createS3 to create a folder in the user's name and add an object to it. Open app.js in your editor and add a call to the createS3 in the callback of addRecord().
Next you need to go into the AWS S3 Console and create a bucket.
Now lets add a folder to the bucket in the name of the user's CognitoID. Then we will add a text file to it with the contents "Hello". You need to change the bucket name to the name of your bucket.
function createS3(){
var bucket = new AWS.S3({
params: {
Bucket: 'backspace-cognito-test'
}
});
//Object key will be facebook-USERID#/FILE_NAME
var objKey = COGNITO_IDENTITY_ID+'/test.txt';
var params = {
Key: objKey,
ContentType: 'text/plain',
Body: "Hello!",
ACL: 'public-read'
};
bucket.putObject(params, function (err, data) {
if (err) {
errorMessage += 'COGNITO_IDENTITY_ID: ' + COGNITO_IDENTITY_ID + "_____";
$('#errorConsole').text(errorMessage); // an error occurred
errorMessage += 'putObject: ' + err + "_____";
$('#errorConsole').text(errorMessage); // an error occurred
} else {
message += "Successfully uploaded data to your S3 bucket" + "_____";
$('#appConsole').text(message); // successful response
}
});
}
Now you can build and run your app. You should be able to login to Facebook and access S3.
Its all up to you now to identify how you are going to use this power! Maybe some big data crunching with Elastic Map Reduce, backup to Glacier or some heavy scientific processing with EC2. Like coding? AWS Certified Developers are in HOT demand! Check out BackSpace Academy for more details.
Christophe Coenraets has created a excellent lightweight library for Facebook integration with Cordova/PhoneGap. Download it fromhttps://github.com/ccoenraets/OpenFB .
After you have downloaded OpenFB, create a template PhoneGap Build application and put logoutcallback.html and oauthcallback.html in the root folder withindex.html.
Create a folder called js and put openfb.js in it.
In order to improve the way OpenFB works with PhoneGap/Cordova we need to make a couple of changes. OpenFB uses the deviceready event to identify whether the app is using PhoneGap/Cordova. For reliability I prefer to pass this directly to OpenFB on initialisation. Also the address bar is not used when the inappbrowser is opened. This means if anything goes wrong the user is presented with a blank white screen.
Open in your editor openfb.js and add a cordova parameter to the init function:
/**
* Initialize the OpenFB module. You must use this function and initialize the module with an appId before you can
* use any other function.
* @param params - init paramters
* appId: The id of the Facebook app,
* tokenStore: The store used to save the Facebook token. Optional. If not provided, we use sessionStorage.
*/
function init(params) {
if (params.appId) {
fbAppId = params.appId;
if (params.cordova!=null){
runningInCordova = params.cordova;
}
} else {
throw 'appId parameter not set in init()';
}
if (params.tokenStore) {
tokenStore = params.tokenStore;
}
}
Also change all window.open calls to 'location=yes';
Now open your config.xml file and add the inappbrowser plugin.
AWS Cognito Example App
Example app using AWS Cognito
Paul Coady
Now lets create a simple index.html page with our login buttons and status output. This will load Jquery and the AWS Javascript SDK.
AWS Cognito App
Next create a file app.js in the js folder. Create a self-invoking anonymous function to contain our code.
(function($){
})(jQuery);
Add variables in app.js:
AWS_ACCOUNT_ID - This is your AWS account number.
COGNITO_IDENTITY_POOL_ID - You can get this from your Cognito dashboard by selecting Edit Identity Pool
IAM_ROLE_ARN - This is the IAM role created when you created your Cognito pool. You can get this from the the main Services menu - IAM - Roles - then select the role for your identity pool.
FACEBOOK_APP_ID - From the facebook app page.
var AWS_ACCOUNT_ID = 'XXXXXXXX';
var AWS_REGION = 'us-east-1';
var COGNITO_IDENTITY_POOL_ID = 'us-east-1:XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX';
var COGNITO_IDENTITY_ID, COGNITO_SYNC_TOKEN, AWS_TEMP_CREDENTIALS;
var cognitosync;
var IAM_ROLE_ARN = 'arn:aws:iam::XXXXXXXXX:role/Cognito_CognitoBrowserExampleAuth_DefaultRole';
var COGNITO_SYNC_COUNT;
var COGNITO_DATASET_NAME = 'TEST_DATASET';
var FACEBOOK_APP_ID = 'XXXXXXXXXXXXXX';
var FACEBOOK_TOKEN;
var FACEBOOK_USER = {
id: '',
first_name: '',
gender: '',
last_name: '',
link: '',
locale: '',
name: '',
timezone: 0,
updated_time: '',
verified: false
};
var userLoggedIn = false;
var message = 'AWS Cognito Example App Loaded_____';
var errorMessage = '';
Now add some code for our button events and clearing our status areas.
function clearConsole(){
message = "";
$('#appConsole').html(message);
errorMessage = "";
$('#errorConsole').html(errorMessage);
}
// Login button
$('#btnLogin').on('click', function (event) {
login();
});
// Login button
$('#btnLogout').on('click', function (event) {
logout();
});
Now lets add our call to OpenFB.init and functions for handling login, logout, revoke permissions (not used here) and getting user info. I won't go into much detail here as this is explained on the OpenFB Github. There is a call to a function getCognitoID() in the callback of getInfo() below, please comment this out for now as we will be building this later.
openFB.init({
appId:FACEBOOK_APP_ID,
cordova:true
});
function login() {
clearConsole();
openFB.login(
function(response) {
if(response.status === 'connected') {
FACEBOOK_TOKEN = response.authResponse.token;
message += "Connected to Facebook_____";
$('#appConsole').text(message);
getInfo();
} else {
errorMessage += 'Facebook login failed: ' + response.error + "_____";
$('#errorConsole').text(errorMessage);
}
}, {scope: 'email,read_stream,publish_stream'});
}
function getInfo() {
openFB.api({
path: '/me',
success: function(data) {
message += "Logged in with Facebook as " + data.name+"_____";
$('#appConsole').text(message);
getCognitoID();
},
error: errorHandler});
}
function logout() {
openFB.logout(
function() {
message += "Logged out of Facebook_____";
$('#appConsole').text(message);
},
errorHandler);
}
function revoke() {
openFB.revokePermissions(
function() {
message += "Permissions revoked_____";
$('#appConsole').text(message);
},
errorHandler);
}
function errorHandler(error) {
errorMessage += error.message;
$('#errorConsole').text(errorMessage);
}
Now you can build and run your app. You should be able to login to Facebook.
Now that we have our Facebook session token we will use this in the next page to get our Cognito ID credentials.
Get CognitoID Credentials
Now it's time to pass our Facebook token over to Cognito. Prior to version v2.0.14 of the AWS Javascript SDK this was a difficult process involving calls to IAM and STS. A new object CognitoIdentityCredentials has greatly simplified the CognitoID credentials process by removing the need to create STS tokens and temporary IAM credentials yourself.
We are going to create a new function to get our CognitoID credentials. Open app.js in your editor and add a call to the new function getCognitoID() in the success callback of our getInfo page.
function getInfo() {
openFB.api({
path: '/me',
success: function(data) {
message += "Logged in with Facebook as " + data.name+"_____";
$('#appConsole').text(message);
getCognitoID();
},
error: errorHandler});
}
Now lets create the function. There is a call to a function getCognitoSynToken() in the callback of AWS.config.credentials.get() below, please comment this out for now as we will be building this later.
function getCognitoID(){
// The parameters required to intialize the Cognito Credentials object.
var params = {
AccountId: AWS_ACCOUNT_ID, // required
RoleArn: IAM_ROLE_ARN, // required
IdentityPoolId: COGNITO_IDENTITY_POOL_ID, // required
Logins: {
'graph.facebook.com': FACEBOOK_TOKEN
}
};
// set the Amazon Cognito region
AWS.config.region = AWS_REGION;
// initialize the Credentials object with our parameters
AWS.config.credentials = new AWS.CognitoIdentityCredentials(params);
// We can set the get method of the Credentials object to retrieve
// the unique identifier for the end user (identityId) once the provider
// has refreshed itself
AWS.config.credentials.get(function(err) {
if (err){ // an error occurred
errorMessage += "credentials.get: " + err, err.stack + "_____";
$('#errorConsole').text(errorMessage);
errorMessage += "AWS.config.credentials: " + JSON.stringify(AWS.config.credentials) + "_____";
$('#errorConsole').text(errorMessage);
}
else{
AWS_TEMP_CREDENTIALS = AWS.config.credentials;
COGNITO_IDENTITY_ID = AWS.config.credentials.identityId;
message += "Cognito Identity Id: " + COGNITO_IDENTITY_ID + "_____";
$('#appConsole').text(message);
getCognitoSynToken();
}
});
}
Now you can build and run your app. You should be able to login to Facebook and get your user Cognito ID.
Now that we have our Cognito ID credentials we can use this in the next page to get our CognitoSync Session Token.
Get CognitoSync Session Token
Now that we have our CognitoID credentials we can use these to access CognitoSync. First we need to use our new temporary credentials to create a CognitoSync session token.
We are going to create a new function to get our CognitoSync session token. Open app.js in your editor and add a call to the new function getCognitoSynToken() in the callback of getCognitoID().
function getCognitoID(){
// The parameters required to intialize the Cognito Credentials object.
var params = {
AccountId: AWS_ACCOUNT_ID, // required
RoleArn: IAM_ROLE_ARN, // required
IdentityPoolId: COGNITO_IDENTITY_POOL_ID, // required
Logins: {
'graph.facebook.com': FACEBOOK_TOKEN
}
};
// set the Amazon Cognito region
AWS.config.region = AWS_REGION;
// initialize the Credentials object with our parameters
AWS.config.credentials = new AWS.CognitoIdentityCredentials(params);
// We can set the get method of the Credentials object to retrieve
// the unique identifier for the end user (identityId) once the provider
// has refreshed itself
AWS.config.credentials.get(function(err) {
if (err){ // an error occurred
errorMessage += "credentials.get: " + err, err.stack + "_____";
$('#errorConsole').text(errorMessage);
errorMessage += "AWS.config.credentials: " + JSON.stringify(AWS.config.credentials) + "_____";
$('#errorConsole').text(errorMessage);
}
else{
AWS_TEMP_CREDENTIALS = AWS.config.credentials;
COGNITO_IDENTITY_ID = AWS.config.credentials.identityId;
message += "Cognito Identity Id: " + COGNITO_IDENTITY_ID + "_____";
$('#appConsole').text(message);
getCognitoSynToken();
}
});
}
In order to get the token we must make a call to listRecords. If our dataset doesn't exist (as is the case now) it will be created automatically. We also get the sync count for the dataset which is needed later to add or change dataset records. There is a call to a function addRecord() in the callback of cognitosync.listRecords() below, please comment this out for now as we will be building this later.
function getCognitoSynToken(){
// Other AWS SDKs will automatically use the Cognito Credentials provider
// configured in the JavaScript SDK.
cognitosync = new AWS.CognitoSync();
cognitosync.listRecords({
DatasetName: COGNITO_DATASET_NAME, // required
IdentityId: COGNITO_IDENTITY_ID, // required
IdentityPoolId: COGNITO_IDENTITY_POOL_ID // required
}, function(err, data) {
if (err){
errorMessage += "listRecords: " + err, err.stack + "_____";
$('#errorConsole').text(errorMessage); // an error occurred
}
else {
COGNITO_SYNC_TOKEN = data.SyncSessionToken;
COGNITO_SYNC_COUNT = data.DatasetSyncCount;
message += "listRecords: " + JSON.stringify(data) + "_____";
message += "DatasetSyncCount: " + COGNITO_SYNC_COUNT + "_____";
$('#appConsole').text(message); // successful response
addRecord();
}
});
}
Now you can build and run your app. You should be able to login to Facebook, create a dataset and list the records.
Now that we have our CognitoSync Session Token we can use this in the next part 3 to access the CognitoSync database and add records to the dataset.
The potential for really powerful mobile applications is huge when Cognito is used to combine the power of AWS with your PhoneGap/Cordova application. It is also a great low cost alternative to Parse.com when used for storing user information.
This tutorial will focus on using Cognito with the AWS Javascript SDK for Browser along with the excellent OpenFB library developed by Christophe Coenraets to simplify token creation. The sample app will be created for the Adobe PhoneGap Build process. This could be used with apps that access files on an S3 bucket and also require user information to be stored. I have chosen Facebook as the identity provider but a similar process applies for Amazon and Google. I would recommend only using one identity provider for your app so that your users don't produce multiple Cognito key stores.
With the release of v2.0.14 of the AWS Javascript SDK, a new object CognitoIdentityCredentials has greatly simplified the CognitoID credentials process by removing the need to create STS tokens and temporary IAM credentials. The simplified process to create a Cognito session is as follows:
This process is different to that used with NodeJS because the app will be running from the device local domain.
Go to developers.facebook.com and select Apps - Create a New App
Record your App ID and App Secret somewhere safe, we will need it later.
Click on Settings then click on Advanced (do not fill in app domain details or add platform).
Select Native or Desktop app.
Add https://www.facebook.com/connect/login_success.html as the Valid OAuth redirect URI.
Enter your contact email and Save Changes
Next select Status and Review
Toggle Yes for Do you want to make this app and all its live features available to the general public?
Now that we have registered our new app with Facebook, we will tell Cognito all about it next.
Create a Cognito Pool
Now that we have a Facebook App registered we need to create a Cognito pool that will be linked to the Facebook app. Go to the Cognito start page and click Get Started Now
Step 1:
Give your app a name in Identity Pool Name.
Paste your Facebook App ID.
Leave Enable Access to Unauthenticated Identities unchecked.
Click Create Pool
Step 2:
An IAM role has been automatically created for you. Click Update Roles
Step 3:
Example code for native mobile apps has been created for you which is useless for us with javascript so just click Done.
Finished! You have created a Cognito pool and are viewing its dashboard. Next, in part 2 we will use OpenFB to sign in and get our Facebook session token.
You can now select more than one subnet per availability zone in an Autoscaling group.
You no longer need to remove an existing subnet from an Autoscaling group in order to reconfigure the subnets. You can simply add more subnets without affecting your applications availability.
AWS have now made available Provisioned IOPS (SSD) volumes with up to 16 TB and 20,000 IOPS and a maximum throughput of 320 MBps.
Before you would need to attach 16 x 1 TB 1250 IOPS volumes to achieve the same performance.
General Purpose (SSD) volumes are also now available with up to 16 TB and 10,000 IOPS and a maximum throughput of 160 MBps.
General Purpose (SSD) volumes are also now designed to deliver a consistent baseline performance of 3 IOPS/GB to a maximum of 10,000 IOPS, and provide up to 160 MBps of throughput per volume.
To provide 99.999999999% durability, AWS S3 has always had a high degree of replication. In the past, the location of that replicated data has been a mystery to the account holder. This has made it difficult for those that, as part of their organization's compliance, require that data be in totally different geographical locations.
With the release today of Cross-Region Replication for AWS S3, you can now specify the region and bucket location in that region to replicate data to. The process is extremely easy and straightforward.
There are requirements though:
The source and destination buckets must be versioning-enabled.
You can replicate from a source bucket to only one destination bucket.
An IAM role must be created to grant permissions for S3 actions on the buckets.
If the source bucket owner is not the owner of the destination bucket then you must have permissions for the S3 actions.
