AWS appconfig documentation change
Summary
Expanded documentation scope to include browser/web page use cases alongside mobile, updated section headers, and generalized references to applications
Security assessment
Changes primarily broaden applicability to web/mobile rather than addressing security. Existing security recommendations (e.g., using AWS_IAM, Cognito, and proxy layers) remain unchanged in substance. No new vulnerabilities or security features are introduced.
Diff
diff --git a/appconfig/latest/userguide/appconfig-retrieving-mobile.md b/appconfig/latest/userguide/appconfig-retrieving-mobile.md index 12107ef38..ffe749deb 100644 --- a//appconfig/latest/userguide/appconfig-retrieving-mobile.md +++ b//appconfig/latest/userguide/appconfig-retrieving-mobile.md @@ -5 +5 @@ -Configuration data and flag retrievalAuthentication and Amazon CognitoCachingSegmentationBandwidthAdditional flag use cases for mobile users +Configuration data and flag retrievalAuthentication and Amazon CognitoCachingSegmentationBandwidth (mobile use cases)Additional flag use cases @@ -7 +7 @@ Configuration data and flag retrievalAuthentication and Amazon CognitoCachingSeg -# AWS AppConfig mobile use considerations +# AWS AppConfig browser and mobile use considerations @@ -9 +9 @@ Configuration data and flag retrievalAuthentication and Amazon CognitoCachingSeg -Feature flags enable you to update the experience of your mobile application on the fly, without the overhead, risk, or rigidity of an app store release. Using feature flags, you can gradually release a change to your user base at a time of your choosing. If you encounter an error, you can instantly roll back the change without requiring users to upgrade to a new software version. In short, feature flags provide greater control and flexibility when deploying changes to your application. +Feature flags enable you to update the experience of your web pages and mobile application on the fly, without the overhead, risk, or rigidity of an app store release. Using feature flags, you can gradually release a change to your user base at a time of your choosing. If you encounter an error, you can instantly roll back the change without requiring users to upgrade to a new software version. In short, feature flags provide greater control and flexibility when deploying changes to your application. @@ -11 +11 @@ Feature flags enable you to update the experience of your mobile application on -The following sections describe important considerations for using AWS AppConfig feature flags with mobiles devices. +The following sections describe important considerations for using AWS AppConfig feature flags with web pages and mobiles devices. @@ -23 +23 @@ The following sections describe important considerations for using AWS AppConfig - * Bandwidth + * Bandwidth (mobile use cases) @@ -25 +25 @@ The following sections describe important considerations for using AWS AppConfig - * Additional flag use cases for mobile users + * Additional flag use cases @@ -32 +32 @@ The following sections describe important considerations for using AWS AppConfig -For mobile use cases, many customers choose to employ a proxy layer between the mobile application and AWS AppConfig. Doing so decouples your AWS AppConfig call volume from the size of your user base, which reduces costs. It also enables you to leverage the [AWS AppConfig Agent](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-agent-how-to-use.html), which optimizes flag-retrieval performance and supports features like [multi-variant flags](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-multi-variant-feature-flags.html). AWS AppConfig recommends using AWS Lambda to create the proxy. Instead of retrieving flags directly from AWS AppConfig, configure the [AWS AppConfig Lambda extension](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-integration-lambda-extensions.html) to retrieve your feature flags within a Lambda function. Write the function to accept AWS AppConfig retrieval parameters from the event request and to return the corresponding configuration data in the Lambda response. Expose your proxy to the internet using [Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-configuration.html). +For browser and mobile use cases, many customers choose to employ a proxy layer between the web or the mobile application and AWS AppConfig. Doing so decouples your AWS AppConfig call volume from the size of your user base, which reduces costs. It also enables you to leverage the [AWS AppConfig Agent](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-agent-how-to-use.html), which optimizes flag-retrieval performance and supports features like [multi-variant flags](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-multi-variant-feature-flags.html). AWS AppConfig recommends using AWS Lambda to create the proxy. Instead of retrieving flags directly from AWS AppConfig, configure the [AWS AppConfig Lambda extension](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-integration-lambda-extensions.html) to retrieve your feature flags within a Lambda function. Write the function to accept AWS AppConfig retrieval parameters from the event request and to return the corresponding configuration data in the Lambda response. Expose your proxy to the internet using [Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-configuration.html). @@ -44 +44 @@ If you expose your endpoint to the internet without authentication, ensure that -If you choose to use `AWS_IAM`, you’ll need to manage credentials with [Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html). To get started with Amazon Cognito, you create an identity pool. An identity pool allows you to vend short-term credentials to your application for authenticated or guest users. You will need to add roles in the identity pool that permit users to use the `InvokeFunctionUrl` for your Lambda function. Doing so enables instances of your mobile application to access the credentials necessary to retrieve your configuration data. +If you choose to use `AWS_IAM`, you’ll need to manage credentials with [Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html). To get started with Amazon Cognito, you create an identity pool. An identity pool allows you to vend short-term credentials to your application for authenticated or guest users. You will need to add roles in the identity pool that permit users to use the `InvokeFunctionUrl` for your Lambda function. Doing so enables instances of your application to access the credentials necessary to retrieve your configuration data. @@ -46 +46 @@ If you choose to use `AWS_IAM`, you’ll need to manage credentials with [Amazon -When working with Amazon Cognito in your application, consider using [AWS Amplify](https://docs.aws.amazon.com/amplify/). Amplify simplifies mobile application interactions with AWS and provides built-in support for Amazon Cognito. +When working with Amazon Cognito in your application, consider using [AWS Amplify](https://docs.aws.amazon.com/amplify/). Amplify simplifies mobile/web application interactions with AWS and provides built-in support for Amazon Cognito. @@ -50 +50 @@ When working with Amazon Cognito in your application, consider using [AWS Amplif -When using AWS AppConfig on mobile, you should always cache your configuration data locally on the device. Caching offers the following advantages: +When using AWS AppConfig, you should always cache your configuration data locally on the device or in the browser. Caching offers the following advantages: @@ -61 +61 @@ When using AWS AppConfig on mobile, you should always cache your configuration d -We recommend you implement in-memory and persistent on-device caches. Configure your application to attempt to retrieve the desired configuration from the in-memory cache and fall back to fetching from your proxy, if necessary. Upon successful retrieval from your proxy, update the in-memory cache and then persist the configuration to the device. Use a background process to iterate through the cache and refresh each configuration. When fetching configuration for the first time after application startup, if a retrieval is unsuccessful, defer to the persistent configuration (and use it to seed the in-memory cache). +For mobile use cases, we recommend you implement in-memory and persistent on-device caches. Configure your application to attempt to retrieve the desired configuration from the in-memory cache and fall back to fetching from your proxy, if necessary. Upon successful retrieval from your proxy, update the in-memory cache and then persist the configuration to the device. Use a background process to iterate through the cache and refresh each configuration. When fetching configuration for the first time after application startup, if a retrieval is unsuccessful, defer to the persistent configuration (and use it to seed the in-memory cache). @@ -73 +73 @@ If you choose not to use AWS AppConfig Agent to retrieve feature flags, you can -## Bandwidth +## Bandwidth (mobile use cases) @@ -77 +77 @@ In general, aim to keep the size of each flag set small. Mobile use cases tend t -## Additional flag use cases for mobile users +## Additional flag use cases